




















































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The PrepIQ Network Security Essentials Ultimate Exam introduces cybersecurity fundamentals, network defense strategies, access controls, threat detection, risk management, security policies, and incident response procedures.
Typology: Exams
1 / 60
This page cannot be seen from the preview
Don't miss anything!





















































Question 1. Which of the following concepts best represents the principle that data must be accurate and reliable during transmission and storage? A) Confidentiality B) Integrity C) Availability D) Non-repudiation Answer: B Explanation: Integrity ensures that information is not altered or tampered with, maintaining its correctness and trustworthiness. Question 2. A firewall that examines packet contents up to the application layer is known as a: A) Packet-filter firewall B) Stateful inspection firewall C) Proxy (application-level) firewall D) Circuit-level gateway Answer: C Explanation: Proxy firewalls operate at the application layer, inspecting payload data and providing granular control over traffic. Question 3. Which encryption algorithm is a symmetric key cipher that operates on 64-bit blocks and uses a 56-bit key? A) AES B) DES C) RSA D) ECC
Answer: B Explanation: The Data Encryption Standard (DES) uses a 56-bit key and processes data in 64-bit blocks; it is a symmetric algorithm. Question 4. In the context of public key infrastructure (PKI), what does a Certificate Revocation List (CRL) contain? A) Private keys of all users B) Expired certificates only C) Serial numbers of revoked certificates D) Trusted root certificates Answer: C Explanation: A CRL lists the serial numbers of certificates that have been revoked before their scheduled expiration. Question 5. Which of the following attacks exploits the trust relationship between a client and a trusted server by intercepting and modifying communications? A) Man-in-the-middle (MITM) B) Replay attack C) DNS poisoning D) Brute-force attack Answer: A Explanation: A MITM attack places an attacker between client and server, allowing interception and alteration of data. Question 6. The primary purpose of a demilitarized zone (DMZ) in network architecture is to: A) Encrypt all internal traffic
Question 9. Which authentication method uses something you have, something you know, and something you are? A) Single-factor authentication B) Two-factor authentication (2FA) C) Multi-factor authentication (MFA) D) Password-only authentication Answer: C Explanation: MFA combines multiple categories of credentials—knowledge, possession, and inherence—to strengthen security. Question 10. A security policy that defines how users may access network resources based on their role is known as: A) Discretionary Access Control (DAC) B) Mandatory Access Control (MAC) C) Role-Based Access Control (RBAC) D) Attribute-Based Access Control (ABAC) Answer: C Explanation: RBAC assigns permissions to roles rather than individual users, simplifying management. Question 11. Which of the following protocols provides confidentiality, integrity, and authentication for web traffic? A) HTTP B) FTP C) TLS
D) Telnet Answer: C Explanation: Transport Layer Security (TLS) encrypts data, ensures integrity via MACs, and authenticates parties using certificates. Question 12. In a VPN, which protocol is primarily responsible for establishing a secure tunnel between two endpoints? A) PPTP B) L2TP C) IPsec D) DHCP Answer: C Explanation: IPsec provides authentication, encryption, and key exchange to create a secure IP tunnel. Question 13. Which of the following best describes a zero-day vulnerability? A) A flaw that has been patched by the vendor B) A vulnerability known to the public for over a year C) An undisclosed flaw that attackers can exploit before a fix is released D) A security issue that only affects legacy systems Answer: C Explanation: Zero-day vulnerabilities are unknown to the vendor and lack available patches, making them highly exploitable. Question 14. Which security model enforces the “no write-down” rule to protect data confidentiality?
