Visit here for our full CompTIA SY0-701 exam dumps and practice test questions.
Question 181
Which type of access control model uses labels assigned to both users and resources to determine access rights?
A) Discretionary Access Control (DAC)
B) Mandatory Access Control (MAC)
C) Role-Based Access Control (RBAC)
D) Attribute-Based Access Control (ABAC)
Answer: B
Explanation:
Mandatory Access Control (MAC) is an access control paradigm in which both users and resources are assigned security labels, and access decisions are made based on these labels. MAC is primarily used in environments requiring strict security, such as government and military systems, where confidentiality and integrity are critical. The labels represent security clearance for users and sensitivity levels for data, and the system enforces access without user discretion. Option A, Discretionary Access Control (DAC), allows the owner of the resource to determine who can access it, making it less rigid than MAC. Option C, Role-Based Access Control (RBAC), assigns permissions to roles rather than individuals or labels, which provides flexibility in large organizations but lacks the strictness of MAC. Option D, Attribute-Based Access Control (ABAC), evaluates access based on attributes, context, and environmental factors, which allows dynamic policy enforcement but is different from label-based MAC. Implementing MAC ensures that users cannot access data for which they do not have appropriate clearance, reducing the risk of data leaks and unauthorized information exposure. Organizations that manage classified information often deploy MAC to maintain compliance with stringent regulations and protect sensitive assets. MAC also helps prevent insider threats because users cannot override the policy, ensuring that data access is consistently enforced. Understanding MAC’s structure, including labels, levels, and enforcement mechanisms, is essential for security professionals designing high-security environments where unauthorized access can have severe consequences. This model reinforces the concept of the principle of least privilege while providing robust protection against deliberate or accidental breaches, making it an indispensable tool in secure system design.
Question 182
Which of the following attacks involves tricking a user into providing confidential information via email or messaging?
A) Spear Phishing
B) SQL Injection
C) Brute Force Attack
D) ARP Spoofing
Answer: A
Explanation:
Spear phishing is a highly targeted social engineering attack in which attackers craft personalized emails or messages to deceive specific individuals into divulging sensitive information such as login credentials, financial data, or personal identifiers. Unlike generic phishing, spear phishing uses detailed information about the target to increase credibility and likelihood of success. Option B, SQL injection, exploits database vulnerabilities through crafted queries and does not rely on human interaction. Option C, brute force attacks, systematically guess passwords and are technical rather than social in nature. Option D, ARP spoofing, manipulates network traffic at the local network layer to intercept communications, unrelated to deceptive messaging. Spear phishing exploits human psychology, often employing urgency, authority, or curiosity to manipulate victims. Attackers may combine spear phishing with malware by embedding malicious attachments or links, enabling further compromise once the target interacts. Organizations can mitigate spear phishing by implementing multi-factor authentication, email filtering, user awareness training, and simulated phishing exercises. Recognizing spear phishing tactics is crucial for cybersecurity professionals to prevent credential theft, data breaches, and potential lateral movement within networks. Understanding the nuances of spear phishing, such as pretexting, personalization, and social engineering cues, helps in developing proactive defenses. Security teams must continuously educate employees about these evolving threats and monitor email traffic for suspicious patterns. Spear phishing remains a significant vector in cybersecurity incidents due to its reliance on exploiting trust and behavior, making human vigilance as important as technical safeguards in organizational security strategies.
Question 183
Which of the following security devices is specifically designed to detect malicious activity and alert administrators without blocking traffic?
A) Intrusion Prevention System (IPS)
B) Intrusion Detection System (IDS)
C) Firewall
D) Proxy Server
Answer: B
Explanation:
An Intrusion Detection System (IDS) is a network security technology designed to monitor network traffic for suspicious patterns, anomalies, or known signatures of malicious activity and alert administrators when potential threats are detected. IDS operates in a passive mode, meaning it does not actively block traffic but provides valuable visibility into attacks, policy violations, or vulnerabilities. Option A, an Intrusion Prevention System (IPS), not only detects threats but can also actively block or mitigate malicious traffic in real-time, making it more proactive. Option C, a firewall, filters traffic based on predefined rules but does not specialize in detecting or alerting on complex attacks. Option D, a proxy server, primarily serves as an intermediary for requests, caching content and providing basic access control rather than threat detection. IDS can be signature-based, identifying known attack patterns, or anomaly-based, detecting unusual behavior deviating from normal network baselines. Deploying IDS enhances threat intelligence, allowing security teams to investigate alerts, analyze trends, and strengthen network defenses. Integration with Security Information and Event Management (SIEM) platforms allows centralized monitoring, correlation of incidents, and streamlined response strategies. IDS is essential in layered security strategies, complementing firewalls, endpoint protection, and other preventive controls. Security professionals must configure IDS properly, fine-tune detection rules, and review alerts regularly to avoid false positives and ensure timely responses to legitimate threats. IDS serves as a critical component of comprehensive cybersecurity frameworks, providing insight into ongoing attacks, facilitating forensic analysis, and helping organizations maintain robust situational awareness in an increasingly hostile threat landscape.
