Cyber Security Questions and Answers – Ethical Hacking –

History
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Ethical
Hacking – History”.

1. In which year the term hacking was coined?

a)1965-67
b)1955-60
c)1970-80
d)1980-82
View Answer
Answer:b
Explanation: The term came to origin in the year 1960s when very highly skilled professionals and
individuals practice complex programming approaches to solve different problems.
2. From where the term ‘hacker’ first came to existence?
a)MIT
b)StanfordUniversity
c) California
d) Bell’s Lab
View Answer
Answer: a
Explanation: At MIT (Massachusetts Institute of Technology), the term ‘hacker’ first came into
origin because individuals and high skilled professionals solve different problems using
programming languages. Some similar terms were also coined in this regard such as – geeks & nerds.
3. What is the one thing that old hackers were fond of or find interests in?
a) Breaking Other’s system
b) Voracious thirst for knowledge
c) Cracking Phone calls
d) Learning new languages
View Answer
Answer: b
Explanation: Hackers of the old era were considered the most influential individuals of society with
intellectual learning inclination and thirst for knowledge.
4. In which year the first popular hacker conference took place?
a) 1994
b) 1995
c) 1993
d) 1992
View Answer
Answer: c
Explanation: The first ever internationally recognized hacker’s conference took place in the year
1993 at Las Vegas, Nevada.
5. What is the name of the first hacker’s conference?
a) DEFCON
b) OSCON
c) DEVCON
d) SECCON
View Answer
Answer: a
Explanation: DEFCON is one of the most popular and largest hacker’s as well as a security
consultant’s conference that takes place every year in Las Vegas, Nevada, where government agents,
security professionals, black and white hat hackers from all over the world attend that conference.
6. _______ is the oldest phone hacking techniques used by hackers to make free calls
a) Phishing
b) Spamming
c) Phreaking
d) Cracking
View Answer
Answer: c
Explanation: Phreaking which is abbreviated as phone-hacking is a slang term and old hacking
technique where skilled professionals study, explore & experiment telephone networks in order to
acquire the free calling facility.
7. In which year, first practical technology hacking came into origin?
a) 1878
b) 1890
c) 1895
d) 1876
View Answer
Answer: a
Explanation: The first hacking (related to telephone technology) was done when the phone company
– named Bell Telephone started in the year 1878.
8. In which year, hacking became a practical crime and a matter of concern in the field of
technology?
a) 1971
b) 1973
c) 1970
d) 1974
View Answer
Answer: c
Explanation: For hackers 1970 was that era when hackers and cyber criminals figured out how wired
technologies work and how these technologies can be exploited in order to gain additional advantage
or misuse the technology.
9. Who was the first individual who performed a major hacking in the year 1971?
a) Steve Wozniak
b) Steve Jobs
c) Kevin Mitnick
d) John Draper
View Answer
Answer: d
Explanation: In the year 1971, a Vietnam guy name John Draper figured it out as how to make phone
calls free of cost. This type of phone hacking is termed Phreaking.
10. Name the hacker who breaks the ARPANET systems?
a) Jon von Neumann
b) Kevin Poulsen
c) Kevin Mitnick
d) John Draper
View Answer
Answer: b
Explanation: The ARPANET (Advanced Research Project Agency Network) got hacked by Kevin
Poulsen as he breaks into the Pentagon network and their associated system but got caught
immediately in the year 1983.
11. Who coined the term “cyberspace”?
a) Andrew Tannenbaum
b) Scott Fahlman
c) William Gibson
d) Richard Stallman
View Answer
Answer: c
Explanation: In the year 1821, an American – Canadian fiction pioneer cum writer, William Gibson
explored the different streams of technologies and coined the term “cyberspace”. The term defines
interconnected technologies that help in sharing information, interact with digital devices, storage
and digital entertainment, computer and network security and stuff related to information technology.
12. In which year computer scientists try to integrate encryption techniques in TCP/IP protocol?
a) 1978
b) 1980
c) 1982
d) 1984
View Answer
Answer: a
Explanation: TCP/IP suite needs prior security as it is one of the most popularly used protocol suites
and hence some computer scientists in the year 1978, attempts to integrate the security algorithms
though they face many impediments in this regard.
13. In which year the Computer Fraud & Abuse Act was adopted in the United States?
a) 1983
b) 1984
c) 1987
d) 1988
View Answer
Answer: b
Explanation: This Cyber security bill got passed in the US in the year 1984 keeping this in concern
that any computer related crimes do not go unpunished. This law also restricts users from
unauthorized access of computer or data associated with it.
14. Who was the first individual to distribute computer worms through internet?
a) Vladimir Levin
b) Bill Landreth
c) Richard Stallman
d) Robert T. Morris
View Answer
Answer: d
Explanation: Robert Tappan Morris, a Cornell University graduate student developed Morris Worm
in 1988 and was accused of the crime (under US Computer Fraud and Abuse Act.) for spreading
computer worms through Internet.
15. _____ is a powerful encryption tool released by Philip Zimmerman in the year 1991.
a) PGP (Protected Good Privacy)
b) AES (Advanced Encryption Standard)
c) PGP (Pretty Good Privacy)
d) DES (Data Encryption Standard)
View Answer
Answer: c
Explanation: This encryption program package name PGP (Pretty Good Privacy) became popular
across the globe because it helps in providing authentication in data communication as well as help in
maintaining privacy through cryptographic algorithms by encryption & decryption of plain texts (in
emails and files) to cipher texts and vice versa.

