ISC2 - Certified In Cybersecurity

Q1: What is the primary purpose of a cloud security group (CSG) in a public cloud environment?

Option 1: To provide physical security for cloud data centers Option 2: To manage access control for cloud resources Option 3: To optimize cloud resource allocation Option 4: To enforce regulatory compliance in the cloud

Correct Answer: To manage access control for cloud resources

Q2: What is the main advantage of using a symmetric encryption algorithm over an asymmetric encryption algorithm?

Option 1: Symmetric encryption algorithms are faster and more efficient Option 2: Asymmetric encryption algorithms provide better security Option 3: Symmetric encryption algorithms require fewer resources Option 4: Asymmetric encryption algorithms are easier to implement

Correct Answer: Symmetric encryption algorithms are faster and more efficient

Q3: What is the primary purpose of using digital signatures in cryptographic protocols?

Option 1: To encrypt data for secure transmission Option 2: To verify the integrity and authenticity of data Option 3: To generate random cryptographic keys Option 4: To prevent unauthorized access to sensitive information

Correct Answer: To verify the integrity and authenticity of data

Q4: What security feature is commonly used with HTTPS?

Option 1: IPsec Option 2: SSH Option 3: SSL/TLS Option 4: VPN

Correct Answer: SSL/TLS

Q5: Which of the following is a characteristic of Infrastructure as a Service (IaaS)?

Option 1: Fully managed applications Option 2: Pay-as-you-go pricing model Option 3: Predetermined software configurations Option 4: Limited scalability options

Correct Answer: Limited scalability options

Q6: What is the primary purpose of implementing a disaster recovery plan in a cloud environment?

Option 1: To prevent unauthorized access to cloud resources Option 2: To ensure continuous availability of critical services during a disaster Option 3: To optimize cloud resource utilization Option 4: To automate software deployment processes

Correct Answer: To ensure continuous availability of critical services during a disaster

Q7: Which device is used to connect WAN to LAN?

Option 1: Firewalls Option 2: Router Option 3: Hub Option 4: Switch

Correct Answer: Router

Q8: Which cloud service model provides developers with a platform to build, deploy, and manage applications without managing underlying infrastructure?

Option 1: Infrastructure as a Service (IaaS) Option 2: Platform as a Service (PaaS) Option 3: Software as a Service (SaaS) Option 4: Function as a Service (FaaS)

Correct Answer: Platform as a Service (PaaS)

Q9: An attacker intercepts traffic between a user and a server in order to eavesdrop on sensitive information being transmitted. This is an example of what type of attack?

Option 1: On-path Attack Option 2: Spoofing Option 3: Phishing Option 4: Side-channel

Correct Answer: On-path Attack

Q10: Which network security measure is used to authenticate and authorize users and devices connecting to a network?

Option 1: Virtual Private Network (VPN) Option 2: Intrusion Detection System (IDS) Option 3: Network Access Control (NAC) Option 4: Packet Filtering

Correct Answer: Network Access Control (NAC)

Q11: Which port is used by the FTP protocol?

Option 1: 21 Option 2: 22 Option 3: 23 Option 4: 80

Correct Answer: 21

Q12: Which authentication mechanism is commonly used to access cloud resources securely from external networks?

Option 1: Username and password Option 2: Biometric authentication Option 3: OAuth (Open Authorization) Option 4: LDAP (Lightweight Directory Access Protocol)

Correct Answer: Username and password

Q13: Which port is commonly used for SSH?

Option 1: 22 Option 2: 23 Option 3: 80 Option 4: 443

Correct Answer: 22

Q14: What is the primary purpose of data encryption in transit in cloud environments?

Option 1: To prevent unauthorized access to cloud resources Option 2: To protect data from unauthorized disclosure during transmission over networks Option 3: To optimize cloud resource utilization Option 4: To automate software deployment processes

Correct Answer: To protect data from unauthorized disclosure during transmission over networks

Q15: A user receives an email that appears to be from their bank, requesting their login credentials. This is an example of what type of attack?

Option 1: Spoofing Option 2: Phishing Option 3: DOS/DDOS Option 4: Virus

Correct Answer: Phishing

Q16: Which port is used by the SSH protocol for secure file transfers?

Option 1: SFTP Option 2: SCP Option 3: FTPS Option 4: TFTP

Correct Answer: SFTP

Q17: What is the purpose of conducting regular tests and exercises of a Business Continuity Plan (BCP)?

Option 1: To minimize resource utilization during normal operations Option 2: To validate the effectiveness of the plan and identify areas for improvement Option 3: To increase profitability of the organization Option 4: To prevent all types of disasters from occurring

Correct Answer: To validate the effectiveness of the plan and identify areas for improvement

Q18: What is the main advantage of using a cloud access security broker (CASB) solution in cloud environments?

Option 1: To prevent distributed denial of service (DDoS) attacks Option 2: To monitor and control data traffic between on-premises and cloud environments Option 3: To encrypt data stored in cloud databases Option 4: To optimize cloud resource utilization

Correct Answer: To monitor and control data traffic between on-premises and cloud environments

Q19: What is the purpose of a Business Continuity Plan (BCP)?

Option 1: To prevent all types of disasters from occurring Option 2: To ensure the organization can continue critical business operations during and after a disaster Option 3: To optimize resource utilization during normal operations Option 4: To increase profitability

Correct Answer: To ensure the organization can continue critical business operations during and after a disaster

Q20: Which type of attack involves flooding a network or server with traffic, rendering it unavailable to legitimate users?

