AP Cybersecurity MCQ Practice Unit 2

UNIT 2: Securing Spaces

Topic 2.1: Cyber Foundations

A security analyst determines that a specific server vulnerability has a high likelihood of being exploited, with a potential financial impact of over $1 million. The company decides to purchase a specialized insurance policy to cover any losses from such an attack. This risk management strategy is an example of:

ARisk acceptance

BRisk avoidance

CRisk mitigation

DRisk transference

An adversary gains access to a company’s internal network and installs malware that allows them to maintain access over a long period, sending commands and receiving data through a hidden channel. This phase of a cyberattack is known as:

AInitial Access

BTaking action

CPersistence

DReconnaissance

A company protects its customer database by using a firewall, data encryption, and strict access control policies. This layered approach, which uses multiple types of controls to protect a single asset, is a direct application of which security strategy?

ADefense-in-depth

BRisk assessment

CThreat modeling

DIncident response

Which of the following is an example of a technical security control?

AA security guard monitoring a data center entrance.

BA policy requiring quarterly password changes.

CA firewall configured to block malicious traffic.

DAn incident response plan for handling breaches.

A qualitative risk analysis for a vulnerability on a non-critical marketing server might result in which of the following ratings?

AA finding of three open network ports.

BA risk score of 7.8 out of 10.

CA rating of 'Low likelihood, Low impact.'

DAn ALE calculation of $5,250.

An employee who was recently fired uses their still-active credentials to log into the company's network and delete critical files. This type of adversary is best classified as a(n):

AScript kiddie

BHacktivist

CCyberterrorist

DInsider adversary

A hospital's network goes down due to a cyberattack, preventing doctors from accessing patient records. This is a failure of which core security principle?

AIntegrity

BAvailability

CConfidentiality

DNon-repudiation

An attacker gains access to a low-privilege user account on a network. The attacker then uses various techniques to gain control of an administrator's account. This activity is best described as:

AReconnaissance

BEvading detection

CLateral movement

DInitial access

Topic 2.2: Physical Vulnerabilities and Attacks

An adversary walks closely behind an authorized employee through a badge-protected door without the employee's knowledge. This physical security breach is known as:

APiggybacking

BDumpster diving

CTailgating

DShoulder surfing

A security consultant is assessing a company's office. They find sensitive documents, including network diagrams and password lists, in a public recycling bin behind the building. This demonstrates a vulnerability to which type of physical attack?

ADumpster diving

BPiggybacking

CCard cloning

DTailgating

A company's main server room has an unlocked door and is located in a hallway with heavy foot traffic. A risk assessment of this situation would most likely rate the risk to the servers as:

ALow, because the servers are protected by network firewalls.

BLow, because guests are unlikely to know the room's purpose.

CHigh, as physical access can bypass many technical controls.

DModerate, because the servers are probably too heavy to steal.

An adversary gains physical access to a company laptop and plugs in a USB device that automatically installs malware. Which of the following vulnerabilities was most directly exploited?

AExposed and enabled USB ports

BAn unpatched operating system

CA weak user password policy

DThe lack of a screen privacy filter

Which of the following scenarios poses the highest risk from physical vulnerabilities?

AAn employee leaves their locked laptop unattended in a secure office.

BA backup tape with unencrypted financial data is left on a desk.

CA public website server is kept in a locked, monitored data center.

DThe main power breaker for an office is in a locked utility closet.

An adversary creates a perfect copy of an employee's RFID access badge without their knowledge. This allows the adversary to unlock secure doors as if they were the employee. This attack is known as:

AShoulder surfing

BCard cloning

CDumpster diving

DTailgating

A natural disaster, such as a flood, that damages a company's server room is an example of:

AA physical threat to the availability of assets.

BA technical vulnerability from poor programming.

CAn insider attack motivated by revenge.

DA social engineering attack on availability.

