1. Which security concept involves limiting user access to only the resources necessary for their role?

2. What is the purpose of a security policy?

3. Which type of encryption is used to secure data at rest?

4. What is the purpose of a security audit?

5. Which security framework is widely used for information security management?

6. What is the purpose of a security incident response plan?

7. Which type of attack involves exploiting human psychology?

8. What is the purpose of a security awareness training program?

9. Which security control is used to prevent unauthorized access to a network?

10. What is the purpose of a vulnerability management program?

11. Which type of attack involves intercepting communication between two parties?

12. What is the purpose of a security information and event management (SIEM) system?

13. Which security concept involves verifying the identity of users?

14. What is the purpose of a disaster recovery plan?

15. Which type of attack involves exploiting software vulnerabilities?

16. What is the purpose of a security baseline?

17. Which security control is used to detect and prevent intrusions?

18. What is the purpose of a security risk assessment?

19. Which type of attack involves flooding a network with traffic?

20. What is the purpose of a security patch?

21. What is the purpose of a security control framework?

22. Which security concept involves verifying the integrity of data?

23. What is the purpose of a security operations center (SOC)?

24. Which security control is designed to prevent tailgating?

25. What is the purpose of a security assessment?

26. Which security concept involves the principle of 'need to know'?

27. What is the purpose of a security information and event management (SIEM) system?

28. Which security control is designed to prevent phishing attacks?

29. What is the purpose of a security governance framework?

30. Which security concept involves maintaining accurate records?

31. What is the purpose of a security maturity model?

32. Which security control is designed to prevent SQL injection?

33. What is the purpose of a security architecture?

34. Which security concept involves maintaining system availability?

35. What is the purpose of a security metrics program?

36. Which security control is designed to prevent cross-site scripting (XSS)?

37. What is the purpose of a security certification?

38. Which security concept involves verifying user identities?

39. What is the purpose of a security operations manual?

40. Which security control is designed to prevent insider threats?

41. What is the purpose of a security risk register?

42. Which security concept involves protecting data from unauthorized disclosure?

43. What is the purpose of a security compliance program?

44. Which security control is designed to prevent DDoS attacks?

45. What is the purpose of a security awareness program?

46. Which security concept involves ensuring data accuracy?

47. What is the purpose of a security audit trail?

48. Which security control is designed to prevent malware infections?

49. What is the purpose of a security governance committee?

50. Which security concept involves preventing users from denying actions?

51. What is the purpose of a security risk assessment?

52. Which security control is designed to prevent brute force attacks?

53. What is the purpose of a security architecture review?

54. Which security concept involves maintaining system uptime?

55. What is the purpose of a security metrics dashboard?

56. Which security control is designed to prevent session hijacking?

57. What is the purpose of a security certification and accreditation process?

58. Which security concept involves dividing responsibilities?

59. What is the purpose of a security awareness campaign?

60. Which security control is designed to prevent data leakage?

61. What is the purpose of a security risk treatment plan?

62. Which security concept involves verifying system configurations?

63. What is the purpose of a security vulnerability assessment?

64. Which security control is designed to prevent zero-day exploits?

65. What is the purpose of a security policy exception process?

66. Which security concept involves protecting against multiple attack vectors?

67. What is the purpose of a security training program?

68. Which security control is designed to prevent man-in-the-middle attacks?

69. What is the purpose of a security governance framework?

70. Which security concept involves not trusting any entity by default?

71. What is the purpose of a security control assessment?

72. Which security concept involves verifying the origin of data?

73. What is the purpose of a security exception management process?

74. Which security control is designed to prevent CSRF attacks?

75. What is the purpose of a security awareness survey?

76. Which security concept involves protecting against physical threats?

77. What is the purpose of a security control framework mapping?

78. Which security control is designed to prevent LDAP injection?

79. What is the purpose of a security governance assessment?

80. Which security concept involves protecting against supply chain risks?

81. What is the purpose of a security control testing program?

82. Which security concept involves protecting data throughout its lifecycle?

83. What is the purpose of a security exception review board?

84. Which security control is designed to prevent XXE attacks?

85. What is the purpose of a security awareness newsletter?

86. Which security concept involves protecting against social engineering?

87. What is the purpose of a security control gap analysis?

88. Which security control is designed to prevent insecure deserialization?

89. What is the purpose of a security governance framework implementation?

90. Which security concept involves protecting against advanced persistent threats?