Option 1: DOS/DDOS Option 2: Spoofing Option 3: Phishing Option 4: Virus

Correct Answer: DOS/DDOS

Q21: Which cloud deployment model provides dedicated infrastructure for a single organization?

Option 1: Public cloud Option 2: Private cloud Option 3: Hybrid cloud Option 4: Community cloud

Correct Answer: Private cloud

Q22: What is the primary goal of cloud access security brokers (CASBs)?

Option 1: To provide identity and access management services Option 2: To monitor and control data traffic between on-premises and cloud environments Option 3: To encrypt data stored in cloud databases Option 4: To optimize cloud resource allocation

Correct Answer: To monitor and control data traffic between on-premises and cloud environments

Q23: What is the primary purpose of data encryption in transit in cloud environments?

Correct Answer: To protect data from unauthorized disclosure during transmission over networks

Q24: Which encryption protocol is commonly used to secure data transmitted over wireless networks?

Option 1: WPA2 (Wi-Fi Protected Access 2) Option 2: SSL (Secure Sockets Layer) Option 3: TLS (Transport Layer Security) Option 4: AES (Advanced Encryption Standard)

Correct Answer: WPA2 (Wi-Fi Protected Access 2)

Q25: How does IPSec protect against replay attacks?

Option 1: By encrypting all network traffic Option 2: By using digital signatures Option 3: By using sequence numbers Option 4: By limiting access to the network

Correct Answer: By using sequence numbers

Q26: Which cloud deployment model provides a combination of private and public cloud resources?

Option 1: Public cloud Option 2: Private cloud Option 3: Hybrid cloud Option 4: Community cloud

Correct Answer: Hybrid cloud

Q27: Which port is used by the Telnet protocol?

Option 1: 23 Option 2: 21 Option 3: 22 Option 4: 80

Correct Answer: 23

Q28: Which authentication mechanism is commonly used to access cloud resources securely from external networks?

Option 1: Username and password Option 2: Biometric authentication Option 3: OAuth (Open Authorization) Option 4: LDAP (Lightweight Directory Access Protocol)

Correct Answer: OAuth (Open Authorization)

Q29: What is the primary purpose of using role-based access control (RBAC) in a cloud environment?

Option 1: To prevent distributed denial of service (DDoS) attacks Option 2: To enforce regulatory compliance Option 3: To monitor user activities and access patterns Option 4: To restrict access to cloud resources based on users' roles and responsibilities

Correct Answer: To restrict access to cloud resources based on users' roles and responsibilities

Q30: What is the primary purpose of network segmentation in cloud environments?

Option 1: To increase network bandwidth Option 2: To reduce latency for cloud applications Option 3: To isolate sensitive workloads and data from potential threats Option 4: To automate network provisioning processes

Correct Answer: To isolate sensitive workloads and data from potential threats

Q31: Which of the following is an example of a registered port?

Option 1: Microsoft SQL Server Option 2: RADIUS authentication Option 3: HTTP Option 4: SMB

Correct Answer: Microsoft SQL Server

Q32: What is the purpose of implementing a Virtual Private Network (VPN) in a network?

Option 1: To optimize network performance Option 2: To securely connect remote users and devices to a private network over the internet Option 3: To prevent physical access to network devices Option 4: To monitor network traffic for compliance purposes

Correct Answer: To securely connect remote users and devices to a private network over the internet

Q33: Which cloud service model provides ready-to-use software applications over the internet?

Option 1: Infrastructure as a Service (IaaS) Option 2: Platform as a Service (PaaS) Option 3: Software as a Service (SaaS) Option 4: Function as a Service (FaaS)

Correct Answer: Software as a Service (SaaS)

Q34: An organization is experiencing issues with their VPN connection, causing frequent disconnects. Which OSI layer is most likely affected by this issue?

Option 1: Application Layer Option 2: Transport Layer Option 3: Network Layer Option 4: Physical Layer

Correct Answer: Transport Layer

Q35: Which cryptographic algorithm is vulnerable to collision attacks and should not be used for generating digital signatures?

Option 1: AES (Advanced Encryption Standard) Option 2: RSA (Rivest-Shamir-Adleman) Option 3: MD5 (Message Digest Algorithm 5) Option 4: SHA-256 (Secure Hash Algorithm 256-bit)

Correct Answer: MD5 (Message Digest Algorithm 5)

Q36: What is the primary purpose of a distributed denial of service (DDoS) mitigation service in cloud environments?

Option 1: To prevent unauthorized access to cloud resources Option 2: To monitor and analyze network traffic patterns Option 3: To detect and block malicious traffic targeting cloud services Option 4: To optimize cloud resource utilization

Correct Answer: To detect and block malicious traffic targeting cloud services

Q37: Which cloud service model provides ready-to-use software applications over the internet?

Option 1: Infrastructure as a Service (IaaS) Option 2: Platform as a Service (PaaS) Option 3: Software as a Service (SaaS) Option 4: Function as a Service (FaaS)

Correct Answer: Software as a Service (SaaS)

Q38: Which of the following would be considered an endpoint?

Option 1: Software task Option 2: Router Option 3: Firewall Option 4: Laptop

Correct Answer: Laptop

Q39: Which encryption algorithm is commonly used to protect data in transit between cloud services and users' devices?

Option 1: AES (Advanced Encryption Standard) Option 2: RSA (Rivest-Shamir-Adleman) Option 3: DES (Data Encryption Standard) Option 4: MD5 (Message Digest Algorithm 5)

Correct Answer: AES (Advanced Encryption Standard)

Q40: What is an IPv4 address?

