Security + Module 1 Study

Authentication & Access Control

Monitoring & Detection

Data Security

System & Change Management

Risk & Availability

100

This method relies on something you know, something you have, and something you are.

What is multifactor authentication? (Q108)

100

This decoy system is designed to lure attackers and monitor their actions.

attackers and monitor their actions.What is a honeypot? (Q80)

100

This technique protects stored data so it remains unreadable if a device is stolen.

What is encryption at rest? (Q125)

100

This step ensures patches are planned, reviewed, and approved before implementation.

What is a change control request? (Q72)

100

This design principle ensures that a critical emergency web app is always usable.

What is availability? (Q116)

200

This physical object can serve as a second authentication factor when smartphones aren’t allowed.

What is a smart card? (Q156)

200

This logging activity is often used after a breach to understand what occurred.

What is a detective control? (Q92)

200

This visual obfuscation technique is used to hide all but the last four digits of credit card numbers.

What is masking? (Q114)

200

This planned activity window is used to perform updates with minimal business disruption.

What is scheduled downtime? (Q98

200

This form of evidence ensures a message cannot be denied by its sender.

What is non-repudiation? (Q84)

300

This access control method uses a scannable item to permit entry.

What is badge access (Q121)

300

This system analyzes logs and alerts security teams of suspicious activity.

What is a SIEM system? (Q139)

300

This method transforms sensitive data into an unreadable format and allows future decryption.

What is encryption? (Q141)

300

This security hardening strategy disables unnecessary services to protect older systems.

What is hardening? (Q105)

300

This protocol checks if a certificate has been revoked in real-time.

What is OCSP? (Q102)

400

This physical security feature uses two interlocking doors to prevent tailgating.

What is an access control vestibule? (Q140)

400

This control type is used to monitor and detect malicious activity within systems.

What is a detective control? (Q139)

400

This technique replaces sensitive data with meaningless placeholders for lower risk exposure.

What is tokenization? (Q141-related)

400

This process evaluates the impact and approval of IT changes via formal review.

What is change management? (Q72 – deeper)

400

This method is used by banks to secure data on laptops in case of theft.

What is encryption at rest? (Q125)

500

This form of access control enforces strict verification at every access request, regardless of location.

What is Zero Trust? (Q146)

500

This Zero Trust concept applies network segmentation to protect sensitive data zones.

What are secured zones? (Q160)

500

This technique hides data inside another file type, like an image or audio file.

What is steganography? (Q106)

500

These types of controls protect legacy systems when standard controls aren't viable.

What are compensating controls? (Q175)

500

This security model enforces policy, limits threat exposure, and assumes no default trust.

What is Zero Trust? (Q146)