01. When a business collects customer credit card information, which standard must they comply with to ensure the data is protected?
a) OSHA
b) PCI DSS
c) IEEE 802.11
d) SMTP
02. During which phase of the incident response plan does an organization focus on removing the threat from their systems and preventing it from spreading further?
a) Preparation
b) Detection
c) Containment and Eradication
d) Post-Incident Activity
03. You are tasked with implementing a security solution that monitors network traffic for suspicious patterns and alerts the administrator, but does not automatically block the traffic. Which technology should you choose?
a) Intrusion Detection System (IDS)
b) Intrusion Prevention System (IPS)
c) Firewall
d) Virtual Private Network (VPN)
04. In Public Key Infrastructure (PKI), which key is used by a sender to encrypt a message so that only the intended recipient can read it?
a) The sender's private key
b) The sender's public key
c) The recipient's private key
d) The recipient's public key
05. After a security incident is resolved, what is the purpose of a "Lessons Learned" meeting?
a) To decide which employee should be fired for the security breach.
b) To calculate the total amount of overtime pay for the IT staff.
c) To identify what went well and how to improve future responses.
d) To explain to the public that the incident was not a serious issue.
06. Which cryptographic algorithm is a widely used asymmetric standard for securing web traffic and digital signatures?
a) RSA
b) DES
c) AES
d) Caesar Cipher
07. How does a "Stateful Inspection" firewall differ from a basic packet filter?
a) It only blocks traffic originating from outside the country.
b) It tracks the state of active connections to make better decisions.
c) It requires a physical key to be turned before it starts filtering.
d) It deletes all incoming emails that contain any attachments.
08. An individual receives an email that appears to be from their bank, claiming there is suspicious activity and providing a link to "verify" their login credentials. Which type of cyber threat does this scenario describe?
a) Ransomware
b) Logic Bomb
c) Adware
d) Phishing
09. Why is cybersecurity considered a critical business risk for small and medium-sized enterprises (SMEs)?
a) A single data breach can result in total business failure due to costs.
b) SMEs are never targeted by hackers because they have very little money.
c) SMEs are legally required to spend 50% of their revenue on firewalls.
d) Cybersecurity threats only affect businesses that operate entirely online.
10. What is a key advantage of a Network-based Intrusion Detection System (NIDS) over a Host-based IDS (HIDS)?
a) It is installed directly on every individual user's smartphone.
b) It can monitor traffic for an entire subnet of devices at once.
c) It can see encrypted data that is stored on a local hard drive.
d) It prevents users from physically entering the server room.
The purpose of this Sample Question Set is to provide you with information about the CIW Cyber Specialist exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CPCS-100 certification test. To get familiar with real exam environment, we suggest you try our Sample CIW Cyber Specialist Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual CIW Cyber Specialist certification exam.
