A company wants to ensure that only authorized users can access sensitive data. Which access control model should they implement to assign permissions based on job functions?

Attribute-Based Access Control (ABAC)

An organization is developing a new security policy. Which step should be taken to ensure the policy is effective and enforceable?

Involve stakeholders in the policy development process

Distribute the policy without review

A security analyst is reviewing logs and notices multiple failed login attempts from a single IP address. What is the most appropriate next step?

Block the IP address and investigate further

Which of the following best demonstrates the application of the principle of least privilege?

Allowing users access only to the resources necessary for their job

Granting all users administrator access

Sharing passwords among team members

A company is considering whether to use symmetric or asymmetric encryption for secure email communication. What is a key advantage of asymmetric encryption in this scenario?

Faster encryption and decryption

Uses the same key for encryption and decryption

Requires less computational power

A security team is planning how to respond to a ransomware attack. Which of the following actions should be prioritized to minimize damage?

Disconnect affected systems from the network

An organization is evaluating the risk of a new cloud service provider. What factors should be considered to assess the provider’s security posture?

The provider’s security certifications and audit reports

The provider’s marketing materials

The provider’s office location

A company has experienced a data breach. As part of the incident response, how should the team determine the scope and impact of the breach?

Analyze logs, interview stakeholders, and assess affected systems

Review only the affected user accounts

Immediately notify all customers without investigation

You are tasked with designing a security policy for remote workers. What strategic considerations should you include to ensure both security and productivity?

Mandate VPN usage, multi-factor authentication, and regular security training

Require all remote workers to use personal devices without restrictions

Allow unrestricted access to all company resources

A network administrator must choose between implementing a MAC or DAC model for a highly sensitive environment. What reasoning supports the selection of MAC over DAC?

MAC enforces strict, centrally controlled access policies, reducing insider threats

MAC allows users to set their own permissions

A company is developing a business continuity plan. What evidence-based steps should be taken to ensure critical operations can continue during a disaster?

Identify critical systems, perform risk assessments, and establish recovery procedures

Rely solely on insurance policies

What is the main goal of implementing the principle of least privilege in an organization?

To minimize the risk of unauthorized access by limiting permissions

To allow users access to all resources

To simplify user account management

Which of the following is a key benefit of implementing multi-factor authentication (MFA) in an organization?

It provides an additional layer of security by requiring more than one form of verification

It reduces the number of user accounts needed

It allows users to share credentials safely

It eliminates the need for passwords

What is the primary purpose of a business continuity plan (BCP)?

To ensure critical business functions can continue during and after a disruption

To monitor network traffic for suspicious activity

To provide guidelines for software development

To enforce password complexity requirements

Which of the following best describes the function of a firewall in network security?

Monitors and controls incoming and outgoing network traffic based on predetermined security rules

Physically secures the server room

Manages user passwords and authentication

Encrypts all data stored on a server

Which of the following is the most effective way to prevent unauthorized access to sensitive company data?

Implement role-based access controls and regular permission reviews

Allow all employees unrestricted access

Share passwords among team members

What is the primary function of a disaster recovery plan (DRP) in an organization?

To outline steps for restoring IT systems and data after a major incident

To enforce password expiration policies

To manage physical access to the building

To monitor employee internet usage

Which of the following best describes multi-factor authentication (MFA)?

Requiring two or more types of credentials for user verification

Disabling account lockout features

Allowing users to bypass security questions

Using a single password for all accounts

What is the main goal of implementing the principle of least privilege in access control?

To minimize the risk of unauthorized access by limiting permissions to only what is necessary

To allow users access to all company resources

To simplify user account management

To increase the number of administrators

Which of the following is a key component of a strong password policy?

Requiring passwords to be changed regularly and include a mix of character types

Permitting the use of common words as passwords

Allowing passwords with only lowercase letters

Which of the following best enforces the principle of least privilege in an organization?

Assigning permissions based on specific job roles and responsibilities

Allowing users to choose their own access levels

Granting all users administrator access

Sharing login credentials among team members

What is the primary benefit of conducting regular permission reviews in an access control system?

To ensure that only authorized users retain necessary access rights

To increase the number of users with elevated privileges

To simplify password requirements

To allow unrestricted access to sensitive data

Which of the following is an example of multi-factor authentication?

Using a fingerprint scan and a password to log in

Answering a single security question

Logging in from a trusted device without credentials

Entering a username and password only

Which of the following is the most effective method to ensure only authorized personnel access sensitive areas within a company?

Implementing biometric access controls

Leaving doors unlocked during business hours

Allowing visitors to roam freely

What is the primary objective of conducting a tabletop exercise as part of an incident response plan?

To practice and evaluate the effectiveness of response procedures

To test the speed of the network

To install new security software

Which of the following best describes the purpose of encryption in data security?

To make data unreadable to unauthorized users

To allow public access to sensitive information

To increase data storage capacity

To prevent data from being deleted

Which of the following is a primary benefit of implementing a business continuity plan (BCP)?

It helps maintain essential operations during unexpected disruptions

It increases employee productivity through automation

It eliminates the need for regular data backups

It ensures compliance with all software licenses

What is the main purpose of conducting regular security awareness training for employees?

