1. What is the purpose of encryption in security operations?
A. To prevent unauthorized access to data during transmission or
storage
B. To identify vulnerabilities in a system
C. To detect malware on a system
D. To block unauthorized users from accessing a system
Answer: A) To prevent unauthorized access to data during
transmission or storage
Rationale: Encryption protects sensitive data by converting it into an
unreadable format, ensuring that only authorized parties can access or
read it, whether in transit or at rest.
2. Which of the following is a primary responsibility of a Security
Operations Center (SOC)?
A. Developing application security policies
B. Managing incident response and monitoring security alerts
C. Conducting vulnerability assessments
D. Encrypting organizational data
Answer: B) Managing incident response and monitoring security alerts
Rationale: A Security Operations Center (SOC) is primarily responsible
for continuously monitoring an organization's security environment,
,managing incident responses, and analyzing security alerts to protect
the organization.
3. Which of the following is a key goal of incident containment during
a security breach?
A. To identify the attacker’s identity
B. To prevent the incident from spreading and causing further damage
C. To conduct a post-incident review
D. To recover lost data from backups
Answer: B) To prevent the incident from spreading and causing further
damage
Rationale: Containment is a critical step in limiting the scope of a
security breach, ensuring that it does not escalate further and cause
more widespread damage.
4. Which of the following is an example of a physical security control?
A. Antivirus software
B. Biometric access control systems
C. Firewalls
D. Data encryption
Answer: B) Biometric access control systems
, Rationale: Physical security controls include measures to protect
physical access to assets, such as biometric access controls, locks, and
surveillance systems.
5. What should be the first step in an incident response plan when a
breach is detected?
A. Contain the incident to prevent further damage
B. Notify the public about the breach
C. Analyze the breach to determine its cause
D. Restore affected systems from backups
Answer: A) Contain the incident to prevent further damage
Rationale: Containing the incident immediately prevents further
damage and limits the spread of the breach, enabling the incident
response team to address the issue effectively.
6. What is the primary focus of a Business Continuity Plan (BCP)?
A. To monitor the effectiveness of security policies
B. To ensure essential business operations can continue during or after
a disaster
C. To prevent malware infections
D. To audit user access privileges
Answer: B) To ensure essential business operations can continue
during or after a disaster
A. To prevent unauthorized access to data during transmission or
storage
B. To identify vulnerabilities in a system
C. To detect malware on a system
D. To block unauthorized users from accessing a system
Answer: A) To prevent unauthorized access to data during
transmission or storage
Rationale: Encryption protects sensitive data by converting it into an
unreadable format, ensuring that only authorized parties can access or
read it, whether in transit or at rest.
2. Which of the following is a primary responsibility of a Security
Operations Center (SOC)?
A. Developing application security policies
B. Managing incident response and monitoring security alerts
C. Conducting vulnerability assessments
D. Encrypting organizational data
Answer: B) Managing incident response and monitoring security alerts
Rationale: A Security Operations Center (SOC) is primarily responsible
for continuously monitoring an organization's security environment,
,managing incident responses, and analyzing security alerts to protect
the organization.
3. Which of the following is a key goal of incident containment during
a security breach?
A. To identify the attacker’s identity
B. To prevent the incident from spreading and causing further damage
C. To conduct a post-incident review
D. To recover lost data from backups
Answer: B) To prevent the incident from spreading and causing further
damage
Rationale: Containment is a critical step in limiting the scope of a
security breach, ensuring that it does not escalate further and cause
more widespread damage.
4. Which of the following is an example of a physical security control?
A. Antivirus software
B. Biometric access control systems
C. Firewalls
D. Data encryption
Answer: B) Biometric access control systems
, Rationale: Physical security controls include measures to protect
physical access to assets, such as biometric access controls, locks, and
surveillance systems.
5. What should be the first step in an incident response plan when a
breach is detected?
A. Contain the incident to prevent further damage
B. Notify the public about the breach
C. Analyze the breach to determine its cause
D. Restore affected systems from backups
Answer: A) Contain the incident to prevent further damage
Rationale: Containing the incident immediately prevents further
damage and limits the spread of the breach, enabling the incident
response team to address the issue effectively.
6. What is the primary focus of a Business Continuity Plan (BCP)?
A. To monitor the effectiveness of security policies
B. To ensure essential business operations can continue during or after
a disaster
C. To prevent malware infections
D. To audit user access privileges
Answer: B) To ensure essential business operations can continue
during or after a disaster
