CCNA Logical Security Concepts Questions

30 questions · Logical Security Concepts topic · All types, answers revealed

1
MCQmedium

A company is implementing a new policy that requires users to authenticate using both a password and a one-time code sent to their mobile phone. What type of authentication factor is the one-time code?

A.Something you are
B.Something you know
C.Something you have
D.Somewhere you are
AnswerC

The one-time code is delivered to a device (the phone) that the user possesses, making it a 'something you have' factor.

Why this answer

Authentication factors are categorized as something you know (password), something you have (token or phone), and something you are (biometrics). A one-time code sent to a mobile phone is considered 'something you have' because access to the phone is required. This question tests the classification of multi-factor authentication components.

2
MCQmedium

A technician is configuring a small office network and wants to ensure that guest users can access the internet but cannot connect to internal company resources like file servers or printers. Which logical security method should be implemented?

A.Enable MAC address filtering on the wireless access point.
B.Implement a guest VLAN that is isolated from the internal network.
C.Require a complex password for the guest Wi-Fi network.
D.Disable the SSID broadcast for the guest network.
AnswerB

A guest VLAN creates a separate logical network segment, allowing internet access while blocking access to internal resources via routing rules.

Why this answer

Network segmentation, often achieved through VLANs, separates network traffic into distinct broadcast domains. A guest VLAN can be configured with access only to the internet, while internal resources remain on a separate VLAN with restricted access. This question tests the understanding of network segmentation as a logical security control.

3
MCQhard

A user reports that they can no longer access the internet after installing a new software application. The technician suspects the application modified system settings. Which security feature could have prevented this?

A.Windows Defender Firewall
B.User Account Control (UAC)
C.BitLocker Drive Encryption
D.Windows Defender Antivirus
AnswerB

UAC prompts for administrator approval before system changes, which could have blocked the application from modifying settings.

Why this answer

User Account Control (UAC) prompts for permission before allowing changes that affect system settings. If the user had denied the UAC prompt, the application would not have been able to modify network settings.

4
MCQhard

During a routine security scan, a technician finds that a user's workstation has an open port 3389 that is accessible from the internet. The user denies enabling Remote Desktop. What is the most likely security implication and immediate action?

A.The port is likely used by a legitimate application; no action is needed.
B.Disable the Remote Desktop service and block port 3389 at the firewall immediately.
C.Change the RDP listening port to a non-standard port to hide it.
D.Enable Network Level Authentication (NLA) on the workstation.
AnswerB

Disabling the service and blocking the port at the firewall are the correct immediate steps to eliminate the exposure, followed by an investigation into how it was enabled.

Why this answer

Port 3389 is used by Remote Desktop Protocol (RDP). An open RDP port exposed to the internet is a major security risk, often exploited by attackers for brute-force attacks or ransomware deployment. The immediate action should be to block the port at the firewall and investigate how it was opened.

This question tests the ability to identify high-risk exposure and prioritize remediation.

5
MCQeasy

A user reports that their workstation is running slowly and they see a pop-up claiming their files are encrypted and a ransom must be paid. They cannot open any documents. What type of malware is most likely responsible?

A.Spyware
B.Ransomware
C.Trojan horse
D.Rootkit
AnswerB

Ransomware encrypts files and displays a ransom demand, which perfectly matches the symptoms described.

Why this answer

Ransomware encrypts files and demands payment for decryption. This scenario describes classic ransomware behavior, where the user is locked out of their data and a ransom note is displayed.

6
MCQeasy

A small business wants to ensure that only authorized personnel can access the server room. The budget is limited, and they need a simple, cost-effective solution. Which logical security control should they implement first?

A.Install a biometric fingerprint scanner on the door.
B.Require a smart card or key fob to unlock the door.
C.Implement a strong password policy for all user accounts.
D.Hire a security guard to check IDs at the entrance.
AnswerB

Smart cards or key fobs are relatively inexpensive, easy to manage, and provide a logical access control mechanism that can be quickly revoked if lost.

