Wednesday, 24 June 2026

21 DevSecOps & AI Security MCQs with Answers and Explanations (CI/CD, Vulnerability Scanning, IaC) – 2026 Guide

 

Security in the Age of AI & Automation

21 exam-grade questions covering vulnerability scanning, CI/CD pipeline security, AI/ML threat detection, and Infrastructure as Code — with clear explanations for every answer.

Which step in the vulnerability scanning process establishes the baseline that is used for scanning?

Attack surface analysis

Detection and Classification

Vulnerability matching

Asset discovery

Why this answer

Asset discovery is the first and foundational step of any vulnerability scanning workflow. Before a scanner can identify what is vulnerable, it must know what exists on the network — servers, endpoints, IoT devices, cloud resources, and applications. This inventory becomes the baseline against which every subsequent scan is measured. Without a complete asset inventory, scanners may miss entire segments of the attack surface, leaving blind spots in your security posture.

Q 02

Which vulnerability scanning feature includes automated scanning tools that enable continuous identification of vulnerabilities?

Proactive Threat Detection

Prioritization of Security Risks

Scalability and Efficiency

Integration and Automation

Why this answer

Integration and Automation is the feature that enables scanning tools to operate continuously without manual intervention. By integrating scanners into CI/CD pipelines and scheduling recurring scans, teams achieve continuous identification of vulnerabilities as code is written, built, and deployed. This feature is distinct from Proactive Threat Detection (which involves threat hunting) and Scalability (which is about handling large environments).

CI/CD Pipeline Security

Q 3–9

Q 03

Which three security controls or practices are protections for the Release stage in the CI/CD pipeline?

Choose Three

Dependency scanning

Signed builds

Role-based approvals

Artifact integrity validation

CI server access controls

Secure storage of release artifacts

Why this answer

The Release stage is when code transitions from built artifact to deployable package. The three controls that specifically protect this stage are: Signed builds (cryptographic signing confirms the artifact hasn't been tampered with since build), Artifact integrity validation (checksum and signature verification before release), and Role-based approvals (requiring authorized human approvers before a release proceeds). Dependency scanning and CI server controls belong to earlier Build/Integration stages, while secure artifact storage is a post-release concern.

Q 04

Which IaC fast rollback deployment strategy involves gradually releasing changes to a small segment of users?

Canary Deployments

Blue-Green Deployments

Feature Flags

Regular Snapshots

Why this answer

Canary Deployments route a small percentage of production traffic to a new version of the application, monitoring for errors before rolling out to everyone. Named after the "canary in a coal mine" analogy, this strategy limits blast radius. Blue-Green deployments maintain two identical environments and switch all traffic at once. Feature flags toggle features without deployment. Snapshots are for backup/restore, not gradual rollouts.

Q 05

Which of the following describes the Protected Branches access control of source code security?

Enforcing multifactor authentication (MFA)

Requiring pull requests (PRs) and code reviews

Implementing Role-Based Access Control (RBAC)

Enabling logging and monitoring

Why this answer

Protected branches in Git platforms (GitHub, GitLab, Bitbucket) are branch rules that require pull requests and code reviews before any changes can be merged into critical branches like main or release. This prevents direct pushes, enforces peer review, and ensures no single developer can introduce unreviewed code into production. MFA and RBAC are identity controls, not branch protection controls.

Q 06

Which API security strategy involves enforcing HTTPS for all API traffic?

Traffic Management

Input Validation

Data Protection

Authentication and Authorization

Why this answer

Enforcing HTTPS encrypts data in transit between the client and API server, which is a Data Protection control. TLS/SSL prevents eavesdropping and man-in-the-middle attacks on API calls. This is categorically different from Authentication (verifying identity), Input Validation (sanitizing request payloads), or Traffic Management (rate limiting and throttling).

Q 07

Which three of the following are enabled by implementing vulnerability scanning in the CI/CD integration phase of the API development lifecycle?

Choose Three

Automatic triggering of scans

Authentication controls verification

Blocking of deployment if a critical vulnerability is found

Alerts and reports generation

API issues detection

Insecure coding detection

Why this answer

When vulnerability scanning is embedded in the CI/CD integration phase, three specific capabilities are unlocked: Automatic triggering (scans fire on every commit or PR without manual action), Deployment blocking (pipeline gates stop a release if a critical CVE is detected), and Alerts and reports (teams receive notifications and audit trails of findings). Authentication verification and insecure coding detection are typically handled by separate DAST/SAST tools in other phases.

Q 08

Which security challenge with automated workflows is described as bypassing traditional manual review cycles?

Misconfiguration in automation

Rapid propagation of errors

Lack of human oversight

Inconsistent compliance checks

Why this answer

When workflows are fully automated, they can bypass the manual review cycles that humans traditionally use to catch logic errors, misconfigurations, and policy violations. This is the challenge of lack of human oversight — automation moves fast, but without human checkpoints, subtle issues can slip through undetected into production.


Q 09

Which of the following describes using internal incident response data as a method to keep AI models current?

