Network Security and Database Vulnerabilities Certificate Practice Exam, Exams of Technology

This practice exam explores the principles of network security and the vulnerabilities of databases. Topics include encryption, firewalls, intrusion detection systems, and SQL injection. It emphasizes securing data and protecting networks from cyber threats.

Typology: Exams

2025/2026

Available from 12/20/2025

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 102

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Network Security and Database Vulnerabilities
Certificate Practice Exam
**Question 1. Which of the following best describes the Confidentiality component of the CIA
triad?**
A) Ensuring data is accurate and trustworthy
B) Guaranteeing that data is available when needed
C) Preventing unauthorized disclosure of information
D) Providing evidence that a transaction occurred
Answer: C
Explanation: Confidentiality focuses on restricting access to information so only authorized
parties can view it.
**Question 2. In the AAA framework, which function is responsible for tracking user actions for
later review?**
A) Authentication
B) Authorization
C) Accounting
D) Auditing
Answer: C
Explanation: Accounting (also called auditing) records user activity, enabling accountability and
forensic analysis.
**Question 3. Which security control type is primarily intended to discover and alert on a
breach after it occurs?**
A) Preventive
B) Detective
C) Corrective
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Network Security and Database Vulnerabilities Certificate Practice Exam and more Exams Technology in PDF only on Docsity!

Certificate Practice Exam

Question 1. Which of the following best describes the Confidentiality component of the CIA triad? A) Ensuring data is accurate and trustworthy B) Guaranteeing that data is available when needed C) Preventing unauthorized disclosure of information D) Providing evidence that a transaction occurred Answer: C Explanation: Confidentiality focuses on restricting access to information so only authorized parties can view it. Question 2. In the AAA framework, which function is responsible for tracking user actions for later review? A) Authentication B) Authorization C) Accounting D) Auditing Answer: C Explanation: Accounting (also called auditing) records user activity, enabling accountability and forensic analysis. Question 3. Which security control type is primarily intended to discover and alert on a breach after it occurs? A) Preventive B) Detective C) Corrective

Certificate Practice Exam

D) Deterrent Answer: B Explanation: Detective controls monitor systems to identify security events that have already happened. Question 4. A company decides to move its critical web server into a separate network segment isolated from the internal LAN. Which defense‑in‑depth principle does this illustrate? A) Least privilege B) Network segmentation C) Redundancy D) Diversity Answer: B Explanation: Segregating networks limits the spread of attacks and is a core element of defense‑in‑depth. Question 5. Which risk response strategy involves purchasing cyber‑insurance to cover potential loss? A) Avoidance B) Transference C) Mitigation D) Acceptance Answer: B Explanation: Transference shifts the financial impact of a risk to a third party, such as an insurer.

Certificate Practice Exam

D) Stored on a separate air‑gapped system Answer: C Explanation: Public data is intended for unrestricted dissemination and does not require confidentiality safeguards. Question 9. Which of the following best describes “Data in Use”? A) Data stored on magnetic disks B) Data transmitted across a network C) Data being processed by an application’s CPU D) Data archived on tape Answer: C Explanation: Data in use refers to information actively processed by a system’s memory or CPU. Question 10. Which OSI layer is primarily responsible for end‑to‑end reliability and flow control? A) Physical B) Data Link C) Transport D) Session Answer: C Explanation: The Transport layer (TCP) provides reliability, sequencing, and flow control for end‑to‑end communication.

Certificate Practice Exam

Question 11. Which protocol provides secure remote command‑line access by encrypting the session? A) Telnet B) FTP C) SSH D) HTTP Answer: C Explanation: SSH (Secure Shell) encrypts the entire session, protecting credentials and data. Question 12. IPv6 addresses are 128 bits long. How many total unique IPv6 addresses does this provide? A) Approximately 4.3 × 10⁹ B) Approximately 3.4 × 10³⁸ C) Approximately 2.1 × 10¹⁹ D) Approximately 1.0 × 10¹⁵ Answer: B Explanation: 2¹²⁸ ≈ 3.4 × 10³⁸ unique IPv6 addresses. Question 13. Which firewall type examines the state of active connections to make filtering decisions? A) Stateless packet filter B) Proxy firewall C) Stateful inspection firewall D) Application‑layer firewall

