security controls

Question 1

What is a security control in cybersecurity?

Answer 1

A security control is a safeguard or countermeasure used to protect information systems from threats.

Question 2

True or False: Security controls can be physical, technical, or administrative.

Answer 2

True

Question 3

Fill in the blank: __________ controls are designed to protect the physical aspects of an organization.

Answer 3

Physical

Question 4

What type of control is encryption considered?

Answer 4

Technical control

Question 5

Which of the following is an example of an administrative control? A) Firewall B) Security policy C) Surveillance cameras

Answer 5

B) Security policy

Question 6

What is the primary purpose of access controls?

Answer 6

To restrict access to information and resources to authorized users only.

Question 7

True or False: Preventive controls are intended to deter or prevent security incidents.

Answer 7

True

Question 8

What do detective controls aim to achieve?

Answer 8

They aim to identify and alert on security incidents as they occur.

Question 9

Fill in the blank: __________ controls are used to mitigate the impact of a security incident after it has occurred.

Answer 9

Corrective

Question 10

Name one example of a technical control.

Answer 10

Firewalls, antivirus software, intrusion detection systems.

Question 11

Which control type includes policies, procedures, and training?

Answer 11

Administrative controls

Question 12

True or False: Security controls are only necessary for large organizations.

Answer 12

False

Question 13

What is the role of a firewall in cybersecurity?

Answer 13

A firewall monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Question 14

What are security patches?

Answer 14

Updates designed to fix vulnerabilities in software applications or operating systems.

Question 15

Multiple Choice: Which of the following is NOT a type of security control? A) Preventive B) Detective C) Reactive D) Corrective

Answer 15

C) Reactive

Question 16

What is the purpose of incident response plans?

Answer 16

To prepare for, respond to, and recover from security incidents effectively.

Question 17

Fill in the blank: The __________ principle states that users should only have access to the information necessary for their job functions.

Answer 17

Least privilege

Question 18

What is two-factor authentication?

Answer 18

A security process that requires two different forms of identification to access a system.

Question 19

True or False: Security awareness training is an example of a technical control.

Answer 19

False

Question 20

What does the term ‘vulnerability assessment’ refer to?

Answer 20

The process of identifying, quantifying, and prioritizing vulnerabilities in a system.

Question 21

Name a key benefit of implementing security controls.

Answer 21

They help protect sensitive data and reduce the risk of security incidents.

Question 22

What is the function of an intrusion detection system (IDS)?

Answer 22

To monitor network traffic for suspicious activity and alert administrators.

Question 23

True or False: All security controls are equally effective against every type of threat.

Answer 23

False

Question 24

What is the difference between a vulnerability and a threat?

Answer 24

A vulnerability is a weakness in a system, while a threat is a potential cause of an unwanted incident.

Question 25

What is risk management in the context of security controls?

Answer 25

The process of identifying, assessing, and prioritizing risks, followed by coordinated efforts to minimize, monitor, and control the probability of unfortunate events.