LATEST CYBERSECURITY (SECURITY+, CISSP) ACTUAL
QUESTIONS AND 100% CORRECT ANSWERS WITH
LATEST VERSION.
1. A security analyst observes that encrypted traffic between two internal systems is
being intercepted and altered without detection. Which attack is MOST likely
occurring?
A. Replay attack
B. Man-in-the-middle attack
C. ARP poisoning
D. DNS tunneling
Correct Answer: B
Explanation: A man-in-the-middle attack allows interception and modification of
communication between two parties. Replay attacks reuse captured data, ARP
poisoning targets local networks, and DNS tunneling is used for covert data
exfiltration.
2. Which cryptographic algorithm is BEST suited for ensuring data integrity?
A. AES
B. RSA
C. SHA-256
D. Diffie-Hellman
Correct Answer: C
Explanation: SHA-256 is a hashing algorithm used for integrity. AES is for
encryption, RSA for encryption/signatures, and Diffie-Hellman for key exchange.
3. A company wants to implement least privilege access. What is the PRIMARY goal?
A. Increase system performance
B. Limit user access rights to only what is necessary
C. Eliminate authentication mechanisms
D. Provide full administrative access
Correct Answer: B
Explanation: Least privilege ensures users have only the access needed. Other
options either reduce security or are unrelated.
4. Which security model focuses on maintaining confidentiality through classification
levels?
A. Bell-LaPadula
B. Biba
C. Clark-Wilson
D. Brewer-Nash
, Correct Answer: A
Explanation: Bell-LaPadula enforces confidentiality. Biba focuses on integrity, Clark-
Wilson on transactions, Brewer-Nash on conflict of interest.
5. What is the PRIMARY purpose of salting passwords?
A. Encrypt passwords
B. Speed up hashing
C. Prevent rainbow table attacks
D. Compress password storage
Correct Answer: C
Explanation: Salting adds randomness to prevent precomputed hash attacks. It does
not encrypt or compress passwords.
6. Which protocol provides secure remote login over an insecure network?
A. FTP
B. Telnet
C. SSH
D. SNMP
Correct Answer: C
Explanation: SSH encrypts remote sessions. Telnet and FTP are insecure, SNMP is
for management.
7. A zero-day vulnerability refers to:
A. A vulnerability patched immediately
B. A known vulnerability with no exploit
C. An unknown vulnerability with no available fix
D. A vulnerability affecting zero users
Correct Answer: C
Explanation: Zero-day vulnerabilities are unknown to vendors and lack patches,
making them highly dangerous.
8. Which type of malware is designed to appear as legitimate software?
A. Worm
B. Trojan
C. Ransomware
D. Rootkit
Correct Answer: B
Explanation: Trojans disguise themselves as legitimate programs. Worms spread
automatically, ransomware encrypts data, rootkits hide access.
,9. What is the MAIN function of a firewall?
A. Encrypt data
B. Monitor and control network traffic
C. Detect malware signatures
D. Authenticate users
Correct Answer: B
Explanation: Firewalls filter traffic based on rules. Encryption and authentication are
separate functions.
10. Which attack exploits trust relationships between systems?
A. Phishing
B. Spoofing
C. Session hijacking
D. SQL injection
Correct Answer: B
Explanation: Spoofing impersonates trusted entities. Others involve different attack
vectors.
11. Which concept ensures that data is accessible when needed?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
Correct Answer: C
Explanation: Availability ensures systems/data are accessible. Confidentiality
protects secrecy, integrity ensures accuracy.
12. Which encryption method uses the same key for encryption and decryption?
A. Asymmetric encryption
B. Symmetric encryption
C. Hashing
D. Digital signature
Correct Answer: B
Explanation: Symmetric encryption uses one key. Asymmetric uses two keys.
13. What is the PRIMARY purpose of a digital signature?
A. Encrypt data
B. Ensure confidentiality
C. Verify authenticity and integrity
D. Compress files
Correct Answer: C
Explanation: Digital signatures validate sender identity and data integrity.
, 14. Which attack involves injecting malicious SQL code?
A. XSS
B. CSRF
C. SQL Injection
D. Buffer overflow
Correct Answer: C
Explanation: SQL injection targets databases via malicious queries.
15. What is a risk assessment primarily used for?
A. Eliminating all risks
B. Identifying and evaluating risks
C. Encrypting sensitive data
D. Monitoring user activity
Correct Answer: B
Explanation: Risk assessment identifies and evaluates risks, not eliminates them
completely.
16. Which control type is intended to discourage violations?
A. Detective
B. Preventive
C. Deterrent
D. Corrective
Correct Answer: C
Explanation: Deterrent controls discourage attacks (e.g., warning signs).
17. What is the purpose of multi-factor authentication?
A. Reduce login time
B. Use multiple passwords
C. Increase security by combining factors
D. Eliminate passwords
Correct Answer: C
Explanation: MFA uses multiple factors (something you know, have, are) for stronger
security.