Use data from past security incidents — network logs, endpoint telemetry, and forensic findings — to enrich training datasets.

Engage in regular red team assessments to mimic real-world attack scenarios.

Integrate structured sources such as MITRE ATT&CK, CVE databases, and NIST NVD.

Participate in ISACs to access collective knowledge about emerging threats.

Why this answer

Internal incident response data — including network logs, endpoint telemetry, and forensic artifacts from actual breaches — is uniquely valuable because it reflects your organization's specific threat landscape. Feeding this real-world data back into AI training datasets keeps models tuned to the threats you actually face, rather than generic threat patterns from public sources.

Q 10

When balancing automation with human oversight, what can be done to establish clear escalation and validation paths?

Let AI handle the heavy lifting of sifting through massive datasets.

Security analysts should routinely review model outputs and validate results.

Define policies and workflows for escalating ambiguous or high-risk incidents to human teams.

Integrate structured sources such as MITRE ATT&CK and CVE databases.

Why this answer

Defining escalation policies and workflows is the specific mechanism that establishes clear paths for human intervention. Without documented escalation playbooks, teams don't know when AI output requires human review, who reviews it, or what the SLA is. This governance layer is what turns an AI tool from a black box into an accountable, auditable system.

Q 11

What is a primary advantage of continuous model training using updated threat intelligence in AI/ML security workflows?

It enhances the ability to detect emerging and novel threats.

It enables faster infrastructure deployment without risk analysis.

It increases the quantity of alerts regardless of relevance.

It eliminates the need for human oversight in security monitoring.

Why this answer

AI models trained on static datasets quickly become outdated as adversaries evolve tactics. Continuous training with updated threat intelligence allows models to recognize novel attack patterns — zero-days, new malware families, emerging TTPs — that weren't in the original training data. This is especially critical because static models suffer from model drift and generate increasing false negatives over time.

Q 12

Which benefit of embedding AI/ML into the CI/CD pipeline helps reduce the risk of overwhelming teams with low-risk threat warnings?

Early detection

Risk-based prioritization

Faster remediation

Automation and scalability

Why this answer

Risk-based prioritization uses AI to score findings by exploitability, business impact, and context — surfacing only the alerts that genuinely matter. Alert fatigue is a major security operations problem; teams that receive hundreds of low-confidence alerts per day stop treating them seriously. Prioritization filters noise so engineers focus on findings with real blast radius potential.

Q 13

Which type of machine learning best enables detection of insider threats based on deviations from expected user behavior?

Supervised learning

Reinforcement learning

Pattern-based learning

Unsupervised learning

Why this answer

Unsupervised learning builds behavioral baselines without labeled training examples and then flags anomalies that deviate from those baselines. Insider threats are notoriously difficult to detect because they look like normal activity — only the subtle deviations (unusual login times, atypical data access) reveal the threat. Supervised learning requires labeled examples of malicious behavior, which are rare for insider threats.

Q 14

Which security telemetry source includes API calls, authentication logs, service usage patterns, and configuration changes?

SIEM

Cloud services and APIs

Threat Intelligence Feeds

EDR tools

Why this answer

Cloud services and APIs are the native source of this telemetry. AWS CloudTrail, Azure Activity Log, and GCP Audit Logs all record API calls, authentication events, service usage, and configuration changes at the cloud platform level. SIEM aggregates logs from many sources; EDR is endpoint-focused; threat intelligence feeds provide external threat context — none of these natively generate cloud API call logs.

Q 15

Which incident response scenario involves gathering contextual information about threats to help analysts make faster decisions?

Playbook execution

Alert correlation

Threat enrichment

Notification and escalation

Why this answer

Threat enrichment augments raw alerts with contextual intelligence — IP reputation, domain age, geolocation, WHOIS data, malware sandbox results, and threat actor attribution. This context dramatically reduces the time analysts spend researching an alert before deciding how to respond. Alert correlation links related events; playbook execution automates response steps; notification escalates to the right people.

Q 16

Which risk of solely depending on AI can be described as AI being fed poisoned data?

Adversarial attacks

Bias and Fairness

Overreliance on Automation

Explainability

Why this answer

Adversarial attacks include data poisoning — where an attacker deliberately injects malicious, misleading, or corrupted training data to manipulate the model's behavior. A poisoned model might learn to classify malware as benign, enabling attackers to evade detection. This is distinct from bias (systematic errors from skewed but unintentional data) and explainability (the inability to interpret model decisions).

Advertisement · Google AdSense In-Article


Q 17

Which toolchain is used for analyzing source code to detect security vulnerabilities?

Dynamic Application Security Testing (DAST)

Software Composition Analysis (SCA)

Infrastructure-as-Code (IaC) Scanners

Static Application Security Testing (SAST)

Why this answer

SAST (Static Application Security Testing) analyzes source code, bytecode, or binaries without executing the application, scanning for vulnerabilities like SQL injection, buffer overflows, and hardcoded secrets early in the SDLC. DAST tests running applications. SCA scans third-party dependencies. IaC scanners check Terraform/CloudFormation templates — not application source code.

