Enhanced Competency Framework ECF Cybersecurity Practice Exam, Exams of Technology

This exam assesses an individual’s knowledge and competencies in cybersecurity practices according to the Enhanced Competency Framework. It focuses on the principles of managing security risks, network security, data protection, and regulatory compliance within the cybersecurity landscape.

Typology: Exams

2025/2026

Available from 01/19/2026

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 98

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Enhanced Competency Framework ECF
Cybersecurity Practice Exam
Question 1. **Which of the following best describes the Confidentiality component of the CIA
triad?**
A) Ensuring data is accurate and trustworthy
B) Preventing unauthorized disclosure of information
C) Guaranteeing system availability during peak load
D) Verifying the identity of users accessing resources
Answer: B
Explanation: Confidentiality focuses on protecting information from being disclosed to
individuals or systems that are not authorized to see it.
Question 2. **What primary purpose does a Security Governance framework serve within an
organization?**
A) To define technical network topologies
B) To establish policies, standards, and accountability for security
C) To automate patch deployment across endpoints
D) To monitor realtime network traffic for anomalies
Answer: B
Explanation: Security governance creates the overarching policies, standards, and
responsibilities that guide an organization’s security program.
Question 3. **In the risk management lifecycle, which phase follows “Identify”?**
A) Monitor
B) Treat
C) Assess
D) Communicate
Answer: C
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62

Partial preview of the text

Download Enhanced Competency Framework ECF Cybersecurity Practice Exam and more Exams Technology in PDF only on Docsity!

Cybersecurity Practice Exam

Question 1. Which of the following best describes the Confidentiality component of the CIA triad? A) Ensuring data is accurate and trustworthy B) Preventing unauthorized disclosure of information C) Guaranteeing system availability during peak load D) Verifying the identity of users accessing resources Answer: B Explanation: Confidentiality focuses on protecting information from being disclosed to individuals or systems that are not authorized to see it. Question 2. What primary purpose does a Security Governance framework serve within an organization? A) To define technical network topologies B) To establish policies, standards, and accountability for security C) To automate patch deployment across endpoints D) To monitor real‑time network traffic for anomalies Answer: B Explanation: Security governance creates the overarching policies, standards, and responsibilities that guide an organization’s security program. Question 3. In the risk management lifecycle, which phase follows “Identify”? A) Monitor B) Treat C) Assess D) Communicate Answer: C

Cybersecurity Practice Exam

Explanation: After identifying assets, threats, and vulnerabilities, the next step is to assess the risk by evaluating likelihood and impact. Question 4. Which term describes the probability that a particular threat will exploit a specific vulnerability? A) Impact B) Likelihood C) Residual risk D) Asset value Answer: B Explanation: Likelihood measures the chance that a threat will successfully exploit a vulnerability. Question 5. Which risk treatment strategy involves transferring the financial consequences of a risk to a third party? A) Avoidance B) Acceptance C) Mitigation D) Transfer Answer: D Explanation: Transfer (often via insurance) shifts the financial burden of a risk to another organization. Question 6. Under the ISO/IEC 27001 standard, which document defines the high‑level security objectives of an organization? A) Statement of Applicability (SoA) B) Risk Treatment Plan

Cybersecurity Practice Exam

Question 9. In the OSI model, which layer is responsible for end‑to‑end encryption such as TLS? A) Physical B) Data Link C) Transport D) Application Answer: C Explanation: The Transport layer (Layer 4) provides end‑to‑end communication services, including encryption protocols like TLS. Question 10. Which network design element isolates a public‑facing server from internal corporate networks while still allowing external access? A) VLAN B) DMZ C) NAT D) Proxy server Answer: B Explanation: A Demilitarized Zone (DMZ) places public services in a separate subnet, protecting the internal network. Question 11. Which protocol provides secure remote access by encapsulating IP traffic inside an encrypted tunnel? A) HTTP B) FTP C) SSH D) IPsec VPN

Cybersecurity Practice Exam

Answer: D Explanation: IPsec VPN creates an encrypted tunnel for IP traffic, enabling secure remote connectivity. Question 12. What distinguishes an Intrusion Prevention System (IPS) from an Intrusion Detection System (IDS)? A) IPS can block malicious traffic in real time, IDS only alerts B) IDS encrypts traffic, IPS does not C) IPS monitors only outbound traffic, IDS monitors inbound only D) IDS provides vulnerability scanning, IPS does not Answer: A Explanation: An IPS actively blocks or rejects malicious packets, whereas an IDS merely detects and alerts. Question 13. Which wireless security protocol is considered the most robust for protecting Wi‑Fi networks today? A) WEP B) WPA C) WPA2‑PSK D) WPA Answer: D Explanation: WPA3 introduces stronger encryption and protection against brute‑force attacks compared to earlier protocols. Question 14. Multi‑factor authentication (MFA) improves security primarily by: A) Requiring users to change passwords every 30 days