Option 1: A 128-bit address used to uniquely identify devices on a network. Option 2: A 32-bit address used to uniquely identify devices on a network. Option 3: An address used for internal network use only. Option 4: An address used for documentation purposes only.

Correct Answer: A 32-bit address used to uniquely identify devices on a network.

Q41: A user receives an email that appears to be from their bank, requesting their login credentials. This is an example of what type of attack?

Option 1: Spoofing Option 2: Phishing Option 3: DOS/DDOS Option 4: Virus

Correct Answer: Phishing

Q42: Which cryptographic attack targets the process of intercepting and altering communication between two parties?

Option 1: Man-in-the-middle (MITM) attack Option 2: Brute-force attack Option 3: Dictionary attack Option 4: Rainbow table attack

Correct Answer: Man-in-the-middle (MITM) attack

Q43: Which type of malware encrypts a user's files and demands payment in exchange for the decryption key? a. Ransomware

Option 1: Ransomware Option 2: Worm Option 3: Trojan Option 4: Virus

Correct Answer: Ransomware

Q44: What security control is used to protect data in transit between cloud services and users' devices?

Option 1: Data encryption at rest Option 2: Network intrusion detection systems (NIDS) Option 3: Transport Layer Security (TLS) Option 4: Role-based access control (RBAC)

Correct Answer: Transport Layer Security (TLS)

Q45: Which component of a Business Continuity Plan (BCP) identifies critical business functions and the resources required to support them?

Option 1: Plan development and testing Option 2: Risk assessment Option 3: Business impact analysis (BIA) Option 4: Plan implementation

Correct Answer: Business impact analysis (BIA)

Q46: What is the primary purpose of data encryption in transit in cloud environments?

Correct Answer: To protect data from unauthorized disclosure during transmission over networks

Q47: What is the primary objective of a disaster recovery plan in cloud computing?

Correct Answer: To ensure continuous availability of critical services during a disaster

Q48: What is the primary purpose of using a digital certificate in public key infrastructure (PKI)?

Option 1: To encrypt data for secure transmission Option 2: To authenticate the identity of users and devices Option 3: To generate random cryptographic keys Option 4: To prevent buffer overflow attacks

Correct Answer: To authenticate the identity of users and devices

Q49: A hacker gains access to a company's network and begins to intercept network traffic in order to steal login credentials. Which OSI layer is being attacked?

Option 1: Physical layer Option 2: Data link layer Option 3: Network layer Option 4: Application layer

Correct Answer: Data link layer

Q50: Which security control is used to verify the integrity and authenticity of cloud service providers?

Option 1: Service level agreements (SLAs) Option 2: Cloud security certifications Option 3: Encryption protocols Option 4: Intrusion detection systems (IDS)

Correct Answer: Cloud security certifications

Q51: Which encryption algorithm is commonly used to protect data in transit in cloud environments?

Option 1: AES (Advanced Encryption Standard) Option 2: DES (Data Encryption Standard) Option 3: RSA (Rivest-Shamir-Adleman) Option 4: MD5 (Message Digest Algorithm 5)

Correct Answer: AES (Advanced Encryption Standard)

Q52: Which of the following is a characteristic of a public cloud deployment model?

Option 1: Dedicated infrastructure for a single organization Option 2: Limited scalability options Option 3: Shared infrastructure for multiple organizations Option 4: Full control over hardware and software configurations

Correct Answer: Shared infrastructure for multiple organizations

Q53: At which layer of the TCP/IP protocol stack does a firewall operate?

Option 1: Layer 1 Option 2: Layer 2 Option 3: Layer 3 Option 4: Layer 4

Correct Answer: Layer 4

Q54: What is the primary purpose of using a salt when hashing passwords?

Option 1: To add flavor to the password Option 2: To increase the entropy of the hashed passwords Option 3: To make the passwords easier to crack Option 4: To decrease the security of the hashing algorithm

Correct Answer: To increase the entropy of the hashed passwords

Q55: Which security control is used to prevent unauthorized access to sensitive data in cloud databases?

Option 1: Role-based access control (RBAC) Option 2: Network intrusion detection systems (NIDS) Option 3: Distributed denial of service (DDoS) mitigation Option 4: Security information and event management (SIEM)

Correct Answer: Role-based access control (RBAC)

Q56: What protocol is associated with port 53?

Option 1: DNS Option 2: SMTP Option 3: HTTP Option 4: HTTPS

Correct Answer: DNS

Q57: What layer of the OSI model is the target of a ping flood attack?

Option 1: Layer 3 Option 2: Layer 4 Option 3: Layer 5 Option 4: Layer 6

Correct Answer: Layer 3

Q58: What is the potential impact of an IPSec replay attack?

Option 1: Unauthorized access to network resources Option 2: Disruption of network communication Option 3: Modification of network traffic Option 4: All of the above

Correct Answer: All of the above

Q59: Which security control is used to protect data in transit between cloud services and users' devices?

Option 1: Data encryption at rest Option 2: Network intrusion detection systems (NIDS) Option 3: Transport Layer Security (TLS) Option 4: Role-based access control (RBAC)

Correct Answer: Transport Layer Security (TLS)

Q60: What is the primary goal of implementing multi-factor authentication (MFA) in a cloud environment?

Option 1: To prevent unauthorized access to cloud resources Option 2: To optimize cloud resource utilization Option 3: To automate software deployment processes Option 4: To monitor user activities and access patterns

Correct Answer: To prevent unauthorized access to cloud resources

Q61: Which cloud deployment model provides cloud resources exclusively for a specific organization?

