Expskill is devoted to help learners become successful in their career. That’s why we are publishing an interesting and helpful series of Security Assessment Questions and Answers. In this series, you will get 30+ Security Assessment Questions and Answers with explanation
Once you’ve had enough understanding of the various concepts of Security Assessment, it’s time to give a shot at some questions based Security Assessment Interview Qestions that you must know answers to:
Question#1 Reconnaissance in information security is used for _.
1)Information Gathering
2)Security Testing
3)Information Analysis
4)Security reviews
Answer- Information Gathering
Question#2 A type of computer attack that in which the intruder engages with the targeted system is known as _.
1)White Box Assessment
2)Passive Reconnaissance
3)Red Team Assessment
4)Active Reconnaissance
Answer- Active Reconnaissance
Question#3 Which of the following should be covered under the security policy?
1)Security update timelines
2)Security strategies
3)Data backup plans
4)Password management policies
5)All of these
Answer- All of these
Question#4 A type of attack that depends on human error rather than on vulnerabilities in the system.
1)Birthday attack
2)Social Engineering attacks
3)Drive-by attack
4)Zero day attack
Answer- Social Engineering attacks
Security Assessment MCQs
Question#5 The risk level decreases with increase in the likelihood of potential risk.
1)True
2)False
Answer- False
Question#6 Passive fingerprinting sends and collects traffic to/from the target system.
1)True
2)False
Answer- False
Question#7 Which among the following companies have bug bounty programs?
2)Facebook
3)Google
4)Mozilla
5)All of these
Answer- All of these
Question#8 Which of the following exploits psychological manipulation in deceiving users to make security mistakes?
1)Fingerprinting
2)Social Engineering
3)Footprinting
4)Reconnaissance
Answer- Social Engineering
Question#9 Which of the following assessment type works to determine whether a threat made/detected, is genuine?
1)Risk Assessment
2)Threat Modeling
3)Threat Assessment
4)Penetration Testing
Answer- Threat Assessment
Question#10 A pen testing method in which a tester with access to an application behind its firewall imitates an attack that could be caused by a malicious insider.
1)Static analysis
2)External Testing
3)Internal Testing
4)Dynamic analysis
Answer- Internal Testing
Question#11 Which of the following is best used for penetration testing?
1)White Box Testing
2)Grey Box Testing
3)Black Box Testing
Answer- Black Box Testing
Question#12 Penetration testing is also called as ethical hacking.
1)True
2)False
Answer- True
Question#13 A continuous service that emulates real-world attackers for the purpose of improving the Blue Team.
1)Red Team
2)Black Team
3)Purple Team
Answer- Red Team
Question#14 The type of testing that is best done during the development life cycle process of the in-house software.
1)White Box Testing
2)Grey Box Testing
3)Black Box Testing
Answer- White Box Testing
Question#15 A valuable training exercise that provides a security team with real-time feedback from a hacker’s perspective.
1)Targeted Testing
2)External Testing
3)Blind Testing
4)Double Blind Testing
Answer- Targeted Testing
Question#16 While performing penetration testing, which of the following method is considered to be a more practical way of scanning?
1)Dynamic analysis
2)Static analysis
3)Inactive analysis
4)Active analysis
Answer- Dynamic analysis
Question#17 The process that involves analyzing entities like TCP and ICMP to identify an application or an operating system:
1)Fingerprinting
2)Social Engineering
3)Reconnaissance
4)Vulnerability Analysis
Answer- Fingerprinting
Common Questions on Security Assessment
Question#18 The type of assessment that is best used to identify, classify and prioritize vulnerabilities.
1)Vulnerability Assessment
2)Risk Assessment
3)Penetration Testing
4)Security Audits
Answer- Vulnerability Assessment
Question#19 During the scanning phase of pen testing, which of the following method analyzes an application’s code to determine its behavior during runtime?
1)Static analysis
2)Dynamic analysis
3)Inactive analysis
4)Active analysis
Answer- Static analysis
Question#20 Which of the following is best used with vulnerability assessments?
1)White Box Testing
2)Black Box Testing
3)Grey Box Testing
Answer- White Box Testing
Question#21 An independent group that challenges an organization to improve its effectiveness by pertaining an adversarial role.
1)Black Team
2)Red Team
3)Blue Team
4)Internal security team
Answer- Red Team
Question#22 Which of the following can be considered as a sound example of social engineering attack?
1)An employee giving door access to an unknown person
2)Calling the help desk and tricking them to reset the password for a user account
3)Accessing a database with a cracked passworddsa
4)Installing a hardware keylogger on an employee’s system to capture passwords
Answer- Accessing a database with a cracked password
Question#23 A type of testing with limited knowledge of the internal working of an application.
1)White Box Testing
2)Black Box Testing
3)Grey Box Testing
Answer- Grey Box Testing
Question#24 Which of the following aims to integrate the defensive tactics and controls from the Blue Team with the threats and vulnerabilities found by the Red Team into a single objective?
1)Green Team
2)Black Team
3)Purple Team
4)Master Security Team
Answer- Purple Team
Question#25 Which of the following cannot be exploited by remote attackers?
1)Passive Fingerprinting
2)Passive Reconnaissance
3)Active Fingerprinting
4)Active Reconnaissance
Answer- Passive Fingerprinting
