1. Which of the following tools is commonly used for continuous
monitoring of security events and logs?
A. Antivirus software
B. Security Information and Event Management (SIEM)
C. Network Intrusion Prevention System (IPS)
D. Web Application Firewall (WAF)
Answer: B) Security Information and Event Management (SIEM)
Rationale: SIEM systems are used for continuous monitoring and
analysis of security events, providing real-time alerts and insights to
help identify potential security threats.
2. Which of the following is a common method used for detecting
insider threats?
A. Monitoring network traffic for unusual patterns
B. Implementing a strong firewall
C. Encrypting sensitive data at rest
D. Using a sandbox for malware analysis
Answer: A) Monitoring network traffic for unusual patterns
Rationale: Insider threats are often detected by monitoring network
traffic for unusual or unauthorized behavior, such as accessing sensitive
data or systems outside of normal working hours.
,3. What is the purpose of security awareness training in an
organization?
A. To reduce the number of vulnerabilities in software
B. To ensure that employees follow best practices and recognize
potential threats
C. To monitor employee activities on the network
D. To implement strong encryption for company data
Answer: B) To ensure that employees follow best practices and
recognize potential threats
Rationale: Security awareness training educates employees on
recognizing and responding to security threats like phishing and social
engineering, promoting a culture of security.
4. Which type of access control ensures that a user's access rights are
based on their job role or function?
A. Mandatory Access Control (MAC)
B. Discretionary Access Control (DAC)
C. Role-Based Access Control (RBAC)
D. Attribute-Based Access Control (ABAC)
Answer: C) Role-Based Access Control (RBAC)
Rationale: RBAC assigns access rights based on a user’s job role or
function, ensuring that users only have access to resources necessary
for their work.
, 5. What is the purpose of network segmentation in security operations?
A. To create backups of sensitive data
B. To isolate sensitive data and systems from less secure parts of the
network
C. To monitor and record user activity across the entire network
D. To encrypt traffic between different parts of the network
Answer: B) To isolate sensitive data and systems from less secure parts
of the network
Rationale: Network segmentation helps limit access to sensitive data
and systems, ensuring that a breach in one area does not lead to the
compromise of the entire network.
6. What is the purpose of implementing a Data Loss Prevention (DLP)
solution?
A. To encrypt data in transit
B. To prevent unauthorized access to sensitive data
C. To block malicious websites
D. To monitor user activity across the network
Answer: B) To prevent unauthorized access to sensitive data
Rationale: Data Loss Prevention (DLP) solutions are designed to
monitor and protect sensitive data by preventing unauthorized access,
sharing, or leakage of information.
monitoring of security events and logs?
A. Antivirus software
B. Security Information and Event Management (SIEM)
C. Network Intrusion Prevention System (IPS)
D. Web Application Firewall (WAF)
Answer: B) Security Information and Event Management (SIEM)
Rationale: SIEM systems are used for continuous monitoring and
analysis of security events, providing real-time alerts and insights to
help identify potential security threats.
2. Which of the following is a common method used for detecting
insider threats?
A. Monitoring network traffic for unusual patterns
B. Implementing a strong firewall
C. Encrypting sensitive data at rest
D. Using a sandbox for malware analysis
Answer: A) Monitoring network traffic for unusual patterns
Rationale: Insider threats are often detected by monitoring network
traffic for unusual or unauthorized behavior, such as accessing sensitive
data or systems outside of normal working hours.
,3. What is the purpose of security awareness training in an
organization?
A. To reduce the number of vulnerabilities in software
B. To ensure that employees follow best practices and recognize
potential threats
C. To monitor employee activities on the network
D. To implement strong encryption for company data
Answer: B) To ensure that employees follow best practices and
recognize potential threats
Rationale: Security awareness training educates employees on
recognizing and responding to security threats like phishing and social
engineering, promoting a culture of security.
4. Which type of access control ensures that a user's access rights are
based on their job role or function?
A. Mandatory Access Control (MAC)
B. Discretionary Access Control (DAC)
C. Role-Based Access Control (RBAC)
D. Attribute-Based Access Control (ABAC)
Answer: C) Role-Based Access Control (RBAC)
Rationale: RBAC assigns access rights based on a user’s job role or
function, ensuring that users only have access to resources necessary
for their work.
, 5. What is the purpose of network segmentation in security operations?
A. To create backups of sensitive data
B. To isolate sensitive data and systems from less secure parts of the
network
C. To monitor and record user activity across the entire network
D. To encrypt traffic between different parts of the network
Answer: B) To isolate sensitive data and systems from less secure parts
of the network
Rationale: Network segmentation helps limit access to sensitive data
and systems, ensuring that a breach in one area does not lead to the
compromise of the entire network.
6. What is the purpose of implementing a Data Loss Prevention (DLP)
solution?
A. To encrypt data in transit
B. To prevent unauthorized access to sensitive data
C. To block malicious websites
D. To monitor user activity across the network
Answer: B) To prevent unauthorized access to sensitive data
Rationale: Data Loss Prevention (DLP) solutions are designed to
monitor and protect sensitive data by preventing unauthorized access,
sharing, or leakage of information.