Certificate Practice Exam

B) Between external users and internal web servers C) Inside a DMZ to filter outbound traffic D) Directly on the ISP’s edge router Answer: B Explanation: Reverse proxies accept client requests from the internet and forward them to internal servers. Question 17. Which of the following best describes a DMZ? A) An internal network segment isolated from the internet B) A network zone that hosts publicly accessible services while protecting the internal LAN C) A VLAN used for voice traffic only D) A secure enclave for privileged administrators Answer: B Explanation: A DMZ (demilitarized zone) hosts services (e.g., web, mail) exposed to the internet while keeping the internal LAN separate. Question 18. Micro‑segmentation is most closely associated with which technology? A) Physical firewalls B) VLANs only C) Software‑defined networking (SDN) D) VPN concentrators Answer: C

Certificate Practice Exam

Explanation: SDN enables fine‑grained, policy‑based micro‑segmentation beyond traditional VLANs. Question 19. In a Zero Trust model, which statement is true? A) Once a user is inside the corporate network, they are trusted. B) All traffic is encrypted, but internal traffic is not inspected. C) Every access request is authenticated, authorized, and encrypted regardless of location. D) Perimeter firewalls are eliminated entirely. Answer: C Explanation: Zero Trust assumes no implicit trust and verifies each request regardless of origin. Question 20. Which AWS feature functions similarly to a traditional network ACL? A) Security Group B) IAM Role C) VPC Peering D) Route Table Answer: A Explanation: AWS Security Groups act as virtual firewalls, controlling inbound and outbound traffic at the instance level, akin to network ACLs. Question 21. WPA3 improves wireless security primarily by introducing: A) TKIP encryption B) 802.1X authentication for all devices C) Simultaneous Authentication of Equals (SAE) for stronger password‑derived keys

Certificate Practice Exam

Question 24. A Distributed Denial of Service (DDoS) attack that overwhelms a target with UDP traffic is an example of: A) Application‑layer attack B) Network‑layer attack C) Protocol‑layer attack D) Physical‑layer attack Answer: B Explanation: Flooding with UDP packets targets the network layer, consuming bandwidth and connection resources. Question 25. ARP poisoning is a technique used to perform which type of attack? A) Replay attack B) Man‑in‑the‑Middle (MitM) C) Brute‑force password attack D) SQL injection Answer: B Explanation: By falsifying ARP entries, an attacker can intercept or modify traffic between victims, creating a MitM scenario. Question 26. DNS cache poisoning primarily compromises which security property? A) Confidentiality B) Integrity C) Availability

Certificate Practice Exam

D) Non‑repudiation Answer: B Explanation: Cache poisoning alters DNS responses, causing users to resolve domain names to malicious IP addresses, violating data integrity. Question 27. Which scanning technique sends SYN packets and analyzes responses without completing a TCP handshake? A) Connect scan B) FIN scan C) SYN (half‑open) scan D) UDP scan Answer: C Explanation: SYN scans are stealthy because they never complete the three‑way handshake. Question 28. During the exploitation phase of a penetration test, the tester most commonly uses which type of tool? A) Vulnerability scanner B) Password cracker C) Exploit framework (e.g., Metasploit) D) Network mapper Answer: C Explanation: Exploit frameworks contain modules to trigger known vulnerabilities and gain footholds.