Q 18

Which three of the following are benefits of implementing automated security testing for continuous compliance?

Choose Three

AEarly remediation

Detailed audit trail

Configuration rollback capability

Manual verification

Continuous visibility

Operational Efficiency

Why this answer

Automated security testing for continuous compliance delivers three key benefits: Early remediation — catching issues in development when they're cheapest to fix; Detailed audit trail — every scan result is logged, timestamped, and traceable for compliance reporting (PCI-DSS, SOC 2, HIPAA); and Continuous visibility — real-time dashboards show the security posture at every point in the pipeline, not just at scheduled audit windows.

Q 19

Which of the following is a benefit of applying shift-left security with IaC?

Rapid replication for disaster recovery and response

Embed security controls and policies

Version control and traceability

Faster detection of insecure configuration

Why this answer

Shift-left security with IaC means running security checks on infrastructure code (Terraform, Ansible, CloudFormation) before it is deployed. This provides faster detection of insecure configurations — open S3 buckets, over-permissive IAM roles, unencrypted volumes — at the coding stage rather than after provisioning, drastically reducing remediation cost and time.

Q 20

Which IaC capability allows infrastructure to scale dynamically in response to application needs and traffic patterns?

Automation

Version Control

Repeatability

Testability

Why this answer

Automation is the IaC capability that enables dynamic scaling. IaC tools like Terraform combined with cloud auto-scaling policies can automatically provision or deprovision resources in response to load — with no human intervention. Version control tracks changes; repeatability ensures consistency across environments; testability validates configurations — but none of these inherently enable real-time scaling.

Q 21

Which of the following uses data to ensure that AI models are both accurate and generalizable across environments?

Data collection and preparation

AI/ML integration

Model training and preparation

AI/ML deployment

Why this answer

Data collection and preparation is the ML lifecycle phase responsible for accuracy and generalizability. A model is only as good as its training data — collecting diverse, representative, and unbiased datasets and applying preprocessing (normalization, deduplication, augmentation) ensures the model performs well not just on training data but across varied real-world environments. Poor data preparation is the leading cause of model overfitting and poor generalization.

More from NetworkLearner

Related Posts

Cybersecurity MCQs

Top Cybersecurity MCQs with Answers

eBPF, SIEM, SOAR, NIST frameworks, and Incident Response — 22 exam-grade questions with explanations.

Read More →

Network Security

22 Network Security Interview Q&A

TLS 1.3, Cloud Security, Kubernetes, AI threat detection, and Post-Quantum Cryptography explained.


Security MCQs

30 Cybersecurity & Network Security MCQs (2026)

Endpoint security, IAM, VPN, SD-WAN, and network hardening — 30 questions with full explanations.


Cisco DCFNDU

Cisco Data Center Foundation — Practice Exam 1

Spine-leaf, three-tier design, HCI, SAN architecture — 13 DCFNDU exam questions with deep explanations.


Cisco ACI

Why Service Graphs Matter in Cisco ACI

Complete guide to ACI Service Graphs — how they steer traffic through firewalls, load balancers, and more.


Cisco ACI

Cisco ACI: Decommission vs Remove vs Secure Remove

Know the difference between these three critical ACI operations before you touch a production fabric.


 

 

Posted by at No comments:
Labels: , , , , , , , , ,

Sunday, 21 June 2026

Top Cybersecurity MCQs with Answers (eBPF, SIEM, SOAR, NIST, Incident Response) – 2026 Guide


Introduction

This blog covers important multiple-choice cybersecurity questions (MCQs) for interviews, certifications, and real-world knowledge. Topics include eBPF, SIEM, SOAR, NIST frameworks, and Incident Response.

Cybersecurity MCQs with Answers

Question 1

Why is eBPF favored over traditional kernel modules for enhancing security and observability in modern systems?

Options:

  1. It can execute arbitrary code in the kernel without restrictions.
  2. It enables dynamic, verified, and safe code execution without modifying the kernel.
  3. It avoids sandboxing, improving systemwide access.
  4. It relies on external user-space tools for packet inspection.

Answer:
It enables dynamic, verified, and safe code execution without modifying the kernel.

Question 2

What is a key difference between SOAR and SIEM systems?

Options:

  1. SOAR focuses on collecting log data from multiple sources.
  2. SIEM automatically executes predefined workflows during incident response.
  3. SOAR uses orchestration and automation to respond to alerts, while SIEM focuses on threat detection and alerting.
  4. SIEM systems are less complex to implement than SOAR systems.

Answer:
SOAR uses orchestration and automation to respond to alerts, while SIEM focuses on threat detection and alerting.

Question 3

Which of the following best describes a primary benefit of implementing a SOAR solution in a security operations center?

Options:

  1. It eliminates the need for human analysts.
  2. It provides real-time log analysis.
  3. It replaces SIEM systems.
  4. It automates routine responses and allows analysts to focus on complex threats.

Answer:
It automates routine responses and allows analysts to focus on complex threats.

Question 4

Why might an organization choose to combine elements from multiple risk management frameworks?

