Objective 1: General Security Concepts Flashcards

Question

Preventive controls are primarily designed to: A. Detect an intrusion B. Block access to a resource C. Report security issues D. Discourage attacks

Answer 1

Answer: B — Preventive = block access. ✅ Explanation (Why the answer is B): Preventive controls are designed to stop something bad from happening before it occurs. They block, prevent, or prohibit unauthorized access or actions. Examples: Firewalls blocking traffic Locks preventing entry Access control lists stopping unauthorized users Password requirements preventing unauthorized logins Preventive = “STOP IT BEFORE IT STARTS.” 🧠 Memory Trick: Think “PREVENT = PRE-VENT” → venting a problem before it happens. Or: “Preventive = The Shield” (shields block things). ❌ Why the Other Answers Are Incorrect: A. Detect an intrusion — Incorrect That is a Detective control (e.g., IDS, logs). It finds problems, it doesn’t stop them. C. Report security issues — Incorrect Reporting is the job of Detective (alerts) or sometimes Corrective controls. Again—it happens after, not before. D. Discourage attacks — Incorrect That describes a Deterrent control (signs, warnings, cameras). Deterrents don’t block—they influence behavior. If you want, I can format this as a flashcard like the others!

Answer 2

Answer: B — Firewall rules are preventive. ✅ Explanation (Why the answer is B): Firewall rules block unauthorized traffic before it reaches a system. That makes them a Preventive control because they stop an attack or unauthorized access in advance. Preventive = Controls that proactively block or restrict actions. Examples: ACLs Password requirements Locked doors Firewalls Encryption (prevents data disclosure) 🧠 Memory Trick: Think: “Firewalls wall off threats.” Walls prevent things from getting in. Or: Preventive = PROACTIVELY PROTECT. ❌ Why the Other Answers Are Incorrect: A. Reviewing system logs — Incorrect This is a Detective control. Logs reveal what already happened; they don’t stop it. C. Warning signs — Incorrect These are Deterrent controls. They discourage but do not prevent or block. D. Fire extinguisher — Incorrect This is a Corrective control. It fixes or reduces impact after an incident (a fire) occurs.

Answer 3

Answer: B — Preventive control slogan. ✅ Explanation (Why the answer is B): “You shall not pass” means you are being stopped before you can get through. That is exactly what a Preventive control does — it blocks, restricts, or prevents an action from occurring. Examples of preventive controls: Firewalls Door locks Access control lists Security gates Preventive = Stops the bad thing before it happens. 🧠 Memory Trick: Think of Gandalf with his staff: “You shall not pass!” = STOP BEFORE ENTRY → Preventive. Preventive = Proactive Protection. ❌ Why the Other Options Are Incorrect: A. Corrective — Incorrect Corrective controls fix problems after they happen (e.g., backups, patches). Gandalf isn’t fixing anything — he’s blocking entry. C. Deterrent — Incorrect Deterrents discourage behavior but don’t stop it. A sign that says “Don’t pass” is deterrent; physically blocking is preventive. D. Compensating — Incorrect Compensating controls are alternatives when the preferred control can’t be used. Nothing in the phrase suggests an alternate safeguard.

Answer 4

Answer: C — Deterrent discourages an attempt. ✅ Explanation (Why the answer is C): Deterrent controls don’t physically block or fix anything—they influence behavior by making potential attackers think twice. Examples of deterrent controls: Warning signs (“Authorized Personnel Only”) Splash screens (“All activity is monitored”) Visible security cameras Security uniforms Deterrent = Psychological barrier, not a physical one. 🧠 Memory Trick: Think: “D = Don’t do it.” Deterrent = Discourage, Don’t attack. ❌ Why the Other Options Are Incorrect: A. Block access — Incorrect That’s a Preventive control (stops the incident physically or digitally). B. Detect attacks — Incorrect That’s a Detective control (logs, monitoring, IDS). D. Automatically restore service — Incorrect That’s a Corrective control (restores after an incident).

Answer 5

Answer: A — Splash screens make attackers think twice. ✅ Explanation (Why the answer is A): An application splash screen that warns users about monitoring or legal restrictions discourages unauthorized access. Deterrent controls influence behavior rather than block, detect, or fix problems. Other examples: Signs (“No Trespassing”) Warning banners on login screens Visible cameras Deterrent = Psychological barrier. 🧠 Memory Trick: Think “Splash screen = Stop or think!” It warns and discourages before someone even tries. ❌ Why the Other Options Are Incorrect: B. Backup recovery — Incorrect That’s a Corrective control. It restores systems after an incident. C. Motion detectors — Incorrect That’s a Detective control. It identifies unauthorized presence. D. Contacting authorities — Incorrect That’s a Corrective control. It responds after an incident occurs.

Answer 6

Answer: B — Deterrent controls. ✅ Explanation (Why the answer is B): Warning signs and posted messages are designed to discourage unauthorized or unsafe behavior. They don’t physically block access or fix problems; they influence behavior. Other examples: “Authorized Personnel Only” signs “Area under surveillance” notices Deterrent = Psychological barrier to reduce risky actions. 🧠 Memory Trick: Think: “Signs = Stop or Think.” If it warns you but doesn’t physically block you, it’s deterrent. ❌ Why the Other Options Are Incorrect: A. Compensating controls — Incorrect Used as a backup when the main control can’t be applied. C. Corrective controls — Incorrect Fix issues after an incident (e.g., fire extinguisher, backup restoration). D. Preventive controls — Incorrect Physically or technically block incidents from happening, not just warn about them.

Answer 7

Answer: B — Detective controls detect and log issues. ✅ Explanation (Why the answer is B): Detective controls are designed to identify and record security events after or during an occurrence. They do not prevent attacks, but they alert or document incidents so corrective or preventive measures can be taken. Examples: System logs Motion detectors Audit trails Intrusion detection systems (IDS) Detective = “Find it when it happens.” 🧠 Memory Trick: Think: “Detective = Detect it.” A detective finds and records the crime, doesn’t stop it. ❌ Why the Other Options Are Incorrect: A. Prevent attacks — Incorrect That’s a Preventive control. C. Block unauthorized access — Incorrect Preventive, not detective. D. Recover from incidents — Incorrect That’s a Corrective control.

Answer 8

Answer: A — System logs. ✅ Explanation (Why the answer is A): System logs record events and activities on a system. They help detect and track unauthorized access or other security incidents. This makes them a Detective control because their main purpose is monitoring and identification, not prevention or correction. Other examples: Reviewing login reports Audit trails Motion detectors Detective = “Detect and report, don’t block or fix.” 🧠 Memory Trick: Think: “Logs = Watchdog journal.” They keep track of what happens so you can spot problems later. ❌ Why the Other Options Are Incorrect: B. Demotion — Incorrect That’s a Deterrent or Corrective control, depending on context. C. Separation of duties — Incorrect That’s a Preventive or Compensating control; it reduces risk before it occurs. D. Power generator — Incorrect That’s a Corrective or Compensating control; it restores operations after a failure.

Answer 9

Answer: B — Detective controls. ✅ Explanation (Why the answer is B): Detective controls are designed to identify, record, and alert to security events that are happening or have already happened. Regular property patrols help spot unauthorized access or suspicious activity. Reviewing login reports identifies unusual or suspicious logins. Detective = “Find the problem while it happens or after it happens.” 🧠 Memory Trick: Think: “Detective = Investigate.” Just like a detective investigates a crime, these controls monitor and log activity. ❌ Why the Other Options Are Incorrect: A. Preventive controls — Incorrect Preventive controls stop incidents before they occur (e.g., locks, firewalls). C. Directive controls — Incorrect Directive controls tell people how to act (e.g., policies, signs). D. Corrective controls — Incorrect Corrective controls restore or fix systems after an incident (e.g., backup restoration, fire extinguishers).

Answer 10

Answer: B — Corrective = after an event. ✅ Explanation (Why the answer is B): Corrective controls are designed to restore systems or data to normal operation after a security incident. They do not prevent or detect incidents; they fix or mitigate the impact after something goes wrong. Examples: Restoring data from backups Applying patches after a breach Fire extinguishers Corrective = “Fix it after it breaks.” 🧠 Memory Trick: Think: “Corrective = Correct it after the problem occurs.” The keyword is “after.” ❌ Why the Other Options Are Incorrect: A. Before an event — Incorrect That’s Preventive control. C. To discourage attacks — Incorrect That’s Deterrent control. D. To replace all other controls — Incorrect Corrective controls don’t replace other controls; they complement them.

