CYBER SECURITY CERT TEST PRACTICE
REVIEW 2026 TESTED QUESTIONS
◉ David is worried about distributed denial of service attacks
against his company's primary web application. Which of the
following options will provide the MOST resilience against large-
scale DDoS attacks?
A. Implement a CDN
B. Increase the number of servers in the web application server
cluster
C. Contract for DDoS mitigation services via the company's IPS
D. Increase the amount of bandwidth available from one or more
ISPs. Answer: A. Implement a CDN
A content delivery network or CDN, run by a major provider can
handle large-scale DDoS attacks more easily than any of the other
solutions.
◉ TCP and UDP reside at which layer of the OSI model?
A. Session
B. Transport
C. Data Link
D. Presentation. Answer: B. Transport
*REFER TO OSI MODEL
,◉ Which type of network is set up similar to the internet but is
private to an organization. Select the MOST appropriate?
A. Extranet
B. VLAN
C. Intranet
D. VPN. Answer: B. VLAN
◉ IDS can be described in terms of what fundamental functional
components?
A. Response
B. Information Sources
C. Analysis
D. All of the choices. Answer: D. All of the choices
◉ Which of the following best describes the type of technology the
team should implement to increase the work effort of buffer
overflow attacks?
A. Address space layout randomization
B. Memory induction application
C. Input memory isolation
D. REad-only memory integrity checks. Answer: A. Address space
layout randomization
,◉ Which of the following types of vulnerabilities cannot be
discovered in the course of a routine vulnerability assessment?
A. Zero-day vulnerability
B. Kernel flaw
C. Buffer overflow
D. File and directory permissions. Answer: A. Zero-day vulnerability
A zero-day vulnerability is one that has been discovered by a
potential adversary but has not yet been publicly disclosed, and as
such is being kept in "escrow". By this definition, it is a type of flaw
that cannot be tested for by any technical means as part of a routine
test, but rather must be discovered independently.
◉ Finance server and Transaction server has restored its original
facility after a disaster. What should be moved in FIRST?
A. Management
B. Most critical systems
C. Most critical functions
D. Least critical function.. Answer: D. Least critical function.
After the primary site has been repaired, the least critical
components are moved in first. This ensures that the primary site is
really ready to resume processing. By doing this, you can validate
that environmental controls, power, and communication links are
working properly. It can also avoid putting the company into another
, disaster. If the less critical functions survive, then the more critical
components of the company can be moved over.
◉ Julie is listening to network traffic and capturing passwords as
they are sent to the authentication server. She plans to use the
passwords as [art of a future attack. What type of attack is this?
A. Brute-force attack
B. Dictionary attack
C. Social engineering attack
D. Replay attack. Answer: D. Replay attack
A replay attack occurs when an intruder obtains and stores
information and later uses it to gain unauthorized access. In this
case, Julie is using a technique called electronic monitoring (sniffing)
to obtain passwords being sent over the wire to an authentication
server. She can later use the passwords to gain access to network
resources. Even if the passwords are encrypted, the retransmission
of valid credentials can be sufficient to obtain access.
◉ When the ISC2 Mail server sends mail to other mail servers it
becomes ___
A. SMTP Server
B. SMTP Peer
C. SMTP Master
D. SMTP Client. Answer: D. SMTP Client
REVIEW 2026 TESTED QUESTIONS
◉ David is worried about distributed denial of service attacks
against his company's primary web application. Which of the
following options will provide the MOST resilience against large-
scale DDoS attacks?
A. Implement a CDN
B. Increase the number of servers in the web application server
cluster
C. Contract for DDoS mitigation services via the company's IPS
D. Increase the amount of bandwidth available from one or more
ISPs. Answer: A. Implement a CDN
A content delivery network or CDN, run by a major provider can
handle large-scale DDoS attacks more easily than any of the other
solutions.
◉ TCP and UDP reside at which layer of the OSI model?
A. Session
B. Transport
C. Data Link
D. Presentation. Answer: B. Transport
*REFER TO OSI MODEL
,◉ Which type of network is set up similar to the internet but is
private to an organization. Select the MOST appropriate?
A. Extranet
B. VLAN
C. Intranet
D. VPN. Answer: B. VLAN
◉ IDS can be described in terms of what fundamental functional
components?
A. Response
B. Information Sources
C. Analysis
D. All of the choices. Answer: D. All of the choices
◉ Which of the following best describes the type of technology the
team should implement to increase the work effort of buffer
overflow attacks?
A. Address space layout randomization
B. Memory induction application
C. Input memory isolation
D. REad-only memory integrity checks. Answer: A. Address space
layout randomization
,◉ Which of the following types of vulnerabilities cannot be
discovered in the course of a routine vulnerability assessment?
A. Zero-day vulnerability
B. Kernel flaw
C. Buffer overflow
D. File and directory permissions. Answer: A. Zero-day vulnerability
A zero-day vulnerability is one that has been discovered by a
potential adversary but has not yet been publicly disclosed, and as
such is being kept in "escrow". By this definition, it is a type of flaw
that cannot be tested for by any technical means as part of a routine
test, but rather must be discovered independently.
◉ Finance server and Transaction server has restored its original
facility after a disaster. What should be moved in FIRST?
A. Management
B. Most critical systems
C. Most critical functions
D. Least critical function.. Answer: D. Least critical function.
After the primary site has been repaired, the least critical
components are moved in first. This ensures that the primary site is
really ready to resume processing. By doing this, you can validate
that environmental controls, power, and communication links are
working properly. It can also avoid putting the company into another
, disaster. If the less critical functions survive, then the more critical
components of the company can be moved over.
◉ Julie is listening to network traffic and capturing passwords as
they are sent to the authentication server. She plans to use the
passwords as [art of a future attack. What type of attack is this?
A. Brute-force attack
B. Dictionary attack
C. Social engineering attack
D. Replay attack. Answer: D. Replay attack
A replay attack occurs when an intruder obtains and stores
information and later uses it to gain unauthorized access. In this
case, Julie is using a technique called electronic monitoring (sniffing)
to obtain passwords being sent over the wire to an authentication
server. She can later use the passwords to gain access to network
resources. Even if the passwords are encrypted, the retransmission
of valid credentials can be sufficient to obtain access.
◉ When the ISC2 Mail server sends mail to other mail servers it
becomes ___
A. SMTP Server
B. SMTP Peer
C. SMTP Master
D. SMTP Client. Answer: D. SMTP Client
