1.
What principle primarily concerns protecting information from unauthorized access, modification, or deletion?
-
data encryption
-
information security
-
information privacy
-
user authentication
2
.
What type of attack manipulates the Domain Name System (DNS) to redirect a website’s traffic to a different IP address?
-
phishing
-
spoofing
-
man-in-the-middle
-
brute-force attack
3.
What type of social engineering attack appears as a trustworthy entity in digital communication but steals user data, such as login credentials and financial information?
-
spoofing
-
hacking
-
identity theft
-
phishing
4
.
What authentication mechanism is the most secure?
-
username and password
-
two-factor authentication
-
multi factor authentication
-
biometric verification
5.
What is the purpose of role-based access control (RBAC) in network security?
-
to monitor and filter outgoing internet traffic
-
to prevent data loss through email and web applications
-
to ensure users have access only to the resources necessary for their roles
-
to encrypt data transmissions over the network
6
.
Why are regular penetration tests important for maintaining organizational security?
-
They help in training IT staff on how to respond to media inquiries.
-
They allow for constant updating of the company website’s content.
-
They enable the identification and remediation of early vulnerabilities.
-
They are a regulatory requirement for all businesses.
7.
What is the cyber safety significance of applying regular software updates and patches?
-
They maintain the software’s compatibility with new hardware.
-
They often add new features to the software.
-
They address identified security vulnerabilities to prevent exploits.
-
They are mainly for aesthetic improvements to the user interface.
8
.
How does ethical hacking differ from malicious hacking?
-
Ethical hacking is performed without the permission of the target entity.
-
Ethical hacking is intended to strengthen systems, not to harm them.
-
Ethical hacking does not require a deep understanding of IT systems.
-
There is no real difference; all hacking is considered unethical.
9.
What is the purpose of antivirus software?
-
to increase the speed of the computer’s processor
-
to protect against known threats and analyze system behavior to detect new threats
-
to manage the organization’s email server
-
to offer technical support for software developers
10
.
What is the primary aim of a distributed denial-of-service (DDoS) attack?
-
modifying unauthorized data
-
disrupting the availability of a target’s network resources
-
gaining unauthorized access to secure data
-
causing physical damage to the network infrastructure
11.
What is a key process of an effective information security risk management (ISRM) strategy?
-
periodic security training
-
continuous monitoring
-
single-layer security
-
annual risk assessments
12
.
COBIT5 is an example of what type of ISRM resource?
-
a compliance framework
-
a risk management plan
-
a network security protocol
-
an incident response system
13.
What organization is well known for developing standards and frameworks like COBIT to support compliance with ISRM practices?
-
IEEE
-
ISO
-
ISACA
-
NIST
14
.
What is the first step in developing a comprehensive risk management plan?
-
identifying risks
-
implementing controls
-
assessing risks
-
establishing the context
15.
Why is continuous monitoring in an ISRM strategy important?
-
It allows for one-time setup of complete security controls.
-
It helps eliminate all cyber risks.
-
It ensures security measures are effective over time against evolving threats.
-
It provides a static security environment.
16
.
Why is it important to integrate continuous monitoring with other security processes?
-
to ensure compliance with COBIT5 only
-
to guarantee zero risk posture
-
to reduce the need for security training
-
to maintain a comprehensive approach to organizational security
17.
Who is responsible for implementing security measures to protect an organization’s data and ensuring that these measures are aligned with regulatory requirements?
-
security consultant
-
compliance analyst
-
security software developer
-
threat intelligence analyst
18
.
What role does continuous learning play in the field of cybersecurity?
-
to stay updated with the latest cybersecurity trends and technologies
-
to maintain a static skill set over time
-
to focus solely on traditional cybersecurity methods
-
to decrease the need for professional certifications
19.
In the context of cybersecurity, what does the term “digital trust” primarily refer to?
-
the encryption standards used in digital communications
-
the confidence stakeholders place in an organization’s ability to secure data and systems
-
the digital certificates used for website authentication
-
the trustworthiness of digital signatures
20
.
What is a significant cybersecurity challenge posed by the rise of cloud computing?
-
simplified IT infrastructure
-
decreased data storage needs
-
unique risks such as data breaches, unauthorized access, and compromised integrity of shared resources
-
reduced need for network security
21.
In which type of organization would a Certified Information Security Manager (CISM) certification be especially beneficial for career advancement?
-
tech start-ups
-
government agencies
-
financial institutions
-
nonprofit organizations
22
.
Which role is essential for creating strategies to protect against large-scale cyber threats and managing an organization’s overall cybersecurity posture?
-
network security administrator
-
chief information security officer (CISO)
-
IT support technician
-
cybersecurity legal advisor