Answer 11

Answer: B — Corrective. ✅ Explanation (Why the answer is B): Restoring from backups is done after a ransomware attack to bring systems and data back to normal. This is the essence of a Corrective control: it reacts to an incident to fix or restore. Other examples: Applying patches after an exploit Using a fire extinguisher after a fire starts Corrective = “Fix it after the problem occurs.” 🧠 Memory Trick: Think: “Corrective = Correct after crisis.” Backups are your safety net for post-incident recovery. ❌ Why the Other Options Are Incorrect: A. Preventive — Incorrect Preventive stops incidents before they happen (e.g., firewalls, locks). C. Compensating — Incorrect Compensating controls substitute when a primary control can’t be used. D. Directive — Incorrect Directive controls guide behavior (e.g., policies, signs).

Answer 12

Answer: B — Fire extinguisher. Explanation: Corrective controls mitigate damage after an incident occurs. A fire extinguisher stops or reduces fire damage. Memory Trick: “Corrective = fix the problem now.”

Answer 13

Answer: C — Compensating controls cover control gaps. Explanation: Compensating controls cover gaps when primary controls cannot be implemented. Memory Trick: “Compensating = filling in the gap.”

Answer 14

Answer: B — Compensating. Explanation: This is a temporary alternative when the primary solution isn’t ready. Memory Trick: “Compensating = backup plan until fixed.”

Answer 15

Answer: A —Compensating. Explanation: Ensures coverage and mitigates risk when a single guard isn’t enough. Memory Trick: “Two guards = safety backup.”

Answer 16

Answer: A — Enforce compliance through policies. Explanation: Directive controls tell people how to act via rules, procedures, or signs. Memory Trick: “Directive = directions for behavior.”

Answer 17

Answer: A — Compliance policies. Explanation: Policies direct employee behavior to follow security rules. Memory Trick: “Directive = policy guide.”

Answer 18

Answer: B — Directive control Explanation: Sign instructs people on allowed behavior, without physically blocking them. Memory Trick: “Directive = tells you what to do.”

Answer 19

Answer: A — Technical/Preventive. Explanation: Firewall prevents unauthorized access using technology. Memory Trick: “Tech + Prevent = digital gatekeeper.”

Answer 20

Answer: B — Deterrent. Explanation: Splash screens warn or discourage attackers but don’t block access. Memory Trick: “Splash = scare off intruders.”

Answer 21

Answer: B — Technical/Detective. Explanation: System logs detect incidents and track events using technology. Memory Trick: “Logs = detective notes for IT.”

Answer 22

Answer: B — Corrective. Explanation: Backup restores data after incidents. Memory Trick: “Corrective = bring things back online.”

Answer 23

Back: Answer: B — Compensating. Explanation: Temporary solution until the main control (patch) is implemented. Memory Trick: “Compensating = stopgap measure.”

Answer 24

Answer: B — Technical/Directive. Explanation: Policies guide how files are handled via technical systems. Memory Trick: “Policy = tech rules.”

Answer 25

Answer: A — Managerial/Preventive. Explanation: Managerial prevents security mistakes by providing proper guidance to new employees. Memory Trick: “Managerial = manage risk early.”

Answer 26

Answer: C — Deterrent. Explanation: Demotion discourages policy violations through consequences. ✅ Explanation (Why the answer is C): A demotion is used to discourage inappropriate behavior or policy violations. It does not physically block access, detect issues, or restore systems—its purpose is psychological: to deter future violations. Deterrent = “Make people think twice before doing something wrong.” 🧠 Memory Trick: Think: “Demotion = Don’t repeat that action.” It’s a punishment or consequence to prevent repeat behavior. ❌ Why the Other Options Are Incorrect: A. Preventive — Incorrect Preventive stops incidents before they occur (e.g., locks, firewalls). B. Corrective — Incorrect Corrective fixes or restores after an incident. D. Physical — Incorrect Physical controls protect the environment (fences, locks, guard shacks), not behavior.

Answer 27

Answer: A — Managerial/Detective Explanation: ✅ (Why the answer is A): Reviewing login reports involves analyzing system logs to identify unusual or suspicious activity. It is detective because it identifies incidents that have occurred. It is managerial because management or oversight personnel typically perform the review as part of administrative duties. Detective = “Detect and monitor”, Managerial = “Oversight and policy enforcement.” 🧠 Memory Trick: Think: “Manager checks the logs to detect misbehavior.” Managerial = administrative, Detective = finds problems. ❌ Why the Other Options Are Incorrect: B. Operational — Detective control — Incorrect Operational detective controls are routine procedures executed by staff, like patrols, but login report review is usually administrative oversight. C. Technical — Directive control — Incorrect Technical controls enforce policy through systems, and directive controls tell users how to act. D. Physical — Preventive control — Incorrect Physical controls protect the environment (locks, fences) and prevent access, not detect or analyze incidents.

Answer 28

A — Managerial / Corrective ✅ Explanation (Why the answer is A): Policies for reporting issues are managerial because they are established by administration to guide organizational behavior. They are corrective because they define steps to respond to incidents or problems, ensuring proper resolution. Corrective = “Provides a structured way to fix problems after they occur.” Managerial = “Created and enforced by management.” 🧠 Memory Trick: Think: “Manager sets rules to correct mistakes.” Policies direct how to respond when issues happen. ❌ Why the Other Options Are Incorrect: B. Technical — Directive — Incorrect Technical directive controls enforce rules through technology, not via administrative policies. C. Operational — Compensating — Incorrect Operational compensating controls are alternative procedures when a primary control isn’t feasible. D. Physical — Preventive — Incorrect Physical preventive controls block access to resources (locks, fences), not administrative reporting.

Answer 29

Answer: A Compensating Control. ✅ Explanation (Why the answer is A): Separation of duties is implemented when a primary control may not fully prevent risk. For example, splitting responsibilities between multiple people reduces fraud or error. It compensates for potential weaknesses in other controls, making it a Compensating control. Compensating = “Alternative protection when the main control isn’t enough.” 🧠 Memory Trick: Think: “Two heads are better than one — duties separated as backup protection.” If one person makes a mistake, the other mitigates the risk. ❌ Why the Other Options Are Incorrect: B. Preventive — Incorrect Preventive controls directly stop incidents (e.g., locks, firewalls), not substitute for other controls. C. Directive — Incorrect Directive controls tell people how to behave via policies or signs. D. Physical — Incorrect Physical controls protect the environment, not workflows or responsibility allocation.

Answer 30

Answer: A — Managerial / Directive control ✅ Explanation (Why the answer is A): Compliance policies are: Managerial because they are created and enforced by management to ensure the organization follows rules and standards. Directive because they guide employee behavior and set expectations. Directive = “Tells people how to act.” Managerial = “Policy set by management.” 🧠 Memory Trick: Think: “Manager says: Follow the rules!” Policies direct action and are overseen by management. ❌ Why the Other Options Are Incorrect: B. Technical — Preventive — Incorrect Technical preventive controls stop incidents via systems, not policy enforcement. C. Physical — Preventive — Incorrect Physical controls protect the environment (locks, fences), not employee behavior. D. Operational — Detective — Incorrect Operational detective controls monitor actions, they don’t guide behavior.