Why this answer

Logical security controls restrict access to digital resources. For physical access to a server room, a smart card or key fob system provides a good balance of cost and security by requiring something the user possesses. This question tests the understanding of logical versus physical controls and the principle of least cost for basic access control.

7
MCQmedium

During a security audit, you find that a user's workstation has a USB device that automatically logs in to a cloud storage account when inserted. What security best practice is being violated?

A.Password complexity requirements
B.Account lockout policies
C.Disabling auto-run
D.Enforcing screen locks
AnswerC

Disabling auto-run prevents devices from automatically executing code, which stops this type of automatic login.

Why this answer

USB auto-run devices can bypass authentication and pose a security risk. Disabling auto-run prevents unauthorized access and malware from executing automatically, which is a key security practice.

8
MCQmedium

A technician is setting up a new wireless network for a small office. They want to ensure that only company-issued devices can connect, and that data transmitted over the air is encrypted. Which combination of settings should they use?

A.WPA2 with TKIP encryption and SSID broadcast disabled.
B.WPA3 with AES encryption and MAC address filtering.
C.WEP with 128-bit key and a strong password.
D.Open network with a captive portal requiring employee login.
AnswerB

WPA3 with AES provides strong encryption, and MAC filtering restricts access to approved devices.

Why this answer

WPA2 or WPA3 with AES encryption provides strong wireless security. MAC address filtering can be added as an extra layer to restrict which devices can associate. This combination meets both requirements of encryption and device restriction.

9
MCQmedium

A company requires that all sensitive data be encrypted when stored on laptops. Which technology should be implemented to ensure data is protected even if a laptop is stolen?

A.File-level encryption using EFS
B.BitLocker Drive Encryption
C.TPM chip only
D.Secure Boot
AnswerB

BitLocker provides full disk encryption, protecting all data on the drive, which is ideal for stolen laptops.

Why this answer

Full disk encryption (FDE) encrypts the entire drive, making data unreadable without the decryption key. This protects data in case of theft, as the drive cannot be accessed without proper authentication.

10
MCQhard

A company's security policy mandates that all remote access connections must be authenticated using two different factors. A technician is configuring VPN access for teleworkers. Which combination meets this requirement?

A.Username and password only.
B.Smart card and PIN.
C.Biometric fingerprint and a PIN.
D.Two different passwords.
AnswerB

Smart card is something you have, PIN is something you know; two different factors.

Why this answer

Multifactor authentication requires two or more factors from different categories: something you know (password), something you have (smart card, token), and something you are (biometric). A password plus a one-time code from a hardware token uses two distinct factors, satisfying the policy.

11
MCQhard

An organization wants to ensure that even if a laptop is stolen, the data on the hard drive cannot be read. The laptop runs Windows 10 Pro and is used by employees who travel frequently. Which security feature should be enabled?

A.Enable BitLocker Drive Encryption on the system drive.
B.Set a strong BIOS/UEFI password.
C.Configure a screensaver password with a short timeout.
D.Use EFS to encrypt individual files and folders.
AnswerA

BitLocker encrypts the entire drive, ensuring that if the laptop is stolen, the data cannot be accessed without the recovery key or TPM authentication.

Why this answer

Full disk encryption (FDE) protects all data on the drive by encrypting it, making it unreadable without the decryption key. BitLocker is the native FDE solution in Windows 10 Pro. This question tests the understanding that FDE is the appropriate countermeasure for data theft from stolen devices, as opposed to file-level encryption or access controls.

12
MCQmedium

A technician is configuring a new firewall for a small office. They need to allow remote employees to securely access the internal network. Which technology should be enabled on the firewall?

A.Port forwarding
B.VPN passthrough
C.VPN server
D.DMZ
AnswerC

A VPN server on the firewall enables remote users to establish encrypted connections to the internal network.

Why this answer

A VPN creates an encrypted tunnel between a remote user and the internal network, ensuring secure access. This is the standard method for remote employees to connect safely.

13
MCQeasy

A user reports that they can no longer access their encrypted files after a recent password change. The files were encrypted using EFS on a Windows 10 Pro workstation. What is the most likely cause of this issue?

