Multiple Choice
Identify the
choice that best completes the statement or answers the question.
|
|
|
1.
|
(1 point) A student logs in to a school laptop using a password only. Which
authentication factor is being used?
a. | Something the user knows (knowledge
factor) | b. | Something the user has (possession factor) | c. | Something the user is (biometric
factor) | d. | Somewhere the user is (location
factor) |
|
|
|
2.
|
(1 point) A nurse taps an ID badge on a reader to unlock a medication cabinet. Which
authentication factor is this?
a. | Something the user has (possession
factor) | b. | Something the user knows (knowledge factor) | c. | Something the user is (biometric
factor) | d. | Somewhere the user is (location
factor) |
|
|
|
3.
|
(1 point) A phone unlocks when it recognizes the owner’s face. Which
factor is being used?
a. | Something the user is (biometric
factor) | b. | Something the user knows (knowledge factor) | c. | Something the user has (possession
factor) | d. | Somewhere the user is (location
factor) |
|
|
|
4.
|
(1 point) A bank blocks a login because the attempt comes from a different country than
usual. Which factor is this check using?
a. | Somewhere the user is (location
factor) | b. | Something the user knows (knowledge factor) | c. | Something the user has (possession
factor) | d. | Something the user is (biometric
factor) |
|
|
|
5.
|
(1 point) To access grades, a teacher enters a password and then confirms a code from an
authenticator app. What type of authentication is this?
a. | Multifactor authentication
(MFA) | b. | Single-factor authentication | c. | Passwordless
authentication | d. | Role-based authorization |
|
|
|
6.
|
(1 point) A site requires a password and a security question answer. Which statement
best describes the authentication?
a. | Single-factor authentication using
only knowledge factors | b. | Multifactor authentication using knowledge and
possession | c. | Multifactor authentication using knowledge and
biometrics | d. | Location-based authentication |
|
|
|
7.
|
(1 point) A user chooses a PIN that is '1234' because it’s
easy to remember. This PIN is an example of which factor?
a. | Knowledge
factor | b. | Possession factor | c. | Biometric factor | d. | Location factor |
|
|
|
8.
|
(1 point) A company sends a one-time login code by text message to an
employee’s phone. Which factor is primarily being used?
a. | Possession
factor | b. | Knowledge factor | c. | Biometric factor | d. | Location factor |
|
|
|
9.
|
(1 point) A door lock scans an employee’s fingerprint before allowing
entry. Which factor is this?
a. | Biometric
factor | b. | Knowledge factor | c. | Possession factor | d. | Location factor |
|
|
|
10.
|
(1 point) A streaming service flags a login attempt because it comes from an unfamiliar
IP address range. Which factor is being evaluated?
a. | Location
factor | b. | Biometric factor | c. | Possession factor | d. | Knowledge factor |
|
|
|
11.
|
(1 point) A student uses a USB security key to sign in to a Chromebook. Which factor
best describes the USB key?
a. | Possession
factor | b. | Knowledge factor | c. | Biometric factor | d. | Location factor |
|
|
|
12.
|
(1 point) A staff member uses a badge (tap) and a PIN to access a secure room. What type
of authentication is being used?
a. | Multifactor authentication
(MFA) | b. | Single-factor authentication | c. | Encryption-based
authentication | d. | Authorization using access lists |
|
|
|
13.
|
(1 point) Which login method is the best example of a possession
factor?
a. | A hardware token that generates
rotating codes | b. | A long password with symbols | c. | A fingerprint scan | d. | A login allowed only during school
hours |
|
|
|
14.
|
(1 point) Which option is a knowledge factor an attacker might try to guess if it is
based on personal information?
a. | Answers to challenge questions like
a pet’s name | b. | A smart card stored in a wallet | c. | A fingerprint | d. | A GPS location
check |
|
|
|
15.
|
(1 point) A laptop uses voice recognition to unlock. Which factor is
this?
a. | Biometric
factor | b. | Knowledge factor | c. | Possession factor | d. | Location factor |
|
|
|
16.
|
(1 point) A company only allows admin logins from the office Wi‑Fi
network. Which factor is being used?
a. | Location
factor | b. | Possession factor | c. | Biometric factor | d. | Knowledge factor |
|
|
|
17.
|
(1 point) A user logs in with a password and then taps 'Approve' on a push
notification on their phone. What is the best classification?
a. | Multifactor authentication
(knowledge + possession) | b. | Single-factor authentication (knowledge
only) | c. | Single-factor authentication (possession
only) | d. | Multifactor authentication (biometric +
location) |
|
|
|
18.
|
(1 point) Which set correctly matches a method to its authentication factor
type?
a. | Fingerprint scan
→ something the user is | b. | Password → somewhere the user
is | c. | GPS check →
something the user has | d. | Access card → something the user
knows |
|
|
|
19.