Question 184
Which principle ensures that users can only access the resources necessary for their job function?
A) Separation of Duties
B) Least Privilege
C) Role Hierarchy
D) Mandatory Access Control
Answer: B
Explanation:
The principle of least privilege is a fundamental security concept that restricts user access rights to the minimum necessary to perform their job functions. By limiting permissions, organizations reduce the risk of accidental or intentional misuse of sensitive information or critical system functions. Option A, separation of duties, divides responsibilities among multiple individuals to prevent fraud or error but does not directly limit access to necessary resources. Option C, role hierarchy, organizes permissions based on organizational roles, which may support least privilege but is not the principle itself. Option D, mandatory access control, enforces strict access rules based on labels but does not inherently focus on minimizing access per job role. Implementing least privilege involves carefully assessing roles, responsibilities, and workflows, ensuring that users have no more access than required. This approach mitigates insider threats, accidental configuration changes, and malware propagation, as compromised accounts have limited potential impact. Security teams often enforce least privilege through role-based access control, periodic access reviews, and privilege escalation monitoring. Automation can assist in provisioning, deprovisioning, and auditing permissions, reducing human error. Least privilege aligns with compliance requirements such as GDPR, HIPAA, and NIST standards, promoting accountability and reducing exposure of sensitive assets. Organizations that rigorously apply least privilege benefit from a stronger security posture, lower attack surface, and enhanced operational control. Additionally, combining least privilege with multi-factor authentication and monitoring strengthens defenses against both internal and external threats, ensuring that access policies are effective and enforceable across complex IT environments.
Question 185
Which type of malware spreads across networks by exploiting vulnerabilities without requiring user interaction?
A) Trojan
B) Worm
C) Rootkit
D) Ransomware
Answer: B
Explanation:
A worm is a self-replicating type of malware that spreads autonomously across networks by exploiting vulnerabilities in software, operating systems, or network protocols, without requiring user interaction. Unlike viruses, which attach to files, worms can propagate independently, often causing rapid infection across systems and consuming bandwidth or system resources. Option A, Trojans, rely on user execution and perform malicious actions while appearing benign. Option C, rootkits, hide their presence on a compromised system but are not inherently self-replicating. Option D, ransomware, encrypts user files and demands payment but typically requires delivery through email, downloads, or network exploits. Worms have historically caused widespread disruptions, such as the Conficker or WannaCry outbreaks, exploiting unpatched vulnerabilities in operating systems or applications. Mitigation requires timely patch management, network segmentation, firewall configuration, and intrusion detection to prevent uncontrolled propagation. Security awareness, automated updates, and endpoint protection systems play a crucial role in reducing exposure to worms. Because worms exploit system vulnerabilities directly, administrators must maintain robust vulnerability scanning programs, enforce strong security policies, and isolate infected systems promptly. Understanding worm behavior helps security professionals anticipate propagation patterns, implement defensive measures, and reduce the potential impact on business operations. Effective worm containment also emphasizes proactive monitoring and rapid response to emerging threats, highlighting the importance of a holistic cybersecurity approach.
Question 186
Which cryptographic technique uses the same key for both encryption and decryption of data?
A) Asymmetric Encryption
B) Symmetric Encryption
C) Hashing
D) Digital Signature
Answer: B
Explanation:
Symmetric encryption is a cryptographic method in which the same secret key is used for both encrypting and decrypting information. Symmetric algorithms are efficient for large data transfers and are commonly used in secure communications, storage encryption, and VPN connections. Option A, asymmetric encryption, uses a key pair consisting of a public and private key for encryption and decryption. Option C, hashing, generates a fixed-length value from input data but is irreversible and does not allow decryption. Option D, digital signatures, verify authenticity and integrity but do not provide symmetric encryption functionality. Symmetric encryption algorithms, such as AES, DES, and ChaCha20, provide confidentiality by transforming plaintext into ciphertext using mathematical operations. The security of symmetric encryption relies on the secrecy of the key; if the key is compromised, the encrypted data is vulnerable. Key management, including secure generation, distribution, storage, and rotation, is critical to maintaining confidentiality. Symmetric encryption is often used alongside asymmetric encryption to establish secure key exchange channels, providing efficiency and robust protection. Security professionals must understand algorithm strengths, key lengths, block sizes, and modes of operation to implement encryption effectively. By combining symmetric encryption with strong key management practices, organizations can protect sensitive data during transmission, storage, and processing, ensuring compliance with industry standards and regulatory requirements.
