Week 1

Introduction to Operating systems: Architectures of Windows and

Linux

1. What is the primary function of the kernel in an operating system?

a) User interface management
b) File management
c) Hardware abstraction and resource management
d) Internet browsing

2. Which Linux component is responsible for starting the system and loading the
kernel?
a) init
b) GRUB
c) systemd
d) BIOS

3. What is the primary user interface for managing les and applications in Windows?
a) Command Line Interface (CLI)
b) GNOME
c) Start Menu and File Explorer
d) X Window System

4. What type of kernel architecture does Windows use?

a) Monolithic kernel
b) Modular kernel
c) Microkernel
d) Hybrid kernel
5. In Windows architecture, what is the name of the layer that interacts directly with
the hardware?
a) Application layer
b) User layer
c) Kernel mode
d) User mode

6. What is the purpose of the Windows Registry?

a) To manage hardware drivers
b) To store system con gurations and settings
c) To control user access
d) To provide a command-line interface

7. In Linux, what is the primary purpose of the sudo command?

a) To list les and directories
b) To change le permissions
c) To execute commands with superuser privileges
d) To display disk usage

8. What is the name of the default text editor in most Windows installations?
a) Nano
b) Vim
c) Notepad
d) Emacs

Secure con guration and Registry Manipulation , Windows Device

Con guration

9. Which command-line tool is used to edit the Windows Registry?

a) regedit
b) mscon g
c) gpedit
d) services.msc

10. What type of data can be stored in Windows Registry keys?

a) String values, binary values, and DWORD values
b) Only string values
c) Only binary values
d) Only numerical values

11. Which Registry hive contains information about the currently logged-in user?
a) HKEY_CLASSES_ROOT
b) HKEY_CURRENT_USER
c) HKEY_LOCAL_MACHINE
d) HKEY_USERS

12. Which of the following is a best practice for secure con guration in Windows?
a) Using complex passwords
b) Disabling unused services
c) Keeping the system and software updated
d) All of the above

13. Which Windows tool provides detailed information about hardware and software
resources on your computer?
a) Device Manager
b) System Information (msinfo32)
c) Control Panel
d) Task Manager
14. What is the function of the Windows Update service?
a) To manage user accounts
b) To keep the operating system and installed software up to date with the latest
patches and updates
c) To monitor system performance
d) To manage network connections

Security Features of Windows OS, Group Policy Management

15 . What is the primary purpose of Windows Defender in Windows OS?

a) Managing user accounts
b) Protecting the system from malware and viruses
c) Monitoring system performance
d) Managing network connections

16 . What is the purpose of User Account Control (UAC) in Windows OS?

a) To manage user passwords
b) To prevent unauthorized changes to the system by prompting for administrator
approval
c) To back up the system
d) To monitor network activity

17 . Which Windows feature helps to detect and block potentially harmful software by
comparing les against a database of known threats?
a) Windows Defender Antivirus
b) Windows Update
c) Task Scheduler
d) Device Manager

18. In Group Policy, what does the term "GPO" stand for?
a) Group Policy Options
b) General Policy Object
c) Group Policy Object
d) Global Policy Organization

19 . What is the purpose of the "gpupdate" command in Windows?

a) To update device drivers
b) To apply recent changes made to Group Policies immediately
c) To check for Windows updates
d) To manage user accounts

Application Security, Patch Management

20. What is the primary purpose of applying security patches to applications?

a) To add new features
b) To x security vulnerabilities and protect against threats
c) To increase the speed of the application
d) To change the user interface

21. Which of the following is a common source for application patches?

a) The application's of cial website
b) User forums
c) Social media
d) Third-party blogs

22. What is the potential risk of not applying security patches to applications?
a) Reduced application performance
b) Increased user satisfaction
c) Exposure to security vulnerabilities and potential attacks
d) Improved system stability

23. Which tool in Windows OS is commonly used to manage and apply updates to
Microsoft applications?
a) Device Manager
b) Task Manager
c) Windows Update
d) Control Panel

24. In a corporate environment, who is typically responsible for managing the

application of security patches?
a) End users
b) IT administrators
c) Marketing team
d) Sales team

25. What is a "zero-day" vulnerability?

a) A vulnerability that is publicly known before a patch is available
b) A vulnerability that has been patched
c) A non-critical vulnerability
d) A performance issue

26. Which of the following is a bene t of maintaining an up-to-date patch

management process?
a) Increased vulnerability to attacks
b) Improved security and compliance
c) Decreased system performance
d) Increased system downtime
Auditing of Desktop and Server Systems (Windows) , User Group Management
and Active Directory

27. What is the primary purpose of auditing in Windows desktop and server systems?
a) To manage network connections
b) To monitor user activities and system events
c) To create new user accounts
d) To update device drivers

28. What type of events can be audited in Windows Event Viewer?

a) Only user login events
b) System startup events
c) File access events
d) All of the above

29. How can administrators view audit logs in Windows?

a) Using Device Manager
b) Using Task Manager
c) Using Event Viewer
d) Using Control Panel

30. What is a common reason for auditing user activities in Windows?

a) To improve system performance
b) To track unauthorized access attempts
c) To manage software licenses
d) To con gure rewall settings

31. What is Active Directory (AD) in a Windows environment?

a) A database that stores information about network resources and users
b) A web browser
c) A le sharing service
d) A network monitoring tool

32. In Active Directory, what is a security group used for?

a) To organize users based on job titles
b) To manage printer permissions
c) To assign permissions to shared resources
d) To con gure network protocols

Linux Security Foundations, Linux System Con guration and Hardening

33. What is the purpose of a rewall ?

a) To manage user accounts
b) To encrypt lesystems
c) To control network traf c and protect against unauthorized access
d) To update software packages

34. Which Linux command is used to change le permissions?

a) chmod
b) grep
c) ps
d) ls

35. What is the function of SELinux (Security-Enhanced Linux) in Linux systems?

a) To manage user passwords
b) To enforce mandatory access controls
c) To monitor system performance
d) To create virtual environments
36. Which Linux command is used to list all les and directories in a directory?
a) cat
b) ls
c) grep
d) df

37. Which command in Linux is used to display the current directory?

a) pwd
b) ls
c) cd
d) mkdir

End Point Detection, Device Hardening

38. What is the primary purpose of Endpoint Detection and Response (EDR)
technology?
a) To manage network switches
b) To monitor and respond to endpoint threats and activities
c) To encrypt email communications
d) To con gure rewall rules

39 . Which of the following is a key feature of an EDR solution?

a) Network traf c analysis
b) File system backup
c) Browser cache management
d) System performance optimization

40. What is the primary goal of device hardening?

a) Increasing device speed
b) Reducing attack surface and enhancing security
c) Adding new features
d) Con guring network printers

41. Which practice is part of device hardening?

a) Enabling all default services
b) Using weak passwords
c) Installing unnecessary applications
d) Disabling unused ports and services

42 . What role does patch management play in device hardening?

a) Con guring network settings
b) Monitoring rewall logs
c) Applying security updates and patches regularly
d) Checking system uptime

Data Encryption, Network Security for End System

43. What is the primary purpose of data encryption?

a) To increase network bandwidth
b) To compress data les
c) To protect data con dentiality and integrity
d) To optimize database queries

44. Which encryption method uses a single key for both encryption and decryption?
a) AES (Advanced Encryption Standard)
b) RSA (Rivest-Shamir-Adleman)
c) Symmetric encryption
d) Asymmetric encryption
45. What does end-to-end encryption (E2EE) ensure?
a) Encryption only during data transmission
b) Encryption from sender to receiver, protecting data throughout its entire journey
c) Encryption only on web browsers
d) Encryption at the server level

46. What role does antivirus software play in network security for end systems?
a) Encrypting network traf c
b) Monitoring system performance
c) Detecting and removing malware
d) Con guring network protocols

