IC3 GS6 Level 2 – Digital Literacy
Certification Actual Exam Questions &
Answers with Rationales 2026/2027 100%
Correct | Pass Guaranteed | Grade A
Q01 Which of the following is the most secure way to create a strong password?
Answer: Use a passphrase with a combination of uppercase letters, lowercase letters, numbers,
and symbols (at least 16 characters)
Rationale: Modern security guidelines (NIST SP 800-63B) strongly recommend long
passphrases over complex short passwords because they are harder to crack via brute-force or
dictionary attacks while being easier to remember.
Q02 What is the primary purpose of two-factor authentication (2FA)?
Answer: To add an additional layer of security beyond just a password
Rationale: 2FA requires two different types of credentials: something you know (password) +
something you have (phone, authenticator app, hardware token), significantly reducing the risk
of unauthorized access even if the password is compromised.
Q03 Which of the following email behaviors is the strongest indicator of a phishing attempt?
Answer: The message contains an urgent request to click a link to verify account or update
payment information
Rationale: Phishing emails commonly use social engineering tactics such as urgency, fear, or
authority to trick users into clicking malicious links or providing sensitive information.
Q04 What is the most effective way to protect against ransomware when using cloud storage
services like OneDrive or Google Drive?
, Answer: Enable version history and keep previous file versions for at least 30 days
Rationale: Most major cloud providers keep file versions automatically. In case of ransomware
encryption, you can restore a clean previous version of the file.
Q05 When using public Wi-Fi at a coffee shop, which of the following provides the best
protection for your data?
Answer: Using a reputable VPN service
Rationale: A Virtual Private Network (VPN) encrypts all internet traffic between your device
and the VPN server, protecting your data from being intercepted on untrusted networks.
Q06 Which file type is most likely to contain a macro virus?
Answer: .docm or .xlsm
Rationale: Macro viruses are embedded in documents that support macros (.docm = Word
macro-enabled, .xlsm = Excel macro-enabled). Microsoft has greatly reduced this risk in newer
versions by disabling macros by default.
Q07 What does the term "pharming" refer to in cybersecurity?
Answer: Redirecting users from legitimate websites to fake websites by poisoning DNS cache
Rationale: Pharming attacks occur at the DNS level and do not require the user to click a
malicious link (unlike phishing).
Q08 A colleague receives an email that appears to come from the company CEO asking for an
immediate wire transfer of $5,000. What type of attack is this most likely?
Answer: Business Email Compromise (BEC)
Rationale: BEC is a targeted social engineering attack that impersonates high-level executives to
trick employees into making fraudulent payments.
Certification Actual Exam Questions &
Answers with Rationales 2026/2027 100%
Correct | Pass Guaranteed | Grade A
Q01 Which of the following is the most secure way to create a strong password?
Answer: Use a passphrase with a combination of uppercase letters, lowercase letters, numbers,
and symbols (at least 16 characters)
Rationale: Modern security guidelines (NIST SP 800-63B) strongly recommend long
passphrases over complex short passwords because they are harder to crack via brute-force or
dictionary attacks while being easier to remember.
Q02 What is the primary purpose of two-factor authentication (2FA)?
Answer: To add an additional layer of security beyond just a password
Rationale: 2FA requires two different types of credentials: something you know (password) +
something you have (phone, authenticator app, hardware token), significantly reducing the risk
of unauthorized access even if the password is compromised.
Q03 Which of the following email behaviors is the strongest indicator of a phishing attempt?
Answer: The message contains an urgent request to click a link to verify account or update
payment information
Rationale: Phishing emails commonly use social engineering tactics such as urgency, fear, or
authority to trick users into clicking malicious links or providing sensitive information.
Q04 What is the most effective way to protect against ransomware when using cloud storage
services like OneDrive or Google Drive?
, Answer: Enable version history and keep previous file versions for at least 30 days
Rationale: Most major cloud providers keep file versions automatically. In case of ransomware
encryption, you can restore a clean previous version of the file.
Q05 When using public Wi-Fi at a coffee shop, which of the following provides the best
protection for your data?
Answer: Using a reputable VPN service
Rationale: A Virtual Private Network (VPN) encrypts all internet traffic between your device
and the VPN server, protecting your data from being intercepted on untrusted networks.
Q06 Which file type is most likely to contain a macro virus?
Answer: .docm or .xlsm
Rationale: Macro viruses are embedded in documents that support macros (.docm = Word
macro-enabled, .xlsm = Excel macro-enabled). Microsoft has greatly reduced this risk in newer
versions by disabling macros by default.
Q07 What does the term "pharming" refer to in cybersecurity?
Answer: Redirecting users from legitimate websites to fake websites by poisoning DNS cache
Rationale: Pharming attacks occur at the DNS level and do not require the user to click a
malicious link (unlike phishing).
Q08 A colleague receives an email that appears to come from the company CEO asking for an
immediate wire transfer of $5,000. What type of attack is this most likely?
Answer: Business Email Compromise (BEC)
Rationale: BEC is a targeted social engineering attack that impersonates high-level executives to
trick employees into making fraudulent payments.
