CSCU EXAM 2024

Number: 000-000
Passing Score: 500 Time
Limit: 25 min
File Version: 1.0

NEW HORIZONS/
BABCOCK UNIVERSITY

SECOND SEMESTER EXAM

2023/2024 SESSION

CSCU

LEVEL: 200

INSTRUCTIONS: (i). Attempt All Questions. (ii). Each Question Carries Equal Marks. (iii). Please Indicate Your
Chosen Responses To The Questions Carefully.
(iv) On no account must you open any other application on the system.

============Good Luck===========

Examiner:

MR LAMINA IBRAHIM OLUWABUKOLA

Exam A

QUESTION 1
What is the term for a set of rules or guidelines that govern access to sensitive data?

A. Data loss prevention

B. Data classification
C. Data access control
D. Data encryption

QUESTION 2
What is the process of converting plaintext into ciphertext?

A. Encryption
B. Decryption
C. Hashing
D. Salting

QUESTION 3
Which of the following is an example of symmetric-key encryption?

A. RSA
B. AES
C. SHA-256
D. Diffie-Hellman

QUESTION 4
What is the name for the process of verifying the identity of a user or device?

A. Authentication
B. Authorization
C. Encryption
D. Decryption

QUESTION 5
What is the name for a device that is used to authenticate a user's identity?

A. Smart card
B. Token
C. Biometric device
D. All of the above

QUESTION 6
What is the term for the practice of creating backups of data in multiple locations to protect against data loss?

A. Data redundancy
B. Data backup
C. Data replication
D. Data mirroring

QUESTION 7
Which of the following is an example of a data loss prevention (DLP) technique?

A. Encryption
B. Backup and recovery
C. Access control
D. Content filtering
QUESTION 8
What is the term for the process of removing data from a storage device so that it cannot be recovered?

A. Data loss prevention

B. Data wiping
C. Data encryption
D. Data masking

QUESTION 9
Which of the following is a feature of a secure password?

A. Long and complex

B. Easy to remember
C. Consists of common words
D. All of the above

QUESTION 10
What is the term for the practice of making changes to data in a way that is undetectable?

A. Encryption
B. Hashing
C. Steganography
D. Salting

QUESTION 11
What is the name for a technique that involves guessing a password by trying every possible combination of characters?

A. Dictionary attack
B. Brute force attack
C. Social engineering
D. Phishing

QUESTION 12
What is the name for a type of malware that encrypts a user's data and demands payment in exchange for the decryption
key?

A. Trojan horse
B. Worm
C. Botnet
D. Ransomware

QUESTION 13
What is the name for a type of malware that disguises itself as a legitimate file or program?

A. Adware
B. Spyware
C. Trojan horse
D. Ransomware

QUESTION 14
What is the term for the practice of tricking users into divulging sensitive information or performing an action that is not
in their best interest?

A. Social engineering
B. Spear phishing
C. Denial of service
D. Trojan horse

QUESTION 15
What is the name for a technique that involves using a computer program to guess a password by trying words found in a
dictionary?

A. Dictionary attack
B. Brute force attack
C. Social engineering
D. Phishing
QUESTION 16
What is the name for a technique that involves using multiple computers to attack a target?

A. Denial of service
B. Man-in-the-middle
C. Botnet
D. Ransomware

QUESTION 17
What type of malware can spread through networks and can execute without user intervention?

A. Virus
B. Trojan
C. Worm
D. Ransomware

QUESTION 18
What type of malware can modify its own code and evade detection by antivirus software?

A. Rootkit
B. Adware
C. Spyware
D. Trojan

QUESTION 19
What type of malware encrypts a user's files and demands payment for the decryption key?

A. Ransomware
B. Adware
C. Spyware
D. Trojan
QUESTION 20
Which of the following is a type of social engineering attack that involves tricking a user into revealing their login
credentials?

A. Spear phishing
B. Vishing
C. Smishing
D. Pharming

QUESTION 21
Which of the following is a type of attack that involves exploiting a vulnerability in software to execute code on a system?

A. Denial of Service
B. Man-in-the-middle
C. SQL injection
D. Remote Code Execution

QUESTION 22
What is the purpose of using encryption to protect sensitive data?

A. To ensure data integrity

B. To prevent unauthorized access
C. To prevent data loss
D. To ensure data availability

QUESTION 23
What type of encryption algorithm uses the same key for both encryption and decryption?

A. Symmetric
B. Asymmetric
C. Hashing
D. XOR
QUESTION 24
Which of the following is a type of secure authentication that involves using a physical object, such as a smart card, to
verify a user's identity?

A. Single sign-on
B. Biometric authentication
C. Two-factor authentication
D. Token-based authentication

QUESTION 25
What is the purpose of using a VPN to access a network?

A. To encrypt network traffic

B. To improve network performance
C. To prevent unauthorized access
D. To monitor network activity

QUESTION 26
What type of attack involves capturing and analyzing network traffic to extract sensitive information, such as login
credentials?
A. Denial of Service
B. Man-in-the-middle
C. SQL injection
D. Remote Code Execution

QUESTION 27
Which of the following is a type of attack that involves exploiting a flaw in a web application to execute unauthorized
SQL queries?

A. Cross-site scripting
B. Cross-site request forgery
C. SQL injection
D. Directory traversal

QUESTION 28
Which of the following is a type of attack that involves flooding a network or system with traffic to cause it to become
unavailable?

A. Denial of Service
B. Man-in-the-middle
C. SQL injection
D. Remote Code Execution

QUESTION 29
What type of authentication mechanism uses physical characteristics, such as fingerprints, to verify a user's identity?

A. Biometric
B. Single sign-on
C. Two-factor
D. Token-based

QUESTION 30
What type of attack involves manipulating a user into executing malicious code by disguising it as a legitimate file or
application?

A. Social engineering
B. Phishing
C. Smishing
D. Spear phishing
QUESTION 31
What type of malware can capture a user's keystrokes and steal sensitive information, such as login credentials?

A. Spyware
B. Adware
C. Ransomware
D. Trojan

QUESTION 32
What is data security?

