1What is the primary purpose of establishing a Network Security Baseline?
A.To monitor network traffic in real-time for zero-day attacks
B.To define a minimum standard of security configurations that all devices must meet
C.To automatically patch all software vulnerabilities without user intervention
D.To reverse engineer malware found on the network
Correct Answer: To define a minimum standard of security configurations that all devices must meet
Explanation:A security baseline is a reference point that defines the minimum security configuration requirements (such as disabling unused ports, enforcing password complexity, etc.) for devices and systems to ensure a consistent security posture.
Incorrect! Try again.
2Which of the following actions is a critical first step when hardening a network device according to standard security baselines?
Explanation:Default factory credentials are public knowledge. Leaving them unchanged allows unauthorized access easily. Changing them is a fundamental baseline requirement.
Incorrect! Try again.
3In the context of Network Security Capability Enhancement, what is the primary difference between an IDS and an IPS?
A.IDS encrypts traffic, while IPS decrypts traffic
B.IDS is strictly software, while IPS is strictly hardware
C.IDS passively monitors and alerts, while IPS can actively block malicious traffic
D.IDS protects endpoints, while IPS protects cloud storage
Correct Answer: IDS passively monitors and alerts, while IPS can actively block malicious traffic
Explanation:An Intrusion Detection System (IDS) detects and alerts on suspicious activity. An Intrusion Prevention System (IPS) is placed inline and can actively block or drop packets that match malicious signatures.
Incorrect! Try again.
4Which security capability involves dividing a network into smaller subnetworks to limit lateral movement of attackers?
A.Network Segmentation
B.Packet Sniffing
C.Port Mirroring
D.Load Balancing
Correct Answer: Network Segmentation
Explanation:Network segmentation divides a network into smaller zones (VLANs, subnets). This limits the blast radius of an attack; if one segment is compromised, the attacker cannot easily move to other segments without passing through a firewall.
Incorrect! Try again.
5When implementing Endpoint Security, which technology is specifically designed to detect, investigate, and remediate suspicious activities on hosts and endpoints?
A.VPN (Virtual Private Network)
B.EDR (Endpoint Detection and Response)
C.WAF (Web Application Firewall)
D.NAT (Network Address Translation)
Correct Answer: EDR (Endpoint Detection and Response)
Explanation:EDR solutions record and store endpoint-system-level behaviors, use data analytics to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions.
Incorrect! Try again.
6What is the primary function of Data Loss Prevention (DLP) in an endpoint security context?
A.To prevent the hard drive from crashing
B.To prevent users from visiting social media sites
C.To identify, monitor, and protect sensitive data from leaving the endpoint unauthorizedly
D.To speed up data transfer rates between USB devices
Correct Answer: To identify, monitor, and protect sensitive data from leaving the endpoint unauthorizedly
Explanation:Endpoint DLP monitors data transfer (such as copying to USB, printing, or emailing) to ensure sensitive information (like PII or IP) does not leave the corporate environment in violation of policy.
Incorrect! Try again.
7Which of the following is a common technique used in Mobile Device Hardening to separate personal data from corporate data on a BYOD device?
A.Rooting
B.Containerization
C.Jailbreaking
D.Sideloading
Correct Answer: Containerization
Explanation:Containerization creates a secure, encrypted area on a mobile device to store corporate applications and data, isolating them from the user's personal apps and data.
Incorrect! Try again.
8In Mobile Device Management (MDM), what does the 'Remote Wipe' capability allow an administrator to do?
A.Delete all data on the device if it is lost or stolen
B.Clean the device screen remotely
C.Update the device's firmware automatically
D.Track the device's browser history
Correct Answer: Delete all data on the device if it is lost or stolen
Explanation:Remote Wipe allows administrators to send a command to a mobile device to erase all data (or just corporate data) to prevent unauthorized access if the device is lost or compromised.
Incorrect! Try again.
9Which protocol is considered a secure baseline replacement for Telnet when managing network devices?
A.HTTP
B.FTP
C.SSH
D.SNMPv1
Correct Answer: SSH
Explanation:Telnet transmits data, including passwords, in cleartext. SSH (Secure Shell) encrypts the session, providing a secure way to access a command-line interface over a network.
Incorrect! Try again.
10Which version of SNMP (Simple Network Management Protocol) should be used in a secure baseline to ensure message integrity and encryption?
