CIS 119 Midterm Review 2025

Cybersecurity Fundamentals

Attacks and Threats

Tools and Technique

Access Control & Encryption

Network & System Security

100

This ensures information is accurate and not altered by unauthorized users.

Integrity

100

A social engineering attack using fake emails or messages to trick users into revealing sensitive data.

Phishing

100

What tool captures and analyzes network packets in real-time?

Wireshark

100

What is the process of adding random data to passwords before hashing?

Salting

100

What protocol ensures secure communication over the internet, replacing SSL?

Transport Layer Security (TLS)

200

What are the three main goals of cybersecurity known as the CIA Triad?

Confidentiality, Integrity, Availability

200

Phishing conducted over the phone or voicemail.

Vishing

200

What tool can be used for password cracking and is included in Kali Linux?

John The Ripper

200

What encryption standard uses a 56-bit key and is now considered weak?

DES (Data Encryption Standard)

200

An attack that sends fake ARP messages to associate an attacker’s MAC address with another device’s IP address.

ARP spoofing

300

What term describes making sure that a user is who they claim to be?

Authentication

300

What attack floods a network with traffic from multiple sources?

Distributed Denial of Service (DDoS)

300

What online tool is used to find internet-connected devices and vulnerabilities?

Shodan

300

What access control model grants permissions based on attributes like role or department?

Attribute-Based Access Control (ABAC)

300

Overloading a switch’s MAC table to force it to broadcast traffic is called

MAC Flooding

400

What is the process of giving an authenticated user permission to access specific resources?

Authorization

400

What type of malware encrypts a user’s data and demands payment for decryption?

Ransomware

400

What tool maps network devices and open ports?

Network Mapper (Nmap)

400

What is HMAC used for?

Verifying both data integrity and authenticity of a message using a shared secret key.

400

Copying traffic from one port to another for analysis or monitoring (e.g., IDS) is called?

Port mirroring

500

A security flaw unknown to the vendor or the public, often exploited before a patch is available is called a?

Zero-day vulnerability

500

An attack that infects a website commonly visited by the target group to compromise them indirectly.

Watering hole attack

500

What is OSINT?

Open Source Intelligence — collecting publicly available information for analysis.

500

What algorithm produces a fixed-length string from data to verify integrity?

Hash

500

What type of intrusion detection system looks for deviations from normal behavior?

Anomaly-Based IDS