A. The protection of data against unauthorized access or modification

B. The ability to access and modify data
C. The speed at which data can be accessed
D. The amount of data that can be stored

QUESTION 33
What is the main goal of data security?
A. To prevent data loss
B. To ensure data availability
C. To protect data confidentiality
D. All of the above

QUESTION 34
What is a data breach?

A. An intentional attack on data

B. An unintentional exposure of data
C. A virus infecting data
D. Data that is no longer needed
QUESTION 35
Which of the following is an example of a physical security control?

A. Password policies
B. Encryption
C. Firewalls
D. Locked doors

QUESTION 36
Which of the following is an example of a technical security control?

A. Security cameras
B. Security guards
C. Access control lists
D. Safe combinations

QUESTION 37
What is the purpose of access control?

A. To ensure that only authorized individuals can access data

B. To increase the speed of data access
C. To reduce data storage costs
D. To increase data availability

QUESTION 38
What is the principle of least privilege?

A. Giving users the minimum access needed to perform their job functions
B. Giving users the maximum access possible to improve productivity
C. Giving users equal access to all data
D. None of the above

QUESTION 39
What is the difference between authentication and authorization?

A. Authentication verifies a user's identity, while authorization determines what actions a user can perform.
B. Authorization verifies a user's identity, while authentication determines what actions a user can perform.
C. Authentication and authorization are the same thing.
D. None of the above

QUESTION 40
Which of the following is an example of two-factor authentication?

A. A password and a PIN

B. A fingerprint and a retina scan
C. A username and a password
D. None of the above

QUESTION 41
What is encryption?

A. The process of converting data into a secret code to prevent unauthorized access
B. The process of backing up data
C. The process of deleting data permanently
D. The process of organizing data for easier access

QUESTION 42
Which of the following is an example of symmetric encryption?

A. AES
B. RSA
C. MD5
D. SHA-256
QUESTION 43
Which of the following is an example of asymmetric encryption?

A. AES
B. RSA
C. MD5
D. SHA-256

QUESTION 44
What is a digital certificate?

A. A file that identifies the owner of a public key

B. A file that identifies the owner of a private key
C. A file that contains both a public key and a private key
D. A file that contains encrypted data

QUESTION 45
What is a firewall?

A. A device that filters network traffic

B. A device that encrypts data
C. A device that stores data
D. A device that backs up data

QUESTION 46
What is a DMZ?

A. A network segment that is partially protected by a firewall

B. A network segment that is fully protected by a firewall
C. A network segment that is not protected by a firewall
D. None of the above
QUESTION 47
What is the primary goal of data security?

A. To protect data from unauthorized access

B. To prevent data loss or corruption
C. To improve data accuracy
D. All of the above

QUESTION 48
Which of the following is an example of a physical security measure?

A. Firewalls
B. Encryption
C. Biometric authentication
D. CCTV cameras

QUESTION 49
What is the difference between confidentiality and integrity?

A. Confidentiality refers to keeping data secret, while integrity refers to keeping data accurate and complete. B.
Confidentiality refers to keeping data accurate and complete, while integrity refers to keeping data secret.
C. Confidentiality and integrity are the same thing.
D. Confidentiality and integrity are both related to data availability.

QUESTION 50
What is encryption?

A. The process of disguising data as something else

B. The process of transforming data into a code that can only be deciphered by someone who has the key
C. The process of deleting data from a storage device
D. The process of copying data from one location to another
QUESTION 51
What is a password?

A. A secret code used to gain access to a computer system or network

B. A type of malware
C. A type of encryption
D. A type of firewall

QUESTION 52
What is a passphrase?

A. A long password consisting of multiple words

B. A type of encryption
C. A type of firewall
D. A type of biometric authentication

QUESTION 53
What is a biometric authentication system?

A. A system that uses physical characteristics to authenticate a user

B. A system that uses passwords to authenticate a user
C. A system that uses encryption to authenticate a user
D. A system that uses firewalls to authenticate a user

QUESTION 54
What is a firewall?

A. A physical security measure

B. A type of malware
C. A network security measure that filters traffic based on predefined rules
D. A type of encryption
QUESTION 55
What is a proxy server?

A. A server that filters traffic based on predefined rules

B. A server that encrypts traffic between two networks
C. A server that hides a user's IP address
D. A server that protects against malware

QUESTION 56
What is a VPN?

A. A network that uses encryption to secure data transmissions

B. A network that connects computers to the Internet
C. A network that uses firewalls to protect against malware
D. A network that connects computers to each other

QUESTION 57
What is a phishing attack?

A. An attack that uses social engineering to trick users into giving away sensitive information
B. An attack that uses encryption to steal data
C. An attack that uses firewalls to block traffic
D. An attack that uses malware to gain unauthorized access to a system or network

QUESTION 58
What is a man-in-the-middle attack?

A. An attack that intercepts communication between two parties

B. An attack that encrypts data transmissions
C. An attack that uses firewalls to block traffic
D. An attack that uses malware to gain unauthorized access to a system or network
QUESTION 59
Which of the following is NOT one of the three main objectives of information security?

A. Confidentiality
B. Integrity
C. Availability
D. Efficiency

QUESTION 60
Which of the following is a basic principle of the CIA triad?

A. Confidentiality, Integrity, Auditability

B. Confidentiality, Integrity, Accountability
C. Confidentiality, Identification, Availability
D. Confidentiality, Identification, Auditability

QUESTION 61
What is the purpose of access controls in information security?

A. To ensure data is always available

B. To prevent unauthorized access to data
C. To maximize system performance
D. To eliminate all security risks

QUESTION 62
What is the primary goal of risk management in information security?

A. To eliminate all risks

B. To reduce risks to an acceptable level
C. To transfer risks to a third party
D. To ignore risks and focus on other security measures
QUESTION 63
Which of the following is a primary concern when it comes to computer security?

A. Cost
B. Speed
C. Confidentiality
D. Convenience

QUESTION 64
What is the term used to describe the process of converting plaintext into a secret code to protect sensitive information?

A. Decryption
B. Encryption
C. Authorization
D. Authentication

QUESTION 65
Which of the following is an example of a physical security control?

