YF Consulting - Cyber Security

Question 1: What is the primary goal of Threat Hunting?

A. To wait for alerts from security tools. B. To respond to confirmed security incidents. C. To proactively search for threats undetected by automated systems. D. To patch known vulnerabilities.

Question 2: Which of the following is NOT a common phase in the Cyber Kill Chain?

A. Reconnaissance B. Weaponization C. Monetization D. Action on Objectives

Question 3: What does MITRE ATT&CK stand for?

A. Mitigated Threat Response & Evaluation Attack Classification Kit B. Adversarial Tactics, Techniques, and Common Knowledge C. Malware Information Threat Research & Exploitation Attack Knowledgebase D. Multiple Integrated Threat Response & Attack Correlation Kit

Question 4: What is a "Zero-Day" vulnerability?

A. A vulnerability for which the vendor has released a patch today. B. A vulnerability that has been known for zero days. C. A vulnerability with zero impact. D. A newly discovered vulnerability that attackers can exploit before a patch is available.

Question 5: Which of the following best describes "Indicators of Compromise" (IOCs)?

A. Security policies designed to prevent compromise. B. Best practices for securing a network. C. Artifacts observed on a network or operating system that indicate a computer intrusion. D. Tools used by attackers to compromise systems.

Question 6: What is the primary function of a Security Information and Event Management (SIEM) system?

A. To centralize and analyze security logs and events. B. To manage user access controls. C. To encrypt sensitive data. D. To scan for network vulnerabilities.

Question 7: What is "Phishing"?

A. An attempt to trick individuals into revealing sensitive information, often via email. B. A technique to identify open network ports. C. The process of analyzing network traffic. D. A type of malware that encrypts files.

Question 8: What is a "Distributed Denial of Service" (DDoS) attack?

A. An attack that steals data from a server. B. An attack that installs malware on a computer. C. An attack that attempts to make an online service unavailable by overwhelming it with traffic from multiple sources. D. An attack that modifies website content.

Question 9: What is the principle of "Least Privilege"?

A. Limiting network bandwidth for less important users. B. Granting users only the minimum access rights necessary to perform their job functions. C. Giving users all necessary privileges. D. Providing temporary administrative access to all users.

Question 10: Which cryptographic technique ensures data confidentiality?

A. Non-repudiation B. Digital Signatures C. Hashing D. Encryption

Question 11: What is the purpose of a Firewall?

A. To monitor employee internet usage. B. To prevent unauthorized access to or from a private network. C. To scan for viruses on endpoints. D. To backup data.

Question 12: What is the most common use of a Virtual Private Network (VPN)?

A. To host web servers. B. To improve Wi-Fi signal strength. C. To create a secure connection over a less secure network like the internet. D. To block advertisements.

Question 13: What is "Social Engineering"?

A. Developing social media applications. B. Automating social interactions. C. The psychological manipulation of people into performing actions or divulging confidential information. D. Designing user interfaces for social platforms.

Question 14: Which attack attempts to execute malicious code by injecting it into input fields?

A. Brute Force Attack B. DDoS Attack C. Phishing Attack D. SQL Injection

Question 15: What is the primary purpose of a "Security Incident Response Plan"?

A. To purchase new security software. B. To prevent all security incidents. C. To define procedures for detecting, responding to, and recovering from security incidents. D. To train employees on cybersecurity awareness.

Question 16: What is a "Buffer Overflow" attack?

A. Flooding a network with too much data. B. Overloading a CPU with too many processes. C. Overwriting a buffer's boundary and corrupting adjacent memory locations. D. Filling a hard drive with unnecessary files.

Question 17: Which term describes the process of converting data into a secret code to hide its information?

A. Hashing B. Decryption C. Encryption D. Encoding

Question 18: What is "Malware"?

A. Operating system utilities. B. Software designed for system optimization. C. Any software intentionally designed to cause damage to a computer, server, client, or computer network. D. Network monitoring tools.

Question 19: Which security concept involves authenticating users multiple times during a session?

A. Multi-Factor Authentication (MFA) B. Continuous Authentication C. Single Sign-On (SSO) D. Biometric Authentication

Question 20: What is the primary defense against a "Brute Force" attack?

A. Using public Wi-Fi. B. Disabling antivirus software. C. Strong, complex passwords and account lockout policies. D. Sharing credentials with trusted colleagues.

