



































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This certification validates foundational knowledge of cybersecurity principles and practices. Exam domains include types of cyber threats, malware, network security basics, access control, encryption, firewalls, incident response, and user awareness. Candidates must demonstrate ability to identify common vulnerabilities and apply basic security measures to protect systems and data.
Typology: Exams
1 / 75
This page cannot be seen from the preview
Don't miss anything!




































































Question 1. Which component of the CIA triad is primarily protected by encryption? A) Integrity B) Availability C) Confidentiality D) Non-repudiation Answer: C Explanation: Encryption transforms data so that only authorized parties can read it, directly safeguarding confidentiality. Question 2. A digital signature provides assurance of which CIA element? A) Confidentiality B) Integrity C) Availability D) Non-repudiation Answer: D Explanation: A digital signature binds the signer to the message, preventing later denial—hence it ensures non-repudiation. Question 3. Which risk-treatment option involves transferring the impact of a risk to a third party? A) Acceptance B) Avoidance C) Mitigation D) Transference Answer: D Explanation: Transference shifts the financial or operational burden of a risk, often via insurance or outsourcing. Question 4. A security control that detects unauthorized activity after it occurs is classified as:
A) Preventive B) Detective C) Corrective D) Deterrent Answer: B Explanation: Detective controls monitor and alert on events, identifying breaches that have already happened. Question 5. Which malware type replicates itself across a network without user interaction? A) Trojan B) Worm C) Spyware D) Ransomware Answer: B Explanation: Worms autonomously spread by exploiting vulnerabilities, unlike Trojans that require user execution. Question 6. An attacker who sends a targeted email to a senior executive to obtain confidential data is performing: A) Phishing B) Spear-phishing C) Whaling D) Vishing Answer: C Explanation: Whaling is a form of spear-phishing aimed at high-profile individuals such as CEOs or CFOs. Question 7. Gaining physical access to a building by following an authorized employee through a secure door is called: A) Tailgating
C) DNS spoofing D) Email spoofing Answer: B Explanation: ARP spoofing sends falsified ARP messages, causing devices to associate the attacker’s MAC with legitimate IPs. Question 11. Which injection attack exploits unsanitized user input to execute malicious SQL commands? A) Cross-site scripting (XSS) B) Command injection C) SQL injection D) LDAP injection Answer: C Explanation: SQL injection inserts crafted SQL statements into queries, allowing attackers to read or modify database data. Question 12. A vulnerability that is unknown to the vendor and has no available patch is known as: A) Zero-day B) Day-zero C) Known-exploit D) Backdoor Answer: A Explanation: Zero-day refers to a flaw that is exploited before the vendor releases a fix. Question 13. Which symmetric algorithm uses a 128-bit block size and supports key lengths of 128, 192, or 256 bits? A) DES B) 3DES
Answer: C Explanation: Advanced Encryption Standard (AES) operates on 128-bit blocks with variable key sizes, providing strong security. Question 14. The primary advantage of asymmetric encryption over symmetric encryption is: A) Faster performance B) Smaller key size C) No need for secure key exchange D) Resistance to quantum attacks Answer: C Explanation: Asymmetric cryptography uses a public/private key pair, eliminating the need to share a secret key over insecure channels. Question 15. RSA security is based on the computational difficulty of factoring: A) Large prime numbers B) Elliptic curves C) Discrete logarithms D) Large composite numbers Answer: D Explanation: RSA’s strength lies in the difficulty of factoring a large composite number into its prime components. Question 16. Which hashing algorithm is considered insecure for cryptographic purposes due to collision vulnerabilities? A) SHA- 256 B) SHA- 1 C) SHA- 3
Answer: B Explanation: VPNs encapsulate traffic and encrypt it with symmetric algorithms, ensuring confidentiality across the network. Question 20. Which OSI layer is responsible for end-to-end reliability and flow control? A) Physical B) Data Link C) Transport D) Session Answer: C Explanation: The Transport layer (e.g., TCP) provides reliable delivery, sequencing, and flow control between hosts. Question 21. A firewall that inspects packet payloads and application behavior is known as: A) Packet-filtering firewall B) Stateful inspection firewall C) Proxy firewall D) Next-Generation Firewall (NGFW) Answer: D Explanation: NGFWs combine traditional filtering with deep packet inspection, intrusion prevention, and application awareness. Question 22. Signature-based IDS primarily detects attacks by: A) Learning normal traffic patterns B) Matching known malicious signatures C) Monitoring system logs D) Analyzing user behavior Answer: B
