ITS Cybersecurity Exam Questions and Answers Already Passed Latest Update 2025-2026
You are required to keep track of file access.
Which type of auditing should be implemented? - AnswersObject Access
Object Access - AnswersThis determines attempts to access files and other objects.
Process Tracking - AnswersThis determines events such as program activation and process exits.
Directory Services - AnswersThis determines whether the operating system generates audit events when
an AD DS object is accessed.
Audit Logon - AnswersThis determines whether the operating system generates audit events when a
user attempts to log on to the computer.
You are part of a cyber forensics team that needs to examine a hard drive for evidence. Your supervisor
tells you to first make a duplicate of the hard drive.
What is the purpose of making a duplicate of the hard drive? - AnswersTo preserve the original state of
the hard drive.
Surveillance cameras are installed around the building perimeter. - AnswersDetective control
A failed disk is replaced and the backup is restored. - AnswersCorrective control
New biometric door locks are installed. - AnswersPreventive control
Which type of attack is directed toward a specific group of users to trick them into visiting an infected
website? - AnswersWatering hole
Targets individuals through phone calls to gather compromising information. - AnswersVishing
Targets a high-profile victim. - AnswersWhaling
Instead of luring, it involves directing an internet user to fake websites. - AnswersPharming
Which type of attack occurs when threat actors utilize botnets on several computers to overwhelm a
target web server? - AnswersDistributed Denial-of-Service (DDoS)
An attacker has connected a laptop to a wireless network and attempts to lease all available IP
addresses from the DHCP server.
Which type of attack is occuring? - AnswersDHCP Starvation
When an attacker responds to client DHCP and sends the client's incorrect IP address information such
as wrong default gateway or DNS server. - AnswersDHCP Spoofing
, When an attacker alters DNS records to redirect online traffic to a fraudulent website. - AnswersDNS
Spoofing
When the attacker creates IP packets with a modified source address to impersonate another computer
system. - AnswersIP Spoofing
Which option is a common type of attack launched against IoT devices? - AnswersDDos attack
What are the two classes of encryption algorithms? - AnswersAsymmetric and Symmetric
What are the two most common hashing algorithms. - AnswersSHA-2 and MD5
In which phase of the NIST Incident Response Life Cycle do you investigate network intrusion detection
sensor alerts? - AnswersDetection & Analysis Phase
In which phase of the NIST Incident Response Life Cycle are you organizing to respond to security
incidents? - AnswersPreparation Phase
In which phase of the NIST Incident Response Life Cycle are you actively working on removing the
malicious activity? - AnswersContainment, Eradication, and Recovery Phase
In which phase of the NIST Incident Response Life Cycle do you document the security incident, review
the effectiveness of the incident handling process, and identify the necessary revisions to existing
security controls and practices? - AnswersPost-Incident Activity Phase
Which network intelligence organization maintains a risk assessment tool that assigns a numeric score
to describe the severity of a vulnerability? - AnswersForum of Incident Response and Security Teams
(FIRST)
In the syslog severity level, what level would it be if the system is unusable? - AnswersLevel 0
(Emergency)
In the syslog severity level, what level would it be if conditions should be corrected immediately? -
AnswersLevel 1 (Alert)
In the syslog severity level, what level would it be if there's critical conditions? - AnswersLevel 2 (Critical)
In the syslog severity level, what level would it be if there's error conditions? - AnswersLevel 3 (Error)
In the syslog severity level, what level would it be if it may indicate an error will occur if action is not
taken? - AnswersLevel 4 (Warning)
In the syslog severity level, what level would it be if events that are unusual but are not error conditions?
- AnswersLevel 5 (Notice)
In the syslog severity level, what level would it be if normal operational events that require no actions? -
AnswersLevel 6 (Informational)
You are required to keep track of file access.
Which type of auditing should be implemented? - AnswersObject Access
Object Access - AnswersThis determines attempts to access files and other objects.
Process Tracking - AnswersThis determines events such as program activation and process exits.
Directory Services - AnswersThis determines whether the operating system generates audit events when
an AD DS object is accessed.
Audit Logon - AnswersThis determines whether the operating system generates audit events when a
user attempts to log on to the computer.
You are part of a cyber forensics team that needs to examine a hard drive for evidence. Your supervisor
tells you to first make a duplicate of the hard drive.
What is the purpose of making a duplicate of the hard drive? - AnswersTo preserve the original state of
the hard drive.
Surveillance cameras are installed around the building perimeter. - AnswersDetective control
A failed disk is replaced and the backup is restored. - AnswersCorrective control
New biometric door locks are installed. - AnswersPreventive control
Which type of attack is directed toward a specific group of users to trick them into visiting an infected
website? - AnswersWatering hole
Targets individuals through phone calls to gather compromising information. - AnswersVishing
Targets a high-profile victim. - AnswersWhaling
Instead of luring, it involves directing an internet user to fake websites. - AnswersPharming
Which type of attack occurs when threat actors utilize botnets on several computers to overwhelm a
target web server? - AnswersDistributed Denial-of-Service (DDoS)
An attacker has connected a laptop to a wireless network and attempts to lease all available IP
addresses from the DHCP server.
Which type of attack is occuring? - AnswersDHCP Starvation
When an attacker responds to client DHCP and sends the client's incorrect IP address information such
as wrong default gateway or DNS server. - AnswersDHCP Spoofing
, When an attacker alters DNS records to redirect online traffic to a fraudulent website. - AnswersDNS
Spoofing
When the attacker creates IP packets with a modified source address to impersonate another computer
system. - AnswersIP Spoofing
Which option is a common type of attack launched against IoT devices? - AnswersDDos attack
What are the two classes of encryption algorithms? - AnswersAsymmetric and Symmetric
What are the two most common hashing algorithms. - AnswersSHA-2 and MD5
In which phase of the NIST Incident Response Life Cycle do you investigate network intrusion detection
sensor alerts? - AnswersDetection & Analysis Phase
In which phase of the NIST Incident Response Life Cycle are you organizing to respond to security
incidents? - AnswersPreparation Phase
In which phase of the NIST Incident Response Life Cycle are you actively working on removing the
malicious activity? - AnswersContainment, Eradication, and Recovery Phase
In which phase of the NIST Incident Response Life Cycle do you document the security incident, review
the effectiveness of the incident handling process, and identify the necessary revisions to existing
security controls and practices? - AnswersPost-Incident Activity Phase
Which network intelligence organization maintains a risk assessment tool that assigns a numeric score
to describe the severity of a vulnerability? - AnswersForum of Incident Response and Security Teams
(FIRST)
In the syslog severity level, what level would it be if the system is unusable? - AnswersLevel 0
(Emergency)
In the syslog severity level, what level would it be if conditions should be corrected immediately? -
AnswersLevel 1 (Alert)
In the syslog severity level, what level would it be if there's critical conditions? - AnswersLevel 2 (Critical)
In the syslog severity level, what level would it be if there's error conditions? - AnswersLevel 3 (Error)
In the syslog severity level, what level would it be if it may indicate an error will occur if action is not
taken? - AnswersLevel 4 (Warning)
In the syslog severity level, what level would it be if events that are unusual but are not error conditions?
- AnswersLevel 5 (Notice)
In the syslog severity level, what level would it be if normal operational events that require no actions? -
AnswersLevel 6 (Informational)
