




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Exam on web-based security principles, encryption, authentication, threats, and countermeasures. Includes firewalls, intrusion detection, and secure coding.
Typology: Exams
1 / 179
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1. Which principle of the CIA triad ensures that sensitive information is only accessible to authorized users? A) Confidentiality B) Integrity C) Availability D) Accountability Answer: A Explanation: Confidentiality is about restricting access to information so only authorized users can view it. Question 2. What type of malware disguises itself as legitimate software to trick users into installing it? A) Virus
B) Worm C) Trojan D) Rootkit Answer: C Explanation: Trojans appear to be benign software but contain malicious code. Question 3. Which best defines a vulnerability in a security context? A) A malicious actor B) A system weakness C) An attempted attack D) A firewall rule
Question 5. Which of the following is NOT part of the CIA triad? A) Confidentiality B) Availability C) Accountability D) Integrity Answer: C Explanation: Accountability is important, but not one of the three core CIA triad principles. Question 6. What is the purpose of a disaster recovery plan? A) To prevent network attacks B) To restore operations after a security incident
C) To enforce strong passwords D) To encrypt sensitive information Answer: B Explanation: Disaster recovery plans help organizations resume normal operations after disruptions. Question 7. Which of the following is an example of physical security? A) Installing antivirus software B) Using biometrics at the data center entrance C) Encrypting files D) Implementing firewalls Answer: B
Question 9. Which device inspects network traffic and blocks or permits it based on a set of rules? A) Switch B) Firewall C) Router D) Load balancer Answer: B Explanation: Firewalls filter traffic according to security rules. Question 10. In TCP/IP, what is the primary function of the IP protocol? A) Encrypt data B) Route packets
C) Manage user sessions D) Check for malware Answer: B Explanation: IP is responsible for addressing and routing packets across the network. Question 11. What is the primary risk of unvalidated user input in web applications? A) Data redundancy B) SQL injection and XSS attacks C) Increased bandwidth usage D) Poor user experience Answer: B
Question 13. Which attack involves intercepting and potentially altering communications between two parties? A) Denial-of-Service B) Man-in-the-Middle C) Phishing D) Spoofing Answer: B Explanation: Man-in-the-Middle attacks intercept and may manipulate data between parties. Question 14. What is the principle of least privilege? A) Allowing all users admin access B) Restricting users to only the permissions they need
C) Granting maximum access for convenience D) Disabling user accounts Answer: B Explanation: Least privilege means users get only the access required for their tasks. Question 15. Which protocol is commonly used to secure web traffic? A) HTTP B) FTP C) HTTPS D) POP Answer: C
A) Malicious code that attaches to files B) Malware that spreads itself over networks C) Unauthorized access tool D) Hardware failure Answer: B Explanation: Worms are self-replicating malware that spread over networks. Question 18. Which part of the CIA triad is compromised when data is altered without authorization? A) Confidentiality B) Integrity C) Availability
D) Reliability Answer: B Explanation: Integrity ensures data is accurate and unaltered by unauthorized parties. Question 19. What is the main difference between IDS and IPS? A) IDS blocks traffic, IPS only detects B) IDS detects, IPS detects and blocks C) IDS encrypts traffic, IPS decrypts D) IDS only for physical security Answer: B Explanation: IDS detects threats, while IPS can detect and actively block them.
B) Discovering devices and topology of a network C) Creating backup schedules D) Setting up VPNs Answer: B Explanation: Network mapping identifies devices and their connections within a network. Question 22. What is the primary function of port scanning tools for attackers? A) To encrypt data B) To find open ports and potential vulnerabilities C) To backup data D) To create firewalls
Answer: B Explanation: Attackers use port scanners to detect open ports that may be exploited. Question 23. Which is an example of multi-factor authentication? A) Password only B) Password and security question C) Password and fingerprint scan D) Username only Answer: C Explanation: Multi-factor authentication requires at least two different types of credentials, such as something you know and something you are.
B) Implementing secure cookies and session timeouts C) Disabling firewalls D) Allowing unlimited session duration Answer: B Explanation: Secure cookies and session timeouts help mitigate session hijacking risks. Question 26. What is the purpose of a DMZ (Demilitarized Zone) in network security? A) To isolate sensitive internal networks from external access B) To store encrypted files C) To monitor user activity D) To speed up traffic
Answer: A Explanation: A DMZ separates public-facing servers from the internal network, adding a security layer. Question 27. What does SSL/TLS provide for web applications? A) Data compression B) Data encryption and secure communication C) Data redundancy D) Data backup Answer: B Explanation: SSL/TLS encrypts data sent between web servers and clients.