October 20, 2025
Tech Quizzes

Security-focused tech questions. Answers are at the end

Questions

  1. What is MFA and why is it considered essential for modern authentication?
  2. Explain the difference between TLS and SSL. Why should you use TLS v1.2+?
  3. What is zero trust security, and what are its core principles?
  4. How does full-disk encryption differ from encrypting data in transit, and where should each be applied?
  5. What is a VPN, and how does it differ from a secure TLS/HTTPS connection for remote access?
  6. Why are password managers recommended, and what features should you look for when choosing one?
  7. What are common web application security risks mapped in OWASP Top 10, and why are they important?
  8. What is the role of software bill of materials (SBOM) in security, and how does it help manage supply chain risk?

Answers

  1. MFA (multi-factor authentication) is a method that requires more than one form of verification to prove identity (e.g., something you know like a password, something you have like a token/phone, and something you are like a biometric). It is essential because it dramatically reduces the risk of credential theft being enough to gain access, protecting against password reuse, phishing, and brute-force attacks.
  2. SSL (Secure Sockets Layer) is an older protocol that has been deprecated due to security flaws. TLS (Transport Layer Security) is its successor and provides stronger cryptographic algorithms and better security guarantees. Use TLS 1.2 or 1.3 (the latest) because they offer improved protections against eavesdropping, tampering, and downgrade attacks. Do not enable legacy SSL versions.
  3. Zero trust is a security model that assumes no implicit trust anywhere, whether inside or outside the network. Core principles: verify explicitly (continuous risk-based authentication and authorization), least privilege (minimum access needed), assume breach (limit lateral movement), and inspect and log (continuously monitor and validate). It uses strong identity, device posture checks, micro-segmentation, and continuous authorization.
  4. Full-disk encryption protects data at rest on a device (e.g., laptops, mobile devices) by encrypting the entire disk, so stolen hardware doesn’t reveal data. Encrypting data in transit protects data while moving over networks (e.g., TLS for web traffic, VPN tunnels). Both are important: at-rest encryption protects stored data if the device is lost/stolen; in-transit encryption protects data during communication from eavesdropping and tampering. Use both as appropriate.
  5. A VPN creates an encrypted tunnel between a user’s device and a VPN server, typically across the internet, to anonymize or protect traffic for remote access or site-to-site connections. However, a VPN does not inherently verify the security of the endpoints themselves. A secure TLS/HTTPS connection protects data in transit to a specific service without tunneling all traffic. In practice, use TLS/HTTPS for services; use VPNs when you need network-level access control and segmentation, but ensure zero trust principles apply to VPN usage as well.
  6. Password managers securely store and autofill unique, strong passwords for different services. Features to look for: strong encryption at rest (e.g., zero-knowledge model), multi-factor access, good security auditing (breach alerts, reused password checks), password generation, secure sharing, cross-platform support, and a reputable security track record. Avoid storage in plain text and prefer solutions with end-to-end encryption and local keyboard protection against malware.
  7. OWASP Top 10 highlights the most critical web application security risks (e.g., A1: Broken Access Control, A2: Cryptographic Failures, A3: Injection, A4: Insecure Design, A5: Security Misconfiguration, A6: vulnerable and outdated components, A7: Identification and Authentication failures, A8: Software and Data Integrity Failures, A9: Security Logging and Monitoring, A10: Server-Side Request Forgery). They are important because they represent widespread, high-risk vulnerabilities that attackers frequently exploit. Focusing on these helps prioritize secure coding, testing, and deployment practices.
  8. An SBOM (Software Bill of Materials) is a formal record listing all components, libraries, and dependencies in a software product. It helps security by providing visibility into what is included, enabling vulnerability management, license compliance, and supply chain risk assessment. With an SBOM, organizations can identify vulnerable or outdated components, track updates, and ensure trusted sourcing and integrity of dependencies.