Question 187
Which wireless attack mimics a legitimate access point to capture user credentials?
A) Evil Twin
B) Jamming
C) Bluejacking
D) War Driving
Answer: A
Explanation:
An evil twin attack occurs when an attacker creates a rogue wireless access point that impersonates a legitimate one to lure users into connecting. Once connected, the attacker can capture credentials, intercept traffic, and launch additional attacks such as man-in-the-middle or malware injection. Option B, jamming, disrupts wireless communications by overwhelming the network with interference but does not steal credentials. Option C, bluejacking, sends unsolicited messages to Bluetooth devices and is generally harmless. Option D, war driving, involves scanning for open or weak Wi-Fi networks but does not directly intercept user credentials. Evil twin attacks exploit user trust in familiar networks, making awareness and verification essential. Organizations can mitigate such attacks through encrypted communication, certificate validation, strong authentication, and network monitoring. Rogue AP detection systems, intrusion detection systems, and user training help prevent successful connections to malicious networks. Security professionals must understand wireless vulnerabilities, encryption protocols, and authentication mechanisms to defend against evil twin attacks. Monitoring signal strength, unusual traffic patterns, and authentication failures can also provide early warning of such attacks. By combining technical controls with security policies, organizations can reduce the risk of credential theft, data interception, and unauthorized network access. Awareness campaigns emphasizing network verification, avoidance of untrusted Wi-Fi, and proper use of VPNs strengthen the resilience against evil twin threats, ensuring that wireless communication remains secure, even in public or high-risk environments.
Question 188
Which technique ensures that data cannot be read if intercepted, even if the transmission is compromised?
A) Encryption
B) Tokenization
C) Hashing
D) Masking
Answer: A
Explanation:
Encryption is the process of converting plaintext data into an unreadable ciphertext using an algorithm and key, ensuring confidentiality even if the data is intercepted during transmission. Encryption prevents unauthorized users from understanding the content without possessing the appropriate decryption key. Option B, tokenization, replaces sensitive data with non-sensitive equivalents but does not provide end-to-end protection during transmission. Option C, hashing, creates a fixed-length digest to ensure integrity but is irreversible and does not conceal content for confidentiality. Option D, masking, obscures data values for display or processing but does not secure transmitted data. Encryption can be symmetric, using a single shared key, or asymmetric, employing key pairs. TLS, VPNs, and secure messaging are examples of encryption applied in network communications. Implementing strong encryption algorithms, key management practices, and secure protocols ensures data confidentiality and compliance with regulatory standards. Security professionals must evaluate encryption strength, cryptographic modes, and algorithm resilience against evolving threats. Encryption also supports secure storage, authentication mechanisms, and digital signatures. By integrating encryption into data lifecycle management, organizations mitigate risks of interception, eavesdropping, and data exfiltration, creating a robust defense against cyber threats while maintaining confidentiality and integrity across all digital communication channels.
Question 189
Which authentication factor relies on something inherent to the user, such as fingerprints or iris patterns?
A) Knowledge
B) Inherence
C) Possession
D) Location
Answer: B
Explanation:
Inherence-based authentication, also known as biometric authentication, relies on physical or behavioral traits unique to an individual, such as fingerprints, iris scans, facial recognition, voice patterns, or typing dynamics. Inherence provides a high level of security because these traits are difficult to replicate, ensuring that access is granted only to the legitimate user. Option A, knowledge, refers to something the user knows, such as a password or PIN. Option C, possession, involves something the user owns, such as a smart card or security token. Option D, location, can be considered a contextual factor, providing situational authentication but not directly linked to user identity. Biometric systems use sensors and software to capture, analyze, and compare traits against stored templates. False acceptance rates (FAR) and false rejection rates (FRR) are critical metrics to evaluate biometric effectiveness. Inherence factors are often combined with knowledge or possession factors in multi-factor authentication (MFA) to enhance security. Implementing biometric authentication involves careful consideration of privacy, data storage, and regulatory compliance. Security professionals must understand biometric enrollment, template protection, and spoofing countermeasures to maintain reliability. Biometrics can significantly reduce risks associated with lost or stolen credentials, ensuring secure and user-friendly authentication methods while supporting enterprise access control policies. When properly deployed, inherence factors strengthen the overall identity management framework and minimize vulnerabilities associated with traditional authentication methods.
