CYBERSECURITY MIDTERM
PRACTICE EXAM QUESTIONS AND
CORRECT ANSWERS 2026 EXAM
GUARANTEED A+
Which network device is designed to block network connections that are
identified as potentially malicious?
a) Router
b) Intrusion prevention system (IPS)
c) Intrusion detection system (IDS)
d) Web server - ANSWER- Intrusion prevention system (IPS)
True or False?
,Encrypting data within databases and storage devices gives an added
layer of security. - ANSWER- True
Juan's web server was down for an entire day in April. It experienced no
other downtime during that month. What represents the web server
uptime for that month?
a) 99.96%
b) 96.67%
c) 3.33%
d) 1.03% - ANSWER- 96.67%
True or False?
Authorization is the process of granting rights to use an organization's IT
assets, systems, applications, and data to a specific user. - ANSWER-
True
Which element of the security policy framework requires approval from
upper management and applies to the entire organization?
a) Procedure
b) Guideline
c) Standard
d) Policy - ANSWER- Policy
,Maria is writing a policy that defines her organization's data
classification standard. The policy designates the IT assets that are
critical to the organization's mission and defines the organization's
systems, uses, and data priorities. It also identifies assets within the
seven domains of a typical IT infrastructure. Which policy is Maria
writing?
a) Security awareness policy
b) Asset protection policy
c) Asset classification policy
d) Asset management policy - ANSWER- Asset classification policy
Which risk is most effectively mitigated by an upstream Internet service
provider (ISP)?
a) Distributed denial of service (DDoS)
b) Inherently insecure Transmission Control Protocol/Internet Protocol
(TCP/IP) applications
c) Unauthorized remote access
d) Firewall configuration error - ANSWER- Distributed denial of
service (DDoS)
With the use of Mobile IP, which device is responsible for assigning
each mobile node (MN) a local address?
, a) Care of address (COA)
b) Correspondent node (CN)
c) Foreign agent (FA)
d) Home agent (HA) - ANSWER- Foreign agent (FA)
Which compliance obligation includes security requirements that apply
specifically to the European Union?
a) Health Insurance Portability and Accountability Act (HIPAA)
b) Federal Information Security Management Act (FISMA)
c) Gramm-Leach-Bliley Act (GLBA)
d) General Data Protection Regulation (GDPR) - ANSWER- General
Data Protection Regulation (GDPR)
Gwen's company is planning to accept credit cards over the Internet.
What governs this type of activity and includes provisions that Gwen
should implement before accepting credit card transactions?
a) Family Educational Rights and Privacy Act (FERPA)
b) Payment Card Industry Data Security Standard (PCI DSS)
c) Health Insurance Portability and Accountability Act (HIPAA)
d) Communications Assistance for Law Enforcement Act (CALEA) -
ANSWER- Payment Card Industry Data Security Standard (PCI
DSS)
PRACTICE EXAM QUESTIONS AND
CORRECT ANSWERS 2026 EXAM
GUARANTEED A+
Which network device is designed to block network connections that are
identified as potentially malicious?
a) Router
b) Intrusion prevention system (IPS)
c) Intrusion detection system (IDS)
d) Web server - ANSWER- Intrusion prevention system (IPS)
True or False?
,Encrypting data within databases and storage devices gives an added
layer of security. - ANSWER- True
Juan's web server was down for an entire day in April. It experienced no
other downtime during that month. What represents the web server
uptime for that month?
a) 99.96%
b) 96.67%
c) 3.33%
d) 1.03% - ANSWER- 96.67%
True or False?
Authorization is the process of granting rights to use an organization's IT
assets, systems, applications, and data to a specific user. - ANSWER-
True
Which element of the security policy framework requires approval from
upper management and applies to the entire organization?
a) Procedure
b) Guideline
c) Standard
d) Policy - ANSWER- Policy
,Maria is writing a policy that defines her organization's data
classification standard. The policy designates the IT assets that are
critical to the organization's mission and defines the organization's
systems, uses, and data priorities. It also identifies assets within the
seven domains of a typical IT infrastructure. Which policy is Maria
writing?
a) Security awareness policy
b) Asset protection policy
c) Asset classification policy
d) Asset management policy - ANSWER- Asset classification policy
Which risk is most effectively mitigated by an upstream Internet service
provider (ISP)?
a) Distributed denial of service (DDoS)
b) Inherently insecure Transmission Control Protocol/Internet Protocol
(TCP/IP) applications
c) Unauthorized remote access
d) Firewall configuration error - ANSWER- Distributed denial of
service (DDoS)
With the use of Mobile IP, which device is responsible for assigning
each mobile node (MN) a local address?
, a) Care of address (COA)
b) Correspondent node (CN)
c) Foreign agent (FA)
d) Home agent (HA) - ANSWER- Foreign agent (FA)
Which compliance obligation includes security requirements that apply
specifically to the European Union?
a) Health Insurance Portability and Accountability Act (HIPAA)
b) Federal Information Security Management Act (FISMA)
c) Gramm-Leach-Bliley Act (GLBA)
d) General Data Protection Regulation (GDPR) - ANSWER- General
Data Protection Regulation (GDPR)
Gwen's company is planning to accept credit cards over the Internet.
What governs this type of activity and includes provisions that Gwen
should implement before accepting credit card transactions?
a) Family Educational Rights and Privacy Act (FERPA)
b) Payment Card Industry Data Security Standard (PCI DSS)
c) Health Insurance Portability and Accountability Act (HIPAA)
d) Communications Assistance for Law Enforcement Act (CALEA) -
ANSWER- Payment Card Industry Data Security Standard (PCI
DSS)
