CCNA Cyber Ops Understanding Cisco Cybersecurity Fundamentals Practice Exam
Free Questions and Answers
What is the primary purpose of a firewall in network security?
A) To prevent physical access to network devices
B) To block unauthorized network traffic
C) To encrypt all network traffic
D) To scan for malware on endpoints
Answer: B) To block unauthorized network traffic
Explanation: A firewall controls incoming and outgoing network traffic based on predetermined security rules, primarily to block unauthorized access.
Which of the following is a characteristic of a zero-day vulnerability?
A) It has a known patch available
B) It is exploited on the day it is discovered
C) It only affects obsolete software
D) It is a false positive in threat detection
Answer: B) It is exploited on the day it is discovered
Explanation: Zero-day vulnerabilities are unknown to the vendor and exploited immediately before a patch is available.
What does the CIA triad stand for in cybersecurity?
A) Confidentiality, Integrity, Availability
B) Control, Inspection, Authentication
C) Cryptography, Identification, Authorization
D) Compliance, Investigation, Audit
Answer: A) Confidentiality, Integrity, Availability
Explanation: The CIA triad represents the core principles of information security: protecting data privacy, accuracy, and accessibility.
What is the role of a Security Information and Event Management (SIEM) system?
A) To provide physical security controls
B) To collect and analyze security alerts in real-time
C) To encrypt all organizational data
D) To manage user permissions
Answer: B) To collect and analyze security alerts in real-time
Explanation: SIEM systems aggregate logs and alerts from multiple sources to detect and respond to threats promptly.
What type of attack involves an attacker masquerading as a trusted entity to steal data?
A) Phishing
B) Spoofing
C) Brute force
D) Denial of Service
Answer: B) Spoofing
Explanation: Spoofing is when an attacker impersonates a trusted source to gain unauthorized access.
Which protocol is most commonly used to secure email communication?
A) SMTP
B) IMAP
C) TLS
D) FTP
Answer: C) TLS
Explanation: Transport Layer Security (TLS) encrypts email communications to protect data in transit.
Which of the following is NOT a function of a network Intrusion Detection System (IDS)?
A) Detecting suspicious traffic
B) Blocking malicious traffic automatically
C) Logging security events
D) Alerting administrators to potential threats
Answer: B) Blocking malicious traffic automatically
Explanation: IDS detects and alerts but does not block traffic; that function is for an Intrusion Prevention System (IPS).
What does the term “phishing” refer to in cybersecurity?
A) Physical theft of devices
B) Social engineering to obtain sensitive data
C) Injection of malicious code
D) Scanning for vulnerabilities
Answer: B) Social engineering to obtain sensitive data
Explanation: Phishing is a social engineering attack where attackers impersonate trustworthy entities to steal information.
What is the purpose of multi-factor authentication (MFA)?
A) To simplify password management
B) To increase login speed
C) To provide additional layers of security beyond passwords
D) To automatically reset user credentials
Answer: C) To provide additional layers of security beyond passwords
Explanation: MFA requires users to present multiple forms of evidence before granting access, reducing the risk of unauthorized access.
Which of the following best describes a VPN?
A) A system for backing up data
B) A private network that encrypts data over public networks
C) A firewall configuration tool
D) A type of malware
Answer: B) A private network that encrypts data over public networks
Explanation: Virtual Private Networks (VPNs) create encrypted tunnels to protect data traveling across public or insecure networks.
What type of malware restricts access to files or systems until a ransom is paid?
A) Trojan
B) Worm
C) Ransomware
D) Spyware
Answer: C) Ransomware
Explanation: Ransomware encrypts files or locks systems, demanding payment for restoration.
What is the function of a Demilitarized Zone (DMZ) in network security?
A) To isolate internal network segments
B) To serve as a buffer zone between a trusted and untrusted network
C) To encrypt internal traffic
D) To host internal file shares
Answer: B) To serve as a buffer zone between a trusted and untrusted network
Explanation: A DMZ hosts publicly accessible services while isolating the internal network from external threats.
Which of the following best describes a brute force attack?
A) Exploiting software vulnerabilities
B) Attempting many passwords or keys to gain unauthorized access
C) Manipulating users via social engineering
D) Intercepting and altering network traffic
Answer: B) Attempting many passwords or keys to gain unauthorized access
Explanation: Brute force attacks systematically try many combinations to crack passwords.
Which type of cyber threat involves overloading a system to make it unavailable to users?
A) Data breach
B) Denial of Service (DoS)
C) Man-in-the-Middle
D) SQL Injection
Answer: B) Denial of Service (DoS)
Explanation: DoS attacks flood a network or system, making services unavailable.
What is the primary goal of penetration testing?
A) To train users in security best practices
B) To evaluate network performance
C) To simulate attacks and identify vulnerabilities
D) To back up critical data
Answer: C) To simulate attacks and identify vulnerabilities
Explanation: Penetration testing mimics real-world attacks to uncover weaknesses before attackers exploit them.
What does “social engineering” typically exploit?
A) Software vulnerabilities
B) Human psychology and trust
C) Weak cryptographic algorithms
D) Network protocols
Answer: B) Human psychology and trust
Explanation: Social engineering attacks manipulate people into divulging confidential information.
Which of the following is a strong password best practice?
A) Using dictionary words only
B) Using at least 12 characters with a mix of letters, numbers, and symbols
C) Using the same password for multiple accounts
D) Using only numbers
Answer: B) Using at least 12 characters with a mix of letters, numbers, and symbols
Explanation: Strong passwords are complex and lengthy to resist guessing and brute force attacks.
What is the purpose of encryption in cybersecurity?
A) To delete sensitive data
B) To make data unreadable to unauthorized users
C) To compress data for storage
D) To scan for viruses
Answer: B) To make data unreadable to unauthorized users
Explanation: Encryption transforms data into a coded form to protect confidentiality.
What is a botnet?
A) A network of compromised devices controlled by an attacker
B) A type of firewall
C) An encrypted communication channel
D) A software patch
Answer: A) A network of compromised devices controlled by an attacker
Explanation: Botnets are used to launch large-scale attacks like DDoS or distribute malware.
Which protocol is commonly used to securely transfer files?
A) FTP
B) HTTP
C) SFTP
D) Telnet
Answer: C) SFTP
Explanation: Secure File Transfer Protocol (SFTP) encrypts file transfers, unlike plain FTP.
