1. What is the purpose of a Security Information and Event
Management (SIEM) system?
A. To create firewall rules
B. To log and analyze security-related data from various systems
C. To secure physical access to the data center
D. To implement encryption protocols
Answer: B) To log and analyze security-related data from various
systems
Rationale: SIEM systems aggregate and analyze data from a variety of
sources, such as firewalls, intrusion detection systems (IDS), and
servers, to provide security monitoring and event management.
2. In the context of incident response, what does the term 'root cause
analysis' refer to?
A. Identifying the attacker’s identity
B. Evaluating the success of the recovery efforts
C. Determining the underlying cause of the security incident
D. Monitoring affected systems after the incident
Answer: C) Determining the underlying cause of the security incident
,Rationale: Root cause analysis involves identifying the fundamental
issue that led to the security incident, which helps in preventing similar
incidents in the future.
3. What is the purpose of a "kill chain" in the context of cybersecurity
operations?
A. To ensure that sensitive data is encrypted
B. To describe the stages of a cyberattack from initial access to
completion
C. To identify all network traffic for potential malicious activity
D. To evaluate the security posture of external partners
Answer: B) To describe the stages of a cyberattack from initial access to
completion
Rationale: The "kill chain" model outlines the stages of a cyberattack,
from the attacker’s initial access to the final exploitation, helping
defenders recognize and disrupt attacks at various stages.
4. What is the primary purpose of conducting a vulnerability
assessment?
A. To discover weaknesses and threats in a network or system
B. To test the effectiveness of incident response plans
C. To train staff on security best practices
D. To ensure compliance with industry standards
Answer: A) To discover weaknesses and threats in a network or system
, Rationale: A vulnerability assessment helps identify weaknesses and
security flaws in systems, applications, and networks, which can be
mitigated before exploitation by attackers.
5. What is the primary function of a security audit?
A. To assess the effectiveness of security policies and controls
B. To perform regular penetration testing
C. To monitor user activities in real time
D. To detect network-based attacks
Answer: A) To assess the effectiveness of security policies and controls
Rationale: A security audit evaluates an organization's security policies,
procedures, and controls to ensure they are effective and compliant
with industry standards and regulations
6. Which of the following is a common method used for detecting
insider threats?
A. Monitoring network traffic for unusual patterns
B. Implementing a strong firewall
C. Encrypting sensitive data at rest
D. Using a sandbox for malware analysis
Answer: A) Monitoring network traffic for unusual patterns
Management (SIEM) system?
A. To create firewall rules
B. To log and analyze security-related data from various systems
C. To secure physical access to the data center
D. To implement encryption protocols
Answer: B) To log and analyze security-related data from various
systems
Rationale: SIEM systems aggregate and analyze data from a variety of
sources, such as firewalls, intrusion detection systems (IDS), and
servers, to provide security monitoring and event management.
2. In the context of incident response, what does the term 'root cause
analysis' refer to?
A. Identifying the attacker’s identity
B. Evaluating the success of the recovery efforts
C. Determining the underlying cause of the security incident
D. Monitoring affected systems after the incident
Answer: C) Determining the underlying cause of the security incident
,Rationale: Root cause analysis involves identifying the fundamental
issue that led to the security incident, which helps in preventing similar
incidents in the future.
3. What is the purpose of a "kill chain" in the context of cybersecurity
operations?
A. To ensure that sensitive data is encrypted
B. To describe the stages of a cyberattack from initial access to
completion
C. To identify all network traffic for potential malicious activity
D. To evaluate the security posture of external partners
Answer: B) To describe the stages of a cyberattack from initial access to
completion
Rationale: The "kill chain" model outlines the stages of a cyberattack,
from the attacker’s initial access to the final exploitation, helping
defenders recognize and disrupt attacks at various stages.
4. What is the primary purpose of conducting a vulnerability
assessment?
A. To discover weaknesses and threats in a network or system
B. To test the effectiveness of incident response plans
C. To train staff on security best practices
D. To ensure compliance with industry standards
Answer: A) To discover weaknesses and threats in a network or system
, Rationale: A vulnerability assessment helps identify weaknesses and
security flaws in systems, applications, and networks, which can be
mitigated before exploitation by attackers.
5. What is the primary function of a security audit?
A. To assess the effectiveness of security policies and controls
B. To perform regular penetration testing
C. To monitor user activities in real time
D. To detect network-based attacks
Answer: A) To assess the effectiveness of security policies and controls
Rationale: A security audit evaluates an organization's security policies,
procedures, and controls to ensure they are effective and compliant
with industry standards and regulations
6. Which of the following is a common method used for detecting
insider threats?
A. Monitoring network traffic for unusual patterns
B. Implementing a strong firewall
C. Encrypting sensitive data at rest
D. Using a sandbox for malware analysis
Answer: A) Monitoring network traffic for unusual patterns