|
(1 point) A system requires a fingerprint and a face scan to log in. Which statement is
most accurate?
a. | It is not MFA because both checks
are biometric factors | b. | It is MFA because it uses two different
checks | c. | It is MFA because one check is
knowledge-based | d. | It is single-factor because biometrics are always
optional |
|
|
|
20.
|
(1 point) A company stores employee passwords as plain text in a database. After a
breach, attackers immediately log in as many users. Which change best explains how hashing would
reduce the damage if the database is stolen?
a. | Store only password hashes so stolen
records don’t reveal the actual passwords
directly. | b. | Store passwords in a spreadsheet so they’re easier to
audit. | c. | Store passwords in a longer text field so they are harder to
read. | d. | Store passwords in multiple copies so at least one stays
correct. |
|
|
|
21.
|
(1 point) Why does a login system hash the password a user types in and compare it to
the stored value instead of decrypting a stored password?
a. | Because the system stores a hash
(not an encrypted password) and verifies by matching hashes. | b. | Because hashes can always be reversed back into the
original password. | c. | Because decryption is illegal for passwords. | d. | Because hashing changes the password length to match the
username length. |
|
|
|
22.
|
(1 point) A student says, “If I slightly change a password, the
stored value should only change a little.†Which property of cryptographic hashes
best explains why that assumption is unsafe?
a. | Hashes are fixed-length and behave
unpredictably, so small input changes create very different
outputs. | b. | Hashes are repeatable, so small changes are
ignored. | c. | Hashes are collision resistant, so outputs always look
similar. | d. | Hashes are pre-image resistant, so outputs must be
short. |
|
|
|
23.
|
(1 point) A security admin wants the same password to always produce the same stored
value for the same user. Which hash property supports this requirement?
a. | Repeatability (the same input always
produces the same hash). | b. | Collision forcing (different inputs produce the same
hash). | c. | Pre-image reversal (hashes can be decoded). | d. | Variable-length output (hash length changes with
input). |
|
|
|
24.
|
(1 point) Which statement best explains what a cryptographic hash function does when
used for password storage?
a. | It turns input data of any length
into a fixed-length output used for comparison. | b. | It compresses passwords so they take less disk space and
can be decompressed later. | c. | It encrypts passwords so the system can read them when
needed. | d. | It converts passwords into a username format to simplify
authentication. |
|
|
|
25.
|
(1 point) A password database is leaked, and the attacker only has the hashes. Which
hash property makes it difficult to determine the original passwords from the
hashes?
a. | Pre-image
resistance. | b. | Repeatability. | c. | Fixed-length output. | d. | Collision
resistance. |
|
|
|
26.
|
(1 point) Two employees choose the exact same password. Without extra protections, their
stored password hashes would match. What is the best explanation for adding a unique salt to each
password before hashing?
a. | It makes identical passwords produce
different hashes, reducing the value of stolen hash lists. | b. | It allows the system to decrypt the password later if a
user forgets it. | c. | It guarantees collisions so attackers can’t tell which hash
is correct. | d. | It shortens the password so the hash calculation is
faster. |
|
|
|
27.
|
(1 point) An attacker uses a precomputed “rainbow
table†of common password hashes. Which practice most directly reduces the
attacker’s success?
a. | Hash each password with a unique
salt before storing it. | b. | Use the same salt for all users. | c. | Store passwords in plaintext but require longer
passwords. | d. | Compress the password file before saving
it. |
|
|
|
28.
|
(1 point) A developer suggests using MD5 to hash passwords because it is fast. Why is
this a security concern?
a. | MD5 is deprecated because attackers
can force collisions efficiently, making it unsafe. | b. | MD5 outputs are too long to store in a
database. | c. | MD5 cannot be repeated, so logins would
fail. | d. | MD5 can only hash numbers, not
letters. |
|
|
|
29.
|
(1 point) A school system still uses SHA1 for password hashing. Which reason best
explains why security teams recommend moving away from SHA1?
a. | SHA1 is deprecated because practical
collision attacks have been found. | b. | SHA1 is not fixed-length, so it breaks
databases. | c. | SHA1 is not repeatable, so users can’t log in
reliably. | d. | SHA1 automatically stores passwords in
plaintext. |
|
|
|
30.
|
(1 point) A student asks, “Can two different passwords ever create
the same hash?†Which explanation is most accurate?
a. | Yes, collisions are possible because
there are infinite inputs but a finite number of hash outputs. | b. | No, collision resistance means collisions are
mathematically impossible. | c. | No, because hashes always include the username to prevent
collisions. | d. | Yes, and collisions happen for most passwords every
day. |
|
|
|
31.