What is the main function of a VPN concentrator?
A) To monitor email traffic
B) To establish and manage multiple VPN connections
C) To encrypt stored data
D) To provide physical security
Answer: B) To establish and manage multiple VPN connections
Explanation: VPN concentrators handle numerous VPN tunnels simultaneously, providing secure remote access.
Which of the following is an example of an insider threat?
A) External hacker exploiting a vulnerability
B) Employee leaking confidential information
C) Malware infection from a phishing email
D) Denial of Service attack from a competitor
Answer: B) Employee leaking confidential information
Explanation: Insider threats originate from within the organization, such as employees or contractors.
What is the best description of a honeypot?
A) A fake system used to attract and analyze attackers
B) A system that automatically patches vulnerabilities
C) A backup storage device
D) A password management tool
Answer: A) A fake system used to attract and analyze attackers
Explanation: Honeypots lure attackers away from real systems and help study their methods.
What is two main differences between IDS and IPS?
A) IDS blocks traffic; IPS only monitors
B) IDS only monitors and alerts; IPS can block traffic
C) IDS encrypts traffic; IPS decrypts it
D) IDS scans for malware; IPS scans for phishing
Answer: B) IDS only monitors and alerts; IPS can block traffic
Explanation: IDS is passive, detecting threats and alerting, while IPS actively blocks threats.
What does the term “patch management” refer to?
A) Backing up data regularly
B) Applying software updates to fix vulnerabilities
C) Encrypting data in transit
D) Monitoring user activity
Answer: B) Applying software updates to fix vulnerabilities
Explanation: Patch management ensures systems are updated to protect against known security flaws.
Which of the following attacks manipulates SQL queries to access or modify a database?
A) Cross-site scripting
B) SQL injection
C) Man-in-the-middle
D) Denial of Service
Answer: B) SQL injection
Explanation: SQL injection exploits vulnerabilities in input validation to manipulate database queries.
What is the primary function of a DMZ in network design?
A) To isolate sensitive data
B) To provide a secure zone for public-facing servers
C) To encrypt internal network traffic
D) To authenticate users
Answer: B) To provide a secure zone for public-facing servers
Explanation: DMZ separates external services from the internal network for added security.
What kind of attack tries to intercept and possibly alter communication between two parties?
A) Phishing
B) Man-in-the-middle (MitM)
C) Brute force
D) Ransomware
Answer: B) Man-in-the-middle (MitM)
Explanation: MitM attacks intercept data between two communicating parties to eavesdrop or alter the data.
What is a common method used to detect malware on a system?
A) Port scanning
B) Signature-based detection
C) Password cracking
D) Packet filtering
Answer: B) Signature-based detection
Explanation: Antivirus software often uses signature databases to identify known malware patterns.
Which security model focuses on enforcing strict access controls to protect data confidentiality?
A) Bell-LaPadula Model
B) Clark-Wilson Model
C) Biba Model
D) Brewer and Nash Model
Answer: A) Bell-LaPadula Model
Explanation: The Bell-LaPadula model enforces confidentiality by preventing information flow from high to low security levels.
What is the function of an Access Control List (ACL) in network security?
A) Encrypt data in transit
B) Define rules to permit or deny traffic on a router or firewall
C) Detect malware signatures
D) Provide user authentication
Answer: B) Define rules to permit or deny traffic on a router or firewall
Explanation: ACLs filter network traffic by allowing or blocking packets based on criteria such as IP address, port number, or protocol.
Which security principle ensures that data cannot be altered by unauthorized users?
A) Confidentiality
B) Integrity
C) Availability
D) Authentication
Answer: B) Integrity
Explanation: Integrity protects information from unauthorized modification to ensure its accuracy and reliability.
What kind of cyber attack involves flooding a target with traffic from multiple sources?
A) Man-in-the-middle
B) Distributed Denial of Service (DDoS)
C) Spoofing
D) Social Engineering
Answer: B) Distributed Denial of Service (DDoS)
Explanation: DDoS attacks use many compromised systems to overwhelm a target, making services unavailable.
Which of the following is NOT an example of malware?
A) Virus
B) Worm
C) Botnet
D) Firewall
Answer: D) Firewall
Explanation: A firewall is a security device, whereas viruses, worms, and botnets are types of malicious software.
What does the term “least privilege” mean in cybersecurity?
A) Users have the minimum access necessary to perform their job functions
B) Users have administrative rights by default
C) All users share the same access rights
D) Users have full access to the network
Answer: A) Users have the minimum access necessary to perform their job functions
Explanation: The principle of least privilege limits users’ access to only what is required, reducing risk.
What is the primary difference between symmetric and asymmetric encryption?
A) Symmetric uses one key; asymmetric uses two keys
B) Symmetric is slower than asymmetric
C) Asymmetric uses one key; symmetric uses two keys
D) Both use identical methods
Answer: A) Symmetric uses one key; asymmetric uses two keys
Explanation: Symmetric encryption uses the same key for encryption and decryption; asymmetric uses a public/private key pair.
What type of attack exploits a buffer overflow vulnerability?
A) Cross-site scripting
B) Denial of Service
C) Arbitrary code execution
D) Phishing
Answer: C) Arbitrary code execution
Explanation: Buffer overflow can allow attackers to run malicious code by overwriting memory.
Which tool is commonly used for packet sniffing on a network?
A) Wireshark
B) Nmap
C) Metasploit
D) Nessus
Answer: A) Wireshark
Explanation: Wireshark captures and analyzes network packets in detail for troubleshooting and security analysis.
What is the purpose of Network Address Translation (NAT)?
A) To encrypt data
B) To hide internal IP addresses and map them to a public IP
C) To scan for vulnerabilities
D) To assign MAC addresses
Answer: B) To hide internal IP addresses and map them to a public IP
Explanation: NAT allows multiple devices to share a single public IP, providing security and conserving IP addresses.
What is the purpose of a digital certificate?
A) To scan for malware
B) To verify the identity of a website or user
C) To block unauthorized IP addresses
D) To encrypt emails
Answer: B) To verify the identity of a website or user
Explanation: Digital certificates are issued by certificate authorities to authenticate identities in secure communications.
What type of malware is designed to appear as legitimate software but performs malicious activities?
A) Virus
B) Trojan horse
C) Worm
D) Ransomware
Answer: B) Trojan horse
Explanation: Trojans disguise themselves as benign software but carry harmful payloads.