A. Firewall
B. Antivirus software
C. Biometric authentication
D. Security camera

QUESTION 66
What is the term used to describe the process of ensuring that data remains accurate, complete, and secure?

A. Confidentiality
B. Integrity
C. Availability
D. Authentication
QUESTION 67
Which of the following is a security principle that emphasizes the need to ensure that systems and data are available when
needed?

A. Confidentiality
B. Integrity
C. Availability
D. Authentication

QUESTION 68
What is the term used to describe the process of verifying the identity of a user or device?

A. Authorization
B. Authentication
C. Encryption
D. Decryption

QUESTION 69
Which of the following is a type of social engineering attack?

A. SQL injection
B. Denial-of-service (DoS)
C. Phishing
D. Brute force

QUESTION 70
Which of the following is an example of a password best practice?

A. Using the same password for multiple accounts

B. Writing down passwords on a sticky note
C. Using a password manager
D. Sharing passwords with colleagues
QUESTION 71
What is the role of an operating system?

A. To process data
B. To manage hardware resources
C. To provide internet connectivity
D. To provide storage capacity

QUESTION 72
What is the function of the kernel in an operating system?

A. To manage system resources

B. To manage applications
C. To manage network connections
D. To manage storage devices

QUESTION 73
Which of the following is NOT an example of an operating system?

A. Microsoft Office
B. Windows
C. macOS
D. Linux

QUESTION 74
What is a security model?

A. A set of guidelines for securing a system or network

B. A type of encryption algorithm
C. A method of securing data transmissions
D. A type of authentication mechanism
QUESTION 75
What is the purpose of user authentication?

A. To prevent unauthorized access to a system or network

B. To encrypt data transmissions
C. To manage system resources
D. To provide internet connectivity

QUESTION 76
What is the principle of least privilege?

A. The idea that users should only be given the minimum level of access necessary to perform their tasks
B. The idea that users should have full access to all system resources
C. The idea that users should be able to modify system settings at will
D. The idea that users should be able to install any software they want on their systems

QUESTION 77
What is a file permission?

A. A set of rules that determines who can access a file and what they can do with it
B. A type of encryption algorithm
C. A method of securing data transmissions
D. A type of authentication mechanism

QUESTION 78
What is a root user?

A. A user with full access to all system resources

B. A user with limited access to system resources
C. A type of encryption algorithm
D. A type of firewall
QUESTION 79
What is a firewall?

A. A security measure that filters network traffic based on predefined rules

B. A type of encryption algorithm
C. A method of securing data transmissions
D. A type of authentication mechanism

QUESTION 80
What is an antivirus software?

A. A software that detects and removes viruses from a system

B. A software that encrypts data transmissions
C. A software that manages network connections
D. A software that provides internet connectivity

QUESTION 81
What is a software update?

A. A new version of a software that fixes bugs and vulnerabilities

B. A type of encryption algorithm
C. A method of securing data transmissions
D. A type of authentication mechanism

QUESTION 82
What is a patch?

A. A software update that fixes a specific security vulnerability

B. A type of encryption algorithm
C. A method of securing data transmissions
D. A type of authentication mechanism
QUESTION 83
What is a zero-day vulnerability?

A. A security vulnerability that is not yet known to the software vendor

B. A type of encryption algorithm
C. A method of securing data transmissions
D. A type of authentication mechanism

QUESTION 84
What is a sandbox environment?

A. A secure environment that isolates a program or application from the rest of the system
B. A type of encryption algorithm
C. A method of securing data transmissions
D. A type of authentication mechanism

QUESTION 85
What is an operating system?

A. A type of antivirus software

B. A collection of computer programs that manage hardware resources and provide common services forcomputer
programs
C. A type of firewall
D. A type of biometric authentication

QUESTION 86
What is a kernel?

A. The core component of an operating system that provides basic services for all other parts of the operatingsystem
B. A type of encryption
C. A type of firewall
D. A type of biometric authentication
QUESTION 87
What is a security model?

A. A framework that defines how security is implemented in an operating system

B. A type of malware
C. A type of encryption
D. A type of firewall

QUESTION 88
What is a user account?
A. A record in an operating system that identifies a user and specifies the user's password, privileges, andother properties
B. A type of encryption
C. A type of firewall
D. A type of biometric authentication

QUESTION 89
What is user authentication?

A. The process of verifying the identity of a user who is requesting access to a system or network
B. The process of encrypting data transmissions
C. The process of filtering traffic based on predefined rules
D. The process of protecting against malware

QUESTION 90
What are file permissions?

A. Access rights that determine who can read, write, or execute a file
B. A type of malware
C. A type of encryption
D. A type of firewall
QUESTION 91
What is the principle of least privilege?

A. The concept of giving a user only the permissions necessary to perform their job
B. A type of encryption
C. A type of firewall
D. A type of biometric authentication

QUESTION 92
What is antivirus software?

A. Software that detects and removes viruses from a computer system or network
B. A type of encryption
C. A type of firewall
D. A type of biometric authentication

QUESTION 93
What is a patch?

A. A software update that fixes security vulnerabilities or other bugs

B. A type of malware
C. A type of encryption
D. A type of encryption

QUESTION 94
What is an update?

A. A software change that adds new features or functionality

B. A type of encryption
C. A type of firewall
D. A type of biometric authentication
QUESTION 95
What is a backup?

A. A copy of data that is stored in case the original data is lost or corrupted
B. A type of malware
C. A type of encryption
D. A type of firewall

QUESTION 96
What is disk encryption?

A. The process of encrypting data on a hard drive or other storage device

B. A type of malware
C. A type of firewall
D. A type of biometric authentication

QUESTION 97
What is a firewall?

A. A network security measure that filters traffic based on predefined rules

B. A type of malware
C. A type of encryption
D. A type of biometric authentication

QUESTION 98
What is a DMZ?

A. A network segment that is exposed to the Internet and is used to host servers that provide services toexternal users
B. A type of malware
C. A type of encryption
D. A type of firewall
QUESTION 99
What is a password policy?
A. A set of rules for creating and managing passwords
B. A type of antivirus software
C. A type of encryption
D. A type of firewall

QUESTION 100
What is the purpose of an operating system security model?