|
(1 point) A hash function outputs 128-bit hashes. Which statement best explains what
that implies about possible hash outputs?
a. | There are 2^128 possible different
outputs, even though inputs can be unlimited. | b. | There are 128 possible different outputs
total. | c. | There are unlimited outputs because inputs are
unlimited. | d. | There are 2^64 outputs because 128 bits equals 64
bytes. |
|
|
|
32.
|
(1 point) Which combination of hash properties best supports password verification
without storing plaintext passwords?
a. | Repeatability and pre-image
resistance. | b. | Collision resistance and variable length. | c. | Decryptability and
repeatability. | d. | Random output length and
reversibility. |
|
|
|
33.
|
(1 point) A login system stores hashes. During login, the user’s
typed password is hashed and compared to the stored hash. What is the main security benefit of this
design?
a. | The system never needs to store or
retrieve plaintext passwords. | b. | The system can always reverse hashes to recover forgotten
passwords. | c. | The system guarantees passwords can’t be
guessed. | d. | The system prevents all phishing
attacks. |
|
|
|
34.
|
(1 point) A database breach exposes each user’s salt and password
hash. Why is this still safer than storing passwords in plaintext?
a. | Attackers still must guess passwords
and hash them to find matches; salts prevent easy reuse of precomputed
tables. | b. | Attackers cannot access salts once they have the
hashes. | c. | Salts automatically change the password after a
breach. | d. | Salts encrypt the database so attackers can’t read
it. |
|
|
|
35.
|
(1 point) A security team wants a password storage method that produces the same-length
stored value for every user, even if passwords are different lengths. Which hash property explains
why this happens?
a. | Fixed-length
output. | b. | Pre-image resistance. | c. | Collision forcing. | d. | Location
awareness. |
|
|
|
36.
|
(1 point) Which list includes only well-known cryptographic hash functions mentioned in
the course materials?
a. | MD5, SHA256, SHA512,
NTHash. | b. | AES, RSA, Diffie-Hellman, ECC. | c. | WPA3, TLS, HTTPS, SSH. | d. | Base64, ROT13, Caesar,
Vigenère. |
|
|
|
37.
|
(1 point) A security engineer says, “If attackers can reliably create
collisions, we should stop using that hash function.†Why?
a. | Collisions can allow attackers to
substitute different data with the same hash, weakening trust in the
hash. | b. | Collisions make the hash longer and harder to
store. | c. | Collisions only affect encryption, not
hashing. | d. | Collisions mean the hash becomes unreadable by
computers. |
|
|
|
38.
|
(1 point) A small business wants ‘better password
storage.’ Which option best follows good practice described in the
framework?
a. | Hash each password and store the
hash (not the plaintext password) in the database. | b. | Encrypt each password and store the decryption key in the
same database. | c. | Store passwords in a hidden folder on the web
server. | d. | Store passwords in an email account that only IT can
access. |
|
|
|
39.
|
(1 point) An attacker steals one employee’s password and the company
does not use MFA. Why is this such a serious vulnerability?
a. | The attacker can log in as that user
and act with the same access and rights as the user. | b. | The attacker can only view public web pages, not internal
systems. | c. | The attacker automatically gets access to every account in the
company. | d. | The attacker can only change the user’s screen
brightness. |
|
|
|
40.
|
(1 point) A school district uses only usernames and passwords for staff email. What is
the best explanation for why adding MFA would reduce the risk of password
attacks?
a. | MFA requires another authentication
factor, so a stolen password alone is less useful. | b. | MFA makes passwords shorter and easier to
remember. | c. | MFA stores passwords in plaintext for faster
logins. | d. | MFA prevents users from reusing passwords on other
sites. |
|
|
|
41.
|
(1 point) An attacker tries many username and password combinations directly on a
company login page. What type of password attack is this?
a. | An online password
attack | b. | An offline password attack | c. | A rainbow table attack
only | d. | A hashing collision attack |
|
|
|
42.
|
(1 point) Why are offline password attacks often more dangerous than online password
attacks after a password database is stolen?
a. | They happen on the
attacker’s own computer and bypass account lockout
protections. | b. | They always require physical access to the target’s
device. | c. | They only work if the passwords are stored in
plaintext. | d. | They automatically disable MFA on all
accounts. |
|
|
|
43.
|
(1 point) A company uses account lockout after five bad login attempts. Which attack
type can still avoid this protection if the password database is stolen?
a. | Offline password
attacks | b. | Online password attacks | c. | Password spraying | d. | Shoulder
surfing |
|
|
|
44.
|
(1 point) Why does password reuse make a leaked password database especially
dangerous?
