Practice test 2 Questions

A hospital allows everyone to view patient records but nobody can modify them. Which CIA component is strongest and which is weakest?

Integrity is weakest because records can be viewed but not changed. Confidentiality is weakest if everyone can view them. Analyze which CIA objective is most protected and least protected based on the scenario.

You successfully log into a payroll system but cannot view salary information. Which security function succeeded and which one restricted you?

Authentication succeeded (proving identity). Authorization restricted access to salary information.

A manager claims she never approved a wire transfer. What security mechanism would prove she approved it?

Non-repudiation, typically provided through digital signatures and audit logs.

An employee logs in, accesses a file server, and every action is recorded. Identify Authentication, Authorization, and Accounting.

Authentication = login verification. Authorization = granted file access. Accounting = activity logging and auditing.

Management asks, 'Where are we today versus where we want to be?' What process are they performing?

Gap analysis.

A company installs security controls. Six months later they verify the controls are still functioning correctly. Which action demonstrates due diligence?

Verifying and continuously monitoring the controls demonstrates due diligence.

A vulnerability exists but exploiting it would cost more than the damage caused. How should management evaluate this risk?

Perform a risk assessment considering likelihood, impact, and cost-benefit analysis.

Classify the following controls: IDS, Firewall, Backup Restoration.

IDS = Detective. Firewall = Preventive. Backup Restoration = Corrective.

A ransomware attack is detected. Put these phases in order: Recovery, Preparation, Lessons Learned, Detection and Analysis, Containment.

Preparation → Detection and Analysis → Containment → Recovery → Lessons Learned.

Why is documenting every person who handled a hard drive important during an investigation?

To maintain chain of custody and ensure evidence remains admissible and untampered.

Which data should receive the highest protection: Public press release, Employee handbook, Customer credit card database, Marketing brochure? Why?

Customer credit card database because it contains sensitive regulated data.

A company stores production data, a local backup, and a cloud backup. What backup principle are they using?

The 3-2-1 backup rule: three copies, two media types, one offsite.

A disaster occurs. Which site resumes operations fastest: Hot, Warm, or Cold?

Hot site.

Why create a forensic image instead of analyzing the original drive?

To preserve evidence integrity and avoid altering original data.

What's the difference between RTO and RPO? Give an example.

RTO = maximum acceptable downtime. RPO = maximum acceptable data loss. Example: RTO 4 hours, RPO 30 minutes.

SOC analysts receive 5,000 alerts daily. What problem does this create and what technology helps solve it?

Alert fatigue. SIEM/SOAR technologies help automate analysis and response.

Why place public web servers in a DMZ instead of the internal network?

To isolate internet-facing systems from internal assets and limit breach impact.

An employee is already inside the network. Why should they still be continuously verified?

Zero Trust assumes no implicit trust; verification should be continuous.

What threat is an air-gapped system primarily designed to reduce?

Network-based attacks and remote compromise.

When would asymmetric encryption be preferred over symmetric encryption?

For key exchange, digital signatures, and situations where secure key distribution is needed.

Why can't hashing be used to encrypt a file?

Hashing is one-way and cannot be reversed to recover the original data.

What role does a Certificate Authority play in PKI?

It validates identities and issues trusted digital certificates.

What security advantage does virtualization provide?

Isolation between systems, limiting compromise spread and improving resource control.

Why should security teams review system changes before deployment?

To identify risks, prevent outages, and maintain compliance.

A cloud provider suffers a breach. Why is this still your organization's problem?

Third-party risk remains the organization's responsibility under shared responsibility models.

What is the purpose of a Business Impact Analysis (BIA)?

To identify critical business functions and determine operational impacts of disruptions.

Why shouldn't one employee both approve and execute a payment?

Separation of duties reduces fraud and insider abuse.

An organization buys expensive security tools but employees keep clicking phishing emails. What security program needs improvement?

Security awareness and training.

A company wants to prove that transmitted data was not altered in transit. Which security mechanism should they use?

Hashing and integrity verification mechanisms.

An attacker steals a password database. Why is salting important?

Salting prevents identical passwords from producing identical hashes and hinders rainbow table attacks.

An organization decides not to fix a low-impact vulnerability because remediation costs exceed potential losses. Which risk response strategy is being used?

Risk acceptance.

A company purchases cyber insurance to offset potential breach costs. Which risk response strategy is being used?

Risk transfer.

A company removes an insecure application entirely instead of securing it. Which risk response strategy is being used?

Risk avoidance.

A company deploys MFA after identifying credential theft risks. Which risk response strategy is being used?

Risk mitigation.

Why is least privilege considered a core security principle?

It limits access to only what is required, reducing attack surface and potential damage.

A user needs temporary administrative access to complete a task. Which access concept best supports this requirement?

Just-In-Time (JIT) access.

A company wants employees to access multiple systems after one login. Which technology should they implement?

Single Sign-On (SSO).

An attacker gains access to one user account. Why does network segmentation reduce the impact?

It limits lateral movement to other systems.

A company encrypts data on laptops. Which security objective is primarily being protected?

Confidentiality.

A security analyst discovers suspicious activity after reviewing logs. Which type of control helped identify the issue?

Detective control.

An organization wants systems to automatically block malicious IP addresses after detection. What type of control is this?

Corrective or compensating automated response control.

A company wants proof that a backup can actually be restored. What should they do?

Regularly test backup restoration procedures.

Why are lessons learned meetings important after a security incident?

They identify improvements and reduce future incident impact.