SEC 1-5

Question 1

What does ACL stand for or represent?

Answer 1

Access Control List – defines who can access specific files.

Question 2

What does IDS stand for or represent?

Answer 2

Intrusion Detection System – monitors network traffic for suspicious activity.

Question 3

What does IPS stand for or represent?

Answer 3

Intrusion Prevention System – blocks threats based on detection.

Question 4

What does VPN stand for or represent?

Answer 4

Virtual Private Network – encrypts traffic for secure communication.

Question 5

What does MFA stand for or represent?

Answer 5

Multi-Factor Authentication – requires multiple forms of identity verification.

Question 6

What does DAC stand for or represent?

Answer 6

Discretionary Access Control – access is set by the owner of the resource.

Question 7

What does MAC stand for or represent?

Answer 7

Mandatory Access Control – access is governed by policy or classification.

Question 8

What does SIEM stand for or represent?

Answer 8

Security Information and Event Management – centralized log management and alerting.

Question 9

What does SQLi stand for or represent?

Answer 9

Structured Query Language Injection – injecting SQL code to manipulate a database.

Question 10

What does XSS stand for or represent?

Answer 10

Cross-Site Scripting – injecting scripts into a web page.

Question 11

What does EOL stand for or represent?

Answer 11

End Of Life – software or hardware no longer supported.

Question 12

What does APT stand for or represent?

Answer 12

Advanced Persistent Threat – a stealthy long-term attack, often by nation states.

Question 13

What does TOCTOU stand for or represent?

Answer 13

Time Of Check to Time Of Use – a race condition vulnerability.

Question 14

What does API stand for or represent?

Answer 14

Application Programming Interface – allows software to communicate.

Question 15

What does TLS stand for or represent?

Answer 15

Transport Layer Security – protocol for encrypting data in transit.

Question 16

What does SSL stand for or represent?

Answer 16

Secure Sockets Layer – outdated encryption protocol replaced by TLS.

Question 17

What does OS stand for or represent?

Answer 17

Operating System – system software managing hardware and software.

Question 18

What does VM stand for or represent?

Answer 18

Virtual Machine – emulated system running inside another OS.

Question 19

What does GAP Analysis stand for or represent?

Answer 19

Comparison of current state with desired goals to identify gaps.

Question 20

What does UPS stand for or represent?

Answer 20

Uninterruptible Power Supply – provides backup power during outages.

Question 21

What does IM stand for or represent?

Answer 21

Instant Messaging – real-time text communication.

Question 22

What does SMS stand for or represent?

Answer 22

Short Message Service – text messaging protocol.

Question 23

What does DDoS stand for or represent?

Answer 23

Distributed Denial of Service – attack using many systems to overwhelm a target.

Question 24

What does DES stand for or represent?

Answer 24

Data Encryption Standard – outdated encryption algorithm.

Question 25

What does SC stand for or represent?

Answer 25

Secure Communications – protocols like SSL/TLS that encrypt communication.

Question 26

What does PEP stand for or represent?

Answer 26

Policy Enforcement Point – manages network access requests.

Question 27

What does DLL stand for or represent?

Answer 27

Dynamic-Link Library – Windows file used for shared functions.

Question 28

What does RAM stand for or represent?

Answer 28

Random Access Memory – temporary, high-speed data storage.

Question 29

What does DAD stand for or represent?

Answer 29

Disclosure, Alteration, Denial – opposite of CIA triad.

Question 30

What are the three main goals of cybersecurity (CIA Triad)?

Answer 30

Confidentiality, Integrity, Availability

Question 31

What does Confidentiality mean in cybersecurity?

Answer 31

Ensuring only authorized individuals can access sensitive data.

Question 32

What are examples of Confidentiality mechanisms?

Answer 32

Encryption, Firewalls, ACLs, MFA, Access Controls

Question 33

What is Integrity in cybersecurity?

Answer 33

Protecting data from unauthorized alteration to maintain accuracy and trust.

Question 34

What is Availability in cybersecurity?

Answer 34

Ensuring systems and data are accessible when needed by authorized users.

Question 35

What is Zero Trust?

Answer 35

A model where no user or system is trusted by default, even inside the network.

Question 36

What is the purpose of Authentication?

Answer 36

Verifying the identity of a user or system.

Question 37

What is Authorization?

Answer 37

Determining what a user/system is allowed to access.

Question 38

What is Accounting?

Answer 38

Tracking user activity within a system for auditing.

Question 39

What is a Threat Actor?

Answer 39

An individual or group posing a threat to a system (e.g., hacker, insider, nation-state).

Question 40

What is a Vulnerability?

Answer 40

A weakness in a system that can be exploited.

Question 41

What is a Race Condition?

Answer 41

When the timing of events can be exploited to cause unexpected behavior.

Question 42

What is Buffer Overflow?

Answer 42

Overflowing a memory buffer to overwrite adjacent memory and possibly execute code.

Question 43

What is SQL Injection?

Answer 43

Manipulating database queries by injecting SQL into input fields.

Question 44

What is Cross-Site Scripting (XSS)?

Answer 44

Injecting scripts into web pages to manipulate or steal data.

Question 45

What is a Zero-Day Vulnerability?

Answer 45

A newly discovered vulnerability that has no available fix or patch.

Question 46

What are Preventive Controls?

Answer 46

Controls that attempt to stop incidents before they happen (e.g. firewall, access control).

Question 47

What are Detective Controls?

Answer 47

Controls that identify and log incidents (e.g. IDS, audit logs).

Question 48

What are Corrective Controls?

Answer 48

Controls that remediate incidents (e.g. backups, patching).

Question 49

What is Layered Security?

Answer 49

Using multiple security measures to protect systems in depth.