a. | Attackers can try the stolen
usernames and passwords on other accounts and services used by the same
person. | b. | Password reuse automatically deletes hashes from the
database. | c. | Reused passwords can only be used for online attacks, not offline
attacks. | d. | Password reuse forces account lockout after one failed
login. |
|
|
|
45.
|
(1 point) A student’s gaming account password is leaked in a breach,
and the same password also works on the student’s school email. What best explains
this risk?
a. | Attackers often try leaked
credentials on other accounts because many users reuse passwords. | b. | Gaming accounts are always linked directly to school
networks. | c. | School email systems automatically import gaming
passwords. | d. | Password hashing causes the same password to spread across
websites. |
|
|
|
46.
|
(1 point) An attacker buys a list of usernames and passwords from a breached website and
tests them against a company VPN. Which vulnerability is the attacker exploiting
first?
a. | Users reusing the same password
across different services | b. | The company using long passwords | c. | The VPN requiring MFA | d. | The company changing passwords too
often |
|
|
|
47.
|
(1 point) An attacker tries the password 'Spring2025!' against 500 different
usernames. What type of attack is this?
a. | Password
spraying | b. | Credential stuffing | c. | Brute force | d. | Dictionary
hashing |
|
|
|
48.
|
(1 point) Why do attackers use password spraying instead of trying many passwords on one
account?
a. | Trying one common password across
many accounts can avoid triggering account lockout on a single
account. | b. | It works only after stealing a password
database. | c. | It guarantees success against any account with
MFA. | d. | It requires no usernames to
work. |
|
|
|
49.
|
(1 point) A district sees repeated attempts to log in to many teacher accounts using the
password 'Password123'. Which explanation best matches this event?
a. | It is password spraying because one
common password is being tested across many accounts. | b. | It is credential stuffing because many stolen password
pairs are being tested. | c. | It is a brute force attack because every possible password is being
tested. | d. | It is a rainbow table attack because hashes are being
reversed. |
|
|
|
50.
|
(1 point) An attacker tries 'admin/admin' on many internet-connected cameras
and routers. What attack type best fits this behavior?
a. | Credential stuffing using common
default credentials | b. | Password spraying | c. | Dictionary attack | d. | Brute force attack |
|
|
|
51.
|
(1 point) Which scenario best explains credential stuffing?
a. | An attacker uses stolen or default
credentials to try to gain access to accounts or devices. | b. | An attacker guesses one common password across many
usernames. | c. | An attacker tests every possible character combination for one password
hash. | d. | An attacker compares live login attempts to a rainbow
table. |
|
|
|
52.
|
(1 point) A company deploys IoT devices that still use the default admin password from
the factory. Why is this especially risky?
a. | Attackers often try common default
credentials to gain access quickly. | b. | Default passwords make hashing impossible. | c. | Default passwords only matter on laptops, not smart
devices. | d. | Default passwords stop account lockout from
working. |
|
|
|
53.
|
(1 point) An attacker steals a hashed password database and uses a tool to test all
possible password combinations until one hash matches. What type of attack is
this?
a. | A brute force offline
attack | b. | A password spraying attack | c. | An online credential stuffing
attack | d. | A biometric spoofing attack |
|
|
|
54.
|
(1 point) An attacker steals password hashes and then tests a list of common passwords
like 'qwerty' and 'letmein' against the hashes. What type of attack is
this?
a. | A dictionary
attack | b. | A password spraying attack | c. | A credential stuffing
attack | d. | A phishing attack |
|
|
|
55.
|
(1 point) Why can attackers still recover passwords from stolen hashes even though
hashes cannot be reversed directly?
a. | They can hash many guessed passwords
and compare the results to the stolen hashes. | b. | They can always decrypt any hash with the
username. | c. | They can force the server to reveal the plaintext password
automatically. | d. | They can change the hash into a biometric
factor. |
|
|
|
56.
|
(1 point) What is the main difference between a brute force attack and a dictionary
attack in an offline password attack?
a. | Brute force tests all possible
passwords, while a dictionary attack tests a list of common
passwords. | b. | Brute force only works online, while dictionary attacks only work
offline. | c. | Brute force uses stolen credentials, while dictionary attacks use default
credentials. | d. | Brute force relies on MFA, while dictionary attacks do
not. |
|
|
|
57.
|
(1 point) A company stores password hashes securely, but users still choose weak
passwords like '12345678'. Why is this still a risk?
a. | Offline cracking tools can quickly
test weak passwords and find matching hashes. | b. | Weak passwords stop hashing from
working. | c. | Weak passwords automatically disable
salting. | d. | Weak passwords can only be guessed in online
attacks. |
|
|
|
58.
|
(1 point) A student intern is using a company laptop and keeps visiting gaming sites
during work hours. Which managerial control would best define whether this activity is allowed or
prohibited?