Answer 31

C. Physical — Preventive ✅ A guard shack is a physical control because it involves a tangible barrier or structure used to secure a location. It is preventive because its presence deters or prevents unauthorized access before any incident occurs. Mnemonic to remember: “Physical barriers prevent problems.” Think: locks, fences, gates, and guard shacks = physical + preventive. Reason other answers are incorrect: A. Technical — Corrective ❌ Technical control involves software, hardware, or IT systems (e.g., firewalls, antivirus, intrusion detection). Corrective means it fixes or mitigates a problem after it happens (e.g., restoring data after a breach). A guard shack is neither technical nor corrective—it doesn’t fix anything after an incident; it prevents it. B. Operational — Preventive ❌ Operational controls are processes or procedures people follow (e.g., security training, background checks). Preventive fits because procedures aim to stop incidents before they happen. A guard shack is not a procedure—it’s a physical structure, so it’s not operational. C. Physical — Preventive ✅ This is correct, as explained: tangible security that prevents unauthorized access. Examples: guard shack, locked doors, fences, security cameras (physical aspect). D. Managerial — Compensating ❌ Managerial controls are high-level policies or directives (e.g., risk assessments, security policies). Compensating controls are backups or alternatives when a primary control isn’t feasible. A guard shack is not a policy or backup control; it’s a primary, physical preventive measure. Quick way to remember: Physical → tangible, real-world barrier Preventive → stops bad things before they happen Guard shack = physical + preventive ✅

Answer 32

Answer: A — Operational/Deterrent. Explanation: A reception desk is operational because it’s part of a process handled by people—staff who monitor visitors and enforce access procedures. It is deterrent because its presence discourages unauthorized entry; people are less likely to try to bypass security when someone is watching. Why the other options are incorrect: B. Physical — Preventive ❌ Physical controls are tangible barriers (fences, locks, guard shacks). A reception desk is not a physical barrier—it’s staffed by people, so it’s operational. C. Operational — Directive ❌ Directive controls are policies or instructions telling people what to do. A reception desk is not a policy; it’s an active process carried out by personnel. D. Managerial — Corrective ❌ Managerial controls are high-level policies (e.g., risk assessments). Corrective controls fix or respond after an incident, which a reception desk does not do. Mnemonic: “Operations that watch = deterrent.” Think: People at desks observe and discourage bad behavior.

Answer 33

Answer: A — Operational/Detective. A. Operational — Detective ✅ Explanation: Property patrols are carried out by people following a procedure, so they are operational controls. They are detective because their purpose is to identify security incidents or irregularities (e.g., trespassing, damage, theft) rather than prevent them. Why the other options are incorrect: B. Managerial — Preventive ❌ Managerial controls are high-level policies or directives. Patrols are actions, not policies. Preventive controls stop incidents before they happen; patrols mostly detect incidents that may already be occurring. C. Technical — Corrective ❌ Technical controls are IT/software-based (like firewalls). Patrols are human activities. Corrective controls fix problems after they occur, which patrols do not directly do. D. Physical — Directive ❌ Physical controls are tangible barriers (fences, locks, guard shacks). Directive controls are policies or rules telling people what to do. Patrols are active monitoring, not a policy or a physical barrier. Mnemonic: “Operational detectives watch for trouble.” Think: Patrolling = looking and reporting, not stopping or fixing.

Answer 34

The correct answer is: C. Provides proof that a message or action came from a specific user ✅ Explanation: Non-repudiation ensures that someone cannot deny having performed a specific action or sent a message. This is usually achieved with digital signatures, certificates, or audit logs, which provide verifiable proof of origin. Why the other options are incorrect: A. Ensures only authorized users can access data ❌ This describes confidentiality, not non-repudiation. B. Ensures data cannot be altered ❌ This describes integrity, not non-repudiation. D. Ensures systems remain online during failures ❌ This describes availability, not non-repudiation. Mnemonic: “Non-repudiation = No denials allowed.” Think: Digital signatures prove exactly who did what and when.

Answer 35

Answer: B ✅ Explanation: The first step in creating a digital signature is to generate a hash of the plaintext. This hash represents a unique fingerprint of the data before it is encrypted with the sender’s private key.

Answer 36

Answer: B ✅ Explanation: Encrypting the hash with Alice’s private key creates a digital signature. This allows anyone with Alice’s public key to verify the signature and ensures non-repudiation, proving Alice sent it.

Answer 37

Answer: D ✅ Explanation: Bob uses Alice’s public key to decrypt the digital signature. This allows him to obtain the hash Alice created and verify the message’s authenticity.

Answer 38

Answer: B - By hashing the plaintext he received and comparing it to the decrypted hash from the digital signature ✅ Explanation: Bob hashes the received plaintext and compares it to the hash obtained from the decrypted digital signature. If the hashes match, the message is authentic and unaltered.

Answer 39

Answer: B ✅ Explanation: Digital signatures ensure integrity (message hasn’t been altered) and non-repudiation (sender cannot deny sending the message).

Answer 40

Correct Answer: B. Comparing current security posture to a desired future state Explanation (concise) A security gap analysis identifies the difference between where your security is now and where it needs to be based on standards, policies, or desired maturity. It highlights weaknesses, missing controls, and areas to improve. • A is wrong — not about cost. • C is too narrow — gap analysis includes more than regulations. • D is wrong — incident response testing is just one component. Mnemonic “NOW vs. NEXT” • NOW = current security state • NEXT = desired future state Gap analysis = finding the space in between. Or: “MAP the GAP” • Measure current • Aim for desired • Pinpoint the gaps

Answer 41

Correct: B Correct Answer: B. End goal/target framework Explanation (concise) In a gap analysis, organizations often use ISO/IEC 27001 as the target or desired security standard. They compare their current security posture to the requirements of ISO 27001 to see what’s missing. • A is wrong — the baseline is the organization’s current posture, not ISO. • C is wrong — ISO isn’t vendor-specific. • D is wrong — ISO is an international standard, not internal. Mnemonic “ISO = I Should Obtain” → It’s the goal you want to reach.

Answer 42

Correct Answer: B. Use NIST SP 800-171 baseline Explanation (concise) When no internal documentation exists, you must rely on an industry-recognized security framework as the baseline. NIST SP 800-171 provides a standardized set of security controls, especially useful for organizations that lack documented policies. • A is wrong — employee opinions are not a security standard. • C is wrong — you must use some baseline for a gap analysis. • D is wrong — reviewing firewall rules is not a baseline. ⸻ Mnemonic “No docs? Use NIST.” If the organization has no written policies, default to a recognized external framework.

Answer 43

Correct Answer: B. Assessing training and experience Explanation (concise) Evaluating people and processes focuses on human factors and operational workflows, such as: • Staff training levels • Staff experience • How processes are performed • Whether procedures are followed correctly The other options relate to technical controls, not people or processes. • A Heatmaps → risk visualization • C Installing firewalls → technical control • D Packet captures → network analysis Mnemonic “People = Prep & Practice” → Training (prep) + Experience (practice).

Answer 44

Correct: B Explanation: Before comparing, you must understand current processes. Correct answer: B. Examine current processes Explanation (concise): Researching existing systems and evaluating policies is all about understanding what you currently have in place. That falls under the step where you assess the present state before identifying gaps—this is examining current processes. You can’t compare to the desired end state until you know where you are now. Mnemonic: “Now Before Next” → Now = B = B. Examine Baseline (current processes) before moving to the next steps.

Answer 45

Correct answer: B. Evaluating existing systems + identifying weaknesses Explanation (concise): The compare-and-contrast stage of a gap analysis is where you look at what currently exists, compare it to the desired standard, and identify weaknesses or gaps. That is exactly what option B describes. Mnemonic: “C&C = Check & Critique” → In the Compare & Contrast step, you Check what you have and Critique what’s missing.

Answer 46

Correct Answer: C. Get detailed analysis Explanation (concise): Breaking categories into smaller pieces allows you to analyze each part thoroughly so gaps, weaknesses, and inconsistencies become clear. It improves accuracy—not length, blame, or control-counting. Mnemonic: “Break small to see all.” Breaking things down = seeing everything clearly → detailed analysis.

Answer 47

Correct answer: B. Formal description of current state + recommendations Explanation (concise): The analysis & report phase of a gap analysis documents the current state, identifies gaps, and provides recommendations to close those gaps. It does not involve selecting frameworks, training users, or updating technical controls. Mnemonic: “A&R = Analyze & Recommend.” This phase analyzes what exists and recommends what to fix.

Answer 48

Correct: B Explanation: Gap analysis must include a roadmap. The only deliverable that shows the current state → future state plan is the path/roadmap. This is basically a gap analysis and action plan. Mnemonic: Path = Plan Ahead To Horizon. Mnemonic: “B = Bridge.” You need a bridge from where you are to where you want to go.

Answer 49

Answer: C. Never trust, always verify Explanation: Zero Trust means every request is treated as untrusted, even if it comes from inside the network. Verification happens every time. Mnemonic: “Zero Trust = Zero automatic trust.”

Answer 50

Answer: B. Inside is open with few controls Explanation: Traditional networks rely on a strong perimeter. Once you’re inside, there’s too much implicit trust, minimal segmentation, and weaker internal controls — which is exactly what Zero Trust fixes. Mnemonic: “B = Bubble.” Traditional networks are a bubble: hard outside, soft inside.