Question 190
Which type of attack attempts to guess passwords by systematically trying every possible combination?
A) Brute Force Attack
B) Dictionary Attack
C) Man-in-the-Middle Attack
D) Phishing
Answer: A
Explanation:
A brute force attack is a method of breaking passwords or cryptographic keys by systematically attempting every possible combination until the correct one is found. Brute force attacks can target login credentials, encryption keys, or digital certificates. Option B, dictionary attacks, use a precompiled list of common words or passwords, which is more efficient but less exhaustive than brute force. Option C, man-in-the-middle attacks, intercept communications to steal or manipulate data but do not directly guess passwords. Option D, phishing, relies on social engineering to trick users into revealing credentials rather than computing them. Brute force attacks require computational resources, and their effectiveness depends on password complexity, length, and account lockout policies. Security measures such as multi-factor authentication, account lockouts, password complexity requirements, and rate limiting significantly reduce the success of brute force attempts. Organizations should enforce strong password policies, promote password managers, and monitor login attempts for anomalies. Brute force attacks are often automated using specialized software and can be combined with other attack vectors for greater impact. Understanding brute force methodology helps cybersecurity professionals design resilient authentication systems, evaluate risk exposure, and implement layered defenses. Effective countermeasures also include adaptive authentication, anomaly detection, and education to reduce predictable or weak password usage, ensuring that sensitive information remains secure from exhaustive computational attacks.
Question 191
Which security framework focuses on identifying, protecting, detecting, responding, and recovering from cybersecurity incidents?
A) NIST Cybersecurity Framework
B) ISO 9001
C) COBIT
D) ITIL
Answer: A
Explanation:
The NIST Cybersecurity Framework (CSF), developed by the U.S. National Institute of Standards and Technology, is a widely adopted guideline designed to help organizations manage and reduce cybersecurity risk through a structured and flexible approach. Initially created to strengthen the cybersecurity posture of critical infrastructure sectors, the framework has evolved into a universal model applicable across industries and organization sizes, from small businesses to global enterprises. Its primary goal is to provide a common language for managing cybersecurity activities while aligning security initiatives with business objectives and risk tolerance. The NIST CSF is composed of five core functions—Identify, Protect, Detect, Respond, and Recover—each representing a critical aspect of a comprehensive cybersecurity program.
The Identify function forms the foundation of the framework by enabling organizations to understand their environment, systems, and assets. It focuses on asset management, business context, governance, and risk assessment. This stage helps organizations determine what needs to be protected and prioritize resources based on risk exposure. The Protect function focuses on safeguards that ensure service delivery and data integrity. It includes measures such as access control, encryption, endpoint security, and employee awareness training. By implementing strong preventive controls, organizations can minimize the likelihood or impact of cyber incidents. The Detect function provides the capability to identify cybersecurity events promptly. It involves continuous monitoring, anomaly detection, and the use of analytics tools to recognize deviations from normal activity, helping organizations respond before an incident escalates.
Once a threat is identified, the Respond function comes into play. It focuses on containment, mitigation, communication, and forensic analysis to limit damage and restore control. A well-defined incident response plan allows teams to react swiftly, minimizing downtime and reputational harm. The Recover function addresses post-incident restoration and long-term resilience. It involves recovery planning, system restoration, and the integration of lessons learned into future security strategies. Recovery ensures that organizations not only return to normal operations but also emerge stronger and more prepared for future threats.
Unlike other frameworks such as ISO 9001, COBIT, or ITIL, which focus on quality management, IT governance, or service management respectively, the NIST CSF specifically targets the lifecycle of cybersecurity risk management. Its risk-based, outcome-oriented design makes it adaptable to any environment or regulatory requirement. Organizations can tailor the CSF to their unique needs, mapping existing security policies and controls to its core functions to identify gaps and prioritize improvements.
Implementing the NIST CSF involves collaboration across departments, combining policy development, technical safeguards, and personnel training. It promotes a continuous improvement cycle where each function supports the others, ensuring that cybersecurity becomes an integrated, ongoing process rather than a one-time project. By adopting the NIST CSF, organizations gain a structured methodology for aligning cybersecurity practices with business goals, reducing exposure to threats, and enhancing resilience. Ultimately, the framework empowers security professionals to manage risk effectively, improve detection and response capabilities, and strengthen overall preparedness against evolving cyber threats.
