What is the primary goal of an Acceptable Use Policy (AUP)?

To outline how employees should use company resources

To prevent employees from using personal devices

To set password expiration policies

To establish financial policies for the company

What type of agreement defines the level of service expected between a provider and a customer?

Memorandum of Understanding (MOU)

Interconnection Security Agreement (ISA)

Which PKI component is responsible for issuing digital certificates?

Online Certificate Status Protocol (OCSP)

A digital certificate primarily binds what two elements together?

A user’s identity and a public key

A certificate policy and an encryption key

A registration authority and a certificate

What is the purpose of a Certificate Revocation List (CRL)?

To provide a list of revoked certificates

To validate certificates in real-time

Which trust model consists of a single root Certificate Authority (CA) that issues certificates to subordinate CAs?

Cross-Certification Trust Model

What is the first step in the policy lifecycle?

Develop policies and procedures

In a Zero Trust model, what is the fundamental security assumption?

All access must be continuously verified and never assumed.

Users inside the network are trusted by default.

Firewalls are sufficient for security.

Network segmentation is unnecessary.

Which of the following is an example of a social engineering attack?

A phishing email tricking an employee into revealing credentials

A hacker exploiting a software vulnerability

A brute force attack on a login page

What is the primary purpose of role-based training in cybersecurity?

To tailor security training based on an employee’s job role

To ensure that all employees receive identical security training

To replace security awareness campaigns

To provide advanced technical skills to all employees

The principle of Defense in Depth refers to:

Using multiple, layered security measures to protect assets.

Only using physical security controls to secure networks.

Relying solely on firewalls for network protection.

Encrypting all data to prevent unauthorized access.

What does the term Zero Trust mean in security?

No device or user is trusted by default, and all access must be verified.

All internal employees are automatically trusted.

Firewalls alone provide complete security.

Once authenticated, users can access everything freely.

What is the main function of CCTV cameras in security?

To monitor and record activity for security investigations

To automatically prevent security breaches

To provide lighting in dark areas

What is the main disadvantage of biometric access control?

Biometrics cannot be changed if compromised

It cannot be used in physical security

It is less secure than passwords

It does not require user authentication

What is the primary advantage of a Hierarchical Trust Model in PKI?

It allows easy delegation of trust through subordinate CAs.

It eliminates the need for certificates.

It allows users to self-sign their certificates.

What is the purpose of a Non-Disclosure Agreement (NDA) ?

To protect confidential company information

To define how employees should behave online

To outline penalties for noncompliance

To establish data retention policies

Job rotation is primarily used to:

Reduce fraud by ensuring no one has complete control over a process

Train employees in multiple departments

Improve teamwork and communication

Replace traditional hiring procedures

What is the best way to enforce an organization’s security policies?

Conduct frequent security awareness training and audits

Rely on employees to follow rules voluntarily

Use strong technical controls only

Restrict access to company resources permanently

What is the main difference between Due Care and Due Diligence ?

Due Care means taking action, while Due Diligence means assessing risks before acting

Due Care refers to policies, while Due Diligence refers to risk assessments

Due Care is legally binding, while Due Diligence is optional

There is no difference between them

Which agreement is specifically designed to document the security requirements for IT system interconnections?

Interconnection Security Agreement (ISA)

Business Partnership Agreement (BPA)

What is the function of an Online Certificate Status Protocol (OCSP)?

To provide real-time verification of certificate validity

To store digital certificates in an offline environment

To create backup copies of encryption keys

Key escrow is used for:

Recovering lost encryption keys

Revoking compromised digital certificates

Encrypting data using public key cryptography

What does a Registration Authority (RA) do in PKI?

Validates certificate requests before forwarding them to the Certificate Authority

Stores private keys for end-users

Which PKI trust model relies on each Certificate Authority (CA) trusting another CA without a single root authority?

Cross-Certification Trust Model

What is the primary goal of security awareness training?