Question 21: Which type of malware records user keystrokes?

A. Keylogger B. Ransomware C. Adware D. Spyware (general)

Question 22: What is the role of a honeypot in cybersecurity?

A. To store encrypted data. B. To provide a secure browsing environment. C. To detect, deflect, or study attempts at unauthorized access to information systems. D. To distribute software updates.

Question 23: What is "Penetration Testing"?

A. Training employees on security awareness. B. Developing new security software. C. A simulated cyberattack against your computer system to check for exploitable vulnerabilities. D. Monitoring network traffic for anomalies.

Question 24: What is the primary purpose of Multi-Factor Authentication (MFA)?

A. To replace passwords entirely. B. To add an extra layer of security to the authentication process. C. To speed up the login process. D. To provide a single sign-on experience.

Question 25: Which framework provides guidance on improving critical infrastructure cybersecurity?

A. ITIL B. ISO 9001 C. Agile Methodology D. NIST Cybersecurity Framework

Question 26: What is a "Man-in-the-Middle" (MitM) attack?

A. An attack against a single user's device. B. An attack that manipulates a database. C. An attack where an attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating. D. An attack that requires physical presence to execute.

Question 27: What is the main goal of "Data Loss Prevention" (DLP) solutions?

A. To prevent hardware failure. B. To encrypt all data on a network. C. To ensure that sensitive data is not lost, misused, or accessed by unauthorized users. D. To recover lost files.

Question 28: What is "Vulnerability Scanning"?

A. Exploiting vulnerabilities to gain access. B. Patching software to remove vulnerabilities. C. A process of identifying security weaknesses in a computer system or network. D. Developing secure code.

Question 29: What is "Endpoint Detection and Response" (EDR)?

A. A cloud security platform. B. A data backup service. C. A system that monitors and responds to threats on end-user devices (endpoints). D. A network firewall solution.

Question 30: What is the purpose of "Hashing" in cybersecurity?

A. To transmit data securely. B. To encrypt data for confidentiality. C. To verify data integrity and authenticity. D. To compress file sizes.

Question 31: Which type of attack involves tricking a web browser into executing malicious scripts?

A. SQL Injection B. Brute Force Attack C. Cross-Site Scripting (XSS) D. DDoS Attack

Question 32: What is the primary benefit of "Security Awareness Training"?

A. To replace all security software. B. To educate employees about security risks and best practices, making them the first line of defense. C. To automate security operations. D. To develop new security policies.

Question 33: What is "Ransomware"?

A. A tool for secure file sharing. B. Software that optimizes system performance. C. Malware that encrypts a victim's files, demanding a ransom payment for decryption. D. An application for managing passwords.

Question 34: What is the role of a "Demilitarized Zone" (DMZ) in network security?

A. To manage user authentication. B. To completely isolate internal networks from external networks. C. To store highly sensitive internal data. D. To provide an additional layer of security for public-facing servers, acting as a buffer between the internal network and the internet.

Question 35: Which protocol is used for secure web browsing?

A. SMTP B. FTP C. HTTPS D. HTTP

Question 36: What is a "Rootkit"?

A. A system recovery tool. B. A utility for managing system root directories. C. A collection of malicious software designed to enable access to a computer or an area of its software that is not otherwise allowed. D. Software for secure system booting.

Question 37: What is the "Confidentiality, Integrity, Availability" (CIA) triad?

A. A set of rules for data encryption. B. A framework for software development. C. A model designed to guide policies for information security within an organization. D. A method for physical security.

Question 38: What is "Tokenization" in data security?

A. The process of converting sensitive data into non-sensitive placeholders called tokens. B. Using hardware tokens for authentication. C. Encrypting data with a complex algorithm. D. Storing data in a secure database.

Question 39: What is "Business Continuity Planning" (BCP)?

A. A plan to grow business revenue. B. A strategy for marketing products. C. The process of creating systems of prevention and recovery to deal with potential threats to a company. D. A method for employee training.

Question 40: Which attack exploits vulnerabilities in web applications to bypass security controls?

A. DDoS B. Phishing C. SQL Injection D. Eavesdropping

Question 41: What is "Zero Trust" security?

A. A system that trusts all external connections. B. A policy that limits the number of trusted users. C. A security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are inside or outside the network perimeter. D. A model that trusts all internal network traffic implicitly.

