Practice 300 Information Security MCQs with answers covering security mechanisms, cryptography, authentication, access control, database security, network security, software vulnerabilities, firewalls, IDS, policies, risk assessment, privacy, cybercrime law and ethics.
Information Security MCQs with Answers | 300 Questions | ElecturesAI Prepared with dedication by Engnr Dr. Muhammad Tahir Dlbar to help students learn smarter, practice better, and build strong information security concepts with confidence.
300 MCQs with answers
15 Topic sections
FAQ Question schema
SEO Ready HTML page
Study focus: This page is designed for exam preparation and concept revision. Each question includes visible answer markup and JSON-LD structured data for search engines.
Covered Topics
All Topics Foundations of Information Security & Security Mechanisms Security Design Principles Symmetric & Asymmetric Cryptography Digital Signatures & Key Management Authentication & Access Control Cryptography Concepts Encryption & Hash Functions Secure Design Lifecycle & Risk Controls Database Security Network Security Software Security, Vulnerabilities & Protection Firewalls, IDS & Security Policies Policy Formation & Enforcement Risk Assessment & Cybercrime Privacy, Anonymity, Cyber Law & Ethics
Show Answers
Hide Answers
Topic 1
Foundations of Information Security & Security Mechanisms
Back to top ↑ Question 1 Foundations of Information Security & Security Mechanisms
Q1. What is information security mainly concerned with? Only buying antivirus software Making every file public Removing all users from a system Protecting information confidentiality, integrity and availability
Show Answer Correct Answer: D. Protecting information confidentiality, integrity and availability
Question 2 Foundations of Information Security & Security Mechanisms
Q2. What does the CIA triad stand for in information security? Cipher, Input and Authentication Cybercrime, Identity and Audit Confidentiality, Integrity and Availability Control, Internet and Access
Show Answer Correct Answer: C. Confidentiality, Integrity and Availability
Question 3 Foundations of Information Security & Security Mechanisms
Q3. Confidentiality means: Data must always be deleted Passwords should be shared with everyone Systems should never be updated Only authorized people can access sensitive information
Show Answer Correct Answer: D. Only authorized people can access sensitive information
Question 4 Foundations of Information Security & Security Mechanisms
Q4. Integrity in information security means: Data is always hidden from administrators A server has the fastest processor Data remains accurate, complete and protected from unauthorized change A network cable is physically strong
Show Answer Correct Answer: C. Data remains accurate, complete and protected from unauthorized change
Question 5 Foundations of Information Security & Security Mechanisms
Q5. Availability means: All data must be encrypted twice Users cannot login during office hours Files must be stored only on paper Authorized users can access systems and data when needed
Show Answer Correct Answer: D. Authorized users can access systems and data when needed
Question 6 Foundations of Information Security & Security Mechanisms
Q6. In security, an asset is: Only a hacker tool A useless backup copy Only a firewall rule Anything valuable that needs protection
Show Answer Correct Answer: D. Anything valuable that needs protection
Question 7 Foundations of Information Security & Security Mechanisms
Q7. A threat is best described as: A type of database table A guaranteed improvement in security A possible cause of harm to an asset A password recovery email
Show Answer Correct Answer: C. A possible cause of harm to an asset
Question 8 Foundations of Information Security & Security Mechanisms
Q8. A vulnerability is: A perfect security design A legal user account only A weakness that can be exploited by a threat A completed backup schedule
Show Answer Correct Answer: C. A weakness that can be exploited by a threat
Question 9 Foundations of Information Security & Security Mechanisms
Q9. Information security risk is usually a combination of: Likelihood of a threat and the impact if it occurs Logo color and website font Screen size and keyboard layout Number of emails in the inbox only
Show Answer Correct Answer: A. Likelihood of a threat and the impact if it occurs
Question 10 Foundations of Information Security & Security Mechanisms
Q10. A security control or safeguard is used to: Remove all logs from the system Allow anonymous administrator access Reduce risk by preventing, detecting or correcting security problems Increase every possible risk
Show Answer Correct Answer: C. Reduce risk by preventing, detecting or correcting security problems
Question 11 Foundations of Information Security & Security Mechanisms
Q11. A security mechanism is: A shopping cart feature A random image in a webpage A rule that disables all authentication A technical or procedural method that supports security goals
Show Answer Correct Answer: D. A technical or procedural method that supports security goals
Question 12 Foundations of Information Security & Security Mechanisms
Q12. A preventive control is designed to: Recover deleted wallpaper Hide all audit trails Only print monthly reports Stop a security incident before it happens
Show Answer Correct Answer: D. Stop a security incident before it happens
Question 13 Foundations of Information Security & Security Mechanisms
Q13. A detective control helps to: Disable monitoring systems Guarantee no incident can ever happen Identify that a security event or violation has occurred Replace all encryption keys with weak keys
Show Answer Correct Answer: C. Identify that a security event or violation has occurred
Question 14 Foundations of Information Security & Security Mechanisms
Q14. A corrective control is used to: Delete security policies Avoid all software updates Make passwords visible Restore systems and reduce damage after an incident
Show Answer Correct Answer: D. Restore systems and reduce damage after an incident
Question 15 Foundations of Information Security & Security Mechanisms
Q15. The principle of least privilege means: Users get only the access needed to perform their job Every user should be a system administrator Access rights should never be reviewed No user should have any access ever
Show Answer Correct Answer: A. Users get only the access needed to perform their job
Question 16 Foundations of Information Security & Security Mechanisms
Q16. Defense in depth means: Ignoring physical security Using multiple layers of security controls Relying on a single firewall forever Using only one password for every account
Show Answer Correct Answer: B. Using multiple layers of security controls
Question 17 Foundations of Information Security & Security Mechanisms
Q17. Attack surface refers to: The color theme of a security dashboard A list of employee birthdays Only the size of a monitor All points where an attacker could try to enter or affect a system
Show Answer Correct Answer: D. All points where an attacker could try to enter or affect a system
Question 18 Foundations of Information Security & Security Mechanisms
Q18. A security policy is: A personal opinion without approval A replacement for all technical controls A formal statement of rules and expectations for protecting information A random password list
Show Answer Correct Answer: C. A formal statement of rules and expectations for protecting information
Question 19 Foundations of Information Security & Security Mechanisms
Q19. Security awareness training helps users to: Share passwords more quickly Avoid reporting incidents Bypass all policies Recognize threats and follow safe security practices
Show Answer Correct Answer: D. Recognize threats and follow safe security practices
Question 20 Foundations of Information Security & Security Mechanisms
Q20. Incident response is the process of: Preparing for, detecting, containing and recovering from security incidents Designing advertisements Formatting a spreadsheet Removing every log file immediately
Show Answer Correct Answer: A. Preparing for, detecting, containing and recovering from security incidents
Question 21 Security Design Principles
Q21. Fail-safe defaults means a system should: Deny access by default unless permission is explicitly granted Disable authentication for convenience Trust unknown users automatically Allow all access when an error occurs
Show Answer Correct Answer: A. Deny access by default unless permission is explicitly granted
Question 22 Security Design Principles
Q22. Complete mediation requires: Every access request to be checked before it is allowed Users to choose their own roles No permissions to be verified Only the first login of the year to be checked
Show Answer Correct Answer: A. Every access request to be checked before it is allowed
Question 23 Security Design Principles
Q23. Economy of mechanism means: Security code should be intentionally complex Systems should avoid documentation Policies should be impossible to read Security design should be simple and small enough to understand
Show Answer Correct Answer: D. Security design should be simple and small enough to understand
Question 24 Security Design Principles
Q24. Open design means: Passwords should be posted online Encryption keys should be shared Security should not depend on keeping the design secret Source code must always be public
Show Answer Correct Answer: C. Security should not depend on keeping the design secret
Question 25 Security Design Principles
Q25. Separation of privilege means: All users should share the same password Sensitive actions may require more than one condition or approval One person should control every security decision Access reviews should be skipped
Show Answer Correct Answer: B. Sensitive actions may require more than one condition or approval
Question 26 Security Design Principles
Q26. Least common mechanism recommends: Making every process use one shared administrator account Sharing temporary files with everyone Avoiding unnecessary shared components between users or processes Removing all isolation
Show Answer Correct Answer: C. Avoiding unnecessary shared components between users or processes
Question 27 Security Design Principles
Q27. Psychological acceptability means: Users should never receive guidance Interfaces should hide all warnings Security should confuse all users Security controls should be usable and understandable for legitimate users
Show Answer Correct Answer: D. Security controls should be usable and understandable for legitimate users
Question 28 Security Design Principles
Q28. Secure by default means: A system starts with all ports open A system gives guest administrator rights A system starts with safe settings before customization A system disables every log
Show Answer Correct Answer: C. A system starts with safe settings before customization
Question 29 Security Design Principles
Q29. Minimizing attack surface means: Using unsupported software intentionally Installing every possible plugin Removing unnecessary services, ports, accounts and features Publishing private keys
