Which of the following best describes the CIA Triad in information security? A) Control, Identification, Access B) Confidentiality, Integrity, Availability C) Communication, Identification, Analysis D) Cyber, Infrastructure, Assets

What does the "DAD" Triad represent in terms of threats? A) Destruction, Alteration, Disclosure B) Denial, Access, Data loss C) Disruption, Authentication, Defense D) Disclosure, Alteration, Destruction

What is the key difference between Information Security and Cybersecurity? A) Information Security focuses on digital data only B) Cybersecurity includes physical security controls C) Cybersecurity is a subset of Information Security focusing on protecting data in the digital realm D) Information Security is broader and includes Cybersecurity

Which of the following best defines a "threat" in information security? A) A vulnerability in the system B) A potential cause of an unwanted incident C) A patch that fixes security flaws D) A user with administrative privileges

What is a "vulnerability" in the context of cybersecurity? A) A strength of a system B) A weakness that can be exploited by threats C) A method used to defend against attacks D) A security policy

Which of the following is an example of an "exploit"? A) A security policy B) A software patch C) A piece of code that takes advantage of a vulnerability D) An antivirus program

What is the primary goal of a threat actor? A) To secure information systems B) To exploit vulnerabilities for malicious purposes C) To develop security policies D) To improve network performance

Which of the following describes "Security Vulnerabilities"? A) Software tools designed to protect against threats B) Weaknesses in systems or processes that can be exploited by threats C) Legal regulations for data protection D) None of the above

Which of the following best describes "Risk" in the context of information security? A) The likelihood of a vulnerability being exploited by a threat B) The presence of a firewall C) The cost of implementing security measures D) The use of strong passwords

Which of the following is NOT a characteristic of a threat actor? A) Skill level B) Intent C) Resources D) System administrator

What is the MITRE ATT&CK Framework primarily used for? A) Securing physical locations B) Analyzing and categorizing adversary tactics and techniques C) Implementing encryption protocols D) Training employees in cybersecurity awareness

Which of the following phases is NOT part of the Cyber Kill Chain? A) Reconnaissance B) Weaponization C) Mitigation D) Installation

What is the primary objective of the "Reconnaissance" phase in the Cyber Kill Chain? A) To disrupt the network B) To gather information on the target C) To deploy malware D) To exfiltrate data

How does "Integrity" differ from "Confidentiality" in the CIA Triad? A) Integrity ensures data is available when needed, while confidentiality ensures data is encrypted. B) Integrity ensures data accuracy and consistency, while confidentiality ensures data is only accessible to authorized users. C) Integrity focuses on network performance, while confidentiality focuses on user authentication. D) Integrity involves encryption, while confidentiality involves data storage.

Which of the following is an example of a "Threat Actor"? A) A software vulnerability B) A corporate policy C) A cybercriminal D) A firewall

What is the main purpose of the "Weaponization" phase in the Cyber Kill Chain? A) To gather intelligence on the target B) To create or select a weapon (malware) to use against the target C) To install malicious software D) To cover tracks after an attack

Which of the following is a key concept in understanding security vulnerabilities? A) All vulnerabilities are easily exploitable B) Vulnerabilities do not pose a risk unless detected by attackers C) Vulnerabilities are weaknesses that can be exploited by threats D) Vulnerabilities only affect outdated systems

What does the "Actions on Objectives" phase in the Cyber Kill Chain involve? A) Gaining initial access to the target network B) Performing the intended malicious activity, such as data theft or disruption C) Gathering information about the target D) Creating a backdoor for future access

What is the significance of understanding "Threat Actors" in cybersecurity? A) It helps in developing stronger encryption algorithms B) It assists in predicting and defending against potential attacks C) It enables the automation of network defenses D) It is only relevant to government agencies

Which of the following best describes a "Threat"? A) A measure to secure data B) A potential cause of an unwanted incident that may result in harm C) A device used to protect against malware D) A method to update software