CYBER SECURITY FUNDAMENTALS EXAM 2 - (60 QUESTIONS) UP-
TO-DATE ACTUAL EXAM QUESTIONS AND 100% ACCURATE
SOLUTIONS | VERIFIED ANSWERS - INSTANT PDF DOWNLOAD
Candidate Name: ________________________________
Candidate ID: ________________________________
Date: ________________________________
Examination Centre: ________________________________
Time Allocation: 90 Minutes
Total Questions: 60
Instructions: Answer all questions. Select the most appropriate answer for each
question.
Core Competency Areas:
• Network Security Principles
• Cryptography and Encryption
• Threats, Vulnerabilities, and Attacks
• Identity and Access Management
• Security Operations and Incident Response
• Risk Management and Compliance
Candidate Instructions:
This examination evaluates foundational knowledge and applied
understanding of cybersecurity principles across modern digital
environments. Candidates are expected to analyze scenarios involving threats,
vulnerabilities, and defensive strategies. The exam consists of approximately
60 multiple-choice questions to be completed within 90 minutes. Each
question requires careful evaluation of technical and contextual details.
Choose the best possible answer for each scenario. No external materials are
permitted. Ensure all responses are recorded clearly.
, Introduction:
This assessment is designed to measure a candidate’s competency in core
cybersecurity fundamentals, including risk mitigation, network defense, and
secure system design. The exam reflects current industry practices and
emerging threat landscapes. It emphasizes real-world application of
knowledge rather than rote memorization. This document is an original
simulation inspired by standard cybersecurity certification formats and is
intended solely for educational and preparation purposes.
Q1. A company implements a firewall but still experiences unauthorized data
exfiltration via encrypted traffic. What is the MOST effective solution?
A. Disable HTTPS traffic
B. Implement Deep Packet Inspection (DPI) with SSL/TLS inspection
C. Block all outbound traffic
D. Use NAT filtering only
Correct Answer: B. Implement Deep Packet Inspection (DPI) with
SSL/TLS inspection
Explanation: DPI with SSL/TLS inspection allows inspection of encrypted
traffic to detect hidden threats. A is impractical, C disrupts operations, and D
does not address encrypted payloads.
Q2. An attacker uses stolen credentials to access a system without triggering
alerts. Which control would BEST mitigate this risk?
A. Password complexity rules
B. Multi-Factor Authentication (MFA)
C. Antivirus software
D. Network segmentation
Correct Answer: B. Multi-Factor Authentication (MFA)
Explanation: MFA adds an additional authentication layer, preventing
access even if credentials are compromised. A alone is insufficient, C is
unrelated, and D limits spread but not access.
Q3. Which attack exploits trust between two systems to gain unauthorized
access?
A. Phishing
,B. Man-in-the-Middle
C. Spoofing
D. SQL Injection
Correct Answer: C. Spoofing
Explanation: Spoofing impersonates a trusted entity. MITM intercepts
communication, phishing targets users, and SQL injection targets databases.
Q4. A system logs multiple failed login attempts from different IP addresses.
What attack is MOST likely occurring?
A. Brute force
B. Dictionary attack
C. Credential stuffing
D. DoS attack
Correct Answer: C. Credential stuffing
Explanation: Credential stuffing uses multiple IPs with known credentials.
Brute force is sequential, dictionary uses wordlists, DoS targets availability.
Q5. What is the PRIMARY purpose of hashing in cybersecurity?
A. Encrypt data
B. Ensure data integrity
C. Compress data
D. Speed up transmission
Correct Answer: B. Ensure data integrity
Explanation: Hashing verifies data integrity. It is not reversible (unlike
encryption), nor used for compression or speed.
Q6. Which protocol provides secure remote login over an unsecured network?
A. FTP
B. Telnet
C. SSH
D. HTTP
, Correct Answer: C. SSH
Explanation: SSH encrypts remote sessions. Telnet is insecure, FTP
transfers files, HTTP is web-based.
Q7. A vulnerability scan identifies outdated software. What is the BEST
remediation step?
A. Ignore if system is stable
B. Apply patches and updates
C. Disable antivirus
D. Change passwords
Correct Answer: B. Apply patches and updates
Explanation: Patching fixes known vulnerabilities. Other options do not
address the root issue.
Q8. What type of malware disguises itself as legitimate software?
A. Worm
B. Trojan
C. Ransomware
D. Spyware
Correct Answer: B. Trojan
Explanation: Trojans appear legitimate to trick users. Worms self-
propagate, ransomware encrypts data, spyware monitors activity.
Q9. Which principle ensures users only have access to necessary resources?
A. Separation of duties
B. Least privilege
C. Defense in depth
D. Zero trust
Correct Answer: B. Least privilege
Explanation: Least privilege restricts access. Others are broader security
strategies.
