Data Security Revision

1. What is the primary purpose of authentication?

a) Encrypting data
b) Protecting information, systems, and networks
c) Creating passwords
d) Granting admin rights
Answer: b
2. Which of the following is an example of one-factor authentication?
a) Biometric scan
b) Password authentication
c) PIN with card
d) Digital certificates
Answer: b
3. What does 2FA stand for?
a) Two-way firewall access
b) Two-factor authentication
c) Two-feature access
d) Two-frequency authentication
Answer: b
4. Which of these is a multi-factor authentication example?
a) Using only a password
b) Entering a PIN after card swipe
c) Combining a password, PIN, and biometric scan
d) Digital certificate with email OTP
Answer: c
5. What type of authentication uses fingerprint scans?
a) Certificate-based
b) Biometric
c) One-factor
d) Multi-factor
Answer: b
6. In certificate-based authentication, users provide:
a) A password
b) Biometric data
c) Digital certificates
 d) PIN codes
Answer: c

7. Cybercrime is defined as:

a) Theft of physical devices
b) Crimes using the internet and computers
c) Hacking only
d) Unauthorized physical trespass
Answer: b
8. Which of these involves unauthorized access to snoop around?
a) Cyber fraud
b) Cyber theft
c) Cyber trespass
d) Cyber sabotage
Answer: c
9. What is cyber theft?
a) Gaining access to systems to steal data or money
b) Accessing systems for research purposes
c) Promoting false information
d) Destroying data
Answer: a
10.Promoting falsehoods to gain value is called:
a) Cyber trespass
b) Cyber fraud
c) Cyber sabotage
d) Cyber theft
Answer: b
11.Destructive cybercrimes involve:
a) Snooping around systems
b) Accessing systems to steal data
c) Destroying data or systems
d) Tracing cyber-attacks
Answer: c
12.Which of these is a major challenge in prosecuting cybercrimes?
a) Lack of evidence
b) Lack of technical resources
c) Tracking and tracing cyber-attacks
 d) Insufficient crime scenes
Answer: c
13.What is a vulnerability?
a) A type of cybercrime
b) Weakness in security systems
c) Legal loophole in cyber law
d) Encrypted communication
Answer: b
14.What makes cybercrime prosecution difficult globally?
a) Lack of experts
b) Loss of attackers’ location
c) High cost of prosecution
d) Unencrypted systems
Answer: b

15.Which of these is an impact of a network attack?

a) Increased trust between customers
b) Increased profits
c) Loss of sensitive data
d) Higher shareholder valuation
Answer: c
16.Loss of trust between customers due to an attack can lead to:
a) Improved brand value
b) Shareholder depreciation
c) Legal advantages
d) No impact
Answer: b
17.Which of these does not result from a network attack?
a) Reduction in profits
b) Increased sensitivity of data
c) Low brand value
d) Shareholder depreciation
Answer: b

18.In substitution, each plaintext element is:

a) Rearranged randomly
 b) Replaced with another element
c) Removed from the text
d) Encrypted without change
Answer: b
19.Permutation is a type of:
a) Substitution
b) Transposition
c) Encryption method
d) Key-sharing protocol
Answer: b
20.The main requirement for cryptographic operations is:
a) Speed of processing
b) Irreversibility of operations
c) No information loss
d) High memory usage
Answer: c

Information Security Roles

1. What is the primary goal of information security?

a) Encrypting all data
b) Preventing unauthorized access, theft, or damage
c) Promoting public access to data
d) Implementing network-wide firewalls
Answer: b
2. Which of the following is NOT part of the CIA Triad?
a) Confidentiality
b) Integrity
c) Accountability
d) Availability
Answer: c
3. Confidentiality in information security ensures that:
a) Data is encrypted for all users
b) Only authorized users can access specific information
c) Data is transferred without alteration
d) Systems remain operational during downtime
Answer: b
4. Integrity in the CIA Triad refers to:
a) Authenticating users
b) Preventing unauthorized data modification
 c) Logging user actions
d) Ensuring data encryption
Answer: b
5. Availability in the CIA Triad ensures:
a) Data is available to everyone
b) Information is accessible to authorized users when needed
c) Systems cannot be hacked
d) Backup systems are always online
Answer: b
6. Non-repudiation refers to:
a) Preventing access to unauthorized data
b) Ensuring users cannot deny their actions
c) Encrypting user credentials
d) Maintaining data confidentiality
Answer: b
7. Which example demonstrates non-repudiation?
a) Encrypting a file
b) Logging digital signatures on a document
c) Using firewalls to block access
d) Creating a backup of sensitive data
Answer: b