Option 1: Hybrid cloud Option 2: Public cloud Option 3: Private cloud Option 4: Community cloud

Correct Answer: Private cloud

Q62: What is the primary purpose of implementing network segmentation?

Option 1: To prevent unauthorized access to network resources Option 2: To increase the speed of data transmission across the network Option 3: To divide a network into smaller subnetworks for improved security and performance Option 4: To monitor network traffic for compliance purposes

Correct Answer: To divide a network into smaller subnetworks for improved security and performance

Q63: Which encryption algorithm is commonly used to protect data at rest in cloud storage?

Option 1: AES (Advanced Encryption Standard) Option 2: RSA (Rivest-Shamir-Adleman) Option 3: DES (Data Encryption Standard) Option 4: MD5 (Message Digest Algorithm 5)

Correct Answer: AES (Advanced Encryption Standard)

Q64: A user clicks on an attachment in an email that they believe is from a friend, which then installs malicious software on their computer. This is an example of what type of malware?

Option 1: Worm Option 2: Virus Option 3: Trojan Option 4: Ransomware

Correct Answer: Trojan

Q65: A company has been experiencing network connectivity issues that have been traced to a problem with the cabling. Which OSI layer is affected by this issue?

Option 1: Application Layer Option 2: Transport Layer Option 3: Network Layer Option 4: Physical Layer

Correct Answer: Physical Layer

Q66: What is the primary goal of data loss prevention (DLP) solutions in cloud environments?

Option 1: To prevent unauthorized access to cloud resources Option 2: To monitor and control data movement within and outside the organization Option 3: To optimize cloud resource utilization Option 4: To automate software deployment processes

Correct Answer: To monitor and control data movement within and outside the organization

Q67: A hacker uses a distributed denial of service (DDoS) attack to flood a company's network with traffic, rendering it unable to function properly. Which OSI layer is being attacked?

Option 1: Physical layer Option 2: Data link layer Option 3: Network layer Option 4: Transport layer

Correct Answer: Network layer

Q68: What is the well-known port for SMTP?

Option 1: 25 Option 2: 80 Option 3: 443 Option 4: 22

Correct Answer: 25

Q69: What are registered ports used for?

Option 1: Proprietary applications from vendors and developers Option 2: Common protocols at the core of TCP/IP model Option 3: Used for Web servers Option 4: Used for inhouse or opensource applications

Correct Answer: Proprietary applications from vendors and developers

Q70: Which cloud service model provides developers with a platform to build, deploy, and manage applications without managing underlying infrastructure?

Option 1: Infrastructure as a Service (IaaS) Option 2: Platform as a Service (PaaS) Option 3: Software as a Service (SaaS) Option 4: Function as a Service (FaaS)

Correct Answer: Platform as a Service (PaaS)

Q71: What layer of the OSI model is the target of a port scanning attack?

Option 1: Layer 1 Option 2: Layer 2 Option 3: Layer 3 Option 4: Layer 4

Correct Answer: Layer 4

Q72: A user reports that they are unable to access a specific website. Which OSI layer is most likely affected by this issue?

Option 1: Application Layer Option 2: Transport Layer Option 3: Network Layer Option 4: Data Link Layer

Correct Answer: Application Layer

Q73: What is the primary objective of implementing a cloud access security broker (CASB) solution?

Option 1: To manage cloud service provider relationships Option 2: To optimize cloud resource utilization Option 3: To monitor and control data traffic between on-premises and cloud environments Option 4: To encrypt data stored in cloud databases

Correct Answer: To monitor and control data traffic between on-premises and cloud environments

Q74: Which cloud deployment model provides cloud resources exclusively for a specific organization?

Option 1: Public cloud Option 2: Private cloud Option 3: Hybrid cloud Option 4: Community cloud

Correct Answer: Private cloud

Q75: What is the purpose of a cloud security posture management (CSPM) tool?

Option 1: To monitor and enforce compliance with security policies in cloud environments Option 2: To optimize cloud resource allocation Option 3: To encrypt data stored in cloud databases Option 4: To automate software deployment processes

Correct Answer: To monitor and enforce compliance with security policies in cloud environments

Q76: What security control is used to protect data at rest in cloud storage?

Option 1: Role-based access control (RBAC) Option 2: Data encryption Option 3: Intrusion detection systems (IDS) Option 4: Multi-factor authentication (MFA)

Correct Answer: Data encryption

Q77: What is the main advantage of using a cloud access security broker (CASB) solution in cloud environments?

Correct Answer: To monitor and control data traffic between on-premises and cloud environments

Q78: What is the primary goal of a Disaster Recovery Plan (DRP)?

Option 1: To prevent all types of disasters from occurring Option 2: To ensure the continuity of critical business operations Option 3: To optimize resource utilization during normal operations Option 4: To increase profitability

Correct Answer: To ensure the continuity of critical business operations

Q79: Which cloud deployment model provides dedicated infrastructure for a single organization?

Option 1: Public cloud Option 2: Private cloud Option 3: Hybrid cloud Option 4: Community cloud

Correct Answer: Private cloud

Q80: What protocol is associated with port 80?

Option 1: HTTP Option 2: FTP Option 3: SSH Option 4: Telnet

Correct Answer: HTTP

Q81: What is the purpose of a virtual private cloud (VPC)?