Explanation: Signature-based IDS compares traffic against a database of known attack patterns. Question 23. Replacing Telnet with SSH improves security because SSH provides: A) Faster transmission speeds B) Strong authentication and encryption C) Compatibility with older devices D) Automatic password rotation Answer: B Explanation: SSH encrypts the session and supports robust authentication, preventing credential interception. Question 24. The primary weakness of WEP is its: A) Use of 256-bit keys B) Static initialization vectors (IVs) C) Requirement for a RADIUS server D) Dependence on WPA2-PSK Answer: B Explanation: WEP’s short, predictable IVs lead to easy key recovery attacks, rendering it insecure. Question 25. Segmenting a network into VLANs primarily helps to: A) Increase bandwidth B) Reduce broadcast traffic C) Contain lateral movement of attackers D) Simplify IP addressing Answer: C Explanation: VLANs isolate traffic, limiting an attacker’s ability to move across different network zones.
Question 29. Which access-control model enforces policies based on security labels assigned by a central authority? A) Role-Based Access Control (RBAC) B) Discretionary Access Control (DAC) C) Mandatory Access Control (MAC) D) Attribute-Based Access Control (ABAC) Answer: C Explanation: MAC uses centrally defined labels (e.g., Clear, Secret) and does not allow users to change permissions. Question 30. The Principle of Least Privilege (PoLP) dictates that users should be granted: A) All permissions needed for any possible task B) Only the permissions necessary to perform their job C) Administrator rights by default D) Permissions based on seniority Answer: B Explanation: PoLP minimizes risk by limiting access to the minimum required for job functions. Question 31. Disabling unnecessary services on a server is an example of: A) Physical security B) Administrative control C) Technical control D) Detective control Answer: C Explanation: Technical controls involve configuring system settings, such as turning off unused services, to reduce attack surface. Question 32. An EDR solution primarily provides which capability?
A) Network traffic filtering B) Real-time endpoint threat detection and response C) Centralized password management D) Cloud resource provisioning Answer: B Explanation: Endpoint Detection and Response monitors endpoints for malicious activity and enables rapid containment. Question 33. In a BYOD environment, which MDM feature allows an organization to erase corporate data remotely? A) Application sandboxing B) Remote wipe C) Device encryption D) VPN tunneling Answer: B Explanation: Remote wipe deletes corporate information from a lost or compromised device, protecting data confidentiality. Question 34. Which cloud service model places the most responsibility for security on the customer? A) SaaS B) PaaS C) IaaS D) FaaS Answer: C Explanation: In IaaS, the provider secures the underlying infrastructure, while the customer must secure the operating system, applications, and data. Question 35. The first phase of the Incident Response Life Cycle is: A) Detection/Analysis
C) Incident Response Policy D) Change Management Policy Answer: B Explanation: An AUP outlines what users may and may not do with organizational technology. Question 39. Which compliance framework is focused on protecting payment-card data? A) GDPR B) HIPAA C) PCI-DSS D) ISO/IEC 27001 Answer: C Explanation: The Payment Card Industry Data Security Standard (PCI-DSS) specifies security requirements for handling cardholder information. Question 40. A hacker who discovers vulnerabilities and reports them to the vendor without exploiting them is considered: A) Black hat B) Grey hat C) White hat D) Script kiddie Answer: C Explanation: White-hat hackers act ethically, disclosing findings responsibly to improve security. Question 41. Which security control would most effectively prevent an insider from copying confidential files to a USB drive? A) Host-based firewall B) Data Loss Prevention (DLP) system C) Intrusion Prevention System (IPS)
