ITS Cybersecurity Practice Exam (QUESTIONS
WITH 100% CORRECT ANSWERS
A self-propagating malicious code that can propagate to other systems on the network and consume
resources that could lead to a denial-of-service attack is called a _____.
worm
A computer malware code that replicates itself on the target computer and spreads through the
network causing damage and distributing additional harmful payloads is called a _____.
virus
A program that appears to be useful or harmless but contains hidden code that can compromise the
target system on which it runs is called a _____.
Trojan horse
What are the two classes of encryption algorithms? (Choose 2.)
Asymmetric
Symmetric
Which algorithm is a one-way mathematical function that is used to provide data integrity?
SHA-2
Why is it important to block incoming IP broadcast addresses and reserved private IP addresses from
entering your network?
These types of addresses are easier to use for IP spoofing attacks.
You are a junior cybersecurity analyst. An employee reports to you that her laptop was stolen. For
which three reasons should you escalate this event to the Computer Security Incident Response Team
(CSIRT)? (Choose 3.)
Potential network disruption or denial of service
Exposure of sensitive or confidential information
Unauthorized use of resources
Which classification of alert should be escalated to security investigators?
True positive
Which term refers to the combined sum of all potential threat vectors in defense-in-depth security?
Attack surface
You receive an email from your teacher that has a link to a class poll for a pizza party. You click the
link which takes you to the school portal to log in. Later, you discover this was a phishing email and
your credentials were stolen. Which part of the CIA Triad was compromised in this attack?
Confidentiality
A major power surge occurs in the middle of making authorized changes to the company payroll
server which results in equipment failure. The equipment is replaced and the data is restored from a
previous, good backup. Which part of the CIA Triad was preserved?
, Availability
Which two states of data domains would require encryption and hashing to secure the data? (Choose
2.)
Data at rest
Data in transit
In which order should you collect digital evidence from a computer system?
Contents of RAM, Contents of Fixed Disk, Archived Backup
Which type of attack substitutes a source IP address to impersonate a legitimate computer system?
IP Spoofing
In a DHCP __ attack, threat actors configure a fake DHCP server on the network to issue DHCP
addresses to clients.
spoofing
In a DHCP __ attack, threat actors flood the DHCP server with DHCP requests to use up all the
available IP addresses that the legitimate DHCP server can issue.
starvation
In a DNS __ attack, threat actors use publicly accessible open DNS servers to flood a target with DNS
response traffic.
amplification
In a DNS __ attack, threat actors change the A record for your domain's IP address to point to a
predetermined address of their choice.
hijacking
An attacker on the local network is forwarding packets that associate the MAC address of the
attacker's computer with the IP address of a legitimate server. Which type of attack is taking place?
ARP Spoofing
An attacker has connected a laptop to a wireless network and attempts to lease all available IP
addresses from the DHCP server. Which type of attack is occurring?
DHCP Starvation
An attacker has overwhelmed a server by sending more GET requests than the server can process.
This results in a successful DoS attack. Which type of attack has occurred?
HTTP flooding
_____ is used to find vulnerabilities within a computer system.
Penetration testing
Establish the incident response team.
WITH 100% CORRECT ANSWERS
A self-propagating malicious code that can propagate to other systems on the network and consume
resources that could lead to a denial-of-service attack is called a _____.
worm
A computer malware code that replicates itself on the target computer and spreads through the
network causing damage and distributing additional harmful payloads is called a _____.
virus
A program that appears to be useful or harmless but contains hidden code that can compromise the
target system on which it runs is called a _____.
Trojan horse
What are the two classes of encryption algorithms? (Choose 2.)
Asymmetric
Symmetric
Which algorithm is a one-way mathematical function that is used to provide data integrity?
SHA-2
Why is it important to block incoming IP broadcast addresses and reserved private IP addresses from
entering your network?
These types of addresses are easier to use for IP spoofing attacks.
You are a junior cybersecurity analyst. An employee reports to you that her laptop was stolen. For
which three reasons should you escalate this event to the Computer Security Incident Response Team
(CSIRT)? (Choose 3.)
Potential network disruption or denial of service
Exposure of sensitive or confidential information
Unauthorized use of resources
Which classification of alert should be escalated to security investigators?
True positive
Which term refers to the combined sum of all potential threat vectors in defense-in-depth security?
Attack surface
You receive an email from your teacher that has a link to a class poll for a pizza party. You click the
link which takes you to the school portal to log in. Later, you discover this was a phishing email and
your credentials were stolen. Which part of the CIA Triad was compromised in this attack?
Confidentiality
A major power surge occurs in the middle of making authorized changes to the company payroll
server which results in equipment failure. The equipment is replaced and the data is restored from a
previous, good backup. Which part of the CIA Triad was preserved?
, Availability
Which two states of data domains would require encryption and hashing to secure the data? (Choose
2.)
Data at rest
Data in transit
In which order should you collect digital evidence from a computer system?
Contents of RAM, Contents of Fixed Disk, Archived Backup
Which type of attack substitutes a source IP address to impersonate a legitimate computer system?
IP Spoofing
In a DHCP __ attack, threat actors configure a fake DHCP server on the network to issue DHCP
addresses to clients.
spoofing
In a DHCP __ attack, threat actors flood the DHCP server with DHCP requests to use up all the
available IP addresses that the legitimate DHCP server can issue.
starvation
In a DNS __ attack, threat actors use publicly accessible open DNS servers to flood a target with DNS
response traffic.
amplification
In a DNS __ attack, threat actors change the A record for your domain's IP address to point to a
predetermined address of their choice.
hijacking
An attacker on the local network is forwarding packets that associate the MAC address of the
attacker's computer with the IP address of a legitimate server. Which type of attack is taking place?
ARP Spoofing
An attacker has connected a laptop to a wireless network and attempts to lease all available IP
addresses from the DHCP server. Which type of attack is occurring?
DHCP Starvation
An attacker has overwhelmed a server by sending more GET requests than the server can process.
This results in a successful DoS attack. Which type of attack has occurred?
HTTP flooding
_____ is used to find vulnerabilities within a computer system.
Penetration testing
Establish the incident response team.