Option 1: To provide dedicated physical servers to customers Option 2: To isolate network traffic within a public cloud environment Option 3: To optimize virtual machine performance Option 4: To enforce strict access controls on cloud resources

Correct Answer: To isolate network traffic within a public cloud environment

Q82: What is the primary purpose of a distributed denial of service (DDoS) mitigation service in cloud environments?

Correct Answer: To detect and block malicious traffic targeting cloud services

Q83: Which security control is used to detect and respond to security incidents in cloud environments?

Option 1: Multi-factor authentication (MFA) Option 2: Intrusion detection systems (IDS) Option 3: Role-based access control (RBAC) Option 4: Data encryption at rest

Correct Answer: Intrusion detection systems (IDS)

Q84: What is the primary goal of implementing a disaster recovery plan in a cloud environment?

Correct Answer: To ensure continuous availability of critical services during a disaster

Q85: A user reports that they are unable to access a specific website. Which OSI layer is most likely affected by this issue?

Option 1: Application Layer Option 2: Transport Layer Option 3: Network Layer Option 4: Data Link Layer

Correct Answer: Application Layer

Q86: What layer of the OSI model is the target of a man-in-the-middle (MITM) attack?

Option 1: Layer 2 Option 2: Layer 3 Option 3: Layer 4 Option 4: Layer 7

Correct Answer: Layer 3

Q87: What is the main advantage of using a cloud access security broker (CASB) solution in cloud environments?

Correct Answer: To monitor and control data traffic between on-premises and cloud environments

Q88: Which cloud service model provides access to virtualized computing resources over the internet?

Option 1: Infrastructure as a Service (IaaS) Option 2: Software as a Service (SaaS) Option 3: Platform as a Service (PaaS) Option 4: Function as a Service (FaaS)

Correct Answer: Infrastructure as a Service (IaaS)

Q89: What is the primary goal of implementing role-based access control (RBAC) in a cloud environment?

Correct Answer: To restrict access to cloud resources based on users' roles and responsibilities

Q90: What is the primary purpose of using encryption at rest in cloud storage?

Correct Answer: To protect data stored in cloud storage from unauthorized access

Q91: Which phase of the Business Continuity Planning (BCP) process involves identifying potential risks and threats to an organization's operations?

Option 1: Risk assessment Option 2: Business impact analysis Option 3: Plan development and testing Option 4: Plan implementation

Correct Answer: Risk assessment

Q92: Which authentication mechanism is commonly used to access cloud resources securely from external networks?

Option 1: Username and password Option 2: Biometric authentication Option 3: OAuth (Open Authorization) Option 4: LDAP (Lightweight Directory Access Protocol)

Correct Answer: OAuth (Open Authorization)

Q93: What is the primary purpose of using network segmentation in a cloud environment?

Option 1: To optimize network bandwidth Option 2: To increase network latency Option 3: To isolate workloads and data for security purposes Option 4: To automate network provisioning processes

Correct Answer: To isolate workloads and data for security purposes

Q94: Which cloud service model provides developers with a platform to build, deploy, and manage applications without managing underlying infrastructure?

Option 1: Infrastructure as a Service (IaaS) Option 2: Platform as a Service (PaaS) Option 3: Software as a Service (SaaS) Option 4: Function as a Service (FaaS)

Correct Answer: Platform as a Service (PaaS)

Q95: What is the primary purpose of a cloud security group (CSG) in a public cloud environment?

Correct Answer: To manage access control for cloud resources

Q96: Which type of malware encrypts a user's files and demands payment in exchange for the decryption key?

Option 1: Ransomware Option 2: Worm Option 3: Trojan Option 4: Virus

Correct Answer: Ransomware

Q97: What is the main advantage of using a cloud access security broker (CASB) solution in cloud environments?

Correct Answer: To monitor and control data traffic between on-premises and cloud environments

Q98: What is the primary purpose of using a nonce in cryptographic protocols?

Option 1: To add randomness to the encryption process Option 2: To increase the security of the cryptographic keys Option 3: To prevent replay attacks Option 4: To authenticate the parties involved in the communication

Correct Answer: To prevent replay attacks

Q99: A hacker uses a DNS spoofing attack to redirect a user to a fake website that looks like a legitimate one. Once the user enters their login credentials, the hacker steals the information. Which OSI layer is being attacked?

Option 1: Physical layer Option 2: Data link layer Option 3: Network layer Option 4: Application layer

Correct Answer: Application layer

Q100: An attacker intercepts traffic between a user and a server in order to eavesdrop on sensitive information being transmitted. This is an example of what type of attack?

Option 1: On-path Attack Option 2: Spoofing Option 3: Phishing Option 4: Side-channel

Correct Answer: On-path Attack

Q101: Which security control is used to monitor and analyze user activities and access patterns in cloud environments?

Option 1: Security information and event management (SIEM) Option 2: Intrusion detection systems (IDS) Option 3: Multi-factor authentication (MFA) Option 4: Role-based access control (RBAC)

Correct Answer: Security information and event management (SIEM)

Q102: What is the primary purpose of using role-based access control (RBAC) in a cloud environment?

Correct Answer: To restrict access to cloud resources based on users' roles and responsibilities

Q103: What is the range of dynamic or private ports?

Option 1: 49152-65535 Option 2: 0-1023 Option 3: 1024-49151 Option 4: none of the above

Correct Answer: 49152-65535

Q104: Which security control is designed to detect and prevent buffer overflow attacks?

Option 1: Intrusion detection systems (IDS) Option 2: Firewalls Option 3: Antivirus software Option 4: Input validation mechanisms

Correct Answer: Input validation mechanisms

Q105: What layer of the OSI model is the target of a MAC flooding attack?

