ITS Cybersecurity Practice Exam – Latest
2025/2026 Exam Prep & Study Guide
A self-propagating malicious code that can propagate to other systems on the network
and consume resources that could lead to a denial-of-service attack is called a _____. -
correct answerworm
A computer malware code that replicates itself on the target computer and spreads
through the network causing damage and distributing additional harmful payloads is
called a _____. - correct answervirus
A program that appears to be useful or harmless but contains hidden code that can
compromise the target system on which it runs is called a _____. - correct answerTrojan
horse
What are the two classes of encryption algorithms? (Choose 2.) - correct
answerAsymmetric
Symmetric
Which algorithm is a one-way mathematical function that is used to provide data
integrity? - correct answerSHA-2
Why is it important to block incoming IP broadcast addresses and reserved private IP
addresses from entering your network? - correct answerThese types of addresses are
easier to use for IP spoofing attacks.
You are a junior cybersecurity analyst. An employee reports to you that her laptop was
stolen. For which three reasons should you escalate this event to the Computer Security
Incident Response Team (CSIRT)? (Choose 3.) - correct answerPotential network
disruption or denial of service
Exposure of sensitive or confidential information
Unauthorized use of resources
Which classification of alert should be escalated to security investigators? - correct
answerTrue positive
Which term refers to the combined sum of all potential threat vectors in defense-in-
depth security? - correct answerAttack surface
,You receive an email from your teacher that has a link to a class poll for a pizza party.
You click the link which takes you to the school portal to log in. Later, you discover this
was a phishing email and your credentials were stolen. Which part of the CIA Triad was
compromised in this attack? - correct answerConfidentiality
A major power surge occurs in the middle of making authorized changes to the
company payroll server which results in equipment failure. The equipment is replaced
and the data is restored from a previous, good backup. Which part of the CIA Triad was
preserved? - correct answerAvailability
Which two states of data domains would require encryption and hashing to secure the
data? (Choose 2.) - correct answerData at rest
Data in transit
In which order should you collect digital evidence from a computer system? - correct
answerContents of RAM, Contents of Fixed Disk, Archived Backup
Which type of attack substitutes a source IP address to impersonate a legitimate
computer system? - correct answerIP Spoofing
In a DHCP __ attack, threat actors configure a fake DHCP server on the network to
issue DHCP addresses to clients. - correct answerspoofing
In a DHCP __ attack, threat actors flood the DHCP server with DHCP requests to use
up all the available IP addresses that the legitimate DHCP server can issue. - correct
answerstarvation
In a DNS __ attack, threat actors use publicly accessible open DNS servers to flood a
target with DNS response traffic. - correct answeramplification
In a DNS __ attack, threat actors change the A record for your domain's IP address to
point to a predetermined address of their choice. - correct answerhijacking
An attacker on the local network is forwarding packets that associate the MAC address
of the attacker's computer with the IP address of a legitimate server. Which type of
attack is taking place? - correct answerARP Spoofing
An attacker has connected a laptop to a wireless network and attempts to lease all
available IP addresses from the DHCP server. Which type of attack is occurring? -
correct answerDHCP Starvation
An attacker has overwhelmed a server by sending more GET requests than the server
can process. This results in a successful DoS attack. Which type of attack has
occurred? - correct answerHTTP flooding
, _____ is used to find vulnerabilities within a computer system. - correct
answerPenetration testing
Establish the incident response team.
Determine if an incident has occurred.
Validate the IP address of the attacking host.
Hold a lessons learned meeting. - correct answerPreparation Phase
Detection & Analysis Phase
Containment, Eradication, and Recovery Phase
Post-Incident Activity Phase
In which phase of the NIST Incident Response Life Cycle do you investigate network
intrusion detection sensor alerts? - correct answerDetection & Analysis Phase
Which compliance act must a hospital located in the U.S. adhere to when investigating
security incidents involving patients' personal medical information? - correct
answerHIPAA
For the following statement, select True or False. Threat intelligence services use the
data of their subscribers to stay current with the threat landscape - correct answerTrue
Your friend wants to use your home Wi-Fi network to access the Internet from their
smartphone. What are two potential security checks to verify before allowing your
friend's device on your network? (Choose 2.) - correct answerTheir device was scanned
with the latest antivirus/anti-malware definition update.
Your important or sensitive files, devices, and peripherals are on a private network.
Minimizes attacks from automatic execution of malicious code and viruses from rogue
websites
Reduces risk of exposed or misused sensitive data if the device is stolen
Allows the company to access, restore, and secure important features and applications
in the event of theft - correct answerUnnecessary browser functions are disabled
File encryption is enabled and functioning
Devices are remotely managed by the CSIRT team
Which technology should a company use to enforce corporate policies on BYOD
devices connecting to the network? - correct answerNAC
Enforcing policies for users and devices joining the network.
Blocking malicious traffic from entering the private network.
