Security+ or CySA+ first? The job ads disagree with the study subs.

Question 1 · General Security Concepts

A company wants to implement a security model that assumes no trust for any user or device, regardless of whether they are inside or outside the corporate network. Which architecture best supports this requirement?

• Role-Based Access Control
• Zero Trust
• Perimeter-based security
• Defense in Depth

Correct answer: Zero Trust

Zero Trust architecture operates on 'never trust, always verify' - requiring continuous authentication and authorization for every access request regardless of network location. Unlike perimeter security which trusts internal users, Zero Trust treats all access as potentially hostile.

Question 2 · Threats, Vulnerabilities, and Mitigations

A security administrator notices unusual outbound connections from a web server to known malicious IP addresses. The server is displaying IoCs associated with data exfiltration. Which attack type is most likely occurring?

• Denial of service flooding that exhausts the server's connection table
• Command and control communication
• ARP poisoning that redirects local subnet traffic to a rogue gateway
• Man-in-the-middle interception of the server's inbound client sessions

Correct answer: Command and control communication

Outbound connections to malicious IPs with data exfiltration indicators strongly suggest compromised systems communicating with attacker command and control (C2) infrastructure. This is characteristic of advanced persistent threats and malware infections.

Question 3 · Security Architecture

An organization wants to host public web servers while protecting internal networks from direct internet exposure. Which network architecture should be implemented?

• Peer-to-peer network
• Direct internet connection
• Intranet only
• DMZ (Demilitarized Zone)

Correct answer: DMZ (Demilitarized Zone)

A DMZ creates a buffer network between trusted internal networks and untrusted external networks. Public-facing servers (web, email, DNS) reside in the DMZ, protecting internal networks while maintaining external service availability.

Question 4 · Security Operations

A security administrator receives an alert about suspicious lateral movement between servers in the data center. Network logs show unusual SMB connections from a compromised workstation. What is the immediate priority?

• Reboot the domain controller to clear the active malicious SMB sessions
• Delete the user accounts that initiated the suspicious SMB connections
• Isolate the compromised workstation and affected servers
• Update antivirus definitions and run a full scan across every server

Correct answer: Isolate the compromised workstation and affected servers

Immediate containment is critical to prevent further lateral movement and data exfiltration. Isolating affected systems stops the attack progression while preserving evidence for investigation. Other actions follow containment.

Question 5 · Security Program Management and Oversight

A European company processes personal data of EU residents. They must obtain explicit consent before collecting data and notify authorities of breaches within 72 hours. Which regulation applies?

• GDPR (General Data Protection Regulation)
• SOX (the US law governing corporate financial reporting and controls)
• PCI-DSS (the payment card industry standard for cardholder data security)
• HIPAA (the US framework governing protected patient health information)

Correct answer: GDPR (General Data Protection Regulation)

GDPR is the EU data protection regulation requiring lawful basis for processing, consent management, data subject rights, 72-hour breach notification, privacy by design, and potential fines up to 4% of global revenue.

Question 6 · General Security Concepts

An organization needs to ensure that a financial transaction cannot be denied by either party after completion. Which security principle directly addresses this requirement?

• Availability
• Integrity
• Confidentiality
• Non-repudiation

Correct answer: Non-repudiation

Non-repudiation provides cryptographic proof of origin and prevents parties from denying their participation in a transaction. Digital signatures are commonly used to achieve non-repudiation.

Question 7 · General Security Concepts

A security administrator is comparing encryption methods. Which statement correctly describes the primary difference between symmetric and asymmetric encryption?

• Symmetric relies on hashing while asymmetric performs reversible block ciphering
• Asymmetric encrypts bulk data faster because it skips the key exchange step
• Symmetric distributes a separate public and private key to every recipient
• Symmetric uses one shared key; asymmetric uses public/private key pairs

Correct answer: Symmetric uses one shared key; asymmetric uses public/private key pairs

Symmetric encryption (AES) uses a single shared key for both encryption and decryption, making it fast but challenging for key distribution. Asymmetric encryption (RSA) uses mathematically related public and private keys, enabling secure key exchange but with higher computational overhead.

Question 8 · General Security Concepts

During a security audit, an analyst discovers that identical passwords produce identical hash values in the database. Which control should be implemented to prevent rainbow table attacks?

• Increase password length only
• Use symmetric encryption
• Implement password salting
• Disable password complexity

Correct answer: Implement password salting

Salting adds random data to passwords before hashing, ensuring identical passwords produce different hashes. This defeats precomputed rainbow table attacks by requiring attackers to compute hashes for each unique salt.

Question 9 · General Security Concepts

A company is designing authentication for a high-security data center. The solution requires users to present a smart card and enter a PIN. Which authentication factors are being used?

• Something you have and something you know
• Two instances of something you know
• Something you are and something you have
• Something you know and somewhere you are

Correct answer: Something you have and something you know

Smart cards represent 'something you have' (possession factor), while PINs represent 'something you know' (knowledge factor). Together they provide two-factor authentication requiring both possession and knowledge.

Question 10 · General Security Concepts

An organization experiences a data breach. Investigation reveals attackers accessed archived data from three years ago that was encrypted with the company's current key. Which cryptographic feature would have prevented access to historical data?

• Digital signatures that bind each record to its original author
• Key escrow that stores recovery copies with a trusted third party
• Perfect Forward Secrecy
• Certificate pinning that locks each archive to one issuing authority

Correct answer: Perfect Forward Secrecy

Perfect Forward Secrecy (PFS) generates unique session keys for each communication session. Even if long-term private keys are compromised, past session keys cannot be recovered, protecting historical encrypted data.