A.The user changed the password via Ctrl+Alt+Del, which invalidates the EFS certificate.
B.The user did not back up their EFS certificate before changing the password.
C.The user's account was removed from the local Administrators group during the password change.
D.The hard drive has a hardware failure that corrupted the encrypted files.
AnswerB

EFS uses a certificate tied to the user's password. Without a backup, changing the password can render the encryption key inaccessible, requiring a recovery agent or certificate import.

Why this answer

EFS (Encrypting File System) ties file encryption to the user's password. When the password is changed without the proper certificate backup, the encryption key may become inaccessible. This question tests the understanding that EFS keys are protected by the user's password and require a backup certificate or recovery agent to avoid data loss after password changes.

14
MCQmedium

During a security audit, an administrator discovers that several employees have written their domain passwords on sticky notes attached to their monitors. The company policy requires strong passwords and prohibits sharing credentials. Which security principle is being violated?

A.Principle of least privilege
B.Account lockout policy
C.Password confidentiality
AnswerC

Password confidentiality requires that passwords be known only to the authorized user. Writing them on sticky notes compromises this by making them visible to others.

Why this answer

Password confidentiality is a core security principle; passwords must be kept secret and not be easily observable. Writing passwords on sticky notes directly violates this by making them visible to anyone nearby. This question tests the understanding of password security best practices and the concept of confidentiality.

15
MCQmedium

A user calls the help desk saying they cannot access a shared folder on the network. They can access other shares on the same server. The technician verifies the user's account is active and the folder exists. What should the technician check next to resolve the access issue?

A.Check if the user's password has expired.
B.Verify the user has been added to the local Administrators group.
C.Review the NTFS permissions on the shared folder.
D.Reboot the file server to clear any cached permissions.
AnswerC

NTFS permissions can deny access to specific users even if share permissions allow it, explaining the isolated issue.

Why this answer

NTFS permissions control access at the folder level on the server. Even if share permissions allow access, restrictive NTFS permissions can block a specific user. The technician should check the effective permissions on that folder for the user.

16
MCQmedium

A user receives an email that appears to be from their bank, asking them to click a link and verify their account information due to 'suspicious activity.' The email address looks legitimate, but the link points to a different domain. What type of attack is this?

A.Spear phishing
B.Phishing
C.Whaling
D.Vishing
AnswerB

Phishing is a broad term for fraudulent emails attempting to obtain sensitive data by posing as a legitimate entity, matching the scenario exactly.

Why this answer

Phishing is a social engineering attack where attackers impersonate a trusted entity to trick victims into revealing sensitive information. The suspicious link is a key indicator. This question tests the ability to recognize phishing attempts based on common characteristics like urgent language and deceptive links.

17
MCQmedium

A technician is configuring a new employee's laptop and needs to ensure that only approved applications can run. The company wants to prevent users from installing unauthorized software. Which security control should be implemented?

A.Enable Windows Defender real-time protection.
B.Set the user account as a Standard User.
C.Configure an application whitelist using AppLocker.
D.Disable the Windows Store.
AnswerC

AppLocker enforces a whitelist, allowing only specified applications to run, directly meeting the requirement.

Why this answer

Application whitelisting allows only pre-approved programs to execute, blocking all others by default. This is the most effective way to prevent unauthorized software installation. Software Restriction Policies or AppLocker in Windows can enforce this.

18
MCQhard

A company's security policy requires that user accounts be disabled after 90 days of inactivity. An administrator needs to implement this automatically. Which feature should they configure?

A.Password expiration policy
B.Account lockout threshold
C.User account expiration
D.Group Policy refresh interval
AnswerC

User account expiration can be set to disable accounts after a specific date or period of inactivity, meeting the requirement.

Why this answer

Account expiration policies can be set to automatically disable accounts after a specified period of inactivity. This enforces the security policy without manual intervention.

19
MCQmedium

During a security audit, it is discovered that a former employee's user account is still active and has been used to log in remotely three times in the past month. Which logical security principle has been violated?