Show Answer Correct Answer: C. Removing unnecessary services, ports, accounts and features
Question 30 Security Design Principles
Q30. A secure design lifecycle includes security during: Requirements, design, implementation, testing and maintenance Only the final presentation Only after a breach Only when the system is deleted
Show Answer Correct Answer: A. Requirements, design, implementation, testing and maintenance
Question 31 Security Design Principles
Q31. A trust boundary is: A backup file name A point where data or control moves between different trust levels A keyboard shortcut A physical wall color
Show Answer Correct Answer: B. A point where data or control moves between different trust levels
Question 32 Security Design Principles
Q32. Input validation is important because it: Checks that data is expected, safe and correctly formatted Makes every query public Replaces authentication entirely Guarantees that passwords never expire
Show Answer Correct Answer: A. Checks that data is expected, safe and correctly formatted
Question 33 Security Design Principles
Q33. A secure configuration baseline is: An approved standard set of secure settings A random collection of screenshots A list of social media accounts A method for removing all patches
Show Answer Correct Answer: A. An approved standard set of secure settings
Question 34 Security Design Principles
Q34. Patch management is the process of: Avoiding every update forever Changing the logo of an application Testing and applying updates to fix weaknesses Using only outdated software
Show Answer Correct Answer: C. Testing and applying updates to fix weaknesses
Question 35 Security Design Principles
Q35. Logging and auditing support security by: Making attacks invisible Replacing access control Recording activity for monitoring, investigation and accountability Storing only entertainment data
Show Answer Correct Answer: C. Recording activity for monitoring, investigation and accountability
Question 36 Security Design Principles
Q36. Secure failure means: Crashes should reveal passwords Failures should disable all controls Users should get administrator rights after errors Errors should not expose sensitive data or give unsafe access
Show Answer Correct Answer: D. Errors should not expose sensitive data or give unsafe access
Question 37 Security Design Principles
Q37. A good security design balances: Only decoration and font size Protection, usability, cost and business requirements Only speed and ignoring risk Only number of menu items
Show Answer Correct Answer: B. Protection, usability, cost and business requirements
Question 38 Security Design Principles
Q38. Zero trust design assumes: No user or device is trusted automatically Passwords are unnecessary Everything inside the network is always safe Logs should be disabled
Show Answer Correct Answer: A. No user or device is trusted automatically
Question 39 Security Design Principles
Q39. Isolation in security design helps to: Mix all sensitive data in one folder Limit damage by separating systems, processes or data Expose internal services publicly Remove all permission checks
Show Answer Correct Answer: B. Limit damage by separating systems, processes or data
Question 40 Security Design Principles
Q40. Threat modeling is used to: Ignore security requirements Choose a website background image Create random account names Identify possible threats and design controls before deployment
Show Answer Correct Answer: D. Identify possible threats and design controls before deployment
Question 41 Symmetric & Asymmetric Cryptography
Q41. Symmetric encryption uses: A certificate without any algorithm A public key only The same secret key for encryption and decryption No key at all
Show Answer Correct Answer: C. The same secret key for encryption and decryption
Question 42 Symmetric & Asymmetric Cryptography
Q42. AES is commonly classified as: A digital signature certificate A password manager A symmetric block cipher A network cable type
Show Answer Correct Answer: C. A symmetric block cipher
Question 43 Symmetric & Asymmetric Cryptography
Q43. Asymmetric cryptography uses: Only a username One shared secret key only No keys or algorithms A mathematically related public key and private key pair
Show Answer Correct Answer: D. A mathematically related public key and private key pair
Question 44 Symmetric & Asymmetric Cryptography
Q44. RSA and ECC are examples of: Database backup plans Asymmetric cryptographic algorithms Operating system updates File compression formats
Show Answer Correct Answer: B. Asymmetric cryptographic algorithms
Question 45 Symmetric & Asymmetric Cryptography
Q45. Compared with asymmetric cryptography, symmetric cryptography is usually: Always slower for every task Faster for bulk data encryption Used only for screenshots Unable to encrypt data
Show Answer Correct Answer: B. Faster for bulk data encryption
Question 46 Symmetric & Asymmetric Cryptography
Q46. Asymmetric cryptography is especially useful for: Deleting all databases Key exchange, digital signatures and identity verification Replacing user training Changing monitor brightness
Show Answer Correct Answer: B. Key exchange, digital signatures and identity verification
Question 47 Symmetric & Asymmetric Cryptography
Q47. A public key is designed to be: Identical to every user's password Never used by anyone Stored only in a locked paper notebook Shared openly for encryption or signature verification
Show Answer Correct Answer: D. Shared openly for encryption or signature verification
Question 48 Symmetric & Asymmetric Cryptography
Q48. A private key should be: Posted on a public website Sent in plain text email Kept secret and protected from unauthorized access Shared with all visitors
Show Answer Correct Answer: C. Kept secret and protected from unauthorized access
Question 49 Symmetric & Asymmetric Cryptography
Q49. Hybrid encryption combines: Only social media authentication Asymmetric methods for key exchange and symmetric methods for fast data encryption Only hashing and no keys Only paper-based records
Show Answer Correct Answer: B. Asymmetric methods for key exchange and symmetric methods for fast data encryption
Question 50 Symmetric & Asymmetric Cryptography
Q50. A session key is: A permanent public blog post An employee ID card only A browser color setting A temporary symmetric key used for one communication session
Show Answer Correct Answer: D. A temporary symmetric key used for one communication session
Question 51 Symmetric & Asymmetric Cryptography
Q51. Encryption transforms: A backup into a physical lock Ciphertext into a company logo A password into a username Plaintext into ciphertext using an algorithm and key
Show Answer Correct Answer: D. Plaintext into ciphertext using an algorithm and key
Question 52 Symmetric & Asymmetric Cryptography
Q52. Decryption transforms: Plaintext into a firewall A certificate into a monitor Audit logs into malware Ciphertext back into readable plaintext with the correct key
Show Answer Correct Answer: D. Ciphertext back into readable plaintext with the correct key
Question 53 Symmetric & Asymmetric Cryptography
Q53. Key length affects security because: Longer secure keys generally make brute-force attacks harder Only the file name matters Keys do not affect encryption strength Shorter keys are always safer
Show Answer Correct Answer: A. Longer secure keys generally make brute-force attacks harder
Question 54 Symmetric & Asymmetric Cryptography
Q54. A brute-force attack attempts to: Try many possible keys or passwords until one works Create a training schedule Install only approved updates Fix a broken keyboard
Show Answer Correct Answer: A. Try many possible keys or passwords until one works
Question 55 Symmetric & Asymmetric Cryptography
Q55. A block cipher encrypts data: Only inside email subject lines In fixed-size blocks Without a key Only as audio files
Show Answer Correct Answer: B. In fixed-size blocks
Question 56 Symmetric & Asymmetric Cryptography
Q56. A stream cipher encrypts data: As a continuous stream of bits or bytes Only in database rows Only in printed books Only after deleting the key
Show Answer Correct Answer: A. As a continuous stream of bits or bytes
Question 57 Symmetric & Asymmetric Cryptography
Q57. A major challenge in symmetric encryption is: Securely distributing the shared secret key Choosing a brand logo Creating a web footer Increasing screen resolution
Show Answer Correct Answer: A. Securely distributing the shared secret key
Question 58 Symmetric & Asymmetric Cryptography
Q58. Encryption primarily supports: Employee attendance only Software decoration Keyboard replacement Confidentiality of data
Show Answer Correct Answer: D. Confidentiality of data
Question 59 Symmetric & Asymmetric Cryptography
Q59. Non-repudiation is strongly supported by: Unsigned text files Anonymous administrator accounts Shared passwords used by many people Digital signatures using asymmetric cryptography
Show Answer Correct Answer: D. Digital signatures using asymmetric cryptography
Question 60 Symmetric & Asymmetric Cryptography
Q60. Cryptanalysis is: A firewall rule naming style The study of breaking or evaluating cryptographic systems A method for deleting browser history The design of office furniture
Show Answer Correct Answer: B. The study of breaking or evaluating cryptographic systems
Question 61 Digital Signatures & Key Management
Q61. A digital signature mainly provides: Only file compression Only faster internet speed Only screen recording Authentication, integrity and non-repudiation
Show Answer Correct Answer: D. Authentication, integrity and non-repudiation
Question 62 Digital Signatures & Key Management
Q62. A digital signature is created with the sender's: Firewall rule number Plain password Private key Public key of every user
Show Answer Correct Answer: C. Private key
Question 63 Digital Signatures & Key Management
Q63. A digital signature is verified with the sender's: Private key of the verifier MAC address only Public key Database password
Show Answer Correct Answer: C. Public key
Question 64 Digital Signatures & Key Management
Q64. Why is a hash usually created before signing a message? To sign a fixed-length digest efficiently and detect changes To make the message larger To avoid using any key To remove all identity information
Show Answer Correct Answer: A. To sign a fixed-length digest efficiently and detect changes
Question 65 Digital Signatures & Key Management
Q65. A digital certificate is used to: Remove the need for trust Bind a public key to an identity Encrypt hardware physically Replace all backups
Show Answer Correct Answer: B. Bind a public key to an identity
Question 66 Digital Signatures & Key Management
Q66. A Certificate Authority usually: Stores every user's plain password Deletes all encryption keys Issues and validates digital certificates Blocks all legal access
Show Answer Correct Answer: C. Issues and validates digital certificates
Question 67 Digital Signatures & Key Management
Q67. PKI stands for: Private Keyboard Interface Packet Knowledge Index Public Key Infrastructure Password Key Image
Show Answer Correct Answer: C. Public Key Infrastructure
Question 68 Digital Signatures & Key Management