Option 1: Layer 2 Option 2: Layer 3 Option 3: Layer 4 Option 4: Layer 7

Correct Answer: Layer 2

Q106: What is the primary purpose of implementing multi-factor authentication (MFA) in a cloud environment?

Option 1: To optimize cloud resource utilization Option 2: To prevent unauthorized access to cloud resources Option 3: To automate software deployment processes Option 4: To monitor user activities and access patterns

Correct Answer: To prevent unauthorized access to cloud resources

Q107: What is the main purpose of an Incident Response Plan (IRP)?

Option 1: To improve employee productivity Option 2: To prevent all security incidents from occurring Option 3: To allocate resources for routine maintenance tasks Option 4: To provide guidelines and procedures for responding to and mitigating security incidents

Correct Answer: To provide guidelines and procedures for responding to and mitigating security incidents

Q108: What is the primary purpose of a cloud security group (CSG) in a public cloud environment?

Correct Answer: To manage access control for cloud resources

Q109: What is the primary goal of implementing role-based access control (RBAC) in a cloud environment?

Correct Answer: To restrict access to cloud resources based on users' roles and responsibilities

Q110: Which type of attack involves flooding a network or server with traffic, rendering it unavailable to legitimate users?

Option 1: DOS/DDOS Option 2: Spoofing Option 3: Phishing Option 4: Virus

Correct Answer: DOS/DDOS

Q111: What is the purpose of a distributed denial of service (DDoS) mitigation service in cloud environments?

Correct Answer: To detect and block malicious traffic targeting cloud services

Q112: A user clicks on an attachment in an email that they believe is from a friend, which then installs malicious software on their computer. This is an example of what type of malware?

Option 1: Worm Option 2: Virus Option 3: Trojan Option 4: Ransomware

Correct Answer: Trojan

Q113: Which cloud deployment model provides a combination of private and public cloud resources?

Option 1: Public cloud Option 2: Private cloud Option 3: Hybrid cloud Option 4: Community cloud

Correct Answer: Hybrid cloud

Q114: Which of the following is a characteristic of a public cloud deployment model?

Correct Answer: Shared infrastructure for multiple organizations

Q115: What security measure can help prevent unauthorized access to cloud resources through stolen or compromised credentials?

Option 1: Intrusion detection systems (IDS) Option 2: Multi-factor authentication (MFA) Option 3: Data encryption at rest Option 4: Network segmentation

Correct Answer: Multi-factor authentication (MFA)

Q116: A hacker uses a distributed denial of service (DDoS) attack to flood a company's network with traffic, rendering it unable to function properly. Which OSI layer is being attacked?

Option 1: Physical layer Option 2: Data link layer Option 3: Network layer Option 4: Transport layer

Correct Answer: Network layer

Q117: What is the primary objective of implementing a cloud access security broker (CASB) solution?

Correct Answer: To monitor and control data traffic between on-premises and cloud environments

Q118: What layer of the OSI model is the target of a SYN flood attack?

Option 1: Layer 4 Option 2: Layer 5 Option 3: Layer 6 Option 4: Layer 7

Correct Answer: Layer 4

Q119: What security measure can help prevent unauthorized access to cloud resources through stolen or compromised credentials?

Option 1: Intrusion detection systems (IDS) Option 2: Multi-factor authentication (MFA) Option 3: Data encryption at rest Option 4: Network segmentation

Correct Answer: Multi-factor authentication (MFA)

Q120: Which encryption algorithm is commonly used to protect data in transit between cloud services and users' devices?

Option 1: AES (Advanced Encryption Standard) Option 2: RSA (Rivest-Shamir-Adleman) Option 3: DES (Data Encryption Standard) Option 4: MD5 (Message Digest Algorithm 5)

Correct Answer: AES (Advanced Encryption Standard)

Q121: An organization is experiencing issues with their VPN connection, causing frequent disconnects. Which OSI layer is most likely affected by this issue?

Option 1: Application Layer Option 2: Transport Layer Option 3: Network Layer Option 4: Physical Layer

Correct Answer: Transport Layer

Q122: Which cloud service model provides ready-to-use software applications over the internet?

Option 1: Platform as a Service (PaaS) Option 2: Infrastructure as a Service (IaaS) Option 3: Software as a Service (SaaS) Option 4: Function as a Service (FaaS)

Correct Answer: Software as a Service (SaaS)

Q123: Which authentication mechanism is commonly used to access cloud resources securely from external networks?

Option 1: Username and password Option 2: Biometric authentication Option 3: OAuth (Open Authorization) Option 4: LDAP (Lightweight Directory Access Protocol)

Correct Answer: OAuth (Open Authorization)

Q124: A company has been experiencing network connectivity issues that have been traced to a problem with the cabling. Which OSI layer is affected by this issue?

Option 1: Application Layer Option 2: Transport Layer Option 3: Network Layer Option 4: Physical Layer

Correct Answer: Physical Layer

Q125: What is an IPv4 address?

Correct Answer: A 32-bit address used to uniquely identify devices on a network.

Q126: Which security control is used to detect and respond to security incidents in cloud environments?

Option 1: Intrusion detection systems (IDS) Option 2: Multi-factor authentication (MFA) Option 3: Role-based access control (RBAC) Option 4: Data encryption at rest

Correct Answer: Intrusion detection systems (IDS)

Q127: Which security control is used to prevent unauthorized access to sensitive data in cloud databases?

