IST-266 Test 3 Study Guide
Information Security & Cybersecurity
Comprehensive Practice Review
110 Questions and Answers | 2026 Update | With Complete Solutions
NICE Framework | CompTIA Security+ (SY0-701) | NIST CSF 2.0 | ISO/IEC 27000 Series
Total Questions 110 Multiple Choice (A-D)
Sections 5 Sections, 22 Questions Each
Cognitive Levels 30% Recall (AO1) | 50% Application (AO2) | 20% Analysis (AO3)
Question Style 75% Scenario-Based | 25% Direct Knowledge
Scoring 1 Point per Question | No Negative Marking
Standards NIST SP 800-181, NIST SP 800-61, SY0-701, ISO 27001, GDPR, HIPAA, PCI-DSS
Page 1
,Contents
Section 1: Network Security Fundamentals & Protocol Hardening (Q1-Q22)
Section 2: Cryptography, PKI & Data Protection Mechanisms (Q23-Q44)
Section 3: Access Control, Authentication & Identity Management (Q45-Q66)
Section 4: Threat Intelligence, Vulnerability Management & Incident Response (Q67-Q88)
Section 5: Security Governance, Risk Assessment, Compliance & Ethics (Q89-Q110)
Page 2
, Section 1: Network Security Fundamentals & Protocol Hardening (Q1-Q22)
This section covers OSI/TCP-IP security implications, firewall types (stateful, NGFW, WAF), IDS/IPS deployment modes, VLAN
segmentation, secure routing protocols, wireless security (WPA3, 802.1X), protocol hardening, DMZ architecture, and network
access control fundamentals.
Q1: Which OSI layer is responsible for end-to-end encryption and session management between applications?
A. Transport layer [CORRECT]
B. Session layer
C. Presentation layer
D. Application layer
Correct Answer: A
Rationale: The transport layer (Layer 4) provides end-to-end communication services including segmentation and optional
encryption via protocols like TLS. The session layer manages dialogues, and the presentation layer handles data formatting and
encryption at the application interface level.
Q2: A stateful inspection firewall maintains a state table to track which type of information?
A. DNS resolution records for all domains
B. Active connection states including source/destination IP, ports, and TCP sequence numbers [CORRECT]
C. MAC addresses of all devices on the local network
D. SSL/TLS certificate expiration dates
Correct Answer: B
Rationale: Stateful firewalls track the state of active connections by maintaining a table of source/destination IP addresses, port
numbers, TCP sequence numbers, and connection status. This allows them to distinguish legitimate return traffic from unsolicited
inbound packets, unlike stateless packet filters that examine each packet independently.
Q3: Which protocol provides secure remote access by encrypting all traffic, including the authentication credentials?
A. Telnet
B. FTP
C. SSH [CORRECT]
D. RDP
Correct Answer: C
Rationale: SSH (Secure Shell) encrypts all traffic including authentication credentials using strong cryptographic protocols.
Telnet and FTP transmit credentials in plaintext, and RDP, while supporting encryption, defaults to configurations that may be
less secure than SSH's mandatory encryption.
Q4: A network administrator deploys a Web Application Firewall (WAF). At which layer of the OSI model does this
device primarily operate?
A. Layer 3 (Network)
B. Layer 4 (Transport)
C. Layer 7 (Application) [CORRECT]
D. Layer 2 (Data Link)
Correct Answer: C
Rationale: A WAF operates at Layer 7, inspecting HTTP/HTTPS traffic for web-specific attack patterns such as SQL injection,
XSS, and CSRF. Unlike network firewalls that filter on IP addresses and ports, WAFs understand web application logic and can
block malicious application-layer requests.
Q5: Which VLAN segmentation strategy isolates guest wireless traffic from the corporate network?