Q68. Key management lifecycle includes: Only creating user avatars Only choosing a file name Only changing a screen saver Generation, storage, use, rotation, backup and destruction of keys
Show Answer Correct Answer: D. Generation, storage, use, rotation, backup and destruction of keys
Question 69 Digital Signatures & Key Management
Q69. Secure key generation should use: Strong and unpredictable randomness A public social media quote A repeated common word The user's date of birth only
Show Answer Correct Answer: A. Strong and unpredictable randomness
Question 70 Digital Signatures & Key Management
Q70. Key rotation means: Printing a key on paper every hour Replacing keys periodically or after certain events Changing keyboard direction Sharing the same key forever
Show Answer Correct Answer: B. Replacing keys periodically or after certain events
Question 71 Digital Signatures & Key Management
Q71. Key escrow means: All keys are deleted immediately A key is published for everyone A key is changed into an image A trusted process holds a copy of a key for approved recovery
Show Answer Correct Answer: D. A trusted process holds a copy of a key for approved recovery
Question 72 Digital Signatures & Key Management
Q72. Certificate revocation is used when: A password is typed correctly An email is marked as read A certificate should no longer be trusted A monitor is upgraded
Show Answer Correct Answer: C. A certificate should no longer be trusted
Question 73 Digital Signatures & Key Management
Q73. CRL and OCSP are related to: Sorting database columns Creating a username Checking certificate revocation status Designing web colors
Show Answer Correct Answer: C. Checking certificate revocation status
Question 74 Digital Signatures & Key Management
Q74. An HSM is used to: Scan office furniture Protect and manage cryptographic keys in secure hardware Compress images only Host social media videos
Show Answer Correct Answer: B. Protect and manage cryptographic keys in secure hardware
Question 75 Digital Signatures & Key Management
Q75. Key backup is important because: It replaces all incident response Lost keys may make encrypted data unrecoverable It makes passwords public It removes access control
Show Answer Correct Answer: B. Lost keys may make encrypted data unrecoverable
Question 76 Digital Signatures & Key Management
Q76. Key compromise means: The key is longer than expected The key has no security role The key was printed correctly An unauthorized person may have obtained or used a key
Show Answer Correct Answer: D. An unauthorized person may have obtained or used a key
Question 77 Digital Signatures & Key Management
Q77. Signing a message is different from encrypting it because signing: Always hides the entire message from everyone Makes the file smaller only Deletes the message after sending Proves origin and integrity rather than hiding content
Show Answer Correct Answer: D. Proves origin and integrity rather than hiding content
Question 78 Digital Signatures & Key Management
Q78. Timestamping a digital signature helps to: Change the sender's identity Remove audit records Disable certificates Show when the signature was created or validated
Show Answer Correct Answer: D. Show when the signature was created or validated
Question 79 Digital Signatures & Key Management
Q79. A certificate chain is: A sequence of certificates linking an end certificate to a trusted root A password written in parts A list of shopping orders A network cable diagram
Show Answer Correct Answer: A. A sequence of certificates linking an end certificate to a trusted root
Question 80 Digital Signatures & Key Management
Q80. A root certificate authority acts as: A database table row A trust anchor in a PKI environment A local printer driver A temporary web cookie
Show Answer Correct Answer: B. A trust anchor in a PKI environment
Question 81 Authentication & Access Control
Q81. Authentication is the process of: Compressing a file Verifying the identity of a user, device or service Deleting audit logs Granting unlimited permissions
Show Answer Correct Answer: B. Verifying the identity of a user, device or service
Question 82 Authentication & Access Control
Q82. Authorization is the process of: Determining what an authenticated user is allowed to do Replacing encryption Checking a person's identity only Turning off access control
Show Answer Correct Answer: A. Determining what an authenticated user is allowed to do
Question 83 Authentication & Access Control
Q83. Accounting in AAA is used to: Record user actions for monitoring and accountability Remove logs after login Encrypt all traffic automatically Create passwords for everyone
Show Answer Correct Answer: A. Record user actions for monitoring and accountability
Question 84 Authentication & Access Control
Q84. A password is an example of: Something you have Something you delete Something you know Something you are
Show Answer Correct Answer: C. Something you know
Question 85 Authentication & Access Control
Q85. A smart card or security token is an example of: Something you guess Something you are Something you have Something you know
Show Answer Correct Answer: C. Something you have
Question 86 Authentication & Access Control
Q86. A fingerprint or face scan is an example of: Something you know Something you download Something you are Something you print
Show Answer Correct Answer: C. Something you are
Question 87 Authentication & Access Control
Q87. Multi-factor authentication means: Using the same password twice Using two or more different authentication factor types Disabling all login checks Only changing a username
Show Answer Correct Answer: B. Using two or more different authentication factor types
Question 88 Authentication & Access Control
Q88. Password salting helps by: Making passwords shorter Removing the need for hashing Sharing passwords with administrators Adding unique random data before hashing a password
Show Answer Correct Answer: D. Adding unique random data before hashing a password
Question 89 Authentication & Access Control
Q89. Password hashing is used to: Send passwords in open email Make passwords visible to users Store a one-way representation of a password Store passwords in plain text
Show Answer Correct Answer: C. Store a one-way representation of a password
Question 90 Authentication & Access Control
Q90. Role-Based Access Control assigns permissions based on: Screen color settings User roles and job functions User height Random keyboard keys
Show Answer Correct Answer: B. User roles and job functions
Question 91 Authentication & Access Control
Q91. Attribute-Based Access Control makes decisions using: Only file size Attributes such as user, resource, action and context Only the time shown on a clock Only a user's favorite color
Show Answer Correct Answer: B. Attributes such as user, resource, action and context
Question 92 Authentication & Access Control
Q92. Discretionary Access Control allows: Every user to be anonymous admin No owner permissions Only government labels to control access Resource owners to control access to their objects
Show Answer Correct Answer: D. Resource owners to control access to their objects
Question 93 Authentication & Access Control
Q93. Mandatory Access Control is based on: Personal preference with no rules User mood only Central policies and security labels Shopping cart value
Show Answer Correct Answer: C. Central policies and security labels
Question 94 Authentication & Access Control
Q94. An Access Control List contains: Permissions associated with a resource A list of advertisement captions A password recovery poem Only device wallpapers
Show Answer Correct Answer: A. Permissions associated with a resource
Question 95 Authentication & Access Control
Q95. Access review is performed to: Check whether user permissions are still appropriate Increase unused privileges Hide policy violations Remove all business accounts
Show Answer Correct Answer: A. Check whether user permissions are still appropriate
Question 96 Authentication & Access Control
Q96. Single Sign-On allows users to: Use public keys as passwords Authenticate once and access multiple trusted services Never authenticate again anywhere Bypass authorization
Show Answer Correct Answer: B. Authenticate once and access multiple trusted services
Question 97 Authentication & Access Control
Q97. Session management is important because: It removes database security It makes weak passwords strong It replaces software testing It controls authenticated user sessions securely
Show Answer Correct Answer: D. It controls authenticated user sessions securely
Question 98 Authentication & Access Control
Q98. Privilege escalation occurs when: A user logs out safely A file is renamed A backup completes A user gains higher access than intended
Show Answer Correct Answer: D. A user gains higher access than intended
Question 99 Authentication & Access Control
Q99. Default accounts should be: Given maximum rights forever Left with public passwords Disabled or changed according to secure configuration guidance Shared by all employees
Show Answer Correct Answer: C. Disabled or changed according to secure configuration guidance
Question 100 Authentication & Access Control
Q100. Zero trust access continuously verifies: Only the first login ever Only the color of the login button Nothing after network entry Identity, device posture and context before allowing access
Show Answer Correct Answer: D. Identity, device posture and context before allowing access
Question 101 Cryptography Concepts
Q101. Plaintext means: A certificate authority Encrypted unreadable data Readable data before encryption A firewall log only
Show Answer Correct Answer: C. Readable data before encryption
Question 102 Cryptography Concepts
Q102. Ciphertext means: A user's original password Unreadable encrypted data A printed security policy A database schema diagram
Show Answer Correct Answer: B. Unreadable encrypted data
Question 103 Cryptography Concepts
Q103. A cryptographic algorithm works together with: A logo to provide access A key to provide security A printer to verify identity A desk to increase speed
Show Answer Correct Answer: B. A key to provide security
Question 104 Cryptography Concepts
Q104. Kerckhoffs's principle says security should depend on: Using no keys The secrecy of the key, not the secrecy of the algorithm Making documentation unavailable Hiding the algorithm forever only
Show Answer Correct Answer: B. The secrecy of the key, not the secrecy of the algorithm
Question 105 Cryptography Concepts
Q105. Entropy in cryptography refers to: File size only Number of folders Monitor brightness Unpredictability or randomness
Show Answer Correct Answer: D. Unpredictability or randomness
Question 106 Cryptography Concepts
Q106. A nonce is: A repeated encryption key A number used once to prevent replay or reuse problems A permanent password A public employee name
Show Answer Correct Answer: B. A number used once to prevent replay or reuse problems
Question 107 Cryptography Concepts
Q107. An initialization vector is often used to: Disable the cipher Replace the encryption key Add uniqueness to encryption when the same key is reused safely by mode Store a user's email
Show Answer Correct Answer: C. Add uniqueness to encryption when the same key is reused safely by mode