Options:

  1. Reduce cybersecurity staff cost
  2. Delay compliance
  3. Create a tailored plan aligned with needs
  4. Avoid processes

Answer:
To create a tailored plan that aligns with specific organizational needs.

Question 5

Which statement correctly explains compensating controls?

Options:

  1. Must always exceed original control
  2. Can be ignored later
  3. Should meet intent and provide similar assurance
  4. Only used to reduce costs

Answer:
Compensating controls should meet the intent of the original control and provide similar assurance.

Question 6

What is a key distinction between NIST RMF and CSF?

Options:

  1. RMF for infra, CSF mandatory
  2. RMF service strategy
  3. RMF compliance-driven, CSF voluntary
  4. Same frameworks

Answer:
RMF is compliance-driven for federal agencies; CSF is a voluntary guide.

Question 7

What is the goal of post-incident activities?

Options:

  1. Configure firewall
  2. Isolate systems
  3. Evaluate cost
  4. Document findings and improve security

Answer:
Document findings, improve security posture, and reduce future risk.

Question 8

Which team coordinates incident response?

Options:

  1. SOC
  2. CSIRT
  3. Helpdesk
  4. Risk committee

Answer:
Computer Security Incident Response Team (CSIRT)

Question 9

Which framework provides incident handling guidance in the US?

Options:

  1. NIST SP 800-61
  2. ISO 27005
  3. ITIL
  4. ISO 27035

Answer:
NIST SP 800-61

SIEM, Observability & eBPF

Question 10

Why is event correlation important in SIEM?

Options:

  1. One event monitored
  2. Identifies related attack patterns
  3. Removes analyst need
  4. Only stores logs

Answer:
It identifies related events indicating sophisticated attacks.

Question 11

Why is eBPF powerful in containers?

Options:

  1. Requires privileged mode
  2. Replaces monitoring tools
  3. Kernel-level monitoring without container agents
  4. Needs kernel recompilation

Answer:
It allows kernel-level monitoring without deploying agents.

Question 12

Monitoring vs Observability?

Options:

  1. Monitoring alerts, observability explains root cause
  2. Monitoring predicts
  3. Dashboard vs automation
  4. Different domains

Answer:
Monitoring alerts teams to issues, while observability diagnoses root cause.

Question 13

What is Full-Stack Observability?

Options:

  1. Code monitoring tool
  2. Cloud-only insight
  3. End-to-end monitoring across all layers
  4. On-prem dashboard

Answer:
Capability to monitor and optimize entire IT environment.

Question 14

Advantage of SIEM over separate tools?

Options:

  1. Removes firewalls
  2. Independent tools
  3. Unified data and centralized management
  4. Restricts integration

Answer:
Unified data sharing and a single point of management.

Risk & Controls

Question 15

First step in risk management?

Options:

  1. Mitigation
  2. Identification
  3. Assessment
  4. Communication

Answer:
Risk Identification

Question 16

When should compensating controls be used?

Options:

  1. Replace all controls
  2. No policies exist
  3. Simplify network
  4. When primary control not feasible

Answer:
When limitations prevent implementing primary control.

Question 17

Not valid purpose of compensating controls?

Options:

  1. Reduce breach risk
  2. Compliance support
  3. Simplify access
  4. Protect legacy systems

Answer:
To simplify network access for all employees.

Question 18

Example of compensating control (no encryption)?

Options:

  1. Archive logs
  2. Enhanced monitoring
  3. Ignore classification
  4. Antivirus

Answer:
Using enhanced monitoring to detect unauthorized access.

Incident Response Lifecycle

Question 19

When are compromised accounts reset?

Options:

  1. Containment
  2. Recovery
  3. Preparation
  4. Post-incident

Answer:
Containment Phase

Question 20

Activity in analysis phase?

Options:

  1. Root cause and impact analysis
  2. Notify stakeholders
  3. Recovery deployment
  4. Rebuild systems

Answer:
Root cause analysis and impact assessment.

Question 21

Goal of post-incident phase?

Options:

  1. Configure systems
  2. Isolate devices
  3. Cost evaluation
  4. Improve future security

Answer:
Improve security and prevent recurrence.

Question 22

Purpose of recovery phase?

Options:

  1. Legal assessment
  2. Containment
  3. Remove malware
  4. Restore systems securely

Answer:
Restore systems to normal operations and ensure security.

Posted by at No comments:
Labels: , , , , , , , , ,

22 Network Security Interview Questions & Answers (TLS, Cloud, Kubernetes, AI & Quantum Security)

 

Network Security Quick Quiz: TLS, Cloud, Containers, AI & Post-Quantum Crypto

A round-up of common cybersecurity concepts — from TLS 1.3 handshakes to Kubernetes network policies to post-quantum cryptography — explained in quick Q&A format.

Q1. In a TLS 1.3 handshake, why is it more difficult for firewalls to make a reliable decrypt/do-not-decrypt decision based solely on the ClientHello message?