Answer 51

Answer: B. Holistic approach covering devices, processes, people Explanation: Zero Trust isn’t a single tool. It’s a full security strategy that applies verification and least privilege across users, devices, apps, data, and workflows. Mnemonic: “Zero Trust = Big picture.” So the answer is B.

Answer 52

Answer: B. Physical, virtual, cloud components Explanation: Planes of operation (data plane, control plane, management plane) apply across all types of infrastructure — physical hardware, virtual systems, and cloud environments. Mnemonic: “Planes fly everywhere.”

Answer 53

Answer: B. Data plane Explanation: The data plane is responsible for actual traffic movement → forwarding, switching, trunking, NAT, encapsulation, etc. Mnemonic: “Data = Do.” The data plane does the work of moving packets.

Answer 54

Answer: B. Defining policies + routing tables Explanation: The control plane makes the decisions—it builds routing tables, applies policies, manages protocols (OSPF, BGP), and tells the data plane how to forward. Mnemonic: “Control = Commands.” The control plane commands the data plane.

Answer 55

Correct Answer: B. Adaptive identity Explanation: Adaptive identity adjusts access based on multiple attributes (user, device, location, behavior) and changes trust dynamically. It’s part of modern Zero Trust identity systems. • Security zones = network segmentation • Data masking = hiding sensitive fields • Tokenization = replacing data with tokens ⸻ Mnemonic: “Adaptive = Adjusts.” Adaptive identity adjusts access as conditions change → B.

Answer 56

Answer: C. Policy Administrator Explanation: The Policy Administrator (PA) is the component that: • Generates access tokens • Sends instructions to the PEP on what to allow or deny • Acts as the bridge between the decision (PDP) and the enforcement (PEP) PDP = decides PA = delivers PEP = enforces Mnemonic: “Administrator = Action.” The PA takes action by sending tokens + commands to the PEP.

Answer 57

Answer: B. Evaluates access decisions using policies Explanation: The Policy Engine (PE) is the decision-maker in a Zero Trust or access control system. It: • Uses defined policies to decide whether access should be allowed or denied • Works with the Policy Administrator to enforce decisions via the PEP • A = strengthens auth, but not the main role • C = logging is separate • D = routing is data plane Mnemonic: “Engine = Evaluate.” The Policy Engine evaluates access requests → B.

Answer 58

Answer: B. Gatekeeper that allows/monitors/terminates Explanation: The Policy Enforcement Point (PEP) is the enforcement component in an access control system. It: • Allows or denies access based on the Policy Engine’s decisions • Monitors sessions • Terminates connections if policy conditions are violated • A = logging is separate • C = token generation is done by Policy Administrator • D = not limited to VPNs Mnemonic: “PEP = Protector.” PEP protects access points by enforcing policy → B.

Answer 59

Correct Answer: B. Deny unless explicitly allowed Explanation: This is the default-deny principle, a core part of Zero Trust and secure network segmentation: • Traffic from an untrusted zone is denied by default • Access is only granted if a specific policy or rule explicitly allows it • Helps enforce least privilege and reduces risk of compromise • A = unsafe, opposite of Zero Trust • C = encryption is separate from access control • D = bypassing inspection defeats security ⸻ Mnemonic: “Zero Trust = Zero free passes.” Nothing from untrusted → trusted is allowed unless explicitly permitted → B.

Answer 60

Answer: B. Traffic origin/destination context Explanation: Security zones segment a network into logical areas (trusted, untrusted, DMZ, etc.) to help control and inspect traffic. They provide context about where traffic is coming from and where it’s going, which guides policy decisions. • A = hashing is unrelated • C = firewall vendor is irrelevant • D = cable type doesn’t define zones Mnemonic: “Zones = Where traffic goes.” Security zones tell you the origin and destination context → B.

Answer 61

Answer: B. Barricades/Bollards Explanation: Barricades and bollards are physical security controls that: • Channel pedestrian traffic safely • Block or slow vehicles from entering restricted areas • A = fencing is a general boundary, not traffic-specific • C = guards monitor but don’t physically channel traffic • D = lighting deters, but doesn’t physically block Mnemonic: “B = Barrier for both.” Barricades/Bollards block vehicles and guide people →

Answer 62

Answer: C. One must close before other opens Explanation: An access control vestibule (mantrap) is a small room with two interlocking doors. Its security principle: • Only one door can open at a time • Ensures identity verification before entering a secure area • Prevents tailgating and unauthorized access • A/B = defeats security • D = mantraps control ingress and egress, not just exit Mnemonic: “Mantrap = One at a time.” Only one door opens at a time

Answer 63

Correct Answer: B. Mantrap Explanation: A mantrap is a dual-door access control vestibule: • Only one door can open at a time • Ensures the person is authenticated before entering the secure area • Physically prevents tailgating • A = swing doors do not prevent tailgating • C = fence defines perimeter but doesn’t control individual entry • D = motion light deters but doesn’t physically block access ⸻ Mnemonic: “Mantrap = No sneaky entry.” Mantraps trap one person at a time, preventing tailgating →

Answer 64

Answer: B. Cannot see through (privacy) Explanation: Opaque fencing is designed to block visibility for security and privacy purposes: • Prevents outsiders from seeing inside a secure area • Often used around sensitive facilities • A = see-through fencing is transparent • C = decorative doesn’t define opacity • D = electrified is about deterrence, not visibility Mnemonic: “Opaque = Out of sight.” You cannot see through

Answer 65

Answer: C. Recording & guard replacement/supplement Explanation: CCTV (Closed-Circuit Television) is primarily used to: • Record activity for review or evidence • Supplement security personnel by monitoring areas remotely • Does not automatically enforce or arrest • A = CCTV can be bypassed • B = arrests require human action • D = CCTV doesn’t replace lighting Mnemonic: “CCTV = Capture & Track.” It records events and supports guards

Answer 66

Answer: B. Object detection w/ motion recognition Explanation: For restricted-zone alerts, the system needs to detect movement or intrusion in a defined area. • Object detection with motion recognition can identify unauthorized entry and trigger alarms in real time. • A = IR detection senses heat but may give false positives • C = Ultrasonic sensing is for proximity, not large zones • D = Microwave sensing detects movement but is less precise than motion recognition for restricted zones Mnemonic: “Motion = Must alert.” Use motion recognition to catch intrusions

Answer 67

B. Physical protection + ID validation Explanation: Security guards provide: • Physical protection of assets and people • ID validation to control access • Can respond to incidents and deter unauthorized activity • A = detectives investigate, not general access control • C = replacing badges is administrative • D = weapons are optional, not defining ⸻ Mnemonic: “Guards = Gatekeepers.” They protect and check IDs

Answer 68

Answer: B. Picture, name, details; electronically logged Explanation: An access badge typically contains: • Photo for visual ID • Name and role • Electronic credentials that are logged when used for access control • A = MAC/IP are network identifiers, not on badges • C = SSN is sensitive, not standard on badges • D = Fingerprint may be used for biometrics, but badges are more than that Mnemonic: “Badge = ID + Log.” Badge shows who you are and records your entry

Answer 69

Answer: B. Attackers avoid light; cameras see better Explanation: Proper security lighting: • Deters attackers by exposing them • Improves visibility for CCTV and guards • Enhances overall situational awareness • A = wrong, light deters, not helps • C = lighting does not replace CCTV • D = cosmetic is secondary Mnemonic: “Light = Lurk-proof.” Bright areas make it harder for attackers to hide

Answer 70

B. Infrared Explanation: Infrared (IR) sensors detect heat signatures from people or objects. • Works in light or darkness • Often used in motion detection and restricted area alerts • A = pressure requires physical contact • C = ultrasonic detects movement via sound waves • D = microwave detects motion via radio waves, not heat ⸻ Mnemonic: “IR = Invisible heat.” Detects body heat in dark or light → B.

