ITS Cybersecurity Practice Exam Questions and Answers
A self-propagating malicious code that can Exposure of sensitive or confidential information
propagate to other systems on the network and Unauthorized use of resources
consume resources that could lead to a denial-
of-service attack is called a _____. -
ANSWER -worm Which classification of alert should be escalated
to security investigators? - ANSWER -True
positive
A computer malware code that replicates itself on
the target computer and spreads through the
network causing damage and distributing Which term refers to the combined sum of all
additional harmful payloads is called a _____. - potential threat vectors in defense-in-depth
ANSWER -virus security? - ANSWER -Attack surface
A program that appears to be useful or harmless You receive an email from your teacher that has
but contains hidden code that can compromise a link to a class poll for a pizza party. You click
the target system on which it runs is called a the link which takes you to the school portal to
_____. - ANSWER -Trojan horse log in. Later, you discover this was a phishing
email and your credentials were stolen. Which
part of the CIA Triad was compromised in this
What are the two classes of encryption attack? - ANSWER -Confidentiality
algorithms? (Choose 2.) - ANSWER -
Asymmetric
Symmetric A major power surge occurs in the middle of
making authorized changes to the company
payroll server which results in equipment failure.
Which algorithm is a one-way mathematical The equipment is replaced and the data is
function that is used to provide data integrity? - restored from a previous, good backup. Which
ANSWER -SHA-2 part of the CIA Triad was preserved? -
ANSWER -Availability
Why is it important to block incoming IP
broadcast addresses and reserved private IP Which two states of data domains would require
addresses from entering your network? - encryption and hashing to secure the data?
ANSWER -These types of addresses are (Choose 2.) - ANSWER -Data at rest
easier to use for IP spoofing attacks. Data in transit
You are a junior cybersecurity analyst. An In which order should you collect digital evidence
employee reports to you that her laptop was from a computer system? - ANSWER -
stolen. For which three reasons should you Contents of RAM, Contents of Fixed Disk,
escalate this event to the Computer Security Archived Backup
Incident Response Team (CSIRT)? (Choose 3.) -
ANSWER -Potential network disruption or
denial of service Which type of attack substitutes a source IP
, ITS Cybersecurity Practice Exam Questions and Answers
address to impersonate a legitimate computer Which type of attack has occurred? -
system? - ANSWER -IP Spoofing ANSWER -HTTP flooding
In a DHCP __ attack, threat actors configure a _____ is used to find vulnerabilities within a
fake DHCP server on the network to issue DHCP computer system. - ANSWER -Penetration
addresses to clients. - ANSWER -spoofing testing
In a DHCP __ attack, threat actors flood the Establish the incident response team.
DHCP server with DHCP requests to use up all Determine if an incident has occurred.
the available IP addresses that the legitimate Validate the IP address of the attacking host.
DHCP server can issue. - ANSWER - Hold a lessons learned meeting. -
starvation ANSWER -Preparation Phase
Detection & Analysis Phase
Containment, Eradication, and Recovery Phase
In a DNS __ attack, threat actors use publicly Post-Incident Activity Phase
accessible open DNS servers to flood a target
with DNS response traffic. - ANSWER -
amplification In which phase of the NIST Incident Response
Life Cycle do you investigate network intrusion
detection sensor alerts? - ANSWER -
In a DNS __ attack, threat actors change the A Detection & Analysis Phase
record for your domain's IP address to point to a
predetermined address of their choice. -
ANSWER -hijacking Which compliance act must a hospital located in
the U.S. adhere to when investigating security
incidents involving patients' personal medical
An attacker on the local network is forwarding information? - ANSWER -HIPAA
packets that associate the MAC address of the
attacker's computer with the IP address of a
legitimate server. Which type of attack is taking For the following statement, select True or False.
place? - ANSWER -ARP Spoofing Threat intelligence services use the data of their
subscribers to stay current with the threat
landscape - ANSWER -True
An attacker has connected a laptop to a wireless
network and attempts to lease all available IP
addresses from the DHCP server. Which type of Your friend wants to use your home Wi-Fi
attack is occurring? - ANSWER -DHCP network to access the Internet from their
Starvation smartphone. What are two potential security
checks to verify before allowing your friend's
device on your network? (Choose 2.) -
An attacker has overwhelmed a server by ANSWER -Their device was scanned with
sending more GET requests than the server can the latest antivirus/anti-malware definition update.
