Unlock hundreds more features
Save your Quiz to the Dashboard
View and Export Results
Use AI to Create Quizzes and Analyse Results

Sign inSign in with Facebook
Sign inSign in with Google
Quizzes > Quizzes for Business > Technology

Try the Cybersecurity Fundamentals Quiz

Test Your IT Security Basics Today

Difficulty: Moderate
Questions: 20
Learning OutcomesStudy Material
Colorful paper art depicting elements related to Cybersecurity Fundamentals Quiz

This cybersecurity fundamentals quiz helps you practice core principles, common threats, and basic defenses across 15 quick multiple-choice questions. Use it to get fast feedback and spot gaps before an exam or interview. When you finish, compare with the awareness quiz or go deeper with the practice exam .

Which of the following is NOT a principle of the CIA triad?
Confidentiality
Non-repudiation
Integrity
Availability
The CIA triad consists of Confidentiality, Integrity, and Availability. Non-repudiation is a security concept that ensures a party cannot deny the authenticity of their signature or communication but is not part of the CIA triad.
What does the principle of least privilege require?
Granting administrative rights by default
Removing all user permissions to reduce risk
Allowing all employees equal access to systems
Users are granted only the permissions necessary to perform their tasks
The principle of least privilege ensures that users have the minimal level of access required to perform their job functions. This reduces the potential attack surface and limits the impact if credentials are compromised.
What primary function does a network firewall serve?
Encrypt data at rest
Block unauthorized network traffic
Manage user authentication
Monitor user behavior
Network firewalls act as a barrier between trusted and untrusted networks, filtering traffic based on predefined rules. Their main role is to block unauthorized network traffic while allowing legitimate communication.
Which attack technique uses fraudulent emails to trick users into revealing sensitive information?
Brute force
Doxxing
Sniffing
Phishing
Phishing uses deceptive emails or communications to lure individuals into providing credentials or personal information. It exploits human trust rather than technical vulnerabilities.
Which practice contributes to creating a strong password?
Including personal information like a birthdate
Writing the password on a desktop file
Choosing common dictionary words
Using a mix of uppercase and lowercase letters, numbers, and symbols
Strong passwords combine uppercase and lowercase letters, numbers, and special symbols to increase complexity and resist guessing or brute-force attacks. Avoiding dictionary words and personal information further enhances password strength.
What does the security strategy 'Defense in Depth' involve?
Encrypting data without additional controls
Using a single, centralized security solution
Applying multiple layers of security controls
Relying solely on perimeter firewalls
Defense in Depth is a strategy that implements multiple layers of security controls throughout an IT system. This approach ensures that if one control fails, additional layers continue to protect the assets.
Which of the following best describes a buffer overflow attack?
Corrupting memory by writing more data than a buffer can hold
Intercepting and altering network packets between hosts
Gaining unauthorized access by guessing passwords
Saturating a server with excessive requests to cause downtime
A buffer overflow occurs when an attacker sends more data to a buffer than it is designed to hold, which can overwrite adjacent memory. This can lead to arbitrary code execution or system crashes.
SQL injection attacks exploit which vulnerability?
Improper input validation in database queries
Unpatched operating system vulnerabilities
Misconfigured network routers
Lack of encryption for data in transit
SQL injection exploits improper input validation in database queries, allowing attackers to inject malicious SQL statements. Proper parameterization or input sanitization prevents these attacks.
Which phase of risk management focuses on evaluating the potential impact and likelihood of identified risks?
Risk Assessment
Risk Monitoring
Risk Identification
Risk Mitigation
Risk Assessment involves analyzing and quantifying the likelihood and potential impact of identified risks. It helps prioritize which risks require immediate attention.
What term describes a weakness in a system that can be exploited by a threat?
Security control
Vulnerability
Attack surface
Threat actor
A vulnerability is a flaw or weakness in a system that can be exploited by a threat actor. Identifying vulnerabilities is the first step in securing systems.
What is the primary purpose of SSL/TLS in network security?
Manage network routing
Encrypt data in transit
Authenticate local users
Scan for malware
SSL/TLS protocols secure communications by encrypting data transmitted over networks. They also provide mechanisms for endpoint authentication and data integrity.
To harden a Linux server, which action is most appropriate?
Use the same password across systems
Open all ports for convenience
Enable guest user accounts
Disable unused services
Disabling unused services reduces the attack surface by removing unnecessary software that could contain vulnerabilities. This is a fundamental hardening best practice.
Which tool is commonly used for automated vulnerability scanning?
Netcat
Nessus
Wireshark
PuTTY
Nessus is widely used for automated vulnerability scanning, detecting known vulnerabilities across networked hosts. Tools like Wireshark and Netcat serve different purposes such as packet analysis or network utilities.
What type of social engineering attack involves creating a false scenario to obtain information?
Shoulder surfing
Tailgating
Pretexting
Phishing
Pretexting involves crafting a plausible scenario to trick individuals into divulging sensitive information. It relies on building trust through a fabricated context.
What differentiates anomaly-based intrusion detection from signature-based intrusion detection?
Signature-based identifies unknown threats
Anomaly-based relies on pre-defined attack signatures
Signature-based uses machine learning models
Anomaly-based detects deviations from normal behavior
Anomaly-based IDS detects potential threats by identifying deviations from established normal behavior profiles. Signature-based IDS compares network activity against known attack patterns.
How is residual risk defined in risk management?
Total potential risk before mitigation
Risk remaining after implementing controls
Risk from threats not yet identified
New risks introduced by security controls
Residual risk is the level of risk that remains after security controls are applied. It reflects the potential impact and likelihood that cannot be fully eliminated by mitigation measures.
Which defense technique specifically mitigates cross-site scripting (XSS) attacks?
Data encryption at rest
Network segmentation
Input validation and output encoding
Strong password policies
Proper input validation and output encoding prevent malicious scripts from being executed in a user's browser. These techniques are fundamental defenses against XSS exploitation.
Which type of penetration testing provides testers with limited knowledge of internal systems, such as user credentials, but not full system architecture?
Red teaming
White box testing
Gray box testing
Black box testing
Gray box testing gives testers partial knowledge, typically user-level access or credentials, allowing more focused testing than black box but not full insight like white box. It balances efficiency and realism.
Configuring a firewall, implementing intrusion detection, and using antivirus together exemplifies which security principle?
Defense in depth
Separation of duties
Principle of least privilege
Risk transference
Defense in depth involves layering multiple security controls, such as firewalls, IDS, and antivirus, to provide redundancy. This reduces the likelihood that a single failure leads to a successful breach.
What is server-side request forgery (SSRF)?
An attack that tricks a server into making unauthorized requests
A method of bypassing password authentication
A denial-of-service attack flooding a server with traffic
An exploit that injects SQL commands
SSRF vulnerabilities allow attackers to induce the server to send crafted requests to unintended locations. This can lead to data exposure or access to internal services.
0
{"name":"Which of the following is NOT a principle of the CIA triad?", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Which of the following is NOT a principle of the CIA triad?, What does the principle of least privilege require?, What primary function does a network firewall serve?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