Question 42: What is the primary purpose of a "Web Application Firewall" (WAF)?

A. To protect against network-level DDoS attacks. B. To encrypt web traffic. C. To manage content delivery for websites. D. To protect web applications from various attacks such as SQL injection, XSS, and CSRF.

Question 43: Which principle dictates that security controls should be layered and redundant?

A. Least Privilege B. Defense in Depth C. Single Point of Failure D. Separation of Duties

Question 44: What is a "Side-Channel Attack"?

A. An attack that bypasses network firewalls. B. An attack that modifies data in transit. C. An attack based on information gained from the physical implementation of a computer system, rather than theoretical weaknesses in the algorithms. D. An attack that exploits vulnerabilities in network protocols.

Question 45: What is "Patch Management"?

A. Developing new software patches. B. The process of identifying, acquiring, testing, and applying changes or fixes to computer software. C. Managing physical security patches. D. Creating backup copies of system files.

Question 46: What is a "Threat Actor"?

A. A security vulnerability. B. A piece of malicious software. C. An individual or group that poses a threat to information systems and assets. D. A security defense mechanism.

Question 47: Which of the following is an example of a physical security control?

A. Encryption B. Firewall C. Biometric access system D. Antivirus software

Question 48: What is "Incident Response"?

A. Preventing all security breaches. B. Developing new security tools. C. Training users on security best practices. D. The organized approach to addressing and managing the aftermath of a security breach or cyberattack.

Question 49: What is the primary purpose of "Security Auditing"?

A. To provide immediate incident response. B. To assess the effectiveness of an organization's security controls and compliance with policies. C. To install new security software. D. To exploit vulnerabilities.

Question 50: What is a "Botnet"?

A. A type of artificial intelligence. B. A network of private computers infected with malicious software and controlled as a group without the owners' knowledge. C. A secure chat application. D. An automated system for software deployment.

Question 51: Which attack targets an individual or organization with highly customized phishing emails?

A. Vishing B. Mass Phishing C. Spear Phishing D. Smishing

Question 52: What is the purpose of "Intrusion Detection Systems" (IDS)?

A. To encrypt all network traffic. B. To authenticate user access. C. To monitor network or system activities for malicious activity or policy violations and produce reports. D. To prevent all network intrusions.

Question 53: What is "Supply Chain Attack"?

A. An attack that physically disrupts logistics. B. An attack that targets a company's financial supply chain. C. A cyberattack that seeks to damage an organization by targeting less secure elements in the supply network. D. An attack that focuses on stealing inventory.

Question 54: Which concept ensures that a system remains operational even if some components fail?

A. Disaster Recovery B. Redundancy C. High Availability D. Single Point of Failure

Question 55: What is "Data Encryption at Rest"?

A. Encrypting data during processing. B. Encrypting data that is stored on a physical medium (e.g., hard drive, USB drive). C. Encrypting data as it is being transmitted. D. Encrypting data in memory.

Question 56: What is a "Logic Bomb"?

A. A program that checks for logical errors. B. A type of malware that self-replicates. C. A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. D. An attack that exploits logical flaws in an application.

Question 57: What is "Threat Intelligence"?

A. A list of known malware signatures. B. Raw data about potential threats. C. Processed, enriched, and analyzed information about potential or actual threats to an organization. D. Automated threat detection tools.

Question 58: Which of the following is crucial for "Digital Forensics"?

A. Restoring systems to a previous state immediately. B. Preventing data modification during investigation. C. Modifying system logs to hide evidence. D. Using automated tools for all analysis.

Question 59: What is "Security Information and Event Management" (SIEM)?

A. A centralized platform for collecting, analyzing, and reporting on security events and logs from various sources. B. A system for managing physical security. C. A service for cloud security. D. A tool for vulnerability scanning.

Question 60: What is a "Vulnerability Assessment"?

A. Fixing security flaws immediately. B. The process of identifying, quantifying, and prioritizing the vulnerabilities in a system. C. Developing secure software from scratch. D. Exploiting vulnerabilities in a system.

Question 61: Which term refers to the unauthorized acquisition of sensitive data by a third party?

A. Data Archiving B. Data Encryption C. Data Breach D. Data Backup

Question 62: What is "Risk Management" in cybersecurity?