A. To provide a framework for securing an operating system

B. To provide antivirus protection
C. To provide a firewall
D. To provide encryption

QUESTION 101
What is malware?

A. A type of computer virus

B. Software designed to harm computer systems
C. A hardware component that is not functioning properly
D. A file that helps speed up computer performance

QUESTION 102
Which of the following is NOT a type of malware?

A. Virus
B. Trojan
C. Spyware
D. Firewall

QUESTION 103
How does a virus spread from one computer to another?
A. Through the internet
B. Through email attachments
C. Through infected USB drives
D. All of the above

QUESTION 104
What is the purpose of a rootkit?

A. To help the computer run faster

B. To gain unauthorized access to a computer system
C. To protect the computer from malware
D. To backup important files on the computer

QUESTION 105
What is the best way to protect your computer from malware?

A. Use a reputable antivirus software

B. Avoid using the internet
C. Disable your computer's firewall
D. Install pirated software

QUESTION 106
What is a phishing attack?

A. A type of computer virus

B. An attempt to trick someone into giving away sensitive information
C. A type of online game
D. A software tool for accessing the internet

QUESTION 107
What is social engineering?
A. Using social media for business purposes
B. A type of malware attack
C. Manipulating people into divulging sensitive information
D. A tool for measuring internet speed

QUESTION 108
What is the most effective way to protect your password?

A. Using a short and simple password

B. Sharing your password with others
C. Using a different password for each account
D. Writing your password down on a piece of paper

QUESTION 109
What is the difference between a virus and a worm?

A. A virus can replicate and spread on its own, while a worm requires human interaction to spread
B. A virus is a type of malware that infects files or programs, while a worm is a self-contained program thatspreads
across networks
C. A virus is typically less harmful than a worm, which can cause extensive damage to networks
D. There is no difference between a virus and a worm

QUESTION 110
What is a polymorphic virus?
A. A type of virus that changes its code to avoid detection by antivirus software
B. A type of virus that infects multiple types of files and programs
C. A type of virus that is specifically designed to target mobile devices
D. A type of virus that encrypts files on a computer and demands payment for their decryption

QUESTION 111
What is the purpose of a sandbox environment?

A. To test software or code in a safe and isolated environment

B. To create a secure backup of important files and data
C. To provide a secure remote access connection to a network
D. To monitor and analyze network traffic for potential threats

QUESTION 112
What is a heuristic scanner?

A. A type of antivirus software that uses signature-based detection to identify malware

B. A type of antivirus software that uses behavior-based detection to identify malware
C. A type of network security device that monitors network traffic for potential threats
D. A type of firewall that blocks incoming and outgoing network traffic based on predefined rules

QUESTION 113
What is a distributed denial-of-service (DDoS) attack?

A. An attack that floods a network or website with traffic from multiple sources, making it inaccessible to users
B. An attack that steals sensitive information from web browsers
C. An attack that infects a network or computer with malware
D. An attack that impersonates a legitimate website or email to steal login credentials

QUESTION 114
What is a man-in-the-middle (MITM) attack?

A. An attack that intercepts and modifies network traffic between two parties without their knowledge
B. An attack that floods a network or website with traffic from multiple sources
C. An attack that infects a network or computer with malware
D. An attack that impersonates a legitimate website or email to steal login credentials

QUESTION 115
What is the difference between symmetric and asymmetric encryption?

A. Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryptionuses
different keys
B. Symmetric encryption is faster and more efficient than asymmetric encryption
C. Asymmetric encryption is more secure than symmetric encryption
D. There is no difference between symmetric and asymmetric encryption

QUESTION 116
What is the purpose of a digital signature?

A. To verify the authenticity and integrity of a digital document or message

B. To encrypt a digital document or message for secure transmission
C. To create a backup of important files and data
D. To monitor and analyze network traffic for potential threats

QUESTION 117
Which of the following is NOT a type of cybersecurity threat?

A. Phishing
B. Malware
C. Social engineering
D. None of the above

QUESTION 118
Which of the following is an example of a zero-day vulnerability?

A. A vulnerability that is known and has a patch available

B. A vulnerability that has been exploited by hackers
C. A vulnerability that is unknown to the software vendor and has not been publicly disclosed
D. A vulnerability that has been disclosed but not yet patched
QUESTION 119
Which of the following is a common goal of a cyber attacker?

A. To steal sensitive information

B. To disrupt normal business operations
C. To deface a website
D. All of the above

QUESTION 120
Which of the following is an example of a physical security control?

A. Password policy
B. Biometric authentication
C. Firewall
D. Security camera

QUESTION 121
What is a buffer overflow attack?
Explanation/Reference:

A. An attack that exploits a vulnerability in a software application to execute malicious code

B. An attack that floods a network or system with traffic to overwhelm it
C. An attack that targets the operating system kernel to gain privileged access
D. An attack that overwrites adjacent memory locations to execute unauthorized code

QUESTION 122
What is the purpose of access control?

A. To prevent unauthorized access to resources

B. To detect and respond to security incidents
C. To monitor and audit system activity
D. None of the above

QUESTION 123
What is the difference between user-level and kernel-level access control?

A. User-level access control applies to individual users, while kernel-level access control applies to systemprocesses
B. User-level access control is more secure than kernel-level access control
C. Kernel-level access control is more granular than user-level access control
D. None of the above

QUESTION 124
What is the principle of least privilege?

A. Users should have the minimum necessary access to perform their job functions
B. All users should have equal access to system resources
C. Users should have unlimited access to system resources
QUESTION 125
What is the purpose of a software patch?

A. To fix a vulnerability or bug in a software application

B. To add new features to a software application
C. To upgrade a software application to a new version
D. None of the above
QUESTION 126
What is the difference between confidentiality, integrity, and availability in information security?

A. Confidentiality refers to protecting data from unauthorized access, integrity refers to protecting data
frommodification, and availability refers to ensuring that data is always accessible
B. Confidentiality refers to ensuring that data is always accessible, integrity refers to protecting data fromunauthorized
access, and availability refers to protecting data from modification
C. Confidentiality refers to protecting data from modification, integrity refers to protecting data fromunauthorized
access, and availability refers to ensuring that data is always accessible
D. None of the above

QUESTION 127
What is the CIA triad in information security?

