Check Your Technical Baseline for GRC

1.1 What does the Windows shortcut Windows + L do?

• A) Opens the Start menu
• B) Locks the workstation
• C) Logs out of the computer
• D) Opens File Explorer

1.2 Which of the following is a common Linux command to list files in a directory?

• A) dir
• B) ls
• C) show
• D) list

1.3 What is the purpose of "Administrator" or "Root" access on a computer?

• A) To browse the internet faster
• B) To have full control and permissions over the system
• C) To access social media
• D) To run antivirus software

2.1 What does VPN stand for?

• A) Virtual Private Network
• B) Very Protected Network
• C) Virtual Public Network
• D) Verified Private Node

2.2 Which of the following is a valid private IP address?

• A) 192.168.1.100
• B) 8.8.8.8
• C) 172.217.14.206
• D) 1.1.1.1

2.3 What is the primary purpose of a firewall?

• A) To speed up internet connection
• B) To filter and control network traffic based on security rules
• C) To store backup files
• D) To encrypt emails

3.1 What does MFA stand for?

• A) Multiple File Access
• B) Multi-Factor Authentication
• C) Main Firewall Application
• D) Managed File Authorization

3.2 The principle of "Least Privilege" means:

• A) Giving all users administrator access
• B) Users should only have the minimum access needed to do their job
• C) Removing all user permissions
• D) Allowing users to set their own permissions

3.3 What is SSO (Single Sign-On)?

• A) A type of firewall
• B) Authentication that allows users to access multiple applications with one login
• C) A backup system
• D) An encryption method

4.1 What does the "S" in HTTPS stand for?

• A) Speed
• B) Secure
• C) Server
• D) Standard

4.2 "Data at rest" refers to:

• A) Data being transmitted over a network
• B) Data stored on a device or server (not moving)
• C) Data that has been deleted
• D) Data in a backup system only

4.3 What is the difference between encryption and hashing?

• A) They are the same thing
• B) Encryption can be reversed (decrypted); hashing cannot be reversed
• C) Hashing is faster than encryption
• D) Encryption is only for emails

5.1 Which of the following is NOT a major cloud service provider?

• A) Amazon Web Services (AWS)
• B) Microsoft Azure
• C) Google Cloud Platform (GCP)
• D) Adobe Creative Cloud

5.2 In cloud computing, what does "SaaS" stand for?

• A) Security as a Service
• B) Software as a Service
• C) Storage as a Service
• D) Server as a Service

5.3 The "Shared Responsibility Model" in cloud security means:

• A) The cloud provider is responsible for everything
• B) The customer is responsible for everything
• C) Security responsibilities are split between the cloud provider and the customer
• D) No one is responsible for security

6.1 What does OWASP stand for?

• A) Open Web Application Security Project
• B) Online Web Access Security Protocol
• C) Open Wireless Application Security Program
• D) Organized Web Application Security Plan

6.2 SQL Injection is an attack that:

• A) Injects malicious code into a database through user input
• B) Steals passwords from email
• C) Encrypts files for ransom
• D) Slows down network traffic

6.3 XSS (Cross-Site Scripting) attacks primarily target:

• A) Network firewalls
• B) Web browsers and users viewing malicious web content
• C) Physical servers
• D) Backup systems

7.1 What is a CVE?

• A) Certified Vulnerability Expert
• B) Common Vulnerabilities and Exposures (a standardized ID for vulnerabilities)
• C) Computer Virus Elimination
• D) Cloud Vulnerability Encryption

7.2 "Patch management" refers to:

• A) Fixing holes in network cables
• B) The process of updating software to fix security vulnerabilities
• C) Managing employee badges
• D) Creating backup files

7.3 A vulnerability scanner is used to:

• A) Delete viruses from a computer
• B) Identify security weaknesses in systems and applications
• C) Speed up computer performance
• D) Encrypt sensitive data

8.1 What does SIEM stand for?

• A) Security Information and Event Management
• B) System Integration and Error Monitoring
• C) Secure Internet and Email Management
• D) Server Information and Encryption Module

8.2 Why are audit logs important for GRC?

• A) They make computers run faster
• B) They provide evidence of activity for compliance and investigations
• C) They encrypt sensitive data
• D) They prevent all cyber attacks

8.3 Log retention policies define:

• A) How to create new log files
• B) How long log files must be kept before they can be deleted
• C) Who can read log files
• D) How to encrypt log files

9.1 What does RTO stand for in disaster recovery?

• A) Recovery Time Objective (how quickly systems must be restored)
• B) Real-Time Operations
• C) Remote Transfer Option
• D) Required Technical Output

9.2 What is the difference between a full backup and an incremental backup?

• A) They are the same thing
• B) Full backup copies everything; incremental only copies what changed since the last backup
• C) Incremental backups are larger than full backups
• D) Full backups are only for cloud storage

9.3 Business Continuity Planning (BCP) focuses on:

• A) Only IT systems recovery
• B) Keeping the entire business operating during and after a disaster
• C) Marketing strategies
• D) Employee vacation schedules

10.1 What is EDR?

• A) Email Data Recovery
• B) Endpoint Detection and Response (security software for devices)
• C) Encrypted Data Repository
• D) External Drive Reader

10.2 DLP (Data Loss Prevention) tools are designed to:

• A) Speed up data transfers
• B) Prevent sensitive data from leaving the organization unauthorized
• C) Create backup copies of data
• D) Encrypt all emails automatically

10.3 An IDS (Intrusion Detection System) is different from an IPS (Intrusion Prevention System) because:

• A) IDS detects and alerts; IPS detects and blocks
• B) They are the same thing
• C) IDS is for email; IPS is for networks
• D) IPS is outdated technology