M.S.

T College Network & Security

1. Which of the following is the main purpose of a penetration test?

a) To confirm the strength of the in-use encryption method
b) To confirm that the outputs resulting from various inputs to the target program
are identical with the outputs defined in the specifications
c) To confirm the number of sessions that the firewall can process per unit time
d) To confirm that there is neither a security hole nor a setup error on the firewall
and public servers

2. Which of the following is the network area that is provided by installing a firewall
and is accessible from both the Internet and the intranet but not accessible to the
intranet?

a) DHCP b) DMZ c) DNS d) DoS

3. Which of the following is a mechanism that enables a Web server to store user
information in a browser in order to identify which PC is accessing the Web
server?
a) CGI b) Cookie c) SSL d) URL

4. Which of the following is an appropriate description concerning the characteristics

of cross site scripting?
a) It is an attack by which data being considered too long is sent to an application
on a Web site where the length of input data is not checked.
b) It is an attack that illegally uses the function of recording, invoking, and
executing the operating procedures of word processing software or spreadsheet
software.
c) It is an attack that intrudes into a computer under the disguise of a useful
program so that a user installs it unsuspectingly.
d) It is an attack that uses a vulnerability, whereby a malicious script included in
the data entered on a Web site is sent to a Web browser as it is.

5. Which of the following is an appropriate description concerning a virus check for

an e-mail?
a) A virus check does not need to be performed if the e-mail is encrypted.
b) A virus check is not required for the received e-mail if it is inspected by the
sender.
c) A virus check is performed even if the attached file has a file extension of “jpg”.
d) A virus check is performed only for the e-mail sent by an unknown sender.

1
M.S.T College Network & Security

6. Which of the following is an appropriate explanation concerning URL?

a) It is a communications protocol between a Web page and a browser.
b) It is a message about the update history of a Web page.
c) It is a notation for representing the location of a Web page.
d) It is grammar for describing the content (i.e., body) of a Web page.

7. Which of the following is the name of a malicious program that infects multiple
computers and simultaneously makes an attack, such as a DDoS attack, when a
command is received from an attacker who is in a remote location?
a) Bot b) Honey pot
c) Macro virus d) Worm

8. How long is an IPv6 address?

A. 32 bits
B. 128 bytes
C. 64 bits
D. 128 bits

9. Which WLAN IEEE specification allows up to 54Mbps at 2.4GHz?

A. A
B. B
C. G
D. N

10. Which protocol does DHCP use at the Transport layer?

A. IP
B. TCP
C. UDP
D. ARP

11. Where is a hub specified in the OSI model?

A. Session layer
B. Physical layer
C. Data Link layer
D. Application layer

2
M.S.T College Network & Security

12. Which protocol is used to send a destination network unknown message back to
originating hosts?
A. TCP
B. ARP
C. ICMP
D. BootP

13. What is the main reason the OSI model was created?
A. To create a layered model larger than the DoD model.
B. So application developers can change only one layer's protocols at a time.
C. So different networks could communicate.
D. So Cisco could use the model.

14. What is the maximum data rate for the 802.11a standard?
A. 6Mbps
B. 11Mbps
C. 22Mbps
D. 54Mbps

15. Which of the following is an appropriate description concerning a

router used in an IP network?
a) It maps domain names to IP addresses.
b) It selects the path for transmitting packets based on IP addresses.
c) It converts analog signals to digital signals and vice versa.
d) It executes processes and provides data upon requests from other
computers.

16. Which of the following is the main purpose of a penetration test?

a) To confirm the strength of the in-use encryption method
b) To confirm that the outputs resulting from various inputs to the
target program are
identical with the outputs defined in the specifications
c) To confirm the number of sessions that the firewall can process per
unit time
d) To confirm that there is neither a security hole nor a setup error on
the firewall and
public servers

17. Which of the following is an appropriate explanation of

“availability” in information security?
a) The system operation and output results are as intended.
b) The information is accurate and is not falsified or destroyed.
c) A permitted user can access information when needed.
d) No information is disclosed to a process that is not permitted.

3
M.S.T College Network & Security

18. Which of the following is the most appropriate description

concerning SSL?
a) It generates a one-time password to authenticate a user on a Web site.
b) It encrypts all communications between a Web server and a browser.
c) It prevents (or filters) access to an unauthorized Web site.
d) It detects a virus that infects a computer through a network.

19. Which of the following is the term that refers to the act of setting up a bogus Web page
imitating a bank, a credit card company, or other organization, and tricking a user with an
e-mail disguised as an official message from the financial organization or a public
organization in order to guide a user to the bogus Web page and steal personal
information such as the personal identification number and credit card number?

a) Cracking b) Buffer overflow

c) Phishing d) Bot

20. Which of the following is an appropriate term for an organized and highly skilled team
whose mission is to continuously monitor and improve an organization’s security posture
while preventing, detecting, analyzing, and responding to cybersecurity incidents,
utilizing both technology and well-defined processes and procedures?
a) Cybersecurity b) Incident Management Center (IMC)
c) Network Operations Center (NOC) d) Security Operations Center (SOC)

21. Which of the following is a symmetric cryptographic standard?

A. DSA
B. PKI
C. RSA
D. AES

22. . What is the most secure way to mitigate the theft of corporate information from a
laptop that was left in a hotel room?
A. Set a BIOS password.
B. Encrypt the data on the hard drive.
C. Use a strong logon password to the operating system.
D. Back up everything on the laptop and store the backup in a safe place