A.SNMPv1
B.SNMPv2c
C.SNMPv3
D.SNMPv4
Correct Answer: SNMPv3
Explanation:SNMPv1 and SNMPv2c send community strings (passwords) in cleartext. SNMPv3 introduces cryptographic security, including authentication and encryption.
Incorrect! Try again.
11In Cloud Security Concepts, what does the 'Shared Responsibility Model' imply?
A.The cloud provider is responsible for all security aspects
B.The customer is responsible for physical security of the data center
C.Security obligations are divided between the cloud provider and the customer depending on the service model
D.Security is handled by a third-party auditor only
Correct Answer: Security obligations are divided between the cloud provider and the customer depending on the service model
Explanation:The Shared Responsibility Model dictates that the provider manages security of the cloud (infrastructure), while the customer is responsible for security in the cloud (data, configuration, access management), varying by IaaS, PaaS, or SaaS.
Incorrect! Try again.
12Which web application vulnerability involves an attacker injecting malicious scripts into content that is then served to other users?
A.SQL Injection (SQLi)
B.Cross-Site Scripting (XSS)
C.Buffer Overflow
D.Man-in-the-Middle (MitM)
Correct Answer: Cross-Site Scripting (XSS)
Explanation:XSS occurs when an application includes untrusted data in a web page without proper validation or escaping, allowing scripts to execute in the victim's browser.
Incorrect! Try again.
13What is the mathematical complexity roughly associated with a brute-force attack on a password of length using a character set of size ?
Explanation:The number of possible combinations for a password is the size of the character set raised to the power of the password length (). This highlights the importance of password length in security baselines.
Incorrect! Try again.
14Which component is essential in a Zero Trust architecture regarding network security capability?
A.Implicit trust for internal users
B.Continuous verification and authentication
C.Single perimeter firewall
D.Static access controls
Correct Answer: Continuous verification and authentication
Explanation:Zero Trust assumes no user or device is trustworthy by default, regardless of location. It requires continuous verification, strict access controls, and authentication for every access request.
Incorrect! Try again.
15To harden a Windows endpoint, which feature should be enabled to prevent unauthorized applications from running?
Explanation:Application Whitelisting (e.g., AppLocker) allows only specified, trusted applications to run, effectively preventing malware and unauthorized software execution.
Incorrect! Try again.
16Which of the following describes Geofencing in the context of Mobile Device Security?
A.Physically locking devices in a safe
B.Using GPS or RFID to define geographical boundaries where device features are enabled or disabled
C.Blocking IP addresses from foreign countries on a firewall
D.Encrypting data based on the time of day
Correct Answer: Using GPS or RFID to define geographical boundaries where device features are enabled or disabled
Explanation:Geofencing uses location services to trigger actions, such as disabling a camera or locking access to corporate data when a device leaves a designated secure area.
Incorrect! Try again.
17Which HTTP header is a security baseline used to enforce the use of HTTPS and prevent protocol downgrade attacks?
A.Access-Control-Allow-Origin
B.Strict-Transport-Security (HSTS)
C.Content-Type
D.User-Agent
Correct Answer: Strict-Transport-Security (HSTS)
Explanation:HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
Incorrect! Try again.
18What is the primary risk associated with Sideloading apps on mobile devices?
A.It drains the battery faster
B.It bypasses official app store security vetting, potentially introducing malware
C.It requires root access which voids warranty
D.It decreases network speed
Correct Answer: It bypasses official app store security vetting, potentially introducing malware
Explanation:Sideloading is installing apps from sources other than the official app store (Google Play, Apple App Store). These apps are not vetted for security and often contain malware.
Incorrect! Try again.
19Which technology is used to create a secure, encrypted tunnel over a public network, enhancing network security for remote users?
A.DHCP
B.DNS
C.VPN
D.NTP
Correct Answer: VPN
Explanation:A Virtual Private Network (VPN) encrypts data transmitted over a public network (like the Internet), ensuring confidentiality and integrity between the user and the corporate network.
Incorrect! Try again.
20In the context of Web Application Security, what does SQL Injection target?
A.The web server's operating system
B.The backend database
C.The user's browser cache
D.The network firewall
Correct Answer: The backend database
Explanation:SQL Injection allows an attacker to interfere with the queries an application makes to its database, potentially allowing them to view, modify, or delete data.
Incorrect! Try again.