Question 108 Cryptography Concepts
Q108. A one-time pad is secure only when the key is: Publicly posted Truly random, as long as the message and never reused Shorter than the message and reused Made from a common phrase
Show Answer Correct Answer: B. Truly random, as long as the message and never reused
Question 109 Cryptography Concepts
Q109. A substitution cipher works by: Only compressing spaces Reordering network cables Deleting every character Replacing symbols or letters with other symbols or letters
Show Answer Correct Answer: D. Replacing symbols or letters with other symbols or letters
Question 110 Cryptography Concepts
Q110. A transposition cipher works by: Changing every file extension Blocking a port Rearranging the positions of characters Hashing passwords with salt
Show Answer Correct Answer: C. Rearranging the positions of characters
Question 111 Cryptography Concepts
Q111. The Caesar cipher is an example of: A biometric factor A modern public key system A simple substitution cipher A database firewall
Show Answer Correct Answer: C. A simple substitution cipher
Question 112 Cryptography Concepts
Q112. Key space means: The set of all possible keys for an algorithm A server room area The free storage on a disk The space on a keyboard
Show Answer Correct Answer: A. The set of all possible keys for an algorithm
Question 113 Cryptography Concepts
Q113. Computationally infeasible means: Impossible to write in English Too difficult to solve with practical time and resources Easy to solve manually Required by every login page
Show Answer Correct Answer: B. Too difficult to solve with practical time and resources
Question 114 Cryptography Concepts
Q114. Encryption alone does not always prove: That data can be hidden That a key was used That ciphertext exists Who created the message or whether it was modified
Show Answer Correct Answer: D. Who created the message or whether it was modified
Question 115 Cryptography Concepts
Q115. Authenticated encryption is useful because it: Removes the need for secure keys Makes weak algorithms safe Deletes all plaintext permanently Protects confidentiality and verifies integrity/authenticity
Show Answer Correct Answer: D. Protects confidentiality and verifies integrity/authenticity
Question 116 Cryptography Concepts
Q116. A MAC provides: Only internet speed Only disk space Message authentication and integrity using a shared secret key Only a file icon
Show Answer Correct Answer: C. Message authentication and integrity using a shared secret key
Question 117 Cryptography Concepts
Q117. HMAC combines: A database with no credentials A cryptographic hash function with a secret key A keyboard with a monitor A web page with a logo
Show Answer Correct Answer: B. A cryptographic hash function with a secret key
Question 118 Cryptography Concepts
Q118. A side-channel attack targets: Only the official algorithm description Only a printed textbook title Information leaked through timing, power use or other implementation behavior Only public marketing text
Show Answer Correct Answer: C. Information leaked through timing, power use or other implementation behavior
Question 119 Cryptography Concepts
Q119. Crypto agility means: Removing every certificate Avoiding all encryption Using one old algorithm forever The ability to replace or upgrade cryptographic algorithms and keys
Show Answer Correct Answer: D. The ability to replace or upgrade cryptographic algorithms and keys
Question 120 Cryptography Concepts
Q120. Weak randomness can cause: Lower attack surface always Perfect key distribution Predictable keys, nonces or tokens Better security automatically
Show Answer Correct Answer: C. Predictable keys, nonces or tokens
Question 121 Encryption & Hash Functions
Q121. A hash function produces: A firewall configuration A fixed-length digest from input data A user access role A reversible ciphertext from a key only
Show Answer Correct Answer: B. A fixed-length digest from input data
Question 122 Encryption & Hash Functions
Q122. A secure hash is commonly used to check: Data integrity Network cable length Employee salary Monitor size
Show Answer Correct Answer: A. Data integrity
Question 123 Encryption & Hash Functions
Q123. A hash collision occurs when: A user logs in twice Two different inputs produce the same hash value A firewall blocks a port A password expires
Show Answer Correct Answer: B. Two different inputs produce the same hash value
Question 124 Encryption & Hash Functions
Q124. Preimage resistance means it should be hard to: Read a public webpage Update antivirus software Find an input that matches a given hash Create a folder name
Show Answer Correct Answer: C. Find an input that matches a given hash
Question 125 Encryption & Hash Functions
Q125. SHA-256 is an example of: A firewall vendor A biometric scanner A cryptographic hash function A database access role
Show Answer Correct Answer: C. A cryptographic hash function
Question 126 Encryption & Hash Functions
Q126. MD5 and SHA-1 are generally avoided for strong security because: They encrypt data too strongly They require no computing power Known weaknesses make them unsuitable for collision-resistant uses They are too new to test
Show Answer Correct Answer: C. Known weaknesses make them unsuitable for collision-resistant uses
Question 127 Encryption & Hash Functions
Q127. A salt in password storage helps prevent: Firewall rule review Precomputed rainbow table attacks User training sessions Network segmentation
Show Answer Correct Answer: B. Precomputed rainbow table attacks
Question 128 Encryption & Hash Functions
Q128. A rainbow table is: A type of biometric scanner A backup storage rack A precomputed table of hashes used to crack passwords A color palette for websites
Show Answer Correct Answer: C. A precomputed table of hashes used to crack passwords
Question 129 Encryption & Hash Functions
Q129. A message digest can act like: A digital fingerprint of data A physical lock only A legal contract by itself A network router
Show Answer Correct Answer: A. A digital fingerprint of data
Question 130 Encryption & Hash Functions
Q130. Encryption differs from hashing because encryption is: Never uses keys Only used for passwords Always one-way Reversible with the correct key
Show Answer Correct Answer: D. Reversible with the correct key
Question 131 Encryption & Hash Functions
Q131. Hashing differs from encryption because hashing is: One-way and not meant to be decrypted Always reversible with a public key Only a network protocol A form of file compression only
Show Answer Correct Answer: A. One-way and not meant to be decrypted
Question 132 Encryption & Hash Functions
Q132. TLS is mainly used to protect data: Only before data is created Only after printing Only inside paper folders In transit across networks
Show Answer Correct Answer: D. In transit across networks
Question 133 Encryption & Hash Functions
Q133. Disk or database encryption protects data: At rest Only after a user logs out forever Only inside a web browser icon Only during keyboard typing
Show Answer Correct Answer: A. At rest
Question 134 Encryption & Hash Functions
Q134. End-to-end encryption means: No keys are used Every server on the path can read the message The message is public by design Only communicating endpoints can read the message content
Show Answer Correct Answer: D. Only communicating endpoints can read the message content
Question 135 Encryption & Hash Functions
Q135. A key derivation function is used to: Derive strong keys from passwords or shared secrets Remove all authentication Disable secure storage Change a file extension
Show Answer Correct Answer: A. Derive strong keys from passwords or shared secrets
Question 136 Encryption & Hash Functions
Q136. bcrypt and Argon2 are examples of: Network routing protocols Password hashing algorithms designed to slow cracking Screen recording tools Digital certificate authorities
Show Answer Correct Answer: B. Password hashing algorithms designed to slow cracking
Question 137 Encryption & Hash Functions
Q137. An integrity check helps confirm that: The data is always confidential Data has not been altered unexpectedly The data is always deleted Every user is authorized
Show Answer Correct Answer: B. Data has not been altered unexpectedly
Question 138 Encryption & Hash Functions
Q138. The avalanche effect means: A password becomes public A server becomes physically cold A small input change causes a large unpredictable hash output change A file always becomes smaller
Show Answer Correct Answer: C. A small input change causes a large unpredictable hash output change
Question 139 Encryption & Hash Functions
Q139. A simple checksum is not a strong substitute for: A calculator in basic arithmetic A printed page number A monitor brightness setting A cryptographic hash when security against attackers is needed
Show Answer Correct Answer: D. A cryptographic hash when security against attackers is needed
Question 140 Encryption & Hash Functions
Q140. File hashes are often published so users can: Remove file permissions Verify downloaded files have not been modified Guess administrator passwords Disable network security
Show Answer Correct Answer: B. Verify downloaded files have not been modified
Question 141 Secure Design Lifecycle & Risk Controls
Q141. The information security lifecycle is commonly viewed as: Planning, implementing, monitoring and improving security controls Only buying hardware once Only deleting old files Only writing a final report
Show Answer Correct Answer: A. Planning, implementing, monitoring and improving security controls
Question 142 Secure Design Lifecycle & Risk Controls
Q142. Security requirements should be identified during: Only after user accounts are deleted Only after the system is attacked Only during logo design The requirements stage of a system project
Show Answer Correct Answer: D. The requirements stage of a system project
Question 143 Secure Design Lifecycle & Risk Controls
Q143. During the design stage, teams should perform: Threat modeling and control selection Only font selection Only social media posting Only invoice printing
Show Answer Correct Answer: A. Threat modeling and control selection
Question 144 Secure Design Lifecycle & Risk Controls
Q144. During implementation, developers should focus on: Secure coding and safe configuration Skipping authentication Removing all reviews Sharing private keys
Show Answer Correct Answer: A. Secure coding and safe configuration
Question 145 Secure Design Lifecycle & Risk Controls
Q145. Security testing may include: Only checking spelling Only reducing screen brightness Vulnerability assessment and penetration testing Only choosing icons
Show Answer Correct Answer: C. Vulnerability assessment and penetration testing
Question 146 Secure Design Lifecycle & Risk Controls
Q146. Deployment hardening means: Opening every port Reducing unnecessary services, accounts and insecure settings Using default passwords Disabling all logs
Show Answer Correct Answer: B. Reducing unnecessary services, accounts and insecure settings
Question 147 Secure Design Lifecycle & Risk Controls
Q147. Security maintenance includes: Never reviewing permissions Monitoring, patching, reviewing and improving controls Ignoring all alerts Deleting backups
