1. What is the purpose of network traffic analysis in security
operations?
A. To identify and block malicious activity on the network
B. To encrypt all data in transit across the network
C. To ensure compliance with network security policies
D. To identify potential vulnerabilities in network devices
Answer: A) To identify and block malicious activity on the network
Rationale: Network traffic analysis helps identify suspicious or
malicious activity in network communications, enabling security teams
to block or mitigate potential threats.
2. What is the most effective way to mitigate the risk of Distributed
Denial-of-Service (DDoS) attacks?
A. Implementing rate-limiting controls
B. Encrypting sensitive data at rest
C. Monitoring network traffic for unusual patterns
D. Using a Web Application Firewall (WAF)
Answer: A) Implementing rate-limiting controls
Rationale: Rate-limiting controls help mitigate the impact of DDoS
attacks by limiting the number of requests a system can handle from a
particular source, reducing the effectiveness of such attacks.
,3. Which of the following best describes a 'false positive' in the context
of security monitoring?
A. A legitimate security threat that is missed by security monitoring
B. A benign activity that is incorrectly identified as malicious
C. A security incident that is successfully contained
D. A system vulnerability that is exploited by an attacker
Answer: B) A benign activity that is incorrectly identified as malicious
Rationale: A false positive occurs when a benign event is incorrectly
flagged as a security threat by security monitoring tools.
4. Which of the following is an example of a technical security control?
A. Security awareness training
B. Firewalls
C. Incident response procedures
D. Security policies and procedures
Answer: B) Firewalls
Rationale: Technical security controls include hardware or software-
based security measures, such as firewalls, intrusion
detection/prevention systems (IDS/IPS), and encryption tools.
5. Which type of malware is designed to gain unauthorized access to a
system and monitor user activities, often without the user’s knowledge?
, A. Worm
B. Trojan horse
C. Rootkit
D. Ransomware
Answer: C) Rootkit
Rationale: A rootkit is a type of malware designed to hide its presence
on a system and provide unauthorized access, often allowing attackers
to monitor activities and steal information undetected.
6. What is the purpose of security awareness training in an
organization?
A. To reduce the number of vulnerabilities in software
B. To ensure that employees follow best practices and recognize
potential threats
C. To monitor employee activities on the network
D. To implement strong encryption for company data
Answer: B) To ensure that employees follow best practices and
recognize potential threats
Rationale: Security awareness training educates employees on
recognizing and responding to security threats like phishing and social
engineering, promoting a culture of security.
7. Which of the following security controls is designed to detect and
prevent unauthorized access to a system or network?
operations?
A. To identify and block malicious activity on the network
B. To encrypt all data in transit across the network
C. To ensure compliance with network security policies
D. To identify potential vulnerabilities in network devices
Answer: A) To identify and block malicious activity on the network
Rationale: Network traffic analysis helps identify suspicious or
malicious activity in network communications, enabling security teams
to block or mitigate potential threats.
2. What is the most effective way to mitigate the risk of Distributed
Denial-of-Service (DDoS) attacks?
A. Implementing rate-limiting controls
B. Encrypting sensitive data at rest
C. Monitoring network traffic for unusual patterns
D. Using a Web Application Firewall (WAF)
Answer: A) Implementing rate-limiting controls
Rationale: Rate-limiting controls help mitigate the impact of DDoS
attacks by limiting the number of requests a system can handle from a
particular source, reducing the effectiveness of such attacks.
,3. Which of the following best describes a 'false positive' in the context
of security monitoring?
A. A legitimate security threat that is missed by security monitoring
B. A benign activity that is incorrectly identified as malicious
C. A security incident that is successfully contained
D. A system vulnerability that is exploited by an attacker
Answer: B) A benign activity that is incorrectly identified as malicious
Rationale: A false positive occurs when a benign event is incorrectly
flagged as a security threat by security monitoring tools.
4. Which of the following is an example of a technical security control?
A. Security awareness training
B. Firewalls
C. Incident response procedures
D. Security policies and procedures
Answer: B) Firewalls
Rationale: Technical security controls include hardware or software-
based security measures, such as firewalls, intrusion
detection/prevention systems (IDS/IPS), and encryption tools.
5. Which type of malware is designed to gain unauthorized access to a
system and monitor user activities, often without the user’s knowledge?
, A. Worm
B. Trojan horse
C. Rootkit
D. Ransomware
Answer: C) Rootkit
Rationale: A rootkit is a type of malware designed to hide its presence
on a system and provide unauthorized access, often allowing attackers
to monitor activities and steal information undetected.
6. What is the purpose of security awareness training in an
organization?
A. To reduce the number of vulnerabilities in software
B. To ensure that employees follow best practices and recognize
potential threats
C. To monitor employee activities on the network
D. To implement strong encryption for company data
Answer: B) To ensure that employees follow best practices and
recognize potential threats
Rationale: Security awareness training educates employees on
recognizing and responding to security threats like phishing and social
engineering, promoting a culture of security.
7. Which of the following security controls is designed to detect and
prevent unauthorized access to a system or network?
