Cybersecurity Test Questions
Fill in the blank: A _____ is malicious code written to interfere with computer operations and cause damage to data.
A computer Virus
A security professional is responsible for ensuring that company servers are configured to securely store, maintain, and retain SPII. These responsibilities belong to what security domain?
Asset security
You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on integrity, availability, and what else?
Confidentiality
What is a foundational model that informs how organizations consider risk when setting up systems and security policies?
Confidentiality, integrity, and availability (CIA) triad
Which of the following threats are most likely to occur in the event of a phishing attack? Select all that apply
Employees inadvertently revealing sensitive data
Which of the following tasks may be part of the identity and access management domain? Select all that apply
Ensuring users follow established policies//setting up an employee's access keycard//
Which of the following tasks may be part of the security operations domain?
Investigating an unknown device that has connected to an internal network//conducting investigations//
What historical event occurred auifax Breachs a result of trying to track illegal copies of medical software and prevent pirated licenses?
Love Letter attack
Which of the following tasks may be part of the asset security domain?
Proper disposal of digital assets//securing digital and physical assets
An organization requires its employees to complete a new data privacy training program each year to reduce the risk of a data breach. What is this training requirement an example of?
Security Controls
Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?
Security architecture and engineering
Which domain involves conducting, collecting, and analyzing data, as well as conducting security audits to monitor for risks, threats, and vulnerabilities?
Security assessment and testing
Your supervisor asks you to audit the human resources management system at your organization. The objective of your audit is to ensure the system is granting appropriate access permissions to current human resources administrators. Which security domain is this audit related to?
Security assessment and testing
A security professional is updating software on a coworker's computer and happens to see a very interesting email about another employee. The security professional chooses to follow company guidelines with regards to privacy protections and does not share the information with coworkers. Which concept does this scenario describe?
Security ethics
You receive an alert that an unknown device has been connected to your company's internal network. You follow company policies and procedures to stop the potential threat. Which security domain is this scenario related to?
Security operations
Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk. T or F
True
Fill in the blank: A key aspect of the CIA triad is ensuring that only _____ can access specific assets.
authorized users
Which of the following tasks are part of the security and risk management domain? Select all that apply.
compliance
Fill in the blank: Examples of security _____ include security and risk management and security architecture and engineering.
domains
Fill in the blank: A security _____ is a set of guidelines used for building plans to help mitigate risk and threats to data and privacy.
framework
Fill in the blank: Social engineering is a _____ that exploits human error to gain private information, access, or valuables.
manipulation technique
Fill in the blank: The ethical principle of _____ involves safeguarding an organization's human resources records that contain personal details about employees.
privacy protection
Fill in the blank: A security professional has been tasked with implementing strict password policies on workstations to reduce the risk of password theft. This is an example of _____.
security controls