Cybersecurity Fundamentals Prep Quiz

64 Questions | Total Attempts: 1431

SettingsSettingsSettings
Please wait...
Security Quizzes & Trivia

This is a quiz for the Cybersecurity Fundamentals Certificate. It's based on sample questions and the end of topic questions in the workbook. Good luck!


Questions and Answers
  • 1. 
    Choose three. According to the NIST framework, which of the following are considered key functions necessary for the protection of digital assets?
    • A. 

      Encrypt

    • B. 

      Protect

    • C. 

      Investigate

    • D. 

      Recover

    • E. 

      Identify

  • 2. 
    Which element of an incident response plan involves obtaining and preserving evidence? 
    • A. 

      Preparation

    • B. 

      Identification

    • C. 

      Containment

    • D. 

      Eradication

  • 3. 
    To which of the following layers of the Open Systems Interconnect (OSI) model would one map Ethernet?
    • A. 

      Data Link

    • B. 

      Network

    • C. 

      Application

    • D. 

      Transport

  • 4. 
    Which of the following interpret requirements and apply them to specific situations?
    • A. 

      Policies

    • B. 

      Standards

    • C. 

      Guidelines

    • D. 

      Procedures

  • 5. 
    Business continuity plans (BCPs) associated with organizational information systems should be developed primarily on the basis of:
    • A. 

      Available resources

    • B. 

      Levels of effort

    • C. 

      Projected costs

    • D. 

      Business needs

  • 6. 
    A segmented network:
    • A. 

      Offers defense in depth superior to a concentric-layers model

    • B. 

      Consists of two or more security zones

    • C. 

      Maximizes the delay experienced by an attacker

    • D. 

      Delivers superior performance for internal applications

  • 7. 
    Which cybersecurity principle is most important when attempting to trace the source of malicious activity?
    • A. 

      Availability

    • B. 

      Integrity

    • C. 

      Nonrepudiation

    • D. 

      Confidentiality

  • 8. 
    Which of the following offers the strongest protection for wireless network traffic?
    • A. 

      Wireless Protected Access 2 (WPA2)

    • B. 

      Wireless Protected Access-Advanced Encryption Standard (WPA-AES)

    • C. 

      Wired Equivalent Protection 128-bit (WEP-128)

    • D. 

      Wireless Protected Access-Temporary Key Integrity Protocol (WPA-TKIP)

  • 9. 
    Outsourcing poses the greatest risk to an organization when it involves
    • A. 

      Business support services

    • B. 

      Technology infrastructure

    • C. 

      Cybersecurity capabilities

    • D. 

      Core business functions

  • 10. 
    Risk assessments should be performed
    • A. 

      At the start of a program

    • B. 

      On a regular basis

    • C. 

      When an asset changes

    • D. 

      When a vulnerability is discovered

  • 11. 
    Maintaining a high degree of confidence regarding the integrity of evidence requires a(n):
    • A. 

      Power of attorney

    • B. 

      Sworn statement

    • C. 

      Chain of custody

    • D. 

      Affidavit

  • 12. 
    A firewall that tracks open connection-oriented protocol sessions is said to be:
    • A. 

      State-sponsored

    • B. 

      Stateless

    • C. 

      Stateful

    • D. 

      Stated

  • 13. 
    During which phase of the system development lifecycle (SDLC) should security first be considered?
    • A. 

      Planning

    • B. 

      Analysis

    • C. 

      Design

    • D. 

      Implementation

  • 14. 
    A cybersecurity architecture designed around the concept of a perimeter is said to be:
    • A. 

      Data-centric

    • B. 

      User-centric

    • C. 

      Integrated

    • D. 

      System-centric

  • 15. 
    A passive network hub operates at which layer of the OSI model?
    • A. 

      Data Link

    • B. 

      Physical

    • C. 

      Network

    • D. 

      Transport

  • 16. 
    Updates in cloud-computing environments can be rolled out quickly because the environment is:
    • A. 

      Homogeneous

    • B. 

      Distributed

    • C. 

      Diversified

    • D. 

      Secure

  • 17. 
    During which phase of the six-phase incident response model is the root cause determined?
    • A. 

      Recovery

    • B. 

      Identification

    • C. 

      Containment

    • D. 

      Eradication

  • 18. 
    The attack mechanism directed against a system is commonly called a(n):
    • A. 

      Exploit

    • B. 

      Vulnerability

    • C. 

      Payload

    • D. 

      Attack Vector

  • 19. 
    Where should an organization’s network terminate virtual private network (VPN) tunnels?
    • A. 

      At an interior router, to reduce network traffic congestion

    • B. 

      At a dedicated “honey pot” system in the demilitarized zone (DMZ)

    • C. 

      At the destination system, to prevent loss of confidentiality

    • D. 

      At the perimeter, to allow for effective internal monitoring

  • 20. 
    In practical applications: 
    • A. 

      Symmetric key encryption is used to securely distribute asymmetric keys

    • B. 

      Asymmetric key encryption is used to securely obtain symmetric keys

    • C. 

      Symmetric key encryption is used only for short messages, such as digital signatures

    • D. 

      Asymmetric key encryption is used in cases where speed is important

  • 21. 
    Which two factors are used to calculate the likelihood of an event?
    • A. 

      Threat and vulnerability

    • B. 

      Vulnerability and asset value

    • C. 

      Asset count and asset value

    • D. 

      Threat and asset count

  • 22. 
    What is one advantage of a firewall implemented in software over a firewall appliance?
    • A. 

      Performance

    • B. 

      Power consumption

    • C. 

      Flexibility

    • D. 

      Resiliency

  • 23. 
    A business continuity plan (BCP) is not complete unless it includes:
    • A. 

      Dedicated resources

    • B. 

      Detailed procedures

    • C. 

      Network diagrams

    • D. 

      Critical processes

  • 24. 
    Under the US-CERT model for incident categorization, a CAT-3 incident refers to which of the following?
    • A. 

      Improper usage

    • B. 

      Investigation

    • C. 

      Denial of service (DoS)

    • D. 

      Malicious code

  • 25. 
    An interoperability error is what type of vulnerability?
    • A. 

      Technical

    • B. 

      Process

    • C. 

      Emergent

    • D. 

      Organizational