Explanation: Phishing manipulates users into revealing credentials or installing malware, relying on human trust. Question 17. Which type of malware encrypts a victim’s files and demands payment for the decryption key? A) Trojan horse B) Worm C) Ransomware D) Spyware Answer: C Explanation: Ransomware locks or encrypts data and extorts the victim for a ransom to restore access. Question 18. In wireless security, which protocol superseded WPA2 and provides stronger encryption using the 802.11ax standard? A) WEP B) WPA C) WPA D] TKIP Answer: C Explanation: WPA3 introduces Simultaneous Authentication of Equals (SAE) and 192 - bit security suites, improving upon WPA2. Question 19. Which of the following best describes a “sandbox” in the context of malware analysis? A) A hardware firewall appliance B) An isolated environment where code can be executed safely
C) A type of ransomware that spreads via email D) A network segment used for guest Wi-Fi Answer: B Explanation: Sandboxes provide a controlled environment to observe malicious behavior without risking production systems. Question 20. The principle of “least privilege” dictates that users should be granted: A) All permissions needed for any possible future task B) Only the permissions necessary to perform their current job functions C) Administrative rights by default D) No access to any resources until explicitly denied Answer: B Explanation: Least privilege limits user rights to the minimum required, reducing the attack surface. Question 21. Which of the following is a common method for protecting against replay attacks? A) Using static passwords B) Implementing timestamps or nonces in communication C) Disabling encryption D) Allowing unlimited login attempts Answer: B Explanation: Timestamps or nonces ensure each transaction is unique, preventing attackers from reusing captured data.
Answer: B Explanation: Digital signatures bind a signer’s private key to a message hash, ensuring authenticity and integrity while preventing denial. Question 25. Which of the following techniques is used to hide the existence of a network service from external scanning? A) Port forwarding B) Port knocking C) NAT traversal D) DHCP snooping Answer: B Explanation: Port knocking requires a specific sequence of connection attempts before opening a port, obscuring the service from casual scans. Question 26. A security analyst notices that a server is generating a large number of SYN packets without completing the three-way handshake. Which type of attack is likely occurring? A) SYN flood (DoS) B) ARP poisoning C) DNS amplification D) Smurf attack Answer: A Explanation: A SYN flood overwhelms a target with half-opened connections, exhausting resources and causing denial of service. Question 27. Which of the following best describes “defense in depth”? A) Relying on a single, strong firewall
B) Implementing multiple, overlapping security controls at different layers C) Using encryption only for data at rest D) Outsourcing all security functions to a third party Answer: B Explanation: Defense in depth layers protective mechanisms (network, host, application, data) to provide redundancy and resilience. Question 28. In a PKI, which entity is responsible for issuing digital certificates to users? A) Registration Authority (RA) B) Certificate Authority (CA) C) Key Management Server (KMS) D) Trust Anchor Answer: B Explanation: The CA signs and issues certificates, establishing trust relationships within the PKI. Question 29. Which of the following is a primary advantage of using elliptic curve cryptography (ECC) over RSA? A) ECC requires longer keys for equivalent security B) ECC is vulnerable to quantum attacks C) ECC provides comparable security with shorter key lengths, reducing computational load D) ECC cannot be used for digital signatures Answer: C Explanation: ECC achieves strong security with smaller keys, leading to faster operations and lower bandwidth usage.
Answer: B Explanation: Honeypots simulate vulnerable assets to lure attackers, enabling observation and intelligence gathering. Question 33. In the context of the CIA triad, which of the following controls primarily addresses availability? A) Access control lists (ACLs) B) Redundant server clusters and load balancers C) Encryption of data at rest D) Digital signatures Answer: B Explanation: Redundancy and load balancing ensure services remain accessible even during failures or attacks. Question 34. Which of the following protocols is used for secure remote command-line access to network devices? A) Telnet B) FTP C) SSH D) HTTP Answer: C Explanation: Secure Shell (SSH) encrypts session data, providing confidentiality and integrity for remote management. Question 35. Which of the following is a characteristic of a “logic bomb”? A) It spreads automatically across the network
B) It activates when a specific condition is met C) It encrypts files for ransom D) It modifies DNS records Answer: B Explanation: Logic bombs remain dormant until a trigger condition (date, event, command) causes execution. Question 36. Which of the following best describes a “sandbox escape” in malware analysis? A) Malware fails to execute inside a sandbox B) Malware detects the sandbox and terminates C) Malware breaks out of the isolated environment to affect the host system D) Sandbox software crashes due to memory overload Answer: C Explanation: A sandbox escape allows malicious code to bypass isolation, compromising the underlying system. Question 37. Which of the following is an example of a physical security control? A) Firewall rule set B) Biometric access card reader C) Encryption algorithm D) Intrusion detection system Answer: B Explanation: Biometric readers physically restrict entry to authorized personnel, constituting a physical control.