process. This results in a successful DoS attack. Your important or sensitive files, devices, and
A self-propagating malicious code that can Exposure of sensitive or confidential information
propagate to other systems on the network and Unauthorized use of resources
consume resources that could lead to a denial-
of-service attack is called a _____. -
ANSWER -worm Which classification of alert should be escalated
to security investigators? - ANSWER -True
positive
A computer malware code that replicates itself on
the target computer and spreads through the
network causing damage and distributing Which term refers to the combined sum of all
additional harmful payloads is called a _____. - potential threat vectors in defense-in-depth
ANSWER -virus security? - ANSWER -Attack surface
A program that appears to be useful or harmless You receive an email from your teacher that has
but contains hidden code that can compromise a link to a class poll for a pizza party. You click
the target system on which it runs is called a the link which takes you to the school portal to
_____. - ANSWER -Trojan horse log in. Later, you discover this was a phishing
email and your credentials were stolen. Which
part of the CIA Triad was compromised in this
What are the two classes of encryption attack? - ANSWER -Confidentiality
algorithms? (Choose 2.) - ANSWER -
Asymmetric
Symmetric A major power surge occurs in the middle of
making authorized changes to the company
payroll server which results in equipment failure.
Which algorithm is a one-way mathematical The equipment is replaced and the data is
function that is used to provide data integrity? - restored from a previous, good backup. Which
ANSWER -SHA-2 part of the CIA Triad was preserved? -
ANSWER -Availability
Why is it important to block incoming IP
broadcast addresses and reserved private IP Which two states of data domains would require
addresses from entering your network? - encryption and hashing to secure the data?
ANSWER -These types of addresses are (Choose 2.) - ANSWER -Data at rest
easier to use for IP spoofing attacks. Data in transit
You are a junior cybersecurity analyst. An In which order should you collect digital evidence
employee reports to you that her laptop was from a computer system? - ANSWER -
stolen. For which three reasons should you Contents of RAM, Contents of Fixed Disk,
escalate this event to the Computer Security Archived Backup
Incident Response Team (CSIRT)? (Choose 3.) -
ANSWER -Potential network disruption or
denial of service Which type of attack substitutes a source IP
, ITS Cybersecurity Practice Exam Questions and Answers
address to impersonate a legitimate computer Which type of attack has occurred? -
system? - ANSWER -IP Spoofing ANSWER -HTTP flooding
In a DHCP __ attack, threat actors configure a _____ is used to find vulnerabilities within a
fake DHCP server on the network to issue DHCP computer system. - ANSWER -Penetration
addresses to clients. - ANSWER -spoofing testing
In a DHCP __ attack, threat actors flood the Establish the incident response team.
DHCP server with DHCP requests to use up all Determine if an incident has occurred.
the available IP addresses that the legitimate Validate the IP address of the attacking host.
DHCP server can issue. - ANSWER - Hold a lessons learned meeting. -
starvation ANSWER -Preparation Phase
Detection & Analysis Phase
Containment, Eradication, and Recovery Phase
In a DNS __ attack, threat actors use publicly Post-Incident Activity Phase
accessible open DNS servers to flood a target
with DNS response traffic. - ANSWER -
amplification In which phase of the NIST Incident Response
Life Cycle do you investigate network intrusion
detection sensor alerts? - ANSWER -
In a DNS __ attack, threat actors change the A Detection & Analysis Phase
record for your domain's IP address to point to a
predetermined address of their choice. -
ANSWER -hijacking Which compliance act must a hospital located in
the U.S. adhere to when investigating security
incidents involving patients' personal medical
An attacker on the local network is forwarding information? - ANSWER -HIPAA
packets that associate the MAC address of the
attacker's computer with the IP address of a
legitimate server. Which type of attack is taking For the following statement, select True or False.
place? - ANSWER -ARP Spoofing Threat intelligence services use the data of their
subscribers to stay current with the threat
landscape - ANSWER -True
An attacker has connected a laptop to a wireless
network and attempts to lease all available IP
addresses from the DHCP server. Which type of Your friend wants to use your home Wi-Fi
attack is occurring? - ANSWER -DHCP network to access the Internet from their
Starvation smartphone. What are two potential security
checks to verify before allowing your friend's
device on your network? (Choose 2.) -
An attacker has overwhelmed a server by ANSWER -Their device was scanned with
sending more GET requests than the server can the latest antivirus/anti-malware definition update.
process. This results in a successful DoS attack. Your important or sensitive files, devices, and