21Which endpoint security concept ensures that a device complies with health policies (patch level, antivirus status) before being allowed network access?
A.NAT (Network Address Translation)
B.NAC (Network Access Control)
C.DNS (Domain Name System)
D.ARP (Address Resolution Protocol)
Correct Answer: NAC (Network Access Control)
Explanation:NAC solutions inspect the device's posture (health) before granting network access. If the device fails the check (e.g., outdated AV), it is quarantined.
Incorrect! Try again.
22What is the purpose of Full Disk Encryption (FDE) on an endpoint?
A.To encrypt network traffic
B.To prevent the OS from booting
C.To protect data at rest if the device is stolen
D.To hide the IP address
Correct Answer: To protect data at rest if the device is stolen
Explanation:FDE encrypts the entire hard drive. Without the decryption key (password/TPM), the data is unreadable, protecting it if the physical device is lost or stolen.
Incorrect! Try again.
23Which cloud service model involves the provider managing the infrastructure and the operating system, while the customer manages the applications and data?
A.IaaS (Infrastructure as a Service)
B.PaaS (Platform as a Service)
C.SaaS (Software as a Service)
D.DaaS (Desktop as a Service)
Correct Answer: PaaS (Platform as a Service)
Explanation:In PaaS, the vendor provides the hardware and the software platform (OS, runtime, middleware). The customer focuses on developing and managing the applications.
Incorrect! Try again.
24What is a CASB (Cloud Access Security Broker)?
A.A firewall used specifically for databases
B.A software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure
C.A protocol used for encrypting email
D.A physical lock for server racks
Correct Answer: A software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure
Explanation:CASBs act as a gatekeeper, allowing the organization to extend security policies (authentication, logging, encryption) beyond their own infrastructure to the cloud services they use.
Incorrect! Try again.
25In network security baselines, what is the concept of 'Disable Unnecessary Services'?
A.Turning off the internet at night
B.Disabling services, ports, and protocols that are not required for the system's function to reduce the attack surface
C.Removing the antivirus software to save memory
D.Disabling user accounts after 5 PM
Correct Answer: Disabling services, ports, and protocols that are not required for the system's function to reduce the attack surface
Explanation:Every running service or open port is a potential entry point for an attacker. Disabling those that are not strictly needed minimizes the attack surface.
Incorrect! Try again.
26Which of the following is a secure file transfer protocol baseline?
A.TFTP
B.FTP
C.SFTP
D.HTTP
Correct Answer: SFTP
Explanation:SFTP (SSH File Transfer Protocol) transfers files over a secure SSH connection, providing encryption for both commands and data. TFTP and FTP send data in cleartext.
Incorrect! Try again.
27What is Jailbreaking in the context of iOS mobile devices?
A.Removing restrictions imposed by the manufacturer to allow root access
B.Stealing the device from a secure facility
C.Breaking the screen physically
D.Cracking the passcode via brute force
Correct Answer: Removing restrictions imposed by the manufacturer to allow root access
Explanation:Jailbreaking is the process of removing software restrictions on iOS devices, allowing the installation of unauthorized software and deeper system modification, which significantly lowers security.
Incorrect! Try again.
28Which web security concept protects against CSRF (Cross-Site Request Forgery)?
Correct Answer: Using anti-forgery tokens (synchronizer token pattern)
Explanation:CSRF tokens ensure that the request sent to the server originated from the application's own form and not from a malicious script on another site.
Incorrect! Try again.
29In a secure network baseline, what is the role of an ACL (Access Control List) on a router?
A.To encrypt the routing table
B.To define rules that permit or deny traffic based on IP addresses and ports
C.To increase the speed of packet switching
D.To store user passwords
Correct Answer: To define rules that permit or deny traffic based on IP addresses and ports
Explanation:ACLs are filters used on routers and firewalls to control traffic flow, allowing or denying packets based on criteria like source/destination IP, protocol, and port numbers.
Incorrect! Try again.
30Which Endpoint Security mechanism relies on a database of known malware file hashes?
A.Heuristic analysis
B.Signature-based detection
C.Behavioral analysis
D.Sandboxing
Correct Answer: Signature-based detection
Explanation:Signature-based detection compares the contents of a file against a database of known virus signatures (specific patterns or hashes).
Incorrect! Try again.
31What is the security advantage of using WPA3 over WPA2 in wireless network baselines?