2. Information Security Competencies

8. Which role is responsible for maintaining audit logs?

a) General employees
b) Security analysts
c) HR managers
d) Procurement officers
Answer: b
9. IT professionals in security roles must:
a) Focus only on technical systems
b) Implement and maintain secure devices and software
c) Write code for all applications
d) Monitor non-technical staff
Answer: b
10.Business continuity planning involves:
a) Ensuring regular software updates
 b) Creating disaster recovery strategies
c) Limiting user access to specific files
d) Encrypting sensitive emails
Answer: b

3. Security Roles and Responsibilities

11.A security policy describes:

a) Implementation of technical solutions
b) Organizational security goals and methods
c) Employee training strategies
d) Incident response plans
Answer: b
12.Who typically oversees internal security?
a) IT managers
b) Chief Security Officer (CSO)
c) Non-technical staff
d) General employees
Answer: b
13.What is the responsibility of non-technical staff in information security?
a) Monitoring systems
b) Complying with policies
c) Managing user privileges
d) Reviewing audit logs
Answer: b

4. Information Security Business Units

14.A SOC (Security Operations Center):

a) Manages company finances
b) Monitors and protects critical assets
c) Creates employee training programs
d) Conducts legal compliance reviews
Answer: b
15.Incident response teams are also known as:
a) SOCs
b) CSIRTs or CERTs
 c) Data recovery teams
d) IT specialists
Answer: b

5. Security Control Categories

16.What is a security control?

a) A checklist for IT policies
b) A method to ensure confidentiality, integrity, and availability
c) A software tool for managing firewalls
d) A type of encryption protocol
Answer: b
17.Which is an example of a technical control?
a) Training employees
b) Implementing firewalls
c) Hiring security guards
d) Conducting risk assessments
Answer: b
18.Operational controls are primarily:
a) Implemented through hardware
b) Managed by people rather than systems
c) Focused on encryption methods
d) Applied to cloud systems only
Answer: b
19.What is an example of a managerial control?
a) Using antivirus software
b) Identifying risks
c) Installing secure servers
d) Monitoring physical access logs
Answer: b

6. Functional Types of Security Controls

20.Preventive controls aim to:

a) Detect ongoing attacks
b) Stop attacks before they occur
c) Reduce the impact of attacks
 d) Monitor user behavior
Answer: b
21.Which is an example of a detective control?
a) Restoring lost data
b) Monitoring system logs
c) Using a firewall
d) Encrypting user passwords
Answer: b
22.Corrective controls are used:
a) Before an attack occurs
b) During an attack
c) After an attack
d) To prevent future attacks
Answer: c
23.Deterrent controls primarily:
a) Use psychological methods to discourage attacks
b) Detect unauthorized system access
c) Prevent data theft
d) Compensate for system failures
Answer: a
24.Compensating controls serve as:
a) A backup for primary controls
b) The main method of preventing attacks
c) Additional encryption methods
d) Security training programs
Answer: a

1. Vulnerability, Threat, and Risk

1. What is a vulnerability?
a) The likelihood of a threat occurring
b) A weakness that can be exploited
c) The impact of a threat
d) An unauthorized access attempt
Answer: b
2. Which is NOT an example of a vulnerability?
a) Poorly designed network architecture
b) Properly patched software
c) Insecure password usage
d) Untested patches
Answer: b
 3. What does a threat represent?
a) A specific system configuration
b) A potential exploit of a vulnerability
c) The consequence of an attack
d) A firewall failure
Answer: b
4. What is an attack vector?
a) A tool used for assessing risks
b) The path used by a malicious actor to exploit a vulnerability
c) A network monitoring device
d) A way of encrypting data
Answer: b
5. Risk is defined as:
a) The existence of vulnerabilities
b) The likelihood and impact of a threat exploiting a vulnerability
c) The tools used by hackers
d) The effectiveness of countermeasures
Answer: b