A. Confidentiality, integrity, and availability

B. Cybersecurity, information security, and network security
C. Cookies, IP addresses, and firewalls
D. None of the above

QUESTION 128
What is the difference between symmetric and asymmetric encryption?

A. Symmetric encryption uses a single key for both encryption and decryption, while asymmetric encryptionuses
different keys for encryption and decryption
B. Symmetric encryption uses different keys for encryption and decryption, while asymmetric encryption uses asingle
key for both encryption and decryption
C. Symmetric encryption is more secure than asymmetric encryption
D. None of the above

D. None of the above

Correct Answer: A
Section: (none) Explanation
Explanation/Reference:

QUESTION 129
What is the difference between a vulnerability and an exploit?

A. A vulnerability is a weakness in a system that can be exploited by an attacker, while an exploit is the actualcode or
technique used to take advantage of a vulnerability
B. A vulnerability and an exploit are the same thing
C. A vulnerability is a type of attack, while an exploit is a type of vulnerability
D. None of the above

QUESTION 130
What is the difference between a threat and a risk in cybersecurity?

A. A threat is a potential danger or attack, while a risk is the likelihood or probability of a threat occurring
B. A threat and a risk are the same thing
C. A threat is a type of vulnerability, while a risk is a type of exploit
D. None of the above

QUESTION 131
What is the difference between a user account and an administrator account?

A. A user account has limited privileges, while an administrator account has full privileges
B. A user account has full privileges, while an administrator account has limited privileges
C. A user account and an administrator account are the same thing
QUESTION 132
What is the difference between a virus and a worm?

A. A virus requires human interaction to spread, while a worm can spread automatically without humaninteraction
B. A virus can spread automatically without human interaction, while a worm requires human interaction tospread
C. A virus and a worm are the same thing
D. None of the above

QUESTION 133
What is a zero-day vulnerability?

A. A vulnerability that has been known for zero days

B. A vulnerability that is unknown to the software vendor and does not have a patch available
C. A type of malware that has not been detected by antivirus software
D. None of the above

QUESTION 134
What is heuristic analysis?

A. A method of analyzing network traffic to detect anomalies

B. A method of analyzing software code to identify potential malware
C. A type of network security device
D. None of the above

QUESTION 135
What is the difference between confidentiality and integrity?

A. Confidentiality refers to the protection of data from unauthorized disclosure, while integrity refers to theprotection of
data from unauthorized modification
B. Confidentiality refers to the protection of data from unauthorized modification, while integrity refers to theprotection
of data from unauthorized disclosure
C. Confidentiality refers to the availability of data, while integrity refers to the confidentiality of data
D. Confidentiality and integrity are the same thing

QUESTION 136
What is the CIA triad?

A. A model for information security that includes confidentiality, integrity, and availability
B. A model for network security that includes cryptography, intrusion detection, and firewalls
C. A model for disaster recovery that includes contingency planning, backup and recovery, and businesscontinuity
D. A model for disaster recovery that includes contingency planning, backup and recovery, and businesscontinuity

D. None of the above

Correct Answer: A
Section: (none) Explanation
Explanation/Reference:

QUESTION 137
What is full disk encryption?

A. A method of encrypting individual files or folders

B. A method of encrypting network traffic
C. A method of encrypting an entire hard drive or storage device
D. A method of encrypting email messages

QUESTION 138
What is a penetration test?

A. A test that simulates an attack on a computer system or network to identify vulnerabilities and weaknesses
B. A test that measures the performance of network security devices
C. A test that measures the effectiveness of antivirus software
QUESTION 139
What is a privilege escalation attack?

A. An attack that exploits a vulnerability to gain elevated privileges on a system

B. An attack that targets a user's password
C. An attack that floods a network with traffic to overload it
D. None of the above

QUESTION 140
What is a backdoor?

A. A type of malware that provides unauthorized access to a system

B. A type of network security device
C. A type of encryption algorithm
D. None of the above

QUESTION 141
What is root-level access?

A. The highest level of access on a system, which allows a user to perform any action
B. A type of network security device
C. A type of antivirus software
D. None of the above

QUESTION 142
What is an antivirus signature?

A. A unique identifier used by antivirus software to detect malware

B. A type of network security device
C. A type of encryption algorithm

D. None of the above

Correct Answer: A
Section: (none) Explanation
D. None of the above

QUESTION 143
Which of the following is not a common feature of antivirus software?

A. Signature-based detection
B. Heuristic-based detectionC. Firewall
D. Behavior-based detection

QUESTION 144
Which of the following is not a common way to prevent malware infections?

A. Keep software up-to-date

B. Disable antivirus software
C. Avoid suspicious websites
D. Don't download unknown files

QUESTION 145
What is a fileless malware?

A. A type of malware that uses a file to infect a system

B. A type of malware that runs in memory without leaving any traces on disk
C. A type of malware that uses encryption to evade detection
D. None of the above

QUESTION 146
What is an intrusion detection system (IDS)?
A. A type of antivirus software
B. A type of network security device
C. A tool that monitors network traffic for signs of intrusion
D. None of the above

QUESTION 147
What is the purpose of User Account Control (UAC)?

A. To prevent unauthorized access to the system

B. To control the privileges of users and applications
C. To monitor network traffic
D. None of the above

QUESTION 148
Which of the following is NOT a type of access control?

A. Mandatory Access Control (MAC)

B. Role-Based Access Control (RBAC)
C. Discretionary Access Control (DAC)
D. All of the above are types of access control

QUESTION 149
What is the difference between authentication and authorization?

A. Authentication is the process of verifying the identity of a user, while authorization is the process of grantingor
denying access to a resource
B. Authentication is the process of granting or denying access to a resource, while authorization is the processof
verifying the identity of a user
C. Authentication and authorization are the same thing
D. None of the above

Section: (none)
Explanation

QUESTION 150
What is the purpose of a risk assessment?

