


















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This exam evaluates knowledge of infrastructure security fundamentals such as physical security design, network infrastructure protection, intrusion detection, critical asset management, cloud infrastructure security practices, encryption use, vulnerability assessment, and secure configuration standards. Includes hands-on scenario questions involving data center protection, endpoint hardening, disaster recovery, and secure connectivity. Suitable for early-career infrastructure and cybersecurity professionals.
Typology: Exams
1 / 90
This page cannot be seen from the preview
Don't miss anything!



















































































Question 1. Which governance framework is most closely aligned with the “Plan‑Do‑Check‑Act” (PDCA) cycle for information security management? A) COBIT B) ISO/IEC 27001 C) NIST CSF D) ITIL Answer: B Explanation: ISO/IEC 27001 explicitly structures its Information Security Management System (ISMS) around the PDCA model, guiding continual improvement of security controls. Question 2. In a RACI matrix for a security program, who is typically responsible for authorizing the final security policy? A) Responsible B) Accountable C) Consulted D) Informed Answer: B Explanation: The “Accountable” role holds ultimate ownership and decision‑making authority, such as approving security policies. Question 3. A company wants to embed security awareness into its corporate culture. Which of the following is the most effective first step? A) Conduct a one‑time phishing test. B) Publish a lengthy security handbook. C) Integrate security objectives into employee performance reviews. D) Hire an external security consultant.
Answer: C Explanation: Tying security behavior to performance metrics creates ongoing accountability and cultural reinforcement. Question 4. Which legal principle requires an organization to protect personal data against unauthorized access and disclosure? A) Duty of Care B) Data Minimization C) Right to be Forgotten D) Confidentiality Obligation under GDPR Answer: D Explanation: GDPR mandates that controllers implement appropriate technical and organizational measures to ensure data confidentiality. Question 5. When developing a security strategy, the “Desired State” is best described as: A) The current inventory of assets. B) The set of controls already in place. C) The future security posture aligned with business goals. D) The budget allocated for security projects. Answer: C Explanation: The Desired State articulates the target security condition the organization aims to achieve, reflecting business objectives and risk appetite. Question 6. Which component of a business case for a security investment directly addresses the “risk‑to‑benefit” analysis? A) Cost‑Benefit Ratio
A. Encryption of all data at rest. B. Classification of data based on sensitivity. C. Deployment of firewalls at the network perimeter. D. Use of multi‑factor authentication for all users. Answer: B Explanation: Information governance involves establishing policies for data classification, handling, and lifecycle management. Question 10. When budgeting for a multi‑year security program, which metric best supports justification for ongoing funding? A. Number of firewalls deployed. B. Percentage of assets scanned for vulnerabilities. C. Reduction in residual risk over time. D. Total number of security staff hired. Answer: C Explanation: Demonstrating a measurable decline in residual risk validates continued investment and aligns with strategic objectives. Question 11. In risk assessment, which technique converts likelihood and impact scores into a single numeric value? A. Qualitative risk matrix B. Monte Carlo simulation C. Quantitative risk analysis using Annualized Loss Expectancy (ALE) D. SWOT analysis Answer: C
Explanation: Quantitative risk analysis, such as ALE, multiplies probability (annual rate of occurrence) by impact (single loss expectancy) to produce a numeric risk value. Question 12. Which of the following best describes a “threat actor”? A. The vulnerability present in a system. B. The organization’s security policy. C. The individual or group that may exploit a vulnerability. D. The asset that is being protected. Answer: C Explanation: A threat actor is the person, group, or entity capable of initiating an attack against a target. Question 13. A qualitative risk assessment is most appropriate when: A. Precise monetary loss values are required. B. Historical incident data is abundant. C. Stakeholder perception of risk is a key driver. D. The organization has a mature risk management framework. Answer: C Explanation: Qualitative assessments rely on subjective judgments and stakeholder perceptions rather than exact numerical data. Question 14. Which risk treatment option involves transferring the financial impact of a risk to a third party? A. Mitigation B. Acceptance C. Avoidance
A. Reduce the number of assets owned. B. Update risk assessments with emerging threats. C. Eliminate all vulnerabilities. D. Increase the frequency of security training. Answer: B Explanation: Ongoing threat intelligence enables timely updates to risk registers and control priorities. Question 18. Which report is most suitable for presenting risk status to the Board of Directors? A. Detailed technical vulnerability scan report B. Executive risk dashboard summarizing key risks and treatment status C. Daily incident ticket log D. IT service level agreement (SLA) compliance report Answer: B Explanation: Board‑level reports require concise, high‑level overviews of risk exposure and remediation progress. Question 19. Integration of risk management into IT processes is best achieved by: A. Conducting risk assessments annually only. B. Embedding risk owners in change management workflows. C. Isolating risk activities from development teams. D. Outsourcing all risk decisions to a consulting firm. Answer: B Explanation: Including risk owners in change management ensures that new changes are evaluated for risk impact before implementation.