Show Answer Correct Answer: B. Monitoring, patching, reviewing and improving controls
Question 148 Secure Design Lifecycle & Risk Controls
Q148. Risk management includes: Only backing up photos Identifying, assessing, treating and monitoring risks Only creating a logo Only sending marketing emails
Show Answer Correct Answer: B. Identifying, assessing, treating and monitoring risks
Question 149 Secure Design Lifecycle & Risk Controls
Q149. Risk appetite means: The amount and type of risk an organization is willing to accept The number of users in a database The taste of a security team The size of a network cable
Show Answer Correct Answer: A. The amount and type of risk an organization is willing to accept
Question 150 Secure Design Lifecycle & Risk Controls
Q150. Risk treatment options include: Avoid, mitigate, transfer or accept Ignore, delete, hide or confuse Paint, resize, rename or decorate Print, crop, paste or fold
Show Answer Correct Answer: A. Avoid, mitigate, transfer or accept
Question 151 Secure Design Lifecycle & Risk Controls
Q151. A security baseline is: A minimum agreed level of secure configuration or control A temporary password shared publicly A database table color A random list of jokes
Show Answer Correct Answer: A. A minimum agreed level of secure configuration or control
Question 152 Secure Design Lifecycle & Risk Controls
Q152. Change management helps security by: Ignoring production systems Controlling and reviewing changes before they create new risks Removing all approval records Allowing unapproved changes anytime
Show Answer Correct Answer: B. Controlling and reviewing changes before they create new risks
Question 153 Secure Design Lifecycle & Risk Controls
Q153. Configuration management tracks: System settings, versions and approved states Only employee birthdays Only advertisement budgets Only weather reports
Show Answer Correct Answer: A. System settings, versions and approved states
Question 154 Secure Design Lifecycle & Risk Controls
Q154. Asset classification helps by: Removing ownership information Making every asset public Disabling backups Prioritizing protection based on asset value and sensitivity
Show Answer Correct Answer: D. Prioritizing protection based on asset value and sensitivity
Question 155 Secure Design Lifecycle & Risk Controls
Q155. Data classification labels data according to: Keyboard brand Screen resolution Sensitivity and required protection level Font style only
Show Answer Correct Answer: C. Sensitivity and required protection level
Question 156 Secure Design Lifecycle & Risk Controls
Q156. Security training supports the lifecycle by: Replacing every technical control Encouraging password sharing Eliminating the need for monitoring Helping users understand risks, policies and safe behavior
Show Answer Correct Answer: D. Helping users understand risks, policies and safe behavior
Question 157 Secure Design Lifecycle & Risk Controls
Q157. Business continuity planning focuses on: Only creating new logos Keeping critical operations running during disruption Only changing passwords daily Only deleting old emails
Show Answer Correct Answer: B. Keeping critical operations running during disruption
Question 158 Secure Design Lifecycle & Risk Controls
Q158. Disaster recovery focuses on: Blocking all legitimate users Restoring IT systems and data after a major disruption Making social media posts Avoiding backups
Show Answer Correct Answer: B. Restoring IT systems and data after a major disruption
Question 159 Secure Design Lifecycle & Risk Controls
Q159. A good backup strategy should consider: Frequency, retention, testing and secure storage Only the desk location Only file icon color Only a single untested copy
Show Answer Correct Answer: A. Frequency, retention, testing and secure storage
Question 160 Secure Design Lifecycle & Risk Controls
Q160. Security metrics and KPIs help to: Make weak passwords acceptable Hide incidents from management Measure security performance and guide improvement Replace risk assessment completely
Show Answer Correct Answer: C. Measure security performance and guide improvement
Question 161 Database Security
Q161. Database security aims to: Remove every user role Disable backups forever Make all records public Protect stored data from unauthorized access, change or loss
Show Answer Correct Answer: D. Protect stored data from unauthorized access, change or loss
Question 162 Database Security
Q162. SQL injection occurs when: Untrusted input changes the meaning of a database query A server is patched A user chooses a strong password A database is backed up correctly
Show Answer Correct Answer: A. Untrusted input changes the meaning of a database query
Question 163 Database Security
Q163. Parameterized queries help prevent: Power failure Screen glare Keyboard damage SQL injection
Show Answer Correct Answer: D. SQL injection
Question 164 Database Security
Q164. Database least privilege means: Guest users can drop tables Permissions are never reviewed Every account gets DBA rights Applications and users get only necessary database permissions
Show Answer Correct Answer: D. Applications and users get only necessary database permissions
Question 165 Database Security
Q165. Database encryption at rest protects: Stored database files or fields if storage is exposed Only live video calls Only printed reports Only keyboard input
Show Answer Correct Answer: A. Stored database files or fields if storage is exposed
Question 166 Database Security
Q166. Row-level security is used to: Restrict access to specific rows based on rules Delete all rows automatically Give all users identical access Replace backups
Show Answer Correct Answer: A. Restrict access to specific rows based on rules
Question 167 Database Security
Q167. Database access control should define: Only office furniture Only page colors Who can read, insert, update, delete or administer data Only email templates
Show Answer Correct Answer: C. Who can read, insert, update, delete or administer data
Question 168 Database Security
Q168. Database auditing records: Only screen size Database activity such as logins, queries and changes Only weather data Only logo versions
Show Answer Correct Answer: B. Database activity such as logins, queries and changes
Question 169 Database Security
Q169. Database backup and recovery planning protects against: Data loss, corruption and operational disruption All possible human decisions Keyboard shortcuts Legal policy writing only
Show Answer Correct Answer: A. Data loss, corruption and operational disruption
Question 170 Database Security
Q170. Data masking is used to: Hide sensitive values while preserving usable format for testing or viewing Make passwords public Disable encryption Delete every record permanently
Show Answer Correct Answer: A. Hide sensitive values while preserving usable format for testing or viewing
Question 171 Database Security
Q171. Tokenization replaces sensitive data with: A monitor serial number A public password A firewall port number A non-sensitive token that maps to the original value
Show Answer Correct Answer: D. A non-sensitive token that maps to the original value
Question 172 Database Security
Q172. A database view can improve security by: Showing only selected columns or rows to users Removing all permissions Disabling authentication Making every table public
Show Answer Correct Answer: A. Showing only selected columns or rows to users
Question 173 Database Security
Q173. Stored procedures are not automatically secure because: They never interact with data They can still be vulnerable if written or used incorrectly They always encrypt data They remove the need for access control
Show Answer Correct Answer: B. They can still be vulnerable if written or used incorrectly
Question 174 Database Security
Q174. An inference attack tries to: Restart a router Rename a file extension Derive sensitive information from non-sensitive query results Install a keyboard driver
Show Answer Correct Answer: C. Derive sensitive information from non-sensitive query results
Question 175 Database Security
Q175. Referential integrity is often enforced with: Random screenshots Primary keys and foreign keys Email signatures only Browser bookmarks
Show Answer Correct Answer: B. Primary keys and foreign keys
Question 176 Database Security
Q176. Input validation alone is not enough for SQL injection because: Databases do not use queries Passwords cannot be stored Queries still need safe parameterization and proper privileges Validation always breaks databases
Show Answer Correct Answer: C. Queries still need safe parameterization and proper privileges
Question 177 Database Security
Q177. Database patching is important to: Fix known DBMS security vulnerabilities Change font size Make tables longer Disable audit logs
Show Answer Correct Answer: A. Fix known DBMS security vulnerabilities
Question 178 Database Security
Q178. ACID properties help databases maintain: Public anonymous access A wider screen layout Reliable and consistent transactions A social media profile
Show Answer Correct Answer: C. Reliable and consistent transactions
Question 179 Database Security
Q179. NoSQL injection can happen when: A backup is restored safely Untrusted input manipulates a NoSQL query or command A password is hashed correctly A firewall blocks traffic
Show Answer Correct Answer: B. Untrusted input manipulates a NoSQL query or command
Question 180 Database Security
Q180. Database administrators should separate duties to: Eliminate all review Reduce misuse and avoid one person controlling every sensitive function Give one person all access forever Make audits impossible
Show Answer Correct Answer: B. Reduce misuse and avoid one person controlling every sensitive function
Question 181 Network Security
Q181. Network security focuses on: Protecting network infrastructure, traffic and services Removing all authentication Changing desktop wallpaper Writing only marketing captions
Show Answer Correct Answer: A. Protecting network infrastructure, traffic and services
Question 182 Network Security
Q182. A firewall is used to: Create user passwords automatically Filter network traffic based on rules Encrypt hard drives only Replace database backups
Show Answer Correct Answer: B. Filter network traffic based on rules
Question 183 Network Security
Q183. An IDS primarily: Creates encryption keys only Blocks every attack automatically by definition Detects suspicious activity and generates alerts Prints security policies
Show Answer Correct Answer: C. Detects suspicious activity and generates alerts
Question 184 Network Security
Q184. An IPS can: Only scan documents Detect and actively block or prevent suspicious traffic Only write training notes Only manage payroll
Show Answer Correct Answer: B. Detect and actively block or prevent suspicious traffic
Question 185 Network Security
Q185. A VPN provides: An encrypted tunnel over an untrusted network A database schema A public password store A printed identity card
Show Answer Correct Answer: A. An encrypted tunnel over an untrusted network
Question 186 Network Security