To help employees recognize and prevent security threats

To ensure employees can configure security settings

To improve computer programming skills

To eliminate the need for technical security controls

Which of the following is NOT a recommended security awareness practice?

Providing security policies only on request

Mandatory security certifications for employees

Which of the following is a sign of a potential insider threat?

Unauthorized access to sensitive data by an employee

Frequent failed login attempts from an external IP address

A network vulnerability being exploited remotely

A Denial-of-Service (DoS) attack on the firewall\

What is the purpose of an Incident Response Plan (IRP)?

To outline how an organization will detect, respond to, and recover from security incidents

To create encryption policies for an organization

To establish guidelines for hiring security personnel

Which of the following should be included in an organization's security awareness training?

Secure password creation and management

Proper handling of confidential data

Which of the following best describes authentication?

Verifying the identity of a user

Determining what actions a user can perform

Protecting information from unauthorized access

Preventing data from being altered

The CIA Triad consists of which three components?

Control, Integrity, Authentication

Cryptography, Identity, Authorization

Access, Protection, Authentication

What is cryptanalysis?

The process of analyzing encrypted data to recover plaintext

The method used to generate cryptographic keys

A form of hashing used in digital signatures

What is the main advantage of asymmetric encryption over symmetric encryption?

Solves the key exchange problem

Uses fewer computational resources

Information Assurance & Security Practice Questions

Authored by Johnathan Payan

Information Technology (IT)

University

CCSS covered

Used 3+ times

Information Assurance & Security Practice Questions

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

75 questions

Show all answers

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

What are the three components of the CIA triad?

Control, Integrity, Assurance

Confidentiality, Integrity, Availability

Cybersecurity, Information, Access

Compliance, Identification, Authorization

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

Which of the following security principles states that users should only have the minimum permissions necessary to perform their tasks?

Least Privilege

Defense in Depth

Fail-Safe Defaults

Separation of Duties

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

The Bell-LaPadula security model enforces which type of security control?

Integrity

Confidentiality

Availability

Nonrepudiation

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

In the Biba Integrity Model, the “No Write Up” policy ensures:

Lower integrity levels cannot modify higher integrity levels.

Users can only modify data at their security level.

Users cannot write data to any system.

Data can be accessed freely across security levels.

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

What is the primary purpose of a mantrap in physical security?

To prevent tailgating into secure areas

To trap intruders permanently

To reinforce network security

To eliminate security guards

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

Which fire suppression system is most appropriate for protecting sensitive computer equipment?

Water-based sprinkler system

Halon-based system

Clean-agent system (FM-200, Inergen)

Carbon dioxide extinguisher

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

What is the primary security risk associated with USB flash drives?

They are too expensive for general use.

They can be used to easily bypass security controls.

They require special drivers to function.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

80 questions

ICT final

Quiz

•

University

73 questions

Project Management Quiz - Topic 3

Quiz

•

University

70 questions

Bai Tap PMP 2

Quiz

•

University

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Information Technology (IT)

18 questions

Valentines Day Trivia

Quiz

•

3rd Grade - University

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

23 questions

Subject Verb Agreement

Quiz

•

9th Grade - University

5 questions

What is Presidents' Day?

Interactive video

•

10th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

20 questions

Mardi Gras History

Quiz

•

6th Grade - University

10 questions

The Roaring 20's Crash Course US History

Interactive video

•

11th Grade - University

17 questions

Review9_TEACHER

Quiz

•

University

Information Assurance & Security Practice Questions

What are the three components of the CIA triad?

Which of the following security principles states that users should only have the minimum permissions necessary to perform their tasks?

The Bell-LaPadula security model enforces which type of security control?

In the Biba Integrity Model, the “No Write Up” policy ensures:

What is the primary purpose of a mantrap in physical security?

Which fire suppression system is most appropriate for protecting sensitive computer equipment?

What is the primary security risk associated with USB flash drives?

Which type of access control system is considered “something you have”?

What is the primary goal of an Acceptable Use Policy (AUP)?

Which security principle ensures that no single person has complete control over a critical process?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)