Correct Answer: Data exfiltration
Explanation: Unauthorized outbound traffic, especially encrypted data sent to an unknown location, is a common sign of data exfiltration.

Correct Answer: Users are assigned permissions based on their job role
Explanation: RBAC restricts access based on roles, ensuring users only have necessary permissions.

Correct Answer: Zero-day attack
Explanation: A zero-day attack targets unknown vulnerabilities before a security patch is available.

Correct Answer: Log aggregation and real-time security monitoring
Explanation: A Security Information and Event Management (SIEM) system collects, analyzes, and reports security data to detect threats.

Correct Answer: Mandatory security awareness training
Explanation: Insider threats can be reduced through security training, helping employees recognize risky behavior and threats.

Correct Answer: Ignore the email and report it as phishing
Explanation: Phishing emails attempt to trick users into revealing sensitive information. Reporting it helps prevent further attacks.

Correct Answer: Account lockout policy
Explanation: An account lockout policy locks an account after multiple failed login attempts, preventing brute-force attacks.

Correct Answer: Use a VPN
Explanation: A Virtual Private Network (VPN) encrypts remote connections, ensuring secure access to company resources.

Correct Answer: SQL injection
Explanation: SQL injection occurs when an attacker inserts malicious SQL code into a web application to access or manipulate the database.

Correct Answer: Close the port immediately
Explanation: Closing the port prevents unauthorized access while further investigation and security updates are implemented.

Correct Answer: Man-in-the-middle attack
Explanation: In a man-in-the-middle attack, an attacker intercepts communication between two parties to steal or alter data.

Correct Answer: SHA-256
Explanation: SHA-256 is a strong cryptographic hash function used to securely store passwords. MD5 and SHA-1 are considered weak due to vulnerabilities.

Correct Answer: Spyware infection
Explanation: Spyware often causes unwanted pop-ups, redirects, and monitors user activity.

Correct Answer: Application whitelisting
Explanation: Application whitelisting ensures only approved applications can access the database, preventing unauthorized software from connecting.

Correct Answer: Multifactor authentication
Explanation: Multifactor authentication (MFA) requires two or more verification methods, such as something you know (password) and something you are (fingerprint).

Correct Answer: Immediately disconnect the device
Explanation: Disconnecting the unknown device prevents potential threats from spreading while further investigation is conducted.

Correct Answer: Disable their accounts immediately
Explanation: Disabling accounts promptly prevents unauthorized access after an employee leaves the company.

Correct Answer: Brute-force attack
Explanation: A brute-force attack involves repeated login attempts using different password combinations to gain unauthorized access.

Correct Answer: Bot
Explanation: Bots are malware-infected systems that become part of a botnet, allowing attackers to control them remotely for malicious activities like DDoS attacks or data theft.

Correct Answer: Geofencing and conditional access
Explanation: Geofencing and conditional access policies can restrict logins from unauthorized locations, helping to prevent credential misuse from foreign or unexpected IP addresses.