CYBERSECURITY MIDTERM EXAM
300 QUESTIONS AND CORRECT
ANSWERS 2025\2026 EXAM GRADED
A+
You are a security expert asked to protect the webservers hosted in your building
from exposure to anyone other than server admins. Which of the following
physical security method should you implement to achieve this?
a.
Protected cable distribution
b.
Demilitarized zones
c.
Vault
,d.
Faraday cage - ANSWER- Demilitarized zones
Spectrum Technologies uses SHA-256 to share confidential information. The
enterprise reported a breach of confidential data by a threat actor. You are asked to
verify the cause of the attack that occurred despite implementing secure
cryptography in communication. Which type of attack should you consider first,
and why?
a.
Known ciphertext attack; the attacker can create the cryptographic keys from
ciphertext because of the SHA-256 algorithm.
b.
Downgrade attack; SHA-256 is vulnerable to downgrades in the operating system
to earlier versions, allowing threat actors to easily attack.
c.
Misconfiguration attack; the company should have configured a higher security
hash algorithm rather than using the less-secure SHA-256.
d.
Collision attacks; the threat actor has created a malicious file with the same digest
using SHA-256. - ANSWER- Misconfiguration attack; the company should
have configured a higher security hash algorithm rather than using the less-
secure SHA-256.
Maze must establish a communication channel between two data centers. After
conducting a study, she came up with the idea of establishing a wired connection
,between them since they have to communicate in unencrypted form. Considering
the security requirements, Maze proposed using an alarmed carrier PDS over a
hardened carrier PDS. Why would Maze make this suggestion in her proposal?
a.
Network speeds would be slowed too much if they used a hardened carrier PDS.
b.
Using a hardened carrier PDS would require someone to conduct periodic visual
inspections.
c.
Using a hardened carrier PDS would restrict their ability to transfer large amounts
of data.
d.
Data transmission between buildings wouldn't be possible if they used a hardened
carrier PDS. - ANSWER- Using a hardened carrier PDS would require
someone to conduct periodic visual inspections.
Which of the following statements correctly describes the disadvantage of a
hardware-based keylogger?
a.
A hardware-based keylogger can easily be detected in a network by an antivirus.
b.
, A hardware-based keylogger can be detected by an antivirus when it scans for
ports.
c.
A hardware-based keylogger must be physically installed and removed without
detection.
d.
A hardware-based keylogger's data can be easily erased by the antimalware
software installed in the device. - ANSWER- A hardware-based keylogger must
be physically installed and removed without detection.
Jane, an IT security expert whose services are sought by XYZ Company, has
recommended implementing CTR mode in the network. What is one requirement
that needs to be fulfilled for computers to communicate when the CTR mode is
implemented?
a.
Both sender and receiver should have access to a counter.
b.
Sender should have access to a counter.
c.
Receiver should have access to a counter.
d.
300 QUESTIONS AND CORRECT
ANSWERS 2025\2026 EXAM GRADED
A+
You are a security expert asked to protect the webservers hosted in your building
from exposure to anyone other than server admins. Which of the following
physical security method should you implement to achieve this?
a.
Protected cable distribution
b.
Demilitarized zones
c.
Vault
,d.
Faraday cage - ANSWER- Demilitarized zones
Spectrum Technologies uses SHA-256 to share confidential information. The
enterprise reported a breach of confidential data by a threat actor. You are asked to
verify the cause of the attack that occurred despite implementing secure
cryptography in communication. Which type of attack should you consider first,
and why?
a.
Known ciphertext attack; the attacker can create the cryptographic keys from
ciphertext because of the SHA-256 algorithm.
b.
Downgrade attack; SHA-256 is vulnerable to downgrades in the operating system
to earlier versions, allowing threat actors to easily attack.
c.
Misconfiguration attack; the company should have configured a higher security
hash algorithm rather than using the less-secure SHA-256.
d.
Collision attacks; the threat actor has created a malicious file with the same digest
using SHA-256. - ANSWER- Misconfiguration attack; the company should
have configured a higher security hash algorithm rather than using the less-
secure SHA-256.
Maze must establish a communication channel between two data centers. After
conducting a study, she came up with the idea of establishing a wired connection
,between them since they have to communicate in unencrypted form. Considering
the security requirements, Maze proposed using an alarmed carrier PDS over a
hardened carrier PDS. Why would Maze make this suggestion in her proposal?
a.
Network speeds would be slowed too much if they used a hardened carrier PDS.
b.
Using a hardened carrier PDS would require someone to conduct periodic visual
inspections.
c.
Using a hardened carrier PDS would restrict their ability to transfer large amounts
of data.
d.
Data transmission between buildings wouldn't be possible if they used a hardened
carrier PDS. - ANSWER- Using a hardened carrier PDS would require
someone to conduct periodic visual inspections.
Which of the following statements correctly describes the disadvantage of a
hardware-based keylogger?
a.
A hardware-based keylogger can easily be detected in a network by an antivirus.
b.
, A hardware-based keylogger can be detected by an antivirus when it scans for
ports.
c.
A hardware-based keylogger must be physically installed and removed without
detection.
d.
A hardware-based keylogger's data can be easily erased by the antimalware
software installed in the device. - ANSWER- A hardware-based keylogger must
be physically installed and removed without detection.
Jane, an IT security expert whose services are sought by XYZ Company, has
recommended implementing CTR mode in the network. What is one requirement
that needs to be fulfilled for computers to communicate when the CTR mode is
implemented?
a.
Both sender and receiver should have access to a counter.
b.
Sender should have access to a counter.
c.
Receiver should have access to a counter.
d.