47. How can multi-factor authentication (MFA) enhance network security for end
systems?
a) By encrypting email communications
b) By requiring multiple forms of veri cation for user access
c) By optimizing database queries
d) By managing software licenses

48. What is the purpose of regularly updating software and security patches on end
systems?
a) To increase system performance
b) To enhance data encryption
c) To x security vulnerabilities and bugs
d) To con gure network settings

Access Controls for Devices

49. What is the primary goal of access controls for devices?

a) To increase device performance
b) To restrict physical access to devices
c) To manage user permissions and privileges
d) To con gure network protocols

50. What does Role-Based Access Control (RBAC) rely on to assign permissions?
a) User identity and attributes
b) Physical device location
c) Network bandwidth
d) System uptime

51. What is the purpose of implementing access controls on devices?

a) To increase device speed
b) To enforce security policies and restrict unauthorized access
c) To optimize cloud storage
d) To manage network printers

52. Which access control model focuses on assigning permissions based on job roles
within an organization?
a) Role-Based Access Control (RBAC)
b) Mandatory Access Control (MAC)
c) Discretionary Access Control (DAC)
d) Attribute-Based Access Control (ABAC)

53. Which authentication factor veri es something the user knows?

a) Biometric authentication
b) Password
c) Security token
d) Smart card
54. How does multi-factor authentication (MFA) enhance device security?
a) By encrypting network traf c
b) By requiring multiple forms of veri cation for access
c) By optimizing system performance
d) By managing software licenses

Secure Communication, SSL/TLS Implementation

55. What is the primary goal of secure communication protocols?

a) To increase network speed
b) To encrypt data in transit and ensure con dentiality
c) To optimize cloud storage
d) To manage network printers

56. Which security measure protects data integrity during communication?

a) Firewall
b) Antivirus software
c) Encryption
d) Virtual private network (VPN)

57 . What role does digital signatures play in secure communication?

a) Encrypting email communications
b) Verifying the authenticity and integrity of messages
c) Optimizing system performance
d) Managing software licenses

58. How does secure communication bene t organizations?

a) By increasing network latency
b) By reducing administrative overhead
c) By limiting user access
d) By protecting sensitive data from unauthorized access

59. Which port does HTTPS typically use for secure web communications?
a) 80
b) 443
c) 22
d) 21

60. What is SSL/TLS primarily used for?

a) Encrypting emails
b) Securing web communications
c) Managing server hardware
d) Monitoring system logs

61. Which protocol is commonly used to establish secure connections over HTTP?
a) SSH (Secure Shell)
b) FTPS (FTP Secure)
c) SSL/TLS
d) Telnet

62. What does SSL/TLS provide in addition to encryption?

a) Compression
b) Authentication and integrity
c) Firewall con guration
d) File system permissions

63. How does SSL/TLS validate the authenticity of a server?

a) By encrypting data packets
b) By using digital certi cates
c) By optimizing network protocols
d) By managing user permissions

Integrating Endpoint Logs Mobile Device Security

64. Which technology is commonly used to collect and centralize endpoint logs?
a) Firewall
b) SIEM (Security Information and Event Management)
c) VPN (Virtual Private Network)
d) Antivirus software

65. How can integrating endpoint logs bene t cybersecurity efforts?

a) By increasing network latency
b) By reducing administrative overhead
c) By providing insights into potential security incidents
d) By managing software licenses

66. What type of information do endpoint logs typically contain?

a) User passwords
b) System uptime
c) Network traf c
d) Software license keys

67. Which security measure helps secure mobile devices from unauthorized access?
a) VPN (Virtual Private Network)
b) Disk encryption
c) Antivirus software
d) Email ltering
68. Which authentication method is commonly used for mobile device security?
a) Biometric authentication
b) Password
c) Security token
d) Smart card

Week 2
Basics of Networks, routers rewalls

69. What is a network?

a) A single computer
b) A collection of interconnected computers and devices
c) A type of software
d) A device used to print documents

70. What is the purpose of a network switch?

a) To connect a network to the internet
b) To lter and forward data packets within a network
c) To encrypt email communications
d) To manage user permissions

71. Which network topology connects all devices in a linear sequence?

a) Star
b) Mesh
c) Bus
d) Ring

72. What does IP address stand for in networking?

a) Internet Protocol address
b) Internal Process address
c) Internet Provider address
d) Internal Protocol address

73. What is the primary function of a router in a network?

a) To connect devices within a local area network (LAN)
b) To encrypt network traf c
c) To manage software licenses
d) To block malicious websites

74. Which type of rewall operates at the application layer of the OSI model?
a) Packet- ltering rewall
b) Stateful inspection rewall
c) Proxy rewall
d) Network address translation (NAT) rewall

75. Which device is responsible for routing traf c between different VLANs?
a) Router
b) Switch
c) Firewall
d) Proxy server

76. What is a bene t of using VLANs for inter-VLAN communication?

a) To manage network printers
b) To optimize cloud storage
c) To reduce broadcast traf c
d) To con gure network settings
77. How does inter-VLAN communication typically occur?
a) Through a router or layer 3 switch
b) Through a rewall
c) Through a proxy server
d) Through a VPN (Virtual Private Network)

IPv4 and IPv6 Sub-netting, Secure Network Design Case Studies, Network logs
(SNMP, Syslog) Bandwidth Monitoring

78. What is the purpose of subnetting in IPv4 and IPv6 networks?

a) To increase network speed
b) To reduce broadcast traf c
c) To optimize cloud storage
d) To manage network printers

79. How many bits are used for the subnet portion in IPv4 addresses?
a) 8 bits
b) 16 bits
c) 24 bits
d) 32 bits

80. Which IPv6 address type is used for multicast communication?

a) Unicast
b) Anycast
c) Multicast
d) Broadcast

81. What is the main advantage of using IPv6 over IPv4 for subnetting?
a) IPv6 supports larger address space and simpli es subnetting
b) IPv6 is faster in routing packets
c) IPv6 encrypts all network traf c
d) IPv6 reduces the need for network rewalls

82. What is the subnet mask for a Class C network?

A) 255.0.0.0
B) 255.255.0.0
C) 255.255.255.0
D) 255.255.255.255

Secure Network Design Case Studies

83. Why is secure network design important for organizations?

a) To optimize cloud storage
b) To reduce network latency
c) To mitigate security risks and protect sensitive data
d) To manage software licenses

84. Which security principle involves limiting network exposure and minimizing attack
surface?
a) Least Privilege
b) Defense in Depth
c) Principle of Least Astonishment
d) Principle of Least Privilege

85. What is an example of a secure network design strategy?

a) Using default passwords for all devices
b) Disabling encryption for faster network performance
c) Implementing strong authentication and access controls
d) Allowing unrestricted access to network resources

86. What is a DMZ in network design?

A) A secure area where sensitive data is stored
B) A separate network segment that is isolated from the internal network and
exposed to external users
C) The main internal network
D) A protocol used for secure communication

Network logs (SNMP, Syslog) Bandwidth Monitoring

87. What is SNMP (Simple Network Management Protocol) used for?

a) Monitoring and managing network devices and their functions
b) Encrypting network traf c
c) Optimizing system performance
d) Managing user permissions

88. How does Syslog help in network management?

a) By encrypting email communications
b) By tracking and storing system logs from network devices
c) By managing software licenses
d) By optimizing network protocols

89. What is the purpose of bandwidth monitoring in network management?

a) To manage network printers
b) To optimize cloud storage
c) To identify network bottlenecks and ensure optimal performance
d) To con gure network settings
90. What is the purpose of SNMP in network management?
A) To encrypt network traf c
B) To provide a framework for managing devices on IP networks
C) To monitor bandwidth usage only
D) To con gure network rewalls

Wireless Network Security, IDS/IPS, Firewalls and ACLs

91. What is the primary concern in wireless network security?

a) Network latency
b) Signal strength
c) Data con dentiality and integrity
d) Encryption of emails