What is a primary benefit of network segmentation?
A) Increased bandwidth
B) Improved security by limiting access within network zones
C) Faster software updates
D) Simplified IP addressing
Answer: B) Improved security by limiting access within network zones
Explanation: Segmenting networks restricts attacker movement and limits exposure of critical assets.
What is the purpose of an incident response plan?
A) To prevent all attacks
B) To guide the organization’s actions during and after a security incident
C) To backup data automatically
D) To configure firewalls
Answer: B) To guide the organization’s actions during and after a security incident
Explanation: Incident response plans outline steps to detect, contain, eradicate, and recover from security events.
Which of the following is a characteristic of Advanced Persistent Threats (APTs)?
A) Short-lived, opportunistic attacks
B) Long-term, targeted cyber espionage campaigns
C) Accidental data breaches
D) Malware that spreads via USB drives
Answer: B) Long-term, targeted cyber espionage campaigns
Explanation: APTs are sophisticated, prolonged attacks often backed by nation-states or organized groups.
What does DNS stand for and what is its primary function?
A) Domain Name System; translates domain names to IP addresses
B) Dynamic Network Security; encrypts network traffic
C) Data Network Service; manages network connections
D) Domain Name Security; blocks phishing sites
Answer: A) Domain Name System; translates domain names to IP addresses
Explanation: DNS resolves human-readable domain names to machine-readable IP addresses.
What does a port scanner do?
A) Detects open ports and services on a network device
B) Encrypts traffic
C) Blocks unauthorized devices
D) Manages firewall rules
Answer: A) Detects open ports and services on a network device
Explanation: Port scanners help identify vulnerabilities by revealing open ports.
What is a honeynet?
A) A network of honeypots designed to trap attackers
B) A high-security wireless network
C) A type of firewall
D) An encrypted VPN connection
Answer: A) A network of honeypots designed to trap attackers
Explanation: A honeynet consists of multiple honeypots to study attacker behavior across systems.
What is the purpose of hashing in cybersecurity?
A) Encrypting data
B) Generating a unique fixed-size output from input data to verify integrity
C) Compressing files
D) Managing user accounts
Answer: B) Generating a unique fixed-size output from input data to verify integrity
Explanation: Hash functions produce a unique digest to check data integrity and detect tampering.
Which of the following best describes a vulnerability scanner?
A) A tool to monitor network traffic
B) A tool to identify weaknesses in systems or applications
C) A tool to block incoming attacks
D) A tool for encrypting emails
Answer: B) A tool to identify weaknesses in systems or applications
Explanation: Vulnerability scanners assess systems for known security flaws.
What is the main advantage of using Public Key Infrastructure (PKI)?
A) It allows secure key distribution and authentication over unsecured networks
B) It compresses network traffic
C) It detects malware
D) It speeds up data transmission
Answer: A) It allows secure key distribution and authentication over unsecured networks
Explanation: PKI manages digital certificates and keys to establish trust and secure communications.
What is cross-site scripting (XSS)?
A) Injecting malicious scripts into trusted websites to execute on users’ browsers
B) Overloading a server with traffic
C) Manipulating database queries
D) Sniffing network packets
Answer: A) Injecting malicious scripts into trusted websites to execute on users’ browsers
Explanation: XSS attacks compromise user sessions or redirect users by injecting scripts into web pages.
What is the primary difference between a virus and a worm?
A) Viruses require user action to spread; worms spread autonomously
B) Worms require user action; viruses spread autonomously
C) Both spread the same way
D) Viruses are legal software
Answer: A) Viruses require user action to spread; worms spread autonomously
Explanation: Worms self-replicate and spread independently, whereas viruses need to attach to files or programs.
What is the purpose of multifactor authentication (MFA)?
A) To use multiple passwords simultaneously
B) To require two or more verification factors for user authentication
C) To encrypt user credentials
D) To simplify login processes
Answer: B) To require two or more verification factors for user authentication
Explanation: MFA combines something you know (password), something you have (token), or something you are (biometrics).
Which of the following is a common method to protect data at rest?
A) TLS encryption
B) Hashing
C) Disk encryption
D) SSL certificates
Answer: C) Disk encryption
Explanation: Disk encryption protects stored data by encrypting the entire disk or storage volume.
What is spear phishing?
A) Random phishing emails sent to many users
B) Targeted phishing attack against a specific individual or organization
C) Physical theft of devices
D) Automated malware infection
Answer: B) Targeted phishing attack against a specific individual or organization
Explanation: Spear phishing customizes messages to deceive specific targets more effectively.
What is an example of a physical security control?
A) Firewall
B) Biometric access systems
C) Encryption
D) Antivirus software
Answer: B) Biometric access systems
Explanation: Physical controls restrict access to facilities or devices via locks, biometrics, or guards.
What is a common use of port 22?
A) HTTP
B) FTP
C) SSH
D) DNS
Answer: C) SSH
Explanation: Port 22 is the default port for Secure Shell (SSH), used for secure remote administration.
What is the main goal of data loss prevention (DLP) solutions?
A) To prevent malware infections
B) To detect and prevent unauthorized data transfer or leakage
C) To monitor network traffic
D) To backup critical files
Answer: B) To detect and prevent unauthorized data transfer or leakage
Explanation: DLP solutions enforce policies to protect sensitive data from leaving the organization.
What does a rootkit do?
A) Encrypts files for ransom
B) Provides privileged access while hiding its presence
C) Scans for vulnerabilities
D) Prevents malware infections
Answer: B) Provides privileged access while hiding its presence
Explanation: Rootkits hide malware and unauthorized processes to maintain stealth control of a system.
Which cybersecurity framework is widely used to guide organizations in managing cybersecurity risk?
A) COBIT
B) ISO 27001
C) NIST Cybersecurity Framework
D) ITIL
Answer: C) NIST Cybersecurity Framework
Explanation: The NIST framework provides guidelines for identifying, protecting, detecting, responding, and recovering from cyber incidents.
Which protocol is used to securely transfer files over a network?
A) FTP
B) HTTP
C) SFTP
D) SMTP
Answer: C) SFTP
Explanation: SFTP (SSH File Transfer Protocol) encrypts both commands and data, providing secure file transfer over a network.
What is the primary purpose of a Security Information and Event Management (SIEM) system?