A. To identify and prioritize security risks

B. To implement security controls
C. To ensure compliance with security policies and regulations
D. All of the above

QUESTION 151
Hermione is a 21 year-old college student. She loves spending time on Facebook. However, with her final exams
approaching, she feels that spending time on
Facebook will harm her exam results. Hence, she enables a particular Facebook feature, with the help of which, she will
not get any emails or notifications from
Facebook. Which Facebook feature did Hermione use?

A. Deactivate account
B. Deactivate account
C. Login alerts
D. Where you’re logged in

QUESTION 152
Ellie, an 18 year-old student, shares her Windows computer with her younger brother, Adam. Adam is very mischievous
and whenever he is on the computer, he ruins Ellie’s
college assignments. Ellie, who is fed up of this decides to encrypt the drive that contains her assignments. She uses
inbuilt Windows software to encrypt the drive so that Adam cannot access the drive. Which software did Ellie use?

A. Adobe
B. Skype
C. SPAMfighter
D. BitLocker

QUESTION 153
As part of his security implementation plan, Glenn was updating his firewall. Which aspect of the security implementation
plan was Glenn working on?

A. Reaction
B. Maintenance
C. Nonrepudiation
D. Precaution

QUESTION 154
Which of the following terms refers to a collection of information that defines or describes the user and his or her
interests?

A. Facebook group
B. Timeline
C. Account settings
D. Profile

QUESTION 155
Sally is a 16-year-old high school student who is extremely attached to her laptop. She uses it to download and watch
episodes of her favorite sitcom. While watching one of
the episodes, her laptop switched off automatically a couple of times. Suspecting a malware infection, she opened
the antivirus software on her laptop and chose a technique, which examined all files on the memory and hard disk
in order to identify and locate the malware. Which antivirus technique did Sally employ?

A. Integrity checking
B. Scanning
C. Bookmarks method
D. Heuristics analysis

QUESTION 156
Amy received an email from an official claiming to be from ABC Parcel Services. The email asked her to collect a gift
parcel sent by her friend three weeks ago. The service
claimed that they were unable to deliver the parcel to Amy, as the address provided was wrong. The service asked her
to print out the attached invoice copy, fill it, and collect the package from the branch office located in her city. .
Which type of email security threat could Amy have faced, if she clicked or downloaded the attachment?

A. Malicious email attachment

B. Hoax mail
C. Phishing
D. Malicious user redirection
QUESTION 157
. John is an 18 year-old college-going student. He loves to read books and listen to music on his laptop. He regularly
downloads e-books and music from the internet. Lately,
whenever John has been spending time on his laptop, the laptop begins displaying the infamous Blue Screen of
Death (BSOD). Upon taking his laptop to the service center,
John was told that his laptop was infected with malware. Which symptom of malware infection is John’s laptop
displaying?

A. Hard drive malfunction

B. Wide Area Network
C. Virtual Private Network
D. Local Area Network

QUESTION 158
Luke works as an analyst for AS Pvt. Ltd. His job there is to analyze statistics and records obtained from people to
improve the sales of the company. However, recently the
statistics and records given to him have been incorrect, thus leading to gross miscalculations and wrong
predictions on his part. Which of the terms listed below, best describes these statistics and records that are
incorrect?

A. Data
B. Information
C. Indicators
D. Archives

QUESTION 159
Raymond received an email from an official claiming to be from his bank. The email requested Raymond to send his
personal details since the customer database of the
bank was being updated. Upon confirmation from the bank, Raymond was told that the bank had not sent any emails
asking for the personal details of their customers. Which cyber-attack would Raymond have been a victim of if he had
replied to the email?

A. War driver
B. Eavesdropping
C. Man in the middle attack
D. Phishing
QUESTION 160
Which of the following terms refers to malicious software that is specifically built to target mobile phones and
smartphones systems?

A. War driver
B. Eavesdropping
C. Man in the middle attack
D. Phishing

QUESTION 161
Which of the following terms refers to malicious software that is specifically built to target mobile phones and
smartphones systems?

A. Phishing
B. Mobile malware
C. Unmanaged applications
D. Broken cryptography

QUESTION 162
A new online service allows people living with roommates to feed in all their house hold expenses in its ‘share calculator’
program. The program then calculates how much
each person is supposed to pay and sends a detailed report to all those who are listed as roommates for that particular
transaction. The above mentioned service is an example of which of the following?

A. Software as a Service
B. Network as a Service
C. Infrastructure as a Service
D. Platform as a Service

QUESTION 163
Which of the following software programs allows you to access and display web pages on your computer?
A. Web browsers
B. Search engine
C. Extensions
D. Email

QUESTION 164
Janine’s parents gave her a smartphone for her birthday. The phone’s operating system intrigued and deli ghted Janine at
the same time. This was because it was the first
time she had seen a smartphone that had a tile- based setup. In addition, the tiles could be removed and
interchanged on the home screen. Which operating system did Janine’s phone have?

A. Windows
B. Symbian
C. Android
D. iOS

QUESTION 165
Which of the following websites can Windows Phone users use to locate their stolen smartphone?

A. account.microsoft.com/devices
B. http://www.symbianguru.com/tracking-mobile-with-phone-guardian.html
C. iCloud.com
D. android.com/devicemanager

QUESTION 166
Certain software applications add or modify a particular feature in a browser. A few versions allow users to block
ads, watch online videos, or IM with friends. What is this application called?

A. Extensions
B. ActiveX
C. Java
D. Cookies
QUESTION 167
. Duke is taking some of the best pictures he has yet as an amateur photographer in a pen drive to get his work assessed by
an expert. On the subway an unknown person
picks his pocket. Along with his wallet Duke also lost the pen drive with his pictures. Since he had not made any
more copies of those pictures, he lost them forever. What type of data loss is this?

A. Malware attack
B. Hardware theft
C. Software theft
D. Natural disaster

QUESTION 168
Which privacy issue of clouds exposes users to the risk of their data being accessed by the cloud service provider without
the user’s consent?