Question 20. When selecting security controls from ISO/IEC 27002:2022, which principle should guide the choice? A. Choose the most expensive controls. B. Implement all controls regardless of relevance. C. Select controls that address identified risks and align with business objectives. D. Apply controls only to external-facing systems. Answer: C Explanation: Controls must be risk‑driven and support the organization’s strategic goals, ensuring efficient resource use. Question 21. Asset classification that emphasizes “Availability” is most critical for which type of asset? A. Intellectual property documents B. Customer credit card numbers C. Real‑time patient monitoring system D. Historical financial records Answer: C Explanation: Real‑time monitoring systems require high availability to ensure patient safety; confidentiality is secondary. Question 22. Which security architecture principle ensures that a compromise in one component does not automatically compromise the entire system? A. Defense in depth B. Least privilege C. Segmentation (or isolation)
C. Replace regular vulnerability scanning. D. Train the incident response team. Answer: B Explanation: Pen tests simulate real attacks to uncover exploitable weaknesses in systems and processes. Question 26. Which of the following is a Key Risk Indicator (KRI) for insider threat risk? A. Number of external ports open on the firewall. B. Frequency of privileged account password changes. C. Average time to resolve a vulnerability. D. Number of successful phishing attempts reported. Answer: D Explanation: Reported phishing successes indicate user susceptibility and potential insider compromise. Question 27. A KPI that measures “Mean Time to Detect” (MTTD) is most relevant to which security domain? A. Governance and Strategy B. Risk Management C. Program Development D. Incident Management Answer: D Explanation: MTTD assesses the speed of detecting security incidents, a core performance indicator for incident response. Question 28. The PDCA cycle’s “Check” phase primarily involves:
A. Deploying new security technologies. B. Monitoring and measuring control performance against objectives. C. Defining security policies. D. Conducting risk assessments. Answer: B Explanation: “Check” focuses on evaluating whether controls meet defined goals and identifying gaps. Question 29. Which of the following best exemplifies a “preventive” control? A. Log file analysis after an incident. B. Multi‑factor authentication for remote access. C. Incident post‑mortem review. D. Backup restoration testing. Answer: B Explanation: MFA prevents unauthorized access before it occurs, making it a preventive control. Question 30. Which control type is considered “detective”? A. Encryption of data at rest. B. Network intrusion detection system (NIDS). C. Role‑based access control (RBAC). D. Security awareness training. Answer: B Explanation: NIDS monitors traffic to identify malicious activity after it has begun, serving a detective function.
Explanation: Critical incidents have significant impact and require executive oversight and decision‑making. Question 34. The primary purpose of containment in incident response is to: A. Eradicate the root cause. B. Preserve evidence for forensics. C. Limit the spread of the malicious activity. D. Restore services to normal operation. Answer: C Explanation: Containment aims to prevent further damage by isolating affected systems or networks. Question 35. Which of the following is an essential component of evidence handling for digital forensics? A. Deleting logs to protect privacy. B. Maintaining a chain of custody documentation. C. Encrypting evidence after collection only. D. Using any available tool for analysis, regardless of validation. Answer: B Explanation: A documented chain of custody ensures evidence integrity and admissibility in legal proceedings. Question 36. A “lessons learned” meeting should be scheduled: A. Immediately after the incident is declared closed. B. One year after the incident to allow for reflection. C. Only if the incident caused financial loss.