A) To block unauthorized IP addresses
B) To aggregate and analyze security logs from multiple sources
C) To encrypt network traffic
D) To perform vulnerability scanning
Answer: B) To aggregate and analyze security logs from multiple sources
Explanation: SIEM collects and correlates log data to detect suspicious activities and provide alerts.
What type of malware encrypts files and demands payment for the decryption key?
A) Worm
B) Trojan horse
C) Ransomware
D) Spyware
Answer: C) Ransomware
Explanation: Ransomware locks or encrypts victim data and extorts payment for restoring access.
Which of the following best describes a zero-day vulnerability?
A) A vulnerability that has been patched immediately
B) A vulnerability that is publicly known and easily exploited
C) A previously unknown vulnerability exploited before a fix is available
D) A vulnerability caused by user error
Answer: C) A previously unknown vulnerability exploited before a fix is available
Explanation: Zero-day vulnerabilities are unknown to vendors and pose a high risk due to lack of patches.
What is the main goal of penetration testing?
A) To develop new software
B) To identify and exploit vulnerabilities in systems to improve security
C) To monitor network traffic
D) To create backups of data
Answer: B) To identify and exploit vulnerabilities in systems to improve security
Explanation: Penetration testing simulates attacks to uncover security weaknesses before attackers do.
Which of the following is NOT a typical function of a firewall?
A) Packet filtering
B) Intrusion prevention
C) Data encryption
D) Traffic monitoring
Answer: C) Data encryption
Explanation: Firewalls control traffic but do not perform data encryption.
What is the role of the CIA triad in cybersecurity?
A) To identify network devices
B) To provide three core security objectives: Confidentiality, Integrity, and Availability
C) To classify malware types
D) To design firewalls
Answer: B) To provide three core security objectives: Confidentiality, Integrity, and Availability
Explanation: The CIA triad forms the foundation of information security principles.
What does the term “phishing” refer to?
A) Sending malware through emails
B) Attempting to acquire sensitive information by masquerading as a trustworthy entity
C) Exploiting software bugs
D) Intercepting network traffic
Answer: B) Attempting to acquire sensitive information by masquerading as a trustworthy entity
Explanation: Phishing tricks users into divulging passwords or financial info via fake communications.
What is the main function of the TCP/IP model’s Transport layer?
A) To provide end-to-end communication and error checking
B) To route packets between networks
C) To handle physical transmission of bits
D) To establish IP addresses
Answer: A) To provide end-to-end communication and error checking
Explanation: The Transport layer manages connection reliability and flow control between hosts.
What is the difference between IDS and IPS?
A) IDS blocks attacks; IPS only detects them
B) IDS detects attacks; IPS detects and prevents/block attacks
C) IDS encrypts data; IPS decrypts data
D) IDS is hardware; IPS is software
Answer: B) IDS detects attacks; IPS detects and prevents/block attacks
Explanation: IDS alerts on suspicious activity; IPS actively blocks threats.
Which of the following is an example of social engineering?
A) Brute force attack
B) Phishing email
C) Port scanning
D) SQL injection
Answer: B) Phishing email
Explanation: Social engineering manipulates people into revealing confidential information.
What is the purpose of the protocol SSL/TLS?
A) To encrypt network traffic and provide secure communication
B) To scan for vulnerabilities
C) To detect malware
D) To perform authentication
Answer: A) To encrypt network traffic and provide secure communication
Explanation: SSL/TLS secure data exchanged over networks, such as HTTPS.
What does MAC address filtering do in a wireless network?
A) Encrypts traffic between devices
B) Allows or blocks devices based on their hardware MAC addresses
C) Changes device IP addresses
D) Monitors network traffic
Answer: B) Allows or blocks devices based on their hardware MAC addresses
Explanation: MAC filtering restricts network access to specific devices by their unique MAC addresses.
Which type of attack manipulates data packets to redirect traffic through the attacker’s machine?
A) DNS spoofing
B) ARP spoofing
C) Phishing
D) Ransomware
Answer: B) ARP spoofing
Explanation: ARP spoofing poisons the network’s address resolution protocol to intercept traffic.
What is the key characteristic of a worm?
A) Requires user interaction to spread
B) Self-replicates and spreads without user action
C) Only attacks websites
D) Is a type of firewall
Answer: B) Self-replicates and spreads without user action
Explanation: Worms propagate autonomously across networks.
What does the term “brute force attack” mean?
A) Exploiting a software bug
B) Trying all possible password combinations until the correct one is found
C) Sending phishing emails
D) Redirecting network traffic
Answer: B) Trying all possible password combinations until the correct one is found
Explanation: Brute force attacks automate password guessing by exhaustive trial.
What is a Digital Signature used for?
A) Encrypt data for confidentiality
B) Verify the authenticity and integrity of a message or document
C) Prevent phishing
D) Authenticate users with biometrics
Answer: B) Verify the authenticity and integrity of a message or document
Explanation: Digital signatures use cryptographic methods to confirm origin and data integrity.
What is a botnet?
A) A network of compromised computers controlled remotely by an attacker
B) A type of firewall
C) A security scanning tool
D) A software patch
Answer: A) A network of compromised computers controlled remotely by an attacker
Explanation: Botnets are used for launching attacks such as DDoS.
Which cybersecurity model enforces strict control over user access based on security labels?
A) Bell-LaPadula Model
B) Clark-Wilson Model
C) Biba Model
D) NIST Framework
Answer: A) Bell-LaPadula Model
Explanation: Bell-LaPadula focuses on data confidentiality by controlling read/write access via labels.
What is a common way attackers use to escalate privileges after gaining access?
A) Social engineering
B) Exploiting software vulnerabilities to gain higher access rights
C) Phishing
D) Sniffing passwords
Answer: B) Exploiting software vulnerabilities to gain higher access rights
Explanation: Privilege escalation exploits flaws to move from low-level to administrative control.
What is the main purpose of patch management?
A) To monitor network traffic
B) To update software to fix vulnerabilities and bugs
C) To encrypt data
D) To perform backups
Answer: B) To update software to fix vulnerabilities and bugs
Explanation: Patch management keeps systems secure by applying updates promptly.
What is the primary use of a VPN?
A) To create a secure, encrypted connection over a public network
B) To scan for malware
C) To block unauthorized websites
D) To provide email services
Answer: A) To create a secure, encrypted connection over a public network
Explanation: VPNs protect data confidentiality when using public or untrusted networks.