A. Port-based VLAN assignment
B. Dynamic VLAN using MAC authentication [CORRECT]
C. VLAN hopping via double tagging
D. Router-on-a-stick configuration
Correct Answer: B
Page 3
Information Security & Cybersecurity
Comprehensive Practice Review
110 Questions and Answers | 2026 Update | With Complete Solutions
NICE Framework | CompTIA Security+ (SY0-701) | NIST CSF 2.0 | ISO/IEC 27000 Series
Total Questions 110 Multiple Choice (A-D)
Sections 5 Sections, 22 Questions Each
Cognitive Levels 30% Recall (AO1) | 50% Application (AO2) | 20% Analysis (AO3)
Question Style 75% Scenario-Based | 25% Direct Knowledge
Scoring 1 Point per Question | No Negative Marking
Standards NIST SP 800-181, NIST SP 800-61, SY0-701, ISO 27001, GDPR, HIPAA, PCI-DSS
Page 1
,Contents
Section 1: Network Security Fundamentals & Protocol Hardening (Q1-Q22)
Section 2: Cryptography, PKI & Data Protection Mechanisms (Q23-Q44)
Section 3: Access Control, Authentication & Identity Management (Q45-Q66)
Section 4: Threat Intelligence, Vulnerability Management & Incident Response (Q67-Q88)
Section 5: Security Governance, Risk Assessment, Compliance & Ethics (Q89-Q110)
Page 2
, Section 1: Network Security Fundamentals & Protocol Hardening (Q1-Q22)
This section covers OSI/TCP-IP security implications, firewall types (stateful, NGFW, WAF), IDS/IPS deployment modes, VLAN
segmentation, secure routing protocols, wireless security (WPA3, 802.1X), protocol hardening, DMZ architecture, and network
access control fundamentals.
Q1: Which OSI layer is responsible for end-to-end encryption and session management between applications?
A. Transport layer [CORRECT]
B. Session layer
C. Presentation layer
D. Application layer
Correct Answer: A
Rationale: The transport layer (Layer 4) provides end-to-end communication services including segmentation and optional
encryption via protocols like TLS. The session layer manages dialogues, and the presentation layer handles data formatting and
encryption at the application interface level.
Q2: A stateful inspection firewall maintains a state table to track which type of information?
A. DNS resolution records for all domains
B. Active connection states including source/destination IP, ports, and TCP sequence numbers [CORRECT]
C. MAC addresses of all devices on the local network
D. SSL/TLS certificate expiration dates
Correct Answer: B
Rationale: Stateful firewalls track the state of active connections by maintaining a table of source/destination IP addresses, port
numbers, TCP sequence numbers, and connection status. This allows them to distinguish legitimate return traffic from unsolicited
inbound packets, unlike stateless packet filters that examine each packet independently.
Q3: Which protocol provides secure remote access by encrypting all traffic, including the authentication credentials?
A. Telnet
B. FTP
C. SSH [CORRECT]
D. RDP
Correct Answer: C
Rationale: SSH (Secure Shell) encrypts all traffic including authentication credentials using strong cryptographic protocols.
Telnet and FTP transmit credentials in plaintext, and RDP, while supporting encryption, defaults to configurations that may be
less secure than SSH's mandatory encryption.
Q4: A network administrator deploys a Web Application Firewall (WAF). At which layer of the OSI model does this
device primarily operate?
A. Layer 3 (Network)
B. Layer 4 (Transport)
C. Layer 7 (Application) [CORRECT]
D. Layer 2 (Data Link)
Correct Answer: C
Rationale: A WAF operates at Layer 7, inspecting HTTP/HTTPS traffic for web-specific attack patterns such as SQL injection,
XSS, and CSRF. Unlike network firewalls that filter on IP addresses and ports, WAFs understand web application logic and can
block malicious application-layer requests.
Q5: Which VLAN segmentation strategy isolates guest wireless traffic from the corporate network?
A. Port-based VLAN assignment
B. Dynamic VLAN using MAC authentication [CORRECT]
C. VLAN hopping via double tagging
D. Router-on-a-stick configuration
Correct Answer: B
Page 3