Cybersecurity Practice Exam

Question 17. Which identity federation protocol enables Single Sign‑On (SSO) by exchanging security assertions in XML format? A) OAuth 2. B) OpenID Connect C) SAML D) Kerberos Answer: C Explanation: Security Assertion Markup Language (SAML) transmits authentication and authorization data between identity providers and service providers. Question 18. What is the primary advantage of using asymmetric encryption for key exchange? A) Faster encryption and decryption speeds compared to symmetric algorithms B) Ability to encrypt large files without performance impact C) Secure distribution of a public key without needing a pre‑shared secret D) Compatibility with all legacy hardware devices Answer: C Explanation: Asymmetric encryption uses a public key that can be openly shared, eliminating the need for a secure channel to exchange secret keys. Question 19. Which cryptographic hash function is considered insecure for new applications due to collision vulnerabilities? A) SHA‑ 256 B) SHA‑ 3 C) MD D) BLAKE

Cybersecurity Practice Exam

Answer: C Explanation: MD5 has known collision weaknesses and should not be used for integrity verification in modern systems. Question 20. In a Public Key Infrastructure (PKI), what role does a Certificate Authority (CA) play? A) Generates symmetric encryption keys for all users B) Issues, validates, and revokes digital certificates C) Stores user passwords in encrypted form D) Monitors network traffic for malicious activity Answer: B Explanation: The CA is trusted to create and manage digital certificates that bind public keys to entity identities. Question 21. Which key management practice ensures that lost or compromised cryptographic keys can be restored without exposing them? A) Storing keys in plain text on a shared drive B) Using a Hardware Security Module (HSM) for secure storage and backup C) Embedding keys directly in application source code D) Rotating keys every 24 hours without backup Answer: B Explanation: HSMs provide tamper‑resistant storage, secure backup, and controlled access to cryptographic keys. Question 22. In the cloud service model hierarchy, which offering provides the greatest level of control over the underlying operating system? A) SaaS

Cybersecurity Practice Exam

Question 25. Which control most directly protects data at rest in a cloud storage bucket? A) Enforcing strong password policies for administrators B) Enabling server‑side encryption with customer‑managed keys C) Configuring multi‑factor authentication for user login D) Deploying a web application firewall in front of the bucket Answer: B Explanation: Server‑side encryption encrypts data stored in the bucket, protecting it from unauthorized access. Question 26. What is the primary goal of vulnerability management? A) To document all assets in the organization B) To identify, prioritize, and remediate security weaknesses before exploitation C) To enforce user password complexity rules D) To monitor network bandwidth usage for anomalies Answer: B Explanation: Vulnerability management focuses on discovering and fixing weaknesses to reduce the chance of successful attacks. Question 27. Which of the following best defines a “patch” in the context of software maintenance? A) A new feature added to an application B) A configuration file that disables logging C) A code update that fixes security flaws or bugs D) A hardware upgrade to improve performance Answer: C

Cybersecurity Practice Exam

Explanation: Patches are released to correct identified vulnerabilities or defects in software. Question 28. A Security Information and Event Management (SIEM) system primarily provides: A) Automated phishing email generation B) Real‑time aggregation, correlation, and analysis of log data C) Encryption of data at rest on backup tapes D) Physical access control for data centers Answer: B Explanation: SIEM collects logs from diverse sources, correlates events, and alerts on suspicious activity. Question 29. When analyzing logs, which indicator would most likely suggest a possible compromise? A. Successful login from an internal IP address during business hours B. Repeated failed login attempts followed by a successful login from an unfamiliar external IP C. Regular scheduled backups completing on time D. System uptime reaching 30 days without reboot Answer: B Explanation: A pattern of failed attempts ending in a successful login from an unknown source often signals credential guessing or brute‑force attacks. Question 30. Endpoint Detection and Response (EDR) solutions differ from traditional antivirus primarily by: A. Only scanning for known signatures B. Providing continuous monitoring, behavior analytics, and response capabilities

Cybersecurity Practice Exam

Question 33. Phishing attacks typically exploit which of the following human vulnerabilities? A. Lack of physical security controls B. Trust and curiosity leading to credential disclosure C. Over‑provisioned network bandwidth D. Unpatched firmware in routers Answer: B Explanation: Phishing leverages social engineering to trick users into revealing credentials or clicking malicious links. Question 34. A zero‑day exploit is characterized by: A. An attack that uses a known vulnerability with an available patch B. A vulnerability that is publicly disclosed after an exploit is observed C. An unknown vulnerability that is exploited before any patch exists D. A malware that only affects systems older than five years Answer: C Explanation: Zero‑day attacks target previously unknown flaws for which no remediation is yet available. Question 35. Which source of threat intelligence provides publicly available information without cost? A. Commercial intelligence feeds B. Government classified reports C. Open‑source intelligence (OSINT) D. Private vendor subscription services Answer: C