A. Eliminating all risks entirely. B. Only focusing on immediate threats. C. The process of identifying, assessing, and controlling threats to an organization's capital and earnings. D. Transferring all risks to insurance companies.

Question 63: What is "Endpoint Protection Platform" (EPP)?

A. A cloud access security broker. B. A network-based intrusion prevention system. C. A suite of security software that prevents file-based malware attacks, detects malicious activity, and provides the investigation and remediation capabilities needed to respond to dynamic security incidents. D. A tool for website traffic analysis.

Question 64: Which term describes the process of making sure data has not been altered or destroyed in an unauthorized manner?

A. Availability B. Non-repudiation C. Confidentiality D. Integrity

Question 65: What is a "Spear Phishing" attack?

A. A random attack targeting many users. B. An attack using phone calls. C. A targeted phishing attempt that appears to come from a trusted sender to a specific individual or organization. D. An attack targeting senior executives only.

Question 66: What is the primary function of "Security Orchestration, Automation, and Response" (SOAR)?

A. To replace human security analysts entirely. B. To only collect security logs. C. To automate and streamline security operations, incident response, and threat management tasks. D. To manually respond to all security alerts.

Question 67: What is "Cloud Security"?

A. Securing only the endpoints. B. Securing local network infrastructure. C. Protecting data, applications, and infrastructure involved in cloud computing. D. Physical security for cloud data centers.

Question 68: Which attack involves an attacker gaining initial access to a low-privilege system and then escalating their privileges?

A. Exfiltration B. Privilege Escalation C. Lateral Movement D. Reconnaissance

Question 69: What is "Security Operations Center" (SOC)?

A. A department for software development. B. A data storage facility. C. A centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization's security posture. D. A customer support center.

Question 70: What is the main goal of "Threat Modeling"?

A. To perform penetration tests automatically. B. To respond to active security incidents. C. To identify potential threats and vulnerabilities in a system or application and determine appropriate mitigations. D. To develop new threat intelligence feeds.

Question 71: What is "Information Governance"?

A. Focusing solely on legal compliance. B. Automated data backup solutions. C. The overall management of the availability, usability, integrity, and security of data and information in an enterprise. D. Managing public relations for an organization.

Question 72: What is a "Cross-Site Request Forgery" (CSRF) attack?

A. An attack that steals user session cookies. B. An attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. C. An attack where an attacker tricks a web browser into executing malicious scripts. D. An attack that exploits vulnerabilities in HTTP headers.

Question 73: What is "Intrusion Prevention System" (IPS)?

A. A system that only detects malicious activity. B. A network security device that monitors network and/or system activities for malicious activity and takes action to prevent it. C. A tool for vulnerability scanning. D. A service for managing user accounts.

Question 74: What is "Cryptocurrency Mining Malware"?

A. Software for legitimate cryptocurrency trading. B. Malware that steals cryptocurrencies. C. Malware that uses a victim's computer resources to mine cryptocurrencies without their consent. D. A tool for secure cryptocurrency storage.

Question 75: What is "Security Architecture"?

A. The physical layout of security equipment. B. The design of security systems and processes to protect an organization's assets. C. A set of security policies and procedures. D. The software used for security monitoring.

Question 76: Which attack vector typically exploits human vulnerabilities rather than technical ones?

A. Buffer Overflow B. DDoS C. SQL Injection D. Social Engineering

Question 77: What is "Identity and Access Management" (IAM)?

A. A system for managing network devices. B. A tool for physical security. C. A framework of policies and technologies to ensure that the proper people and machines have the appropriate access to technology resources. D. A service for data backup.

Question 78: What is "Security Information Sharing"?

A. Publicly disclosing all security vulnerabilities. B. Internal communication of security policies only. C. The exchange of cybersecurity threat data, intelligence, and best practices among organizations. D. Sharing sensitive company information with competitors.

Question 79: What is "Software Defined Networking" (SDN) security?

A. Security for traditional hardware-based networks. B. Security for mobile applications. C. Applying security controls and policies within a software-defined network architecture. D. Automated patching of operating systems.

Question 80: Which regulation focuses on protecting personal data and privacy in the European Union?

A. HIPAA B. SOX C. GDPR D. PCI DSS

Question 81: What is "Automated Threat Response"?

A. Manual intervention for every security alert. B. Training AI models for threat detection. C. Systems that automatically take action to mitigate threats upon detection, without human intervention. D. Only reporting threats, not acting on them.