TO-DATE ACTUAL EXAM QUESTIONS AND 100% ACCURATE
SOLUTIONS | VERIFIED ANSWERS - INSTANT PDF DOWNLOAD
Candidate Name: ________________________________
Candidate ID: ________________________________
Date: ________________________________
Examination Centre: ________________________________
Time Allocation: 90 Minutes
Total Questions: 60
Instructions: Answer all questions. Select the most appropriate answer for each
question.
Core Competency Areas:
• Network Security Principles
• Cryptography and Encryption
• Threats, Vulnerabilities, and Attacks
• Identity and Access Management
• Security Operations and Incident Response
• Risk Management and Compliance
Candidate Instructions:
This examination evaluates foundational knowledge and applied
understanding of cybersecurity principles across modern digital
environments. Candidates are expected to analyze scenarios involving threats,
vulnerabilities, and defensive strategies. The exam consists of approximately
60 multiple-choice questions to be completed within 90 minutes. Each
question requires careful evaluation of technical and contextual details.
Choose the best possible answer for each scenario. No external materials are
permitted. Ensure all responses are recorded clearly.
, Introduction:
This assessment is designed to measure a candidate’s competency in core
cybersecurity fundamentals, including risk mitigation, network defense, and
secure system design. The exam reflects current industry practices and
emerging threat landscapes. It emphasizes real-world application of
knowledge rather than rote memorization. This document is an original
simulation inspired by standard cybersecurity certification formats and is
intended solely for educational and preparation purposes.
Q1. A company implements a firewall but still experiences unauthorized data
exfiltration via encrypted traffic. What is the MOST effective solution?
A. Disable HTTPS traffic
B. Implement Deep Packet Inspection (DPI) with SSL/TLS inspection
C. Block all outbound traffic
D. Use NAT filtering only
Correct Answer: B. Implement Deep Packet Inspection (DPI) with
SSL/TLS inspection
Explanation: DPI with SSL/TLS inspection allows inspection of encrypted
traffic to detect hidden threats. A is impractical, C disrupts operations, and D
does not address encrypted payloads.
Q2. An attacker uses stolen credentials to access a system without triggering
alerts. Which control would BEST mitigate this risk?
A. Password complexity rules
B. Multi-Factor Authentication (MFA)
C. Antivirus software
D. Network segmentation
Correct Answer: B. Multi-Factor Authentication (MFA)
Explanation: MFA adds an additional authentication layer, preventing
access even if credentials are compromised. A alone is insufficient, C is
unrelated, and D limits spread but not access.
Q3. Which attack exploits trust between two systems to gain unauthorized
access?
A. Phishing
,B. Man-in-the-Middle
C. Spoofing
D. SQL Injection
Correct Answer: C. Spoofing
Explanation: Spoofing impersonates a trusted entity. MITM intercepts
communication, phishing targets users, and SQL injection targets databases.
Q4. A system logs multiple failed login attempts from different IP addresses.
What attack is MOST likely occurring?
A. Brute force
B. Dictionary attack
C. Credential stuffing
D. DoS attack
Correct Answer: C. Credential stuffing
Explanation: Credential stuffing uses multiple IPs with known credentials.
Brute force is sequential, dictionary uses wordlists, DoS targets availability.
Q5. What is the PRIMARY purpose of hashing in cybersecurity?
A. Encrypt data
B. Ensure data integrity
C. Compress data
D. Speed up transmission
Correct Answer: B. Ensure data integrity
Explanation: Hashing verifies data integrity. It is not reversible (unlike
encryption), nor used for compression or speed.
Q6. Which protocol provides secure remote login over an unsecured network?
A. FTP
B. Telnet
C. SSH
D. HTTP
, Correct Answer: C. SSH
Explanation: SSH encrypts remote sessions. Telnet is insecure, FTP
transfers files, HTTP is web-based.
Q7. A vulnerability scan identifies outdated software. What is the BEST
remediation step?
A. Ignore if system is stable
B. Apply patches and updates
C. Disable antivirus
D. Change passwords
Correct Answer: B. Apply patches and updates
Explanation: Patching fixes known vulnerabilities. Other options do not
address the root issue.
Q8. What type of malware disguises itself as legitimate software?
A. Worm
B. Trojan
C. Ransomware
D. Spyware
Correct Answer: B. Trojan
Explanation: Trojans appear legitimate to trick users. Worms self-
propagate, ransomware encrypts data, spyware monitors activity.
Q9. Which principle ensures users only have access to necessary resources?
A. Separation of duties
B. Least privilege
C. Defense in depth
D. Zero trust
Correct Answer: B. Least privilege
Explanation: Least privilege restricts access. Others are broader security
strategies.
