Certified Cyber Security Professional - Associate/Practitioner Exam, Exams of Technology

An entry-to-mid-level cybersecurity certification testing core competencies in network security, access control, threat detection, encryption, and security policies. Often used as a foundational credential for security analysts and IT professionals transitioning into cybersecurity roles.

Typology: Exams

2024/2025

Available from 07/26/2025

BookVenture
BookVenture 🇮🇳

3.2

(20)

26K documents

1 / 73

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Certified Cyber Security Professional - Associate/Practitioner
Exam
Question 1. Which principle ensures that sensitive data is accessible only to authorized individuals?
A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
Answer: A
Explanation: Confidentiality guarantees that information is only accessible to those with proper
authorization, protecting sensitive data from unauthorized access.
Question 2. In the context of the CIA Triad, which principle is primarily concerned with ensuring data
remains accurate and unaltered?
A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
Answer: B
Explanation: Integrity involves maintaining the accuracy and consistency of data over its lifecycle,
preventing unauthorized modification.
Question 3. Which of the following best describes the concept of Authentication in cybersecurity?
A) Verifying the identity of a user or system
B) Granting access permissions to resources
C) Tracking user activities for auditing
D) Ensuring data is available when needed
Answer: A
Explanation: Authentication verifies the identity of a user or system, typically through credentials like
passwords, biometrics, or tokens.
Question 4. What does AAA stand for in cybersecurity?
A) Authentication, Authorization, and Accounting
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49

Partial preview of the text

Download Certified Cyber Security Professional - Associate/Practitioner Exam and more Exams Technology in PDF only on Docsity!

Exam

Question 1. Which principle ensures that sensitive data is accessible only to authorized individuals? A) Confidentiality B) Integrity C) Availability D) Non-repudiation Answer: A Explanation: Confidentiality guarantees that information is only accessible to those with proper authorization, protecting sensitive data from unauthorized access. Question 2. In the context of the CIA Triad, which principle is primarily concerned with ensuring data remains accurate and unaltered? A) Confidentiality B) Integrity C) Availability D) Non-repudiation Answer: B Explanation: Integrity involves maintaining the accuracy and consistency of data over its lifecycle, preventing unauthorized modification. Question 3. Which of the following best describes the concept of Authentication in cybersecurity? A) Verifying the identity of a user or system B) Granting access permissions to resources C) Tracking user activities for auditing D) Ensuring data is available when needed Answer: A Explanation: Authentication verifies the identity of a user or system, typically through credentials like passwords, biometrics, or tokens. Question 4. What does AAA stand for in cybersecurity? A) Authentication, Authorization, and Accounting

Exam

B) Access, Audit, and Assurance C) Alert, Analyze, Act D) Availability, Accessibility, Assurance Answer: A Explanation: AAA refers to Authentication (verifying identity), Authorization (granting access), and Accounting (tracking activities). Question 5. Why is Non-Repudiation important in security? A) To prevent users from denying their actions B) To ensure only authorized users access data C) To maintain system availability D) To encrypt sensitive information Answer: A Explanation: Non-repudiation ensures that parties cannot deny their involvement in a transaction or action, often through digital signatures. Question 6. Which security concept involves layering multiple defensive measures to protect information? A) Defense in Depth B) Single Point of Failure C) Security Segmentation D) Risk Mitigation Answer: A Explanation: Defense in Depth involves deploying multiple layers of security controls to reduce the risk of a breach. Question 7. Which term describes a weakness that can be exploited for malicious purposes? A) Vulnerability B) Threat C) Risk

Exam

Explanation: Professional integrity involves maintaining honesty, fairness, and ethical behavior in cybersecurity practices. Question 11. Which activity is considered ethical hacking? A) Penetration testing authorized by the owner B) Unauthorized access to systems to find vulnerabilities C) Disabling security controls without permission D) Creating malware for testing purposes without consent Answer: A Explanation: Ethical hacking involves authorized testing, like penetration testing, to identify security weaknesses legitimately. Question 12. Which type of malware is designed to encrypt user data and demand payment for its release? A) Ransomware B) Virus C) Trojan D) Spyware Answer: A Explanation: Ransomware encrypts victims' data and demands ransom in exchange for decryption keys. Question 13. Phishing is an example of which type of attack? A) Social engineering B) Malware attack C) Network DoS D) Man-in-the-middle Answer: A Explanation: Phishing manipulates individuals into revealing sensitive information, making it a social engineering attack.