Securing traffic flows over an unsecured network. - correct answerNAC
Firewall
VPN
2025/2026 Exam Prep & Study Guide
A self-propagating malicious code that can propagate to other systems on the network
and consume resources that could lead to a denial-of-service attack is called a _____. -
correct answerworm
A computer malware code that replicates itself on the target computer and spreads
through the network causing damage and distributing additional harmful payloads is
called a _____. - correct answervirus
A program that appears to be useful or harmless but contains hidden code that can
compromise the target system on which it runs is called a _____. - correct answerTrojan
horse
What are the two classes of encryption algorithms? (Choose 2.) - correct
answerAsymmetric
Symmetric
Which algorithm is a one-way mathematical function that is used to provide data
integrity? - correct answerSHA-2
Why is it important to block incoming IP broadcast addresses and reserved private IP
addresses from entering your network? - correct answerThese types of addresses are
easier to use for IP spoofing attacks.
You are a junior cybersecurity analyst. An employee reports to you that her laptop was
stolen. For which three reasons should you escalate this event to the Computer Security
Incident Response Team (CSIRT)? (Choose 3.) - correct answerPotential network
disruption or denial of service
Exposure of sensitive or confidential information
Unauthorized use of resources
Which classification of alert should be escalated to security investigators? - correct
answerTrue positive
Which term refers to the combined sum of all potential threat vectors in defense-in-
depth security? - correct answerAttack surface
,You receive an email from your teacher that has a link to a class poll for a pizza party.
You click the link which takes you to the school portal to log in. Later, you discover this
was a phishing email and your credentials were stolen. Which part of the CIA Triad was
compromised in this attack? - correct answerConfidentiality
A major power surge occurs in the middle of making authorized changes to the
company payroll server which results in equipment failure. The equipment is replaced
and the data is restored from a previous, good backup. Which part of the CIA Triad was
preserved? - correct answerAvailability
Which two states of data domains would require encryption and hashing to secure the
data? (Choose 2.) - correct answerData at rest
Data in transit
In which order should you collect digital evidence from a computer system? - correct
answerContents of RAM, Contents of Fixed Disk, Archived Backup
Which type of attack substitutes a source IP address to impersonate a legitimate
computer system? - correct answerIP Spoofing
In a DHCP __ attack, threat actors configure a fake DHCP server on the network to
issue DHCP addresses to clients. - correct answerspoofing
In a DHCP __ attack, threat actors flood the DHCP server with DHCP requests to use
up all the available IP addresses that the legitimate DHCP server can issue. - correct
answerstarvation
In a DNS __ attack, threat actors use publicly accessible open DNS servers to flood a
target with DNS response traffic. - correct answeramplification
In a DNS __ attack, threat actors change the A record for your domain's IP address to
point to a predetermined address of their choice. - correct answerhijacking
An attacker on the local network is forwarding packets that associate the MAC address
of the attacker's computer with the IP address of a legitimate server. Which type of
attack is taking place? - correct answerARP Spoofing
An attacker has connected a laptop to a wireless network and attempts to lease all
available IP addresses from the DHCP server. Which type of attack is occurring? -
correct answerDHCP Starvation
An attacker has overwhelmed a server by sending more GET requests than the server
can process. This results in a successful DoS attack. Which type of attack has
occurred? - correct answerHTTP flooding
, _____ is used to find vulnerabilities within a computer system. - correct
answerPenetration testing
Establish the incident response team.
Determine if an incident has occurred.
Validate the IP address of the attacking host.
Hold a lessons learned meeting. - correct answerPreparation Phase
Detection & Analysis Phase
Containment, Eradication, and Recovery Phase
Post-Incident Activity Phase
In which phase of the NIST Incident Response Life Cycle do you investigate network
intrusion detection sensor alerts? - correct answerDetection & Analysis Phase
Which compliance act must a hospital located in the U.S. adhere to when investigating
security incidents involving patients' personal medical information? - correct
answerHIPAA
For the following statement, select True or False. Threat intelligence services use the
data of their subscribers to stay current with the threat landscape - correct answerTrue
Your friend wants to use your home Wi-Fi network to access the Internet from their
smartphone. What are two potential security checks to verify before allowing your
friend's device on your network? (Choose 2.) - correct answerTheir device was scanned
with the latest antivirus/anti-malware definition update.
Your important or sensitive files, devices, and peripherals are on a private network.
Minimizes attacks from automatic execution of malicious code and viruses from rogue
websites
Reduces risk of exposed or misused sensitive data if the device is stolen
Allows the company to access, restore, and secure important features and applications
in the event of theft - correct answerUnnecessary browser functions are disabled
File encryption is enabled and functioning
Devices are remotely managed by the CSIRT team
Which technology should a company use to enforce corporate policies on BYOD
devices connecting to the network? - correct answerNAC
Enforcing policies for users and devices joining the network.
Blocking malicious traffic from entering the private network.
Securing traffic flows over an unsecured network. - correct answerNAC
Firewall
VPN