Q186. Network segmentation helps by: Disabling all firewalls Dividing networks to limit access and contain attacks Sharing one admin password Connecting every system without controls
Show Answer Correct Answer: B. Dividing networks to limit access and contain attacks
Question 187 Network Security
Q187. A DMZ is commonly used to: Hide audit logs Remove web servers from security scope Store lunch menus Place public-facing services in a separated network zone
Show Answer Correct Answer: D. Place public-facing services in a separated network zone
Question 188 Network Security
Q188. Port scanning is used by attackers or testers to: Delete backups safely Improve image quality Write legal contracts Find open ports and services
Show Answer Correct Answer: D. Find open ports and services
Question 189 Network Security
Q189. A DDoS attack attempts to: Validate a database query Overwhelm a service with excessive traffic Reduce network usage Encrypt a password correctly
Show Answer Correct Answer: B. Overwhelm a service with excessive traffic
Question 190 Network Security
Q190. A man-in-the-middle attack occurs when: A backup is encrypted A router is documented A user changes a theme color An attacker intercepts or manipulates communication between parties
Show Answer Correct Answer: D. An attacker intercepts or manipulates communication between parties
Question 191 Network Security
Q191. TLS protects network communication by providing: Only paper filing Only faster typing Encryption, integrity and server authentication Only database normalization
Show Answer Correct Answer: C. Encryption, integrity and server authentication
Question 192 Network Security
Q192. DNS spoofing attempts to: Redirect users to false destinations by corrupting name resolution Increase password strength Improve DNS security Patch operating systems
Show Answer Correct Answer: A. Redirect users to false destinations by corrupting name resolution
Question 193 Network Security
Q193. Secure Wi-Fi should use: Strong encryption such as WPA2 or WPA3 with strong credentials Shared admin panels Open access with no password Weak default passwords
Show Answer Correct Answer: A. Strong encryption such as WPA2 or WPA3 with strong credentials
Question 194 Network Security
Q194. Secure routing helps prevent: Image cropping Keyboard failures File compression Unauthorized or manipulated network paths
Show Answer Correct Answer: D. Unauthorized or manipulated network paths
Question 195 Network Security
Q195. NAT should not be treated as: A networking function A common home router feature A method for address translation A complete security control by itself
Show Answer Correct Answer: D. A complete security control by itself
Question 196 Network Security
Q196. Zero trust networking requires: Automatic trust for internal devices Shared passwords everywhere No monitoring Verification and least-privilege access even inside the network
Show Answer Correct Answer: D. Verification and least-privilege access even inside the network
Question 197 Network Security
Q197. Packet sniffing means: Cleaning a keyboard Deleting browser cookies Designing a course title Capturing network traffic for analysis or attack
Show Answer Correct Answer: D. Capturing network traffic for analysis or attack
Question 198 Network Security
Q198. A SIEM helps network security teams by: Replacing all staff Publishing private keys Removing all authentication Collecting and correlating security logs and alerts
Show Answer Correct Answer: D. Collecting and correlating security logs and alerts
Question 199 Network Security
Q199. Network monitoring helps to: Delete incidents Disable reporting Detect abnormal traffic, outages and possible attacks Make all systems public
Show Answer Correct Answer: C. Detect abnormal traffic, outages and possible attacks
Question 200 Network Security
Q200. Isolating a compromised host helps to: Give attackers more access Share malware with other systems Erase all evidence immediately Contain an incident and limit further spread
Show Answer Correct Answer: D. Contain an incident and limit further spread
Topic 11
Software Security, Vulnerabilities & Protection
Back to top ↑ Question 201 Software Security, Vulnerabilities & Protection
Q201. A software vulnerability is: A weakness in software that can be exploited A perfect security guarantee A user training certificate A backup location
Show Answer Correct Answer: A. A weakness in software that can be exploited
Question 202 Software Security, Vulnerabilities & Protection
Q202. A threat actor exploits vulnerabilities to: Improve software documentation Create stronger passwords Gain unauthorized access or cause harm Patch every server
Show Answer Correct Answer: C. Gain unauthorized access or cause harm
Question 203 Software Security, Vulnerabilities & Protection
Q203. A buffer overflow occurs when: A firewall rule is named incorrectly A program writes more data than a memory buffer can hold A password is too long for policy only A backup is too frequent
Show Answer Correct Answer: B. A program writes more data than a memory buffer can hold
Question 204 Software Security, Vulnerabilities & Protection
Q204. Cross-Site Scripting is commonly caused by: Correct patching Encrypted database storage Strong server authentication Untrusted input displayed in a browser without proper output encoding
Show Answer Correct Answer: D. Untrusted input displayed in a browser without proper output encoding
Question 205 Software Security, Vulnerabilities & Protection
Q205. Cross-Site Request Forgery tricks a user into: Choosing a better password Submitting an unwanted action to a site where they are authenticated Encrypting their disk Backing up data
Show Answer Correct Answer: B. Submitting an unwanted action to a site where they are authenticated
Question 206 Software Security, Vulnerabilities & Protection
Q206. Insecure deserialization can allow: Perfectly safe object loading always Only screen sharing Only faster database queries Attackers to manipulate serialized data and trigger harmful behavior
Show Answer Correct Answer: D. Attackers to manipulate serialized data and trigger harmful behavior
Question 207 Software Security, Vulnerabilities & Protection
Q207. Broken authentication may result in: A smaller attack surface Better password storage automatically Improved privacy Account takeover or unauthorized access
Show Answer Correct Answer: D. Account takeover or unauthorized access
Question 208 Software Security, Vulnerabilities & Protection
Q208. Dependency scanning helps identify: Only spelling mistakes Only web colors Only user birthdays Known vulnerabilities in third-party libraries
Show Answer Correct Answer: D. Known vulnerabilities in third-party libraries
Question 209 Software Security, Vulnerabilities & Protection
Q209. SAST analyzes: Source code or binaries without running the application Only network packets in transit Only paper forms Only user training sessions
Show Answer Correct Answer: A. Source code or binaries without running the application
Question 210 Software Security, Vulnerabilities & Protection
Q210. DAST tests: Only employee profiles Only source code comments A running application from the outside Only hardware serial numbers
Show Answer Correct Answer: C. A running application from the outside
Question 211 Software Security, Vulnerabilities & Protection
Q211. Secure coding means: Sharing secrets in code Ignoring input validation Writing code with no comments ever Writing software to reduce security weaknesses
Show Answer Correct Answer: D. Writing software to reduce security weaknesses
Question 212 Software Security, Vulnerabilities & Protection
Q212. Input validation helps software security by: Storing plain passwords Removing authentication Allowing all input without checks Rejecting or handling unexpected input safely
Show Answer Correct Answer: D. Rejecting or handling unexpected input safely
Question 213 Software Security, Vulnerabilities & Protection
Q213. Output encoding helps prevent: Power failure XSS by safely rendering untrusted data Hard disk damage Firewall overheating
Show Answer Correct Answer: B. XSS by safely rendering untrusted data
Question 214 Software Security, Vulnerabilities & Protection
Q214. Secure error handling should: Reveal stack traces to all users Show database passwords in error pages Avoid exposing sensitive internal details Disable logging
Show Answer Correct Answer: C. Avoid exposing sensitive internal details
Question 215 Software Security, Vulnerabilities & Protection
Q215. Secrets management is used to: Store and control API keys, tokens and passwords securely Email private keys to everyone Hardcode secrets in public repositories Remove rotation
Show Answer Correct Answer: A. Store and control API keys, tokens and passwords securely
Question 216 Software Security, Vulnerabilities & Protection
Q216. Code review can improve security by: Sharing passwords with reviewers Finding design and coding mistakes before release Guaranteeing no future vulnerabilities Replacing all tests
Show Answer Correct Answer: B. Finding design and coding mistakes before release
Question 217 Software Security, Vulnerabilities & Protection
Q217. Updating dependencies reduces risk from: Clean input validation Too much logging Stronger authentication Known vulnerabilities in libraries and packages
Show Answer Correct Answer: D. Known vulnerabilities in libraries and packages
Question 218 Software Security, Vulnerabilities & Protection
Q218. API rate limiting helps protect against: Abuse, brute force attempts and excessive requests Office noise File naming conflicts Data encryption at rest only
Show Answer Correct Answer: A. Abuse, brute force attempts and excessive requests
Question 219 Software Security, Vulnerabilities & Protection
Q219. Secure HTTP headers can help protect against: Spreadsheet formatting Hardware theft alone Clickjacking, XSS and insecure transport choices Printer faults
Show Answer Correct Answer: C. Clickjacking, XSS and insecure transport choices
Question 220 Software Security, Vulnerabilities & Protection
Q220. A vulnerability disclosure process helps: Ignore user reports Hide all weaknesses forever Report, triage and fix vulnerabilities responsibly Punish every researcher automatically
Show Answer Correct Answer: C. Report, triage and fix vulnerabilities responsibly
Question 221 Firewalls, IDS & Security Policies
Q221. A packet-filtering firewall makes decisions mainly using: Source, destination, ports and protocol information Only password length Only screen brightness Only document title
Show Answer Correct Answer: A. Source, destination, ports and protocol information
Question 222 Firewalls, IDS & Security Policies
Q222. A stateful firewall tracks: The state of network connections Only keyboard shortcuts Only employee attendance Only file icons
Show Answer Correct Answer: A. The state of network connections
Question 223 Firewalls, IDS & Security Policies
Q223. An application proxy firewall can: Only change IP addresses Only create backups Only encrypt a hard disk Inspect traffic at the application layer
Show Answer Correct Answer: D. Inspect traffic at the application layer
Question 224 Firewalls, IDS & Security Policies
