Correct Answer: Immediately block the IP address and disable the account
Explanation: A pattern of failed logins followed by a successful one from an unusual location suggests a potential account compromise. The first priority is containment—blocking the attacker’s access—before further forensic analysis is performed.

Correct Answer: Pass-the-Hash attack
Explanation: In a Pass-the-Hash attack, an attacker captures hashed credentials from memory and reuses them to gain unauthorized access without cracking the passwords. This is commonly used against Windows-based authentication systems.

Correct Answer: Whaling
Explanation: Whaling is a form of phishing that specifically targets high-profile individuals such as executives. Attackers craft highly personalized messages to manipulate decision-makers into divulging sensitive information or approving financial transactions.

Correct Answer: Command and Control (C2) communication from malware
Explanation: C2 communications occur when an infected system is remotely controlled by an attacker. The attacker may use it for data exfiltration, further exploitation, or launching additional attacks.

Correct Answer: Conduct threat hunting and implement endpoint detection and response (EDR) solutions
Explanation: APTs are sophisticated, long-term threats that evade traditional security measures. Threat hunting involves proactively searching for indicators of compromise (IoCs), while EDR solutions monitor and respond to suspicious activity in real-time.

Correct Answer: Ransomware
Explanation: Ransomware encrypts files and demands payment for decryption, often disrupting business operations.

Correct Answer: Intrusion Detection System (IDS)
Explanation: IDS monitors network traffic for suspicious activity and potential cyber threats.

Correct Answer: To limit user access based on job responsibilities
Explanation: RBAC ensures users only have access to resources necessary for their role, improving security.

Correct Answer: Scareware
Explanation: Scareware tricks users into paying for unnecessary software by displaying fake security warnings.

Correct Answer: Privilege escalation
Explanation: Privilege escalation occurs when an attacker exploits a vulnerability to gain higher access rights.

Correct Answer: Multi-factor authentication
Explanation: Multi-factor authentication (MFA) strengthens security by requiring multiple forms of verification.

Correct Answer: Man-in-the-middle attack
Explanation: In a man-in-the-middle (MITM) attack, an attacker intercepts and manipulates communication between two parties.

Correct Answer: Enabling WPA3 encryption
Explanation: WPA3 provides the highest level of wireless encryption and security for Wi-Fi networks.

Correct Answer: Denial-of-service (DoS) attack
Explanation: DoS attacks flood a network or server with excessive requests, making it unavailable to users.

Correct Answer: To identify and fix security vulnerabilities
Explanation: Penetration testing simulates cyberattacks to identify and address security weaknesses.

Correct Answer: Phishing
Explanation: Phishing emails trick users into clicking malicious links or providing sensitive information.

Correct Answer: Verifying every request, regardless of network location
Explanation: Zero-trust security assumes no inherent trust, requiring continuous authentication and access verification.

Correct Answer: Keylogger
Explanation: A keylogger records keystrokes to steal sensitive information such as passwords and credit card details.

Correct Answer: It provides a unique, difficult-to-replicate authentication factor
Explanation: Biometrics rely on unique physical traits, making them harder to forge compared to passwords.

Correct Answer: Trojan
Explanation: Trojans are disguised as legitimate software to deceive users into installing them.

Correct Answer: Investigate further for possible account compromise
Explanation: Unusual access patterns could indicate unauthorized access, requiring further investigation before taking action.

Correct Answer: Integrity
Explanation: Integrity ensures that data is not altered during transmission, typically using hashing and encryption techniques.

Correct Answer: Worm
Explanation: Worms are self-replicating malware that spread automatically without requiring user actions.

Correct Answer: A brute force attack
Explanation: A brute force attack involves repeated login attempts using different passwords until the correct one is found.

Correct Answer: Vishing
Explanation: Vishing (voice phishing) is a social engineering attack where attackers use phone calls to trick users into revealing sensitive information.