Answer 71

Answer: B. Pressure Explanation: Pressure sensors detect changes in force or weight applied to a surface. • Often used in floormats or entryways to detect someone stepping on them • Trigger alarms when force is applied • A = IR detects heat • C = Microwave detects motion via radio waves • D = Ultrasonic detects motion via sound waves Mnemonic: “Pressure = Pushed.” Detects force applied

Answer 72

Answer: A. Microwave Explanation: Microwave sensors use radio frequency (RF) waves to detect movement over a wide area. • They can penetrate light walls or obstacles • Often used for perimeter or large-area intrusion detection • B = Ultrasonic uses sound waves, not RF • C = Pressure detects force • D = IR detects heat Mnemonic: “Microwave = Motion waves.” RF waves detect movement in wide areas

Answer 73

Answer: A. Ultrasonic Explanation: Ultrasonic sensors: • Send high-frequency sound pulses • Detect movement by measuring reflections/echoes from objects • Used for motion detection and proximity sensing • B = Microwave uses RF waves • C = IR detects heat • D = Vibration detects physical shaking Mnemonic: “Ultrasonic = Echo check.” Sends sound pulses and listens for echoes

Answer 74

Answer: B. Fake vulnerable system to attract attackers Explanation: A honeypot is a decoy system designed to: • Appear vulnerable to attackers • Attract and monitor attacks without risking real assets • Help security teams analyze tactics and gather intelligence • A = patching secures systems • C = logging platform records events but isn’t a decoy • D = VPN endpoint allows remote access Mnemonic: “Honeypot = Hacker bait.” It lures attackers →

Answer 75

Correct: B Explanation: Many free honeypots exist. Mnemonic: Honey = Hundreds of options.

Answer 76

B. Open-source, many options Explanation: Modern honeypots: • Are open-source, with many tools and frameworks available (e.g., Cowrie, Honeyd) • Allow customization and community contributions • Can be deployed in virtual environments for research without affecting production • A = many are open-source, not strictly closed • C = not limited to vendors • D = air-gapped is optional, not defining ⸻ Mnemonic: “Honeypot = Hacker playground.” Open-source honeypots give lots of options

Answer 77

Answer: B. Can be used by attackers to pivot if not isolated Explanation: The major risk of honeypots is that if they are not properly isolated, attackers who compromise them could: • Move laterally into real systems • Use the honeypot as a launch point for attacks • A = honeypots always log activity by design • C = they are specifically meant to capture attacker tools and behavior • D = physical access is not typically required Mnemonic: “Honeypot = Hidden trap.” If not isolated, it can backfire on your network →

Answer 78

Correct Answer: B. Lure attackers + trigger alert Explanation: A honeyfile is a decoy file designed to: • Appear valuable to attackers • Trigger alerts when accessed • Help security teams detect intrusion attempts • A = honeyfiles contain fake data, not real creds • C = storage is irrelevant • D = encryption is unrelated ⸻ Mnemonic: “Honeyfile = Hacker bait file.” It lures attackers and signals intrusion

Answer 79

Correct Answer: B. Tracking malicious actors + data misuse Explanation: Honeytokens are decoy data elements designed to: • Appear valuable (like fake API keys, credentials, or documents) • Detect unauthorized access or misuse • Help identify attackers or insider threats • A = they are not for legitimate developer use • C = unrelated to multi-factor authentication • D = unrelated to logs ⸻ Mnemonic: “Honeytoken = Honey trap for data.” It triggers alerts when misused → B.

Answer 80

⸻ Correct Answer: B. Honeytoken Explanation: A honeytoken is any decoy data or resource that: • Appears legitimate or valuable • Triggers an alert when accessed • Can include files, credentials, or accounts (like a fake email) • A = honeynet = entire network of decoys • C = honeyfile = decoy file on a system • D = real email = legitimate account ⸻ Mnemonic: “Honeytoken = Bait that alerts.” Fake email triggers alerts → B.

Answer 81

Answer: B. Stating who you claim to be (username) Explanation: In AAA (Authentication, Authorization, Accounting): • Identification = claiming an identity (e.g., entering a username) • Authentication = proving that claim (password, biometrics) • Authorization = determining what actions are allowed • Accounting = tracking activities • A = proving identity = Authentication • C = tracking actions = Accounting • D = assigning roles = Authorization Mnemonic: “I = Introduce yourself.” Identification = state who you are

Answer 82

Answer: B. Proving identity (passwords/MFA) Explanation: In AAA (Authentication, Authorization, Accounting): • Authentication = verifying that the claimed identity is genuine using credentials like: • Passwords • MFA (multi-factor authentication) • Biometrics • A = tracking usage = Accounting • C = assigning access = Authorization • D = logging off = not AAA-related

Answer 83

Answer: C. What you can do Explanation: In AAA (Authentication, Authorization, Accounting): • Authorization = determining permissions and access rights after identity is authenticated • Controls what resources or actions a user is allowed to perform • A = who you are = Identification • B = how you prove it = Authentication • D = what you logged = Accounting Mnemonic: “Authorization = Access allowed.” It defines what you’re allowed to do

Answer 84

Correct answer: B. Login time, data used, logout time Explanation (concise): In AAA (Authentication, Authorization, Accounting), Accounting tracks user activity: when they logged in, what resources they accessed, how much data they used, and when they logged out. Mnemonic: “Accounting = Activity.” If it tracks user activity, it’s Accounting.

Answer 85

Correct Answer: B. Certificate authentication Explanation: Using digital certificates to verify a device or user is certificate-based authentication, which ensures that only trusted devices can access resources. It is not password rotation, tokenization, or single sign-on. Mnemonic: “Cert = Certain device access.” Certificate authentication = guarantees access only to approved devices.

Answer 86

Correct answer: C. Reduces complexity + supports many users/resources Explanation (concise): A well-designed authorization model (like RBAC—Role-Based Access Control) simplifies management by grouping users and resources, reducing administrative overhead while supporting a large number of users and resources efficiently. It does not remove authentication or make things more complex. Mnemonic: “Auth model = Simplify + Scale.” Authorization models reduce complexity and scale easily.

Answer 87

Correct answer: C. Does NOT scale, hard to justify rights Explanation (concise): Without an authorization model, access is assigned individually, making it difficult to manage as the number of users and resources grows. This leads to inefficiency and challenges in justifying or auditing permissions. Mnemonic: “No model = No scale.” Without a model, access management becomes unscalable and confusing.

Answer 88

Correct answer: B. How to make technical changes Explanation (concise): Technical change management deals with the processes, procedures, and controls for implementing technical changes safely and efficiently—like system upgrades, patches, or configuration changes. It’s not about why changes occur, financing, or general awareness training. Mnemonic: “Tech Change = How to Change.” Focus is on the how of implementing technical modifications.

Answer 89

Correct answer: B. Nothing runs unless approved Explanation (concise): An allow list (or whitelist) is a security approach where only pre-approved applications, IPs, or users are permitted; everything else is blocked by default. This is the opposite of a block list, which allows everything except what’s explicitly blocked. Mnemonic: “Allow list = Only Allowed.” If it’s not on the list, it cannot run.

Answer 90

Correct answer: B. Public key bound to identity Explanation (concise): A digital certificate is a cryptographic credential that links a public key to a specific identity (person, device, or organization). It’s used to verify authenticity, encrypt communications, and support secure authentication. Mnemonic: “Cert = Confirms Identity.” The certificate proves the public key belongs to the stated owner.

Answer 91

Correct answer: C. Add trust via CA Explanation (concise): A digital signature on a certificate is applied by a Certificate Authority (CA) to verify that the certificate is legitimate and has not been tampered with. This adds trust, allowing others to rely on the certificate’s authenticity. It is not primarily for encryption, anonymity, or key stretching. Mnemonic: “Signed by CA = Trusted Authority.” The signature proves the certificate can be trusted.

Answer 92

Correct answer: B. Certificate Authorities Explanation (concise): Public Key Infrastructure (PKI) establishes trust by having Certificate Authorities (CAs) issue and digitally sign certificates. These certificates confirm that a public key truly belongs to the stated entity, enabling secure communications. Mnemonic: “PKI Trust = CA Verified.” CAs are the backbone of PKI trust.

Answer 93

Correct answer: C. OS services Explanation (concise): Certificate creation and management is commonly built into operating system services, such as Windows Certificate Services or Linux OpenSSL tools. These handle generating keys, signing requests, and managing certificates. It’s not typically a function of browsers, routers, or switches. Mnemonic: “OS = Owns Certificates.” Operating systems provide the built-in tools for certificate management.

Answer 94

Correct answer: C. Certificate format Explanation (concise): X.509 is the standard format for digital certificates. It defines the structure for public key certificates, including fields like the subject, issuer, public key, validity period, and signature. It is not a hashing algorithm, VPN protocol, or key stretching method. Mnemonic: “X.509 = eXact Certificate Format.” It specifies how certificates are structured and interpreted.

