Network Security
Which of the following devices monitors and controls incoming and outgoing network traffic based on predetermined security rules?
a) Proxy server b) Firewall c) Router d) Switch
what is b) Firewall
In asymmetric encryption, which key is used for encryption?
a) Public key b) Private key c) Shared key d) Symmetric key
what is a) Public key
Which principle states that individuals should only be granted the minimum level of access or permissions necessary to perform their tasks?
a) Principle of minimal privilege b) Principle of maximum privilege c) Principle of least privilege d) Principle of excessive privilege
what is c) Principle of least privilege
Which social engineering technique involves pretending to be someone else to obtain sensitive information?
a) Phishing b) Pretexting c) Baiting d) Tailgating
What is b) Pretexting
What is a zero-day exploit?
a) An exploit that occurs once every zero days
b) An exploit that targets zero-day-old vulnerabilities c) An exploit that is known to the vendor before being exploited
d) An exploit that targets vulnerabilities unknown to the vendor or developer
what is d) An exploit that targets vulnerabilities unknown to the vendor or developer
What do Virtual Private Networks (VPNs) use to create a secure, encrypted connection over a public network?
a) Public keys b) Private keys c) Symmetric keys d) Hashing algorithms
what is c) Symmetric keys
Which encryption algorithm is used for secure communication over the internet, providing confidentiality and integrity?
a) AES (Advanced Encryption Standard) b) DES (Data Encryption Standard) c) RSA (Rivest-Shamir-Adleman) d) MD5 (Message Digest Algorithm 5)
What is a) AES (Advanced Encryption Standard)
Which principle emphasizes the need to authenticate individuals before granting them access to resources?
a) Principle of minimal privilege b) Principle of maximum privilege c) Principle of least privilege d) Principle of authentication
what is d) Principle of authentication
Which social engineering technique involves creating a sense of urgency to prompt immediate action from the victim?
a) Phishing b) Spear phishing c) hacking d) Baiting
What is a) Phishing
What is the term for a software patch that is developed and released by a vendor to fix a security vulnerability?
a) Hotfix b) Update c) Service pack d) Patch
what is d) Patch
Which of the following devices is used to segment a network into smaller, more manageable parts and control traffic flow between them?
a) Proxy server b) Firewall c) Router d) Switch
what is c) Router
Which cryptographic algorithm is specifically designed for digital signatures and asymmetric key exchange?
a) Triple DES b) Blowfish c) Diffie-Hellman d) DSA (Digital Signature Algorithm)
what is d) DSA (Digital Signature Algorithm)
Which security principle ensures that data is not disclosed to unauthorized users during transmission or storage?
a) Integrity b) Confidentiality c) Availability d) Authentication
what is b) Confidentiality
Which social engineering technique involves gaining unauthorized access to a physical location by following an authorized person?
a) Tailgating b) Phishing c) Baiting d) Pretexting
what is a) Tailgating
What is the term for a weakness in a system or network that could be exploited by a threat?
a) Exploit b) Vulnerability c) Threat vector d) Risk assessment
what is b) Vulnerability
Which protocol is commonly used for secure communication over the web, providing encryption and authentication?
What is HTTPs
Which cryptographic protocol provides secure email communication, ensuring confidentiality, integrity, and authentication?
a) SSH (Secure Shell)
b) PGP (Pretty Good Privacy)
c) SSL/TLS (Secure Sockets Layer/Transport Layer Security)
d) IPsec (Internet Protocol Security)
what is b) PGP (Pretty Good Privacy)
What is the principle that ensures that data is accurate, complete, and unchanged during transmission or storage?
a) Confidentiality b) Integrity c) Availability d) Non-repudiation
What is b) Integrity
What is the main objective of a pretexting attack in social engineering?
a) To trick individuals into providing sensitive information by impersonating a trusted entity.
b) To infect systems with malware by sending deceptive emails.
c) To physically breach secure facilities using social manipulation techniques.
d) To disrupt network services through distributed denial-of-service (DDoS) attacks.
What is a) To trick individuals into providing sensitive information by impersonating a trusted entity.
What is the term for a software vulnerability that allows an attacker to gain unauthorized access to a system?
a) Buffer overflow
b) Cross-site scripting
c) Privilege escalation
d) Remote code execution
What is c) Privilege escalation
What type of network attack involves exploiting the Domain Name System (DNS) to redirect users to malicious websites?
a) ARP poisoning b) DNS cache poisoning c) SQL injection d) Cross-site scripting (XSS)
What is b) DNS cache poisoning
In public-key cryptography, what is the purpose of the private key?
a) Encrypting data b) Decrypting data c) Verifying digital signatures d) Authenticating users Correct
What is b) Decrypting data
Describe the concept of "defense in depth" in security principles and provide an example of its implementation.
a) Defense in depth involves implementing multiple layers of security controls to protect against various threats. An example would be using firewalls, intrusion detection systems, and access controls together.
b) Defense in depth involves focusing on a single layer of security to mitigate all possible threats. An example would be relying solely on encryption for data protection.
c) Defense in depth emphasizes physical security measures over digital security controls. An example would be using biometric authentication for access control.
d) Defense in depth is not a valid security principle.
What is a) Defense in depth involves implementing multiple layers of security controls to protect against various threats. An example would be using firewalls, intrusion detection systems, and access controls together.
In the context of social engineering, what is "quid pro quo"?
a) Giving something in return for information
b) Impersonating a coworker
c) Creating a fake sense of urgency
d) Pretending to be a trusted entity
what is a) Giving something in return for information
Explain the concept of "vulnerability scoring" in vulnerability management and provide an example of a widely used scoring system.
a) Vulnerability scoring involves assigning a numerical value to vulnerabilities based on their severity, ease of exploitation, and potential impact. Example: Common Vulnerability Scoring System (CVSS).
b) Vulnerability scoring refers to categorizing vulnerabilities alphabetically based on their names. Example: A, B, C, D, etc.
c) Vulnerability scoring evaluates vulnerabilities based on their popularity among attackers. Example: Top 10 Most Exploited Vulnerabilities List.
d) Vulnerability scoring is not a common practice in vulnerability management.
What is a) Vulnerability scoring involves assigning a numerical value to vulnerabilities based on their severity, ease of exploitation, and potential impact. Example: Common Vulnerability Scoring System (CVSS).