A. Data ownership
B. Data migration
C. Data location
D. Data permanency

QUESTION 169
Fred, a 14 year-old boy, is an only child. Fred loves spending time on his Mac OS X browsing the internet. When his
parents are not at home, he spends hours at a stretch
on the computer. Once, when Fred’s parents come home late from work and find him on the Mac, they decided to limit his
comput er time. Enabling an inbuilt feature in the Mac,
Fred’s parents limit his computer time to two hours daily. Which MAC OS X feature did Fred’s parents enable?

A. Jump lists
B. UAC slider bar
C. FileVault
D. Parental control

QUESTION 170
Tom, a 14 year-old boy has been chatting online with Adam, whom Tom assumes is 14 years old as well. Over the months,
they built up a great ‘online’ friendship, playing
online games, checking out EDM websites, continuing with their friendly rivalry over football, and just talking about
‘guy’ s tuff. When Adam invited Tom over to meet him, Tom
was obviously excited. However, when Tom me t Adam, he was shocked, as Adam turned out to be a 35 years old man.
Despite this shock, Tom entered Adam’s house, as he
trusted him. Tom was having a great time playing PS3 with Adam, until the time Adam touched him
inappropriately. Tom ran away from Adam ’s house and did not know what to do. Which form of cyber-
attack was Tom a victim of?

A. Social engineering
B. Phishing
C. Pornography
D. Grooming

QUESTION 171
A newly established ITES company plans to launch a website which enables its users to share pictures and videos
with each other. Apart from this, users can also comment on these pictures and share them further. Under which of
the following cloud categories will the company’s product come?

A. Community cloud
B. Private Cloud
C. Public Cloud
D. Hybrid Cloud

QUESTION 172
XYZ Infra Solutions, a startup company is looking for a cloud service provider who can provide virtual machines,
virtual local area network, customized software applications, on demand storage, IP addresses, and firewalls to
meet its business needs. Which of the following cloud computing services can meet the business needs of the
company?

A. Application as a Service
B. Infrastructure as a Service
C. Software as a Service
D. Platform as a Service
QUESTION 173
Which of the following refers to the periodic patching of system files to fix any issues in the previous version of the
Windows OS?

A. Windows Firewall
B. Task manager
C. FileVault
D. Windows Updates

QUESTION 174
What does a lock icon symbolize besides a website name?

A. The website is not accessible at the moment

B. The website needs a password to be accessed
C. The website is a secure website
D. The website cannot be accessed without the site admin’s permission

QUESTION 175
Which of the following terms refers to the process of protecting information, and the infrastructure that stores it?

A. Availability
B. Keystroke logging
C. Data security
D. Maintenance

QUESTION 176
Which of the following antivirus techniques refers to the process of comparing the current state of stored
programs to a previously recorded state, which is known to be free of malware?

A. Scanning
B. Heuristics analysis
C. Bookmarks method
D. Integrity checking
QUESTION 177
Harry, a 21 year-old college-going student, was working on his dissertation when suddenly a message flashed on his
screen, “All files on your compu ter have been
encrypted. You must pay $1000 within 72 hours to regain access to your data.”Even after Harry paid the money,
he was not able to access his data, and all the documents on his dissertation were lost. Which malware attack was
Harry a victim of?

A. Botnet
B. Adware
C. Virus
D. Ransomware

QUESTION 178
Andrew lost his iPhone on the way home from college. He anxiously wanted to recover it, as it was a gift from his late
grandfather. The iPhone also contained pictures that
he had taken for a national photography contest. Using which iOS feature, can Andrew locate his phone?

A. SIM lock
B. System updates
C. iCloud backup
D. Find my iPhone

QUESTION 179
Which of the following helps to backup data on a Mac?

A. App Store
B. Extensions
C. Time Machine
D. Internet Accounts

Correct Answer:

QUESTION 180
Which of the following fundamental concepts of security refers to an action taken in advance to protect the system against
threats or dangers?
A. Precaution
B. Maintenance
C. Nonrepudiation
D. Reaction

QUESTION 181
. InfraTech Inc. is an international IT company with offices in Dubai, Singapore, and Australia. To have continuity of
business practice, it is imperative that all the branch offices be able to communicate amongst themselves. Which of the
following network systems would be suitable for data communication between the employees of all branches of InfraTech
Inc.?

A. Ethernet
B. Virtual Private Network
C. Wide Area Network
D. Local Area Network

QUESTION 182
Ruth Cole is a sales manager and travels extensively on business. She regularly upda tes and stores clients’ data on a
remote data storage device via the Internet, so that in
case she loses her laptop or it crashes for some reason, she does not lose the data which is essential to carrying out
her work. Which type of data backup is Emma using to carry out her daily work?;

A. Full system backup

B. Incremental backup
C. Online data backup
D. Differential backup

QUESTION 183
Which of the following terms refers to the process that ensures accuracy of the sender and receiver of a message?

A. Nonrepudiation
B. Availability
C. Data
D. Authenticity
QUESTION 184
Susan downloaded a software from the Internet and installed it on her computer for watching movies online. After
installing the software, she noticed that her PC was slowing down and was taking more time to open webpages. What
could Susan do to solve this problem?

A. Install a latest antivirus software and scan her computer

B. Stop using wireless internet connection
C. Choose a suitable encryption method
D. Start using Ethernet

Correct Answer:
Section: (none)
Explanation

QUESTION 185
Lucy, a 55 year-old woman, was not a technically savvy person. She did not install or enable any applications on her
computer, and only used it for looking up recipes and
knitting patterns. After some time, Lucy’s computer started giving her problems. It often displayed the Blue Screen of
Death (BSOD) and unwanted windows kept popping up whenever she went online. When a computer technician
checked Lucy’s computer, it was discovered that her computer was infecte d with malware. Which inbuilt Windows
software should Lucy have enabled to prevent malware infection in her computer?

A. Jump lists
B. Simple file sharing
C. Windows Defender
D. Task manager

QUESTION 186
Alex, the coach of Manchester United, called up Wayne, the captain of the team, to discuss the tactics they would employ
in the upcoming Champions League Final. The
following day, Alex received an email with the transcript of the conversation he had with Wayne. The sender of the email
threatened to make Alex’s tactics public, if he did not pay him $5000. Which form of mobile device attack was Alex a
victim of?