A.Separation of duties
B.Least privilege
C.Defense in depth
D.Mandatory access control
AnswerB

The former employee no longer needs any access, so the account violates least privilege by still having permissions.

Why this answer

The principle of least privilege requires that users have only the access necessary for their job. An inactive account with remote access violates this and also the principle of account lifecycle management. The immediate issue is that the account should have been disabled upon termination.

20
MCQeasy

A small business wants to ensure that only authorized employees can access the file server from their laptops. Each laptop has a unique MAC address. Which security measure should be implemented on the network switch?

A.Disable SSID broadcast
B.Enable WPA3 encryption
C.Configure MAC filtering
D.Change the default admin password
AnswerC

MAC filtering allows only devices with approved MAC addresses to access the network, meeting the requirement.

Why this answer

MAC address filtering restricts network access to devices with approved MAC addresses, providing a basic layer of security. This is a simple way to allow only specific laptops to connect to the file server.

21
MCQeasy

An employee receives an email that appears to be from the CEO, asking them to urgently wire funds to a new vendor. The email address looks similar to the CEO's but has a slight typo. What type of social engineering attack is this?

A.Phishing
B.Whaling
C.Spear phishing
D.Vishing
AnswerB

Whaling is a targeted phishing attack against high-profile individuals like the CEO, often involving impersonation.

Why this answer

This is a classic whaling attack, a form of phishing that targets high-level executives or impersonates them to trick employees into performing actions like wire transfers. The spoofed email address and urgent request are typical indicators. Whaling is a specific type of social engineering focused on senior staff.

22
MCQeasy

A user complains that their computer is running very slowly, and they see frequent pop-up ads even when no browser is open. They also notice a new toolbar in their browser that they did not install. What is the most likely security issue?

A.A rootkit has hidden itself in the system's firmware.
B.A worm is spreading through the network, consuming bandwidth.
C.The system is infected with adware that displays unsolicited advertisements.
D.A Trojan horse has stolen the user's banking credentials.
AnswerC

Adware is specifically designed to generate revenue through unwanted ads and often bundles toolbars, matching the user's description exactly.

Why this answer

Adware is a type of malware that displays unwanted advertisements and often installs toolbars or other software without user consent. It can significantly degrade system performance. This question tests the ability to identify adware based on symptoms like pop-ups and unauthorized toolbars.

23
MCQeasy

A small business wants to ensure that only authorized employees can access the file server from their laptops. Each laptop has a unique hardware ID. Which logical security method should be implemented to enforce this restriction?

A.Require a complex password for the file server share.
B.Enable MAC address filtering on the network switch or router.
C.Install a host-based firewall on each laptop.
D.Disable the guest account on the file server.
AnswerB

MAC filtering ties access to the specific hardware addresses of the laptops, meeting the requirement.

Why this answer

MAC address filtering restricts network access based on the unique hardware identifier of a device's network interface. This is a simple logical security control that can be applied at the network level to allow only known laptops. It is not as strong as certificate-based authentication but directly addresses the requirement.

24
MCQeasy

A company policy requires that all sensitive data stored on laptops must be unreadable if the device is lost or stolen. A technician is tasked with implementing a solution that works transparently for users. Which approach should they take?

A.Enable BitLocker drive encryption on each laptop.
B.Set a BIOS password on each laptop.
C.Implement a folder-level password policy using EFS.
D.Configure a screensaver password with a 1-minute timeout.
AnswerA

BitLocker provides full disk encryption that protects data at rest and works transparently after unlock.

Why this answer

Full disk encryption (FDE) encrypts the entire drive, making data unreadable without the decryption key. It operates transparently after the user authenticates at boot, meeting the policy requirement. BitLocker is a common implementation for Windows systems.

25
MCQmedium

A user receives an email from what appears to be their bank, asking them to click a link and verify their account due to suspicious activity. The email contains several spelling errors and the link points to an unfamiliar domain. What type of attack is this?