What is the difference between white-hat and black-hat hackers?
A) White-hat hackers work legally to improve security; black-hat hackers perform malicious activities
B) Both perform malicious activities
C) White-hat hackers are criminals; black-hat are security experts
D) No difference
Answer: A) White-hat hackers work legally to improve security; black-hat hackers perform malicious activities
Explanation: White-hats are ethical hackers; black-hats are attackers.
Which of the following is an example of multi-factor authentication?
A) Password only
B) Password plus fingerprint scan
C) Username only
D) Password plus CAPTCHA
Answer: B) Password plus fingerprint scan
Explanation: MFA requires two or more different authentication factors.
What is a common use of port 443?
A) HTTP
B) FTP
C) HTTPS (secure web traffic)
D) SMTP
Answer: C) HTTPS (secure web traffic)
Explanation: Port 443 is the default port for HTTPS, securing web communication.
What is a “man-in-the-middle” attack?
A) Intercepting and possibly altering communication between two parties without their knowledge
B) Sending phishing emails
C) Exploiting buffer overflow
D) Scanning open ports
Answer: A) Intercepting and possibly altering communication between two parties without their knowledge
Explanation: MITM attackers eavesdrop or modify data in transit.
What is the purpose of a honeypot in cybersecurity?
A) To trap and analyze attackers by simulating vulnerable systems
B) To block unauthorized users
C) To encrypt data
D) To scan for malware
Answer: A) To trap and analyze attackers by simulating vulnerable systems
Explanation: Honeypots are decoy systems designed to detect and study attacks.
What does the term “payload” refer to in malware?
A) The delivery mechanism for malware
B) The actual malicious code or action performed by malware
C) The security patch
D) A firewall rule
Answer: B) The actual malicious code or action performed by malware
Explanation: Payload is the part of malware causing damage or malicious effects.
Which type of attack involves intercepting data traveling between two systems to steal or alter information?
A) Spoofing
B) Eavesdropping or sniffing
C) SQL injection
D) Phishing
Answer: B) Eavesdropping or sniffing
Explanation: Attackers capture unencrypted data in transit to gather sensitive information.
What is the main benefit of network segmentation in cybersecurity?
A) Increasing internet speed
B) Limiting attack scope by isolating network zones
C) Simplifying IP addressing
D) Reducing the number of devices
Answer: B) Limiting attack scope by isolating network zones
Explanation: Segmentation confines breaches and reduces lateral movement.
What type of cybersecurity control is a firewall?
A) Detective
B) Corrective
C) Preventive
D) Recovery
Answer: C) Preventive
Explanation: Firewalls prevent unauthorized access by filtering network traffic.
Which of the following is NOT a characteristic of a Trojan horse?
A) It masquerades as legitimate software
B) It self-replicates and spreads without user action
C) It can create backdoors for attackers
D) It requires user interaction to execute
Answer: B) It self-replicates and spreads without user action
Explanation: Unlike worms, Trojans require user interaction to run.
What does the acronym DLP stand for in cybersecurity?
A) Data Loss Prevention
B) Digital Line Protocol
C) Direct Link Protection
D) Data Level Processing
Answer: A) Data Loss Prevention
Explanation: DLP systems monitor and control data transfer to prevent leaks.
Which Cisco device is commonly used to segment networks and control traffic between VLANs?
A) Router
B) Switch
C) Firewall
D) Access Point
Answer: A) Router
Explanation: Routers forward traffic between VLANs, allowing inter-VLAN routing.
Which of the following attacks targets DNS infrastructure to redirect users to malicious websites?
A) DNS poisoning
B) ARP spoofing
C) Man-in-the-middle
D) SQL injection
Answer: A) DNS poisoning
Explanation: DNS poisoning corrupts DNS cache to redirect requests to malicious sites.
What is the main purpose of a DMZ (Demilitarized Zone) in network security?
A) To provide a buffer zone between internal and external networks
B) To encrypt internal traffic
C) To store backup data
D) To scan for malware
Answer: A) To provide a buffer zone between internal and external networks
Explanation: DMZ hosts public-facing services while isolating internal networks.
What is the key benefit of asymmetric encryption compared to symmetric encryption?
A) It uses the same key for encryption and decryption
B) It is faster than symmetric encryption
C) It uses a public and private key pair, enhancing security for key distribution
D) It only encrypts data, not decrypt
Answer: C) It uses a public and private key pair, enhancing security for key distribution
Explanation: Asymmetric encryption solves the key distribution problem inherent in symmetric methods.
Which Cisco security technology inspects traffic for threats in real-time and blocks malicious activity?
A) IDS
B) IPS
C) VPN
D) Proxy server
Answer: B) IPS
Explanation: An Intrusion Prevention System actively blocks detected threats.
Which layer of the OSI model is responsible for establishing, managing, and terminating sessions?
A) Presentation
B) Session
C) Network
D) Transport
Answer: B) Session
Explanation: The Session layer controls dialogues and connections between devices.
What type of attack involves overwhelming a system with traffic to make it unavailable?
A) Brute force
B) Denial of Service (DoS)
C) Phishing
D) Spoofing
Answer: B) Denial of Service (DoS)
Explanation: DoS attacks disrupt service by flooding systems with excessive traffic.
What Cisco technology uses cryptographic keys and certificates to authenticate devices?
A) TACACS+
B) RADIUS
C) PKI (Public Key Infrastructure)
D) DHCP
Answer: C) PKI (Public Key Infrastructure)
Explanation: PKI uses digital certificates for authentication and secure communication.
What is the primary goal of endpoint security?
A) To secure mobile devices only
B) To protect individual devices from threats and unauthorized access
C) To manage network switches
D) To monitor network bandwidth
Answer: B) To protect individual devices from threats and unauthorized access
Explanation: Endpoint security protects desktops, laptops, and mobile devices.
Which attack exploits vulnerabilities in software code to execute arbitrary code on a system?
A) Buffer overflow
B) DNS spoofing
C) ARP spoofing
D) Phishing
Answer: A) Buffer overflow
Explanation: Buffer overflows overwrite memory, allowing attackers to run malicious code.
What is the function of a proxy server in cybersecurity?