  • A. The firewall can only see the SNI extension at that point, which may be spoofed.
  • B. All certificate data is visible at the time of the ClientHello.
  • C. The ClientHello does not contain any information relevant to SSL policy decisions.
  • D. The ClientHello is encrypted in TLS 1.3, preventing any inspection.
  Answer: A — The firewall can only see the SNI extension at that point, which may be spoofed. Why: In TLS 1.3, most handshake fields after the ClientHello are encrypted. The SNI (Server Name Indication) is one of the few visible fields, but it can be forged or omitted (especially with Encrypted Client Hello), so firewalls can't fully trust it for policy decisions.

Q2. Which benefit does AVC provide when securing containerized application environments?

  • A. AVC routes API requests based on geographic location.
  • B. AVC performs static code analysis during development.
  • C. AVC filters what applications can be installed inside a container.
  • D. AVC prevents unauthorized container deployments by validating run-time behavior. 
Answer: D — AVC prevents unauthorized container deployments by validating run-time behavior. Why: Application Visibility and Control monitors what's actually running and how it behaves, flagging anomalies rather than just relying on static rules.

Q3. Which feature of integrated endpoint security platforms directly supports remote workforces?

  • A. Policy enforcement based on geolocation
  • B. Full disk encryption capabilities
  • C. Continuous protection regardless of network connection
  • D. Cloud-based data backup for personal use 
Answer: C — Continuous protection regardless of network connection. Why: Remote workers move between networks (home Wi-Fi, public hotspots, cellular). Endpoint security needs to follow the device, not depend on being inside a corporate perimeter.

Q4. Which Cisco solution provides unified policy enforcement for both real-time data inspection and data at rest in SaaS environments?

  • A. Cisco Secure Network Analytics
  • B. Cisco Umbrella with multimode cloud DLP
  • C. Cisco Secure Endpoint
  • D. Cisco Secure Firewall Threat Defense 
Answer: B — Cisco Umbrella with multimode cloud DLP. Why: Multimode cloud DLP lets Umbrella inspect data in motion (as it's accessed/uploaded) and data at rest (already stored in SaaS apps) under one policy framework.

Q5. Which decryption method allows Cisco Secure Threat Defense to inspect outbound encrypted traffic from internal hosts without access to the server's private key?

  • A. Known Key Decryption
  • B. Certificate Pinning
  • C. Decrypt-Reencrypt
  • D. Decrypt-Resign 
Answer: C — Decrypt-Reencrypt. Why: The firewall acts as a man-in-the-middle: it decrypts traffic using its own cert, inspects it, then re-encrypts it to the destination — no need for the real server's private key (unlike Known Key/Decrypt-Resign scenarios for inbound traffic).

Q6. Which feature of Cisco Secure Email DLP helps reduce false positives by requiring additional contextual information before flagging a message as a violation?

  • A. Sender reputation scoring
  • B. Context Matching
  • C. Outbound mail logging
  • D. Inline web traffic inspection Answer: B — Context Matching. Why: Instead of triggering on a single keyword or pattern, Context Matching looks for supporting contextual signals, cutting down accidental flags.

Q7. Which of the following best describes how Cisco Umbrella provides protection against zero-day DNS threats?

  • A. By using behavioral analysis and threat intelligence to detect and block unknown domains
  • B. By comparing domain names against a static list of blocked sites
  • C. By encrypting DNS queries between endpoints and DNS servers
  • D. By scanning website content before DNS resolution is completed 
Answer: A — By using behavioral analysis and threat intelligence to detect and block unknown domains. Why: Static blocklists can't catch brand-new malicious domains; behavioral/threat-intel models can flag suspicious patterns before a domain is formally categorized.

Q8. How does Application Visibility and Control (AVC) contribute to protecting modern infrastructure from application-layer threats?

  • A. AVC ensures only verified applications and behavior are allowed to execute.
  • B. AVC disables encryption for application monitoring.
  • C. AVC blocks port scans and DoS attacks on web servers.
  • D. AVC passively records application logs for forensic analysis only. 
Answer: A — AVC ensures only verified applications and behavior are allowed to execute. Why: It's about controlling what's permitted at the application layer, not just logging or perimeter-level filtering.

Q9. What role does a Software Bill of Materials (SBOM) play in securing the software supply chain?

  • A. It enables containers to scale automatically based on load.
  • B. It tracks software dependencies and versions for vulnerability management.
  • C. It creates an encrypted communication path between services.
  • D. It manages cloud-native IAM policies across containers. 
Answer: B — It tracks software dependencies and versions for vulnerability management. Why: An SBOM is essentially an ingredient list for software, making it possible to quickly identify if a known-vulnerable component is in use.

Q10. What is one of the primary security risks of using container images sourced from public registries without verification?

  • A. Introduction of malicious or outdated code
  • B. Reduced compatibility across environments
  • C. Decreased deployment speed
  • D. Increased memory utilization in cloud platforms 
Answer: A — Introduction of malicious or outdated code. Why: Unverified images can carry embedded malware, backdoors, or simply outdated/vulnerable packages.

Q11. Which component of a Kubernetes Network Policy defines which pods the policy applies to?