An attacker looks over a person's shoulder as they type their password into a computer at a public kiosk. This attack is called:

ATailgating

BSocial engineering

CEavesdropping

DShoulder surfing

Topic 2.3: Protecting Physical Spaces

A company policy requires all employees to lock their computers when they leave their desks and to clear sensitive documents from their workspace at the end of the day. This is an example of which type of security control?

ATechnical control

BManagerial control

CPhysical control

DCorrective control

To prevent unauthorized individuals from following employees into a highly secure area, a company installs an access control vestibule (a small room with two doors, where only one door can be open at a time). This is a direct mitigation for which types of attacks?

ACard cloning and keylogging

BJamming and eavesdropping

CShoulder surfing and dumpster diving

DTailgating and piggybacking

An organization's data center is located in an area prone to power outages. To ensure that servers remain operational during a short-term outage, which of the following physical controls should be implemented?

AAn uninterruptible power supply (UPS)

BA cable lock

CA motion detector

DA privacy screen filter

A company's workstation security policy mandates the use of privacy screen filters on all laptops used in open-plan offices or public spaces. This control is designed to mitigate the risk of:

AShoulder surfing

BPower surges

CTailgating

DDevice theft

Which of the following represents the strongest implementation of layered physical security for a server room?

AA security camera pointed at the server room door.

BA single strong lock on the server room door.

CA perimeter fence, lobby guard, and card reader.

DAn uninterruptible power supply for each server.

When prioritizing which physical security risks to mitigate first, a security manager should primarily consider:

AOnly the risks that are easiest to remediate.

BThe total cost and the severity of the risk.

COnly the risks that have been exploited before.

DThe visual appearance of the security controls.

A card reader system that logs all entries into a restricted area provides which two functions?

APrevention of shoulder surfing and malware

BAccess denial and an audit trail for investigation

CPrevention of tailgating and power outages

DDeterrence against insiders and dumpster diving

A company wants to prevent employees from leaving sensitive paper documents on their desks overnight. Which of the following controls would be most effective?

AA host-based firewall

BMulti-factor authentication

CNetwork segmentation

DA clean desk policy

Topic 2.4: Detecting Physical Attacks

A motion sensor in a server room sends an alert to the security team at 3:00 AM. To be most effective, what other detective control should be paired with the motion sensor?

AA stronger lock on the server room door

BAn uninterruptible power supply (UPS)

CA security camera inside the server room

DA fire suppression system in the ceiling

After a theft, investigators review security camera recordings to identify the perpetrator and determine how they gained access to the building. In this context, the camera footage serves as:

AEvidence for investigation

BA managerial control

CA corrective control

DA preventative control

Why are motion sensors generally not recommended for high-traffic areas like a main lobby during business hours?

AThey are too expensive to install in large areas.

BThey interfere with the building's Wi-Fi signal.

CThey would generate numerous false positive alerts.

DThey can be easily bypassed by skilled adversaries.

A log from a door access control system shows that a door to a secure lab was held open for 60 seconds after an authorized badge was used, which is much longer than the typical 5-second entry time. This data could indicate which type of physical attack?

ACard cloning

BShoulder surfing

CTailgating

DDumpster diving

The primary function of a detective physical security control is to:

AIdentify and report a security event.

BRepair damage after an attack has occurred.

CDefine policies that employees must follow.

DPrevent an attack from ever happening.

How can trained employees act as a detective control?

ABy configuring the building's firewall.

BBy writing the company's security policies.

CBy reporting an unauthorized person.

DBy patching software on their computers.

A security system uses facial recognition software linked to cameras at a building's entrance. The system is designed to alert security if an individual on a 'watch list' enters the premises. This is an example of:

AA detective control triggering an automated alert.

BA corrective control restoring data from backups.

CA physical control preventing a power surge.

DA managerial control for workstation security.

A patrolling guard is often a more effective deterrent than a stationary guard against an adversary trying to breach a building's perimeter because:

AA patrolling guard is authorized to use more force.

BThe adversary cannot predict the guard's location.

CStationary guards are not trained in response.

DThe patrol can monitor multiple cameras at once.