A high-security warehouse wants to detect intruders in restricted areas without relying solely on cameras. Which sensor combination is best for real-time intrusion detection?

A. Infrared, pressure, microwave, and ultrasonic sensors

B. Honeytoken, honeypot, honeyfile

C. Role-based access control and logging

A financial institution wants to detect and distract attackers targeting its internal databases without exposing real data. Which combination of deception tools is most effective?

B. Honeyfile, honeypot, and honeytoken

C. Policy Engine and Policy Enforcement Point

D. Bollards, fencing, and access badges

A company conducts a cybersecurity assessment and identifies missing controls in its policies, technical defenses, and employee training compared to industry standards. What is the primary purpose of this process?

B. Conduct a gap analysis to identify deficiencies

A. Implement Zero Trust immediately

C. Deploy honeypots and honeytokens

D. Strengthen physical barriers

A cloud provider encrypts all stored data but experiences a misconfigured server that allows users to temporarily overwrite other users’ files. Which aspects of the CIA triad are affected?

D. Confidentiality and Integrity

A company installs biometric scanners, access badges, CCTV, and an internal RBAC system. Which of the following statements is true ?

B. CCTV is a physical control; RBAC is a technical control.

A. Biometric scanners and access badges are technical controls.

C. All measures listed are administrative controls.

An organization deploys honeyfiles, honeypots, and honeytokens. An attacker steals a honeyfile but ignores honeypots. Which statement is correct ?

B. Only the honeyfile triggered an alert; honeypots were not triggered.

A. The attacker triggered all deception controls.

C. Honeytokens monitor real system users, not attackers.

D. Honeyfiles and honeypots are part of the Control Plane.

Summarize fundamental security concepts

Authored by Edlyn Gregorio

Other

Professional Development

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

15 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A hospital is storing patient records in a cloud system. Recently, there was a malware incident that altered some patient files, and some staff reported not being able to access records during a system outage.
Which elements of the CIA triad were compromised in this scenario?

A. Confidentiality only

B. Integrity and Availability

C. Integrity only

D. Availability only

Answer explanation

Integrity was compromised because the malware altered patient files. Availability was also affected due to staff being unable to access records during the outage. Confidentiality is not mentioned as breached here.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An employee sends a critical financial approval email. Later, they claim they never sent it, creating a dispute.
Which control best ensures non-repudiation in this scenario?

A. Biometric authentication

B. Digital signatures

C. Strong password policies

D. Role-based access control

Answer explanation

Digital signatures provide proof of origin and integrity of a message, ensuring the sender cannot deny sending it.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A remote worker accesses a company VPN. To enhance security, the IT team wants to ensure the person is actually who they claim to be.
Which method strengthens authentication for the user?

A. Multi-factor authentication combining password and OTP

B. Role-based access control

C. Network segmentation

D. Logging user activity

Answer explanation

Multi-factor authentication combines multiple verification factors to ensure the person is genuine, addressing the “Authenticating people” part of AAA.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A company wants to ensure that employees can only access data necessary for their roles and that access is dynamically adjusted if their responsibilities change.
Which authorization model best fits this requirement?

A. Discretionary Access Control (DAC)

B. Role-Based Access Control (RBAC)

C. Mandatory Access Control (MAC)

D. Attribute-Based Access Control (ABAC)

Answer explanation

ABAC uses attributes (user role, department, location, time) to dynamically enforce access policies, providing fine-grained, adaptive authorization.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A company implements a Zero Trust model and wants to limit access to sensitive financial systems to only verified devices and users, adapting permissions based on risk in real time.
Which components are part of the Control Plane in this Zero Trust architecture?

A. Policy Enforcement Point (PEP) and implicit trust zones

B. Policy Engine, Policy Administrator, adaptive identity, and threat scope reduction

C. Honeytokens and honeypots

D. Bollards and security guard

Answer explanation

The Control Plane defines policy and decisions: Policy Engine evaluates requests, Policy Administrator implements changes, adaptive identity ensures identity verification, and threat scope reduction limits risk exposure.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An employee attempts to access sensitive financial data from an unmanaged device. The system must enforce the access policies decided in the Control Plane.
Which component in the Data Plane is responsible for enforcing these decisions?

