Up to this point, we have mostly been discussing how to use what is in place and how to identify what needs to be added. In this chapter, we will look at some of the things that are likely to be missing or inadequate. Remember that we discussed how to identify those items that can be salvaged and those that would be better discarded and replaced. From here on out, we will dwell strictly on the replacements and how to make them quality endeavors. Part and parcel of that quality is to make them instruments of education and, therefore, contributors to the program we are trying to establish.
Too often, enterprises classify cybersecurity as an IT-only activity and discuss risk management exclusively in terms of technology or tools. Yet, multiple studies continuously prove that insiders pose one of the greatest risks to an enterprise's security. Whether accidental or malicious, insider threats can cause enormous financial and reputational damage -- for example, through data loss or exfiltration or falling victim to a phishing attack.
Organizations may instinctually turn to technology as the solution to insider threat prevention. While tools such as data loss prevention, firewalls and email filters may alleviate the symptoms of insider threats, they do nothing to address the root cause. To treat the issue of user-caused incidents at its core, IT leaders need to implement comprehensive and consistent security awareness training.
This security awareness training quiz's questions and answers are designed to test and reinforce understanding of infosec fundamentals. By taking this quiz, IT professionals will be in a better position to educate employees on security best practices at their own organization.
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Information Security Technologies”.
1. _______ is the practice and precautions taken to protect valuable information from unauthorised access, recording, disclosure or destruction.
a) Network Security
b) Database Security
c) Information Security
d) Physical Security
View Answer
Answer: c
Explanation: Information Security (abbreviated as InfoSec) is a process or set of processes used for protecting valuable information for alteration, destruction, deletion or disclosure by unauthorised users.
2. From the options below, which of them is not a threat to information security?
a) Disaster
b) Eavesdropping
c) Information leakage
d) Unchanged default password
View Answer
Answer: d
Explanation: Disaster, eavesdropping and information leakage come under information security threats whereas not changing the default password of any system, hardware or any software comes under the category of vulnerabilities that the user may pose to its system.
3. From the options below, which of them is not a vulnerability to information security?
a) flood
b) without deleting data, disposal of storage media
c) unchanged default password
d) latest patches and updates not done
View Answer
Answer: a
Explanation: Flood comes under natural disaster which is a threat to any information and not acts as a vulnerability to any system.
Note: Join free Sanfoundry classes at Telegram or Youtube
advertisement
advertisement
4. _____ platforms are used for safety and protection of information in the cloud.
a) Cloud workload protection platforms
b) Cloud security protocols
c) AWS
d) One Drive
View Answer
Answer: a
Explanation: Nowadays data centres support workloads from different geographic locations across the globe through physical systems, virtual machines, servers, and clouds. Their security can be managed using Cloud workload protection platforms which manage policies regarding security of information irrespective of its location.
5. Which of the following information security technology is used for avoiding browser-based hacking?
a) Anti-malware in browsers
b) Remote browser access
c) Adware remover in browsers
d) Incognito mode in a browser
View Answer
Answer: b
Explanation: Cyber-criminals target browsers for breaching information security. If a user establishes a remote browsing by isolating the browsing session of end user, cyber-criminals will not be able to infect the system along with browser with malware, ultimately reducing the attack surface area.
Take Cyber Security Mock Tests - Chapterwise!
Start the Test Now: Chapter 1, 2, 3, 4, 5, 6, 7, 8, 9, 10
6. The full form of EDR is _______
a) Endpoint Detection and recovery
b) Early detection and response
c) Endpoint Detection and response
d) Endless Detection and Recovery
View Answer
Answer: c
Explanation: It is a collective name for tools that monitor networks & endpoints of systems and record all the activities for further reporting, analysis & detection in a central database. Analyzing the reports generated through such EDR tools, loopholes in a system or any internal, as well as external breaching attempts can be detected.
7. _______ technology is used for analyzing and monitoring traffic in network and information flow.
a) Cloud access security brokers (CASBs)
b) Managed detection and response (MDR)
c) Network Security Firewall
d) Network traffic analysis (NTA)
View Answer
Answer: d
Explanation: Network traffic analysis (NTA) is an approach of information security for supervising the traffic in any network, a flow of data over the network as well as malicious threats that are trying to breach the network. This technological solution also helps in triage the events detected by Network Traffic Analysing tools.
advertisement
8. Compromising confidential information comes under _________
a) Bug
b) Threat
c) Vulnerability
d) Attack
View Answer
Answer: b
Explanation: Threats are anything that may cause damage or harm to a computer system, individual or any information. Compromising of confidential information means extracting out sensitive data from a system by illegal manner.
9. Lack of access control policy is a _____________
a) Bug
b) Threat
c) Vulnerability
d) Attack
View Answer
Answer: c
Explanation: Access control policies are incorporated to a security system for restricting of unauthorised access to any logical or physical system. Every security compliance program must need this as a fundamental component. Those systems which lack this feature is vulnerable.
advertisement
10. Possible threat to any information cannot be ________________
a) reduced
b) transferred
c) protected
d) ignored
View Answer
Answer: d
Explanation: When there lies a threat to any system, safeguards can be implemented, outsourced, distributed or transferred to some other system, protected using security tools and techniques but cannot be ignored.
Sanfoundry Global Education & Learning Series – Cyber Security.
To practice all areas of Cyber Security, here is complete set of 1000+ Multiple Choice Questions and Answers.