Question 82: What is "Security Policy"?

A. A piece of security software. B. A technical configuration guide. C. A formal statement of the rules that all people using an organization's information systems must follow. D. A set of emergency response procedures.

Question 83: What is "Container Security"?

A. Security for virtual machines only. B. Data encryption for storage arrays. C. Protecting containerized applications and their underlying infrastructure throughout their lifecycle. D. Physical security for shipping containers.

Question 84: What is "DevSecOps"?

A. Integrating security practices and considerations into every phase of the software development lifecycle. B. Developing security software in isolation. C. A methodology focused only on incident response. D. Outsourcing all security operations.

Question 85: Which attack involves impersonating a legitimate website or service to trick users into revealing credentials?

A. Rootkit B. Pharming C. DDoS Attack D. Buffer Overflow

Question 86: What is "Security Event Management" (SEM)?

A. Forensic analysis after an incident. B. Managing security awareness training. C. The real-time monitoring and correlation of security events. D. Developing new security policies.

Question 87: What is a "Trusted Platform Module" (TPM)?

A. A network card for secure communication. B. A software-only encryption solution. C. A secure cryptoprocessor that stores cryptographic keys and performs cryptographic operations in a hardware-isolated environment. D. A type of secure hard drive.

Question 88: What is "Data Exfiltration"?

A. Backing up data to an external drive. B. Deleting old data to free up space. C. The unauthorized transfer of data from a computer or network. D. Encrypting data before storage.

Question 89: What is the primary benefit of "Endpoint Detection and Response" (EDR) over traditional antivirus?

A. EDR only works on servers, not workstations. B. EDR does not require updates. C. EDR provides continuous monitoring, threat hunting, and automated response capabilities, whereas antivirus is primarily signature-based prevention. D. EDR is cheaper to implement.

Question 90: Which security principle aims to prevent a single person from completing all critical tasks to prevent fraud or error?

A. Least Privilege B. Separation of Duties C. Defense in Depth D. Need to Know

Question 91: What is "Vishing"?

A. Phishing via text message. B. Phishing via social media. C. Phishing conducted over the phone with voice technology. D. Phishing via email.

Question 92: What is "Cyber Resilience"?

A. Relying solely on automated security tools. B. The ability of an organization to withstand, recover from, and adapt to adverse cyber events. C. The ability to completely prevent all cyberattacks. D. Continuously increasing security spending.

Question 93: What is "Malicious Redirect"?

A. A method for load balancing web servers. B. A technique for improving website SEO. C. An attack that automatically sends users to an unintended, often malicious, website. D. Redirecting legitimate web traffic to a different page on the same site.

Question 94: What is "Secure Coding Practices"?

A. Only applying security measures after software deployment. B. Writing code as quickly as possible without security checks. C. Developing software with security as a primary consideration to prevent vulnerabilities. D. Using open-source libraries without vetting.

Question 95: What is "Security Patch"?

A. A new feature for software. B. A physical security device. C. A software update designed to fix a security vulnerability or bug. D. A tool for system backup.

Question 96: What is "Insider Threat"?

A. A cyberattack from an external organized group. B. A security risk that originates from within the organization, often from current or former employees, contractors, or business associates. C. A threat from software vulnerabilities. D. A threat from natural disasters.

Question 97: What is "Digital Rights Management" (DRM)?

A. Managing user permissions in an operating system. B. Technologies used to control access to copyrighted material and prevent unauthorized copying and distribution. C. A system for digital content creation. D. Managing physical access to data centers.

Question 98: What is "Biometric Authentication"?

A. Authentication using smart cards. B. Authentication based on unique biological characteristics (e.g., fingerprints, facial recognition). C. Authentication using only passwords. D. Authentication using a one-time code.

Question 99: What is a "Trusted Platform Module" (TPM)?

A. A network segment for untrusted applications. B. A virtual machine without any security features. C. An environment for testing insecure software. D. A secure cryptoprocessor that stores cryptographic keys and performs cryptographic operations in a hardware-isolated environment.

Question 100: What is the main principle behind "Privacy by Design"?

A. Adding privacy features after a system is developed. B. Integrating privacy protections into the design and operation of information systems and business practices from the outset. C. Outsourcing all privacy compliance. D. Focusing only on legal compliance for privacy.