D. After the next audit cycle. Answer: A Explanation: Prompt debriefs capture accurate details and enable timely improvements to processes. Question 37. Which regulatory framework specifically mandates a “Data Protection Impact Assessment” (DPIA) for high‑risk processing? A. HIPAA B. PCI DSS C. GDPR D. SOX Answer: C Explanation: GDPR requires DPIAs when processing activities are likely to result in high risk to individuals’ rights and freedoms. Question 38. In ISO/IEC 27001, the term “Statement of Applicability” (SoA) refers to: A. A list of all assets owned by the organization. B. Documentation of which controls are selected and why. C. The incident response escalation matrix. D. The risk treatment plan. Answer: B Explanation: The SoA declares the controls chosen from Annex A and justifies their inclusion or exclusion. Question 39. Which of the following is a primary objective of a Security Operations Center (SOC)?
Question 42. In the context of supply‑chain security, a “vendor risk rating” is primarily used to: A. Determine the price of services. B. Prioritize monitoring and mitigation efforts based on risk level. C. Evaluate the vendor’s marketing strategy. D. Assign internal staff to the vendor. Answer: B Explanation: Risk ratings classify vendors by their security posture, guiding resource allocation for oversight. Question 43. Which of the following is a typical output of a vulnerability assessment? A. Incident response playbook. B. List of identified vulnerabilities with severity ratings. C. Business continuity plan. D. Security awareness training curriculum. Answer: B Explanation: Vulnerability assessments produce a catalog of weaknesses, often scored using CVSS or similar metrics. Question 44. A “hot‑site” in disaster recovery planning is defined as: A. A backup data center with identical hardware, ready for immediate activation. B. A remote office used for temporary staff relocation. C. A cloud‑based storage repository. D. An off‑site tape archive. Answer: A
Explanation: Hot‑sites provide a fully operational environment that can take over operations with minimal downtime. Question 45. Which of the following best illustrates “risk avoidance”? A. Purchasing cyber‑insurance for ransomware attacks. B. Discontinuing a high‑risk online payment service. C. Implementing a firewall to block malicious traffic. D. Accepting the risk because mitigation cost is too high. Answer: B Explanation: Avoidance eliminates exposure by removing the activity that creates the risk. Question 46. In the NIST Cybersecurity Framework, the “Identify” function includes: A. Detecting anomalies. B. Developing incident response plans. C. Asset Management and Governance. D. Recovering from incidents. Answer: C Explanation: “Identify” covers understanding the environment, including asset inventory and governance structures. Question 47. Which of the following is an example of a “corrective” control? A. Enforcing password complexity. B. Conducting regular security awareness training. C. Applying a patch after a vulnerability is discovered. D. Installing a firewall.
C. Asset inventories are static. D. Security budgets are fixed. Answer: A Explanation: Ongoing changes in the threat landscape and technology require regular reassessment of risk. Question 51. Which of the following statements best describes “defense in depth”? A. Using a single firewall to protect the entire network. B. Applying multiple, layered security controls across the environment. C. Relying solely on encryption for data protection. D. Implementing only preventive controls. Answer: B Explanation: Defense in depth employs overlapping controls (preventive, detective, corrective) at various layers to increase resilience. Question 52. A security policy that mandates encryption for all data transmitted over public networks addresses which CIA triad element most directly? A. Confidentiality B. Integrity C. Availability D. Accountability Answer: A Explanation: Encryption protects data from unauthorized disclosure, ensuring confidentiality during transmission.
Question 53. Which of the following is a common indicator that a supply‑chain attack may be occurring? A. Sudden increase in network bandwidth usage. B. Unexpected changes in third‑party software binaries. C. Regularly scheduled system backups. D. Low CPU utilization on servers. Answer: B Explanation: Unauthorized modifications to vendor‑provided code are a hallmark of supply‑chain compromises. Question 54. In a risk register, the “Likelihood” column typically uses which scale? A. 1‑10 numeric scale. B. High, Medium, Low. C. Yes/No. D. Dollar values. Answer: B Explanation: Qualitative risk registers often categorize likelihood as High, Medium, or Low for simplicity. Question 55. Which control family in ISO/IEC 27002 addresses “Cryptographic Controls”? A. A.8 – Asset Management B. A.10 – Cryptography C. A.12 – Operations Security D. A.14 – System Acquisition, Development and Maintenance Answer: B