Practice Free 100-160 Exam Online Questions
Question #1
Which of the following is an example of a data security principle?
- A . Least Privilege
- B . Session Management
- C . ARP Spoofing
- D . Ciphertext
Correct Answer: A
A
Explanation:
Option 1: Correct. Least Privilege is a data security principle that limits the access rights of individuals to only what is necessary for them to perform their job functions.
Option 2: Incorrect. Session Management is a security practice related to handling user sessions, but it is not specifically a data security principle.
Option 3: Incorrect. ARP Spoofing is a network attack technique, not a data security principle.
Option 4: Incorrect. Ciphertext refers to encrypted data, but it is not a data security principle.
A
Explanation:
Option 1: Correct. Least Privilege is a data security principle that limits the access rights of individuals to only what is necessary for them to perform their job functions.
Option 2: Incorrect. Session Management is a security practice related to handling user sessions, but it is not specifically a data security principle.
Option 3: Incorrect. ARP Spoofing is a network attack technique, not a data security principle.
Option 4: Incorrect. Ciphertext refers to encrypted data, but it is not a data security principle.
Question #2
Which of the following is a recommended practice for securing a wireless SoHo network?
- A . Disabling encryption for ease of use
- B . Regularly updating the router’s firmware
- C . Sharing Wi-Fi passwords with neighbors
- D . Using the default network name (SSID)
Correct Answer: B
B
Explanation:
Regularly updating the router’s firmware is a recommended practice for securing a wireless SoHo network. Router manufacturers often release firmware updates to address security vulnerabilities and improve performance. By installing the latest firmware updates, you can ensure that your router has the latest security patches. Disabling encryption (A) would make the network vulnerable to unauthorized access. Sharing Wi-Fi passwords with neighbors (C) may compromise security. Using the default network name (D) (SSID) can make it easier for attackers to identify and target your network.
B
Explanation:
Regularly updating the router’s firmware is a recommended practice for securing a wireless SoHo network. Router manufacturers often release firmware updates to address security vulnerabilities and improve performance. By installing the latest firmware updates, you can ensure that your router has the latest security patches. Disabling encryption (A) would make the network vulnerable to unauthorized access. Sharing Wi-Fi passwords with neighbors (C) may compromise security. Using the default network name (D) (SSID) can make it easier for attackers to identify and target your network.
Question #3
Which of the following is a characteristic of an IPv6 address?
- A . Uses colons as separators
- B . Can be represented by both decimal and binary notation
- C . Supports a maximum of 4.3 billion unique addresses
- D . Consists of 32 bits
Correct Answer: A
A
Explanation:
An IPv6 address consists of 128 bits, which is four times the size of an IPv4 address. Unlike IPv4 addresses that use periods (dots) as separators, IPv6 addresses use colons as separators. For example, an IPv6 address could be written as 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
A
Explanation:
An IPv6 address consists of 128 bits, which is four times the size of an IPv4 address. Unlike IPv4 addresses that use periods (dots) as separators, IPv6 addresses use colons as separators. For example, an IPv6 address could be written as 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
Question #4
What is the main motivation for attackers to conduct cyber attacks?
- A . Knowledge
- B . Financial gain
- C . Curiosity
- D . Revenge
Correct Answer: B
B
Explanation:
The primary motivation for many cyber attackers is financial gain. By conducting cyber attacks, attackers may aim to steal sensitive information, such as credit card details or personal data, which they can then use or sell for financial profit.
B
Explanation:
The primary motivation for many cyber attackers is financial gain. By conducting cyber attacks, attackers may aim to steal sensitive information, such as credit card details or personal data, which they can then use or sell for financial profit.
Question #5
Which of the following is an example of a preventive control in computer operations?
- A . Backup and recovery procedures
- B . Firewall implementation
- C . Incident response planning
- D . Penetration testing
Correct Answer: B
B
Explanation:
A firewall is a preventive control in computer operations that helps to protect the network by filtering incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between an internal network and external networks, such as the internet, to prevent unauthorized access and potential attacks.
B
Explanation:
A firewall is a preventive control in computer operations that helps to protect the network by filtering incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between an internal network and external networks, such as the internet, to prevent unauthorized access and potential attacks.
Question #6
Which of the following is true about security policies and procedures?
- A . They should be regularly reviewed and updated to reflect changing threats and technologies
- B . They should only be accessible to the IT department.
- C . They should be documented once and never changed.
- D . They should be kept confidential and not shared with employees.
Correct Answer: A
A
Explanation:
Option 1: Correct: Security policies and procedures should be regularly reviewed and updated to ensure they align with changing threats and technologies. This helps to maintain the effectiveness of the policies and processes.
Option 2: Incorrect: Security policies and procedures should be accessible to relevant employees and stakeholders, not restricted only to the IT department. It is important for everyone to understand and adhere to the policies and procedures.
Option 3: Incorrect: Security policies and procedures should be regularly updated as needed, not documented once and never changed. The changing threat landscape and evolving technologies necessitate the periodic review and update of security policies and procedures.