2. Attributes of Threat Actors

6. An external threat actor is:

a) A company insider
b) Someone with no authorized access to the target system
c) A system administrator
d) A trusted third-party vendor
Answer: b
7. What differentiates internal and external threat actors?
a) Their geographic location
b) Their access permissions
c) Their technical skills
d) Their preferred attack vectors
Answer: b
8. What is intent in the context of a threat actor?
a) The tools they use
b) Their technical skills
c) What they hope to achieve from the attack
d) The type of attack vector used
Answer: c
9. Motivation refers to:
a) The specific vulnerability targeted
b) The reason behind the attack
c) The result of a successful exploit
 d) The tools used during the attack
Answer: b
10. An accidental threat actor is an example of:
a) An internal threat
b) A malicious actor
c) A poorly configured system
d) An intentional exploit
Answer: a

3. Categories of Threat Actors

11. A white hat hacker:

a) Exploits vulnerabilities for personal gain
b) Performs authorized penetration testing
c) Is an unskilled attacker
d) Compromises systems without malicious intent
Answer: b
12. What describes a gray hat hacker?
a) Fully authorized
b) Exploits vulnerabilities for extortion
c) Identifies vulnerabilities without approval but doesn’t exploit them
d) Operates as part of a team
Answer: c
13. What is a script kiddie?
a) A highly skilled lone hacker
b) Someone who uses hacking tools without deep technical knowledge
c) A state-sponsored attacker
d) A security researcher
Answer: b
14. What is the main goal of hacktivists?
a) Financial gain
b) Promoting a political or social agenda
c) Testing vulnerabilities
d) Stealing confidential information for extortion
Answer: b
15. Advanced Persistent Threats (APTs) are commonly associated with:
a) Script kiddies
b) State-sponsored actors
c) Unintentional threats
d) White hat hackers
Answer: b
4. Attack Vectors

16. An attack vector is:

a) A secure system protocol
b) A method used to gain unauthorized access to a system
c) A vulnerability management tool
d) A specific type of threat intelligence
Answer: b
17. Which of the following is an example of a direct access attack?
a) Malware via email attachment
b) Exploiting an unlocked workstation
c) Phishing attack
d) Credential harvesting on social media
Answer: b
18. Removable media can be used as an attack vector by:
a) Encrypting sensitive files
b) Concealing malware on USB drives
c) Enhancing network firewalls
d) Blocking remote access attempts
Answer: b
19. What is a common attack vector using email?
a) Credential harvesting
b) Denial of service attack
c) Sending malicious file attachments
d) Manipulating software patches
Answer: c
20. Cloud attacks often target:
a) Unused devices
b) Weak credentials of accounts or services
c) Network switches
d) Physical hardware in offices
Answer: b

5. Threat Research Sources

21. Threat research focuses on:

a) Developing new cybersecurity frameworks
b) Understanding the tactics, techniques, and procedures (TTPs) of attackers
c) Securing hardware infrastructure
d) Blocking dark web access
Answer: b
22. The dark web operates on:
a) Standard browsers
b) Dark net overlays such as TOR
 c) Private corporate networks
d) Cloud service platforms
Answer: b
23. What is OSINT?
a) Offensive Security Integration Network
b) Open Source Intelligence
c) Online Security Incident Network
d) Operational System Intelligence
Answer: b
24. Which platform is NOT an example of threat intelligence providers?
a) VirusTotal
b) AT&T Security
c) IBM X-Force Exchange
d) Twitter
Answer: d
25. Honeynets are used for:
a) Encrypting communications
b) Observing hacker behaviors
c) Distributing malware
d) Preventing social engineering attacks
Answer: b

26. State actors target:

a) Personal devices exclusively
b) Military and commercial goals
c) Script kiddies for recruitment
d) Only unprotected networks
Answer: b
27. Malware distributed via social media is an example of:
a) Email attack vector
b) Web and social media attack vector
c) Physical attack vector
d) Removable media attack vector
Answer: b
28. Which is an example of a public/private information-sharing center?
a) National ISACs
b) Spamhaus
c) Dark net forums
d) FireEye
Answer: a

General Concepts
 1. What does the term "cyber security" primarily focus on?
a) Protecting physical infrastructure
b) Securing digital systems, networks, and data
c) Improving internet speed
d) Enhancing software development
Answer: b
2. Which principle is NOT part of the CIA Triad?
a) Confidentiality
b) Integrity
c) Authorization
d) Availability
Answer: c
3. What is a key benefit of implementing strong cyber security measures?
a) Increased advertisement revenue
b) Protection of sensitive information
c) Faster processing speed
d) Unlimited internet access
Answer: b
4. What is a common violation of confidentiality?
a) Data hashing
b) Packet sniffing
c) Data redundancy
d) System upgrades
Answer: b