Question 192
Which type of malware records user activity without their knowledge, such as keystrokes or browsing habits?
A) Spyware
B) Trojan
C) Ransomware
D) Worm
Answer: A
Explanation:
Spyware is a type of malicious software designed to secretly monitor and collect information from a user’s computer or mobile device without their knowledge or consent. Unlike many other types of malware that focus on causing immediate damage or disruption, spyware’s primary objective is surveillance and data theft. It operates covertly in the background, recording user behavior, capturing keystrokes, logging browsing activity, and extracting personal or corporate information such as credentials, financial data, or confidential documents. The stolen data is typically transmitted to an attacker-controlled server, where it can be exploited for identity theft, espionage, or financial fraud. Spyware often disguises itself as legitimate software or hides within seemingly harmless downloads, browser extensions, or bundled applications. Because of its stealthy nature, users may remain unaware of its presence for long periods, making it one of the most persistent and dangerous threats to privacy and information security.
Spyware differs significantly from other categories of malicious software. For example, Trojans—malware disguised as legitimate programs—focus primarily on delivering payloads or creating backdoors for additional malware but do not necessarily monitor user activity continuously. Ransomware, by contrast, encrypts a victim’s files and demands payment for decryption, causing immediate and visible damage but not engaging in ongoing surveillance. Worms replicate automatically across networks to spread infection but do not typically collect or exfiltrate data. Spyware’s distinct feature lies in its passive, covert approach, where the goal is to gather intelligence rather than directly sabotage or destroy systems. Because of this, spyware is often used in targeted attacks, corporate espionage, or nation-state surveillance operations.
Common infection vectors for spyware include malicious email attachments, deceptive software installers, drive-by downloads from compromised websites, and mobile applications that request excessive permissions. Some spyware exploits vulnerabilities in outdated software or operating systems, while others rely on social engineering to trick users into installing them. Once installed, spyware may hook into system processes, modify registry entries, or inject code into legitimate programs to persist even after reboots or software updates. Advanced variants employ encryption and obfuscation techniques to evade detection by traditional antivirus tools.
Mitigating spyware requires a layered defense strategy combining endpoint protection, network monitoring, and user awareness. Endpoint detection and response (EDR) solutions with behavioral analytics can identify unusual activity patterns such as unauthorized data access or unexpected outbound connections. Anti-spyware tools can perform regular scans to detect and remove known spyware signatures. Keeping operating systems and applications updated helps close vulnerabilities that spyware exploits. At the organizational level, enforcing least-privilege access, deploying web filtering, and monitoring outbound traffic for suspicious data exfiltration attempts are critical. User education also plays a vital role—training individuals to recognize phishing attempts, avoid untrusted downloads, and verify application permissions before installation significantly reduces exposure to spyware.
The consequences of spyware infections can be severe. For individuals, it can result in stolen banking credentials, identity theft, or blackmail. For organizations, spyware can compromise proprietary data, customer information, and trade secrets, leading to regulatory penalties, reputational damage, and financial losses. In corporate environments, spyware can act as a precursor to larger attacks, such as credential theft leading to ransomware deployment or advanced persistent threats (APTs).
Cybersecurity professionals must understand spyware’s techniques, behaviors, and indicators of compromise to effectively defend against it. Combining threat intelligence with real-time monitoring, automated incident response, and forensic analysis enhances detection and containment. Adopting a Zero Trust model—where all users, devices, and applications are continuously verified—further limits spyware’s ability to move laterally or escalate privileges.
Ultimately, spyware exemplifies the shift toward stealth and persistence in modern cyber threats. Protecting against it requires not just technical controls but a comprehensive, proactive approach encompassing governance, technology, and human vigilance. By maintaining updated defenses, practicing safe computing habits, and implementing robust monitoring, individuals and organizations can safeguard sensitive data and uphold privacy in an increasingly surveilled digital world.
Question 193
Which of the following is the best method to prevent unauthorized devices from connecting to a network?
A) MAC Address Filtering
B) Password Complexity
C) Multi-Factor Authentication
D) Encryption
Answer: A
Explanation:
MAC address filtering is a network access control method used to regulate which devices are permitted to connect to a network based on their unique Media Access Control (MAC) addresses. Each network interface card (NIC) has a distinct MAC address assigned by the manufacturer, allowing administrators to create allowlists or denylists that specify which devices are authorized. When a device attempts to connect, the network’s access point or switch checks its MAC address against this list. If the address is approved, the device gains access; otherwise, it is denied. This approach provides a foundational layer of security that helps limit unauthorized or rogue devices from joining the network.