a. | An acceptable use policy
(AUP) | b. | A software installation policy | c. | A server security policy | d. | A password
policy |
|
|
|
59.
|
(1 point) Which statement best describes what an acceptable use policy (AUP) does for
organization-owned devices?
a. | It defines activities that are
permitted, prohibited, or required for users on organization
devices. | b. | It encrypts all files on a device by
default. | c. | It blocks all network traffic into and out of a
LAN. | d. | It replaces passwords with biometric
authentication. |
|
|
|
60.
|
(1 point) A company wants employees to install operating system updates within 48 hours
of release. Which policy is most directly responsible for requiring this
behavior?
a. | An acceptable use policy
(AUP) | b. | A wireless security policy | c. | A data retention policy | d. | A physical access
policy |
|
|
|
61.
|
(1 point) A company bans employees from plugging in USB flash drives on their
workstations. Which type of managerial control would most likely include this
rule?
a. | An acceptable use policy
(AUP) | b. | A password policy | c. | A firewall rule set | d. | A switch port security
configuration |
|
|
|
62.
|
(1 point) Which requirement would most likely appear in a password
policy?
a. | A prohibition of password
reuse | b. | Disabling Telnet on all routers | c. | Blocking inbound traffic on TCP port
80 | d. | Turning off beacon frames on
wireless access points |
|
|
|
63.
|
(1 point) An organization requires passwords to be at least 14 characters and include
uppercase, lowercase, numbers, and symbols. What managerial control is being
described?
a. | A password
policy | b. | An acceptable use policy (AUP) | c. | A server security policy | d. | A software installation
policy |
|
|
|
64.
|
(1 point) Why might a password policy encourage the use of a password
manager?
a. | It reduces the need to write
passwords down and supports stronger, unique passwords. | b. | It ensures all users share the same password for easier IT
support. | c. | It prevents malware from installing on a
device. | d. | It replaces the need for any authentication
factor. |
|
|
|
65.
|
(1 point) Which rule is most directly related to limiting how long a user keeps the same
password?
a. | A maximum password age
requirement | b. | A ban on local user accounts | c. | A requirement for full disk
encryption | d. | A requirement to disable unused
services |
|
|
|
66.
|
(1 point) A company requires server administrators to complete annual training before
getting admin access to production servers. Which policy type does this belong
to?
a. | A server security
policy | b. | A password policy | c. | An acceptable use policy (AUP) | d. | A software installation
policy |
|
|
|
67.
|
(1 point) Which item would be most appropriate in a server security
policy?
a. | Disable services and protocols that
are not being used on servers. | b. | Allow employees to install any browser extensions they
want. | c. | Require all guests to sign in at the front
desk. | d. | Permit all inbound traffic on any port for faster
access. |
|
|
|
68.
|
(1 point) An organization wants all users to sign into servers using the approved
organizational authentication server instead of local accounts. What is this an example
of?
a. | A server security policy
requirement | b. | A password policy requirement | c. | A host-based firewall
rule | d. | A network segmentation plan |
|
|
|
69.
|
(1 point) A server team limits remote logins to servers so only specific roles can
connect from outside the building. Which managerial control most directly sets this
expectation?
a. | A server security
policy | b. | An acceptable use policy (AUP) | c. | A password policy | d. | A software installation
policy |
|
|
|
70.
|
(1 point) A company blocks users from installing new software without IT approval and
provides a request process for specialized tools. Which policy is this?
a. | A software installation
policy | b. | A password policy | c. | An acceptable use policy (AUP) | d. | A firewall access control list
(ACL) |
|
|
|
71.
|
(1 point) Which detail would most likely be found in a software installation
policy?
a. | A list of approved software for
users | b. | A minimum key length for Wi-Fi encryption | c. | A rule to quarantine malware
signatures | d. | A requirement to enable port security on
switches |
|
|
|
72.
|
(1 point) Why would an organization prohibit users from installing software on their
devices?
a. | To reduce the risk of users
installing unsafe or unapproved programs that could introduce
vulnerabilities | b. | To ensure users can change firewall rules whenever they
want | c. | To prevent the device from connecting to Wi-Fi
networks | d. | To eliminate the need for
backups |
|
|
|
73.
|
(1 point) A school district allows teachers to install only software from an approved
list, but administrators can install additional tools. What policy best explains this
difference?
a. | A software installation policy with
role-based approvals | b. | A password policy with maximum age rules | c. | A workstation clean-desk
policy | d. | A physical access control policy |
|
|
|
74.
|
(1 point) Which pair is matched correctly?
a. | Password policy →
rules for password length and reuse | b. | Acceptable use policy → how to encrypt a
drive | c. | Server security policy → how to badge into a
building | d. | Software installation policy → how to configure
VLANs |
|
|
|
75.