A) To provide anonymity by masking user IP addresses
B) To scan for malware
C) To encrypt data
D) To prevent unauthorized login attempts
Answer: A) To provide anonymity by masking user IP addresses
Explanation: Proxy servers act as intermediaries, hiding client IPs and filtering requests.
What is the meaning of “least privilege” in access control?
A) Users are given full administrative access
B) Users are granted the minimum level of access necessary to perform their tasks
C) Users share passwords to access resources
D) Users have unlimited access to all systems
Answer: B) Users are granted the minimum level of access necessary to perform their tasks
Explanation: This principle limits damage if credentials are compromised.
Which cybersecurity framework is widely used for managing and reducing cybersecurity risk?
A) ISO 9001
B) NIST Cybersecurity Framework
C) ITIL
D) COBIT
Answer: B) NIST Cybersecurity Framework
Explanation: NIST provides guidelines for risk management and security controls.
What type of attack involves injecting malicious SQL code into input fields?
A) Cross-site scripting (XSS)
B) SQL injection
C) Phishing
D) Buffer overflow
Answer: B) SQL injection
Explanation: Attackers manipulate input to execute unauthorized SQL commands on databases.
Which Cisco technology provides identity management and centralized authentication for network devices?
A) TACACS+
B) FTP
C) SNMP
D) HTTP
Answer: A) TACACS+
Explanation: TACACS+ provides secure authentication, authorization, and accounting services.
What is a primary goal of threat intelligence?
A) To encrypt data traffic
B) To identify, understand, and mitigate emerging threats
C) To backup data
D) To monitor bandwidth usage
Answer: B) To identify, understand, and mitigate emerging threats
Explanation: Threat intelligence helps organizations prepare for and respond to attacks.
Which Cisco tool allows network administrators to simulate attacks and test defenses?
A) Cisco Packet Tracer
B) Cisco AMP for Endpoints
C) Cisco Threat Grid
D) Cisco Penetration Testing Toolkit
Answer: A) Cisco Packet Tracer
Explanation: Packet Tracer simulates networks but does not directly test security like penetration tools.
What is the function of NAT (Network Address Translation) in security?
A) To encrypt traffic
B) To hide internal IP addresses from external networks
C) To scan for malware
D) To authenticate users
Answer: B) To hide internal IP addresses from external networks
Explanation: NAT masks private IPs, helping prevent direct attacks on internal devices.
What kind of cybersecurity policy defines acceptable use of company resources?
A) Incident response policy
B) Acceptable Use Policy (AUP)
C) Password policy
D) Backup policy
Answer: B) Acceptable Use Policy (AUP)
Explanation: AUP outlines rules on how employees may use organizational IT assets.
Which type of attack exploits vulnerabilities in browsers by injecting malicious scripts?
A) SQL injection
B) Cross-site scripting (XSS)
C) ARP poisoning
D) Phishing
Answer: B) Cross-site scripting (XSS)
Explanation: XSS injects malicious client-side scripts into web pages viewed by other users.
Which security principle ensures data is not altered without authorization?
A) Confidentiality
B) Integrity
C) Availability
D) Accountability
Answer: B) Integrity
Explanation: Integrity ensures data remains accurate and unmodified by unauthorized users.
Which Cisco solution focuses on endpoint detection and response?
A) Cisco AMP (Advanced Malware Protection)
B) Cisco Umbrella
C) Cisco AnyConnect
D) Cisco Webex
Answer: A) Cisco AMP (Advanced Malware Protection)
Explanation: Cisco AMP provides endpoint malware detection and response capabilities.
Which protocol is commonly used to securely transfer files over a network?
A) FTP
B) HTTP
C) SFTP
D) Telnet
Answer: C) SFTP
Explanation: SFTP (Secure File Transfer Protocol) encrypts data during transfer, unlike FTP.
What is the primary purpose of a honeypot in cybersecurity?
A) To accelerate network traffic
B) To trap and analyze attackers’ behavior
C) To block malware
D) To encrypt user data
Answer: B) To trap and analyze attackers’ behavior
Explanation: Honeypots mimic vulnerable systems to detect and study attacks.
Which Cisco security feature enables remote users to securely connect to a network?
A) VLAN
B) VPN
C) DHCP
D) NAT
Answer: B) VPN
Explanation: VPN (Virtual Private Network) creates encrypted tunnels for secure remote access.
What does the CIA triad stand for in cybersecurity?
A) Confidentiality, Integrity, Availability
B) Control, Identify, Authenticate
C) Cryptography, Intrusion, Access
D) Compliance, Inspection, Authorization
Answer: A) Confidentiality, Integrity, Availability
Explanation: CIA triad is the foundation of information security principles.
What is a zero-day vulnerability?
A) A vulnerability that has been patched
B) A known vulnerability with a public fix
C) A previously unknown vulnerability exploited before a fix is available
D) A vulnerability in zero-configuration networks
Answer: C) A previously unknown vulnerability exploited before a fix is available
Explanation: Zero-day exploits target unknown flaws before developers can patch them.
Which Cisco tool helps monitor and manage network devices using SNMP?
A) Cisco Prime
B) Cisco Umbrella
C) Cisco Talos
D) Cisco AnyConnect
Answer: A) Cisco Prime
Explanation: Cisco Prime provides network management and monitoring capabilities via SNMP.
What is social engineering?
A) Using technology to break encryption
B) Manipulating people to disclose confidential information
C) Infecting systems with malware
D) Scanning networks for vulnerabilities
Answer: B) Manipulating people to disclose confidential information
Explanation: Social engineering exploits human psychology rather than technical vulnerabilities.
Which port number does HTTPS typically use?
A) 21
B) 80
C) 443
D) 25
Answer: C) 443
Explanation: HTTPS encrypts web traffic and uses TCP port 443 by default.
What is the purpose of a digital signature?
A) To encrypt data
B) To verify the authenticity and integrity of a message or document
C) To anonymize the sender
D) To block unauthorized access
Answer: B) To verify the authenticity and integrity of a message or document
Explanation: Digital signatures prove origin and ensure the content was not altered.
What type of cybersecurity attack involves intercepting communication between two parties?
A) Man-in-the-middle
B) Denial of Service
C) Phishing
D) Brute force
Answer: A) Man-in-the-middle
Explanation: Attackers eavesdrop or alter communications between two victims.
Which Cisco technology provides cloud-delivered security services including DNS-layer security?