Learning Outcomes

  1. Identify core cybersecurity principles assessed in fundamentals
  2. Apply basic threat analysis and mitigation strategies
  3. Evaluate common network and system vulnerabilities
  4. Demonstrate secure configuration best practices
  5. Master risk management fundamentals
  6. Analyze attack vectors and defense techniques

Cheat Sheet

  1. Master the NIST Cybersecurity Framework - Get to know the five building blocks: Identify, Protect, Detect, Respond, and Recover. Think of them as your cybersecurity superpowers for spotting risks, setting up defenses, and bouncing back from attacks. Ready to level up your security game?
  2. Embrace "Security Is Everyone's Job" - Security isn't just an IT department project; every person in your organization plays a part. From interns to executives, reporting strange emails and following good practices keeps the whole team safer.
  3. Apply the Principle of Least Privilege - Only give users the access they absolutely need for their tasks. Less access means less chance for attackers to roam free if credentials are compromised.
  4. Build Layers with Defense in Depth - Think of security like an onion: multiple layers (firewalls, intrusion detection, antivirus) ensure that if one layer fails, the next one still blocks the threat. It's a safety net that never sleeps.
  5. Keep Software Patched and Updated - Cybercriminals love outdated systems - patching closes the door on known vulnerabilities. Turning on automatic updates for your OS and apps is a simple win.
  6. Create Strong Passwords and Use MFA - A long, unique passphrase plus multi-factor authentication (MFA) is like a double-lock on your digital door. Even if your password leaks, MFA stands guard.
  7. Watch Out for Common Attack Vectors - Phishing, malware, and social engineering are digital ninja moves aiming at your inbox. Learning how they work helps you spot the fakes before they bite.
  8. Practice an Incident Response Plan - Having a playbook for breaches means you won't panic when alarms ring. Clear roles, communication channels, and drills ensure you can respond swiftly and effectively.
  9. Run Regular Security Training - Knowledge is your best defense. Workshops, simulations, and quizzes keep everyone sharp so they're less likely to click on the wrong link.
  10. Enable Continuous Monitoring and Assessments - Schedule vulnerability scans, log reviews, and penetration tests to catch new weaknesses before attackers do. Proactive checks mean fewer surprises.
Powered by: Quiz Maker