CodeHS Cybersecurity Level 1 Certification Ultimate Exam, Exams of Technology

The CodeHS Cybersecurity Level 1 Certification Ultimate Exam is a detailed certification preparation guide designed for beginners entering the cybersecurity field. It covers foundational cybersecurity principles, digital threats, malware types, phishing attacks, password security, network safety, ethical hacking basics, encryption, data privacy, and cyber defense strategies. Candidates develop practical understanding through scenario-based questions, risk analysis exercises, and security incident simulations that prepare them for introductory cybersecurity certifications and technology careers.

Typology: Exams

2025/2026

Available from 05/07/2026

nicky-jone
nicky-jone 🇮🇳

2.9

(43)

28K documents

1 / 50

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CodeHS Cybersecurity Level 1 Certification
Ultimate Exam
**Question 1.** Which component of the CIA Triad ensures that data cannot be read by unauthorized
users?
A) Integrity
B) Availability
C) Confidentiality
D) Authentication
Answer: C
Explanation: Confidentiality protects information from being disclosed to individuals who do not have
permission to view it.
**Question 2.** A hacker who discovers vulnerabilities and reports them to the vendor without
exploiting them for personal gain is best described as a:
A) Black hat
B) White hat
C) Gray hat
D) Script kiddie
Answer: B
Explanation: Whitehat hackers work ethically, disclosing flaws responsibly.
**Question 3.** Which of the following is a primary ethical concern when using copyrighted material in
a presentation?
A) Bandwidth usage
B) Fair Use limits
C) IP address masking
D) Hash collisions
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32

Partial preview of the text

Download CodeHS Cybersecurity Level 1 Certification Ultimate Exam and more Exams Technology in PDF only on Docsity!

Ultimate Exam

Question 1. Which component of the CIA Triad ensures that data cannot be read by unauthorized users? A) Integrity B) Availability C) Confidentiality D) Authentication Answer: C Explanation: Confidentiality protects information from being disclosed to individuals who do not have permission to view it. Question 2. A hacker who discovers vulnerabilities and reports them to the vendor without exploiting them for personal gain is best described as a: A) Black hat B) White hat C) Gray hat D) Script kiddie Answer: B Explanation: White‑hat hackers work ethically, disclosing flaws responsibly. Question 3. Which of the following is a primary ethical concern when using copyrighted material in a presentation? A) Bandwidth usage B) Fair Use limits C) IP address masking D) Hash collisions

Ultimate Exam

Answer: B Explanation: Fair Use determines when limited use of copyrighted content is permissible without permission. Question 4. In the context of the Internet of Things (IoT), a primary security risk is: A) High latency connections B) Unencrypted default passwords on devices C) Excessive CPU cycles D) Redundant routing tables Answer: B Explanation: Many IoT devices ship with default credentials, making them easy targets. Question 5. Which encryption method uses the same key for both encryption and decryption? A) Asymmetric encryption B) Hashing C) Symmetric encryption D) Steganography Answer: C Explanation: Symmetric algorithms rely on a single shared secret key. Question 6. A Caesar cipher with a shift of 3 converts the plaintext “HELLO” to: A) KHOOR B) IFMMP C) GDKKN

Ultimate Exam

C) Requirement of physical access D) Dependency on network latency Answer: B Explanation: The number of possible keys grows exponentially, making exhaustive search infeasible. Question 10. HTTPS primarily uses which protocol to secure web traffic? A) FTP B) SSL/TLS C) SMTP D) DHCP Answer: B Explanation: SSL/TLS provides encryption, authentication, and integrity for HTTP. Question 11. IPv6 addresses are written in which format? A) Four octets separated by dots B) Eight groups of four hexadecimal digits separated by colons C) Two groups of decimal numbers separated by a slash D) Six groups of binary numbers separated by hyphens Answer: B Explanation: IPv6 uses eight 16‑bit blocks expressed in hexadecimal. Question 12. Which DNS record type maps a domain name to an IPv4 address? A) MX

Ultimate Exam

B) CNAME

C) A

D) AAAA

Answer: C Explanation: An “A” record stores the IPv4 address for a host. Question 13. In the TCP/IP model, which layer is responsible for routing packets between networks? A) Application B) Transport C) Internet D) Link Answer: C Explanation: The Internet layer handles logical addressing and routing. Question 14. A device that forwards traffic based on MAC addresses operates at which OSI layer? A) Layer 1 – Physical B) Layer 2 – Data Link C) Layer 3 – Network D) Layer 4 – Transport Answer: B Explanation: Switches use MAC tables to forward frames at the Data Link layer. Question 15. Which component stores the system’s temporary working data while programs run?