Unlike user-based security controls, such as password complexity or multi-factor authentication, MAC filtering operates at the hardware level. Option B, password complexity, enhances user account security but does not manage which devices connect to the network. Option C, multi-factor authentication, focuses on verifying the identity of users rather than devices, and Option D, encryption, protects data in transit but does not restrict device access. Therefore, MAC address filtering fills a specific role within network access control by addressing device identification and authorization directly.
MAC filtering is often employed in small-scale or home networks where device lists are limited and easy to manage. In enterprise environments, however, its effectiveness is limited because it can be circumvented through MAC spoofing—where an attacker changes their device’s MAC address to mimic an authorized one. As such, MAC filtering should not be relied upon as the sole means of protection. Instead, it is best implemented as part of a layered security strategy that includes stronger measures such as 802.1X authentication with RADIUS and Cisco Identity Services Engine (ISE), network segmentation, and encryption protocols like WPA3 for wireless networks.
For organizations implementing MAC filtering, maintaining an accurate and updated inventory of authorized devices is essential. Network administrators should continuously monitor connections, log device activity, and use intrusion detection or prevention systems (IDS/IPS) to identify suspicious behavior or spoofing attempts. Automated tools can also help detect and alert administrators when unauthorized devices attempt to connect using cloned or spoofed MAC addresses.
While MAC address filtering is not foolproof, it adds an extra checkpoint in a multi-layered security framework. When combined with endpoint management, real-time monitoring, and strict access controls, it contributes to a stronger overall security posture. By ensuring that only recognized devices can access critical resources, organizations can reduce their attack surface, enhance visibility, and maintain greater control over their network environments.
Question 194
Which of the following represents a type of denial-of-service attack where multiple systems flood a target simultaneously?
A) Distributed Denial-of-Service (DDoS)
B) Phishing
C) SQL Injection
D) Man-in-the-Middle
Answer: A
Explanation:
A Distributed Denial-of-Service (DDoS) attack is a large-scale cyberattack in which multiple compromised systems, often part of a coordinated botnet, overwhelm a target’s resources—such as servers, networks, or applications—by flooding them with massive volumes of traffic. The goal is to exhaust bandwidth, CPU, or memory resources, rendering the targeted service slow or completely unavailable to legitimate users. Unlike a standard Denial-of-Service (DoS) attack, which originates from a single source, DDoS attacks are distributed across numerous devices worldwide, making them much harder to detect, mitigate, and trace. These attacks often exploit insecure Internet of Things (IoT) devices or vulnerable computers infected with malware to create a botnet under the attacker’s control.
Option B, phishing, involves social engineering to trick users into disclosing credentials or sensitive information and does not aim to disrupt system availability. Option C, SQL injection, targets database vulnerabilities to manipulate or steal data, while Option D, man-in-the-middle attacks, intercept communications to eavesdrop or alter transmitted information. DDoS attacks, on the other hand, focus specifically on service disruption and operational paralysis. They can target websites, APIs, or even core network infrastructure, leading to prolonged outages, financial loss, reputational damage, and customer dissatisfaction.
Common types of DDoS attacks include volumetric attacks (flooding bandwidth with traffic such as UDP floods or amplification attacks), protocol attacks (exploiting weaknesses in Layer 3 and Layer 4 protocols like SYN floods or Ping of Death), and application-layer attacks (targeting HTTP or DNS services to exhaust server resources). Attackers often employ amplification techniques, such as DNS or NTP reflection, to multiply the size of the traffic directed at the target.
To mitigate DDoS attacks, organizations deploy layered defense strategies. These include rate limiting to control traffic spikes, traffic filtering to block malicious IPs, and web application firewalls (WAFs) to detect and mitigate layer 7 attacks. Anti-DDoS solutions, such as Cisco Secure DDoS Protection, use behavioral analytics and cloud-based scrubbing centers to filter malicious traffic before it reaches the target network. Additionally, network redundancy, load balancing, and content delivery networks (CDNs) help distribute traffic, reducing the impact of localized attacks.
Proactive defense also requires continuous monitoring and integration of real-time threat intelligence to detect unusual traffic patterns early. Cybersecurity teams must develop comprehensive incident response plans, perform regular stress testing, and implement scalable architectures that can absorb or deflect high volumes of traffic.
