21. Which of the following is NOT an example of a cyber threat actor?
A) Nation-state
B) Insider
C) Malware
D) Hacktivist
22. Which type of cybersecurity attack involves hackers exploiting a vulnerability in a system’s software to gain access to privileged information or execute malicious code?
A) Zero-day attack
B) Ransomware attack
C) Phishing attack
D) Man-in-the-middle attack
23. Which of the following is a protocol used to secure internet traffic by encrypting data in transit?
A) SSL
B) FTP
C) SMTP
D) DNS
24. Which type of cybersecurity attack involves hackers gaining access to a system by impersonating a legitimate user or device?
A) Brute force attack
B) Password spray attack
C) Spoofing attack
D) Buffer overflow attack
25. What is the term for the process of identifying, assessing, and prioritizing cybersecurity risks to an organization?
A) Risk management
B) Vulnerability scanning
C) Threat modeling
D) Penetration testing
26. Which of the following is an example of a security control?
A) Antivirus software
B) Password policy
C) Firewall
D) All of the above
27. Which type of cybersecurity attack involves hackers gaining access to a system by exploiting a vulnerability in a piece of software?
A) Zero-day attack
B) Ransomware attack
C) Phishing attack
D) Man-in-the-middle attack
28. Which of the following is NOT an example of a cyber incident response step?
A) Recovery
B) Analysis
C) Preparation
D) Patching
29. Which type of cybersecurity attack involves hackers gaining access to a system by guessing or brute-forcing a password?
A) Brute force attack
B) Password spray attack
C) Spoofing attack
D) Buffer overflow attack
30. What is the term for the process of monitoring network traffic and analyzing it for suspicious activity?
A) Threat intelligence
B) Network security
C) SIEM
D) Identity and access management