Correct Answer: Role-based access control (RBAC)

Q128: What is the primary purpose of a cloud access security broker (CASB) solution?

Correct Answer: To monitor and control data traffic between on-premises and cloud environments

Q129: Which cloud deployment model provides dedicated infrastructure for a single organization?

Option 1: Public cloud Option 2: Private cloud Option 3: Hybrid cloud Option 4: Community cloud

Correct Answer: Private cloud

Q130: What is the range of well-known ports?

Option 1: 0-1023 Option 2: 1024-49151 Option 3: 1024-49151 Option 4: none of the above

Correct Answer: 0-1023

Q131: What is the primary purpose of implementing a firewall in a network?

Option 1: To optimize network performance Option 2: To monitor and control incoming and outgoing network traffic Option 3: To encrypt data transmitted over the network Option 4: To prevent physical access to network devices

Correct Answer: To monitor and control incoming and outgoing network traffic

Q132: Which of the following is a characteristic of a private cloud deployment model?

Option 1: Shared infrastructure for multiple organizations Option 2: Limited scalability options Option 3: Dedicated infrastructure for a single organization Option 4: Full control over hardware and software configurations

Correct Answer: Dedicated infrastructure for a single organization

Q133: Which encryption algorithm is commonly used to protect data at rest in cloud storage?

Option 1: AES (Advanced Encryption Standard) Option 2: RSA (Rivest-Shamir-Adleman) Option 3: DES (Data Encryption Standard) Option 4: MD5 (Message Digest Algorithm 5)

Correct Answer: AES (Advanced Encryption Standard)

Q134: What is an IP address?

Option 1: A physical address used to connect multiple devices in a network Option 2: An address that represents the network interface within the network Option 3: An address that denotes the vendor or manufacturer of the physical network interface Option 4: A logical address associated with a unique network interface within the network

Correct Answer: A logical address associated with a unique network interface within the network

Q135: What is the difference between a hub and a switch?

Option 1: A hub is smarter than a switch. Option 2: A switch is less likely to be seen in home networks. Option 3: A switch can create separate broadcast domains when used to create VLANs. Option 4: A switch retransmits traffic to all devices, while a switch routes traffic to a specific device.

Correct Answer: A switch retransmits traffic to all devices, while a switch routes traffic to a specific device.

Q136: Which device is used to control traffic flow on networks?

Option 1: switch Option 2: Firewalls Option 3: hub Option 4: router

Correct Answer: switch

Q137: Which protocol is used for secure email?

Option 1: SMTPS Option 2: IMAPS Option 3: POP3S Option 4: All of the above

Correct Answer: All of the above

Q138: Which phase of the Incident Response Plan (IRP) process involves containing the impact of a security incident and mitigating further damage?

Option 1: Preparation and planning Option 2: Detection and analysis Option 3: Response and mitigation Option 4: Recovery and post-incident activities

Correct Answer: Response and mitigation

Q139: What layer of the OSI model is the target of a buffer overflow attack?

Option 1: Layer 5 Option 2: Layer 6 Option 3: Layer 7 Option 4: Layer 8

Correct Answer: Layer 7

Q140: What does the "shared responsibility model" in cloud computing refer to?

Option 1: Responsibility for data encryption Option 2: Division of security responsibilities between the cloud provider and the customer Option 3: Ownership of physical infrastructure Option 4: Compliance with industry regulations

Correct Answer: Division of security responsibilities between the cloud provider and the customer

Q141: What is the primary purpose of using network segmentation in a cloud environment?

Option 1: To optimize network bandwidth Option 2: To increase network latency Option 3: To isolate workloads and data for security purposes Option 4: To automate network provisioning processes

Correct Answer: To isolate workloads and data for security purposes

Q142: How does subnetting help to improve network performance?

Option 1: By reducing network congestion Option 2: By increasing network bandwidth Option 3: By improving network security Option 4: By simplifying network management

Correct Answer: By reducing network congestion

Q143: Which cloud service model provides ready-to-use software applications over the internet?

Option 1: Infrastructure as a Service (IaaS) Option 2: Platform as a Service (PaaS) Option 3: Software as a Service (SaaS) Option 4: Function as a Service (FaaS)

Correct Answer: Software as a Service (SaaS)

Q144: Which port is commonly used for HTTPS?

Option 1: 80 Option 2: 443 Option 3: 446 Option 4: 22

Correct Answer: 443

Q145: Which security control is used to prevent unauthorized access to sensitive data in cloud databases?

Correct Answer: Role-based access control (RBAC)

Q146: What security measure can help prevent unauthorized access to cloud resources through stolen or compromised credentials?

Option 1: Intrusion detection systems (IDS) Option 2: Multi-factor authentication (MFA) Option 3: Data encryption at rest Option 4: Network segmentation

Correct Answer: Multi-factor authentication (MFA)

Q147: What is the primary purpose of implementing network encryption in a cloud environment?

Correct Answer: To protect data from unauthorized disclosure during transmission over networks

Q148: What is the primary purpose of using role-based access control (RBAC) in a cloud environment?

Option 1: To monitor user activities and access patterns Option 2: To prevent distributed denial of service (DDoS) attacks Option 3: To enforce regulatory compliance Option 4: To restrict access to cloud resources based on users' roles and responsibilities

Correct Answer: To restrict access to cloud resources based on users' roles and responsibilities

Q149: A hacker uses a man-in-the-middle attack to intercept network traffic between two nodes and injects malicious code into the data stream. Which TCP layer is being attacked?