Exam

Question 14. Which attack involves overwhelming a network or service with excessive traffic to cause disruption? A) DoS attack B) Man-in-the-middle attack C) Phishing D) SQL Injection Answer: A Explanation: DoS (Denial of Service) attacks aim to make a service unavailable by flooding it with traffic. Question 15. A distributed version of a DoS attack is called a: A) DDoS attack B) MITM attack C) Phishing attack D) Brute force attack Answer: A Explanation: DDoS involves multiple compromised systems flooding a target, amplifying the attack's impact. Question 16. Which attack involves intercepting communication between two parties without their knowledge? A) Man-in-the-middle (MITM) B) Phishing C) Replay attack D) Brute force Answer: A Explanation: MITM attacks intercept and potentially alter communication between two parties, often without detection. Question 17. Which password attack involves trying every possible combination of characters until the correct one is found?

Exam

C) Malware infecting a system D) Phishing campaigns targeting employees Answer: A Explanation: Insider threats stem from authorized users who intentionally or unintentionally misuse their access. Question 21. In the TCP/IP model, which layer is responsible for routing packets across networks? A) Network Layer (Layer 3) B) Data Link Layer (Layer 2) C) Application Layer (Layer 7) D) Transport Layer (Layer 4) Answer: A Explanation: The Network Layer handles routing and forwarding of packets between different networks. Question 22. Which protocol is used primarily for secure web browsing? A) HTTPS B) HTTP C) FTP D) SMTP Answer: A Explanation: HTTPS uses SSL/TLS to encrypt web traffic, ensuring secure communication. Question 23. What is the primary purpose of DHCP in a network? A) Assign IP addresses automatically B) Resolve domain names to IPs C) Encrypt network traffic D) Filter network traffic based on rules Answer: A Explanation: DHCP automates the assignment of IP addresses to devices on a network.

Exam

Question 24. Which address type is used for private networks? A) Private IP addresses (e.g., 192.168.x.x) B) Public IP addresses C) Broadcast addresses D) MAC addresses Answer: A Explanation: Private IP addresses are designated for internal network use and are not routable on the internet. Question 25. What is the role of a switch in a network? A) Forward data between devices within the same network based on MAC addresses B) Connect different networks and route packets C) Filter traffic to prevent unauthorized access D) Encrypt data traveling over the network Answer: A Explanation: Switches operate at Layer 2 to forward frames based on MAC addresses within a local network. Question 26. Which device is primarily responsible for network segmentation and isolating traffic? A) VLAN switch B) Router C) Firewall D) Proxy server Answer: A Explanation: VLAN switches segment networks logically, isolating traffic for security and management. Question 27. What is the main function of a firewall? A) Control incoming and outgoing network traffic based on rules

Exam

Explanation: File permissions specify which users can read, write, or execute files and directories. Question 31. Which command-line utility is commonly used in Linux to view active user sessions? A) whoami B) ps C) who D) passwd Answer: C Explanation: The 'who' command displays information about users currently logged into the system. Question 32. What is the primary purpose of host-based firewalls? A) Protect individual endpoints by controlling inbound and outbound traffic B) Filter traffic at the network perimeter C) Manage network address translation (NAT) D) Detect network intrusions Answer: A Explanation: Host-based firewalls are installed on individual devices to monitor and filter traffic specific to that endpoint. Question 33. Why is keeping systems patched and up-to-date important? A) To fix security vulnerabilities and improve system stability B) To increase system speed C) To reduce hardware costs D) To disable outdated features Answer: A Explanation: Patches fix known vulnerabilities, reducing the risk of exploitation by attackers. Question 34. Which type of malware disguises itself as legitimate software or files? A) Trojan

Exam

B) Worm C) Virus D) Ransomware Answer: A Explanation: Trojans appear as legitimate software but contain malicious payloads. Question 35. Which mobile device management (MDM) feature allows remote wiping of data? A) Remote wipe B) Encryption C) Device inventory D) Application whitelisting Answer: A Explanation: Remote wipe enables administrators to erase data from compromised or lost mobile devices. Question 36. Bring Your Own Device (BYOD) security considerations include: A) Ensuring devices are encrypted and have updated security software B) Disabling all device features C) Allowing unrestricted access without controls D) Preventing device registration on the network Answer: A Explanation: Proper BYOD security involves encryption, updates, and controls to protect organizational data on personal devices. Question 37. Which vulnerability is common in IoT devices? A) Default passwords and weak security configurations B) Excessive encryption C) Overuse of biometric authentication D) High hardware costs

Exam

Question 41. What is the purpose of user account provisioning? A) To create and assign access rights to new users B) To disable user accounts after inactivity C) To monitor user activities D) To reset passwords periodically Answer: A Explanation: Provisioning involves setting up user accounts with appropriate permissions when onboarding new users. Question 42. Which password policy best enhances security? A) Using complex passwords with a mix of letters, numbers, and symbols B) Using the same password for all accounts C) Changing passwords once every five years D) Using simple passwords like 'password' Answer: A Explanation: Complex, unique passwords reduce the risk of successful guessing or brute-force attacks. Question 43. What does SIEM stand for? A) Security Information and Event Management B) Systematic Intrusion and Event Monitoring C) Secure Internet and Email Management D) Security Integration and Encryption Module Answer: A Explanation: SIEM tools aggregate and analyze security logs and events for threat detection and compliance. Question 44. Which is an example of a security log? A) System event logs recording login attempts

