ANSWERS | VERIFIED AND WELL DETAILED
ANSWERS PLUS RATIONALES | EXAM PREP |
STUDY GUIDE | PRACTICE TEST |
CERTIFICATION PREPARATION | LATEST
UPDATE | DOWNLOAD INSTANT PDF
1. An organization's security team wants to reduce the risk of unauthorized
access by requiring users to provide a password and a fingerprint scan. Which
security principle is being implemented?
A. Least privilege
B. Multifactor authentication (MFA)
C. Network segmentation
D. Single sign-on
MFA requires two or more authentication factors from different categories,
significantly reducing the risk of unauthorized access if one factor is
compromised.
2. A security analyst discovers that attackers are sending fraudulent emails
that appear to come from the company's finance department to trick
employees into revealing login credentials. What type of attack is this?
A. Phishing
B. Brute-force attack
C. Denial-of-service attack
D. Tailgating
Phishing uses deceptive emails or messages to persuade users to reveal sensitive
information or install malicious software.
3. Which security control encrypts data transmitted between a user's web
browser and a secure website?
,A. SSH
B. TLS
C. FTP
D. SNMP
Transport Layer Security (TLS) encrypts communications between clients and
servers, protecting confidentiality and integrity during data transmission.
4. A company wants to ensure employees receive only the minimum
permissions necessary to perform their job responsibilities. Which security
principle should be applied?
A. Defense in depth
B. Separation of duties
C. Least privilege
D. High availability
The principle of least privilege limits user permissions to only what is necessary,
reducing the impact of compromised accounts and accidental misuse.
5. Which type of malware is specifically designed to encrypt files and demand
payment for their release?
A. Worm
B. Trojan
C. Ransomware
D. Spyware
Ransomware encrypts a victim's data and demands payment for the decryption
key, making it one of the most disruptive forms of malware.
6. An organization wants to protect confidential data stored on employee
laptops in case a device is lost or stolen. Which security measure provides the
best protection?
A. Screen timeout
B. Full-disk encryption
,C. Password complexity requirements
D. Antivirus software
Full-disk encryption protects data at rest by making the contents of the drive
unreadable without proper authentication, even if the device is stolen.
7. A security administrator notices repeated failed login attempts against
multiple user accounts from the same external IP address. Which type of
attack is most likely occurring?
A. SQL injection
B. Password spraying
C. Cross-site scripting (XSS)
D. Privilege escalation
Password spraying involves trying a small number of common passwords
against many accounts to avoid account lockout policies.
8. Which security technology inspects incoming and outgoing network traffic
based on predefined security rules and helps block unauthorized connections?
A. Firewall
B. Load balancer
C. Proxy ARP
D. DHCP server
A firewall filters network traffic according to configured policies, helping
prevent unauthorized access while allowing legitimate communications.
9. A company requires employees to use a smart card in addition to a PIN to
access secure facilities. Which authentication factors are being used?
A. Something you know and something you have
B. Something you know and something you are
, C. Something you have and somewhere you are
D. Something you are and something you do
The PIN is "something you know," while the smart card is "something you
have," satisfying two different authentication factors.
10. During a security assessment, an analyst discovers software running on
workstations that is no longer supported by the vendor and no longer receives
security updates. What is the primary security concern?
A. Increased network bandwidth usage
B. Unsupported software may contain unpatched vulnerabilities
C. Reduced hard drive performance
D. Slower DNS resolution
End-of-life software no longer receives security patches, making it a higher risk
for exploitation by attackers.
11. A company experiences a security incident in which an attacker gains
access by exploiting a software vulnerability before a vendor releases a patch.
What type of vulnerability was exploited?
A. Zero-day vulnerability
B. Misconfiguration
C. Insider threat
D. Weak encryption
A zero-day vulnerability is exploited before a fix or patch is available, leaving
systems exposed until mitigation or updates are implemented.
12. Which security concept ensures that information is not altered or
destroyed in an unauthorized manner?
A. Availability
B. Confidentiality
C. Integrity
D. Authentication