92. Which encryption protocol is commonly used to secure wireless networks?

a) SSL
b) TLS
c) WEP
d) FTP

93. How does disabling SSID broadcasting enhance wireless network security?
a) By encrypting network traf c
b) By reducing network latency
c) By hiding the network name from unauthorized users
d) By optimizing system performance

94. What is MAC ltering used for in wireless network security?

a) To manage user permissions
b) To optimize cloud storage
c) To control which devices can connect to the network
d) To con gure network printers

IDS/IPS

95. What is the primary function of an IDS (Intrusion Detection System)?

a) To prevent unauthorized access to the network
b) To detect and alert on potential security threats and breaches
c) To manage software licenses
d) To encrypt network traf c

96. How does an IPS (Intrusion Prevention System) differ from an IDS?
a) IPS encrypts network traf c, while IDS detects unauthorized access
b) IPS prevents detected threats, while IDS only alerts on threats
c) IPS manages network bandwidth, while IDS monitors network performance
d) IPS optimizes system performance, while IDS secures network printers

97. What is the purpose of a rewall in network security?

a) To manage network bandwidth
b) To lter and control incoming and outgoing network traf c
c) To optimize cloud storage
d) To con gure network printers

98. Which of the following is a type of IDS?

A) Signature-based IDS
B) Firewall-based IDS
C) Encryption-based IDS
D) Authentication-based IDS

99. What is the main difference between an IDS and an IPS?

A) IDS is passive and detects threats, while IPS is active and blocks threats
B) IDS encrypts traf c, while IPS decrypts traf c
C) IDS works only on internal networks, while IPS works on external networks
D) IDS requires more con guration than IPS

100. Which rewall type operates at the application layer of the OSI model?
a) Packet- ltering rewall
b) Stateful inspection rewall
c) Proxy rewall
d) Network address translation (NAT) rewall

ACLs (Access Control Lists)

101. What is an ACL used for in network security?

a) To manage user permissions and access
b) To optimize cloud storage
c) To encrypt network traf c
d) To con gure network printers

102. How do ACLs enhance network security?

a) By optimizing network protocols
b) By providing a list of authorized devices
c) By controlling which packets are allowed or denied based on de ned rules
d) By managing software licenses
103. What is the primary purpose of an Access Control List (ACL)?
A) To encrypt data
B) To manage user passwords
C) To lter network traf c
D) To create user accounts

104. In which of the following devices are ACLs commonly implemented?

A) Routers and switches
B) Monitors and printers
C) Keyboards and mice
D) External hard drives

DNS, DHCP, Router, Switch and VLAN Security, Proxy Deployment and WAF
Deployment

105. What is the primary function of a router in a network?

a) To connect devices within a local area network (LAN)
b) To encrypt network traf c
c) To manage user permissions
d) To lter and forward data packets within a network

106. Which networking device operates at Layer 2 of the OSI model?

a) Router
b) Switch
c) Firewall
d) Proxy server

107. What does IP address stand for in networking?

a) Internet Protocol address
b) Internal Process address
c) Internet Provider address
d) Internal Protocol address

108. What is the purpose of subnetting in IP networking?

a) To increase network speed
b) To reduce broadcast traf c
c) To manage user permissions
d) To optimize cloud storage

109. What is the primary role of a rewall in network security?

a) To manage network bandwidth
b) To lter and control incoming and outgoing network traf c
c) To optimize cloud storage
d) To con gure network printers

110. What security measure can protect routers and switches from unauthorized
access?
a) VLANs
b) MAC ltering
c) Firewall
d) Proxy server

111. Which encryption protocol is commonly used to secure wireless networks?

a) SSL
b) TLS
c) WEP
d) FTP

112. What is DNS used for in computer networks?

a) To manage network printers
b) To translate domain names to IP addresses
c) To encrypt network traf c
d) To optimize system performance

113. What is DHCP used for in computer networks?

a) To manage network printers
b) To assign IP addresses dynamically to devices
c) To encrypt email communications
d) To optimize network protocols

114. What is the purpose of deploying a proxy server in a network?

a) To manage user permissions
b) To encrypt network traf c
c) To lter and forward web requests
d) To optimize cloud storage

DMZ implementation, SSL and Micro Segmentation, Network Forensics and

Regulatory Compliance

115. What is the primary purpose of a DMZ (Demilitarized Zone) in network

architecture?
a) To manage network printers
b) To isolate public-facing services from internal networks
c) To encrypt network traf c
d) To optimize cloud storage

116. Which type of servers are typically placed in a DMZ?

a) Domain controllers
b) Internal database servers
c) Web servers
d) DHCP servers

117. What is the primary purpose of a Demilitarized Zone (DMZ) in network security?
A) To provide a high-speed connection between internal and external networks
B) To isolate and protect the internal network from external threats
C) To encrypt all traf c entering the network
D) To manage user access controls

118. How is traf c typically managed between the DMZ and the internal network?
A) Through unrestricted direct connections
B) Through a rewall with speci c access rules
C) Through a VPN
D) Through a proxy server

119. Which of the following con gurations best describes a dual-homed DMZ?
A) A DMZ that uses two separate rewalls for added security
B) A DMZ that allows direct access to the internal network
C) A DMZ that only hosts a single service
D) A DMZ with multiple subnets

SSL and Micro Segmentation

120. What is Micro Segmentation in network security?

a) Dividing a network into smaller, isolated segments to enhance security
b) Consolidating network traf c for improved performance
c) Encrypting email communications
d) Managing software licenses

121. What security bene t does Micro Segmentation offer?

a) Improved network speed
b) Reduced network latency
c) Enhanced isolation and containment of security threats
d) Optimization of cloud storage

122. What is the primary purpose of SSL (Secure Sockets Layer)?

A) To improve network speed
B) To encrypt data transmitted over a network
C) To manage user access
D) To provide network redundancy

123. Which protocol is the successor to SSL and is more secure?

A) HTTPS
B) TLS (Transport Layer Security)
C) FTP
D) SSH

124. How does SSL/TLS ensure data integrity?

A) By using symmetric encryption only
B) By using cryptographic hash functions
C) By compressing the data before transmission
D) By using a VPN

Network Forensics and Regulatory Compliance

125. What is the primary goal of network forensics?
a) To encrypt network traf c
b) To optimize system performance
c) To identify and analyze security incidents or breaches
d) To manage network printers

126. Which activity is typically part of network forensics?

a) Optimizing cloud storage
b) Decrypting network traf c
c) Recovering deleted les from servers
d) Con guring network settings

127. What is network forensics?

A) The study of network performance
B) The analysis and investigation of network traf c to detect and respond to security
incidents
C) The process of encrypting network data
D) The implementation of network security policies

128. Which of the following tools is commonly used in network forensics?

A) Wireshark
B) Microsoft Excel
C) Adobe Photoshop
D) VMware

Week 3

Introduction to Information Security, Threat Modelling and Security Controls

and Security Incidents and Attacks
129. Which of the following best de nes information security?

a) The process of creating a secure environment

b) The protection of information and its critical elements

c) The development of software applications

d) The optimization of network performance

130. Which is not one of the three core principles of information security?

a) Con dentiality

b) Integrity

c) Availability

d) Redundancy

131. Which of the following is a common methodology used for ensuring

con dentiality?

