Endpoint Security Concepts

Question 1

How is risk mathematically calculated in cybersecurity?

Answer 1

Risk = Threat x Vulnerability x Impact

Question 2

What term defines a weakness in a system or design that can be exploited by a threat?

Answer 2

Vulnerability

Question 3

What is the specific tool or code used to take advantage of a system weakness?

Answer 3

Exploit

Question 4

Which strategy involves placing multiple, redundant security controls throughout an IT infrastructure?

Answer 4

Defense-in-Depth

Question 5

What are the three core goals of the CIA Triad?

Answer 5

Confidentiality, Integrity, and Availability.

Question 6

Which component of the CIA Triad focuses on ensuring data is accurate and has not been improperly modified?

Answer 6

Integrity

Question 7

What type of attacker is primarily motivated by financial gain through activities like ransomware?

Answer 7

Organized Crime

Question 8

Which step of the AAA framework involves verifying the identity of a user?

Answer 8

Authentication

Question 9

In the AAA framework, what is the process of tracking and logging user actions called?

Answer 9

Accounting

Question 10

Why are two different passwords considered a single factor of authentication?

Answer 10

They both belong to the same category (something you know).

Question 11

What is the primary difference between symmetric and asymmetric encryption?

Answer 11

Symmetric uses one shared key, while asymmetric uses a public/private key pair.

Question 12

Data that is currently being processed in RAM or by the CPU is in what state?

Answer 12

Data in use

Question 13

Which secure protocol is the encrypted replacement for Telnet for remote management?

Answer 13

SSH (Secure Shell)

Question 14

What vulnerability allows an attacker to hijack traffic by sending false MAC-to-IP mappings?

Answer 14

ARP Spoofing (or ARP Poisoning)

Question 15

Which network segment is used to host public-facing services like web and email servers?

Answer 15

DMZ (Demilitarized Zone)

Question 16

What is the fundamental difference in action between an IDS and an IPS?

Answer 16

An IDS only alerts administrators, while an IPS can actively block or drop traffic.

Question 17

Which wireless encryption standard is the most current and secure?

Answer 17

WPA3

Question 18

What technology authenticates and authorizes a device’s health before allowing it to join a network?

Answer 18

Network Access Control (NAC)

Question 19

Which operating system security model relies on NTFS permissions and Group Policy for control?

Answer 19

Windows

Question 20

In the Linux file permission system, what does the ‘rwx’ notation represent?

Answer 20

Read, Write, and Execute.

Question 21

What is the highest-privilege administrative account in a Linux system?

Answer 21

Root

Question 22

What term describes an attack where a user gains higher access rights than they were intended to have?

Answer 22

Privilege Escalation

Question 23

Why are Linux and macOS generally considered more secure “out of the box” than Windows?

Answer 23

They operate with lower default user permissions (non-administrator accounts).

Question 24

What is the primary function of a host-based firewall?

Answer 24

To control traffic for and protect a specific, individual machine.

Question 25

Why do attackers often use PowerShell for fileless malware attacks?

Answer 25

It is a powerful administrative tool that can execute commands directly in memory.

Question 26

Which command-line tool displays active network connections and listening ports on a host?

Answer 26

netstat

Question 27

What is the purpose of the 'nslookup' or 'dig' command?

Answer 27

To query the DNS system for domain name or IP address mappings.

Question 28

Which tool acts as a command-line packet sniffer to capture and analyze network traffic?

Answer 28

tcpdump

Question 29

What is the first critical step in endpoint security compliance?

Answer 29

Maintaining an accurate hardware and software inventory.

Question 30

What are the components of the '3-2-1 Rule' for data backups?

Answer 30

3 copies of data, 2 different media types, and 1 copy stored off-site.

Question 31

Which regulation focuses on protecting credit card holder data?

Answer 31

PCI DSS

Question 32

What is the primary goal of the HIPAA regulation?

Answer 32

To protect patient health information (PHI).

Question 33

Which European Union regulation protects personal data and privacy?

Answer 33

GDPR (General Data Protection Regulation)

Question 34

What technology is used to manage and secure personal devices in a BYOD environment?

Answer 34

MDM (Mobile Device Management)

Question 35

What is the purpose of patch management?

Answer 35

The systematic process of identifying, testing, and deploying software updates to fix vulnerabilities.

Question 36

Why are firmware updates considered critical for endpoint security?

Answer 36

Firmware exploits can grant attackers deep, persistent access to hardware.

Question 37

Which Windows tool provides a centralized location for system, application, and security logs?

Answer 37

Event Viewer

Question 38

What standard protocol do network devices and Linux systems use to send logs to a central server?

Answer 38

Syslog

Question 39

In log analysis, what is the term for a deviation from normal baseline behavior?