  • A. Namespace
  • B. IP Block
  • C. Ingress Rule
  • D. Pod Selector 
Answer: D — Pod Selector. Why: The Pod Selector field scopes the policy to specific pods using label matching.

Q12. What is the default behavior of Kubernetes regarding pod-to-pod communication?

  • A. All pod traffic is blocked unless allowed by a service mesh.
  • B. All pod-to-pod traffic is allowed until explicitly restricted by network policies.
  • C. Traffic is allowed only within the same namespace.
  • D. Traffic is only permitted through ingress controllers. 
Answer: B — All pod-to-pod traffic is allowed until explicitly restricted by network policies. Why: Kubernetes networking is "default allow" — you must opt in to restrictions via NetworkPolicy objects.

Q13. What is the recommended practice to detect vulnerabilities both at the source code level and during run time in a serverless application?

  • A. Combine SAST and DAST tools
  • B. Use centralized authentication services
  • C. Perform manual reviews of code
  • D. Rely on the cloud provider's built-in libraries 
Answer: A — Combine SAST and DAST tools. Why: SAST (static analysis) catches issues in code before deployment; DAST (dynamic analysis) catches issues that only appear when the app is actually running.

Q14. Which of the following best describes a key reason for enforcing mutual TLS (mTLS) in a microservices architecture?

  • A. It encrypts data faster between services.
  • B. It automates the container build process.
  • C. It accelerates the deployment process across services.
  • D. It ensures that both client and server authenticate each other. 
Answer: D — It ensures that both client and server authenticate each other. Why: Standard TLS only verifies the server. mTLS adds client-side certificates so both ends prove their identity — critical in zero-trust microservice meshes.

Q15. Which risk is most commonly introduced by relying on third-party libraries in serverless applications?

  • A. Difficulty scaling application workloads
  • B. Vulnerabilities from unpatched dependencies
  • C. Reduced system performance
  • D. Increased infrastructure complexity 
Answer: B — Vulnerabilities from unpatched dependencies. Why: Serverless functions often bundle many small dependencies, and unpatched ones become an easy attack surface.

Q16. What is one of the primary cybersecurity concerns associated with quantum computing?

  • A. Quantum computers can break widely used public-key cryptographic systems like RSA and ECC.
  • B. Quantum computers require classical cryptographic algorithms to function efficiently.
  • C. Quantum computers reduce the effectiveness of symmetric encryption by weakening key lengths.
  • D. Quantum computers enable more secure key exchanges using traditional elliptic curve cryptography. 
Answer: A — Quantum computers can break widely used public-key cryptographic systems like RSA and ECC. Why: Quantum algorithms (notably Shor's) can solve the math problems RSA/ECC rely on exponentially faster than classical computers.

Q17. Which benefit of AI most directly contributes to reducing the workload of security teams in large-scale infrastructure environments?

  • A. Its ability to run vulnerability scans more frequently
  • B. Its automation of routine tasks like alert triage and log analysis
  • C. Its integration with firewalls for advanced access control rules
  • D. Its ability to deploy network devices with zero-touch provisioning Answer: B — Its automation of routine tasks like alert triage and log analysis. Why: AI excels at sorting through high-volume, repetitive data so analysts can focus on genuine threats.

Q18. How does predictive security, enabled by AI, support proactive threat mitigation?

  • A. By blocking all external connections not previously authenticated
  • B. By simulating multiple attack paths to predict potential threats
  • C. By running continuous port scans across the infrastructure
  • D. By using historical data and threat trends to anticipate security incidents 
Answer: D — By using historical data and threat trends to anticipate security incidents. Why: Predictive models learn from past attack patterns to flag likely future threats before they materialize.

Q19. Which of the following accurately describes how AI contributes to the design phase of secure network infrastructure?

  • A. AI sets strict access control rules without human oversight.
  • B. AI models and simulates potential threat scenarios to inform architecture decisions.
  • C. AI deploys firewalls in every network segment automatically.
  • D. AI configures routers and switches using a centralized script. 
Answer: B — AI models and simulates potential threat scenarios to inform architecture decisions. Why: Simulation helps architects stress-test designs against likely attack vectors before deployment.

Q20. Which property of quantum bits (qubits) most directly enables quantum computers to evaluate many computational paths simultaneously?

  • A. Superposition
  • B. Entanglement
  • C. Determinism
  • D. Parallel threading 
Answer: A — Superposition. Why: Superposition lets a qubit represent multiple states at once, enabling massive parallelism in computation.

Q21. What role does the National Institute of Standards and Technology (NIST) play in post-quantum cryptography (PQC)?

  • A. Manufacturing quantum-resistant chips for cloud providers
  • B. Standardizing cryptographic algorithms resistant to quantum attacks
  • C. Funding development of quantum computing platforms
  • D. Creating network protocols for classical encryption resilience 
Answer: B — Standardizing cryptographic algorithms resistant to quantum attacks. Why: NIST runs the formal PQC standardization process, evaluating and selecting algorithms designed to resist quantum attacks.

