ss

What is the focus of Security Operations?

Incident response, monitoring, logging, forensics, recovery, continuity, IAM operations, and security processes

What is incident response?

The process of detecting, containing, eradicating, and recovering from security incidents

What is the correct incident response order?

Preparation, detection and analysis, containment, eradication, recovery, lessons learned

What is the purpose of logging?

To record system and security events for monitoring, troubleshooting, and investigations

What is security monitoring?

The ongoing observation of systems and networks to detect suspicious activity

What is a SIEM?

A tool that collects, correlates, and analyzes log data from multiple sources

What is digital forensics?

The collection and analysis of digital evidence after an incident

Why is chain of custody important?

It preserves evidence integrity by documenting who handled it and when

What is business continuity?

The ability to keep essential operations running during a disruption

What is disaster recovery?

The process of restoring systems and data after a major incident

What is the difference between business continuity and disaster recovery?

Business continuity keeps operations running while disaster recovery restores systems

What is IAM?

Identity and Access Management

What is least privilege?

Giving users only the minimum access needed to do their job

What is separation of duties?

Splitting responsibilities so one person does not control an entire critical process

What is account provisioning?

Creating accounts and assigning appropriate access

What is deprovisioning?

Removing access when it is no longer needed

Why are backups important?

They help restore data after ransomware, deletion, corruption, or disasters

What is an incident playbook?

A step-by-step guide for responding to a specific type of security event

What is a tabletop exercise?

A discussion-based practice scenario for incident response

What is an indicator of compromise (IOC)?

Evidence that a system may have been breached

What is an indicator of attack (IOA)?

A sign that malicious activity is currently happening

What is threat hunting?

Proactively searching for hidden threats in systems and networks

What is the focus of Threats, Vulnerabilities, and Mitigations?

Threat actors, malware, social engineering, vulnerabilities, attacks, testing, and mitigation methods

What is a threat actor?

A person or group that carries out malicious activity

What are common threat actor types?

Nation-state, cybercriminal, insider, hacktivist, organized crime, and script kiddie

What is malware?

Malicious software designed to damage, disrupt, or gain unauthorized access

What is ransomware?

Malware that encrypts data and demands payment for decryption

What is a trojan?

Malware disguised as legitimate software

What is a worm?

Malware that self-replicates and spreads across networks

What is a virus?

Malware that attaches itself to a file or program and spreads when executed

What is spyware?

Malware that secretly gathers user or system information

What is social engineering?

Manipulating people into revealing information or performing unsafe actions

What is phishing?

A fraudulent message designed to trick users into giving sensitive information

What is spear phishing?

A targeted phishing attack aimed at a specific person or group

What is whaling?

A phishing attack aimed at high-profile targets like executives

What is vishing?

Phishing carried out through voice calls

What is smishing?

Phishing carried out through text messages

What is shoulder surfing?

Watching someone enter sensitive information

What is tailgating?

Following an authorized person into a restricted area without permission

What is a vulnerability?

A weakness that can be exploited by a threat

What is a zero-day vulnerability?

A flaw that is exploited before a patch or fix is available

What is a patch?

A software update that fixes vulnerabilities or bugs

What is vulnerability scanning?

Automated checking of systems for known weaknesses

What is a false positive in scanning?

A result that incorrectly reports a vulnerability

What is a false negative in scanning?

A result that fails to report a real vulnerability

What is penetration testing?

Authorized simulated attacks to identify security weaknesses

What is mitigation?

Reducing the likelihood or impact of a threat or vulnerability

What is the purpose of user training in mitigation?

To reduce human error and improve awareness of attacks

What is the focus of Security Program Management and Oversight?

Governance, risk, compliance, policies, audits, awareness, vendor risk, privacy, and legal and ethical issues

What is governance?

The system of rules, practices, and processes used to direct and control security efforts

What is risk management?

The process of identifying, assessing, and treating risks

What is risk appetite?

The amount of risk an organization is willing to accept

What is risk tolerance?

The acceptable level of variation around risk objectives

What is compliance?

Following laws, regulations, standards, and internal policies

What is a security policy?

A formal statement of management intent, rules, and expectations

What is a standard?

A mandatory rule that supports a policy

What is a procedure?

A step-by-step set of instructions for performing a task

What is a guideline?

A recommended but optional best practice

What is an audit?

A formal review to verify compliance and control effectiveness

What is security awareness training?

Education that helps users recognize and respond to security risks

What is vendor risk management?

The process of evaluating and monitoring third-party security risks

What is due diligence?

Investigating and assessing a vendor or situation before making a decision

What is due care?

Taking reasonable steps to protect assets and meet responsibilities

What is privacy?

The protection and proper handling of personal and sensitive information

What is data classification?

Labeling data based on sensitivity and handling requirements

What is an acceptable use policy?

Rules for proper use of company systems and resources

What is the purpose of separation of duties in oversight?

To reduce fraud, abuse, and errors by dividing responsibilities

What is the purpose of least privilege in governance?

To limit access and reduce risk exposure

What is the focus of Security Architecture?

Secure design of networks, systems, cloud, endpoints, virtualization, and enterprise infrastructure

What is security architecture?

The design of secure systems and infrastructure based on security principles

What is defense in depth?

Using multiple layers of security controls to protect assets

What is network segmentation?

Dividing a network into smaller parts to improve security and limit movement

What is zero trust?

A security model that assumes no user or device is trusted by default

What is the purpose of a DMZ?

To isolate public-facing services from the internal network

What is a firewall?

A device or software that filters network traffic based on rules

What is an IDS?

An intrusion detection system that alerts on suspicious activity

What is an IPS?

An intrusion prevention system that detects and blocks suspicious activity

What is NAC?

Network Access Control that restricts device access based on security policies

What is secure baseline configuration?

A standardized and hardened system setup

What is hardening?

Reducing attack surface by disabling unnecessary services and tightening settings

What is virtualization?

Running virtual machines on shared physical hardware

What is a virtual machine?

A software-based emulation of a physical computer

What is containerization?

Packaging applications with their dependencies in isolated environments

What is cloud computing?

Delivering computing services over the internet

What is SaaS?

Software as a Service

What is PaaS?

Platform as a Service

What is IaaS?

Infrastructure as a Service

What is elasticity in cloud computing?

The ability to automatically scale resources up or down

What is high availability?

System design that minimizes downtime and keeps services accessible

What is redundancy?

Duplicating critical components to avoid single points of failure

What is an endpoint?

A user device such as a laptop, desktop, or phone connected to the network

What is embedded system security?

Protecting specialized devices with dedicated functions

What is IoT security?

Protecting internet-connected smart devices from misuse and attack

What is the focus of General Security Concepts?

Basic principles, controls, cryptography, resilience, and foundational security ideas

What is the CIA triad?

Confidentiality, Integrity, and Availability

What is confidentiality?

Protecting information from unauthorized access