A. Social engineering
B. Man in the middle attack
C. Eavesdropping
D. Phishing
QUESTION 187
This part of an email informs you about the address from where it came, time of the message, date sent, and the subject
line. Identify the email part?

A. Header
B. Footer
C. Signature
D. Body

QUESTION 188
Susan, a 15-year-old girl, loves spending her free time baking and cycling. However, recently she has been spending all
of her free time glued to the computer. She shows
no interest in her hobbies anymore and looks depressed most of the time. Her parents also noticed that whenever they
enter her room, she quickly changes the computer screen. Understandably, Susan’s parents are worried about her.
What could be the reason for her behavior?

A. Unsolicited emails
B. Victim of online child abuse
C. Too much pressure at school
D. Social engineering

QUESTION 189
Which of the following is an encryption program in Mac that helps users to protect their data?

A. SPAMfighter
B. FileVault
C. Safar
D. Lockbin

QUESTION 190
. Daniel, a bank officer, communicates with his clients through emails on a daily basis. Recently, he noticed that his Gmail
inbox was filled with unsolicited emails. The cluttered inbox annoyed him, as it was difficult to filter the important emails.
Hence, he decided to find a solution for it. Upon inquiry, a service provider told him that he could use software which
automatically filters out the unsolicited emails. This software would not only protect his Gmail account, but also protect
all the email accounts configured on his email client. Which of the following tools did Daniel probably enquire about?

A. Avast Pro
B. SPAMfighter
C. Norton
D. Kaspersky

Section: (none)
Explanation

QUESTION 191
Which of the following is the strongest password?

A. donnamike92
B. Pa#72tLe
C. Domike*
D. Donna1992

QUESTION 192
Samuel, a network admin in an IT firm, has just discovered a phishing site known for targeting corporate entities. Several
employees have received emails with the domain
name, which is the same as that of this site. In order to prevent the company’s network from being corrupted, Samuel
decides to block all incoming and outgoing traffic from that site. Which of the following defense mechanisms can
Samuel use to implement this?

A. Virus
B. Disk encryption
C. Firewall
D. Encryption

QUESTION 193
Harold, an associate at AQ Corporation, received a phone call from a person claiming to be Bob from the IT department.
Bob told Harold that he had no ticed that Harold’s
computer was running slow, and could help him fix it. Harold, not having much knowledge regarding computers, readily
agreed. Following Bob’s instructions, Harold typed in
some commands on his computer, and gave remote access to Bob to have his computer fixed. Later on, Harold
noticed that confidential information concerning his clients was missing from his computer. Which attack was
Harold a victim of?

A. Bluesnarfing
B. War driver
C. Social engineering
D. Evil twin

Section: (none)
Explanation

QUESTION 194
. Isaac is transferring all the data from his computer to an external drive as he wants to format his laptop. While moving
the data, he accidentally hits delete instead of cut on one of the files and without realizing, hit the enter key when the
computer prompted to confirm his action. As the file was a huge one, it did not go to the recycle bin and got permanently
deleted. What type of data loss is this?

A. Computer virus
B. Software failure
C. Hardware theft
D. Human error

Correct Answer:

QUESTION 195
Sam uses his work laptop to watch pirated movies at home sometimes. When he tried to watch the latest movie he
downloaded, the movie file did not play even after trying
on several different players. Within a day of this, Sam noticed that many of his files were vanishing one after the other
from his laptop even though neither he nor anyone else
deleted them. The network administrator of his company, after taking a look at his computer told him that the movie
files, wh ich did not play, definitely had something to do with this peculiar behavior. What type of data loss could this
be?

A. Natural disaster
B. Software failure
C. Human error
D. Computer virus
QUESTION 196
ABC Info Ltd. has a part of its business already on a cloud computing platform. However, its new product suite would
need a cloud service which runs on a totally different
technology. The company should be able to make its legacy products and new products communicate with each other as
the new products a re just an upgrade of the old ones and much of the required data still resides on the old cloud. Which
of the following cloud compu ting platforms will be suitable for ABC Info’s future needs?

A. Public cloud
B. Community cloud
C. Hybrid cloud
D. Private cloud

QUESTION 197
You received the following email from an official claiming to be from your bank. Dear ABC Bank User, Since we will be
updating our customer database shortly, you are kindly requested to send the following information. • Name • Bank login
id • Password • Branch • Date of birth • Alternate em ail Please click the below link to update your details.
Proceed to update your account details Please contact the ABC Bank customer team in case of any queries. Thank you
for your cooperation. Which type of email security threat is this?

A. Nigerian scam
B. Phishing
C. Spy-phishing
D. Malicious email attachment

QUESTION 198
Imagine getting a letter from the Inland Revenue Authority of Singapore (IRAS) demanding that you pay $5,700 in taxes.
This is what happened to Rick. He received a letter
informing him that he owed the government unpaid income tax on wages he never earned. The IRAS letter said that Rick
had worked at several places. However, Rick is only
15 years old and his only job was working at his uncle’s grocery store during the summer. He had never even visited
some of t he places where the letter said he worked. Rick was not sure what t o do next. After all, he has never even had
a “real” job like those listed in the letter. What is going on in this scenario?

A. Nigerian scam
B. Social engineering
C. Identity Theft
D. Phishing
QUESTION 199
Which of the following terms refers to software that attackers creat e to install on a victim’s computer in order to
compromise its security?

A. Lockbin
B. Bitlocker
C. Dropbox D. Malware

QUESTION 200
Horace is a 64 year-old man who worked as an accountant for SN Associates before his retirement. The company gifted
him a laptop at the time of his retirement. Since
Horace was not a technically savvy person, he did not install any applications on his laptop, and only used it for checking
his email and playing poker online. After some time,
Horace’s laptop started giving him problems. It crashed frequently, often displayed the Blue Screen of Death
(BSOD), and unwanted windows kept popping up whenever he went online. When Horace took his laptop to the
service center, he was told that his laptop was infected with malware. Which software should Horace have installed to
prevent malware infection in his laptop?

A. Skype
B. One Drive
C. Adobe Reader
D. Antivirus software