Knowledge CheckIT Fundamentals · Module 06

Quiz: IT Fundamentals Module 06: Security Fundamentals (Module 06 of 06)

Test your understanding of the concepts covered in this module.

50 questions

  1. 1

    What is the primary purpose of authentication?

  2. 2

    What is the primary purpose of authorization?

  3. 3

    Which of the following is the correct order of operations when a user accesses a system?

  4. 4

    True or False: Logging in with a username and password is an example of authentication.

  5. 5

    A user logs into a company application and can view reports but cannot delete them. Which concept controls what the user can and cannot do after logging in?

  6. 6

    In your own words, explain the difference between authentication and authorization. Give one example of each.

    This is a free-response question. Write your answer, then click “Show Answer” to compare.

  7. 7

    Which of the following is considered a weak password?

  8. 8

    Why is reusing the same password across multiple websites dangerous?

  9. 9

    What is the primary purpose of a password manager?

  10. 10

    True or False: A password manager allows you to use a single strong, unique password for every account without having to memorize each one individually.

  11. 11

    Which of the following is a best practice for creating strong passwords? (Select THREE.)Select multiple

  12. 12

    What does MFA stand for?

  13. 13

    Which of the following best describes multi-factor authentication (MFA)?

  14. 14

    Which of the following are common categories of authentication factors? (Select THREE.)Select multiple

  15. 15

    A user logs in with a password and then enters a six-digit code from an authenticator app on their phone. Which type of security is this an example of?

  16. 16

    True or False: MFA is less secure than using a password alone because it adds complexity.

  17. 17

    In your own words, explain why MFA significantly improves account security compared to using only a password.

    This is a free-response question. Write your answer, then click “Show Answer” to compare.

  18. 18

    What is encryption?

  19. 19

    What is the difference between plaintext and ciphertext?

  20. 20

    In symmetric encryption, how many keys are used?

  21. 21

    In asymmetric encryption, how many keys are used?

  22. 22

    Which of the following correctly describes a key difference between symmetric and asymmetric encryption?

  23. 23

    True or False: In asymmetric encryption, the public key can be shared openly, but the private key must be kept secret.

  24. 24

    What does "encryption at rest" protect?

  25. 25

    What does "encryption in transit" protect?

  26. 26

    A company stores customer records in a database and encrypts the database files on disk. Which type of encryption is this?

  27. 27

    When you visit a website using HTTPS, your browser and the server encrypt the data exchanged between them. Which type of encryption is this?

  28. 28

    What does HTTPS stand for?

  29. 29

    What is the role of TLS (Transport Layer Security) in HTTPS?

  30. 30

    True or False: A website using HTTP (without the "S") transmits data in plaintext, meaning anyone who intercepts the traffic can read it.

  31. 31

    How can you tell if a website is using HTTPS?

  32. 32

    What is the principle of least privilege?

  33. 33

    A web application needs to read images from a storage service. According to the principle of least privilege, what permissions should it have?

  34. 34

    True or False: The principle of least privilege helps limit the damage that can occur if a user's credentials are compromised.

  35. 35

    What is a firewall?

  36. 36

    Which of the following best describes how a firewall works?

  37. 37

    True or False: A firewall can block incoming traffic on specific ports while allowing traffic on other ports.

  38. 38

    What is phishing?

  39. 39

    Which of the following is a common sign of a phishing email? (Select THREE.)Select multiple

  40. 40

    What is malware?

  41. 41

    Which of the following are types of malware? (Select THREE.)Select multiple

  42. 42

    What is social engineering in the context of cybersecurity?

  43. 43

    True or False: Social engineering attacks target human behavior rather than technical vulnerabilities in software.

  44. 44

    A developer is building a web application that connects to a database. Where should they store the database password?

  45. 45

    Why is hardcoding secrets (such as API keys, passwords, or tokens) directly in source code considered a serious security risk?

  46. 46

    True or False: Environment variables are a common and recommended way to provide sensitive configuration values (like API keys and database passwords) to an application without putting them in the source code.

  47. 47

    Why is it important to keep software, libraries, and dependencies updated?

  48. 48

    A company discovers that an attacker gained access to their system by exploiting a known vulnerability in an outdated software library. Which security best practice would have prevented this?

  49. 49

    Which of the following are security best practices for developers? (Select THREE.)Select multiple

  50. 50

    In your own words, describe three security best practices that every developer should follow and explain why each one is important.

    This is a free-response question. Write your answer, then click “Show Answer” to compare.