A.It uses shorter passwords
B.It supports older hardware only
C.It provides stronger encryption (SAE) and protection against offline dictionary attacks
D.It removes the need for encryption
Correct Answer: It provides stronger encryption (SAE) and protection against offline dictionary attacks
Explanation:WPA3 introduces Simultaneous Authentication of Equals (SAE), which replaces the Pre-Shared Key exchange, making it much harder to crack passwords via offline dictionary attacks.
Incorrect! Try again.
32In application security, what is Input Validation?
A.Checking that the user has paid for the software
B.Verifying that data entered by a user meets expected formats and constraints before processing
C.Validating the hardware components of the server
D.Checking the network speed
Correct Answer: Verifying that data entered by a user meets expected formats and constraints before processing
Explanation:Input validation ensures that input is properly formed (e.g., is a number, fits a length limit). It is the primary defense against injection attacks like SQLi and XSS.
Incorrect! Try again.
33What is the purpose of a DMZ (Demilitarized Zone) in network architecture?
A.To store all sensitive internal data
B.To host public-facing services (like web servers) while isolating them from the internal LAN
C.To bypass the firewall entirely
D.To connect to the dark web
Correct Answer: To host public-facing services (like web servers) while isolating them from the internal LAN
Explanation:A DMZ acts as a buffer zone. If a public-facing server in the DMZ is compromised, the attacker still has to bypass another firewall to get to the internal network.
Incorrect! Try again.
34Which term describes software that manages mobile devices, applications, and content from a central console?
A.UEM (Unified Endpoint Management)
B.BIOS
C.UEFI
D.Kernel
Correct Answer: UEM (Unified Endpoint Management)
Explanation:UEM is an evolution of MDM and EMM, providing a single console to manage mobile devices, desktops, and IoT devices, handling applications, content, and security configurations.
Incorrect! Try again.
35Why is Port Security used on network switches?
A.To physically lock the cables to the switch
B.To limit the number of MAC addresses allowed on a single port to prevent unauthorized device connection
C.To speed up the switching process
D.To encrypt data at the data link layer
Correct Answer: To limit the number of MAC addresses allowed on a single port to prevent unauthorized device connection
Explanation:Port security restricts input to an interface by limiting and identifying the MAC addresses of the stations allowed to access the port, preventing rogue devices from connecting.
Incorrect! Try again.
36Which protocol is the secure standard for email retrieval that supports encryption?
A.POP3 (Port 110)
B.IMAP (Port 143)
C.IMAPS (Port 993)
D.SMTP (Port 25)
Correct Answer: IMAPS (Port 993)
Explanation:IMAPS is IMAP over SSL/TLS. It encrypts the email retrieval process. Standard POP3 and IMAP transmit in cleartext.
Incorrect! Try again.
37Which tool is commonly used to aggregate logs from various network devices and endpoints to identify security incidents?
A.SIEM (Security Information and Event Management)
B.Antivirus
C.Load Balancer
D.Hypervisor
Correct Answer: SIEM (Security Information and Event Management)
Explanation:A SIEM system collects, normalizes, and analyzes log data from across the IT infrastructure to provide real-time monitoring and threat detection.
Incorrect! Try again.
38What represents the 'Principle of Least Privilege' when configuring endpoint user accounts?
A.Giving all users Administrator rights to reduce helpdesk calls
B.Granting users only the minimum access rights necessary to perform their job functions
C.Disabling all user accounts
D.Allowing users to install any software they want
Correct Answer: Granting users only the minimum access rights necessary to perform their job functions
Explanation:Least Privilege limits the potential damage an accidental or malicious action can cause by ensuring users operate with the lowest level of permissions needed.
Incorrect! Try again.
39In cloud security, what is a WAF (Web Application Firewall) designed to do?
A.Filter traffic based on MAC addresses
B.Protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet
C.Encrypt the database storage
D.Manage user identities in the cloud
Correct Answer: Protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet
Explanation:A WAF protects against web-specific attacks like SQL injection, XSS, and file inclusion, operating at Layer 7 of the OSI model.
Incorrect! Try again.
40If a firewall rule is defined as , what happens to a packet where and ?
A.It is allowed
B.It is denied (assuming implicit deny)
C.It is routed to the DMZ
D.It is encrypted
Correct Answer: It is denied (assuming implicit deny)
Explanation:Firewalls operate on a logic where if traffic does not match an 'Allow' rule, it is caught by the implicit 'Deny All' rule at the bottom of the list. Since Port 22 does not match Port 80, the condition is false.