Q224. A Web Application Firewall helps protect against: Low battery level Physical fire in server rooms Weak office lighting Common web attacks such as SQL injection and XSS
Show Answer Correct Answer: D. Common web attacks such as SQL injection and XSS
Question 225 Firewalls, IDS & Security Policies
Q225. A network-based IDS monitors: Only a single printed form Traffic on network segments Only user fingerprints Only file names
Show Answer Correct Answer: B. Traffic on network segments
Question 226 Firewalls, IDS & Security Policies
Q226. A host-based IDS monitors: Activity on an individual computer or server Only public web search trends Only cables in a rack Only logo files
Show Answer Correct Answer: A. Activity on an individual computer or server
Question 227 Firewalls, IDS & Security Policies
Q227. Signature-based detection relies on: Random guesses only No rules or patterns Known attack patterns User interface colors
Show Answer Correct Answer: C. Known attack patterns
Question 228 Firewalls, IDS & Security Policies
Q228. Anomaly-based detection looks for: Only names of employees Only exact known signatures Behavior that differs from normal patterns Only backup file sizes
Show Answer Correct Answer: C. Behavior that differs from normal patterns
Question 229 Firewalls, IDS & Security Policies
Q229. A false positive is: A benign activity incorrectly flagged as malicious A correct password A deleted audit log A real attack missed by the system
Show Answer Correct Answer: A. A benign activity incorrectly flagged as malicious
Question 230 Firewalls, IDS & Security Policies
Q230. A false negative is: A real malicious activity that is not detected A harmless alert A training certificate A firewall rule comment
Show Answer Correct Answer: A. A real malicious activity that is not detected
Question 231 Firewalls, IDS & Security Policies
Q231. A security policy defines: Rules, responsibilities and expectations for security Only the company logo Only a web headline Only a database color
Show Answer Correct Answer: A. Rules, responsibilities and expectations for security
Question 232 Firewalls, IDS & Security Policies
Q232. An acceptable use policy states: How users may use systems and networks appropriately How to design office chairs How to ignore incidents How to uninstall every firewall
Show Answer Correct Answer: A. How users may use systems and networks appropriately
Question 233 Firewalls, IDS & Security Policies
Q233. A password policy usually covers: Complexity, length, reuse, storage and change requirements Only lunch breaks Only wall paint color Only printer settings
Show Answer Correct Answer: A. Complexity, length, reuse, storage and change requirements
Question 234 Firewalls, IDS & Security Policies
Q234. An incident response policy defines: How to share passwords How to avoid all logging How incidents are reported, handled and escalated How to create memes
Show Answer Correct Answer: C. How incidents are reported, handled and escalated
Question 235 Firewalls, IDS & Security Policies
Q235. Firewall rule order matters because: Rules are decorative only All rules allow everything Rules are often processed in sequence Order never affects traffic
Show Answer Correct Answer: C. Rules are often processed in sequence
Question 236 Firewalls, IDS & Security Policies
Q236. Default deny means: Authentication is removed Logs are always deleted Traffic is blocked unless explicitly allowed Everything is allowed unless blocked manually
Show Answer Correct Answer: C. Traffic is blocked unless explicitly allowed
Question 237 Firewalls, IDS & Security Policies
Q237. IDS logs are valuable because they: Support investigation, alerting and trend analysis Replace all encryption Provide public passwords Make attacks harmless
Show Answer Correct Answer: A. Support investigation, alerting and trend analysis
Question 238 Firewalls, IDS & Security Policies
Q238. A SIEM correlation rule can: Write exams automatically Create physical locks Turn off every alert Connect events from multiple sources to find suspicious patterns
Show Answer Correct Answer: D. Connect events from multiple sources to find suspicious patterns
Question 239 Firewalls, IDS & Security Policies
Q239. Policy exceptions should be: Granted to everyone Documented, approved, time-bound and reviewed Used to bypass all security Secret, permanent and unreviewed
Show Answer Correct Answer: B. Documented, approved, time-bound and reviewed
Question 240 Firewalls, IDS & Security Policies
Q240. Security policies should be reviewed: Never after publication Only when users forget passwords Regularly and when risks, laws or systems change Only after deletion
Show Answer Correct Answer: C. Regularly and when risks, laws or systems change
Question 241 Policy Formation & Enforcement
Q241. Policy formation should begin with: Random opinions only A list of jokes Business goals, legal requirements, assets and risks A color palette only
Show Answer Correct Answer: C. Business goals, legal requirements, assets and risks
Question 242 Policy Formation & Enforcement
Q242. A standard is different from a policy because it: Is always optional advice Specifies mandatory detailed requirements to support a policy Replaces all procedures Has no relation to security
Show Answer Correct Answer: B. Specifies mandatory detailed requirements to support a policy
Question 243 Policy Formation & Enforcement
Q243. A procedure is: A broad statement of intent only A random password A step-by-step instruction for performing a task A type of encryption key
Show Answer Correct Answer: C. A step-by-step instruction for performing a task
Question 244 Policy Formation & Enforcement
Q244. A guideline is usually: Recommended advice that supports good practice An administrator password A criminal law by itself A guaranteed technical control
Show Answer Correct Answer: A. Recommended advice that supports good practice
Question 245 Policy Formation & Enforcement
Q245. Information security governance provides: Only database indexes Direction, accountability and oversight for security Only software decoration Only keyboard shortcuts
Show Answer Correct Answer: B. Direction, accountability and oversight for security
Question 246 Policy Formation & Enforcement
Q246. Policy stakeholders may include: Only printers Only attackers Only anonymous visitors Management, IT, legal, HR, security teams and users
Show Answer Correct Answer: D. Management, IT, legal, HR, security teams and users
Question 247 Policy Formation & Enforcement
Q247. Compliance means: Deleting all documentation Ignoring approved rules Making accounts anonymous Following applicable policies, standards, contracts and laws
Show Answer Correct Answer: D. Following applicable policies, standards, contracts and laws
Question 248 Policy Formation & Enforcement
Q248. Policy enforcement requires: No records or responsibility No training Monitoring, accountability and consequences for violations All users as administrators
Show Answer Correct Answer: C. Monitoring, accountability and consequences for violations
Question 249 Policy Formation & Enforcement
Q249. Sanctions in a policy context are: Backup schedules Search engine keywords Consequences for violating security rules Decorative page borders
Show Answer Correct Answer: C. Consequences for violating security rules
Question 250 Policy Formation & Enforcement
Q250. Awareness and training help policy enforcement by: Making policies secret Removing all responsibilities Replacing all monitoring Teaching users what rules mean and how to follow them
Show Answer Correct Answer: D. Teaching users what rules mean and how to follow them
Question 251 Policy Formation & Enforcement
Q251. Policy version control helps by: Hiding old decisions Tracking changes, approvals and current approved versions Removing ownership Making rules impossible to audit
Show Answer Correct Answer: B. Tracking changes, approvals and current approved versions
Question 252 Policy Formation & Enforcement
Q252. Every security policy should have: An owner responsible for maintenance and review A public password No responsible person Only one sentence with no scope
Show Answer Correct Answer: A. An owner responsible for maintenance and review
Question 253 Policy Formation & Enforcement
Q253. Policy metrics help measure: How well policies are implemented and followed Only social media reactions Only screen size Only paper weight
Show Answer Correct Answer: A. How well policies are implemented and followed
Question 254 Policy Formation & Enforcement
Q254. Security audits evaluate: Only website colors Whether controls and practices meet requirements Only document font styles Only employee hobbies
Show Answer Correct Answer: B. Whether controls and practices meet requirements
Question 255 Policy Formation & Enforcement
Q255. A data retention policy defines: How to choose passwords only How to draw diagrams How to rename folders How long data is kept and when it is disposed of
Show Answer Correct Answer: D. How long data is kept and when it is disposed of
Question 256 Policy Formation & Enforcement
Q256. A data classification policy defines: Only blog categories Labels and handling rules for different sensitivity levels Only office locations Only file icons
Show Answer Correct Answer: B. Labels and handling rules for different sensitivity levels
Question 257 Policy Formation & Enforcement
Q257. A remote access policy should cover: Only printer names Only lunch hours Approved methods, authentication, devices and monitoring Only wallpaper choices
Show Answer Correct Answer: C. Approved methods, authentication, devices and monitoring
Question 258 Policy Formation & Enforcement
Q258. A BYOD policy addresses: Only brand slogans Only paper notebooks Only office parking Security rules for personally owned devices used for work
Show Answer Correct Answer: D. Security rules for personally owned devices used for work
Question 259 Policy Formation & Enforcement
Q259. The policy lifecycle includes: Creation, approval, communication, enforcement and review Only deleting records Only writing once and forgetting Only changing colors
Show Answer Correct Answer: A. Creation, approval, communication, enforcement and review
Question 260 Policy Formation & Enforcement
Q260. Continuous improvement in policy management means: Keeping outdated rules forever Removing all documentation Updating policies based on feedback, incidents and changing risks Avoiding user feedback
Show Answer Correct Answer: C. Updating policies based on feedback, incidents and changing risks
Question 261 Risk Assessment & Cybercrime
Q261. Risk assessment is used to: Identify and evaluate risks to information assets Choose website animations only Make every asset public Remove all controls
Show Answer Correct Answer: A. Identify and evaluate risks to information assets
Question 262 Risk Assessment & Cybercrime
Q262. Likelihood and impact are used to estimate: Screen quality Password color Risk level Backup file extension
Show Answer Correct Answer: C. Risk level
Question 263 Risk Assessment & Cybercrime
Q263. Qualitative risk assessment uses: Only exact monetary values Ratings such as low, medium and high Only keyboard shortcuts No judgment or categories
Show Answer Correct Answer: B. Ratings such as low, medium and high
Question 264 Risk Assessment & Cybercrime
