CC - Certified in Cybersecurity - CBT IT Certification Training

Take our Certified in Cybersecurity course here.

1. Which of the following is an example of a corrective security control?

a) Antivirus software

b) Firewall

c) Encryption

d) Intrusion Detection System (IDS)

Question 1 of 50

2. A company is about to start a new project and needs to determine the potential risks it might face. What type of risk assessment tool would be the most appropriate to use in this scenario?

a) Quantitative Risk Assessment

b) Qualitative Risk Assessment

c) Both Quantitative and Qualitative Risk Assessment

d) Digital Risk Assessment

Question 2 of 50

3. What is the purpose of having a disaster recovery plan in an organization?

a) To ensure the integrity of information

b) To ensure the security of information

c) To ensure the availability of information

d) To ensure the confidentiality of information

Question 3 of 50

4. What is the process of protecting confidential information called?

a) Data encryption

b) Data recovery

c) Data backup

d) Data protection

Question 4 of 50

5. What are the rights of individuals under the General Data Protection Regulation (GDPR)?

a) All of the below

b) Right to Access

c) Right to Data Portability

d) Right to be Forgotten

Question 5 of 50

6. What are the key components of a non-repudiation system?

a) Network address translation, virtual private networks, and proxy servers

b) Digital signatures, message authentication codes, and public key infrastructure

c) Firewalls, intrusion detection systems, and antivirus software

d) Encryption, compression, and error correction

Question 6 of 50

7. How does separation of duties enhance cybersecurity?

a) By reducing the risk of data breaches

b) By reducing the risk of external attacks

c) By reducing the risk of human error

d) By reducing the risk of insider threats

Question 7 of 50

8. What is the first step in the risk management process?

a) Controlling risks

b) Evaluating risks

c) Identifying risks

d) Assessing risks

Question 8 of 50

9. What are some advantages of using a quantitative risk assessment tool?

a) Improved accuracy in determining the likelihood and impact of risks

b) Improved ability to allocate resources effectively

c) Improved efficiency in prioritizing risks

d) All of the above

Question 9 of 50

10. What is the definition of integrity in the context of information security?

a) The accuracy and consistency of data over time

b) The ability of a system to prevent unauthorized access to data

c) The availability of data for authorized users

d) The protection of sensitive information from unauthorized disclosure

Question 10 of 50

11. What is the primary difference between a hot site and a warm site?

a) A hot site is used for short-term recovery while a warm site is used for long-term recovery

b) A hot site is located close to the main facility while a warm site is located farther away

c) A hot site is fully functional while a warm site is partially functional

d) A hot site is more expensive than a warm site

Question 11 of 50

12. What is the purpose of the containment step in incident response?

a) To implement a solution to the incident

b) To stop the incident from spreading

c) To identify the root cause of the incident

d) To analyse the incident

Question 12 of 50

13. What is a containment plan in the context of incident response?

a) A plan for containing the spread of an incident

b) A plan for containing the spread of a fire

c) A plan for containing the spread of an environmental hazard

d) A plan for containing the spread of a virus

Question 13 of 50

14. What is the role of a risk assessment in an IT disaster recovery plan?

a) To prioritize the critical business processes that must be protected

b) To develop a strategy for mitigating the risks and threats identified in the assessment

c) To identify the potential risks and threats to the organisation's operations

d) All of the above

Question 14 of 50

15. What is the difference between a hot site, warm site, and cold site?

a) A hot site has limited functionality, a warm site is a fully functional backup facility, and a cold site is an unused facility with no equipment

b) A hot site is a fully functional backup facility, a warm site has limited functionality, and a cold site is an unused facility with no equipment

c) A hot site is a fully functional backup facility, a warm site is an unused facility with no equipment, and a cold site has limited functionality

d) A hot site is an unused facility with no equipment, a warm site has limited functionality, and a cold site is a fully functional backup facility

