Knowledge CheckIT Fundamentals · Module 07

Quiz: Module 07: Security Fundamentals

Test your understanding of the concepts covered in this module.

50 questions · 0/50 answered

  1. Question 1. What is the primary purpose of authentication?

  2. Question 2. What is the primary purpose of authorization?

  3. Question 3. Which of the following is the correct order of operations when a user accesses a system?

  4. Question 4. True or False: Logging in with a username and password is an example of authentication.

  5. Question 5. A user logs into a company application and can view reports but cannot delete them. Which concept controls what the user can and cannot do after logging in?

  6. Question 6. In your own words, explain the difference between authentication and authorization. Give one example of each.

    Free-response questions are self-assessed. Compare your answer with the sample response.

  7. Question 7. Which of the following is considered a weak password?

  8. Question 8. Why is reusing the same password across multiple websites dangerous?

  9. Question 9. What is the primary purpose of a password manager?

  10. Question 10. True or False: A password manager allows you to use a single strong, unique password for every account without having to memorize each one individually.

  11. Question 11. Which of the following is a best practice for creating strong passwords? (Select THREE.)Select multiple

  12. Question 12. What does MFA stand for?

  13. Question 13. Which of the following best describes multi-factor authentication (MFA)?

  14. Question 14. Which of the following are common categories of authentication factors? (Select THREE.)Select multiple

  15. Question 15. A user logs in with a password and then enters a six-digit code from an authenticator app on their phone. Which type of security is this an example of?

  16. Question 16. True or False: MFA is less secure than using a password alone because it adds complexity.

  17. Question 17. In your own words, explain why MFA significantly improves account security compared to using only a password.

    Free-response questions are self-assessed. Compare your answer with the sample response.

  18. Question 18. What is encryption?

  19. Question 19. What is the difference between plaintext and ciphertext?

  20. Question 20. In symmetric encryption, how many keys are used?

  21. Question 21. In asymmetric encryption, how many keys are used?

  22. Question 22. Which of the following correctly describes a key difference between symmetric and asymmetric encryption?

  23. Question 23. True or False: In asymmetric encryption, the public key can be shared openly, but the private key must be kept secret.

  24. Question 24. What does "encryption at rest" protect?

  25. Question 25. What does "encryption in transit" protect?

  26. Question 26. A company stores customer records in a database and encrypts the database files on disk. Which type of encryption is this?

  27. Question 27. When you visit a website using HTTPS, your browser and the server encrypt the data exchanged between them. Which type of encryption is this?

  28. Question 28. What does HTTPS stand for?

  29. Question 29. What is the role of TLS (Transport Layer Security) in HTTPS?

  30. Question 30. True or False: A website using HTTP (without the "S") transmits data in plaintext, meaning anyone who intercepts the traffic can read it.

  31. Question 31. How can you tell if a website is using HTTPS?

  32. Question 32. What is the principle of least privilege?

  33. Question 33. A web application needs to read images from a storage service. According to the principle of least privilege, what permissions should it have?

  34. Question 34. True or False: The principle of least privilege helps limit the damage that can occur if a user's credentials are compromised.

  35. Question 35. What is a firewall?

  36. Question 36. Which of the following best describes how a firewall works?

  37. Question 37. True or False: A firewall can block incoming traffic on specific ports while allowing traffic on other ports.

  38. Question 38. What is phishing?

  39. Question 39. Which of the following is a common sign of a phishing email? (Select THREE.)Select multiple

  40. Question 40. What is malware?

  41. Question 41. Which of the following are types of malware? (Select THREE.)Select multiple

  42. Question 42. What is social engineering in the context of cybersecurity?

  43. Question 43. True or False: Social engineering attacks target human behavior rather than technical vulnerabilities in software.

  44. Question 44. A developer is building a web application that connects to a database. Where should they store the database password?

  45. Question 45. Why is hardcoding secrets (such as API keys, passwords, or tokens) directly in source code considered a serious security risk?

  46. Question 46. True or False: Environment variables are a common and recommended way to provide sensitive configuration values (like API keys and database passwords) to an application without putting them in the source code.

  47. Question 47. Why is it important to keep software, libraries, and dependencies updated?

  48. Question 48. A company discovers that an attacker gained access to their system by exploiting a known vulnerability in an outdated software library. Which security best practice would have prevented this?

  49. Question 49. Which of the following are security best practices for developers? (Select THREE.)Select multiple

  50. Question 50. In your own words, describe three security best practices that every developer should follow and explain why each one is important.

    Free-response questions are self-assessed. Compare your answer with the sample response.