a) Backup

b) Encryption

c) Firewall

d) Patch management

132. What are the three core principles of information security?

A) Encryption, Authentication, Authorization

B) Con dentiality, Integrity, Availability

C) Monitoring, Logging, Auditing

D) Firewall, Antivirus, Backup

133. Which term describes the process of ensuring that information is accurate and
reliable?

A) Con dentiality

B) Integrity

C) Availability

D) Authentication

134. What is the main purpose of a rewall?

A) To store data securely

B) To monitor network traf c for malicious activity

C) To block unauthorized access to a network

D) To encrypt data in transit

Threat Modelling and Security Controls

135. What is the rst step in the threat modelling process?

a) Mitigating threats

b) Identifying threats

c) De ning security controls

d) Creating network diagrams

136. Which type of control is an antivirus software?

a) Preventive

b) Detective

c) Corrective

d) Compensating

137. Which of the following is an example of a social engineering attack?

a) SQL Injection

b) Phishing

c) DDoS

d) Man-in-the-Middle

138. What is the primary goal of threat modeling?

A) To improve system performance

B) To identify and assess potential security threats and vulnerabilities

C) To manage user access controls

D) To encrypt sensitive data

139. Which security control aims to limit the impact of a security incident by restoring
normal operations?

A) Preventive control

B) Detective control

C) Corrective control

D) Deterrent control
 Security Incidents and Attacks

140. What is the main objective of an incident response plan?

a) To ensure business continuity

b) To optimize network performance

c) To manage software licenses

d) To encrypt network traf c

141. Which phase of the incident response process involves identifying that an
incident has occurred?

a) Preparation

b) Identi cation

c) Containment

d) Recovery

142. What is a common goal of a Denial of Service (DoS) attack?

A) To steal sensitive data

B) To disrupt the availability of a service or network

C) To gain unauthorized access to a system

D) To install malware on a target system

143. Which of the following describes a zero-day attack?

A) An attack that targets newly released software

B) An attack that exploits a previously unknown vulnerability

C) An attack that occurs on the rst day of the month

D) An attack that uses outdated software

PAM and IAM, Vendor Assessment Case Studies

144. What is the primary goal of Privileged Access Management (PAM)?

a) To optimize network speed

b) To control and monitor privileged access to critical systems

c) To increase data storage capacity

d) To improve user interface design

145. Which of the following is a common feature of PAM solutions?

a) Password vaulting

b) Data compression

c) High-speed data transfer

d) User interface customization

146. What does IAM stand for?

a) Internet Access Management

b) Identity and Access Management

c) Internal Authentication Mechanism

d) Integrated Account Management

147. Which of the following is a key bene t of implementing IAM?

a) Increased storage capacity

b) Enhanced security through centralized control of user access

c) Faster network speeds

d) Improved website design

148. What is the purpose of Single Sign-On (SSO) in IAM?

a) To allow users to access multiple applications with one set of login credentials

b) To increase data storage capacity

c) To optimize network performance

d) To enhance the user interface

Vendor Assessment Case Studies

149. What is the primary purpose of conducting a vendor assessment?

A) To improve the vendor's market positioning

B) To evaluate the security and reliability of third-party vendors

C) To update the vendor's software

D) To manage the vendor's nancial investments

150. Which document is commonly used to outline the security requirements and
expectations for a vendor?
A) Vendor Risk Management Policy

B) Service Level Agreement (SLA)

C) Marketing Strategy Plan

D) Financial Statement

151. During a vendor assessment, which method is used to evaluate the vendor's
security practices?

A) Reviewing nancial statements

B) Conducting on-site visits and security audits

C) Analyzing marketing materials

D) Checking social media pro les

152. What is the purpose of a security questionnaire in a vendor assessment?

A) To list the vendor's nancial investments

B) To evaluate the vendor's security policies and practices

C) To measure the vendor's customer satisfaction

D) To outline the vendor's marketing strategies

153. Why is it important to assess a vendor's compliance with industry regulations

during a vendor assessment?

A) To improve the vendor's marketing strategy

B) To ensure the vendor adheres to relevant laws, reducing legal and nancial risks

C) To enhance the vendor's brand image

D) To update the vendor's product features

 Cryptography Basics, Symmetric and Asymmetric Encryption, Hashing and
importance

154. What is the primary purpose of cryptography?

a) To increase data storage capacity
b) To encrypt and protect information from unauthorized access
c) To enhance user interface design
d) To optimize network performance

155. Which of the following is a key element of cryptography?

a) Data compression
b) Encryption and decryption
c) Network routing
d) Data replication

156. What is plaintext in cryptography?

a) Encrypted data
b) Unencrypted data
c) Compressed data
d) Corrupted data

157. Which type of encryption uses the same key for both encryption and
decryption?
a) Symmetric encryption
b) Asymmetric encryption
c) Hashing
d) Quantum encryption

158. Which of the following is a common symmetric encryption algorithm?

a) RSA
b) AES
c) DSA
d) ECC

159. What is a key characteristic of asymmetric encryption?

a) It uses identical keys for encryption and decryption
b) It uses different keys for encryption and decryption
c) It does not use keys at all
d) It requires physical devices for encryption

160. Which of the following is a widely used asymmetric encryption algorithm?

a) DES
b) Blow sh
c) RSA
d) 3DES

161 . What is the primary purpose of a hash function?

a) To encrypt data
b) To generate a unique xed-size representation of data
c) To compress data
d) To replicate data

162. Which of the following is a characteristic of a good hash function?

a) It produces identical output for similar inputs
b) It generates different outputs for identical inputs
c) It produces the same output for identical inputs
d) It compresses data effectively
163. What is a common use case for hashing in cybersecurity?
a) Encrypting communications
b) Verifying data integrity
c) Increasing network speed
d) Enhancing user experience

164. Which of the following is a widely used hashing algorithm?

a) AES
b) RSA
c) SHA-256
d) Blow sh

165. Why is hashing important in storing passwords?

a) It makes passwords easier to remember
b) It converts passwords into a xed-size string that cannot be reversed
c) It encrypts passwords for easy retrieval
d) It compresses passwords to save space
Answer: b) It converts passwords into a xed-size string that cannot be reversed

PKI, Application Layer Encryption, File and Database Encryption

166. What does PKI stand for?

a) Public Key Infrastructure
b) Private Key Interaction
c) Public Key Interaction
d) Private Key Infrastructure

167. What is the primary purpose of PKI?

a) To store large amounts of data
b) To manage keys and digital certi cates
c) To increase network speed
d) To optimize application performance

168. Which of the following is a component of PKI?

a) Web browser
b) Certi cate Authority (CA)
c) Database management system
d) File compression tool

169. What is the role of a Certi cate Authority (CA) in PKI?

a) To encrypt data
b) To issue and manage digital certi cates
c) To compress les
d) To monitor network traf c

170. What is the primary goal of application layer encryption?

a) To compress data
b) To encrypt data at the application level
c) To enhance the user interface
d) To speed up data transmission

171. Which of the following is a bene t of application layer encryption?

a) Reduced storage requirements
b) Enhanced security for data in transit and at rest
c) Increased network bandwidth
d) Improved data compression
172. Which of the following protocols can be used for application layer encryption?
a) HTTP
b) HTTPS
c) FTP
d) SMTP

173. What is the main purpose of le encryption?

a) To reduce le size
b) To protect les from unauthorized access
c) To speed up le transfer
d) To improve le readability

174. Which of the following algorithms is commonly used for le encryption?

a) RSA
b) AES
c) SHA-256
d) MD5

175. What is the purpose of database encryption?

a) To enhance database performance
b) To protect sensitive data within the database
c) To reduce the size of the database
d) To improve data retrieval speed

