INTRODUCTION TO CYBERSECURITY
MIDTERM EXAM 160 QUESTIONS AND
CORRECT ANSWERS GRADED A+ 2026
CYBERSECURITY MIDTERM EXAM
What term best describes an organization's desired security state?
A. Control objectives
B. Security priorities
C. Strategic goals
D. Best practices - ANSWER- Security priorities
Lou mounted the sign below on the fence surrounding his organization's
datacenter. What control type best describes this control?
A. Compensating
B. Detective
C. Physical
D. Deterrent - ANSWER- Compensating
,What language is STIX based on?
A. PHP
B. HTML
C. XML
D. Python - ANSWER- XML
Cindy wants to send threat information via a standardized protocol specifically
designed to exchange cyber threat information. What should she choose?
A. STIX 1.0
B. OpenIOC
C. STIX 2.0
D. TAXII - ANSWER- OpenIOC
Wendy is scanning cloud-based repositories for sensitive information. Which one
of the following should concern her most, if discovered in a public repository?
A. Product manuals
B. Source code
C. API keys
D. Open source data - ANSWER- API keys
Alan's team needs to perform computations on sensitive personal information but
does not need access to the underlying data. What technology can the team use to
perform these calculations without accessing the data?
A. Quantum computing
B. Blockchain
C. Homomorphic encryption
D. Certificate pinning - ANSWER- Homomorphic encryption
,Which one of the following statements about cryptographic keys is incorrect?
A. All cryptographic keys should be kept secret.
B. Longer keys are better than shorter keys when the same algorithm is used.
C. Asymmetric algorithms generally use longer keys than symmetric algorithms.
D. Digital certificates are designed to share public keys. - ANSWER- All
cryptographic keys should be kept secret
Acme Widgets has 10 employees and they all need the ability to communicate with
one another using a symmetric encryption system. The system should allow any
two employees to securely communicate without other employees eavesdropping.
If an 11th employee is added to the organization, how many new keys must be
added to the system?
A. 1
B. 2
C. 10
D. 11 - ANSWER- 10
What type of digital certificate provides the greatest level of assurance that the
certificate owner is who they claim to be?
A. DV
B. OV
C. UV
D. EV - ANSWER- EV
Glenn recently obtained a wildcard certificate for *. mydomain.com. Which one of
the following domains would not be covered by this certificate?
A. mydomain.com
, B. core.mydomain.com
C. dev. www.mydomain.com
D. mail.mydomain.com - ANSWER- dev. www.mydomain.com
Which one of the following servers is almost always an offline CA in a large PKI
deployment?
A. Root CA
B. Intermediate CA
C. RA
D. Internal CA - ANSWER- Root CA
Which one of the following certificate formats is closely associated with Windows
binary certificate files?
A. DER
B. PEM
C. PFX
D. P7B - ANSWER- PFX
What type of security solution provides a hardware platform for the storage and
management of encryption keys?
A. HSM
B. IPS
C. SIEM
D. SOAR - ANSWER- HSM
What type of cryptographic attack attempts to force a user to reduce the level of
encryption that they use to communicate with a remote server?
MIDTERM EXAM 160 QUESTIONS AND
CORRECT ANSWERS GRADED A+ 2026
CYBERSECURITY MIDTERM EXAM
What term best describes an organization's desired security state?
A. Control objectives
B. Security priorities
C. Strategic goals
D. Best practices - ANSWER- Security priorities
Lou mounted the sign below on the fence surrounding his organization's
datacenter. What control type best describes this control?
A. Compensating
B. Detective
C. Physical
D. Deterrent - ANSWER- Compensating
,What language is STIX based on?
A. PHP
B. HTML
C. XML
D. Python - ANSWER- XML
Cindy wants to send threat information via a standardized protocol specifically
designed to exchange cyber threat information. What should she choose?
A. STIX 1.0
B. OpenIOC
C. STIX 2.0
D. TAXII - ANSWER- OpenIOC
Wendy is scanning cloud-based repositories for sensitive information. Which one
of the following should concern her most, if discovered in a public repository?
A. Product manuals
B. Source code
C. API keys
D. Open source data - ANSWER- API keys
Alan's team needs to perform computations on sensitive personal information but
does not need access to the underlying data. What technology can the team use to
perform these calculations without accessing the data?
A. Quantum computing
B. Blockchain
C. Homomorphic encryption
D. Certificate pinning - ANSWER- Homomorphic encryption
,Which one of the following statements about cryptographic keys is incorrect?
A. All cryptographic keys should be kept secret.
B. Longer keys are better than shorter keys when the same algorithm is used.
C. Asymmetric algorithms generally use longer keys than symmetric algorithms.
D. Digital certificates are designed to share public keys. - ANSWER- All
cryptographic keys should be kept secret
Acme Widgets has 10 employees and they all need the ability to communicate with
one another using a symmetric encryption system. The system should allow any
two employees to securely communicate without other employees eavesdropping.
If an 11th employee is added to the organization, how many new keys must be
added to the system?
A. 1
B. 2
C. 10
D. 11 - ANSWER- 10
What type of digital certificate provides the greatest level of assurance that the
certificate owner is who they claim to be?
A. DV
B. OV
C. UV
D. EV - ANSWER- EV
Glenn recently obtained a wildcard certificate for *. mydomain.com. Which one of
the following domains would not be covered by this certificate?
A. mydomain.com
, B. core.mydomain.com
C. dev. www.mydomain.com
D. mail.mydomain.com - ANSWER- dev. www.mydomain.com
Which one of the following servers is almost always an offline CA in a large PKI
deployment?
A. Root CA
B. Intermediate CA
C. RA
D. Internal CA - ANSWER- Root CA
Which one of the following certificate formats is closely associated with Windows
binary certificate files?
A. DER
B. PEM
C. PFX
D. P7B - ANSWER- PFX
What type of security solution provides a hardware platform for the storage and
management of encryption keys?
A. HSM
B. IPS
C. SIEM
D. SOAR - ANSWER- HSM
What type of cryptographic attack attempts to force a user to reduce the level of
encryption that they use to communicate with a remote server?