Q264. Quantitative risk assessment uses: Only colors and icons Only broad opinions Numerical values such as cost, probability and loss estimates Only handwritten notes
Show Answer Correct Answer: C. Numerical values such as cost, probability and loss estimates
Question 265 Risk Assessment & Cybercrime
Q265. A risk matrix helps to: Encrypt network traffic Prioritize risks by likelihood and impact Change access roles automatically Store passwords
Show Answer Correct Answer: B. Prioritize risks by likelihood and impact
Question 266 Risk Assessment & Cybercrime
Q266. Threat intelligence provides: Only user profile photos Only printer ink levels Only font recommendations Information about attackers, tactics, indicators and emerging threats
Show Answer Correct Answer: D. Information about attackers, tactics, indicators and emerging threats
Question 267 Risk Assessment & Cybercrime
Q267. A vulnerability assessment aims to: Find and report weaknesses in systems or processes Exploit systems without permission Remove every security control Hide all weaknesses
Show Answer Correct Answer: A. Find and report weaknesses in systems or processes
Question 268 Risk Assessment & Cybercrime
Q268. Penetration testing should be: Performed only to damage systems Unapproved and hidden from owners Authorized and scoped before testing begins Done without documentation
Show Answer Correct Answer: C. Authorized and scoped before testing begins
Question 269 Risk Assessment & Cybercrime
Q269. Cybercrime generally means: Illegal activity involving computers, networks or digital data Any legal use of a keyboard Only installing updates Only writing secure code
Show Answer Correct Answer: A. Illegal activity involving computers, networks or digital data
Question 270 Risk Assessment & Cybercrime
Q270. Phishing attempts to: Trick people into revealing information or taking unsafe actions Improve password strength Patch vulnerabilities Encrypt backups safely
Show Answer Correct Answer: A. Trick people into revealing information or taking unsafe actions
Question 271 Risk Assessment & Cybercrime
Q271. Ransomware is malware that: Only monitors temperature Only improves performance Encrypts or blocks access to data and demands payment Only changes wallpaper
Show Answer Correct Answer: C. Encrypts or blocks access to data and demands payment
Question 272 Risk Assessment & Cybercrime
Q272. Malware is: Software designed to harm, disrupt or gain unauthorized access Any approved update A secure backup A password policy document
Show Answer Correct Answer: A. Software designed to harm, disrupt or gain unauthorized access
Question 273 Risk Assessment & Cybercrime
Q273. Identity theft involves: Creating a strong password Encrypting a database Using another person's identity information without permission Updating a firewall
Show Answer Correct Answer: C. Using another person's identity information without permission
Question 274 Risk Assessment & Cybercrime
Q274. Social engineering attacks target: Only file compression Human behavior and trust Only screen resolution Only hardware temperature
Show Answer Correct Answer: B. Human behavior and trust
Question 275 Risk Assessment & Cybercrime
Q275. An insider threat can come from: Only external hackers A trusted person who misuses access intentionally or accidentally Only unsupported cables Only public websites
Show Answer Correct Answer: B. A trusted person who misuses access intentionally or accidentally
Question 276 Risk Assessment & Cybercrime
Q276. Evidence preservation requires: Protecting logs, files and devices from alteration Posting evidence publicly Changing timestamps Deleting logs immediately
Show Answer Correct Answer: A. Protecting logs, files and devices from alteration
Question 277 Risk Assessment & Cybercrime
Q277. Chain of custody documents: Only login page color Only keyboard model numbers Who collected, handled and transferred evidence Only office furniture
Show Answer Correct Answer: C. Who collected, handled and transferred evidence
Question 278 Risk Assessment & Cybercrime
Q278. Incident reporting should be: Delayed until all evidence is lost Avoided to protect appearances Timely, accurate and sent through approved channels Done only on social media
Show Answer Correct Answer: C. Timely, accurate and sent through approved channels
Question 279 Risk Assessment & Cybercrime
Q279. A risk register contains: Identified risks, owners, ratings, treatments and status Only public marketing slogans Only employee phone numbers Only software logos
Show Answer Correct Answer: A. Identified risks, owners, ratings, treatments and status
Question 280 Risk Assessment & Cybercrime
Q280. Residual risk is: Risk before any analysis Risk remaining after controls are applied A type of encryption algorithm Risk that never needs approval
Show Answer Correct Answer: B. Risk remaining after controls are applied
Question 281 Privacy, Anonymity, Cyber Law & Ethics
Q281. Information privacy is mainly about: Responsible collection, use, sharing and protection of personal data Removing all user rights Deleting every backup Making all data public
Show Answer Correct Answer: A. Responsible collection, use, sharing and protection of personal data
Question 282 Privacy, Anonymity, Cyber Law & Ethics
Q282. Personal data is information that can: Identify or relate to an individual Only show a firewall port Only describe a network cable Only list public holidays
Show Answer Correct Answer: A. Identify or relate to an individual
Question 283 Privacy, Anonymity, Cyber Law & Ethics
Q283. Data minimization means: Never deleting old data Sharing data with everyone Collecting everything possible forever Collecting only the personal data that is necessary
Show Answer Correct Answer: D. Collecting only the personal data that is necessary
Question 284 Privacy, Anonymity, Cyber Law & Ethics
Q284. Purpose limitation means data should be used: Only for the stated and legitimate purpose Only by attackers For any new purpose without notice Only after it is leaked
Show Answer Correct Answer: A. Only for the stated and legitimate purpose
Question 285 Privacy, Anonymity, Cyber Law & Ethics
Q285. Consent in privacy should be: Assumed for every activity Ignored after collection Hidden in confusing language Informed, clear and freely given where required
Show Answer Correct Answer: D. Informed, clear and freely given where required
Question 286 Privacy, Anonymity, Cyber Law & Ethics
Q286. Anonymization aims to: Reveal private keys Remove identifying information so a person cannot reasonably be identified Add more names to data Increase unnecessary data
Show Answer Correct Answer: B. Remove identifying information so a person cannot reasonably be identified
Question 287 Privacy, Anonymity, Cyber Law & Ethics
Q287. Pseudonymization replaces identifiers with: Aliases or codes while keeping possible re-linking under control Plain names only Firewall ports Public passwords
Show Answer Correct Answer: A. Aliases or codes while keeping possible re-linking under control
Question 288 Privacy, Anonymity, Cyber Law & Ethics
Q288. Re-identification risk means: Anonymous-looking data may be linked back to a person Data can never identify anyone All encryption is broken Backups are unnecessary
Show Answer Correct Answer: A. Anonymous-looking data may be linked back to a person
Question 289 Privacy, Anonymity, Cyber Law & Ethics
Q289. Encryption supports privacy by: Removing legal duties Making data collection unlimited Allowing all tracking Protecting personal data from unauthorized reading
Show Answer Correct Answer: D. Protecting personal data from unauthorized reading
Question 290 Privacy, Anonymity, Cyber Law & Ethics
Q290. Access logging supports accountability by: Recording who accessed data and when Removing user responsibility Publishing private data Making access invisible
Show Answer Correct Answer: A. Recording who accessed data and when
Question 291 Privacy, Anonymity, Cyber Law & Ethics
Q291. Ethics in information security requires: Using skills to harm others Ignoring confidentiality Acting responsibly, legally and with respect for rights Bypassing permission
Show Answer Correct Answer: C. Acting responsibly, legally and with respect for rights
Question 292 Privacy, Anonymity, Cyber Law & Ethics
Q292. Responsible disclosure means: Ignoring serious flaws Reporting vulnerabilities through an appropriate process so they can be fixed Selling stolen data Publishing exploit details immediately without notice
Show Answer Correct Answer: B. Reporting vulnerabilities through an appropriate process so they can be fixed
Question 293 Privacy, Anonymity, Cyber Law & Ethics
Q293. Computer misuse laws commonly prohibit: Approved system administration Unauthorized access, interference and data misuse Encrypting personal devices Using strong passwords
Show Answer Correct Answer: B. Unauthorized access, interference and data misuse
Question 294 Privacy, Anonymity, Cyber Law & Ethics
Q294. Intellectual property issues include: Secure backups only User awareness training Unauthorized copying, software piracy and misuse of protected content Firewall configuration
Show Answer Correct Answer: C. Unauthorized copying, software piracy and misuse of protected content
Question 295 Privacy, Anonymity, Cyber Law & Ethics
Q295. A professional code of conduct guides: Only screen resolution Only office seating Only logo placement Ethical behavior and responsibilities of practitioners
Show Answer Correct Answer: D. Ethical behavior and responsibilities of practitioners
Question 296 Privacy, Anonymity, Cyber Law & Ethics
Q296. A conflict of interest occurs when: Personal interests may improperly influence professional duties A password is strong A database is encrypted A system is patched
Show Answer Correct Answer: A. Personal interests may improperly influence professional duties
Question 297 Privacy, Anonymity, Cyber Law & Ethics
Q297. Due care in information security means: Taking reasonable steps to protect systems and data Avoiding documentation Ignoring known risks Sharing credentials
Show Answer Correct Answer: A. Taking reasonable steps to protect systems and data
Question 298 Privacy, Anonymity, Cyber Law & Ethics
Q298. A confidentiality agreement helps: Remove every legal responsibility Make all secrets public Protect sensitive information shared with employees or partners Disable access control
Show Answer Correct Answer: C. Protect sensitive information shared with employees or partners
Question 299 Privacy, Anonymity, Cyber Law & Ethics
Q299. Digital forensics should be conducted: Without documentation Lawfully, ethically and with evidence integrity Only for entertainment By altering evidence freely
Show Answer Correct Answer: B. Lawfully, ethically and with evidence integrity
Question 300 Privacy, Anonymity, Cyber Law & Ethics
Q300. Balancing security and privacy means: Removing all monitoring even when required Publishing personal records for convenience Protecting systems while respecting personal data and user rights Collecting unlimited data because security exists
Show Answer Correct Answer: C. Protecting systems while respecting personal data and user rights
WhatsApp Biodiversity and Conservation MCQs with Answers