Cybersecurity Practice Exam

Explanation: OSINT includes freely accessible data such as blogs, security advisories, and public vulnerability databases. Question 36. During the Incident Response lifecycle, the “Containment” phase primarily aims to: A. Identify the root cause of the incident B. Eradicate the malicious code from all systems C. Limit the spread and impact of the incident while preserving evidence D. Perform post‑incident lessons learned meetings Answer: C Explanation: Containment isolates the affected environment to prevent further damage and maintains evidence for analysis. Question 37. Chain of Custody is essential in digital forensics because it: A. Guarantees that evidence is encrypted during transport B. Documents who handled evidence, when, and how, ensuring its integrity for legal proceedings C. Allows investigators to modify evidence to improve readability D. Is only required for physical, not digital, evidence Answer: B Explanation: Maintaining a documented chain of custody preserves the credibility and admissibility of digital evidence. Question 38. Effective communication during a security incident should include which of the following elements? A. Technical jargon only for internal teams B. Timely, accurate, and consistent updates to stakeholders and possibly regulators

Cybersecurity Practice Exam

B. Restoring IT infrastructure and data after a catastrophic event C. Conducting employee satisfaction surveys after an incident D. Reducing the number of third‑party vendors in the supply chain Answer: B Explanation: DRP outlines procedures to recover technology systems and data following a disaster. Question 42. Which testing method simulates a realistic cyber‑attack to evaluate an organization’s detection and response capabilities? A. Walk‑through review B. Table‑top exercise C. Red‑team exercise (penetration test) D. Static code analysis Answer: C Explanation: Red‑team exercises emulate real attackers, testing detection, containment, and response processes. Question 43. In the Secure Software Development Lifecycle (SSDLC), security testing is typically performed during which phase? A. Planning B. Requirements gathering C. Implementation (coding) D. Testing (verification) Answer: D Explanation: The testing phase includes activities such as static/dynamic analysis, penetration testing, and security verification.

Cybersecurity Practice Exam

Question 44. Which OWASP Top 10 vulnerability involves an application executing unintended commands in the operating system? A. Broken Authentication B. Security Misconfiguration C. Insecure Deserialization D. Command Injection Answer: D Explanation: Command injection allows attackers to inject and execute arbitrary OS commands through the application. Question 45. Input validation that rejects or sanitizes unexpected characters is primarily used to prevent: A. Denial‑of‑service attacks B. SQL Injection and Cross‑Site Scripting (XSS) attacks C. Man‑in‑the‑middle attacks D. Password brute‑force attempts Answer: B Explanation: Proper validation and sanitization stop malicious input from being interpreted as code in databases or browsers. Question 46. Automated vulnerability scanning tools are most effective at identifying: A. Zero‑day exploits B. Known software flaws with CVE identifiers C. Insider threats D. Physical security gaps

Cybersecurity Practice Exam

A. A list of all user accounts with their assigned roles and permissions B. Network topology diagrams showing firewall placements C. Incident response playbooks for ransomware attacks D. Backup schedules for critical databases Answer: A Explanation: Reviewing user permissions against job functions shows whether access is limited to the minimum required. Question 50. Which of the following is a key benefit of implementing Role‑Based Access Control (RBAC) in an organization? A. Eliminates the need for user authentication B. Simplifies permission management by assigning rights to roles rather than individuals C. Allows users to modify their own privileges at will D. Guarantees that all users have administrator privileges Answer: B Explanation: RBAC groups permissions into roles, making it easier to manage and audit access rights. Question 51. What does the term “non‑repudiation” ensure in a digital transaction? A. The data cannot be altered once stored B. The sender cannot deny having sent the message, and the receiver cannot deny receipt C. The system automatically encrypts all traffic D. Users are required to change passwords every 90 days Answer: B Explanation: Non‑repudiation provides proof of origin and receipt, typically via digital signatures.

Cybersecurity Practice Exam

Question 52. Which regulatory requirement specifically mandates the protection of credit card holder data? A. GDPR B. HIPAA C. PCI DSS D. SOX Answer: C Explanation: The Payment Card Industry Data Security Standard (PCI DSS) sets requirements for securing cardholder data. Question 53. In a supply chain risk assessment, which of the following would be considered a high‑impact risk? A. A vendor’s delayed invoice processing B. A third‑party service provider experiencing a ransomware attack that disrupts critical business operations C. Minor differences in branding guidelines across partners D. A supplier using outdated office furniture Answer: B Explanation: A ransomware incident affecting a critical provider can halt essential services, representing high impact. Question 54. Which of the following best describes “defense in depth”? A. Using a single firewall to protect the entire network B. Implementing multiple, layered security controls across technology, processes, and people C. Relying solely on encryption for data protection