Ultimately, understanding the mechanisms, amplification methods, and evolving tactics behind DDoS attacks is crucial for maintaining service availability. Combining technical controls with proactive planning and resilient infrastructure ensures that organizations can withstand and recover quickly from even the most sophisticated distributed attacks.
Question 195
Which of the following techniques helps secure email content and verify sender identity?
A) Digital Signatures
B) Password Protection
C) Multi-Factor Authentication
D) VPN
Answer: A
Explanation:
Digital signatures are cryptographic mechanisms used to verify the authenticity and integrity of electronic messages, including emails. By using a private key to sign the message, the sender ensures that recipients can verify the sender’s identity with the corresponding public key. Digital signatures prevent tampering and provide non-repudiation, ensuring that the sender cannot deny sending the message. Option B, password protection, limits access but does not verify identity or integrity. Option C, multi-factor authentication, secures access to accounts but does not sign messages. Option D, VPN, secures communication channels but does not provide message authentication or integrity verification. Digital signatures are often combined with encryption to secure email content against unauthorized reading while validating the sender. Email security protocols like S/MIME and PGP use digital signatures to implement these protections. Implementing digital signatures requires certificate management, key distribution, and endpoint support. Organizations benefit from reduced phishing risk, enhanced trust, and compliance with data protection regulations. Digital signatures also assist in legal and contractual communications, providing verifiable evidence of authenticity. Security professionals must understand key pair management, signature validation processes, and integration with email systems to ensure reliable and secure digital communication. Proper deployment enhances confidentiality, integrity, and authenticity, reducing the risk of email fraud, tampering, and impersonation.
Question 196
Which of the following controls aims to prevent malware infections before they reach endpoints?
A) Antivirus Software
B) Email Filtering
C) Intrusion Detection Systems
D) Security Awareness Training
Answer: B
Explanation:
Email filtering is a preventative control designed to block malware, phishing attempts, spam, and malicious attachments before they reach endpoints. Email remains one of the most common attack vectors, and filtering systems analyze message content, sender reputation, attachments, and embedded links to prevent malicious delivery. Option A, antivirus software, primarily acts at the endpoint, detecting and mitigating malware after arrival. Option C, intrusion detection systems, monitor network traffic for threats but do not prevent malware delivery directly. Option D, security awareness training, educates users on recognizing threats but is not a direct technical control. Effective email filtering integrates signature-based detection, sandboxing, heuristic analysis, and machine learning to identify emerging threats proactively. Filtering reduces exposure to ransomware, spyware, and phishing campaigns, complementing other endpoint and network defenses. Security professionals must tune filtering policies, update detection rules, and monitor quarantined items to ensure effectiveness while minimizing false positives. Integrating email filtering with encryption, multi-factor authentication, and incident response planning enhances overall protection. Organizations benefit from decreased infection rates, improved compliance with security standards, and reduced operational disruption caused by malware. Email filtering serves as the frontline defense, intercepting threats at the earliest stage, reinforcing layered security, and mitigating risk before it impacts users, systems, and critical data assets.
Question 197
Which security practice involves assessing risks, identifying vulnerabilities, and implementing mitigation strategies?
A) Risk Management
B) Patch Management
C) Incident Response
D) Network Segmentation
Answer: A
Explanation:
Risk management is the structured process of identifying, assessing, prioritizing, and mitigating risks to organizational assets, operations, and personnel. It involves recognizing vulnerabilities, evaluating potential threats, quantifying impact and likelihood, and implementing controls to reduce risk to acceptable levels. Option B, patch management, focuses on applying software updates to mitigate vulnerabilities but is a component of risk management rather than a comprehensive framework. Option C, incident response, handles security events after occurrence and is part of the broader risk management lifecycle. Option D, network segmentation, limits exposure of critical assets but does not encompass the full risk evaluation process. Effective risk management combines qualitative and quantitative assessments, controls selection, continuous monitoring, and compliance alignment. It addresses technical, administrative, and physical safeguards, aligning with standards like NIST, ISO 27001, and COBIT. By proactively managing risk, organizations reduce the probability and impact of security incidents, ensure regulatory compliance, and support strategic decision-making. Risk management integrates vulnerability scanning, threat intelligence, policy enforcement, user training, and business continuity planning. Cybersecurity professionals rely on risk assessment frameworks to prioritize actions, allocate resources, and continuously improve defenses. Ultimately, risk management enhances organizational resilience, informs governance decisions, and strengthens the overall cybersecurity posture, enabling informed and proactive protection of critical assets.