Cyber Threats and Attacks

5. What type of attack involves tricking users into revealing sensitive information?
a) Phishing
b) DDoS
c) Hashing
d) Redundancy
Answer: a
6. Which attack involves overwhelming a system with requests?
a) Password cracking
b) DDoS
c) Brute force
d) Phishing
Answer: b
7. What is ransomware designed to do?
a) Encrypt data and demand payment
b) Steal passwords
c) Delete system files
 d) Hijack network connections
Answer: a
8. Which of these is a social engineering attack?
a) Man-in-the-middle attack
b) Pretexting
c) SQL injection
d) Rainbow table attack
Answer: b

Mitigation Strategies

9. How can packet sniffing be mitigated?

a) Using encryption protocols like HTTPS
b) Installing faster processors
c) Upgrading to newer hardware
d) Disabling firewalls
Answer: a
10. What is a strong defense against brute force attacks?
a) Using strong, complex passwords
b) Disabling multi-factor authentication
c) Using unsecured networks
d) Avoiding password changes
Answer: a
11. Which practice helps ensure data integrity?
a) Hashing
b) Spamming
c) Overwriting
d) Ignoring backups
Answer: a

1. What does NSM stand for in network security?

a) Network Security Management
b) Network Session Monitoring
c) Network Security Monitoring
d) Network Service Management
Answer: c
2. What are the three key principles of the CIA triad in information security?
a) Confidentiality, Integrity, Availability
b) Control, Investigation, Authorization
c) Cryptography, Intelligence, Access
d) Command, Integrity, Accuracy
Answer: a
 3. Which tool is commonly used for packet captures?
a) NetFlow
b) Tcpdump
c) Syslog
d) SecureX
Answer: b
4. What is the primary purpose of SIEM tools?
a) Encrypting network traffic
b) Collecting, sorting, and reporting alarms
c) Capturing full network packets
d) Monitoring physical security
Answer: b

Data Types in Network Security

5. Which data type is described as analogous to a phone bill?

a) Full packet capture
b) Session data
c) Transaction data
d) Extracted content
Answer: b
6. What is a major disadvantage of full packet capture?
a) Difficulty in use
b) High storage requirements
c) Limited usefulness for analysis
d) Lack of detail
Answer: b
7. Which data type involves log files from HTTP or SMTP daemons?
a) Session data
b) Extracted content
c) Transaction data
d) Alert data
Answer: c
8. What does statistical data often help create?
a) Session data records
b) Encryption algorithms
c) Baselines of normal behavior
d) Packet filtering rules
Answer: c

9. What does SOAR stand for in cybersecurity?

a) Security Operations and Response
 b) Security Orchestration, Automation, and Response
c) System Operations and Advanced Routing
d) Secure Orchestration and Reliability
Answer: b
10. Which tool is described as an open-source security monitoring platform?
a) Cisco SecureX
b) Security Onion
c) NetFlow
d) Tcpdump
Answer: b
11. What format is most commonly used for storing full packet capture data?
a) XML
b) JSON
c) PCAP
d) CSV
Answer: c

12. What is considered an example of extracted content?

a) Email attachments
b) Login session logs
c) Alert data
d) Baseline statistics
Answer: a
13. What data type is most commonly generated by IDS/IPS systems?
a) Metadata
b) Alert data
c) Statistical data
d) Transaction data
Answer: b
14. What mechanism does NetFlow primarily support?
a) Capturing full packet data
b) Generating session data
c) Producing alert notifications
d) Logging extracted content
Answer: b

15. Which type of NSM data allows analysts to extract actual communication content?
a) Alert data
b) Transaction data
c) Full packet capture
d) Metadata
Answer: c
 16. What is a primary challenge of alert data?
a) Inaccuracy due to false positives
b) Lack of detail
c) High storage needs
d) Difficult access
Answer: a
17. What does the 5-tuple in session data include?
a) Source IP, destination IP, protocol, source port, destination port
b) Session ID, username, protocol, timestamp, payload size
c) Source port, destination port, encryption key, username, password
d) Source MAC, destination MAC, source IP, destination IP, timestamp
Answer: a
18. Which log severity level represents the most critical events in Syslog?
a) Level 0
b) Level 3
c) Level 5
d) Level 7
Answer: a

