Sec+ - Study #1

Question 1

A security team sets up a system that immediately sends an email alert whenever unauthorized login attempts are detected, without any manual monitoring. What is this process called?

Answer 1

Automation

Question 2

While working from a coffee shop, a user connects to the public Wi-Fi and tries to log in to their company’s email. Unbeknownst to them, an attacker is secretly intercepting and potentially altering the traffic between the user and the email server. What type of attack is occurring?

Answer 2

On-path attack

Question 3

would allow members of one organization to authenticate
using the credentials of another organization

Answer 3

Federation

Question 4

is a formal document where
both sides agree to a broad set of goals and objectives associated with the partnership.

Answer 4

MOA

Question 5

happens when two or more processes try to use the same resource at the same time, and the outcome depends on the order of execution. Attackers can exploit this timing flaw to bypass security checks or gain unauthorized access.

Answer 5

Race condition

Question 6

refers to the trustworthiness of data. A digital signature allows
the recipient to confirm that none of the data has been changed since the digital signature was created

Answer 6

Integrity

Question 7

A plan that ensures a business or organization can keep running critical functions during and after a disruption (like a cyberattack, disaster, or outage).

Answer 7

Continuity of operations

Question 8

A security method where each individual record in a database (like a single customer’s file) is encrypted separately, instead of encrypting the whole database or table at once.

Answer 8

Record level encryption

Question 9

writes data to a temporary journal before writing the
information to the database. If power is lost, the system can recover the last transaction from the journal when power is restored.

Answer 9

Journaling

Question 10

provides a centralized management system for all mobile devices

Answer 10

MDM (Mobile Device Manager)

Question 11

An IT help desk is using automation to improve the response time for security events. What would this be considered?

Answer 11

Escalation

Question 12

The process of setting up and allocating the necessary resources (like servers, storage, network, or user accounts) so that systems, applications, or users can function properly.

Answer 12

Resource Provisioning

Question 13

The latest Wi-Fi security standard that improves protection by using stronger encryption, blocking password-guessing attacks, and adding forward secrecy so past data stays safe even if the password is exposed later.

Answer 13

WPA3

Question 14

uses a centralized authentication server, and this allows all users to
use their corporate credentials during the login process.

Answer 14

802.1x

Question 15

Access control model that uses user, resource, action, and environment attributes to decide access.

Answer 15

Attribute-Based Access Control (ABAC)

Question 16

identifies and documents the risks associated with each
step of a project plan

A company’s ___ lists “Data breach from phishing attack” as a high-likelihood, high-impact risk, with mitigation steps like employee training and stronger email filtering to reduce the chance of compromise.

Answer 16

Risk Register

Question 17

A type of cyberattack where an attacker inserts malicious code into an input field (like a login form) to manipulate a database, steal data, or bypass authentication.

Answer 17

SQL Injection

Question 18

When an attacker intercepts and reuses valid data to gain unauthorized access or perform malicious actions.

Answer 18

Replay attack

Question 19

A system used to monitor and control industrial processes such as power plants, water treatment, manufacturing, and utilities

Answer 19

SCADA (Supervisory Control and Data Acquisition)

Question 20

Installing apps from unofficial sources instead of the official app store.

Answer 20

Side loading

Question 21

Isolated processor that securely stores and processes sensitive data on a device.

Answer 21

Secure enclave

Question 22

In a company, one employee’s role is to make sure customer data is accurate, consistent across systems, and handled according to company rules. What is this role called?

Answer 22

Data Steward

Question 23

____ protects all data saved on a storage drive, but it does
not provide any data protection for messages or attachments sent between
email servers.

Think of it like locking your laptop with a strong key — everything on the drive is safe if someone steals it, but emails sent over the internet are still exposed unless separately encrypted.

Answer 23

Full disk encryption

Question 24

An administrator wants to separate the HR and IT departments onto different logical networks while using the same physical switch. What should the administrator configure?

Answer 24

VLAN

Question 25

An administrator must connect to internal firewalls and switches, but the company requires all access to go through one secure gateway first. What should the administrator use?

Answer 25

Jump Server

Question 26

A server that acts as an intermediary between users and the internet. It hides internal IPs, filters traffic, and can cache content for performance.

Answer 26

Proxy Server

Question 27

A network engineer wants all logins to the company’s switches and Wi-Fi access points to be verified against a central server instead of local device accounts. What framework should be used to manage this authentication, authorization, and accounting?

Answer 27

AAA (Authentication, Authorization, and Accounting)

Question 28

During a network audit, an administrator notices that usernames and passwords for internal services can be captured in plain text by anyone monitoring the network traffic. What security issue does this indicate?

Answer 28

Insecure protocols

Question 29

“Doors” on a computer that let different types of internet traffic in and out. Each ___ is for a specific service.

Answer 29

Ports

Question 30

is a business decision that places the responsibility of the risky activity on the organization itself.

Answer 30

Risk Acceptance

Question 31

A web server shows unusual log entries, and an intrusion prevention system reports multiple exploit attempts. To stop further compromise while investigating, what should the system administrator do next?

Answer 31

Disconnect the web servers from the network to stop further compromise while investigating and preparing eradication.

Question 32

Official confirmation that a system, process, or data meets required standards or policies.