Incorrect! Try again.
41Which of the following is a risk of BYOD (Bring Your Own Device) policies?
A.Reduced hardware costs for the company
B.Commingling of corporate and personal data making data leakage more likely
C.Employees are more comfortable with their own devices
D.Faster technology upgrades
Correct Answer: Commingling of corporate and personal data making data leakage more likely
Explanation:BYOD introduces risks regarding data ownership, the lack of control over the device's security posture, and the potential for corporate data to be leaked through personal apps.
Incorrect! Try again.
42What is the purpose of Patch Management in endpoint security?
A.To physically repair broken cables
B.To apply updates to software and OS to fix known vulnerabilities
C.To manage the color scheme of the desktop
D.To monitor employee productivity
Correct Answer: To apply updates to software and OS to fix known vulnerabilities
Explanation:Patch management is the process of acquiring, testing, and installing code changes (patches) to fix security holes (vulnerabilities) in software.
Incorrect! Try again.
43Which wireless security protocol is considered obsolete and easily cracked due to Initialization Vector (IV) collisions?
A.WPA2-AES
B.WPA3
C.WEP
D.WPA-TKIP
Correct Answer: WEP
Explanation:WEP (Wired Equivalent Privacy) has severe cryptographic flaws (short IVs, static keys) and can be cracked in minutes. It should never be used in a security baseline.
Incorrect! Try again.
44In a SaaS (Software as a Service) environment, who is responsible for patching the application software?
A.The Customer
B.The Cloud Provider
C.The Internet Service Provider (ISP)
D.The End User
Correct Answer: The Cloud Provider
Explanation:In SaaS (e.g., Salesforce, Gmail), the provider manages the entire stack, including the application code and its updates/patches.
Incorrect! Try again.
45Which application security testing method involves analyzing the source code without executing it?
Explanation:SAST (White-box testing) analyzes source code, bytecode, or binaries for security vulnerabilities while the application is in a non-running state.
Incorrect! Try again.
46What is MAM (Mobile Application Management) primarily focused on?
A.Controlling the entire device settings
B.Managing and securing specific corporate apps and data without controlling the whole device
C.Replacing the mobile OS
D.Tracking the user's location 24/7
Correct Answer: Managing and securing specific corporate apps and data without controlling the whole device
Explanation:MAM focuses on the application layer. It allows IT to enforce policies (encryption, cut/paste restrictions) on specific business apps, which is ideal for BYOD.
Incorrect! Try again.
47Which network device capability hides internal IP addresses from the public internet?
A.Switching
B.NAT (Network Address Translation)
C.Repeater
D.Bridge
Correct Answer: NAT (Network Address Translation)
Explanation:NAT maps private local IP addresses to a public IP address. This conserves IPv4 addresses and adds a layer of security by obscuring internal network structure.
Incorrect! Try again.
48What does OWASP stand for?
A.Official Web Application Security Protocol
B.Open Web Application Security Project
C.Online Web Access Security Policy
D.Operational Wide Application System Protection
Correct Answer: Open Web Application Security Project
Explanation:OWASP is a non-profit foundation that works to improve the security of software, famously producing the 'OWASP Top 10' list of web vulnerabilities.
Incorrect! Try again.
49Which of the following is a Physical Security baseline for network equipment?
A.Disabling SSID broadcasting
B.Locking server rooms and wiring closets
C.Using strong passwords
D.Implementing a firewall
Correct Answer: Locking server rooms and wiring closets
Explanation:If an attacker has physical access to a device, software controls can often be bypassed (e.g., password resets via jumpers). Physical security is a foundational baseline.
Incorrect! Try again.
50In the context of Host-Based Intrusion Prevention (HIPS), what is Heuristic Analysis?
A.Matching file hashes exactly
B.Scanning for code execution patterns and behaviors that indicate malware, even if the signature is unknown
C.Asking the user if a file is safe
D.Checking the file creation date
Correct Answer: Scanning for code execution patterns and behaviors that indicate malware, even if the signature is unknown
Explanation:Heuristics allow security software to detect new, previously unknown malware (zero-day) by analyzing code logic and behavior rather than relying solely on exact signature matches.
Incorrect! Try again.
Give Feedback
Help us improve by sharing your thoughts or reporting issues.