A) Cisco Umbrella
B) Cisco ASA
C) Cisco Firepower
D) Cisco ISE
Answer: A) Cisco Umbrella
Explanation: Umbrella protects devices from malicious domains using cloud DNS filtering.
What is a common sign of a phishing email?
A) Personalized greetings
B) Requests for sensitive information or urgent action
C) Official company email address
D) Well-structured and error-free content
Answer: B) Requests for sensitive information or urgent action
Explanation: Phishing emails use urgency to trick users into revealing credentials or clicking malicious links.
What type of malware encrypts a victim’s files and demands payment for the decryption key?
A) Virus
B) Ransomware
C) Worm
D) Spyware
Answer: B) Ransomware
Explanation: Ransomware holds data hostage until a ransom is paid.
What security feature uses multiple factors to verify a user’s identity?
A) Single sign-on
B) Multi-factor authentication (MFA)
C) VPN
D) Encryption
Answer: B) Multi-factor authentication (MFA)
Explanation: MFA requires two or more verification methods for stronger security.
Which type of attack floods a network or server with excessive requests to disrupt service?
A) Phishing
B) Denial of Service (DoS)
C) SQL injection
D) Cross-site scripting
Answer: B) Denial of Service (DoS)
Explanation: DoS attacks overwhelm resources, causing service disruption.
What is the role of a Security Information and Event Management (SIEM) system?
A) To manage encryption keys
B) To collect, analyze, and correlate security event data from various sources
C) To scan for malware on endpoints
D) To filter web traffic
Answer: B) To collect, analyze, and correlate security event data from various sources
Explanation: SIEMs provide real-time analysis of security alerts.
Which Cisco solution helps secure wireless networks?
A) Cisco WLC (Wireless LAN Controller)
B) Cisco AMP
C) Cisco Umbrella
D) Cisco ASA
Answer: A) Cisco WLC (Wireless LAN Controller)
Explanation: WLCs manage and secure wireless access points in enterprise networks.
What is a characteristic of a botnet?
A) A single infected device
B) A network of compromised devices controlled by an attacker
C) Software to protect against viruses
D) A firewall configuration
Answer: B) A network of compromised devices controlled by an attacker
Explanation: Botnets launch coordinated attacks like DDoS.
What is a key benefit of network segmentation?
A) It increases network speed
B) It isolates sensitive data and limits attack spread
C) It removes the need for firewalls
D) It encrypts all traffic
Answer: B) It isolates sensitive data and limits attack spread
Explanation: Segmentation confines breaches to smaller parts of the network.
Which Cisco technology provides centralized access control and identity management?
A) Cisco ISE (Identity Services Engine)
B) Cisco AMP
C) Cisco Umbrella
D) Cisco ASA
Answer: A) Cisco ISE (Identity Services Engine)
Explanation: Cisco ISE enforces policies and authenticates devices/users on networks.
What is the difference between a vulnerability and an exploit?
A) Vulnerability is the weakness; exploit is the attack leveraging it
B) Exploit is a weakness; vulnerability is the tool to attack
C) Both are the same
D) Neither is related to cybersecurity
Answer: A) Vulnerability is the weakness; exploit is the attack leveraging it
Explanation: Exploits take advantage of vulnerabilities to compromise systems.
What is the main function of two-factor authentication (2FA)?
A) To replace passwords
B) To require two different types of credentials for access
C) To encrypt data
D) To backup user data
Answer: B) To require two different types of credentials for access
Explanation: 2FA adds an extra security layer beyond passwords.
What Cisco tool is designed to provide malware sandboxing for advanced threat detection?
A) Cisco Threat Grid
B) Cisco AMP
C) Cisco AnyConnect
D) Cisco Umbrella
Answer: A) Cisco Threat Grid
Explanation: Threat Grid analyzes suspicious files in a sandbox environment.
What is the primary goal of patch management?
A) To create backups
B) To fix software vulnerabilities by updating software
C) To encrypt files
D) To monitor network traffic
Answer: B) To fix software vulnerabilities by updating software
Explanation: Timely patching helps prevent exploits of known vulnerabilities.
Which of the following is a common use of the ping command in network security?
A) To encrypt data
B) To test network connectivity and reachability
C) To scan for malware
D) To perform penetration testing
Answer: B) To test network connectivity and reachability
Explanation: Ping sends ICMP echo requests to check if a host is reachable.
What is the main advantage of asymmetric encryption over symmetric encryption?
A) Faster encryption and decryption
B) Uses the same key for encryption and decryption
C) Uses a pair of keys (public and private) for secure communication
D) Cannot be used for digital signatures
Answer: C) Uses a pair of keys (public and private) for secure communication
Explanation: Asymmetric encryption uses two keys, enhancing security by not requiring the sharing of a private key.
Which Cisco solution is primarily used for endpoint protection?
A) Cisco AMP (Advanced Malware Protection)
B) Cisco Umbrella
C) Cisco ASA
D) Cisco ISE
Answer: A) Cisco AMP (Advanced Malware Protection)
Explanation: Cisco AMP provides malware detection and remediation on endpoints.
Which layer of the OSI model is responsible for routing packets?
A) Physical
B) Network
C) Data Link
D) Transport
Answer: B) Network
Explanation: The Network layer (Layer 3) manages packet routing across different networks.
What does a firewall primarily do in network security?
A) Encrypts all outgoing data
B) Monitors and controls incoming and outgoing network traffic based on security rules
C) Scans for viruses on endpoints
D) Provides VPN access
Answer: B) Monitors and controls incoming and outgoing network traffic based on security rules
Explanation: Firewalls enforce security policies by filtering traffic.
Which of the following is an example of multi-factor authentication?
A) Password only
B) Password and fingerprint scan
C) Username only
D) Email address and phone number
Answer: B) Password and fingerprint scan
Explanation: MFA requires at least two different types of credentials: something you know (password) and something you are (fingerprint).
What is an IDS (Intrusion Detection System)?
A) A device that blocks unauthorized access
B) A system that monitors network traffic for suspicious activity and alerts administrators
C) A system for encrypting sensitive data
D) A system that replaces antivirus software
Answer: B) A system that monitors network traffic for suspicious activity and alerts administrators
Explanation: IDS detects potential security breaches and notifies administrators.
What is the purpose of network address translation (NAT)?