A. Policy Engine

B. Policy Enforcement Point (PEP)

C. Policy Administrator

D. Threat scope reduction

Answer explanation

The Policy Enforcement Point enforces the access policies on the subject/system in real time. This is the primary function of the Data Plane.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A data center wants to prevent vehicle-based intrusions, unauthorized personnel access, and monitor all entry points.
Which combination of physical controls should be implemented?

A. Bollards, fencing, video surveillance, and access badges

B. Honeyfile, honeytoken, and honeynet

C. Encryption, firewalls, and MFA

D. Policy Engine and Policy Enforcement Point

Answer explanation

Bollards prevent vehicle intrusion, fencing controls perimeter access, video surveillance monitors activity, and access badges regulate personnel entry.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

12 questions

Pre- Training Evaluation

Quiz

•

Professional Development

10 questions

EL DISCURSO

Quiz

•

University - Professi...

15 questions

Intoxicación por alimentos

Quiz

•

Professional Development

10 questions

Happy Birthday Achu

Quiz

•

5th Grade - Professio...

14 questions

Emprendimiento Docente

Quiz

•

Professional Development

15 questions

U3 Checking Grammar

Quiz

•

Professional Development

10 questions

Guess the blackpink song lyrics

Quiz

•

4th Grade - Professio...

10 questions

horses

Quiz

•

KG - Professional Dev...

Popular Resources on Wayground

10 questions

Fire Safety Quiz

Quiz

•

12th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

36 questions

6th Grade Math STAAR Review

Quiz

•

6th Grade

19 questions

Classifying Quadrilaterals

Quiz

•

3rd Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Discover more resources for Other

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

21 questions

Illinois Science Assessment

Quiz

•

Professional Development

17 questions

Filling out Forms

Quiz

•

Professional Development

Summarize fundamental security concepts

A hospital is storing patient records in a cloud system. Recently, there was a malware incident that altered some patient files, and some staff reported not being able to access records during a system outage.
Which elements of the CIA triad were compromised in this scenario?

Integrity was compromised because the malware altered patient files. Availability was also affected due to staff being unable to access records during the outage. Confidentiality is not mentioned as breached here.

An employee sends a critical financial approval email. Later, they claim they never sent it, creating a dispute.
Which control best ensures non-repudiation in this scenario?

Digital signatures provide proof of origin and integrity of a message, ensuring the sender cannot deny sending it.

A remote worker accesses a company VPN. To enhance security, the IT team wants to ensure the person is actually who they claim to be.
Which method strengthens authentication for the user?

Multi-factor authentication combines multiple verification factors to ensure the person is genuine, addressing the “Authenticating people” part of AAA.

A company wants to ensure that employees can only access data necessary for their roles and that access is dynamically adjusted if their responsibilities change.
Which authorization model best fits this requirement?

ABAC uses attributes (user role, department, location, time) to dynamically enforce access policies, providing fine-grained, adaptive authorization.

A company implements a Zero Trust model and wants to limit access to sensitive financial systems to only verified devices and users, adapting permissions based on risk in real time.
Which components are part of the Control Plane in this Zero Trust architecture?

The Control Plane defines policy and decisions: Policy Engine evaluates requests, Policy Administrator implements changes, adaptive identity ensures identity verification, and threat scope reduction limits risk exposure.

An employee attempts to access sensitive financial data from an unmanaged device. The system must enforce the access policies decided in the Control Plane.
Which component in the Data Plane is responsible for enforcing these decisions?

The Policy Enforcement Point enforces the access policies on the subject/system in real time. This is the primary function of the Data Plane.

A data center wants to prevent vehicle-based intrusions, unauthorized personnel access, and monitor all entry points.
Which combination of physical controls should be implemented?

Bollards prevent vehicle intrusion, fencing controls perimeter access, video surveillance monitors activity, and access badges regulate personnel entry.

A high-security warehouse wants to detect intruders in restricted areas without relying solely on cameras.
Which sensor combination is best for real-time intrusion detection?

Infrared, pressure, microwave, and ultrasonic sensors detect motion, presence, or vibration, providing real-time alerts for intrusions beyond visual monitoring.

A financial institution wants to detect and distract attackers targeting its internal databases without exposing real data.
Which combination of deception tools is most effective?

Honeyfiles, honeypots, and honeytokens create traps that attract attackers, allowing monitoring and response while protecting real assets.

A company conducts a cybersecurity assessment and identifies missing controls in its policies, technical defenses, and employee training compared to industry standards.
What is the primary purpose of this process?