D) Encryption keys should be stored in plaintext Answer: A Explanation: Fail-safe defaults start with a secure baseline, granting permissions only when explicitly authorized. Question 41. In a network, which device operates at Layer 2 and uses MAC addresses to forward frames? A) Router B) Switch C) Firewall D) Load balancer Answer: B Explanation: Switches operate at the Data Link layer, learning and forwarding frames based on MAC addresses. Question 42. Which of the following is the most common method for identifying compromised credentials in an organization? A) Conducting regular password complexity audits B) Monitoring for anomalous login patterns and failed attempts C) Disabling all user accounts weekly D) Using static IP addresses for all users Answer: B Explanation: Anomalous login behavior (geographic anomalies, time-of-day spikes) often signals credential compromise. Question 43. Which of the following protocols is used to securely distribute encryption keys for Wi-Fi networks?
C) WPA2-Enterprise (802.1X) D) OpenVPN Answer: C Explanation: WPA2-Enterprise utilizes 802.1X authentication with a RADIUS server to dynamically provide session keys. Question 44. Which of the following best describes “shadow IT”? A) Officially approved IT services managed by the security team B) Unauthorized hardware or software used by employees without IT oversight C) Legacy systems that are slated for decommission D) Cloud services that are fully encrypted Answer: B Explanation: Shadow IT refers to unsanctioned technology that bypasses security policies, creating hidden risk. Question 45. Which of the following is a primary benefit of using a “jump server” (or bastion host) in a secure environment? A) It provides a public web interface for all users B) It isolates administrative access to critical systems behind a hardened host C) It replaces the need for network firewalls D) It automatically patches all servers in the network Answer: B Explanation: A bastion host is a hardened system that serves as a controlled entry point for administrators, reducing exposure.
C) The network diagram of the organization D) The incident response plan Answer: B Explanation: The SoA records the controls chosen from Annex A, justifying their inclusion or exclusion. Question 49. Which of the following is a primary function of a “Security Information and Event Management (SIEM)” system? A) Encrypting data at rest B) Correlating logs from multiple sources to detect security incidents C) Providing VPN connectivity to remote users D) Managing user passwords across the enterprise Answer: B Explanation: SIEM platforms aggregate, analyze, and correlate log data to identify potential threats in real time. Question 50. Which of the following best describes “privilege escalation” in the context of an attack? A) An attacker gains higher-level permissions than originally assigned B) A user voluntarily gives up admin rights C) A firewall blocks all outbound traffic D) An application updates to a newer version Answer: A Explanation: Privilege escalation allows attackers to move from limited to elevated rights, enabling broader compromise.
Question 51. Which of the following is a characteristic of a “stateful” firewall compared to a “stateless” one? A) It does not keep track of connection states B) It examines only the packet header C) It maintains session information to make filtering decisions based on traffic context D) It operates exclusively at Layer 7 Answer: C Explanation: Stateful firewalls track active connections, allowing more granular and context-aware rule enforcement. Question 52. Which of the following is the most common reason for a “man-in-the-browser” attack to succeed? A) Weak encryption algorithms in TLS B) Users clicking on malicious browser extensions or plug-ins C) Unpatched router firmware D) Use of IPv6 addressing Answer: B Explanation: Malicious browser extensions can inject code, enabling the attacker to intercept and modify web traffic. Question 53. Which of the following best explains the purpose of “network segmentation”? A) To increase bandwidth for all devices B) To isolate sensitive assets, limiting lateral movement of attackers C) To replace firewalls entirely D) To provide a single flat network for easier management