Information Security MCQs with Answers

Practice important Information Security MCQs with answers and explanations.

Multiple Choice Questions

🚀 Start Quiz
Q41: What is an example of an asset in information security?
  • A: A hacker
  • B: A software exploit
  • C: A computer system or data
  • D: A system vulnerability
View Answer
C

Q42: What term describes an intentional or unintentional act that compromises information or systems?
  • A: Attack
  • B: Asset
  • C: Threat
  • D: Control
View Answer
A

Q43: Which type of attack involves someone casually reading sensitive information?
  • A: Active attack
  • B: Passive attack
  • C: Direct attack
  • D: Indirect attack
View Answer
B

Q44: What is the difference between a direct and an indirect attack?
  • A: A direct attack uses a computer to attack another system, while an indirect attack uses a compromised system.
  • B: A direct attack is physical, while an indirect attack is digital.
  • C: A direct attack involves software, while an indirect attack involves hardware.
  • D: There is no difference between direct and indirect attacks.
View Answer
A

Q45: Fill in the blank: Security mechanisms, policies, or procedures that counter attacks are known as ___________.
  • A: Exploits
  • B: Controls
  • C: Assets
  • D: Exposures
View Answer
B

Q46: What does the term "Exposure" refer to in information security?
  • A: A security mechanism
  • B: The act of exploiting a vulnerability
  • C: A condition where a vulnerability is known to an attacker
  • D: The protection of data
View Answer
C

Q47: Fill in the blank: The ___________ is the organizational resource being protected in information security.
  • A: Attack
  • B: Asset
  • C: Exposure
  • D: Vulnerability
View Answer
B

Q48: What is the purpose of Risk management in information security?
  • A: To minimize the risk to match the organization’s risk appetite
  • B: To eliminate all risks completely
  • C: To increase the amount of risk an organization can accept
  • D: To focus only on physical security
View Answer
A

Q49: What is a Vulnerability in the context of information security?
  • A: A security control
  • B: A weakness or fault in a system
  • C: A type of security attack
  • D: A security policy
View Answer
B

Q50: Which term describes a weakness or fault in a system that opens it to attack or damage?
  • A: Threat agent
  • B: Vulnerability
  • C: Exposure
  • D: Exploit
View Answer
B

Test Your Knowledge

Take a timed quiz on Information Security

🚀 Start Quiz Now