Answer 39

Anomaly

Question 40

What is the first step in the malware removal process?

Answer 40

Scanning the system with anti-malware tools.

Question 41

What is the purpose of 'Quarantine' in malware remediation?

Answer 41

To isolate infected files or systems and prevent the malware from spreading.

Question 42

What is the final step in a malware remediation process to ensure security is restored?

Answer 42

Post-incident review and log analysis.

Question 43

What does a CVE (Common Vulnerabilities and Exposures) identifier represent?

Answer 43

A unique identifier and description for a publicly known cybersecurity vulnerability.

Question 44

What is the difference between active and passive reconnaissance?

Answer 44

Active recon involves direct interaction with the target; passive recon uses indirect sources.

Question 45

How is a 'Port Scan' used during the reconnaissance phase?

Answer 45

To identify which services are listening on a target host's ports.

Question 46

Which risk management plan focuses on keeping the entire business operational during a disaster?

Answer 46

Business Continuity Plan (BCP)

Question 47

Which risk management plan focuses specifically on restoring IT infrastructure after a disaster?

Answer 47

Disaster Recovery Plan (DRP)

Question 48

What is the purpose of a SIEM system?

Answer 48

To centrally collect, correlate, and analyze security logs for real-time threat detection.

Question 49

Which model tracks the seven stages of a cyber attack from reconnaissance to actions on objectives?

Answer 49

The Cyber Kill Chain

Question 50

In digital forensics, what is the 'Chain of Custody'?

Answer 50

A documented history of the handling and possession of evidence to ensure its integrity.

Question 51

What is the 'Principle of Least Privilege'?

Answer 51

Granting a user only the minimum access levels necessary for their job function.

Question 52

Which risk mitigation strategy involves moving the potential loss to a third party like an insurance provider?

Answer 52

Risk Transfer

Question 53

Which risk mitigation strategy involves discontinuing an activity to eliminate its associated risk?

Answer 53

Risk Avoidance

Question 54

Under GDPR, within what timeframe must an organization report a data breach to authorities?

Answer 54

72 hours

Question 55

What is the numerical Linux permission value for a file with read (4) and write (2) access only?

Answer 55

6

Question 56

Which tool provides automated execution of playbooks for security incident response?

Answer 56

SOAR (Security Orchestration, Automation, and Response)

Question 57

Which attack involves flooding a server with SYN requests to exhaust its connection limits?

Answer 57

TCP SYN Flood

Question 58

What is the primary security flaw of MAC filtering in wireless networks?

Answer 58

MAC addresses are easily spoofed by attackers.

Question 59

Which protocol translates domain names into IP addresses and is vulnerable to poisoning?

Answer 59

DNS (Domain Name System)

Question 60

What is the primary function of a proxy server in network security?

Answer 60

To act as an intermediary, filtering content and hiding internal client IP addresses.

Question 61

What does a vulnerability scanner check systems against to identify flaws?

Answer 61

A database of known vulnerabilities (CVEs).

Question 62

Which component of the CIA Triad is addressed by using data redundancy and backups?

Answer 62

Availability

Question 63

What is 'Spear Phishing'?

Answer 63

A targeted phishing attack directed at a specific individual or organization.

Question 64

Which tool displays the Process ID (PID) for active connections when using the command 'netstat -ano'?

Answer 64

Windows Command Prompt / PowerShell

Question 65

What type of control is a firewall primarily considered?

Answer 65

Preventive Control

Question 66

What is the name of the built-in antivirus protection for Windows systems?

Answer 66

Windows Defender (or Windows Security)

Question 67

Which protocol provides reliable, connection-oriented delivery but is susceptible to SYN floods?

Answer 67

TCP (Transmission Control Protocol)

Question 68

What is the primary purpose of asset management in a security context?

Answer 68

To ensure you know what needs protection, as "you can't protect what you don't know you have."

Question 69

In the NIST Incident Response lifecycle, what is the first phase?

Answer 69

Preparation

Question 70

Which wireless standard deprecated WEP due to it being easily cracked?

Answer 70

WPA (and subsequent versions like WPA2/WPA3)

Question 71

What is the term for unauthorized software that encrypts data and demands payment?

Answer 71

Ransomware

Question 72

What is the purpose of hashing a password before storing it?

Answer 72

To protect the password's integrity and ensure the original plaintext cannot be easily recovered.

Question 73

Which command-line interface is commonly used on Linux systems for security administration?

Answer 73

Bash (or CLI)

Question 74

Which regulation applies specifically to student education records in the United States?

Answer 74

FERPA

Question 75

What is the role of an 'Audit Log' in establishing accountability?

Answer 75

It provides a record of which user or process performed a specific action.