4
M.S.T College Network & Security

23. Mr. X sends an e-mail to Mr. Y by using the Internet. The contents of the e-mail must be
kept confidential, so Mr. X uses public key cryptography to encrypt the e-mail. Which of
the following is the key that is used to encrypt the contents of the e-mail?
a) Mr. X ’s private key b) Mr. X ’s public key
c) Mr. Y ’s private key d) Mr. Y ’s public key

24. In a TCP/IP environment, which of the following is a standard for attaching image data to
an email?
a) JPEG b) MIME c) MPEG d) SMTP

25. When information security measures are classified into three (3) measures, namely,
technology measures, personnel measures, and physical measures, which of the
following is the appropriate example of physical measures?
A. In order to prevent unauthorized use of computers, biometric authentication is used in
the login authentication of computers.
B. In order to prevent unauthorized intrusion to a server from an external network, a
firewall is installed.
C. In order to prevent and detect frauds and operational errors by a security
administrator, multiple personnel are assigned to security administration and perform
mutual checks on each other’s work contents.
D. In order to check for unauthorized entry, a security zone is established and locked,
and the use of keys is managed.

26. When a smartphone is used, which of the following is the appropriate preventive
measure for shoulder surfing that is classified as social engineering?
A. Always using the latest OS
B. Turning off the position information function
C. Affixing a privacy filter on the screen
D. Attaching a strap to prevent fall and theft

27. There is a room that stores important information. Which of the following is the most
appropriate countermeasure for unauthorized entry to this room and unauthorized access
to the important information in the room?
A. The monitoring of entry and exit of the room and work that is performed in the
room with security staff and monitoring cameras.
B. The wearing of an entry pass in a place where other people cannot see it when in
the room.
C. The use of only electronic methods such as card authentication with no staffed desk
for entrance and exit control.
D. The informing of all employees of the existence of the room and the information
that it stores.

5
M.S.T College Network & Security

28. There is an electronic file that needs to be made confidential. Which of

the following is
the appropriate security technology to use in order to ensure the
confidentiality of this
file?
A. Access control
B. Timestamp
C. Digital signature
D. Hot standby

29. Which of the following is used to confirm that there is no falsification of

the content of
an e-mail?
A. IMAP
B. SMTP
C. Information security policy
D. Digital signature

30. Which of the following is an appropriate example of biometric

authentication?
A. Authentication of an individual by the shape of the veins in a finger.
B. Authentication of an individual with a digital certificate.
C. Authentication by testing whether a distorted text in an image can
be read correctly
or not.
D. Authentication by using a one-time password.

31. An IoT device with a vulnerability was used in large numbers by several
companies. One
(1) of the devices was infected with malware, and the infection spreads
to many other
IoT devices. On a certain date at a certain time, the many IoT devices
that were infected
with the malware attempted many connections to a certain website
simultaneously, and
this forced the service of the website to stop. Which of the following
attacks was made
against the website?
6
M.S.T College Network & Security

A. DDoS attack
B. Cross-site scripting
C. Dictionary attack
D. Social engineering

32. Which of the following is a term for software that encrypts files on a PC
in order to
make them unusable, and demands money or other valuables in
exchange for the
decryption key?
A. Keylogger
B. Ransomware
C. Rootkit
D. Worm
33. Which of the following is the technology that enables terminals
connected to a shared
network such as the Internet to be used as if they are connected to a
leased line by
ensuring security with encryption and authentication?
A. ADSL
B. ISDN
C. VPN
D. Wi-Fi

34. Which of the following is the unit of the data transmission speed
in a network?
A. bps
B. fps
C. ppm
D. rpm

35. Which of the following is an appropriate explanation concerning

the function of a
router?
A. It optically reads pictures and texts and converts them into digital
data.
B. It converts analog signals to digital signals and vice versa
C. It controls the communication path of data and relays data across
networks.
D. It archives and provides Web page data via networks

7
M.S.T College Network & Security

36. Which of the following is an appropriate effect of replacing IPv4

with IPv6?
A. Problems no longer occur when two or more devices that can be
accessed directly
from the Internet have the same IP address.
B. The shortage of IP addresses that can be used on the Internet is
resolved.
C. It becomes possible to use optical fibers for connecting to the
Internet.
D. The communication speed on the Internet is increased.

37. Mr. A sent an e-mail to the three (3) people Mr. P, Mr. Q, and Mr.
R. He entered Mr. P’s
e-mail address in the To field, Mr. Q’s e-mail address in the CC field,
and Mr. R’s email address in the BCC field. Among the recipients of the
e-mail Mr. P, Mr. Q, and Mr.
R, which of the following lists contains all and only the people who can
know that the email with the same content is sent to all three (3)
people?
A. Mr. P, Mr. Q, Mr. R
B. Mr. P, Mr. R
C. Mr. Q, Mr. R
D. Mr. R

38. Which of the following is not an appropriate description of online

storage?
A. It can be used not only from a computer, but also from a
smartphone or a tablet, if
the device is connected to the Internet.
B. There is a free service that can be used with limited capacity and
functionalities.
C. There is a service that allows multiple registered users to share and
edit the same
file.
D. If the capacity of the auxiliary storage unit built into the user’s
computer or tablet
is increased, the capacity of online storage will also increase
automatically.

8
M.S.T College Network & Security

39. Which of the following is the appropriate description concerning the function of a
DNS?
A. It connects an IP address and a MAC address.
B. It connects an IP address and a domain name.
C. It uses the IP address and selects a packet transfer route.
D. It converts analog signals and digital signals to each other.

40. Which of the following mobile communication systems not only offers higher
communication speed than LTE, but also allows more devices to connect and has less
communication delay?
A. Block chain
B. MVNO
C. 8K
D. 5G