Start off by answering the questions that you have the knowledge base to answer, then on a separate list write down the questions that you do not know the answers to, because you need to revise those areas before testing:
1. What type of documents should I review prior to creating policy documents related to the company's computer systems?
2. What type of frameworks are COBIT and ITIL and are they legally enforceable?
3. Why would a multinational company purchase broadband from two different companies at the same time?
4. What is the name of the boundary layer between the LAN and WAN and what is the name of the web server located there?
5. What would be the reason for the IT team to air gap a laptop computer?
6. When a company sets up full device encryption on a laptop, what hardware must be built into the motherboard to store the keys?
7. Why would the IT security team roll out a honeypot and what would the benefits be?
8. You are the network administrator and need to deal with a high volume of website traffic, as well as an exceptionally large volume of DDoS traffic. What device(s) would you use?
9. A company has two different locations and has been paying $10,000 a year for a leased line. How can they connect the two locations with a much cheaper solution?
10. How can a security analyst capture the network traffic going to one port on the switch?
11. What is the role of a VPN concentrator?
12. What type of trust model is being used if I install BitLocker on my laptop to provide full disk encryption?
13. Why would a company make standard operating procedures?
14. The company research and development department needs a laptop for one of its employees. How should the security administrator set this machine up so that it isn't on the normal network but isolated?
15. Your company leases business units and you have four different companies located on the same switch. How should you set up the switch so that they remain isolated from the other companies?
16. The application whitelist is a list of approved applications and the blacklist is a list of banned applications. If my new application called App1 does not run or install, is it because it is on the blacklist? What reason could there be for it not running or installing?
17. What common threat do printers and multi-functional devices both share as an attack vector against them?
18. A research and development department wants to test some applications that they have developed. However, some of these applications could be quite dangerous. What type of environment should the IT manager recommend for them to use but at the same time protect the company's existing network with?
19. Your company houses one of the largest data centers in Europe and they have just expanded a site in London. But since then, there have been fluctuations in temperature at only that site. What is causing this temperature change and how can this be remedied?
20. A professor has just automated most of his household gadgets using IoT technology. He told a colleague that it was very simple as all of the devices worked straight out of the box. What are two security measures that he may have overlooked?
21. What are the two categories of devices that refrigerators and defibrillators each come under?
22. How should a website developer set up the error information differently for the customer and the systems administrator?
23. What is fuzzing and what two entities would use it as part of their working practices?
24. What two secure coding techniques would a security administrator use to mask information and to embed information?
25. What is the best method to protect a SQL server against a SQL injection attack and what would a secondary method be?
26. What is the only technique that can be used to detect a zero-day attack?
27. What is one of the major benefits that a security administrator would gain by using an imaging package or machine template when rolling out new computers?
28. A security administrator has been told that one of his systems was categorized as an immutable system. Can you explain what method he will use for patch management?
29. A company wishes to move its bespoke applications to the cloud while still maintaining them. What model would they adopt?
30. How easy is it to customize a Software as a Service payroll package?
31. What are the main differences between Type I and Type II hypervisors?
32. If the US Army decided to move all of its systems to the cloud, what cloud model would they adopt?
33. What are the benefits that an IT training company receives by using cloud-based images for their classroom environments?
34. A newly formed company is going through a settling-in phase. They keep rewriting policy documents and none of the staff are sure what the latest policy on email is. What can the company do to alleviate their concerns?
35. When a new application is being tested with real data, what phase of the software development life cycle are they using?
36. Explain the main differences between waterfall and agile development life cycle models.
37. What type of physical security control would be used to capture moving images and at the same time provide non-repudiation?
38. What can be used within a company that uses a WLAN to prevent wireless communication from being captured by anyone outside of the company?
39. When you arrive at the company each morning, you must sign for your office key and when your working day ends, you must sign the key back in. What process is the company using?
40. What can a network administrator do with the cabling throughout the company to prevent rodents chewing through the cables and at the same time make it more secure?
41. If your company is adopting virtualization for its network, what danger does VM escape pose?
42. What danger does VM sprawl pose to your network security?
43. What security benefit does a NAT provide?
44. What can be used to prevent DNS poisoning and what resource records does it produce?
45. Why would a network administrator adopt DHCP snooping?
46. What is the security benefit of using COYD over BYOD?
47. What protocol does wireless credit card payment utilize?
48. If I am using my personal cell phone as a BYOD device, what can I use to keep my business data separate from that of my family and friends?
49. If my network load balancer is set to affinity, how does it differ from normal load balancing operations?
50. What can I use to manage a high volume of web traffic if my load balancer is broken?