General Overview

1. Which data type documents individual network sessions using a 5-tuple?

a) Statistical Data
b) Session Data
c) Alert Data
d) Extracted Content
Answer: b
2. What is the primary use of statistical data in network security?
a) Storing full packet content
b) Establishing baselines and identifying anomalies
c) Extracting objects from live streams
d) Logging system login activities
Answer: b
3. What kind of data does transaction data primarily log?
a) Network session start and end times
b) Operations resulting from network sessions or activities
c) Malicious behavior detected by IDS/IPS
d) Baseline traffic statistics
Answer: b
4. What does alert data provide in network monitoring?
a) A detailed view of full packets
b) Logs of email attachments
c) Quick assessments of potential threats
 d) Baselines for normal traffic patterns
Answer: c

Session Data

5. What key elements are part of a 5-tuple in session data?

a) IP addresses, port numbers, and protocol
b) Username, password, and timestamps
c) Source and destination MAC addresses
d) Encrypted payload and metadata
Answer: a
6. What is NOT included in session data?
a) Timestamps
b) Data size
c) Content of network sessions
d) Protocol type
Answer: c
7. Session data is analogous to what in the physical world?
a) A phone bill
b) A video recording
c) A credit card transaction
d) A weather report
Answer: a

Transaction Data

8. Which of the following is an example of transaction data?

a) HTTP requests and responses
b) A list of session timestamps
c) Baseline network activity graphs
d) Extracted email attachments
Answer: a
9. How does transaction data differ from session data?
a) It captures raw packet data.
b) It documents the results of sessions rather than the sessions themselves.
c) It is used to create baseline statistics.
d) It contains a 5-tuple structure.
Answer: b
10. What type of activity might generate transaction data?
a) A user downloading a file via HTTP
 b) Packet sniffing on a network
c) Statistical analysis of connection patterns
d) IDS/IPS rule matching
Answer: a

Extracted Content

11. What are common examples of extracted content?

a) Timestamps and port numbers
b) Email attachments or downloaded files
c) Baseline traffic patterns
d) False-positive alerts
Answer: b
12. Where is extracted content typically mined from?
a) IDS alerts
b) Session logs
c) Live network streams or packet capture files
d) Statistical data summaries
Answer: c
13. What is a key advantage of extracted content?
a) Minimal storage requirements
b) Direct access to network behavior outcomes
c) Ability to examine file-level details
d) Correlation with baseline data
Answer: c

Statistical Data

14. What kind of patterns does statistical data help establish?

a) File extraction trends
b) Session anomalies
c) Baselines of normal network activity
d) Transaction-specific results
Answer: c
15. Which data type can statistical data summarize?
a) Alert data
b) Session and transaction data
c) Extracted content
d) All of the above
Answer: d
 16. How is statistical data often presented?
a) Raw packet logs
b) Network topology diagrams
c) Graphs or charts of activity trends
d) Encrypted data streams
Answer: c

Alert Data

17. What system commonly generates alert data?

a) Packet capture tools
b) IDS/IPS systems
c) Statistical analysis platforms
d) Content extraction tools
Answer: b
18. What is a potential downside of alert data?
a) High storage requirements
b) Occurrence of false positives or negatives
c) Lack of real-time processing
d) Limited usability for baseline trends
Answer: b
19. Which of the following best describes alert data?
a) Raw session metadata
b) Statistical summaries
c) Judgments based on malicious traffic patterns
d) File-level details from extracted content
Answer: c

20. Which data type has the highest storage requirements?

a) Alert data
b) Session data
c) Statistical data
d) Full packet capture
Answer: d
21. What is the main advantage of session data over full packet capture?
a) Lower storage requirements
b) Inclusion of file attachments
c) Greater detail in data content
d) Immediate threat analysis
Answer: a
22. What type of data helps identify anomalies by comparing with normal patterns?
a) Transaction data
b) Statistical data
c) Session data
d) Extracted content
Answer: b
23. Which data type is the most granular and detailed?
a) Statistical data
b) Session data
c) Full packet capture
d) Alert data
Answer: c