




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The Security Training Ultimate Exam is a comprehensive assessment covering all aspects of security education and professional development. It includes modules on physical security, cybersecurity basics, emergency response, and risk management. This exam is suitable for individuals at all levels seeking to enhance their knowledge and skills in security operations. With detailed explanations and practical examples, it ensures a thorough understanding of security principles and practices.
Typology: Exams
1 / 100
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1. Which of the following best describes the Confidentiality component of the CIA triad? A) Ensuring data is accurate and unaltered B) Ensuring data is available when needed C) Preventing unauthorized disclosure of information D) Providing proof of data origin Answer: C Explanation: Confidentiality is the principle that protects information from being accessed by unauthorized individuals. Question 2. What does the principle of Least Privilege require? A) Every user has administrator rights B) Users receive only the access necessary to perform their job functions C) All users share the same password D) Access rights are granted based on seniority Answer: B Explanation: Least Privilege limits user permissions to the minimum required for their responsibilities, reducing attack surface. Question 3. Which control function is primarily designed to discourage attackers before they act? A) Detective B) Deterrent C) Corrective D) Compensating
Answer: B Explanation: Deterrent controls aim to prevent malicious actions by increasing the perceived risk of detection or failure. Question 4. In a security control categorization, which of the following is an example of a managerial control? A) Firewall rule set B) Security awareness training program C) Biometric scanner D) CCTV camera Answer: B Explanation: Managerial (administrative) controls include policies, procedures, and training that guide security practices. Question 5. Which of the following is a technical control? A) Incident response policy B) Physical lock on a server room door C) Encryption of data at rest D) Employee background checks Answer: C Explanation: Technical controls use technology, such as encryption, to protect information. Question 6. What is the main purpose of non‑repudiation in information security? A) To ensure data is always available
Question 9. In CVSS scoring, which metric reflects the difficulty of exploiting a vulnerability? A) Confidentiality Impact B) Attack Vector C) Base Score D) Exploitability Sub‑score Answer: D Explanation: The Exploitability Sub‑score assesses how easy it is to exploit the vulnerability, influencing the overall CVSS score. Question 10. Which risk treatment strategy involves transferring the financial impact of a security incident to a third party? A) Acceptance B) Avoidance C) Mitigation D) Transference Answer: D Explanation: Transference (e.g., insurance) shifts the financial burden of risk to another entity. Question 11. Which social engineering technique relies on tricking a victim into revealing confidential information over the phone? A) Phishing B) Vishing C) Tailgating
D) Baiting Answer: B Explanation: Vishing is voice phishing, where attackers use phone calls to obtain sensitive data. Question 12. What distinguishes a vulnerability scan from a penetration test? A) Scans exploit vulnerabilities, tests only identify them B) Scans are automated and non‑destructive; penetration tests are manual and may exploit vulnerabilities C) Scans require physical access; penetration tests are remote D) Scans are performed only on web applications Answer: B Explanation: Scans identify potential weaknesses without exploiting them, while penetration tests actively attempt exploitation. Question 13. Which network device inspects traffic and can block malicious packets based on signatures? A) Load balancer B) Router C) IDS/IPS D) Switch Answer: C Explanation: Intrusion Detection/Prevention Systems monitor and can block suspicious traffic using signature or anomaly detection.
D) DaaS Answer: B Explanation: Platform‑as‑a‑Service (PaaS) provides the platform (OS, runtime) while the provider manages the hardware and virtualization. Question 17. Which statement best describes the shared responsibility model for SaaS? A) Customer secures the entire stack, provider only supplies the hardware B) Provider secures the application and underlying infrastructure; customer secures data and user access C) Customer secures the network, provider secures the software D) Both parties share equal responsibility for all layers Answer: B Explanation: In SaaS, the provider secures the application and infrastructure; the customer is responsible for data, identity, and access controls. Question 18. Which IAM authentication factor is considered “something you are”? A) Password B. Security token C. Fingerprint D. Smart card Answer: C Explanation: Biometrics (e.g., fingerprint) are physiological characteristics, classified as “something you are”.
Question 19. Which access control model enforces policies based on user attributes, resource attributes, and environmental conditions? A) RBAC B) DAC C) MAC D. ABAC Answer: D Explanation: Attribute‑Based Access Control evaluates multiple attributes to make dynamic access decisions. Question 20. What does the SAML protocol primarily facilitate? A) Password hashing B) Identity federation and single sign‑on across domains C) Data encryption in transit D. Network segmentation Answer: B Explanation: Security Assertion Markup Language (SAML) enables secure exchange of authentication and authorization data for SSO. Question 21. Which lifecycle phase involves removing user accounts when an employee leaves the organization? A) Provisioning B) De‑provisioning
Question 24. In digital forensics, which type of evidence is considered volatile? A) Hard‑disk image B) RAM content C) Printed documents D. Network switch logs Answer: B Explanation: Volatile data (e.g., RAM) disappears when power is lost, requiring immediate capture. Question 25. What is the difference between RPO and RTO in disaster recovery? A) RPO defines the maximum acceptable data loss Question 26. Which cryptographic algorithm is classified as a symmetric cipher? A) RSA B) ECC C) AES D. Diffie‑Hellman Answer: C Explanation: AES (Advanced Encryption Standard) uses a single shared secret key for both encryption and decryption, making it a symmetric algorithm. Question 27. Which of the following provides non‑repudiation for electronic transactions? A) Hashing with SHA‑ 256 B) Symmetric encryption C) Digital signature using a private key D. Password authentication
Answer: C Explanation: Digital signatures created with a private key can be verified with the corresponding public key, proving the originator and preventing denial. Question 28. In a public key infrastructure, what is the purpose of a Certificate Revocation List (CRL)? A) To list all issued certificates B) To store private keys securely C) To publish certificates that are no longer trustworthy D. To encrypt communications between CAs Answer: C Explanation: A CRL contains serial numbers of certificates that have been revoked before their expiration, allowing relying parties to reject them. Question 29. Which hashing algorithm is considered collision‑resistant as of 2023 standards? A) MD B) SHA‑ 1 C) SHA‑ 256 D. CRC Answer: C Explanation: SHA‑256 provides a high level of collision resistance, whereas MD5 and SHA‑1 are broken.