Answer 95

Correct answer: D. Password Explanation (concise): An X.509 certificate includes fields like serial number, signature algorithm, holder/subject name, issuer, and public key, but it does not contain passwords. Passwords are never stored in certificates. Mnemonic: “Certs hold keys, not secrets.” Certificates store public keys and identity info, not passwords.

Answer 96

Correct answer: B. Foundational trust anchor Explanation (concise): The root of trust is the foundational trust anchor in a security system—usually a root certificate or hardware component—that other trust relationships rely on. It serves as the ultimate source of trust for verifying identities or keys. Mnemonic: “Root = Reliable Anchor.” All trust in the system stems from this anchor.

Answer 97

Correct answer: B. Trusted party approval Explanation (concise): Systems establish trust with unknown entities through a trusted third party, like a Certificate Authority (CA), which verifies identities and vouches for them. This ensures that unknown parties can be trusted without direct prior knowledge. Mnemonic: “Trust the Trusted.” Unknown = verified by a trusted party before access is allowed.

Answer 98

Correct answer: B. HSM/Secure Enclave Explanation (concise): A Hardware Security Module (HSM) or Secure Enclave acts as a hardware root of trust, securely storing cryptographic keys and performing sensitive operations. It provides a trusted foundation for cryptographic operations, unlike DHCP, DNS, or proxies. Mnemonic: “Hardware = Hands-on Trust.” Physical hardware securely anchors cryptographic trust.

Answer 99

Correct answer: B. Browser has root CA store Explanation (concise): Browsers automatically trust website certificates because they include a built-in store of trusted root Certificate Authorities (CAs). If a website’s certificate is signed by a CA in this store, the browser trusts it. DNS, routers, or key generation do not provide this trust. Mnemonic: “Browser CAs = Instant Trust.” Root CA store = reason certificates are automatically trusted.

Answer 100

Correct answer: B. Validate identity/domain Explanation (concise): When a Certificate Authority (CA) issues a web certificate, its main responsibility is to verify the identity of the requester or the ownership of the domain. The CA does not generate private keys for the user, configure HTTPS, or manage DNS. Mnemonic: “CA = Confirm Authenticity.” CAs ensure the entity requesting the certificate is legitimate.

Answer 101

Correct answer: B. CA validates and signs Explanation (concise): After generating a Certificate Signing Request (CSR), the next step is to send it to a Certificate Authority (CA). The CA validates the identity/domain and then signs the certificate, creating a trusted certificate for use. The private key is never sent. Mnemonic: “CSR → CA Signs.” CSR goes to the CA, which validates and issues the certificate.

Answer 102

Correct answer: B. Medium/large org internal devices Explanation (concise): An internal/private CA is used within an organization to issue certificates for internal devices, users, or services. It’s ideal for medium to large organizations that need control over their own certificate infrastructure. It is not intended for public trust, doesn’t prohibit client certificates, and doesn’t have to be cloud-hosted. Mnemonic: “Private CA = Protect Internal.” Used to secure internal communications and devices.

Answer 103

Correct answer: B. Internal systems Explanation (concise): Self-signed certificates are typically used for internal systems where trust is manually established, such as test environments, internal servers, or dev/test labs. They are not trusted publicly, so they are unsuitable for public websites, email, or widely distributed code signing. Mnemonic: “Self-signed = Safe Inside.” Best for internal use where external trust isn’t required.

Answer 104

Correct answer: B. Install CA root cert Explanation (concise): After creating an internal CA, the root certificate must be installed on all systems that need to trust the CA. This ensures that certificates issued by the internal CA are recognized as valid. RSA, TLS settings, or wildcard certificates are separate considerations. Mnemonic: “Root first = Trust works.” Installing the root cert establishes trust for all issued certificates.

Answer 105

Correct answer: B. Additional identities Explanation (concise): The Subject Alternative Name (SAN) field in a certificate allows inclusion of additional identities such as multiple domain names, subdomains, or IP addresses. It does not store private keys, define key length, or list OCSP responders. Mnemonic: “SAN = Several Addresses Named.” SAN extends the certificate to cover multiple identities.

Answer 106

Correct answer: B. All subdomains Explanation (concise): A wildcard certificate for *.example.com secures all subdomains of example.com (like mail.example.com or shop.example.com) but does not cover different top-level domains (TLDs), only www, or network subnets. Mnemonic: “ = All Subdomains.”* The asterisk in a wildcard cert matches every subdomain of the main domain.

Answer 107

Correct answer: B. CA-maintained revoked list Explanation (concise): A Certificate Revocation List (CRL) is a list maintained by a Certificate Authority (CA) that contains certificates that have been revoked before their expiration date. It is used to check if a certificate is no longer trustworthy. Mnemonic: “CRL = Check Revoked List.” CRL tells systems which certificates should no longer be trusted.

Answer 108

Correct answer: B. Revoke and reissue certificates Explanation: Heartbleed can expose private keys used in TLS/SSL certificates. To restore trust, affected certificates must be revoked and reissued. Simply assuming no impact, or that only CAs or symmetric keys are affected, is incorrect. Mnemonic: “Heartbleed = Heart needs new keys.” Vulnerable servers require new certificates to regain secure communications.

Answer 109

Correct Answer: A. Real-time status check Explanation (concise) OCSP (Online Certificate Status Protocol) lets a client check the revocation status of a certificate in real time by contacting the CA’s OCSP responder. • B CAs issue keys/certs, not OCSP • C Password resets are unrelated • D DNS verification is DNSSEC, not OCSP ⸻ Mnemonic “O-C-S-P = Online Check Status Protocol.” → OCSP = online + status check.

Answer 110

Correct Answer: B. Reduce CA load Explanation (concise) OCSP stapling lets the server fetch and “staple” a recent OCSP response to its TLS handshake. This avoids every client having to contact the Certificate Authority individually. Benefits: • Reduces CA/OCSP responder load • Improves performance • Protects privacy (clients don’t reveal what sites they visit) • Still verifies revocation status Why the others are wrong: • A It does not replace CAs. • C It does not remove TLS; it’s part of TLS. • D It doesn’t eliminate CRLs, just reduces reliance on them. Mnemonic “Stapling = Server handles Status.” → The server does the OCSP check to reduce load on the CA.

Answer 111

Correct Answer: B. OCSP stapling Explanation (concise) OCSP stapling = the server “staples” a signed OCSP status into the TLS handshake so the browser doesn’t need to query the CA. • A CRL = full list downloaded, not in handshake • C Forward secrecy = ephemeral keys, unrelated • D HSTS = forces HTTPS, not OCSP ⸻ Mnemonic “Stapled Status in the Shake.” → OCSP stapling = status stapled into the TLS handshake.

Answer 112

Correct Answer: B. Encrypt all volume data Explanation (concise) Full-disk encryption (FDE) protects the entire storage volume, so if the device is stolen, the data can’t be accessed. • A Row encryption = database feature • C Transit encryption = protects data over the network • D Hashing passwords = authentication control ⸻ Mnemonic “FDE = Full Drive Encrypted.” → Everything on the drive is protected.

Answer 113

Correct Answer: B. Protects stored data and backups within the database files Explanation (concise) Database encryption protects the data stored inside the database structure (tables, indexes, backups). It does not remove the need for TLS in transit and does not focus solely on logs.

Answer 114

Correct Answer: B. Database encrypted without application change Explanation (concise) Transparent Data Encryption (TDE) allows the database to be encrypted at rest without requiring modifications to the application. Applications read/write normally; encryption/decryption happens behind the scenes. • A Wrong — no app changes are needed • C Wrong — it encrypts full database, not just logs • D Wrong — TDE typically uses symmetric keys ⸻ Mnemonic “Transparent = Transparent to the App.” → App doesn’t notice the encryption.

Answer 115

Correct Answer: B. Individual rows or records Explanation (concise) Record-level encryption encrypts specific rows or records, allowing fine-grained protection. It protects sensitive data without the overhead of encrypting the full database. • A Whole DB = full-disk or TDE • C Backups only = backup encryption • D Metadata = does not protect actual data ⸻ Mnemonic “Row = Record” → Only the row/record is encrypted, not the entire database.