Ultimate Exam

Question 18. Which operating system is built on a Unix‑like kernel and is widely used for servers? A) Windows 10 B) macOS C) Linux D) iOS Answer: C Explanation: Linux is an open‑source Unix‑like OS popular for server deployments. Question 19. In a command‑line interface, which command lists the files in the current directory on a Unix system? A) dir B) ls C) pwd D) cd Answer: B Explanation: “ls” outputs the directory contents. Question 20. Open‑source software licenses typically allow: A) Modification and redistribution without paying royalties B) Only read‑only access to source code C) Mandatory purchase of a support contract D) Use only on proprietary hardware Answer: A Explanation: Open‑source licenses grant rights to view, modify, and share code.

Ultimate Exam

Question 21. Which of the following is a common method for protecting browsers from malicious extensions? A) Disabling JavaScript globally B) Enabling only signed extensions from official stores C) Turning off all cookies D) Using HTTP instead of HTTPS Answer: B Explanation: Trusted stores verify extensions, reducing the risk of malicious code. Question 22. A strong password should contain: A) Only lowercase letters B) At least 8 characters, mixing letters, numbers, and symbols C) The user’s birthdate D) Repeated characters for memorability Answer: B Explanation: Complexity and length increase resistance to guessing and brute‑force attacks. Question 23. Two‑Factor Authentication (2FA) improves security by: A) Requiring two passwords B) Adding a second, independent verification factor (e.g., a code) C) Encrypting the password with SHA‑ 256 D) Storing the password in the cloud Answer: B

Ultimate Exam

Answer: B Explanation: Injected SQL code can manipulate databases when input isn’t sanitized. Question 27. In browser developer tools, which panel helps you view the HTML structure of a page? A) Network B) Console C) Elements/Inspector D) Sources Answer: C Explanation: The Elements (or Inspector) panel displays the DOM tree. Question 28. The client‑server model differs from peer‑to‑peer in that: A) All nodes have equal responsibilities B) Clients request services from a dedicated server that processes them C) Data is stored only on the client side D) Servers cannot store data Answer: B Explanation: Clients depend on a central server for resources and processing. Question 29. Using Boolean operators, the query “privacy AND encryption NOT password” will return results that: A) Contain “privacy” or “encryption” but not “password” B) Contain both “privacy” and “encryption” while excluding any result that also contains “password” C) Contain “password” only

Ultimate Exam

D) Exclude “privacy” and “encryption” altogether Answer: B Explanation: AND requires both terms, NOT removes any result containing the excluded term. Question 30. Data privacy regulations such as GDPR primarily aim to: A) Increase bandwidth for European ISPs B) Give users control over how their personal data is collected, used, and shared C) Mandate the use of IPv6 across Europe D) Standardize encryption key lengths Answer: B Explanation: GDPR enforces user rights regarding personal data handling. Question 31. Which of the following best describes cyberbullying? A) Automated network scanning for open ports B) Repeated, intentional harassment of an individual through digital channels C) Unauthorized access to a corporate firewall D) Ethical hacking performed by a school’s IT department Answer: B Explanation: Cyberbullying involves hostile online behavior targeting a person. Question 32. A hash function is considered cryptographically secure when it is: A) Reversible with a secret key B) Collision‑resistant, pre‑image resistant, and deterministic

Ultimate Exam

A) Man‑in‑the‑middle (MITM) B) DNS spoofing (cache poisoning) C) SQL injection D) Cross‑site scripting (XSS) Answer: B Explanation: DNS spoofing corrupts cache entries, causing incorrect IP mapping. Question 36. A “sandbox” in application security is used to: A) Increase system performance by caching data B) Isolate running code to prevent it from affecting the host system C? Actually the question should be corrected. Answer: B Explanation: Sandboxing limits the permissions of programs, reducing damage from malicious behavior. Question 37. Which of the following best describes a “zero‑day” vulnerability? A) A flaw that has been patched for at least one day B) A vulnerability that is unknown to the vendor and has no available fix C) A bug that appears only on the first day of the month D) An exploit that requires zero user interaction Answer: B Explanation: Zero‑day attacks leverage unpatched, undisclosed vulnerabilities. Question 38. In the context of network security, “defense in depth” means:

Ultimate Exam

A) Using a single, highly complex firewall rule set B) Implementing multiple overlapping security controls at different layers C) Relying solely on encryption for protection D) Deploying only physical security measures Answer: B Explanation: Layered defenses provide redundancy and reduce single points of failure. Question 39. Which protocol is used to securely copy files over a network? A) FTP B) Telnet C) SCP D) HTTP Answer: C Explanation: SCP (Secure Copy) uses SSH for encrypted file transfer. Question 40. A “botnet” is: A) A network of legitimate servers providing cloud services B) A collection of compromised computers controlled remotely for malicious purposes C) An encrypted tunnel between two routers D) A type of firewall rule set Answer: B Explanation: Botnets are used for DDoS attacks, spam, and other illicit activities.

Ultimate Exam

Question 44. When a website uses the “SameSite=Strict” attribute on its cookies, it: A) Allows the cookie to be sent with all cross‑site requests B) Prevents the cookie from being sent with any cross‑site requests C) Encrypts the cookie using AES‑ 256 D) Stores the cookie in the browser’s local storage Answer: B Explanation: “SameSite=Strict” restricts cookies to first‑party contexts, mitigating CSRF. Question 45. Which of the following is a common indicator of compromise (IOC) in system logs? A) Regularly scheduled backups completing successfully B) Repeated failed login attempts from a single IP address C) Successful software updates from a trusted vendor D) Normal system uptime metrics Answer: B Explanation: Multiple failed logins may signal a brute‑force attack. Question 46. In asymmetric encryption, the public key is used to: A) Decrypt messages B) Encrypt messages or verify signatures C) Generate symmetric keys D) Hash data Answer: B

Ultimate Exam

Explanation: Public keys encrypt data and verify digital signatures; private keys perform the opposite. Question 47. Which of the following attacks exploits the trust relationship between a web browser and a server by injecting malicious scripts into trusted pages? A) SQL injection B) Cross‑site scripting (XSS) C) Phishing D) DNS tunneling Answer: B Explanation: XSS injects scripts that run in the context of the legitimate site. Question 48. A “man‑in‑the‑middle” (MITM) attacker primarily aims to: A) Overwrite firmware on routers B) Intercept and possibly alter communication between two parties without their knowledge C) Perform a denial‑of‑service attack by flooding traffic D) Exploit buffer overflows in applications Answer: B Explanation: MITM attacks position the attacker between communicating entities. Question 49. Which of the following is NOT a characteristic of a strong cryptographic hash? A) Fixed output length B) Deterministic results C) Ability to be reversed to obtain the original input D) Avalanche effect

Ultimate Exam

D) Converting IPv4 addresses to IPv Answer: B Explanation: Tunneling creates a protected path for data across untrusted networks. Question 53. Which of the following best describes “social engineering” in cybersecurity? A) Writing code to exploit software bugs B) Manipulating people into divulging confidential information or performing actions C) Scanning networks for open ports D) Deploying a distributed denial‑of‑service botnet Answer: B Explanation: Social engineering exploits human psychology rather than technical vulnerabilities. Question 54. A “logic bomb” is a type of malware that: A) Propagates automatically across networks B) Executes a malicious payload when a specific condition is met C) Encrypts files and demands ransom D) Alters DNS records to redirect traffic Answer: B Explanation: Logic bombs remain dormant until a trigger condition occurs. Question 55. Which of the following is a typical symptom of a compromised account? A) Increased login speed B) Unexpected password change notifications

Ultimate Exam

C) Decreased storage usage D) Regular system updates applied automatically Answer: B Explanation: Attackers often change passwords to lock out the legitimate user. Question 56. In the context of digital forensics, “chain of custody” refers to: A) The sequence of IP addresses a packet travels through B) Documentation that tracks who has possessed evidence and how it was handled C) The order in which encryption keys are generated D) The hierarchy of DNS servers Answer: B Explanation: Maintaining a proper chain of custody ensures evidence remains admissible. Question 57. Which of the following is an example of a physical security control? A) Intrusion detection system (IDS) B) Biometric fingerprint scanner for building entry C) SSL certificate validation D) Anti‑malware software Answer: B Explanation: Biometrics control access to physical locations. Question 58. The term “patch management” refers to: A) Updating firmware on routers only once a year