Cloud Fundamentals, Cloud Architecture and Design, Cloud Security Multi

Cloud Security, Container Security

176. What is cloud computing?

a) A type of computer hardware

b) The delivery of computing services over the internet

c) A method for data compression

d) A way to connect multiple devices wirelessly

177. What is a bene t of using cloud computing?

a) Increased need for physical storage devices

b) On-demand resource scalability

c) Slower data access

d) Higher electricity consumption

178. Which architecture is commonly used in cloud computing?

a) Client-Server

b) Peer-to-Peer

c) Microservices

d) Ring Topology

179. What is a key characteristic of a well-designed cloud architecture?

a) High availability and fault tolerance

b) Single point of failure

c) Manual resource scaling

d) Localized data storage

180. Which component is essential in cloud architecture for resource management?

a) Hypervisor

b) Graphics Card

c) Hard Disk Drive

d) Power Supply Unit

181. What is the primary focus of cloud security?

a) Enhancing user interface design

b) Protecting data and resources in the cloud

c) Reducing cloud service costs

d) Increasing network speed

182. What is an effective practice for securing cloud environments?

a) Using multi-factor authentication (MFA)

b) Disabling all encryption

c) Sharing passwords openly

d) Ignoring software updates

183. What is multi-cloud security?

a) Security for on-premises data centers

b) Security measures for using multiple cloud services and providers

c) Security for a single cloud service

d) Security for offline data storage

184. Which of the following is a challenge in multi-cloud security?

a) Centralized management

b) Consistency in security policies across providers

c) Increased physical hardware requirements

d) Decreased network performance

185. What is a bene t of a multi-cloud strategy?

a) Vendor lock-in

b) Increased redundancy and availability

c) Reduced compliance requirements

d) Simpli ed management

186. What are containers in cloud computing?

a) Physical storage units

b) Virtualized software environments

c) Network devices

d) Data compression tools

187. Which tool is commonly used for container orchestration?

a) Docker

b) Kubernetes

c) Apache
d) Nginx

188. What is a key concern in container security?

a) Data redundancy

b) Isolation between containers

c) User interface design

d) Hardware compatibility

189. Which practice enhances container security?

a) Running containers with root privileges

b) Regularly updating container images

c) Using outdated software versions

d) Disabling logging

Week 4
Mobile Device Fundamentals, Mobile Device Management

190. What is the primary function of a mobile device's operating system?

a) To manage network traf c
b) To provide an interface between the user and the hardware
c) To optimize battery performance
d) To encrypt data

191. Which of the following is a common mobile operating system?

a) Windows
b) Linux
c) Android
d) macOS

192. What technology do most smartphones use to connect to the internet?

a) Ethernet
b) Wi-Fi
c) USB
d) Bluetooth

193. What is the primary function of a mobile operating system?

A) To run desktop applications
B) To manage hardware and software resources on mobile devices
C) To provide network connectivity
D) To store user data

194. Which of the following is an example of a mobile operating system?

A) Windows 10
B) Linux
C) iOS
D) macOS

195. What is the purpose of mobile application stores like Google Play and Apple App
Store?
A) To store user documents
B) To provide a marketplace for downloading and purchasing mobile applications
C) To offer technical support for mobile devices
D) To manage mobile device settings
 Mobile Device Management

196. What is the primary purpose of Mobile Device Management (MDM)?

a) To manage software development
b) To control and secure access to mobile devices within an organization
c) To optimize network performance
d) To provide user support

197. Which of the following is a common feature of MDM solutions?

a) Data analytics
b) Remote wipe
c) Video conferencing
d) social media integration

198. What can MDM solutions do to ensure device compliance with corporate
policies?
a) Block non-compliant devices from accessing corporate resources
b) Increase network bandwidth
c) Provide user training
d) Optimize cloud storage

199. What is the primary purpose of Mobile Device Management (MDM)?

A) To create mobile applications
B) To manage and secure mobile devices used within an organization
C) To improve mobile device battery life
D) To provide customer support

200. Which of the following is a common feature of MDM solutions?

A) Device encryption
B) Device performance monitoring
C) Remote device wipe
D) Application development

BYOD Policies Mobile Application Security

201. What does BYOD stand for?

A. Bring Your Own Data

B. Bring Your Own Device

C. Bring Your Own Desktop

D. Bring Your Own Disk

202. Which of the following is NOT considered a BYOD device?

A. Smartphone

B. Laptop

C. Desktop Computer

D. Smartwatch

203. In which era did the BYOD trend begin to rise?

A. Early 1990s

B. Early 2000s

C. Mid-2000s

D. Late 2010s

204. Why did BYOD become popular around 2012?

 A. As a productivity measure

B. As a cost-saving measure

C. For compliance reasons

D. Due to new regulations

205. What is a primary purpose of BYOD policies?

A. To increase employee salaries

B. To allow unlimited device usage

C. To protect company data

D. To reduce IT staff

206. Which of the following is a security requirement for BYOD devices?

A. No need for password protection

B. Antivirus software must be installed

C. Devices can be used without encryption

D. IT support is optional

207. What must employees do with company data on personal devices?

A. Share it freely

B. Encrypt and back it up regularly

C. Delete it immediately

D. Store it unprotected
 Location and Geo fencing Security, Bluetooth and Near Field Communication
(NFC) Security

208. What is geo-fencing in the context of mobile security?

a) A method to enhance battery life
b) A feature that restricts access to apps based on user location
c) A technique to improve network speed
d) A way to encrypt data on the device

209. Which technology is primarily used to determine a device’s location for geo-
fencing purposes?
a) Bluetooth
b) GPS
c) NFC
d) Wi-Fi

210. What is a common use case of geo-fencing in mobile devices?

a) Increasing device storage
b) Restricting access to corporate apps outside the of ce
c) Enhancing screen resolution
d) Enabling faster data transfer

211. What is a primary security concern with Bluetooth technology?

a) High power consumption
b) Susceptibility to eavesdropping and unauthorized access
c) Limited data transfer speed
d) High cost of implementation

212. Which security measure can help protect Bluetooth communications?

a) Keeping Bluetooth always on
b) Pairing devices in a secure environment
c) Using weak passwords
d) Disabling encryption

213. What does NFC stand for?

a) Near Field Communication
b) Network File Control
c) Near Frequency Connection
d) Network Function Command

214. Which of the following is a common use of NFC?

a) Long-range communication
b) Mobile payments
c) Large le transfers
d) High-speed internet access

215. What is the purpose of patch management on mobile devices?

a) To increase device storage
b) To apply updates that x security vulnerabilities and bugs
c) To enhance screen resolution
d) To enable faster data transfer

216. How often should patch management be performed on mobile devices?

a) Only when the device is rst purchased
b) Regularly, to ensure the latest security updates are applied
c) Every few years
d) Never, as it is not necessary

217. Which of the following can be a consequence of not applying patches on mobile
devices?
a) Improved battery life
b) Increased risk of security breaches
c) Enhanced device performance
d) Reduced device storage

Mobile Forensic

218. What does Mobile Forensics primarily deal with?

a) Recovering data from computers

b) Recovering digital evidence from mobile devices

c) Recovering data from servers

d) Recovering digital evidence from printers

219. Which of the following is NOT a use of cell phones in crimes?

a) Spreading fake news

b) Making online payments

c) Blackmailing

d) Spreading hate messages

220. Which is a crucial aspect of Mobile Forensics?

a) Creating apps

b) Investigating crime scenes

c) Recovering digital evidence under forensically sound conditions

d) Training law enforcement of cers

221. As of June 2024, which is NOT one of the latest mobile operating systems?

a) Android 15

b) iOS 17

c) Windows Mobile 10

d) Tizen 6.5
 222. Which component is NOT part of the anatomy of a mobile phone device?

a) Microprocessor

b) Random Access Memory (RAM)

c) Hard Drive

d) Liquid Crystal Display (LCD)

223. What is the rst step in the Mobile Forensic Process?

a) Archiving

b) Identi cation

c) Intake

d) Processing

224. Which of the following is potential evidence stored on a mobile phone?

a) Hard disk data

b) Network con gurations

c) SMS

d) Ethernet logs

225. What does IMSI stand for?

a) International Mobile Subscriber Identity

b) Integrated Mobile Service Identi er

c) International Mobile Security Identi er

d) Integrated Mobile Subscriber Identity

226. Which type of SIM card is embedded within devices like smartphones and
smartwatches?

a) Mini-SIM

b) Micro-SIM
 c) Nano-SIM

d) eSIM

227. What does ICCID stand for?

a) International Circuit Card Identi er

b) Integrated Circuit Card Identi er

c) International Communication Card Identi er

d) Integrated Communication Card Identi er

IoT Security, Web Application Security, OWASP

228. What does IoT stand for?

a) Internet of Things
b) Internet of Technology
c) Information of Things
d) Integrated online Technology