Q22. Which quantum algorithm presents the greatest threat to current public-key encryption schemes such as RSA?

  • A. Grover's Algorithm
  • B. Quantum Fourier Transform
  • C. Shor's Algorithm
  • D. QAOA (Quantum Approximate Optimization Algorithm) 
Answer: C — Shor's Algorithm. Why: Shor's Algorithm efficiently factors large numbers and solves discrete logarithms — the exact hard problems RSA and ECC depend on.

Posted by at No comments:
Labels: , , , , , , ,

Friday, 12 June 2026

30 Cybersecurity and Network Security MCQs with Answers and Explanations (2026 Guide)

 

30 Essential Cybersecurity and Network Security Questions with Answers and Explanations (2026 Study Guide)

Meta Description:
Prepare for cybersecurity, endpoint security, IAM, VPN, SD-WAN, and network security certifications with these 30 multiple-choice questions, answers, and easy-to-understand explanations.

Keywords: Cybersecurity Quiz, Network Security MCQs, Endpoint Security Questions, IAM Questions, VPN Security, SD-WAN Quiz, Cisco Security Questions, Cybersecurity Certification Preparation

Introduction

Cybersecurity is one of the most important aspects of modern IT infrastructure. Understanding topics such as endpoint security, identity and access management (IAM), VPNs, SD-WAN, and network hardening is essential for students, professionals, and certification candidates.

Below are 30 multiple-choice questions with answers and brief explanations to help you strengthen your knowledge.

1. What is the purpose of access controls in endpoint security?

Options:

A. To restrict all external internet access
B. To enable anonymous login for speed
C. To enforce MFA and limit access using RBAC
D. To store passwords in local device memory

Answer: C. To enforce MFA and limit access using RBAC

Explanation: Access controls ensure only authorized users can access resources. MFA and RBAC provide stronger security by verifying identity and limiting permissions.

2. Which combination best defines 2FA?

Options:

A. Username + password
B. Password + device or biometric
C. Email + firewall token
D. Security questions + PIN

Answer: B. Password + device or biometric

Explanation: Two-Factor Authentication requires two different forms of verification, such as a password and a fingerprint or mobile device.

3. Which technique prevents domain spoofing?

Options:

A. Strong password policy
B. URL shortening
C. DMARC and SPF
D. IP blocklist

Answer: C. DMARC and SPF

Explanation: DMARC and SPF verify email senders and help prevent phishing attacks.

4. Which protocol is used by hardware keys to support passwordless login?

Options:

A. DMARC
B. FIDO2
C. SMTP
D. TLS

Answer: B. FIDO2

Explanation: FIDO2 enables secure passwordless authentication using security keys and biometrics.

5. Which authentication method uses voice communication to deliver codes?

Options:

A. Phone call
B. Push notification
C. Security key
D. VID

Answer: A. Phone call

Explanation: Automated phone calls can provide one-time passwords or verification codes.

6. Which method provides biometric login on Android devices?

Options:

A. Windows Hello
B. Touch ID
C. Face ID
D. Android Biometrics

Answer: D. Android Biometrics

Explanation: Android Biometrics supports fingerprint and facial recognition authentication.

7. Which method is most suitable for automation and scalable application development in cloud environments?

Options:

A. Web-based GUI dashboards
B. SQL command-line interfaces
C. API access
D. Remote desktop access

Answer: C. API access

Explanation: APIs allow applications to interact automatically with cloud services.

8. When using MAB (MAC Authentication Bypass), what must be done before an IoT device can authenticate?

Options:

A. Add the IoT MAC address to the AAA database and assign it to an identity group
B. Assign the device an IP address from a secure VLAN
C. Load the device profile in Cisco ISE
D. Enable 802.1Q trunking on the access port

Answer: A

Explanation: The MAC address must be registered in the AAA system before authentication can occur.

9. What advantage does Cisco Multicloud Defense offer compared to native cloud provider tools?

Options:

A. Performs native code debugging
B. Consolidates security controls across AWS, Azure, GCP, and OCI
C. Replaces endpoint detection solutions
D. Supports only single-cloud deployments

Answer: B

Explanation: It provides centralized visibility and security management across multiple cloud platforms.

10. How is the MUD URL typically conveyed to the network in Cisco environments?

Options:

A. HTTP POST during startup
B. Embedded in LLDP, DHCP, or 802.1X requests
C. Through an SNMP trap
D. As part of an ARP broadcast

Answer: B

Explanation: IoT devices commonly share MUD URLs through standard discovery and authentication protocols.

11. What role does automatic user deprovisioning play in IAM security?

Options:

A. Enables temporary admin access
B. Prevents bandwidth consumption
C. Logs failed login attempts
D. Removes access for users who no longer belong to the organization

Answer: D

Explanation: Deprovisioning prevents former employees from retaining system access.

12. Which of the following helps ensure transparency and regulatory compliance with a SaaS provider?

Options:

A. Zero Trust networking
B. Contractual agreements specifying access and audit capabilities
C. IoT sensors
D. IP allowlisting

Answer: B

Explanation: Contracts define security responsibilities and audit rights.

13. Which component is responsible for displaying the login portal and verifying credentials in CWA?

Options:

A. Network Access Device (NAD)
B. Domain Controller
C. Policy Services Node (PSN)
D. Client Browser

Answer: C

Explanation: The PSN hosts the portal and validates credentials.

14. What is the purpose of the basic web authentication process?

Options:

A. Full access before login
B. Create a guest VLAN
C. Provide a secure connection until authentication is complete
D. Bypass authorization policies

Answer: C

Explanation: Users receive restricted access until successful authentication.

15. What is a switch's default behavior before MAB is enforced on a switch port?

Options:

A. Allow all traffic
B. Redirect traffic to a proxy
C. Block traffic until MAC authentication is complete
D. Assign a default VLAN

Answer: C

Explanation: The port remains unauthorized until authentication succeeds.

16. Which authentication method supports fast re-authentication using PACs?

Options:

A. EAP-FAST
B. TEAP
C. EAP-TLS
D. CHAP

Answer: A

Explanation: PACs help EAP-FAST perform faster secure re-authentication.

17. Which protocol does the Authenticator use to communicate with the Authentication Server?

Options:

A. RADIUS
B. EAP
C. TACACS+
D. TEAP

Answer: A

Explanation: RADIUS is commonly used between the authenticator and authentication server.

18. What is the role of the Supplicant in the IEEE 802.1X framework?

Options:

A. Provides certificate revocation lists
B. Acts as a RADIUS proxy
C. Sends network access requests on behalf of the endpoint
D. Controls switch ports

Answer: C

Explanation: The supplicant is the client software requesting access.

19. Why is NAT typically not required with site-to-site VPNs?

Options:

A. NAT is replaced by DNS
B. All traffic uses public IPs
C. Private IP addresses are used directly between networks
D. IPs are dynamically assigned

Answer: C

Explanation: Site-to-site VPNs securely transport private network traffic.

20. Which SD-WAN aspect focuses on ensuring performance for critical applications?

Options:

A. Transport Independence
B. Application-Aware Routing
C. Secure Cloud Connectivity
D. SD-WAN Validator

Answer: B

Explanation: Application-aware routing selects the best path based on performance.

21. What is a key benefit of a fully meshed VPN topology?

Options:

A. Simplified configuration
B. Optimal direct paths and any-to-any communication
C. Cost-effective for small networks
D. Requires fewer tunnels

Answer: B

Explanation: Direct connectivity improves performance and reduces latency.

22. What role does a VPN gateway play in site-to-site VPN operations?

Options:

A. Hosts web applications
B. Monitors performance
C. Encapsulates traffic for secure transport
D. Replaces DHCP

Answer: C

Explanation: VPN gateways encrypt and tunnel traffic securely.

23. What does the WAN Edge router do in Cisco Catalyst SD-WAN?

Options:

A. Provides secure data-plane connectivity and routing
B. Authenticates certificates only
C. Routes internet traffic only
D. Provides the graphical interface

Answer: A

Explanation: WAN Edge devices securely transport traffic across the SD-WAN fabric.

24. What does the word "Private" in VPN signify?

Options:

A. Complete anonymity
B. Uses private cryptographic keys
C. Connects private websites
D. Extends the private address space of an organization

Answer: D

Explanation: VPNs securely extend a private corporate network over public infrastructure.

25. Which secure protocol replaces Telnet for CLI access?

Options:

A. SNMPv2
B. TLS
C. HTTPS
D. SSH

Answer: D

Explanation: SSH encrypts administrative sessions and credentials.

26. What is the role of Control Plane Policing (CoPP)?

Options:

A. Encrypts packets
B. Filters traffic to the data plane
C. Filters and rate-limits traffic to the control plane
D. Handles route summarization

Answer: C

Explanation: CoPP protects network devices from control-plane attacks.

27. What do infrastructure ACLs protect?

Options:

A. Part of infrastructure such as a mesh of routers
B. Control plane access only
C. VLAN routing
D. Application firewalls

Answer: A

Explanation: Infrastructure ACLs safeguard critical networking infrastructure.

28. What is a benefit of account lockout policies?

Options:

A. Prevents brute-force attacks
B. Allows unlimited login attempts
C. Eliminates MFA
D. Improves internet speed

Answer: A

Explanation: Lockouts stop attackers from repeatedly guessing passwords.

29. What is the goal of device hardening?

Options:

A. Improve aesthetics
B. Reduce the attack surface of network devices
C. Allow open management access
D. Avoid firmware updates

Answer: B

Explanation: Hardening removes vulnerabilities and strengthens device security.

30. What is the first step in implementing a control plane security policy?

Options:

A. Define the security policy
B. Apply filtering rules
C. Deploy to branch routers
D. Configure NAT

Answer: A

Explanation: A security policy must be defined before implementing controls.


Related Posts on Networklearner

Networklearner: 22 Network Security Interview Questions & Answers (TLS, Cloud, Kubernetes, AI & Quantum Security)

Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)