|
(1 point) An organization wants to reduce risk from unpatched servers and also limit
what programs users can add to their laptops. Which two managerial controls best address these
goals?
a. | Server security policy and software
installation policy | b. | Password policy and firewall rules | c. | Acceptable use policy and network
segmentation | d. | Server security policy and physical door
locks |
|
|
|
76.
|
(1 point) A company allows employees to connect approved peripherals like keyboards and
mice but bans personal storage devices. Which policy would most likely include both
rules?
a. | An acceptable use policy
(AUP) | b. | A password policy | c. | A server security policy | d. | A cryptography
policy |
|
|
|
77.
|
(1 point) A user keeps using the same password with small changes like
'Summer2026!' and 'Fall2026!'. Which password policy rule is meant to reduce this
pattern?
a. | A prohibition of password
reuse | b. | A ban on external drives | c. | A requirement to disable unused
services | d. | A process for requesting new
software |
|
|
|
78.
|
(1 point) Which action best aligns with a server security policy goal of reducing attack
surface?
a. | Disabling unused services and
protocols on the server | b. | Allowing all users to create local admin
accounts | c. | Turning off server logging to improve
performance | d. | Allowing any remote login method without
restrictions |
|
|
|
79.
|
(1 point) Which statement best explains how antimalware software helps secure a
device?
a. | It detects and removes malicious
files that could harm or spy on the system. | b. | It physically blocks unauthorized people from entering the
building. | c. | It increases internet speed by compressing all
downloads. | d. | It replaces passwords with fingerprints
automatically. |
|
|
|
80.
|
(1 point) A student says, “Antimalware works because it knows what
malware looks like.†What is the best explanation of what the software is
using?
a. | Malware
signatures—detectable indicators associated with known
malware. | b. | MAC addresses—hardware identifiers for network
cards. | c. | Encryption keys—codes that scramble files for
privacy. | d. | IP addresses—numbers that identify devices on a
network. |
|
|
|
81.
|
(1 point) Why does antimalware software keep a database of
signatures?
a. | To compare files on the device to
known malware indicators and identify threats. | b. | To store all user passwords in one secure
place. | c. | To block all network traffic by default. | d. | To prevent the computer from installing
updates. |
|
|
|
82.
|
(1 point) What does it mean when antimalware software
“scans†a device?
a. | It checks files for patterns that
match known malware signatures. | b. | It changes every user password on the
device. | c. | It deletes all temporary files
automatically. | d. | It turns off the firewall to reduce false
alarms. |
|
|
|
83.
|
(1 point) What is the MOST likely reason antimalware software quarantines a
file?
a. | To isolate the suspicious file so it
cannot run while it is being handled. | b. | To speed up the device by moving files to the
cloud. | c. | To encrypt the file so only the user can open
it. | d. | To rename the file so it looks
harmless. |
|
|
|
84.
|
(1 point) A file matches a signature in the antimalware database. What should the
software do next to improve security?
a. | Quarantine and remove the malicious
file. | b. | Mark the file as trusted and allow it to
run. | c. | Send the file to every user on the network. | d. | Disable scanning to avoid future
matches. |
|
|
|
85.
|
(1 point) Which scenario best shows how antimalware can prevent damage to a
device?
a. | It detects a spyware file and
removes it before it can steal browsing data. | b. | It increases Wi‑Fi signal strength so
users can connect faster. | c. | It changes the computer’s IP address to a private
address. | d. | It creates a new VLAN for each user
account. |
|
|
|
86.
|
(1 point) Why is antimalware sometimes called antivirus software?
a. | Because it is designed to detect and
remove malicious software, including many viruses. | b. | Because it only blocks email
attachments. | c. | Because it replaces the operating system’s login
screen. | d. | Because it prevents hardware from
overheating. |
|
|
|
87.
|
(1 point) How does signature-based antimalware typically identify malware on a
device?
a. | By matching file contents or
behavior to known malware signatures in its database. | b. | By guessing passwords until one
works. | c. | By blocking all USB devices automatically. | d. | By requiring multifactor authentication for every
program. |
|
|
|
88.
|
(1 point) A user downloads a file, and antimalware flags it as malicious. What is the
best explanation for the flag?
a. | The file contains indicators that
match a known malware signature. | b. | The file is too large for the device to
store. | c. | The file uses a private IP address. | d. | The file was downloaded using
HTTPS. |
|
|
|
89.
|
(1 point) Which statement best explains what a malware
“signature†is?
a. | A detectable indicator that helps
identify malware as malicious. | b. | A user-created password used to open files. | c. | A network protocol used to route
packets. | d. | A type of physical access badge used for
doors. |
|
|
|
90.
|
(1 point) Why is it important that antimalware software scans periodically (not just
once)?