Answer 32

Attestation

Question 33

A company wants to ensure that all data sent between its branch offices over the internet is encrypted and cannot be tampered with during transit. Which protocol suite should be used to secure these IP communications?

Answer 33

IPsec

Question 34

A way of combining multiple hard drives so they work together for speed, reliability, or both

Answer 34

RAID (Redundant Array of Independent/Inexpensive Disks)

Question 35

A coffee shop upgrades its Wi-Fi to a newer standard that uses SAE for stronger authentication and offers better protection on open networks. Which Wi-Fi security protocol is being used?

Answer 35

WPA3

Question 36

commonly used for managing logins to network devices (like routers, switches, VPNs, and Wi-Fi access points), so users don’t need separate accounts on each device.

Answer 36

RADIUS

Question 37

A government lab stores sensitive research data on computers that are never connected to the internet or any external networks. What security method is being used to protect the data?

Answer 37

Air gap

Question 38

describes the process of hiding data from others by embedding the data inside of a different media type?

Answer 38

Obfuscation

Question 39

A cloud-based security model that combines networking (like SD-WAN) and security services (like firewalls, secure web gateways, and zero trust) into one service delivered from the cloud

Answer 39

SASE (Secure Access Service Edge)

Question 40

A security solution that combines multiple tools — like firewall, intrusion detection/prevention, antivirus, content filtering, and VPN — into a single device or service.

Answer 40

UTM (Unified Threat Management)

Question 41

generates a unique “fingerprint” of the files. If even one bit changes, the hash value will change. This is the best forensic method to prove integrity.

Answer 41

Hashing

Question 42

a formal process used to control and manage any changes to hardware, software, or any other part of the IT infrastructure

Answer 42

Change management

Question 43

An attacker captures valid data (like a login token or network packet) and reuses it later to trick a system into allowing an action again (e.g., logging in or approving a transaction).

Answer 43

Replay Attack

Question 44

It’s security software installed on a single computer (host) that watches what’s happening on that device. It can block suspicious activity in real-time—like stopping malware, blocking bad network traffic, or preventing unauthorized changes. Think of it like a security guard stationed inside a single computer, watching everything that happens and blocking suspicious activity immediately.

Answer 44

HIPS (Host-based Intrusion Prevention System)

Question 45

It’s like a phone book for computers. ___ helps systems look up and manage usernames, passwords, and other information stored in a central directory (like Active Directory).

Answer 45

LDAP (Lightweight Directory Access Protocol)

Question 46

is a protocol used to monitor and manage network devices like routers, switches, servers, and printers over a network. Think of it like a remote control and dashboard for your network devices — you can check their status, get alerts, and change settings without being physically at the device.

Answer 46

SNMP (Simple Network Management Protocol)

Question 47

is the process of actively gathering detailed information about a system or network to find potential targets, like usernames, network shares, or services. It usually comes after scanning and before launching an attack

Answer 47

Enumeration

Question 48

A company installs software on a laptop that detects suspicious processes and blocks them before they can run. What type of security system is this?

Answer 48

HIPS (Host-based Intrusion Prevention System)

Question 49

A dedicated, isolated processor on modern devices (like iPhones or Macs) that can generate true random numbers, perform real-time encryption, and securely store cryptographic keys. Perfect for the app’s needs.

Answer 49

Secure Enclave

Question 50

A security analyst finds an unauthorized Wi-Fi device connected near the office network that could be used to capture employee credentials. What is this device called? Think of it like someone setting up a secret doorway into a building — it allows outsiders to enter the network without permission.

Answer 50

Rogue Access Point

Question 51

A specialized chip on a computer that securely stores cryptographic keys, passwords, and digital certificates. It helps with tasks like disk encryption, secure boot, and device authentication.

Answer 51

TPM (Trusted Platform Module)

Question 52

Access is based on security labels on objects and clearance levels of users; enforced by the system.

Answer 52

Mandatory Access Control (MAC)

Question 53

the process of hiding information within another document.

Answer 53

Steganography

Question 54

Expected number of times a specific risk or threat will happen in one year.

Answer 54

ARO (Annualized Rate of Occurrence)

Question 55

The expected financial loss if a specific threat happens once.

Answer 55

SLE (Single Loss Expectancy)

Question 56

A risk management metric that estimates the expected monetary loss from a threat over a year.

Answer 56

ALE (Annualized Loss Expectancyl

Question 57

is the process of actively gathering detailed information about a target system, network, or application after initial scanning or reconnaissance.

Answer 57

Enumeration

Question 58

a control system architecture used to monitor and control industrial processes—often spread over large geographic areas. It collects data from sensors and equipment in real time, then sends commands back to control them. Ex. “The city’s water supply is managed through a __ that monitors pumps and reservoir levels in real time.”

Answer 58

SCADA

Question 59

a collection of control systems and devices—like sensors, controllers, and computers—used to monitor and automate industrial processes. at the water treatment facility continuously monitors pressure levels and adjusts valve operations automatically to ensure a consistent water supply.

Answer 59

ICS

Question 60

The process of recording events, transactions, or changes in a system so that actions can be tracked, reviewed, or recovered if something goes wrong. The Linux file system uses __ to record changes before applying them, allowing it to recover quickly if the system unexpectedly shuts down.

Answer 60

Journaling