#1
What is a common method to mitigate phishing attacks?
Training employees to recognize suspicious emails
ExplanationPhishing attacks can be mitigated by training employees to recognize and avoid clicking on suspicious emails, links, or attachments.
#2
What is the main goal of a DDoS (Distributed Denial of Service) attack?
To disrupt or disable services
ExplanationDDoS attacks aim to overwhelm and disable online services, making them inaccessible to legitimate users.
#3
What is the term used to describe the practice of disguising data so it appears to be something else?
Steganography
ExplanationSteganography involves hiding data within other files or media to conceal its existence, adding an extra layer of security.
#4
Which of the following is NOT a common type of phishing attack?
Brute force attack
ExplanationBrute force attacks involve attempting to guess passwords through repeated, exhaustive efforts; they are not a common type of phishing attack.
#5
Which of the following is an example of a physical security measure?
Security camera
ExplanationA security camera is an example of a physical security measure, providing surveillance to deter and monitor unauthorized access.
#6
Which of the following is NOT a physical security measure?
Firewalls
ExplanationFirewalls are not physical security measures; they are network security devices that control incoming and outgoing traffic based on predetermined security rules.
#7
What does the term 'social engineering' refer to in the context of security?
Using psychological manipulation to deceive individuals
ExplanationSocial engineering involves manipulating individuals to divulge confidential information or perform actions against their own interests through psychological tactics.
#8
Which of the following is NOT a recommended practice for securing mobile devices?
Sharing passwords with friends and family
ExplanationSharing passwords with others compromises the security of mobile devices; it is not a recommended practice.
#9
What is a common method used for secure data disposal?
Overwriting data multiple times with random patterns
ExplanationSecure data disposal involves overwriting data multiple times with random patterns to prevent recovery and unauthorized access.
#10
Which of the following is NOT a common factor in a strong password?
Use of personal information
ExplanationUsing personal information in passwords weakens security; strong passwords should avoid easily guessable details.
#11
Which of the following is a principle of least privilege?
Granting users the least amount of access necessary to perform their tasks
ExplanationThe principle of least privilege involves providing users with the minimum access rights needed to accomplish their tasks, reducing the risk of unauthorized access.
#12
What is the purpose of a VPN (Virtual Private Network) in operational security?
To create a secure connection over an unsecured network
ExplanationVPNs establish secure, encrypted connections over unsecured networks, ensuring confidentiality and integrity of data during transmission.
#13
Which of the following is NOT a type of malware?
Firewall
ExplanationFirewall is not a type of malware; it is a network security device that monitors and controls network traffic.
#14
What is the purpose of penetration testing in operational security?
To test the effectiveness of security controls
ExplanationPenetration testing assesses the security of a system by simulating cyberattacks to identify vulnerabilities and weaknesses in security controls.
#15
What is the difference between symmetric and asymmetric encryption?
Symmetric encryption uses one key, while asymmetric encryption uses two keys
ExplanationSymmetric encryption uses a single key for both encryption and decryption, while asymmetric encryption involves a pair of public and private keys for secure communication.