a. | New files and changes happen over
time, so repeated scans help catch threats after they appear. | b. | Passwords expire every 90 days, so scans must match
password changes. | c. | Routers require scanning to create routing
tables. | d. | Cameras must be scanned to store video
recordings. |
|
|
|
91.
|
(1 point) A device has antimalware installed, but it never detects anything. Which
explanation is MOST reasonable?
a. | The device may not have encountered
malware that matches the signature database. | b. | Antimalware only works on servers, not personal
devices. | c. | Antimalware prevents all internet access, so malware cannot be
downloaded. | d. | Antimalware can only detect phishing emails, not
files. |
|
|
|
92.
|
(1 point) Which action best describes how antimalware reduces spying on a
system?
a. | It can detect spyware and remove it
before it sends data to an adversary. | b. | It blocks all Bluetooth connections
permanently. | c. | It changes the SSID of the wireless network. | d. | It disables the BIOS/UEFI recovery
mode. |
|
|
|
93.
|
(1 point) A student asks why antimalware helps prevent system destruction. What is the
best response?
a. | It can detect malware designed to
destroy or corrupt files and remove it. | b. | It encrypts all files so they cannot be accessed by the
user. | c. | It converts all passwords into PINs. | d. | It turns off updates to keep software
stable. |
|
|
|
94.
|
(1 point) Which of the following best explains how antimalware improves device security
in everyday use?
a. | It identifies malicious files by
comparing them to signatures and removes threats. | b. | It blocks all traffic on ports 80 and 443
automatically. | c. | It creates a backup generator for power
outages. | d. | It forces all users to connect through a
VPN. |
|
|
|
95.
|
(1 point) What is a key limitation of antimalware that relies only on known
signatures?
a. | It may miss brand-new malware that
does not match existing signatures. | b. | It cannot quarantine files, only delete
them. | c. | It can only scan images, not programs. | d. | It only works when the device is
offline. |
|
|
|
96.
|
(1 point) An organization wants antimalware to be effective. Which practice best
supports that goal?
a. | Keep the signature database updated
so new malware indicators are included. | b. | Disable scanning to prevent performance
impacts. | c. | Allow users to whitelist any file without
review. | d. | Turn off quarantine features to reduce
alerts. |
|
|
|
97.
|
(1 point) In simple terms, what happens when antimalware quarantines a
file?
a. | The file is isolated so it cannot
run or spread while it is being removed. | b. | The file is copied to a public folder for review by
everyone. | c. | The file is renamed so it becomes invisible to
users. | d. | The file is compressed to save storage
space. |
|
|
|
98.
|
(1 point) Which example best fits the idea that malware has
“detectable indicators†?
a. | A ransomware sample contains code
patterns that match a known signature. | b. | A legitimate word processor has a .docx
extension. | c. | A router has an IP address in a private
range. | d. | A laptop uses a strong password for
login. |
|
|
|
99.
|
(1 point) Which statement best explains how antimalware software helps secure a
device?
a. | It detects and removes malicious
files that could harm or spy on the system. | b. | It physically blocks unauthorized people from entering the
building. | c. | It increases internet speed by compressing all
downloads. | d. | It replaces passwords with fingerprints
automatically. |
|
|
|
100.
|
(1 point) A student says, “Antimalware works because it knows what
malware looks like.†What is the best explanation of what the software is
using?
a. | Malware
signatures—detectable indicators associated with known
malware. | b. | MAC addresses—hardware identifiers for network
cards. | c. | Encryption keys—codes that scramble files for
privacy. | d. | IP addresses—numbers that identify devices on a
network. |
|
|
|
101.
|
(1 point) Why does antimalware software keep a database of
signatures?
a. | To compare files on the device to
known malware indicators and identify threats. | b. | To store all user passwords in one secure
place. | c. | To block all network traffic by default. | d. | To prevent the computer from installing
updates. |
|
|
|
102.
|
(1 point) What does it mean when antimalware software
“scans†a device?
a. | It checks files for patterns that
match known malware signatures. | b. | It changes every user password on the
device. | c. | It deletes all temporary files
automatically. | d. | It turns off the firewall to reduce false
alarms. |
|
|
|
103.
|
(1 point) What is the MOST likely reason antimalware software quarantines a
file?
a. | To isolate the suspicious file so it
cannot run while it is being handled. | b. | To speed up the device by moving files to the
cloud. | c. | To encrypt the file so only the user can open
it. | d. | To rename the file so it looks
harmless. |
|
|
|
104.
|
(1 point) A file matches a signature in the antimalware database. What should the
software do next to improve security?
a. | Quarantine and remove the malicious
file. | b. | Mark the file as trusted and allow it to
run. | c. | Send the file to every user on the network. | d. | Disable scanning to avoid future
matches. |
|
|
|
105.