D) Network segmentation Answer: B Explanation: DLP monitors and blocks unauthorized data transfers to removable media. Question 42. A cryptographic hash function that produces a 256-bit output is: A) MD B) SHA- 1 C) SHA- 256 D) SHA- 512 Answer: C Explanation: SHA-256 generates a fixed 256-bit digest, commonly used for integrity verification. Question 43. Which of the following is a characteristic of a zero-trust network architecture? A) Implicit trust for devices inside the perimeter B) Continuous verification of every access request C) Reliance on VPNs for all remote connections D) Use of static IP-based ACLs only Answer: B Explanation: Zero-trust assumes no implicit trust and requires authentication and authorization for each transaction. Question 44. An attacker who manipulates the DNS response to redirect users to a malicious site is performing: A) DNS hijacking B) DNS tunneling C) DNS poisoning D) DNS amplification
Explanation: Brute-force attacks systematically guess passwords until the correct one is found. Question 48. A security policy that mandates password changes every 90 days is an example of: A) Technical control B) Administrative control C) Physical control D) Detective control Answer: B Explanation: Password-change policies are administrative measures that define user behavior. Question 49. In the context of cloud security, the “shared responsibility model” means: A) The cloud provider secures everything for the customer B) The customer secures everything for the provider C) Both provider and customer have distinct security duties D) Security is outsourced to a third-party auditor Answer: C Explanation: The model delineates which security tasks are handled by the provider (e.g., physical security) and which by the customer (e.g., data encryption). Question 50. Which type of attack exploits a program’s failure to check the length of input data? A) SQL injection B) Buffer overflow C) Cross-site request forgery (CSRF) D) Directory traversal Answer: B
Explanation: Buffer overflows occur when input exceeds allocated memory, allowing overwriting of adjacent memory. Question 51. The process of converting readable data into an unreadable format using a secret key is called: A) Hashing B) Signing C) Encryption D) Tokenization Answer: C Explanation: Encryption transforms plaintext into ciphertext using a key, reversible only with the appropriate decryption key. Question 52. Which protocol provides end-to-end encryption for web traffic? A) HTTP B) FTP C) TLS D) Telnet Answer: C Explanation: TLS (Transport Layer Security) encrypts data transmitted over HTTP, producing HTTPS. Question 53. An organization that wants to ensure that a user cannot deny having sent an email should implement: A) Confidentiality controls B) Integrity checks C) Digital signatures D) Access control lists Answer: C Explanation: Digital signatures bind the sender’s identity to the message, providing non-repudiation.
Question 57. A security analyst who monitors system logs for anomalous activity but does not block traffic is performing: A) Preventive control B) Detective control C) Corrective control D) Deterrent control Answer: B Explanation: Log monitoring detects potential incidents without actively intervening. Question 58. Which authentication protocol uses a challenge-response mechanism based on a shared secret and timestamps? A) Kerberos B) RADIUS C) LDAP D Answer: A Explanation: Kerberos issues tickets after a client proves knowledge of a secret using timestamps, preventing replay attacks. Question 59. An organization that wants to ensure that no single individual can approve a high-value transaction should implement: A) Role-Based Access Control (RBAC) B) Separation of duties C) Mandatory Access Control (MAC) D) Discretionary Access Control (DAC) Answer: B Explanation: Separation of duties splits critical functions among multiple people to reduce fraud risk.
Question 60. Which of the following best describes “defense in depth”? A) Using a single firewall to protect the network B) Layering multiple security controls across the environment C) Relying solely on encryption for data protection D) Outsourcing all security functions to a Managed Security Service Provider Answer: B Explanation: Defense in depth employs overlapping controls at various layers to provide redundancy. Question 61. The process of converting a plaintext password into a fixed-length string using a one-way function is called: A) Encryption B) Hashing C) Salting D) Tokenization Answer: B Explanation: Hashing creates a non-reversible digest, commonly used for password storage. Question 62. A security measure that ensures that a user’s credentials cannot be reused after they are compromised is: A) Account lockout B) Credential revocation C) Password rotation policy D) Two-factor authentication Answer: B Explanation: Credential revocation invalidates compromised credentials, preventing further misuse. Question 63. Which type of firewall operates at the application layer and can filter HTTP requests based on URL patterns?