Exam

B) User chat messages C) Application error messages only D) Network traffic data in real-time Answer: A Explanation: Security logs include records of login attempts, access, and other security-related activities. Question 45. What is the primary goal of incident response? A) To efficiently contain and remediate security incidents B) To prevent all security breaches C) To replace firewalls and antivirus software D) To monitor network traffic continuously Answer: A Explanation: Incident response aims to minimize damage, contain threats, and restore normal operations quickly. Question 46. Which phase in the incident response lifecycle involves identifying the incident? A) Identification B) Containment C) Eradication D) Recovery Answer: A Explanation: Identification involves detecting and confirming that a security incident has occurred. Question 47. Which backup type involves copying only data changed since the last full backup? A) Differential backup B) Incremental backup C) Full backup D) Snapshot Answer: B

Exam

Question 51. A security policy's main purpose is to: A) Define acceptable behavior and security practices B) Install security software automatically C) Detect intrusions in real-time D) Assign IP addresses dynamically Answer: A Explanation: Security policies set guidelines for appropriate actions and security standards within an organization. Question 52. Why is security awareness training important? A) It educates users about threats and safe practices B) It replaces technical security controls C) It automatically prevents malware infections D) It encrypts sensitive data Answer: A Explanation: Training helps users recognize threats and adhere to security best practices, reducing risky behaviors. Question 53. Which regulation focuses on protecting personal data and privacy? A) GDPR (General Data Protection Regulation) B) PCI DSS C) HIPAA D) SOX Answer: A Explanation: GDPR mandates data protection and privacy rights for individuals within the European Union. Question 54. Data classification involves: A) Categorizing data based on sensitivity and importance

Exam

B) Assigning IP addresses to devices C) Encrypting all data at rest D) Managing user passwords Answer: A Explanation: Data classification helps determine appropriate security controls based on data sensitivity. Question 55. Which cryptographic method uses the same key for encryption and decryption? A) Symmetric encryption B) Asymmetric encryption C) Hashing D) Digital signatures Answer: A Explanation: Symmetric encryption uses a single key for both processes, suitable for fast data encryption. Question 56. Which algorithm is a common cryptographic hash function? A) SHA- 256 B) RSA C) AES D) Diffie-Hellman Answer: A Explanation: SHA-256 is a widely used cryptographic hash function for integrity verification. Question 57. Digital signatures provide which security property? A) Authentication and data integrity B) Confidentiality C) Availability D) Non-repudiation only Answer: A

Exam

B) Cross-Site Scripting (XSS) C) Buffer Overflow D) Directory Traversal Answer: A Explanation: SQL Injection exploits input fields to execute malicious SQL commands on a database. Question 62. Cross-Site Scripting (XSS) attacks primarily target which component? A) Web applications B) Network hardware C) Operating systems D) Physical security controls Answer: A Explanation: XSS involves injecting malicious scripts into web pages viewed by other users. Question 63. Which security testing method involves simulating attacks to identify vulnerabilities? A) Penetration testing B) Vulnerability scanning C) Risk assessment D) Security audit Answer: A Explanation: Penetration testing actively attempts to exploit vulnerabilities to evaluate security posture. Question 64. The primary goal of vulnerability scanning is to: A) Identify known security weaknesses in systems B) Break into systems to test defenses C) Monitor network traffic D) Enforce password policies Answer: A

Exam

Explanation: Vulnerability scanning detects existing security flaws for remediation before exploitation. Question 65. Which of the following is an example of a technical security control for web applications? A) Web application firewall (WAF) B) Security awareness training C) Employee background checks D) Security policies Answer: A Explanation: WAFs monitor and filter HTTP traffic to protect web applications from attacks. Question 66. Which of the following best describes the purpose of secure coding practices? A) To minimize vulnerabilities during software development B) To guarantee software is bug-free C) To prevent hardware failures D) To improve user interface design Answer: A Explanation: Secure coding aims to prevent common vulnerabilities like injection flaws during development. Question 67. Which type of security testing involves running automated tools to find vulnerabilities? A) Vulnerability scanning B) Penetration testing C) Risk assessment D) Security audit Answer: A Explanation: Vulnerability scanners automatically identify known weaknesses in systems and applications. Question 68. What is a primary difference between vulnerability scanning and penetration testing?