Gap analysis compares current controls against standards or best practices to identify deficiencies and prioritize remediation.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other

Summarize fundamental security concepts

A hospital is storing patient records in a cloud system. Recently, there was a malware incident that altered some patient files, and some staff reported not being able to access records during a system outage.Which elements of the CIA triad were compromised in this scenario?

Integrity was compromised because the malware altered patient files. Availability was also affected due to staff being unable to access records during the outage. Confidentiality is not mentioned as breached here.

An employee sends a critical financial approval email. Later, they claim they never sent it, creating a dispute.Which control best ensures non-repudiation in this scenario?

Digital signatures provide proof of origin and integrity of a message, ensuring the sender cannot deny sending it.

A remote worker accesses a company VPN. To enhance security, the IT team wants to ensure the person is actually who they claim to be.Which method strengthens authentication for the user?

Multi-factor authentication combines multiple verification factors to ensure the person is genuine, addressing the “Authenticating people” part of AAA.

A company wants to ensure that employees can only access data necessary for their roles and that access is dynamically adjusted if their responsibilities change.Which authorization model best fits this requirement?

ABAC uses attributes (user role, department, location, time) to dynamically enforce access policies, providing fine-grained, adaptive authorization.

A company implements a Zero Trust model and wants to limit access to sensitive financial systems to only verified devices and users, adapting permissions based on risk in real time.Which components are part of the Control Plane in this Zero Trust architecture?

The Control Plane defines policy and decisions: Policy Engine evaluates requests, Policy Administrator implements changes, adaptive identity ensures identity verification, and threat scope reduction limits risk exposure.

An employee attempts to access sensitive financial data from an unmanaged device. The system must enforce the access policies decided in the Control Plane.Which component in the Data Plane is responsible for enforcing these decisions?

The Policy Enforcement Point enforces the access policies on the subject/system in real time. This is the primary function of the Data Plane.

A data center wants to prevent vehicle-based intrusions, unauthorized personnel access, and monitor all entry points.Which combination of physical controls should be implemented?

Bollards prevent vehicle intrusion, fencing controls perimeter access, video surveillance monitors activity, and access badges regulate personnel entry.

A high-security warehouse wants to detect intruders in restricted areas without relying solely on cameras.Which sensor combination is best for real-time intrusion detection?

Infrared, pressure, microwave, and ultrasonic sensors detect motion, presence, or vibration, providing real-time alerts for intrusions beyond visual monitoring.

A financial institution wants to detect and distract attackers targeting its internal databases without exposing real data.Which combination of deception tools is most effective?

Honeyfiles, honeypots, and honeytokens create traps that attract attackers, allowing monitoring and response while protecting real assets.

A company conducts a cybersecurity assessment and identifies missing controls in its policies, technical defenses, and employee training compared to industry standards.What is the primary purpose of this process?

Gap analysis compares current controls against standards or best practices to identify deficiencies and prioritize remediation.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other

A hospital is storing patient records in a cloud system. Recently, there was a malware incident that altered some patient files, and some staff reported not being able to access records during a system outage.
Which elements of the CIA triad were compromised in this scenario?

An employee sends a critical financial approval email. Later, they claim they never sent it, creating a dispute.
Which control best ensures non-repudiation in this scenario?

A remote worker accesses a company VPN. To enhance security, the IT team wants to ensure the person is actually who they claim to be.
Which method strengthens authentication for the user?

A company wants to ensure that employees can only access data necessary for their roles and that access is dynamically adjusted if their responsibilities change.
Which authorization model best fits this requirement?

A company implements a Zero Trust model and wants to limit access to sensitive financial systems to only verified devices and users, adapting permissions based on risk in real time.
Which components are part of the Control Plane in this Zero Trust architecture?

An employee attempts to access sensitive financial data from an unmanaged device. The system must enforce the access policies decided in the Control Plane.
Which component in the Data Plane is responsible for enforcing these decisions?

A data center wants to prevent vehicle-based intrusions, unauthorized personnel access, and monitor all entry points.
Which combination of physical controls should be implemented?

A high-security warehouse wants to detect intruders in restricted areas without relying solely on cameras.
Which sensor combination is best for real-time intrusion detection?

A financial institution wants to detect and distract attackers targeting its internal databases without exposing real data.
Which combination of deception tools is most effective?

A company conducts a cybersecurity assessment and identifies missing controls in its policies, technical defenses, and employee training compared to industry standards.
What is the primary purpose of this process?