229. Which of the following is a common security concern for IoT devices?
a) High power consumption
b) Unsecured data transmission
c) Large storage capacity
d) High cost of devices

230. What is a common method to secure IoT devices?

a) Disabling device encryption
b) Using strong authentication mechanisms
c) Increasing device size
d) Limiting device functionality
231. What is the primary concern with IoT devices in terms of security?
A) High power consumption
B) Complexity in installation
C) Vulnerability to cyber attacks
D) Limited functionality

232. Which of the following best describes the principle of least privilege in IoT
security?
A) Ensuring all devices have the same access level
B) Giving devices the minimum level of access necessary to perform their functions
C) Allowing devices to automatically upgrade their permissions
D) Ensuring devices have maximum access to network resources

233. What is a common method to secure communication between IoT devices?

A) Using simple HTTP protocol
B) Implementing strong encryption such as TLS
C) Disabling network access
D) Using default passwords

Web Application Security

234. What is the primary goal of web application security?

a) To improve website aesthetics
b) To protect web applications from cyber threats
c) To increase website traf c
d) To optimize website speed

235. Which of the following is a common web application vulnerability?

a) SQL Injection
b) File compression
c) Image optimization
d) Bandwidth throttling

236. What is the purpose of a web application rewall (WAF)?

a) To speed up web page loading
b) To lter and monitor HTTP traf c to and from a web application
c) To manage user permissions
d) To compress web data

237. What is Cross-Site Scripting (XSS)?

A) An attack where malicious scripts are injected into web pages viewed by users
B) A method to improve website performance
C) A way to enhance web application usability
D) A technique for creating dynamic web pages

238. Which of the following is a preventive measure against SQL injection attacks?
A) Using strong passwords
B) Encrypting database connections
C) Validating and sanitizing user input
D) Implementing CAPTCHA

OWASP

239. What does OWASP stand for?

a) Online Web Application Security Program
b) Open Web Application Security Project
c) Open Web Application Software Project
d) Online Web Application Software Program

240. Which of the following is a key resource provided by OWASP?

a) OWASP Top 10
b) OWASP Speed Optimizer
c) OWASP Storage Management
d) OWASP Data Compression

241. What is the OWASP Top 10?

a) A list of the top 10 web development frameworks
b) A list of the top 10 security vulnerabilities in web applications
c) A list of the top 10 web design principles
d) A list of the top 10 cloud storage providers

242. Which of the following is included in the OWASP Top 10 vulnerabilities?

a) Slow website performance
b) Cross-Site Scripting (XSS)
c) High bandwidth usage
d) Poor website design

243. Why is input validation important in web application security?

a) To speed up data entry
b) To prevent injection attacks
c) To improve user interface
d) To manage storage capacity

244. What is the main focus of OWASP projects?

a) Developing new web technologies
b) Improving web application security
c) Increasing website traf c
d) Enhancing web page aesthetics

Web Services Security, Data Security and Database Security, Vulnerability

Management

245. What is the primary goal of web services security?

a) To optimize web service performance
b) To protect web services from unauthorized access and attacks
c) To increase the speed of data transfer
d) To enhance the user interface of web services

246. Which of the following protocols is commonly used to secure web services?
a) HTTP
b) FTP
c) SOAP
d) HTTPS

247. What does WS-Security stand for?

a) Web Services Security
b) Web Services Speed
c) Web Services Synchronization
d) Web Services Sharing

Data security ana Database Security

248. What is the primary focus of data security?

a) Enhancing data visualization
b) Protecting data from unauthorized access and corruption
c) Increasing data storage capacity
d) Improving data retrieval speed

249. Which method is commonly used to secure data at rest?

a) Compression
b) Encryption
c) Sorting
d) Indexing

250. Which of the following is a common database security measure?

a) Implementing SQL queries
b) Using strong access controls and authentication
c) Increasing database size
d) Optimizing database indexes

251. Which of the following is a common method for securing data at rest?
A) Using strong passwords
B) Data encryption
C) Data compression
D) Data replication

252. What is the role of a database rewall?

A) To accelerate database queries
B) To lter and monitor database traf c
C) To backup database data
D) To compress database tables
 Vulnerability Management

253. What is the primary goal of vulnerability management?

a) To identify, classify, and mitigate security vulnerabilities
b) To increase system performance
c) To reduce hardware costs
d) To enhance user experience

254. Which of the following is a common tool used in vulnerability management?

a) Firewall
b) Antivirus software
c) Vulnerability scanner
d) Compression tool

255. What is the rst step in the vulnerability management process?

a) Remediation
b) Assessment
c) Identi cation
d) Reporting

256. Why is it important to regularly update vulnerability management practices?

a) To improve system speed
b) To address new and emerging threats
c) To reduce the cost of security tools
d) To increase user satisfaction

257. Which of the following describes a zero-day vulnerability?

a) A vulnerability that is immediately xed upon discovery
b) A vulnerability that is known but not yet patched
c) A vulnerability that is unknown to the software vendor and has no available patch
d) A vulnerability that affects all systems equally

258. What is a key component of an effective vulnerability management program?

a) Regular software updates and patches
b) Increasing system uptime
c) Enhancing network bandwidth
d) Reducing the number of devices on the network

Identity and Access Management (IAM), Incident Response and Forensics, Web
Application and Database Security Best Practices

259. What is the primary goal of Identity and Access Management (IAM)?
a) To enhance user interface
b) To manage user identities and control access to resources
c) To increase data storage capacity
d) To improve network speed

260. Which of the following is a common component of an IAM system?

a) Firewall
b) Directory service
c) Data compression tool
d) Web browser

261. What does SSO stand for in IAM?

a) Secure System Optimization
b) Single Sign-On
c) System Security Operations
d) Secure Sign-On

262. Which of the following is a core component of IAM?

A) Data encryption
B) User authentication
C) Network monitoring
D) System patching

263. What is multi-factor authentication (MFA)?

A) A single method of logging into a system
B) A security process that requires two or more veri cation factors to gain access
C) A way to encrypt passwords
D) A method for creating user accounts

Incident Response and Forensics

264. What is the rst step in the incident response process?

a) Containment
b) Eradication
c) Identi cation
d) Recovery

265. Which of the following is a key objective of digital forensics?

a) To enhance system performance
b) To identify, collect, preserve, and analyze digital evidence
c) To reduce storage costs
d) To improve user experience
266. What is a crucial practice when handling digital evidence?
a) Modifying the evidence for clarity
b) Preserving the integrity of the evidence
c) Increasing the size of the evidence
d) Compressing the evidence

267. What is a common best practice for securing web applications?

a) Using weak passwords
b) Implementing input validation
c) Disabling encryption
d) Allowing unrestricted access

268. What is the purpose of an incident response plan?

A) To speed up network connections
B) To provide a structured approach for handling security incidents
C) To design secure software
D) To manage user accounts

Web Application and Database Security Best Practices

269. Which of the following is an essential practice for database security?

a) Disabling backups
b) Using strong access controls and encryption
c) Increasing database size
d) Optimizing data retrieval speed
270. What is the purpose of using HTTPS for web applications?
a) To increase website speed
b) To secure data transmission between the client and server
c) To enhance website design
d) To reduce server load

271. Which of the following is a method to prevent SQL injection attacks?

a) Using default database con gurations
b) Parameterized queries
c) Allowing direct user input in SQL statements
d) Disabling database logging

272. What is the purpose of data encryption at rest in database security?

A) To speed up data retrieval
B) To protect stored data from unauthorized access
C) To compress database les
D) To backup data

273. Which of the following practices enhances web application security?

A) Regularly updating and patching web application software
B) Using outdated software versions
C) Ignoring security vulnerabilities
D) Allowing unveri ed user inputs

Week 5
Arti cial Intelligence (AI) and Machine Learning (ML) Security
274. What is the primary concern regarding the security of AI systems?
A) AI systems becoming too intelligent
B) Unauthorized access and manipulation of AI models and data
C) AI systems replacing human jobs
D) High power consumption