A.Spear phishing
B.Phishing
C.Whaling
D.Vishing
AnswerB

Phishing involves mass emails that appear from trusted sources to steal credentials, matching this scenario.

Why this answer

Phishing attacks use deceptive emails to trick users into revealing sensitive information. The suspicious link and errors indicate a phishing attempt, not a legitimate bank communication.

26
MCQhard

A server administrator notices that an unauthorized user has been accessing sensitive data by exploiting a vulnerability in a web application. The application was recently updated. What is the most likely cause of this security incident?

A.Weak password policy
B.Zero-day vulnerability
C.Misconfigured firewall
D.Social engineering attack
AnswerB

A zero-day vulnerability is an unpatched flaw that attackers can exploit, which fits the scenario of a recent update not addressing it.

Why this answer

A zero-day vulnerability is a previously unknown flaw that attackers exploit before a patch is available. Even with recent updates, such vulnerabilities can exist, leading to unauthorized access.

27
MCQmedium

A user calls the help desk because they cannot access a shared folder on the network. The user's account is part of the 'Sales' group, which has 'Read' permission, but the user needs to modify files. What is the most efficient way to grant the required access?

A.Assign 'Full Control' to the user's account directly
B.Add the user to a group that has 'Modify' permission
C.Change the folder's sharing settings to 'Everyone' with 'Read/Write'
D.Remove the user from the Sales group and add them to a new group with 'Read' permission
AnswerB

Modify permission allows reading, writing, and deleting files, which meets the user's need without granting unnecessary rights.

Why this answer

Adding the user to a group with 'Modify' permissions is efficient because it avoids individual permission assignments and follows the principle of group-based access control. This ensures the user can edit files without overcomplicating permissions.

28
MCQhard

A technician discovers that a user has been sharing their login credentials with coworkers to allow them to access a shared drive. The company's security policy prohibits password sharing. What is the most effective way to prevent this behavior while still allowing necessary access?

A.Disable the user's account and create a generic shared account for the drive.
B.Implement a Group Policy that forces password changes every 30 days.
C.Configure the shared drive permissions using security groups and add the coworkers to the appropriate group.
D.Send a company-wide email reminding users not to share passwords.
AnswerC

This grants necessary access without sharing passwords, enforcing least privilege and accountability.

Why this answer

The root cause is that the shared drive access is tied to individual accounts, encouraging sharing. Implementing group-based permissions with proper access control lists (ACLs) allows the company to grant access to a group rather than an individual, eliminating the need to share passwords. Additionally, enforcing a policy of non-repudiation and using audit logs can deter sharing.

29
MCQeasy

A user reports that their workstation is running slowly and they see frequent pop-up ads even when no browser is open. They also notice a new toolbar in their system tray that they did not install. What is the most likely security issue?

A.A rootkit has hidden itself in the kernel.
B.The system has adware installed.
C.A ransomware encryption process has started.
D.The user's account has been phished and credentials stolen.
AnswerB

Adware commonly causes pop-up ads, slow performance, and unwanted toolbars, matching the symptoms exactly.

Why this answer

This scenario describes classic symptoms of adware or potentially unwanted program (PUP) infection. Adware displays unsolicited advertisements and often installs toolbars; it degrades performance and can be a vector for more serious malware. The correct answer identifies the issue as adware.

30
MCQhard

A company's security policy requires that all laptops have a TPM chip enabled and be configured to require a PIN at startup before the operating system loads. Which security feature is being configured?

A.Secure Boot
B.BitLocker with TPM and PIN protector
C.Windows Defender System Guard
D.Group Policy password complexity enforcement
AnswerB

BitLocker can use a TPM plus a PIN for pre-boot authentication, requiring both hardware validation and user input to unlock the drive.

Why this answer

BitLocker with a PIN enhances pre-boot authentication by requiring both a TPM (for integrity verification) and a user-entered PIN before the OS loads. This prevents unauthorized access even if the TPM is present. This question tests the understanding of BitLocker's pre-boot authentication options and the role of the TPM.

Ready to test yourself?

Try a timed practice session using only Logical Security Concepts questions.