Certificate Practice Exam

Answer: B Explanation: A role aggregates permissions, and users are assigned roles. Question 32. Multi‑factor authentication (MFA) typically combines which of the following factors? A) Something you know, something you have, something you are B) Username, password, security question C) IP address, MAC address, device ID D) Token, certificate, firewall rule Answer: A Explanation: MFA uses at least two of knowledge, possession, and inherence factors. Question 33. Which of the following is a common method for securely destroying magnetic hard‑drive data? A) Simple file deletion B) Formatting the drive with FAT C) Degaussing the drive D) Compressing the drive’s contents Answer: C Explanation: Degaussing applies a strong magnetic field that erases data beyond recovery. Question 34. Which NoSQL database model stores data as JSON‑like documents? A) Relational

Certificate Practice Exam

B) Column‑family (e.g., Cassandra) C) Document (e.g., MongoDB) D) Graph (e.g., Neo4j) Answer: C Explanation: Document databases such as MongoDB use BSON/JSON documents for flexible schema. Question 35. In a relational DBMS, which SQL command revokes a previously granted privilege? A) REVOKE B) DENY C) DROP D) REMOVE Answer: A Explanation: The REVOKE statement removes specific permissions from a user or role. Question 36. Which authentication protocol relies on tickets issued by a central Key Distribution Center (KDC)? A) LDAP B) RADIUS C) Kerberos D) SAML Answer: C

Certificate Practice Exam

B) The attacker receives no direct query output, requiring inference techniques C) It only works on NoSQL databases D) It modifies the database schema Answer: B Explanation: Blind injection relies on true/false or time‑based responses to infer data without visible output. Question 40. Which mitigation technique is most effective against stored (persistent) XSS attacks in a web application? A) Input validation only B) Output encoding/escaping of dynamic content C) Disabling JavaScript in browsers D) Using HTTP instead of HTTPS Answer: B Explanation: Properly encoding output prevents malicious scripts from executing in the client’s browser. Question 41. Which of the following is a primary advantage of using parameterized (prepared) statements? A) Faster query execution by the DBMS B) Automatic encryption of data at rest C) Elimination of SQL injection risk for the statement D) Simplified syntax for complex joins

Certificate Practice Exam

Answer: C Explanation: Parameterized queries separate code from data, preventing attacker‑supplied input from being interpreted as SQL. Question 42. In the context of database auditing, what does “non‑repudiation” ensure? A) Data is encrypted at rest B) Users cannot deny having performed an action because it is logged with proof C) All data is backed up daily D) Access control lists are immutable Answer: B Explanation: Non‑repudiation provides evidence (e.g., signed logs) that a specific user performed an operation. Question 43. Which of the following statements about “least privilege” is FALSE? A) It reduces the attack surface if an account is compromised. B) It requires granting users all possible permissions to avoid errors. C) It is a core principle of secure system design. D) It can be enforced through role‑based access control. Answer: B Explanation: Least privilege advocates giving only necessary rights, not “all possible permissions.” Question 44. Which of the following is a common sign that a database may be experiencing a DoS attack?

Certificate Practice Exam

Explanation: SQL injection is mitigated at the application layer by validating input and using safe query methods. Question 47. Which of the following is a characteristic of a “time‑based blind” SQL injection? A) The attacker receives error messages containing data. B) The application delays its response based on the evaluation of a condition. C. The attacker uses UNION to retrieve data. D. The attack modifies the database schema. Answer: B Explanation: Time‑based blind injection leverages intentional delays (e.g., SLEEP) to infer true/false conditions. Question 48. Which of the following is an example of a “detective” control for database activity? A. Enforcing password complexity B. Enabling audit logging of all DML statements C. Applying security patches promptly D. Disabling unused ports Answer: B Explanation: Audit logs detect and record database actions, allowing later analysis of suspicious activity. Question 49. Which cryptographic hash function is considered insecure for password storage due to speed and susceptibility to GPU attacks?

Certificate Practice Exam

A. SHA‑ 256

B. bcrypt C. Argon D. MD Answer: D Explanation: MD5 is fast and vulnerable to collision attacks; it should not be used for password hashing. Question 50. Which of the following is a primary purpose of a “security group” in cloud environments? A. To assign users to virtual machines B. To define inbound and outbound traffic rules at the instance level C. To encrypt data at rest automatically D. To manage DNS zones Answer: B Explanation: Security groups act as virtual firewalls, controlling network traffic for cloud instances. Question 51. In the context of IDS/IPS, what does “signature‑based detection” rely on? A. Statistical anomalies in traffic patterns B. Known patterns of malicious code or traffic C. Machine‑learning classification of packets D. User behavior analytics