Question 198
Which type of attack manipulates users into taking actions that compromise security by exploiting psychological triggers such as fear, urgency, or curiosity?
A) Social Engineering
B) SQL Injection
C) Denial of Service
D) Cross-Site Scripting
Answer: A
Explanation:
Social engineering is a method of attack that targets human psychology rather than technical vulnerabilities. Attackers manipulate users to reveal sensitive information, download malware, or perform actions that compromise security by exploiting traits like trust, fear, urgency, or curiosity. Techniques include phishing emails, pretexting, baiting, and tailgating. Option B, SQL injection, is a technical attack that exploits database vulnerabilities to manipulate or retrieve data but does not rely on tricking users. Option C, Denial of Service (DoS), aims to overwhelm systems and make them unavailable, rather than exploiting human behavior. Option D, Cross-Site Scripting (XSS), injects malicious scripts into web pages viewed by users, affecting browsers but not directly manipulating the user’s decision-making process in the same psychological sense as social engineering. Social engineering attacks are often highly targeted, as seen in spear phishing campaigns, where attackers research victims to craft convincing communications. Effective mitigation requires employee awareness training, clear policies on information sharing, multi-factor authentication, and verification procedures before sensitive actions are taken. Security teams must continuously simulate social engineering attempts to educate users, evaluate response effectiveness, and identify organizational weaknesses. Social engineering highlights the critical importance of humans as both a potential vulnerability and a defense layer in cybersecurity. By combining user awareness, technical safeguards, and procedural policies, organizations reduce the risk of successful manipulation and strengthen overall security posture.
Question 199
Which framework provides a standardized approach for managing IT governance, risk, and compliance across an organization?
A) COBIT
B) ISO 27001
C) NIST CSF
D) ITIL
Answer: A
Explanation:
COBIT (Control Objectives for Information and Related Technologies) is a globally recognized framework that provides guidance for IT governance, risk management, and compliance. It defines processes, practices, and metrics to ensure that IT supports organizational goals while managing risk effectively. Option B, ISO 27001, is focused primarily on information security management systems (ISMS) but does not provide comprehensive governance and operational guidance like COBIT. Option C, NIST CSF, emphasizes cybersecurity risk management and incident response but is more tactical than governance-oriented. Option D, ITIL, focuses on IT service management, operational efficiency, and service delivery rather than governance and risk frameworks. COBIT helps organizations align IT with business objectives, establish clear accountability, implement consistent control mechanisms, and measure performance. Its processes cover areas such as risk assessment, security controls, audit practices, and compliance requirements, providing a holistic approach for organizations seeking to integrate IT governance into strategic planning. Security professionals use COBIT to ensure policies, processes, and systems are consistently applied, reducing operational risks and regulatory exposure. COBIT is particularly useful for large organizations that require a structured, repeatable methodology to govern complex IT environments while maintaining compliance with regulations, industry standards, and internal policies. By adopting COBIT, enterprises can bridge gaps between technical IT functions and business objectives, ensuring that risk, security, and governance operate synergistically to protect organizational assets.
Question 200
Which security measure involves converting sensitive information into non-sensitive representations that can be used safely in databases or applications?
A) Tokenization
B) Encryption
C) Masking
D) Hashing
Answer: A
Explanation:
Tokenization is a security technique that replaces sensitive data elements, such as credit card numbers or personally identifiable information, with non-sensitive tokens that can be safely used in databases, applications, and business processes. The original sensitive data is stored securely in a separate system known as a token vault. Option B, encryption, transforms data into ciphertext to maintain confidentiality but retains the original data in a recoverable form with a key. Option C, masking, obscures data for display or testing purposes but does not create a reusable non-sensitive substitute. Option D, hashing, converts data into a fixed-length value for integrity verification and is not reversible, making it unsuitable for use in transactional systems requiring data substitution. Tokenization reduces the risk of data breaches because compromised tokens are useless to attackers and cannot be reversed without access to the token vault. It is widely used in payment card processing, healthcare data management, and any environment where compliance with regulations such as PCI DSS or GDPR is critical. Security teams implement tokenization alongside encryption, access controls, and monitoring to ensure sensitive data is protected throughout its lifecycle. By removing real data from operational environments, tokenization minimizes exposure and liability while enabling businesses to continue necessary processes without handling actual sensitive information. Tokenization also simplifies regulatory compliance, reduces the attack surface, and allows safe data handling in analytics, testing, and third-party integrations.