Answer 116

Correct Answer: B. For granular protection Explanation (concise) Using separate keys for each column provides granular security, limiting the impact of a key compromise to only that column. • A Sorting is unrelated • C Management becomes more complex, not simpler • D Compression is unrelated ⸻ Mnemonic “Column = Compartmentalize” → Each column gets its own key for granular protection.

Answer 117

Correct Answer: B. HTTPS Explanation (concise) Transport encryption protects data while moving over networks. HTTPS (HTTP over TLS/SSL) encrypts traffic between the client and server. • A BitLocker = full-disk encryption (at rest) • C Hashing = one-way data transformation • D Tokenization = replaces sensitive data with a token ⸻ Mnemonic “Transport = Transit” → HTTPS encrypts data in transit.

Answer 118

Correct Answer: B. VPN Explanation (concise) A VPN (Virtual Private Network) encrypts all traffic between the remote device and the corporate network, creating a secure tunnel over untrusted networks. • A Full disk = protects data at rest • C Hashing emails = protects integrity, not traffic • D SAN certificate = secures TLS for multiple domains, not all remote traffic ⸻ Mnemonic “VPN = Virtual Private Network = Everything Encrypted.” → All remote traffic goes through the encrypted tunnel.

Answer 119

Correct Answer: A. IPsec Explanation (concise) IPsec (Internet Protocol Security) is commonly used for site-to-site VPNs, encrypting traffic between entire networks over untrusted networks. • B HTTP = web traffic, not VPN • C FTP = file transfer only • D SMTP = email only ⸻ Mnemonic “Site-to-Site = IPsec Inside.” → IPsec secures network-to-network VPN connections.

Answer 120

Correct Answer: B. Both sides agree Explanation (concise) Algorithm negotiation allows both parties to agree on compatible cryptographic algorithms (cipher, key exchange, hash) before communication begins. • A One algorithm only = too rigid, may not be compatible • C Secret algorithms = not the purpose of negotiation • D Manual selection = negotiation is automatic in protocols like TLS ⸻ Mnemonic “Negotiate = Nod Together.” → Both sides must agree on the algorithms.

Answer 121

Correct Answer: B. Security, speed, complexity Explanation (concise) Cryptography involves tradeoffs between: • Security – strength of encryption • Speed/Performance – how fast encryption/decryption occurs • Complexity/Management – difficulty of implementation and key management • A Voltage = irrelevant • C Monitor specs = unrelated • D MAC/IP = networking terms, not crypto tradeoffs ⸻ Mnemonic “Crypto = SSC” → Security, Speed, Complexity → Pick the right balance for your environment.

Answer 122

Correct Answer: B. Algorithm Explanation (concise) According to Kerckhoffs’s Principle, the security of a system should rely only on the secrecy of the key, not the algorithm. • Keys must remain secret • Algorithms are public and can be widely analyzed • Plaintext may be sensitive but could be known • Random sources for keys must remain private ⸻ Mnemonic “Algorithm = Always Public” → Keys are secret, algorithms are not.

Answer 123

Correct Answer: B. Determines output Explanation (concise) The key directly affects the ciphertext output. Even with the same algorithm, different keys produce different ciphertexts. Without the correct key, decryption is impossible. • A Choosing a hash = not the key’s role • C Replacing passwords = unrelated • D Configures DNS = unrelated ⸻ Mnemonic “Key = Key to Output” → The key determines the encrypted result.

Answer 124

Correct Answer: B. Longer keys = stronger security Explanation (concise) Longer keys increase the number of possible combinations, making brute-force attacks more difficult. • A Short keys = weaker, not secure • C Key length definitely affects security • D Key length matters for encryption, not just hashing ⸻ Mnemonic “Long Key = Strong Lock” → Longer key = harder to break.

Answer 125

Correct Answer: C. 128+ Explanation (concise) Modern symmetric algorithms like AES use 128, 192, or 256-bit keys. These provide strong security against brute-force attacks. • A 56 bits = DES (outdated, insecure) • B 64 bits = too small, vulnerable • D 20 bits = extremely weak ⸻ Mnemonic “AES = Always 128+” → Symmetric keys today are 128 bits or longer.

Answer 126

Correct Answer: C. Prime factorization is harder Explanation (concise) Asymmetric algorithms (like RSA) rely on hard mathematical problems such as prime factorization. To achieve equivalent security to symmetric encryption, larger keys are required because the math is more computationally intensive to break. • A Weak math = incorrect • B Only hashing = unrelated • D No hardware = irrelevant ⸻ Mnemonic “Asymmetric = Big Keys for Hard Math” → Hard math (prime factorization) = need bigger keys.

Answer 127

Correct Answer: B. Repeated hashing Explanation (concise) Key stretching strengthens weak keys (like passwords) by repeatedly hashing them, increasing the time required for an attacker to attempt brute-force attacks. • A Adding bits = not typical key stretching • C Compressing = unrelated • D Rotating keys = key management, not stretching ⸻ Mnemonic “Stretch = Hash Again & Again” → Repeated hashing makes weak keys stronger.

Answer 128

Correct Answer: B. Slows brute-force attacks Explanation (concise) Key stretching increases computational effort for each password attempt, making brute-force or dictionary attacks slower and more difficult. • A Confidentiality = general data protection • C Integrity = ensures data isn’t altered • D Availability = unrelated ⸻ Mnemonic “Stretch = Slow Attack” → Repeated hashing slows brute-force attempts.

Answer 129

Correct Answer: B. Share the key safely Explanation (concise) Key exchange algorithms (like Diffie-Hellman) allow two parties to establish a shared secret key over an insecure channel without transmitting the key in plaintext. • A Compressing files = unrelated • C Storing logs = unrelated • D Rotating passwords = key management, not exchange ⸻ Mnemonic “Key Exchange = Safe Sharing” → Solve the problem of sharing a secret key securely.

Answer 130

Correct Answer: B. USB courier Explanation (concise) Out-of-band key exchange uses a separate, trusted channel to share keys. A USB delivered by courier ensures the key isn’t exposed over the insecure network. • A TLS = in-band, over network • C Server public key = in-band asymmetric exchange • D Same email = still in-band ⸻ Mnemonic “Out-of-Band = Outside the Network” → Use a separate channel, like physical delivery, for key exchange.

Answer 131

Correct Answer: B. Encrypt session key with server public key Explanation (concise) In-band asymmetric key exchange transmits the key over the same network channel using asymmetric encryption. The client encrypts the session key with the server’s public key, so only the server can decrypt it. • A Phone call = out-of-band • C USB courier = out-of-band • D DNS = not typically used for secure key exchange ⸻ Mnemonic “In-Band = Encrypt Over the Channel” → Use asymmetric encryption to send keys safely through the network.

Answer 132

Correct Answer: B. Temporary symmetric key Explanation (concise) A session key is: • Temporary – used only for a single session • Symmetric – both parties use the same key for encryption and decryption • A Long-term key = master key or private key • C Hash-only = not used for encryption • D Asymmetric key = used for key exchange, not for session data encryption ⸻ Mnemonic “Session Key = Short & Symmetric” → Temporary symmetric key for one session.

Answer 133

Correct Answer: B. Keep throughput high Explanation (concise) Fast encryption prioritizes high throughput, often using symmetric algorithms (like AES) optimized for performance. • A Short keys = insecure • C Skipping authentication = compromises integrity • D Avoiding symmetric = slows down encryption (asymmetric is slower) ⸻ Mnemonic “Fast = Flowing Data” → Keep throughput high for fast encryption.

Answer 134

Correct Answer: B. Policies, people, hardware Explanation (concise) Public Key Infrastructure (PKI) is the framework that includes: • Policies for certificate management • People to manage operations • Hardware/software for issuing, storing, and revoking certificates • A TLS server = just one component • C Password rules = unrelated • D VPN = unrelated ⸻ Mnemonic “PKI = Policy, People, Infrastructure” → It’s the system managing digital certificates.

Answer 135

Correct Answer: B. People or devices Explanation (concise) PKI certificates associate a public key with a verified entity, such as a person or device, ensuring authenticity in communications. • A IP addresses = not unique to identity • C MAC addresses = network layer, not identity • D Random numbers = meaningless for identification ⸻ Mnemonic “PKI = Public Key for People/Devices” → Binds keys to verified entities.