Question 15 of 50

16. What is a supply chain disruption disaster?

a) A disaster caused by a disruption in the flow of goods and materials

b) A disaster caused by a widespread outbreak of a disease

c) A disaster caused by a natural event such as a hurricane

d) A disaster caused by a nuclear explosion

Question 16 of 50

17. What is the purpose of testing a BCP?

a) To ensure that the plan is foolproof and cannot fail

b) To assess the financial impact of disaster on the organization

c) To identify weaknesses and improve the plan

d) To verify that the plan conforms to legal and regulatory requirements

Question 17 of 50

18. What is the first step in incident response?

a) Containment

b) Identification

c) Analysis

d) Remediation

Question 18 of 50

19. What is a communication plan in the context of incident response?

a) All of the below

b) A plan for communicating with employees during an incident

c) A plan for communicating with customers and stakeholders during an incident

d) A plan for communicating with government agencies during an incident

Question 19 of 50

20. What is the primary purpose of an IT business continuity plan?

a) To ensure the survival of a business in the event of a disaster

b) To minimize the impact of a disaster on a business

c) To provide a means of recovering data in the event of a disaster

d) To provide a plan for restoring normal business operations in the event of a disaster

Question 20 of 50

21. What should be considered when developing a physical security control plan?

a) The location of the assets

b) The potential threat sources

c) The type of assets being protected

d) All of the above

Question 21 of 50

22. What is the main purpose of using a badge system in a cybersecurity setting?

a) To enforce dress code regulations

b) To monitor employee attendance

c) To track inventory levels

d) To prevent unauthorized access to secure areas

Question 22 of 50

23. What is the main difference between fail-safe and fail-secure mechanisms?

a) Fail-safe systems lock down in case of a failure, while fail-secure systems operate in a safe state in case of a failure

b) Neither fail-safe nor fail-secure systems are used in security applications

c) Fail-safe systems operate in a safe state in case of a failure, while fail-secure systems lock down in case of a failure

d) Fail-safe and fail-secure systems are the same thing

Question 23 of 50

24. How does the use of surveillance cameras improve physical security?

a) All of the below

b) By recording events for future use

c) By deterring potential attackers

d) By providing real-time monitoring

Question 24 of 50

25. Company XYZ is concerned about the potential for fraud or errors in their accounting department. Which security control should be implemented to reduce this risk?

a) Segregation of duties

b) Segregation of duties and the principle of least privilege

c) Principle of least privilege

d) None of the above

Question 25 of 50

26. What is the purpose of Crime Prevention Through Environmental Design (CPTED)?

a) To increase crime through law enforcement practices

b) To decrease crime through physical design and management of the built environment

c) To increase crime through physical design and management of the built environment

d) To have no impact on crime through physical design and management of the built environment

Question 26 of 50

27. In a DAC system, who has control over the access permissions of a resource?

a) The owner of the resource

b) The system administrator

c) Owner and system admin

d) None of the above

Question 27 of 50

28. Which of the following is a limitation of MAC?

a) It can be easily circumvented by malicious users

b) It can result in users having too much access to resources

c) It can be difficult to implement and manage

d) It can be too rigid and inflexible

Question 28 of 50

29. In an organization that uses Role-based access control (RBAC), a user has been promoted to a new position. Which action should be taken to adjust the user's access permissions?

a) The user’s access permissions should remain the same

b) The user should be given unrestricted access to all resources

c) The user should be required to reapply for access to all resources

d) The user’s access permissions should be modified based on their new job duties