To reduce the risk of security incidents caused by human error

To increase the number of IT support tickets

To allow unrestricted access to sensitive data

To teach employees how to develop software

Which of the following best describes the function of an incident response team?

To coordinate actions and manage resources during a security incident

To develop marketing strategies

Which of the following is a key component of a business continuity plan (BCP)?

Strategies for maintaining critical operations during disruptions

Instructions for organizing company events

Guidelines for employee dress code

Procedures for regular software updates

What is the main advantage of using multi-factor authentication (MFA) over single-factor authentication?

It provides an additional layer of security by requiring more than one form of verification

It eliminates the need for user training

It reduces the need for passwords

It allows users to share credentials

Which of the following best describes the purpose of an access control list (ACL) in network security?

To specify which users or systems are granted or denied access to network resources

To manage employee work schedules

To monitor physical entry to the building

Which of the following is a primary objective of access control in information security?

To ensure only authorized individuals can access specific resources

To increase the number of user accounts

To allow unrestricted data sharing

To simplify software installation

What is the main function of encryption in protecting sensitive information?

To convert data into a format unreadable without proper authorization

To prevent physical theft of devices

Which of the following best describes a security policy?

A set of guidelines outlining acceptable and unacceptable behaviors regarding organizational resources

Which of the following is the most effective way to protect data in transit over a public network?

Sharing files via unsecured email

Storing data on a local hard drive

What is the primary purpose of implementing regular security awareness training for employees?

To reduce the risk of social engineering attacks

To increase the number of help desk tickets

To eliminate the need for technical controls

To allow unrestricted access to sensitive data

Which of the following best describes the function of a security audit?

To evaluate and verify the effectiveness of security controls

To develop new software applications

To monitor employee productivity

Sec+ 701 Final Review Quiz

Authored by Patrick Hines

Computers

Professional Development

Used 3+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

50 questions

Show all answers

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

45 questions

M1 R5 ( Chapter 3)

Quiz

•

Professional Development

45 questions

Android ATC_Practice 2

Quiz

•

Professional Development

50 questions

DG Muda (2)

Quiz

•

KG - Professional Dev...

48 questions

Business Letters

Quiz

•

10th Grade - Professi...

50 questions

Printers Troubleshooting

Quiz

•

Professional Development

50 questions

DAA quiz

Quiz

•

Professional Development

45 questions

PHOTOSHOP MCQ QUZIZZ

Quiz

•

Professional Development

50 questions

Networking Quiz _ 1

Quiz

•

Professional Development

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

15 questions

Hargrett House Quiz: Community & Service

Quiz

•

5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

35 questions

World War Two 8th G

Quiz

•

6th Grade - Professio...

7 questions

DOL REC: Solutions & Solubility Curves

Quiz

•

Professional Development

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

20 questions

NCAA Logo Quiz

Quiz

•

Professional Development

Sec+ 701 Final Review Quiz

Which protocol is commonly used to securely transfer files over a network?

SFTP (Secure File Transfer Protocol) is designed to securely transfer files over a network, using encryption to protect data. In contrast, FTP is not secure, while Telnet and SMTP serve different purposes.

What does the acronym CIA stand for in information security?

In information security, CIA stands for Confidentiality, Integrity, and Availability. These three principles are essential for protecting data and ensuring it is accessible only to authorized users.

Which of the following is an example of a physical security control?

A security badge is a physical security control used to restrict access to facilities. In contrast, a firewall, antivirus software, and encryption are all examples of logical or technical security controls.

Which access control model is based on predefined roles within an organization?

Role-Based Access Control (RBAC) assigns permissions based on predefined roles within an organization, making it easier to manage access rights compared to Discretionary Access Control (DAC) and Mandatory Access Control (MAC).

What is the primary purpose of a risk assessment in the risk management framework?

The primary purpose of a risk assessment is to identify and evaluate potential threats and vulnerabilities, enabling organizations to understand risks and implement appropriate controls.

Which cryptographic algorithm is classified as symmetric?

AES (Advanced Encryption Standard) is a symmetric cryptographic algorithm, meaning it uses the same key for both encryption and decryption. In contrast, RSA, ECC, and DSA are asymmetric algorithms that use key pairs.

Which document outlines the acceptable use of organizational resources by employees?

The Acceptable Use Policy defines how employees can use organizational resources, ensuring proper conduct and security. Other options like the Incident Response Plan and Disaster Recovery Plan focus on different aspects of organizational management.

Which of the following best describes the first step in the incident response process?

The first step in the incident response process is Identification. This involves recognizing and confirming the occurrence of an incident, which is crucial for determining the appropriate response actions.

A company wants to ensure that only authorized users can access sensitive data. Which access control model should they implement to assign permissions based on job functions?

Role-Based Access Control (RBAC) assigns permissions based on job functions, ensuring that only authorized users can access sensitive data. This model is ideal for managing access according to organizational roles.

You are tasked with configuring a firewall to block all incoming traffic except for web services. Which ports should you allow?

To allow web services, you should open ports 80 (HTTP) and 443 (HTTPS). Ports 21 and 22 are for FTP and SSH, 25 and 110 are for email, and 53 is for DNS, while 8080 is an alternative HTTP port, not standard.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers