1. What is the primary purpose of an effective security policy within an organization? A) To ensure compliance with legal requirements B) To guide the implementation of security controls C) To provide a framework for risk assessment D) To define the roles and responsibilities of employees Answer: B) To guide the implementation of security controls Rationale: An effective security policy serves as a guide for the implementation and management of security controls, ensuring that they align with the organization's objectives and risk management strategy. 2. Which of the following hacker activities is considered a passive attack? A) SQL Injection B) Eavesdropping C) Denial of Service (DoS) D) Cross-site scripting (XSS) Answer: B) Eavesdropping Rationale: Eavesdropping is a passive attack where the hacker listens to the communication channel to gather information without altering the system or its data. 3. In the context of cybersecurity, what does 'tailgating' refer to? A) Following an authorized person into a restricted area without proper authentication B) Exploiting vulnerabilities in the trailing code of a software program C) Monitoring the tail end of a network to capture outgoing data D) Attaching malware to the end of a legitimate file download Answer: A) Following an authorized person into a restricted area without proper authentication Rationale: Tailgating is a physical security breach where an unauthorized individual follows an authorized person to gain entry into a secured area. 4. What type of security control is a firewall considered? A) Preventative B) Detective C) Corrective