Question 29 of 50

30. What are the 4 principles of CPTED (Crime Prevention Through Environmental Design)?

a) Surveillance, access control, lighting and maintenance

b) Access control, territoriality, lighting and maintenance

c) Surveillance, territoriality, lighting and maintenance

d) Surveillance, access control, territoriality and maintenance

Question 30 of 50

31. What type of firewall is typically used to protect an entire network?

a) Application layer firewall

b) Network layer firewall

c) Stateful firewall

d) Packet filtering firewall

Question 31 of 50

32. Which of the following is a key element of an effective SLA?

a) A lack of clear responsibilities for the service provider and the client

b) Vague, non-specific language

c) Ambiguous service availability guarantees

d) Clear, measurable performance metrics

Question 32 of 50

33. What is a region in cloud computing?

a) A collection of databases that share resources

b) A set of data centers located in different geographical locations

c) A group of virtual machines with similar configurations

d) A set of tools for managing cloud resources

Question 33 of 50

34. What is WPA2, a common security protocol used for Wi-Fi networks?

a) Wireless Power Amplification 2

b) Wi-Fi Packet Analyzer 2

c) Wireless Policy Authentication 2

d) Wi-Fi Protected Access 2

Question 34 of 50

35. What is the primary disadvantage of a packet filtering firewall?

a) They are unable to filter traffic based on application layer protocols

b) They are unable to maintain state information about connections

c) They are unable to block traffic based on IP addresses

d) They are vulnerable to attacks that exploit network-layer protocols

Question 35 of 50

36. What is the main difference between signature-based detection and anomaly-based detection in IDS?

a) Signature-based detection is more accurate than anomaly-based detection

b) Anomaly-based detection relies on pre-configured rules, while signature-based detection is based on machine learning

c) Signature-based detection looks for known patterns of malicious behavior, while anomaly-based detection looks for abnormal behavior patterns

d) Signature-based detection is faster than anomaly-based detection

Question 36 of 50

37. What is the Open Systems Interconnection (OSI) model?

a) A network protocol used for wireless communication

b) A network architecture model that defines the communications protocol used by the internet

c) A model for network communications that defines a five-layer architecture

d) A model for network communications that defines a sever-layer architecture

Question 37 of 50

38. Which of the following is a common technique used in DDoS attacks?

a) Cross-site scripting (XSS)

b) DNS spoofing

c) SQL injection

d) Botnets

Question 38 of 50

39. Which of the following ports is typically used for secure communication?

a) Port 80

b) Port 110

c) Port 443

d) Port 25

Question 39 of 50

40. Which of the following is a defense strategy against zero-day attacks?

a) Implementing perimeter-based network security controls

b) Regularly updating software and systems

c) Using strong passwords and multifactor authentication

d) Disabling all unnecessary services and ports

Question 40 of 50

41. Which of the following is NOT a component of a digital signature?

a) An encryption key

b) A message or document

c) A digital certificate

d) A hash function

Question 41 of 50

42. How can data classification and labelling help with data governance and compliance?

a) By providing a way to easily identify and track data based on its regulatory requirements

b) By reducing the risk of data breaches and loss of intellectual property

c) By demonstrating that the organization is handling data in a responsible and compliant manner

d) All of the above

Question 42 of 50

43. What is the main purpose of an Acceptable Use Policy (AUP)?

a) To provide guidelines for the appropriate use of company resources

b) To allow employees to use company resources as they see fit

c) To restrict access to company resources

d) To delegate responsibility for resource management to a third-party provider

Question 43 of 50

44. Which of the following is an important consideration when implementing system hardening measures?

a) System hardening measures should be tested and evaluated to ensure that they are effective

b) Password policies should be relaxed to make it easier for users to access the system

c) All security measures should be disabled when performing software updates

d) System performance should always be prioritized over security

Question 44 of 50

45. Which of the following is an example of an asymmetric encryption algorithm?

a) RC4

b) DES

c) RSA

d) Blowfish

Question 45 of 50

46. What are the six main phases of the data lifecycle?

a) Data creation, data analysis, data storage, data use, data destruction, data mining

b) Data creation, data analysis, data storage, data modification, data destruction

c) Data creation, data analysis, data use, data modification, data archiving, data mining

d) Data creation, data storing, data using, data sharing, data archiving, data destroying

Question 46 of 50

47. Which of the following is an example of a key exchange algorithm used in symmetric encryption?

a) SHA-256

b) Deffie-Hellman

c) AES

d) RSA

Question 47 of 50

48. What is the purpose of software updates and patches in configuration management?

a) To upgrade the operating system of a server

b) To fix security vulnerabilities and bugs in software applications

c) To add new features to software applications

d) To optimize the performance of hardware devices

Question 48 of 50

49. Which of the following is NOT a benefit of maintaining an accurate information asset inventory?

a) Improved risk management

b) Improved incident response and recovery

c) Improved compliance with regulations and standards

d) Improved employe productivity

Question 49 of 50

50. What is the difference between a log and an event?

a) A log is a specific occurrence, while an event is a record of events

b) A log is a record of security-related events, while an event is a record of all types of events

c) A log and an event are the same thing

d) A log is a record of events while an event is a specific occurrence

Question 50 of 50

CC – Certified in Cybersecurity

ABOUT US

MOST POPULAR

Members

Newsletter

Secure Site