2026-2027 Updated Practice Exam | 150+
Actual Most Tested Questions Collections &
Verified Detailed Answers From Past Papers |
Expert Verified Success Exam) Graded A+
1.
A company wants to prevent unauthorized access to its internal network using a
system that evaluates traffic based on predefined security rules. Which solution
should be implemented?
A. IDS
B. Firewall
C. SIEM
D. VPN
Correct Answer: B ✔ Firewall
Firewalls enforce security rules by filtering inbound and outbound traffic based on
predefined policies, making them the primary control for network access
management.
2.
Which of the following BEST describes multi-factor authentication (MFA)?
A. Using two passwords
B. Using biometric data only
C. Using two or more different authentication factors
D. Using a PIN and password only
,Correct Answer: C ✔ Using two or more different authentication factors
Multi-factor authentication requires different categories of factors such as
something you know, have, or are, improving security significantly.
3.
A user receives an email claiming to be from their bank asking them to verify
credentials via a link. What type of attack is this?
A. Smishing
B. Phishing
C. Tailgating
D. Spoofing
Correct Answer: B ✔ Phishing
Phishing uses deceptive emails to trick users into revealing sensitive information
such as login credentials.
4.
Which principle ensures users are granted only the permissions necessary to
perform their job functions?
A. Least privilege
B. Job rotation
C. Separation of duties
D. Implicit deny
Correct Answer: A ✔ Least privilege
The principle of least privilege restricts user access rights to only what is required
for their role.
5.
,What is the primary purpose of a VPN?
A. Encrypt stored data
B. Secure remote network access over public networks
C. Detect malware
D. Block phishing emails
Correct Answer: B ✔ Secure remote network access over public networks
A VPN creates an encrypted tunnel to secure data transmission over untrusted
networks like the internet.
6.
Which type of malware is designed to replicate itself without user intervention?
A. Trojan
B. Worm
C. Rootkit
D. Spyware
Correct Answer: B ✔ Worm
Worms self-replicate and spread across networks without requiring user action.
7.
What is the MAIN goal of a Denial-of-Service (DoS) attack?
A. Steal data
B. Encrypt files for ransom
C. Disrupt service availability
D. Escalate privileges
Correct Answer: C ✔ Disrupt service availability
DoS attacks overwhelm systems to make services unavailable to legitimate users.
, 8.
Which control type is a security camera considered?
A. Technical
B. Administrative
C. Physical
D. Operational
Correct Answer: C ✔ Physical
Security cameras are physical controls used to monitor and deter unauthorized
access.
9.
A company requires employees to change passwords every 90 days. This is an
example of:
A. Encryption policy
B. Password complexity policy
C. Password expiration policy
D. Access control policy
Correct Answer: C ✔ Password expiration policy
Regular password changes reduce the risk of long-term credential compromise.
10.
Which attack involves intercepting and altering communication between two
parties?
A. Replay attack
B. Man-in-the-middle attack
C. Brute force attack
D. SQL injection