18. Which protocol is used for secure web browsing?
A. HTTP
B. FTP
C. HTTPS
D. SMTP
QUESTIONS AND 100% CORRECT ANSWERS WITH
LATEST VERSION.
1. A security analyst observes that encrypted traffic between two internal systems is
being intercepted and altered without detection. Which attack is MOST likely
occurring?
A. Replay attack
B. Man-in-the-middle attack
C. ARP poisoning
D. DNS tunneling
Correct Answer: B
Explanation: A man-in-the-middle attack allows interception and modification of
communication between two parties. Replay attacks reuse captured data, ARP
poisoning targets local networks, and DNS tunneling is used for covert data
exfiltration.
2. Which cryptographic algorithm is BEST suited for ensuring data integrity?
A. AES
B. RSA
C. SHA-256
D. Diffie-Hellman
Correct Answer: C
Explanation: SHA-256 is a hashing algorithm used for integrity. AES is for
encryption, RSA for encryption/signatures, and Diffie-Hellman for key exchange.
3. A company wants to implement least privilege access. What is the PRIMARY goal?
A. Increase system performance
B. Limit user access rights to only what is necessary
C. Eliminate authentication mechanisms
D. Provide full administrative access
Correct Answer: B
Explanation: Least privilege ensures users have only the access needed. Other
options either reduce security or are unrelated.
4. Which security model focuses on maintaining confidentiality through classification
levels?
A. Bell-LaPadula
B. Biba
C. Clark-Wilson
D. Brewer-Nash
, Correct Answer: A
Explanation: Bell-LaPadula enforces confidentiality. Biba focuses on integrity, Clark-
Wilson on transactions, Brewer-Nash on conflict of interest.
5. What is the PRIMARY purpose of salting passwords?
A. Encrypt passwords
B. Speed up hashing
C. Prevent rainbow table attacks
D. Compress password storage
Correct Answer: C
Explanation: Salting adds randomness to prevent precomputed hash attacks. It does
not encrypt or compress passwords.
6. Which protocol provides secure remote login over an insecure network?
A. FTP
B. Telnet
C. SSH
D. SNMP
Correct Answer: C
Explanation: SSH encrypts remote sessions. Telnet and FTP are insecure, SNMP is
for management.
7. A zero-day vulnerability refers to:
A. A vulnerability patched immediately
B. A known vulnerability with no exploit
C. An unknown vulnerability with no available fix
D. A vulnerability affecting zero users
Correct Answer: C
Explanation: Zero-day vulnerabilities are unknown to vendors and lack patches,
making them highly dangerous.
8. Which type of malware is designed to appear as legitimate software?
A. Worm
B. Trojan
C. Ransomware
D. Rootkit
Correct Answer: B
Explanation: Trojans disguise themselves as legitimate programs. Worms spread
automatically, ransomware encrypts data, rootkits hide access.
,9. What is the MAIN function of a firewall?
A. Encrypt data
B. Monitor and control network traffic
C. Detect malware signatures
D. Authenticate users
Correct Answer: B
Explanation: Firewalls filter traffic based on rules. Encryption and authentication are
separate functions.
10. Which attack exploits trust relationships between systems?
A. Phishing
B. Spoofing
C. Session hijacking
D. SQL injection
Correct Answer: B
Explanation: Spoofing impersonates trusted entities. Others involve different attack
vectors.
11. Which concept ensures that data is accessible when needed?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
Correct Answer: C
Explanation: Availability ensures systems/data are accessible. Confidentiality
protects secrecy, integrity ensures accuracy.
12. Which encryption method uses the same key for encryption and decryption?
A. Asymmetric encryption
B. Symmetric encryption
C. Hashing
D. Digital signature
Correct Answer: B
Explanation: Symmetric encryption uses one key. Asymmetric uses two keys.
13. What is the PRIMARY purpose of a digital signature?
A. Encrypt data
B. Ensure confidentiality
C. Verify authenticity and integrity
D. Compress files
Correct Answer: C
Explanation: Digital signatures validate sender identity and data integrity.
, 14. Which attack involves injecting malicious SQL code?
A. XSS
B. CSRF
C. SQL Injection
D. Buffer overflow
Correct Answer: C
Explanation: SQL injection targets databases via malicious queries.
15. What is a risk assessment primarily used for?
A. Eliminating all risks
B. Identifying and evaluating risks
C. Encrypting sensitive data
D. Monitoring user activity
Correct Answer: B
Explanation: Risk assessment identifies and evaluates risks, not eliminates them
completely.
16. Which control type is intended to discourage violations?
A. Detective
B. Preventive
C. Deterrent
D. Corrective
Correct Answer: C
Explanation: Deterrent controls discourage attacks (e.g., warning signs).
17. What is the purpose of multi-factor authentication?
A. Reduce login time
B. Use multiple passwords
C. Increase security by combining factors
D. Eliminate passwords
Correct Answer: C
Explanation: MFA uses multiple factors (something you know, have, are) for stronger
security.
18. Which protocol is used for secure web browsing?
A. HTTP
B. FTP
C. HTTPS
D. SMTP