A) To encrypt network packets
B) To hide internal IP addresses from the external network
C) To scan networks for vulnerabilities
D) To connect wireless devices
Answer: B) To hide internal IP addresses from the external network
Explanation: NAT translates private IPs to public IPs to protect internal network structure.
What is a primary characteristic of a worm malware?
A) Requires user interaction to spread
B) Self-replicates and spreads independently across networks
C) Encrypts files and demands ransom
D) Steals user credentials silently
Answer: B) Self-replicates and spreads independently across networks
Explanation: Worms propagate without needing user intervention.
What is the main objective of a vulnerability assessment?
A) To launch cyberattacks
B) To identify security weaknesses in systems or networks
C) To monitor network traffic in real time
D) To encrypt sensitive data
Answer: B) To identify security weaknesses in systems or networks
Explanation: Vulnerability assessments find flaws to prioritize remediation.
What type of cyberattack involves injecting malicious code into a web application to manipulate database queries?
A) Cross-site scripting (XSS)
B) Denial of Service (DoS)
C) SQL Injection
D) Man-in-the-middle
Answer: C) SQL Injection
Explanation: SQL injection targets databases by inserting malicious queries.
Which Cisco technology is used to create segmented virtual networks within a physical LAN?
A) VLAN
B) VPN
C) NAT
D) ACL
Answer: A) VLAN
Explanation: VLANs segment networks logically to improve security and efficiency.
What does a digital certificate primarily provide?
A) Network speed optimization
B) Authentication of the identity of entities in a network
C) Encryption of all network traffic
D) Data backup
Answer: B) Authentication of the identity of entities in a network
Explanation: Digital certificates verify identity using Public Key Infrastructure (PKI).
What is a common tool used for packet analysis?
A) Wireshark
B) Cisco ASA
C) VPN client
D) Firewall
Answer: A) Wireshark
Explanation: Wireshark captures and analyzes network traffic packets.
Which attack exploits human error by convincing victims to reveal confidential information?
A) Phishing
B) Brute force
C) Man-in-the-middle
D) Malware
Answer: A) Phishing
Explanation: Phishing attacks use deceptive emails or messages to trick users.
What is the function of a demilitarized zone (DMZ) in network architecture?
A) Encrypt internal data
B) Separate a network segment for external-facing services to isolate from internal networks
C) Control internal access policies
D) Monitor user activities
Answer: B) Separate a network segment for external-facing services to isolate from internal networks
Explanation: DMZ provides an extra security layer between untrusted and trusted networks.
What Cisco device typically acts as a network perimeter defense?
A) Switch
B) Router
C) Firewall (e.g., Cisco ASA)
D) Access point
Answer: C) Firewall (e.g., Cisco ASA)
Explanation: Firewalls inspect and filter traffic at network boundaries.
What is the primary role of encryption in cybersecurity?
A) Speed up network communication
B) Convert data into a coded form to prevent unauthorized access
C) Identify network devices
D) Detect malware
Answer: B) Convert data into a coded form to prevent unauthorized access
Explanation: Encryption ensures confidentiality of data during storage or transmission.
What is spear phishing?
A) A broad, random phishing attack
B) A targeted phishing attack aimed at a specific individual or organization
C) An attack on hardware devices
D) A virus that spreads via email
Answer: B) A targeted phishing attack aimed at a specific individual or organization
Explanation: Spear phishing customizes messages for specific victims for higher success.
What does the acronym SSL stand for?
A) Secure Socket Layer
B) Secure System Login
C) Simple Secure Login
D) System Security Layer
Answer: A) Secure Socket Layer
Explanation: SSL secures communications over the internet, replaced now mostly by TLS.
What is the function of an Access Control List (ACL) in a Cisco device?
A) To encrypt data packets
B) To filter network traffic based on defined rules
C) To monitor user behavior
D) To scan for malware
Answer: B) To filter network traffic based on defined rules
Explanation: ACLs allow or deny traffic based on IP addresses, ports, or protocols.
What does the term “sandboxing” refer to in cybersecurity?
A) Encrypting data for transmission
B) Isolating suspicious programs to analyze behavior safely
C) Blocking malicious websites
D) Creating backups
Answer: B) Isolating suspicious programs to analyze behavior safely
Explanation: Sandboxing runs unknown code in a controlled environment to prevent damage.
What kind of attack does a Distributed Denial of Service (DDoS) represent?
A) An attack using multiple compromised systems to overwhelm a target
B) A malware infection on a single device
C) A phishing scam targeting executives
D) An exploit of software vulnerabilities
Answer: A) An attack using multiple compromised systems to overwhelm a target
Explanation: DDoS attacks come from multiple sources to maximize disruption.
What Cisco protocol is commonly used for secure remote login?
A) FTP
B) Telnet
C) SSH
D) HTTP
Answer: C) SSH
Explanation: SSH encrypts login sessions to protect credentials and data.
What is the primary purpose of network segmentation in cybersecurity?
A) To speed up internet connections
B) To divide the network into smaller zones to reduce attack surface and improve control
C) To provide free access to all users
D) To disable firewalls
Answer: B) To divide the network into smaller zones to reduce attack surface and improve control
Explanation: Segmentation limits attackers’ lateral movement within networks.
What is a common indicator of compromise (IOC) in cybersecurity?
A) A new software installation
B) Unusual outbound network traffic or unauthorized access attempts
C) User login
D) Regular software updates
Answer: B) Unusual outbound network traffic or unauthorized access attempts
Explanation: IOCs signal potential breaches or malicious activity.
Which Cisco security tool provides advanced threat detection with machine learning?
A) Cisco Umbrella
B) Cisco SecureX
C) Cisco AMP
D) Cisco ISE
Answer: B) Cisco SecureX
Explanation: SecureX integrates threat intelligence and uses ML to detect threats.
What is a brute force attack?
A) Exploiting software bugs
B) Trying many password combinations to gain unauthorized access
C) Using malware to steal data
D) Redirecting traffic
Answer: B) Trying many password combinations to gain unauthorized access
Explanation: Brute force attacks attempt passwords repeatedly until successful.
What is the key benefit of using Public Key Infrastructure (PKI)?
A) Simplifies password management
B) Enables secure exchange of information via digital certificates and keys
C) Speeds up network traffic
D) Prevents phishing attacks
Answer: B) Enables secure exchange of information via digital certificates and keys
Explanation: PKI provides trusted encryption and authentication mechanisms.