Answer 136

Correct Answer: B. Uses one shared key Explanation (concise) Symmetric encryption uses a single shared key for both encryption and decryption. It is fast and efficient for large datasets. • A Two keys = asymmetric encryption • C Slower = symmetric is faster than asymmetric • D Not secret = the key must remain secret ⸻ Mnemonic “Symmetric = Same Key” → One key for both encrypting and decrypting.

Answer 137

Correct Answer: B. Too many shared secrets Explanation (concise) Symmetric encryption requires one shared key per pair of communicating parties. As the number of parties grows, the number of keys increases exponentially, making key management difficult. • A Too fast = not a problem • C Encryption at rest = unrelated • D Network use = symmetric can be used over networks ⸻ Mnemonic “Symmetric = Secret Explosion” → Many parties → too many shared keys.

Answer 138

Correct Answer: B. Mathematically related keys Explanation (concise) Asymmetric encryption uses a key pair: a public key and a private key that are mathematically related. One key encrypts, and the other decrypts. • A Identical keys = symmetric encryption • C Only symmetric = incorrect • D One key = symmetric only ⸻ Mnemonic “Asymmetric = A Pair that Matches Mathematically” → Public key + private key. Mathematically” → Public key + private key.

Answer 139

Correct Answer: B. Keep it secret Explanation (concise) The private key is used to decrypt data or sign messages. If it is exposed, anyone could impersonate the key owner or decrypt sensitive messages. • A Sharing = defeats security • C DNS storage = insecure • D Same as public = incorrect ⸻ Mnemonic “Private = Protected” → Never share your private key.

Answer 140

Correct Answer: B. Encrypt to user / verify signature Explanation (concise) • Public key encrypts data that only the matching private key can decrypt. • Public key verifies digital signatures created with the private key. • A Decrypt itself = incorrect • C Store secrets = unrelated • D Replace passwords = unrelated ⸻ Mnemonic “Public = Protect & Prove” → Encrypt for someone / verify their signature.

Answer 141

Correct Answer: B. Random numbers + large primes Explanation (concise) • Asymmetric key pairs (e.g., RSA) rely on large prime numbers and randomness to ensure security. • Sequential numbers or simple math would make the key predictable. • Keys are not identical; the public and private key are related mathematically but distinct.

Answer 142

Correct Answer: B. Third-party holds keys Explanation (concise) Key escrow is a mechanism where a trusted third party securely stores encryption keys so that encrypted data can be recovered if the original key is lost. • A Password backup = unrelated • C Publishing keys = defeats security • D AES encrypt keys = just encryption, not escrow ⸻ Mnemonic “Escrow = Extra Copy Held Safely” → A trusted party keeps a backup of keys.

Answer 143

Correct Answer: B. Third party must be trusted Explanation (concise) Key escrow relies on a third party to securely store keys. If that party is untrustworthy or compromised, sensitive data could be exposed. • A Key length = not specific to escrow • C TLS breaks = unrelated • D Shorter keys = unrelated ⸻ Mnemonic “Escrow = Entrust Carefully” → The third party must be trustworthy.

Answer 144

Correct Answer: B. Prevent misuse of keys and certificates Explanation (concise) PKI processes (issuance, revocation, and management) ensure keys and certificates are used appropriately and reduce the risk of compromise or unauthorized use. • A Regenerate keys = part of process, not the main purpose • C Replace technology = unrelated • D Optional = incorrect ⸻ Mnemonic “PKI = Process Keeps It safe” → Following PKI procedures prevents misuse.

Answer 145

Correct Answer: B. Bob encrypts with Alice public; Alice decrypts with Alice private Explanation (concise) • Public key encryption allows anyone to encrypt a message using the recipient’s public key. • Only the recipient’s private key can decrypt it, ensuring confidentiality. • A Bob private → Bob private = incorrect • C Bob public → Alice public = incorrect, public keys alone cannot decrypt • D Symmetric only = not asymmetric encryption ⸻ Mnemonic “Encrypt with recipient’s public, decrypt with recipient’s private” → Only the intended recipient can read it.

Answer 146

Authentication, Authorization, and Accounting: A framework for controlling access to resources, enforcing policies, auditing usage, and billing for services.

Answer 147

Access Control List: A table that tells an OS which access rights each user has to a specific object.

Answer 148

Advanced Encryption Standard: A symmetric encryption algorithm used worldwide to secure data.

Answer 149

Advanced Encryption Standard 256-bit: AES using a 256-bit key for stronger encryption.

Answer 150

Authentication Header: Part of IPsec providing authentication and integrity.

Answer 151

Artificial Intelligence: Simulation of human intelligence processes by machines.

Answer 152

Automated Indicator Sharing: System allowing cyber threat indicator exchange.

Answer 153

Annualized Loss Expectancy: Expected monetary loss for an asset per year.

Answer 154

Access Point: Device allowing Wi‑Fi devices to connect to a wired network.

Answer 155

Application Programming Interface: Functions/procedures enabling applications to access OS or service features.

Answer 156

Advanced Persistent Threat: Long-term targeted cyberattack where an intruder stays undetected.

Answer 157

Annualized Rate of Occurrence: Expected frequency of an event per year.

Answer 158

Address Resolution Protocol: Discovers the link-layer address for an IP address.

Answer 159

Address Space Layout Randomization: Technique preventing memory corruption exploitation.

Answer 160

Adversarial Tactics, Techniques, and Common Knowledge: MITRE framework describing adversary behavior.

Answer 161

Acceptable Use Policy: Rules and guidelines for proper use of an organization’s IT.

Answer 162

Antivirus: Software designed to detect and destroy viruses.

Answer 163

Bourne Again Shell: Unix shell and command language.

Answer 164

Business Continuity Planning: Creating systems of prevention and recovery from threats.

Answer 165

Border Gateway Protocol: Routes information across the internet.

Answer 166

Business Impact Analysis: Identifies/evaluates effects of natural or man-made events on operations.

Answer 167

Basic Input/Output System: Firmware for hardware initialization during boot.

Answer 168

Business Partners Agreement: Contract between parties sharing resources for a mutual project.

Answer 169

Bridge Protocol Data Unit: Network message transmitted by a LAN bridge.

Answer 170

Bring Your Own Device: Policy allowing employees to use personal devices for work.

Answer 171

Certificate Authority: Entity issuing digital certificates.

Answer 172

Completely Automated Public Turing Test to Tell Computers and Humans Apart: Challenge-response test determining whether the user is human.

Answer 173

Corrective Action Report: Report outlining necessary steps to fix non-conformance.

Answer 174

Cloud Access Security Broker: Enforces security policies between cloud consumers and providers.

Answer 175

Cipher Block Chaining: Block cipher mode providing confidentiality.

Answer 176

Counter Mode/CBC-MAC Protocol: Wi‑Fi encryption protocol.

Answer 177

Closed-circuit Television: Non-public TV system for surveillance.

Answer 178

Computer Emergency Response Team: Expert group handling cybersecurity incidents.

Answer 179

Cipher Feedback: Block cipher mode.

Answer 180

Challenge Handshake Authentication Protocol: Authentication protocol validating a user or host.

Answer 181

Confidentiality, Integrity, Availability: Framework guiding security policies.

Answer 182

Chief Information Officer: Senior executive responsible for IT systems supporting enterprise goals.

Answer 183

Computer Incident Response Team: Organization contacted during cyber emergencies.

Answer 184

Content Management System: Software enabling content creation and management without technical expertise.

Answer 185

Continuity of Operation Planning: Ensures critical functions continue during emergencies.

Answer 186

Corporate Owned, Personally Enabled: Strategy allowing personal use of corporate-owned devices.

Answer 187

Contingency Planning: Actions for responding to significant future events.

Answer 188

Cyclical Redundancy Check: Error-detecting code to detect changes to raw data.

Answer 189

Certificate Revocation List: List of certificates revoked by an issuing authority.

Answer 190

Chief Security Officer: Executive responsible for security of personnel, physical assets, and information.

Answer 191

Cloud Service Provider: Company offering IaaS, SaaS, or PaaS.

Answer 192

Certificate Signing Request: Message sent to a CA to apply for a certificate.

Answer 193

Cross-Site Request Forgery: Malicious exploit sending unauthorized commands from a trusted user session.

Answer 194

Channel Service Unit: Device for digital data transmission interfacing a data terminal.

Answer 195

Counter Mode: Block cipher mode in cryptography.

Objective 1: General Security Concepts Flashcards

(220 cards)