275. Which of the following is a potential security threat speci c to AI systems?

A) AI systems running out of data
B) Model inversion attacks
C) Slow processing speed
D) Over tting of models

276. What is an adversarial attack in the context of AI security?

A) A technique to enhance AI performance
B) A method to speed up AI training
C) A type of attack where inputs are manipulated to deceive AI models
D) A process to increase the data set size

277. Which practice helps enhance the security of AI systems?

A) Using outdated algorithms
B) Regularly updating and testing AI models
C) Allowing open access to all AI models
D) Ignoring security vulnerabilities

278. What is the role of encryption in AI security?

A) To slow down AI processing
B) To protect data and model integrity from unauthorized access
C) To make AI models more complex
D) To reduce the size of the data set

Machine Learning (ML) Security

279. What is a common security concern in machine learning systems?

A) Lack of data
B) Model poisoning attacks
C) Over tting of models
D) Slow training times

280. What is the purpose of data sanitization in machine learning security?

A) To speed up the training process
B) To clean data to ensure it's free from malicious inputs
C) To reduce the size of the data set
D) To increase model accuracy

281. Which of the following helps protect machine learning models from adversarial
attacks?
A) Using simple algorithms
B) Implementing robust model training techniques
C) Allowing unrestricted access to models
D) Ignoring potential security threats

282. What is the impact of a model inversion attack on a machine learning system?
A) Slower model training
B) Extraction of sensitive information from the model
C) Increased model accuracy
D) Reduced data set size
283. Which technique can be used to detect anomalies in machine learning systems?
A) Over tting
B) Anomaly detection algorithms
C) Data compression
D) Reducing training times

Hardware Security, Block Chain Security, 5G Networks and Security

Implications and Biometric Security

Hardware Security

284. What is the primary goal of hardware security?

A) To enhance software performance
B) To protect hardware from tampering and unauthorized access
C) To reduce power consumption
D) To increase hardware speed

285. Which of the following is a common hardware security measure?

A) Using outdated rmware
B) Implementing Trusted Platform Modules (TPM)
C) Disabling encryption
D) Ignoring security vulnerabilities

286. What is a side-channel attack?

A) An attack that exploits software vulnerabilities
B) An attack that exploits physical emissions from hardware
C) A method to speed up hardware performance
D) A technique to increase storage capacity
287. Which hardware component can help ensure the integrity of a computing
platform?
A) GPU
B) TPM (Trusted Platform Module)
C) RAM
D) SSD

288. What is hardware root of trust?

A) A method to improve hardware aesthetics
B) A security principle where hardware components provide a secure foundation for
software
C) A technique to enhance network performance
D) A type of hardware storage

Block Chain Security

289. What is the primary security feature of blockchain technology?

A) Centralized control
B) Decentralization and immutability
C) Fast processing speed
D) High storage capacity

290. Which cryptographic method is commonly used in blockchain to ensure data

integrity?
A) Symmetric encryption
B) Hashing
C) Compression
D) Steganography
291. What is a smart contract in blockchain technology?
A) A physical agreement signed by blockchain participants
B) A self-executing contract with the terms directly written into code
C) A type of blockchain node
D) A method to compress blockchain data

292. Which of the following is a potential security risk in blockchain networks?

A) 51% attack
B) Faster transaction speeds
C) Increased decentralization
D) High energy ef ciency

293. What does the term "private key" refer to in blockchain security?
A) A public identi er for blockchain participants
B) A secret key used to sign transactions and access blockchain assets
C) A type of blockchain consensus algorithm
D) A method to encrypt blockchain data

5G Networks and Security Implications

294. What is a key security concern with the implementation of 5G networks?

A) Slow internet speeds
B) Increased vulnerability to cyber attacks due to higher connectivity and more
devices
C) Limited bandwidth
D) High energy consumption

295. Which of the following technologies is integral to 5G networks?

A) Dial-up modems
B) Millimeter-wave technology
C) Analog transmission
D) Copper wiring

296. What role does network slicing play in 5G security?

A) It improves physical security
B) It allows the creation of virtual networks tailored to speci c needs and security
requirements
C) It increases data transfer speed
D) It reduces energy consumption

297. Which of the following is a potential threat to 5G network security?

A) Limited connectivity
B) Increased device heterogeneity
C) Decreased data rates
D) Reduced latency

298. How can encryption help secure 5G networks?

A) By increasing network speed
B) By protecting data transmitted over the network from unauthorized access
C) By reducing the number of connected devices
D) By lowering operational costs

Biometric Security

299. What is biometric security primarily concerned with?

A) Using biological traits for identity veri cation and access control
B) Encrypting digital data
C) Monitoring network traf c
D) Enhancing physical security infrastructure

300. Which of the following is an example of a biometric identi er?

A) Username
B) Password
C) Fingerprint
D) Security question

301. What is a key advantage of biometric security systems?

A) Easy to share biometric data with others
B) Dif cult to replicate or forge biometric traits
C) Lower implementation cost compared to traditional methods
D) Completely foolproof and without any vulnerabilities

302. Which biometric method involves analyzing the unique patterns of a person’s
retina?
A) Fingerprint scanning
B) Voice recognition
C) Retinal scanning
D) Facial recognition

303. What is a potential privacy concern with the use of biometric security?
A) High cost of biometric devices
B) Possibility of biometric data being stolen or misused
C) Inability to authenticate users
D) Reduced accuracy compared to passwords
 Introduction to Asset Management, Asset Discovery, Con guration
Management

Introduction to Asset Management

304. What is the primary goal of asset management?

A) To increase asset depreciation
B) To manage and optimize the use of assets within an organization
C) To improve software performance
D) To reduce the number of assets

305. Which of the following is considered an IT asset?

A) Of ce furniture
B) Network switches
C) Employee uniforms
D) Cleaning supplies

306. What does an asset management system typically track?

A) Only hardware assets
B) Only software licenses
C) Both hardware and software assets
D) Employee productivity

307. Which of the following is a bene t of effective asset management?

A) Increased operational costs
B) Enhanced asset utilization and reduced risks
C) Decreased compliance with regulations
D) Reduced need for IT staff

308. Which process is essential in maintaining an accurate asset inventory?

A) Annual budgeting
B) Regular asset audits
C) Employee performance reviews
D) Marketing campaigns

309. What is the purpose of asset lifecycle management in asset management?

A) To prolong the life of an asset inde nitely
B) To manage an asset from acquisition to disposal
C) To track only the nancial aspects of an asset
D) To avoid purchasing new assets

Asset Discovery

310. What is asset discovery?

A) The process of nding lost assets
B) The automated or manual identi cation of assets within a network
C) The purchase of new assets
D) The sale of unused assets

311. Which tool is commonly used for asset discovery in IT environments?

A) Word processor
B) Network scanner
C) Spreadsheet software
D) Presentation software

312. What is the main bene t of continuous asset discovery?

A) Increased network traf c
B) Improved visibility and management of assets in real-time
C) Higher software costs
D) Slower network performance

313. Which of the following is a challenge associated with asset discovery?

A) High implementation cost
B) Network security risks
C) Incomplete or inaccurate asset data
D) Excessive hardware usage

314. What is the role of an asset discovery tool in con guration management?
A) To reduce con guration changes
B) To automate the identi cation and documentation of asset con gurations
C) To limit network access
D) To perform software updates

Con guration Management

315. What is the primary goal of con guration management?

A) To increase network downtime
B) To maintain consistency of an asset’s performance and functionality
C) To reduce the number of assets
D) To delay software updates

316. Which of the following best describes a con guration item (CI)?
A) A software bug
B) Any component that needs to be managed to deliver an IT service
C) An of ce policy
D) An employee’s performance review
317. What is a con guration management database (CMDB)?
A) A nancial ledger
B) A repository that stores information about con guration items
C) A document management system
D) A hardware inventory list