Answer: B Explanation: Discretionary Access Control (DAC) lets the resource owner decide who may access it. Question 33. Which protocol is used for secure remote command‑line access? A) Telnet B) FTP C. SSH D. HTTP Answer: C Explanation: SSH (Secure Shell) encrypts the session and provides authentication for remote command execution. Question 34. In the context of risk management, what does “ALE” stand for? A) Annualized Loss Expectancy B) Asset Level Evaluation C) Attack Likelihood Estimate D. Automated Log Examination Answer: A Explanation: ALE quantifies expected yearly loss from a risk (SLE × ARO). Question 35. Which of the following is a compensating control for an organization that cannot implement full‑disk encryption on legacy hardware? A) Deploying a host‑based firewall B) Enforcing strict physical security and access controls to the server room
C) Using a VPN for remote access D. Conducting quarterly vulnerability scans Answer: B Explanation: When a primary control (encryption) is infeasible, compensating controls such as strong physical protection mitigate the risk. Question 36. Which type of attack exploits the trust relationship between a user’s browser and a legitimate website to inject malicious scripts? A) Cross‑Site Scripting (XSS) B) SQL Injection C) Man‑in‑the‑Middle D. Phishing Answer: A Explanation: XSS injects malicious script into trusted web pages, executing in the victim’s browser. Question 37. Which of the following best defines “defense in depth”? A) Using a single strong firewall at the network perimeter B) Applying multiple overlapping security controls across layers C) Relying solely on encryption for data protection D. Implementing only physical security measures Answer: B Explanation: Defense in depth employs layered safeguards so that if one fails, others still provide protection.
C) Post‑exploitation D. Reporting Answer: B Explanation: Passive reconnaissance collects data from public sources (e.g., WHOIS, DNS) without touching the target. Question 41. Which of the following is a primary function of a Security Operations Center (SOC)? A) Designing software architecture B) Monitoring security events and responding to incidents in real time C. Conducting financial audits D. Managing human resources Answer: B Explanation: A SOC centralizes detection, analysis, and response activities for security events. Question 42. Which Cloud service model gives the customer full control over the operating system, runtime, and applications? A) IaaS B) PaaS C. SaaS D. NaaS Answer: A Explanation: Infrastructure‑as‑a‑Service provides virtualized compute, storage, and networking; the customer installs and manages the OS and applications.
Question 43. What does the “principle of separation of duties” help prevent? A) Data loss due to hardware failure B) Unauthorized access through a single compromised account C) Conflict of interest and fraud by ensuring no single individual controls all phases of a critical process D. Network congestion Answer: C Explanation: By dividing responsibilities, it reduces the risk that one person can both commit and conceal malicious actions. Question 44. Which of the following is an example of a detective control? A) Firewall blocking inbound traffic B) Intrusion Detection System generating alerts on suspicious activity C) Password complexity policy D. Data encryption at rest Answer: B Explanation: Detective controls identify and alert on security events after they occur. Question 45. Which encryption method uses two mathematically related keys, one public and one private? A) Symmetric key encryption B) One‑time pad C. Asymmetric (public‑key) encryption D. Hashing
A) Public B) Internal C. Confidential D. Restricted / Top Secret Answer: D Explanation: “Restricted” or “Top Secret” denotes the highest sensitivity, demanding the most rigorous safeguards. Question 49. Which of the following is a primary benefit of using a FIDO2 security key for authentication? A) Passwords are still required as a backup B) Eliminates the need for passwords, providing phishing‑resistant, hardware‑based authentication C. Requires a biometric scan on every login D. Works only on Windows operating systems Answer: B Explanation: FIDO2 enables passwordless, public‑key‑based authentication that is resistant to phishing. Question 50. Which of the following best describes a “sandbox” in application security? A) A physical isolation chamber for servers B) A controlled environment where code can be executed safely to observe behavior without affecting production systems C. An encrypted container for storing secrets D. A network segment for guest Wi‑Fi
Answer: B Explanation: Sandboxes isolate execution of untrusted code to prevent it from impacting the host system. Question 51. Which of the following is an example of a preventive control? A) Log analysis for anomalous activity B) Antivirus scanning files before they are opened C. Incident post‑mortem reporting D. Backup restoration testing Answer: B Explanation: Preventive controls stop security events before they occur; antivirus scanning blocks malicious files pre‑execution. Question 52. Which of the following describes the “principle of fail‑open” in security design? A) Systems default to denying access when a component fails B) Systems default to allowing access when a component fails, to maintain availability C. Systems automatically shut down when a breach is detected D. Systems encrypt all data during a failure Answer: B Explanation: Fail‑open prioritizes availability, allowing access when a security mechanism fails, which can be risky for confidentiality.