1. Which of the following is a key aspect of security awareness training
for employees?
A. Ensuring all employees are granted administrative access
B. Teaching employees how to identify phishing emails
C. Disabling all antivirus software on user systems
D. Allowing unrestricted access to external websites
Answer: B) Teaching employees how to identify phishing emails
Rationale: Security awareness training educates employees on how to
recognize common threats, such as phishing, and encourages safe
practices to reduce the risk of a security breach.
2. Which of the following tools is commonly used for continuous
monitoring of security events and logs?
A. Antivirus software
B. Security Information and Event Management (SIEM)
C. Network Intrusion Prevention System (IPS)
D. Web Application Firewall (WAF)
Answer: B) Security Information and Event Management (SIEM)
Rationale: SIEM systems are used for continuous monitoring and
analysis of security events, providing real-time alerts and insights to
help identify potential security threats.
,3. What is the primary objective of an Incident Response (IR) team
during a security incident?
A. To identify and stop the attack as quickly as possible
B. To collect evidence for legal prosecution
C. To ensure the business remains operational at all costs
D. To report the incident to regulatory authorities immediately
Answer: A) To identify and stop the attack as quickly as possible
Rationale: The primary goal of the IR team during a security incident
is to quickly identify the attack and stop it to prevent further damage,
followed by containment and remediation actions.
4. Which of the following is a key feature of multi-factor authentication
(MFA)?
A. Password complexity requirements
B. Verification through two or more separate authentication factors
C. Biometric authentication only
D. Single sign-on across multiple systems
Answer: B) Verification through two or more separate authentication
factors
Rationale: MFA enhances security by requiring two or more forms of
authentication, such as something you know (password), something you
have (smartphone), or something you are (fingerprint).
, 5. Which type of security testing would best help identify weaknesses
in a web application?
A. Penetration testing
B. Compliance auditing
C. Social engineering
D. Physical security assessments
Answer: A) Penetration testing
Rationale: Penetration testing simulates attacks on a system, including
web applications, to identify and address vulnerabilities that could be
exploited by attackers.
6. In security operations, what is the primary function of a firewall?
A. To provide secure access to applications
B. To block unauthorized access to or from a network
C. To monitor network traffic for malware
D. To encrypt data in transit
Answer: B) To block unauthorized access to or from a network
Rationale: A firewall is a network security device designed to monitor
and control incoming and outgoing network traffic based on
predetermined security rules, thus blocking unauthorized access.
for employees?
A. Ensuring all employees are granted administrative access
B. Teaching employees how to identify phishing emails
C. Disabling all antivirus software on user systems
D. Allowing unrestricted access to external websites
Answer: B) Teaching employees how to identify phishing emails
Rationale: Security awareness training educates employees on how to
recognize common threats, such as phishing, and encourages safe
practices to reduce the risk of a security breach.
2. Which of the following tools is commonly used for continuous
monitoring of security events and logs?
A. Antivirus software
B. Security Information and Event Management (SIEM)
C. Network Intrusion Prevention System (IPS)
D. Web Application Firewall (WAF)
Answer: B) Security Information and Event Management (SIEM)
Rationale: SIEM systems are used for continuous monitoring and
analysis of security events, providing real-time alerts and insights to
help identify potential security threats.
,3. What is the primary objective of an Incident Response (IR) team
during a security incident?
A. To identify and stop the attack as quickly as possible
B. To collect evidence for legal prosecution
C. To ensure the business remains operational at all costs
D. To report the incident to regulatory authorities immediately
Answer: A) To identify and stop the attack as quickly as possible
Rationale: The primary goal of the IR team during a security incident
is to quickly identify the attack and stop it to prevent further damage,
followed by containment and remediation actions.
4. Which of the following is a key feature of multi-factor authentication
(MFA)?
A. Password complexity requirements
B. Verification through two or more separate authentication factors
C. Biometric authentication only
D. Single sign-on across multiple systems
Answer: B) Verification through two or more separate authentication
factors
Rationale: MFA enhances security by requiring two or more forms of
authentication, such as something you know (password), something you
have (smartphone), or something you are (fingerprint).
, 5. Which type of security testing would best help identify weaknesses
in a web application?
A. Penetration testing
B. Compliance auditing
C. Social engineering
D. Physical security assessments
Answer: A) Penetration testing
Rationale: Penetration testing simulates attacks on a system, including
web applications, to identify and address vulnerabilities that could be
exploited by attackers.
6. In security operations, what is the primary function of a firewall?
A. To provide secure access to applications
B. To block unauthorized access to or from a network
C. To monitor network traffic for malware
D. To encrypt data in transit
Answer: B) To block unauthorized access to or from a network
Rationale: A firewall is a network security device designed to monitor
and control incoming and outgoing network traffic based on
predetermined security rules, thus blocking unauthorized access.