318. Which process ensures that changes to con gurations are systematically
planned and implemented?
A) Incident management
B) Change management
C) Problem management
D) Financial management

319. What is the bene t of using automated con guration management tools?
A) Increased manual work
B) Enhanced accuracy and ef ciency in managing con gurations
C) Reduced network performance
D) Higher software costs

Asset Classi cation and Categorization Patch Management

Asset Classi cation and Categorization

320. What is the purpose of asset classi cation?

A) To increase asset depreciation
B) To organize assets based on their value and criticality
C) To reduce network latency
D) To improve software performance
321. Which of the following is an example of a critical asset category?
A) Of ce furniture
B) Employee uniforms
C) Server infrastructure
D) Cleaning supplies

322. What does asset categorization involve?

A) Assigning assets to speci c locations
B) Assigning assets to prede ned groups based on attributes like function or location
C) Selling unused assets
D) Encrypting all asset data

323. Why is it important to classify and categorize assets?

A) To increase hardware costs
B) To improve compliance with regulations
C) To decrease asset utilization
D) To ignore asset security risks

324. Who is typically responsible for asset classi cation and categorization in an
organization?
A) Human resources department
B) IT department
C) Marketing department
D) Legal department

Patch Management

325. What is the primary goal of patch management?

A) To create new software applications
B) To manage and apply updates to software and systems
C) To increase network downtime
D) To ignore security vulnerabilities

326. Which of the following is a common reason for applying patches?

A) To slow down system performance
B) To introduce new security vulnerabilities
C) To x software bugs and address security vulnerabilities
D) To decrease operational ef ciency

327.When should organizations typically apply patches?

A) Only during non-business hours
B) Immediately after they are released by vendors
C) Once a year
D) Never, if the system is functioning properly

328. What is a patch management policy?

A) A document that outlines the procedures for securing physical assets
B) A set of guidelines and procedures for applying patches in a timely and ef cient
manner
C) A nancial statement
D) A marketing strategy

329. Which of the following is a bene t of effective patch management?

A) Increased security risks
B) Decreased software reliability
C) Reduced exposure to vulnerabilities and cyber attacks
D) Higher software costs
 Asset Life cycle, Retirement and Decommissioning Physical Security Asset
Management Tools

Asset Life cycle, Retirement and Decommissioning

330. What does the asset life cycle refer to?

A) The period of time an asset is used before retirement
B) The process of purchasing assets
C) The time it takes to install an asset
D) The complete stages an asset goes through from acquisition to disposal

331. Why is asset retirement and decommissioning important?

A) To increase the number of assets in use
B) To free up resources and ensure secure disposal of assets
C) To delay software updates
D) To ignore asset security risks

332. Which phase of the asset life cycle involves securely wiping data and removing
asset identi ers?
A) Acquisition
B) Operation
C) Retirement and decommissioning
D) Deployment

333.What is a key consideration during asset retirement and decommissioning?

A) Increasing asset depreciation
B) Environmental impact and regulatory compliance
C) Software performance improvements
D) Hardware costs reduction
334. Who is typically responsible for managing asset retirement and
decommissioning processes?
A) IT department
B) Human resources department
C) Marketing department
D) Legal department

Physical Security

335. What is physical security?

A) Securing data stored in cloud servers
B) Protecting physical assets, facilities, and resources from unauthorized access,
theft, or damage
C) Increasing network speed
D) Improving software usability

336. Which of the following is an example of physical security control?

A) Firewall con guration
B) Encryption of data at rest
C) Security guards
D) Antivirus software

337.Why is physical security important for asset protection?

A) To increase network latency
B) To prevent unauthorized access and theft of physical assets
C) To manage software licenses
D) To ignore asset security risks
338.Which physical security measure protects against unauthorized entry into
buildings?
A) Biometric access controls
B) Data encryption
C) Network segmentation
D) Antivirus software

339.What role does surveillance play in physical security?

A) Increasing hardware costs
B) Monitoring and recording activities to deter and detect unauthorized access
C) Decreasing asset utilization
D) Slowing down system performance

Asset Management Tools

340. What are asset management tools?

A) Tools used for physical asset maintenance
B) Tools used for nancial management
C) Software solutions used to track and manage assets throughout their life cycle
D) Marketing tools

341. Which functionality is typically provided by asset management tools?

A) Employee performance reviews
B) Asset tracking, inventory management, and reporting
C) Social media management
D) Product pricing

342. What is the bene t of using asset management tools?

A) Increased operational costs
B) Enhanced visibility and control over assets
C) Reduced compliance with regulations
D) Higher software costs

343. Which department primarily uses asset management tools?

A) Human resources
B) Finance
C) IT
D) Marketing

344. How do asset management tools contribute to ef ciency?

A) By delaying software updates
B) By automating asset tracking and management processes
C) By increasing network latency
D) By reducing hardware performance

Identity Management Basics, Access Control Models, Identity Federation

Identity Management Basics

345. What is identity management (IDM)?

A) Managing personal nances
B) Managing user identities and their access rights across systems
C) Managing social media accounts
D) Managing physical assets

346.Why is identity management important in IT security?

A) To increase network downtime
B) To manage user access and prevent unauthorized activities
C) To delay software updates
D) To ignore security vulnerabilities
Answer: B) To manage user access and prevent unauthorized activities

347.Which of the following is a component of identity management?

A) Social media management
B) User authentication and authorization
C) Financial management
D) Marketing campaigns
Answer: B) User authentication and authorization

348. What is Single Sign-On (SSO) in identity management?

A) Using a single password for all accounts
B) Signing documents electronically
C) Using multiple passwords for different accounts
D) Automating software updates
Answer: A) Using a single password for all accounts

349.Who typically manages identity management systems in an organization?

A) Human resources department
B) IT department
C) Marketing department
D) Legal department

Access Control Models

350. What is an access control model?

A) A model used for nancial management
B) A framework that determines how access rights are granted to resources
C) A model for managing physical assets
D) A model for marketing strategies

351.Which access control model uses prede ned rules based on roles?
A) Mandatory Access Control (MAC)
B) Role-Based Access Control (RBAC)
C) Discretionary Access Control (DAC)
D) Access Control Lists (ACL)

352. What is the principle behind Role-Based Access Control (RBAC)?

A) Access rights are assigned based on data sensitivity
B) Access rights are assigned based on job functions or roles within an organization
C) Access rights are assigned based on geographical location
D) Access rights are randomly assigned

353. Which access control model uses labels and security clearances to determine
access?
A) Discretionary Access Control (DAC)
B) Mandatory Access Control (MAC)
C) Role-Based Access Control (RBAC)
D) Access Control Lists (ACL)

354. Which access control model allows data owners to determine access
permissions?
A) Mandatory Access Control (MAC)
B) Discretionary Access Control (DAC)
C) Role-Based Access Control (RBAC)
D) Access Control Lists (ACL)

Identity Federation

355. What is identity federation?

A) Managing multiple identities for a single user
B) Sharing identity information across multiple systems and organizations
C) Encrypting all user data
D) Managing social media identities

356. What is the main bene t of identity federation?

A) Increased network latency
B) Simpli ed user access across different systems without the need for multiple
logins
C) Increased software performance
D) Decreased security measures

357. Which protocol is commonly used for identity federation?

A) HTTP
B) SMTP
C) SAML (Security Assertion Markup Language)
D) FTP

358. What role does Identity Provider (IdP) play in identity federation?
A) It manages user identities and attributes
B) It encrypts all user data
C) It blocks access to unauthorized users
D) It manages physical assets
359. Which scenario is suitable for implementing identity federation?
A) Managing only internal user accounts
B) Allowing users to use different passwords for each application
C) Providing seamless access to multiple cloud services
D) Restricting access to a single system

360. What role does Service Provider (SP) play in identity federation?
A) It issues identity tokens
B) It manages user credentials
C) It consumes identity information from Identity Provider (IdP)
D) It encrypts all user data