1. Data exfiltration is a threat to data transfer.

✅ True
❌ False

Explanation:
Data exfiltration = unauthorized transfer of data out of a system.

---

2. Unauthorized transactions used the same passcode repeatedly → this is a:

❌ Brute force
❌ Eavesdropping
❌ MITM
✅ Replay attack

Explanation:
Replay attacks reuse previously captured valid credentials (e.g., OTPs, passcodes).

---

3. Factors to consider when choosing a VPN:

❌ Only security
✅ Cost + security features + server locations + privacy policy
❌ Only server locations
❌ Only cost

---

4. Scenario most likely involving an APT attack:

❌ Website defaced
✅ Major corporation experiencing long-term suspicious activities
❌ Ransomware infection
❌ Single phishing email

---

5. Updating IoT firmware guarantees full protection.

❌ True
✅ False

Updating helps, but IoT devices remain vulnerable due to weak security, outdated protocols, or misconfigurations.

---

6. Network segmentation only improves performance, not security.

❌ True
✅ False

Segmentation improves security by limiting attacker lateral movement.

---

7. IDPS component that recognizes threat patterns:

❌ Database
❌ User Interface
✅ Analyzers
❌ Sensors

Sensors collect data; analyzers identify threats.

---

8. Why endpoint security is important:

❌ Network uptime
❌ Physical theft prevention
❌ Insider threat defense
✅ Protect sensitive data from unauthorized access/breaches

---

9. Adding more rules + allowing all outbound traffic improves firewall performance.

❌ True
✅ False

Too many rules = confusion & performance issues; allowing all outbound traffic = unsafe.

---

10. BYOD risks (Select all that apply):

❌ Enhanced productivity (benefit, not risk)
✅ Data security & privacy concerns
❌ Cost savings (benefit, not risk)
✅ Compatibility issues across devices

---

🧾 SUMMARY TABLE

---