Option 4: Incorrect: Security policies and procedures should be communicated and shared with employees to ensure everyone understands and follows them. Keeping them confidential and not sharing them would hinder their effectiveness.
A
Explanation:
Option 1: Correct: Security policies and procedures should be regularly reviewed and updated to ensure they align with changing threats and technologies. This helps to maintain the effectiveness of the policies and processes.
Option 2: Incorrect: Security policies and procedures should be accessible to relevant employees and stakeholders, not restricted only to the IT department. It is important for everyone to understand and adhere to the policies and procedures.
Option 3: Incorrect: Security policies and procedures should be regularly updated as needed, not documented once and never changed. The changing threat landscape and evolving technologies necessitate the periodic review and update of security policies and procedures.
Option 4: Incorrect: Security policies and procedures should be communicated and shared with employees to ensure everyone understands and follows them. Keeping them confidential and not sharing them would hinder their effectiveness.
Question #7
Which command-line tool is used to query DNS records and obtain information about domain names?
- A . traceroute
- B . nslookup
- C . tcpdump
- D . netstat
Correct Answer: B
B
Explanation:
The correct command-line tool for querying DNS records and obtaining information about domain names is nslookup. It can be used to check the security assessment information related to DNS configurations, verify the correct mapping of domain names to IP addresses, and troubleshoot any DNS-related issues.
B
Explanation:
The correct command-line tool for querying DNS records and obtaining information about domain names is nslookup. It can be used to check the security assessment information related to DNS configurations, verify the correct mapping of domain names to IP addresses, and troubleshoot any DNS-related issues.
Question #8
Which of the following best describes the concept of data integrity in cybersecurity?
- A . Ensuring data is available for authorized users when needed
- B . Encrypting data to prevent unauthorized modifications
- C . Protecting data from unauthorized access or disclosure
- D . Ensuring data is accurate, consistent, and trustworthy
Correct Answer: D
D
Explanation:
Data integrity in cybersecurity refers to the assurance that data is accurate, consistent, and trustworthy throughout its lifecycle. It involves maintaining the correctness and reliability of data, preventing unauthorized modifications or tampering. Ensuring data integrity is crucial for maintaining the reliability and credibility of information within a system or network.
D
Explanation:
Data integrity in cybersecurity refers to the assurance that data is accurate, consistent, and trustworthy throughout its lifecycle. It involves maintaining the correctness and reliability of data, preventing unauthorized modifications or tampering. Ensuring data integrity is crucial for maintaining the reliability and credibility of information within a system or network.
Question #9
What are anomalies in the context of cybersecurity?
- A . Security vulnerabilities in computer networks
- B . External threats that aim to breach an organization’s defenses
- C . Unusual behaviors or patterns that deviate from the norm
- D . Malware that infects a system and causes it to malfunction
Correct Answer: C
C
Explanation:
Anomalies in the context of cybersecurity refer to unusual behaviors or patterns that deviate from the norm. These anomalies can indicate potential security breaches, malicious activities, or abnormal system behaviors. By detecting and analyzing anomalies, cybersecurity professionals can identify potential threats and take appropriate actions to mitigate them. Anomaly detection is an important aspect of cybersecurity to ensure the overall safety and protection of computer systems and networks.
C
Explanation:
Anomalies in the context of cybersecurity refer to unusual behaviors or patterns that deviate from the norm. These anomalies can indicate potential security breaches, malicious activities, or abnormal system behaviors. By detecting and analyzing anomalies, cybersecurity professionals can identify potential threats and take appropriate actions to mitigate them. Anomaly detection is an important aspect of cybersecurity to ensure the overall safety and protection of computer systems and networks.
Question #10
Which of the following best defines risk management in the context of cybersecurity?
- A . The process of analyzing potential threats and determining the likelihood and impact of those threats on an organization.
- B . The process of ensuring the confidentiality, integrity, and availability of an organization’s information assets.
- C . The process of mitigating threats to an organization’s information assets by implementing appropriate security controls.
- D . The process of identifying, assessing, and prioritizing vulnerabilities in an organization’s networks
and systems.
Correct Answer: A
A
Explanation:
Risk management is the process of identifying, assessing, and prioritizing potential threats to an organization’s information assets. By analyzing the likelihood and impact of these threats, organizations can make informed decisions on how to mitigate risks effectively. This process involves activities such as risk assessment, risk analysis, risk mitigation, and risk monitoring. The focus is on evaluating the probability and impact of potential cybersecurity incidents and implementing appropriate measures to reduce or eliminate these risks.
A
Explanation:
Risk management is the process of identifying, assessing, and prioritizing potential threats to an organization’s information assets. By analyzing the likelihood and impact of these threats, organizations can make informed decisions on how to mitigate risks effectively. This process involves activities such as risk assessment, risk analysis, risk mitigation, and risk monitoring. The focus is on evaluating the probability and impact of potential cybersecurity incidents and implementing appropriate measures to reduce or eliminate these risks.