Option 1: Physical layer Option 2: Transport layer Option 3: Network layer Option 4: Application layer

Correct Answer: Transport layer

Q150: Which of the following is an example of a security control used to protect data at rest in cloud storage? )

Option 1: Transport Layer Security (TLS) Option 2: Data encryption Option 3: Intrusion detection systems (IDS) Option 4: Multi-factor authentication (MFA

Correct Answer: Data encryption

Q151: What is an IPSec replay attack?

Option 1: An attack where an attacker attempts to inject packets into an existing session Option 2: An attack where an attacker modifies packets in transit Option 3: An attack where an attacker eavesdrops on network traffic Option 4: An attack where an attacker overloads a network with traffic

Correct Answer: An attack where an attacker attempts to inject packets into an existing session

Q152: What is the primary goal of implementing intrusion detection and prevention systems (IDPS) in a network?

Option 1: To monitor network traffic for compliance purposes Option 2: To optimize network performance Option 3: To detect and respond to malicious activities and security threats Option 4: To prevent physical access to network devices

Correct Answer: To detect and respond to malicious activities and security threats

Q153: A company has noticed that their network performance has been slow lately. After investigating, they discover that their router is not configured properly, leading to network congestion. Which OSI layer is most likely affected by this issue?

Option 1: Application Layer Option 2: Transport Layer Option 3: Network Layer Option 4: Data Link Layer

Correct Answer: Network Layer

Q154: Which cloud service model provides access to virtualized computing resources over the internet?

Option 1: Infrastructure as a Service (IaaS) Option 2: Platform as a Service (PaaS) Option 3: Software as a Service (SaaS) Option 4: Function as a Service (FaaS)

Correct Answer: Infrastructure as a Service (IaaS)

Q155: What is the primary goal of implementing data loss prevention (DLP) solutions in cloud environments?

Correct Answer: To monitor and control data movement within and outside the organization

Q156: What is the main advantage of using a rainbow table attack compared to a brute-force attack?

Option 1: Rainbow table attacks are faster and more efficient Option 2: Brute-force attacks are less computationally intensive Option 3: Rainbow table attacks are less likely to succeed Option 4: Brute-force attacks require less memory resources

Correct Answer: Rainbow table attacks are faster and more efficient

Q157: A company has noticed that their network performance has been slow lately. After investigating, they discover that their router is not configured properly, leading to network congestion. Which OSI layer is most likely affected by this issue?

Option 1: Application Layer Option 2: Transport Layer Option 3: Network Layer Option 4: Data Link Layer

Correct Answer: Network Layer

Q158: A hacker sends a specially crafted email with a malicious attachment to an employee of a company. Once the employee downloads and opens the attachment, malware is installed on the computer. Which TCP layer is being attacked?

Option 1: Application layer Option 2: Transport layer Option 3: Network layer Option 4: Physical layer

Correct Answer: Application layer

Q159: What is the primary purpose of using encryption at rest in cloud storage?

Option 1: To prevent unauthorized access to cloud resources Option 2: To optimize cloud resource utilization Option 3: To automate software deployment processes Option 4: To protect data stored in cloud storage from unauthorized access

Correct Answer: To protect data stored in cloud storage from unauthorized access

Q160: Which security control is used to monitor and analyze user activities and access patterns in cloud environments?

Option 1: Security information and event management (SIEM) Option 2: Intrusion detection systems (IDS) Option 3: Multi-factor authentication (MFA) Option 4: Role-based access control (RBAC)

Correct Answer: Security information and event management (SIEM)

Q161: What is the primary goal of data loss prevention (DLP) solutions in cloud environments?

Correct Answer: To monitor and control data movement within and outside the organization

Q162: What security measure can help prevent unauthorized access to cloud resources through stolen or compromised credentials?

Option 1: Intrusion detection systems (IDS) Option 2: Multi-factor authentication (MFA) Option 3: Data encryption at rest Option 4: Network segmentation

Correct Answer: Multi-factor authentication (MFA)

Q163: Which cloud service model provides the highest level of abstraction and requires the least management effort by customers?

Option 1: Infrastructure as a Service (IaaS) Option 2: Platform as a Service (PaaS) Option 3: Software as a Service (SaaS) Option 4: Function as a Service (FaaS)

Correct Answer: Software as a Service (SaaS)

Q164: What is the main advantage of using a one-time pad (OTP) encryption scheme?

Option 1: OTP encryption provides perfect secrecy Option 2: OTP encryption is computationally efficient Option 3: OTP encryption requires smaller key sizes Option 4: OTP encryption is resistant to brute-force attacks

Correct Answer: OTP encryption provides perfect secrecy

Q165: What is a key benefit of using containerization in cloud environments?

Option 1: Improved hardware utilization Option 2: Enhanced network security Option 3: Simplified application deployment Option 4: Reduced data transfer costs

Correct Answer: Simplified application deployment

Q166: Which encryption algorithm is commonly used to protect data in transit between cloud services and users' devices?

Option 1: AES (Advanced Encryption Standard) Option 2: RSA (Rivest-Shamir-Adleman) Option 3: DES (Data Encryption Standard) Option 4: MD5 (Message Digest Algorithm 5)

Correct Answer: AES (Advanced Encryption Standard)

Q167: What is the main problem with assigning static privileges to administrative users on a database?

Option 1: Security is dependent upon the login process Option 2: Administrative users may forget their privileges Option 3: Static privileges are more expensive to implement Option 4: Static privileges may not provide enough access

Correct Answer: Security is dependent upon the login process