|
(1 point) Which scenario best shows how antimalware can prevent damage to a
device?
a. | It detects a spyware file and
removes it before it can steal browsing data. | b. | It increases Wi‑Fi signal strength so
users can connect faster. | c. | It changes the computer’s IP address to a private
address. | d. | It creates a new VLAN for each user
account. |
|
|
|
106.
|
(1 point) Why is antimalware sometimes called antivirus software?
a. | Because it is designed to detect and
remove malicious software, including many viruses. | b. | Because it only blocks email
attachments. | c. | Because it replaces the operating system’s login
screen. | d. | Because it prevents hardware from
overheating. |
|
|
|
107.
|
(1 point) How does signature-based antimalware typically identify malware on a
device?
a. | By matching file contents or
behavior to known malware signatures in its database. | b. | By guessing passwords until one
works. | c. | By blocking all USB devices automatically. | d. | By requiring multifactor authentication for every
program. |
|
|
|
108.
|
(1 point) A user downloads a file, and antimalware flags it as malicious. What is the
best explanation for the flag?
a. | The file contains indicators that
match a known malware signature. | b. | The file is too large for the device to
store. | c. | The file uses a private IP address. | d. | The file was downloaded using
HTTPS. |
|
|
|
109.
|
(1 point) Which statement best explains what a malware
“signature†is?
a. | A detectable indicator that helps
identify malware as malicious. | b. | A user-created password used to open files. | c. | A network protocol used to route
packets. | d. | A type of physical access badge used for
doors. |
|
|
|
110.
|
(1 point) Why is it important that antimalware software scans periodically (not just
once)?
a. | New files and changes happen over
time, so repeated scans help catch threats after they appear. | b. | Passwords expire every 90 days, so scans must match
password changes. | c. | Routers require scanning to create routing
tables. | d. | Cameras must be scanned to store video
recordings. |
|
|
|
111.
|
(1 point) A device has antimalware installed, but it never detects anything. Which
explanation is MOST reasonable?
a. | The device may not have encountered
malware that matches the signature database. | b. | Antimalware only works on servers, not personal
devices. | c. | Antimalware prevents all internet access, so malware cannot be
downloaded. | d. | Antimalware can only detect phishing emails, not
files. |
|
|
|
112.
|
(1 point) Which action best describes how antimalware reduces spying on a
system?
a. | It can detect spyware and remove it
before it sends data to an adversary. | b. | It blocks all Bluetooth connections
permanently. | c. | It changes the SSID of the wireless network. | d. | It disables the BIOS/UEFI recovery
mode. |
|
|
|
113.
|
(1 point) A student asks why antimalware helps prevent system destruction. What is the
best response?
a. | It can detect malware designed to
destroy or corrupt files and remove it. | b. | It encrypts all files so they cannot be accessed by the
user. | c. | It converts all passwords into PINs. | d. | It turns off updates to keep software
stable. |
|
|
|
114.
|
(1 point) Which of the following best explains how antimalware improves device security
in everyday use?
a. | It identifies malicious files by
comparing them to signatures and removes threats. | b. | It blocks all traffic on ports 80 and 443
automatically. | c. | It creates a backup generator for power
outages. | d. | It forces all users to connect through a
VPN. |
|
|
|
115.
|
(1 point) What is a key limitation of antimalware that relies only on known
signatures?
a. | It may miss brand-new malware that
does not match existing signatures. | b. | It cannot quarantine files, only delete
them. | c. | It can only scan images, not programs. | d. | It only works when the device is
offline. |
|
|
|
116.
|
(1 point) An organization wants antimalware to be effective. Which practice best
supports that goal?
a. | Keep the signature database updated
so new malware indicators are included. | b. | Disable scanning to prevent performance
impacts. | c. | Allow users to whitelist any file without
review. | d. | Turn off quarantine features to reduce
alerts. |
|
|
|
117.
|
(1 point) In simple terms, what happens when antimalware quarantines a
file?
a. | The file is isolated so it cannot
run or spread while it is being removed. | b. | The file is copied to a public folder for review by
everyone. | c. | The file is renamed so it becomes invisible to
users. | d. | The file is compressed to save storage
space. |
|
|
|
118.
|
(1 point) Which example best fits the idea that malware has
“detectable indicators†?
a. | A ransomware sample contains code
patterns that match a known signature. | b. | A legitimate word processor has a .docx
extension. | c. | A router has an IP address in a private
range. | d. | A laptop uses a strong password for
login. |
|
|
|
119.
|
(1 point) How do updates and patches relate to exploit prevention?
a. | They remove or reduce known
weaknesses that exploits depend on | b. | They create more open ports for services | c. | They turn malware into harmless files
automatically | d. | They prevent users from clicking
links |
|