25 Random Security+ Questions

Posted by:

|

On:

|

0%

25 Random Questions Security+

1 / 25

An organization is implementing a new identity and access management (IAM) system to improve its compliance posture. Which of the following principles should be the PRIMARY focus when configuring user access rights?

2 / 25

What is the MOST effective approach to ensure that remote workers maintain good security practices?

3 / 25

Which of the following is the BEST approach to ensure that security awareness training remains relevant and engaging over time?

4 / 25

Which of the following is a common characteristic of spear phishing attacks?

5 / 25

An attacker has gained access to a user’s session cookie for a web application. The attacker is now able to perform actions on the web application as if they were the legitimate user. What type of attack does this scenario describe?

6 / 25

A security analyst observes the following entry in a firewall log:

Drop TCP 192.168.1.100:12345 -> 10.0.0.1:445 (SMB)

What does this log entry most likely indicate?

7 / 25

A security analyst needs to perform continuous monitoring of the organization’s security posture and detect potential threats in real-time. Which of the following tools would be MOST suitable for this task?

8 / 25

A company is implementing a new asset tagging system. Which of the following is the MOST important information to include on an asset tag?

9 / 25

Which of the following is a common technique used in watering hole attacks?

10 / 25

What is the MOST important factor in designing an effective phishing simulation exercise?

11 / 25

An organization is implementing security orchestration, automation, and response (SOAR) capabilities. Which of the following is the MOST significant benefit of this approach in improving incident response?

12 / 25

A company operating in the European Union has discovered a data breach affecting customer personal information. According to GDPR, within what timeframe must the company notify the relevant supervisory authority?

13 / 25

An organization wants to implement a solution that can automatically detect and respond to security incidents across their entire IT infrastructure. Which of the following would be MOST suitable for this purpose?

14 / 25

A security analyst wants to create a script that will automatically scan the organization’s network for open ports and vulnerable services. Which of the following tools would be BEST suited for integration into this script?

15 / 25

After a recent system update, an organization notices that critical system files have been altered and hidden from standard detection tools. The IT team finds that a specific malware is providing persistent root-level access to attackers. Which type of malware is responsible for this activity?

16 / 25

Which of the following threat actors is MOST likely to be motivated by financial gain?

17 / 25

Which of the following is a secure protocol used for directory services that encrypts all traffic between the client and server?

18 / 25

During a compliance audit, an auditor discovers that an organization’s password policy allows for passwords as short as 6 characters with no complexity requirements. Which of the following actions should the organization take FIRST?

19 / 25

An organization’s network administrator notices that the company’s DNS server is resolving domain names to incorrect IP addresses. Upon further investigation, it’s discovered that the DNS cache has been altered. What type of attack has likely occurred?

20 / 25

A web application vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. These scripts execute in the context of the victim’s browser, potentially stealing session tokens or performing actions on behalf of the victim. What type of attack is this?

21 / 25

What type of social engineering attack involves creating a false scenario to obtain information or access?

22 / 25

An attacker sends a malicious email to a user with a link to a legitimate website. When the user clicks on the link, they are unknowingly redirected to a different website controlled by the attacker. What type of attack is this?

23 / 25

What is the importance of a post-implementation review in change management?

24 / 25

An organization is implementing a comprehensive data protection strategy. Which of the following BEST describes the principle of data minimization?

25 / 25

A security team is implementing a virtual private network (VPN) solution for remote access. Which of the following configurations would provide the HIGHEST level of security?

Your score is

Exit

One response to “25 Random Security+ Questions”