Question 1

What is the primary purpose of ISO/IEC 27001?

Options :

A : To outline procedures for incident response

B : To specify requirements for data encryption methods

C : To provide a framework for managing and protecting information security

D : To define technical security controls for network protection

Answer: C

Question 2

How can "Instance Metadata" be exploited in cloud environments?

Options :

A : By using it to monitor and log user activities

B : By using it to gain access to sensitive data stored on the cloud instances

C : By encrypting metadata to prevent unauthorized access

D : By leveraging it to optimize cloud resource performance

Answer: B

Question 3

What is a common vulnerability that results from insufficient input validation?

Options :

A : Man-in-the-Middle (MitM)

B : Phishing

C : SQL injection

D : Denial-of-Service (DoS)

Answer: C

Question 4

Which cloud security practice involves regularly reviewing and updating security policies and configurations?

Options :

A : Security Incident and Event Management (SIEM)

B : Cloud Security Posture Management (CSPM)

C : Cloud Access Security Broker (CASB)

D : Intrusion Detection System (IDS)

Answer: B

Question 5

What is "Phishing" and how does it typically target endpoints?

Options :

A : An attack that uses malicious code to exploit system vulnerabilities

B : An attack that involves intercepting network traffic to extract data

C : A method of exploiting software bugs to gain unauthorized access

D : A social engineering attack that tricks users into revealing sensitive information or installing malware

Answer: D

Smartly Prepare Exam with Free Online SEC-100 Practice Test