Cyber Security Questions and Answers – Ethical Hacking –

Types of Hackers & Security Professionals
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Ethical
Hacking – Types of Hackers & Security Professionals”.

1. Hackers who help in finding bugs and vulnerabilities in a system & don’t intend to crack a system
are termed as ________
a) Black Hat hackers
b) White Hat Hackers
c) Grey Hat Hackers
d) Red Hat Hackers
View Answer
Answer: b
Explanation: White Hat Hackers are cyber security analysts and consultants who have the intent to
help firms and Governments in the identification of loopholes as well as help to perform penetration
tests for securing a system.
2. Which is the legal form of hacking based on which jobs are provided in IT industries and firms?
a) Cracking
b) Non ethical Hacking
c) Ethical hacking
d) Hactivism
View Answer
Answer: c
Explanation: Ethical Hacking is an ethical form of hacking done by white-hat hackers for performing
penetration tests and identifying potential threats in any organizations and firms.
3. They are nefarious hackers, and their main motive is to gain financial profit by doing cyber crimes.
Who are “they” referred to here?
a) Gray Hat Hackers
b) White Hat Hackers
c) Hactivists
d) Black Hat Hackers
View Answer
Answer: d
Explanation: Black Hat hackers also termed as ‘crackers’ and are a major type of cyber criminals
who take unauthorized access in user’s account or system and steal sensitive data or inject malware
into the system for their profit or to harm the organization.
4. ________ are the combination of both white as well as black hat hackers.
a) Grey Hat hackers
b) Green Hat hackers
c) Blue Hat Hackers
d) Red Hat Hackers
View Answer
Answer: a
Explanation: Grey Hat Hackers have a blending character of both ethical as well as un-ethical hacker.
They hack other’s systems for fun but do not harm the system, exploits bugs and vulnerabilities in
network without the knowledge of the admin or the owner.
5. The amateur or newbie in the field of hacking who don’t have many skills about coding and in-
depth working of security and hacking tools are called ________
a) Sponsored Hackers
b) Hactivists
c) Script Kiddies
d) Whistle Blowers
View Answer
Answer: c
Explanation: Script Kiddies are new to hacking and at the same time do not have many interests in
developing coding skills or find bugs of their own in systems; rather they prefer downloading of
available tools (developed by elite hackers) and use them to break any system or network. They just
try to gain attention of their friend circles.
6. Suicide Hackers are those _________
a) who break a system for some specific purpose with or without keeping in mind that they may
suffer long term imprisonment due to their malicious activity
b) individuals with no knowledge of codes but an expert in using hacking tools
c) who know the consequences of their hacking activities and hence try to prevent them by erasing
their digital footprints
d) who are employed in an organization to do malicious activities on other firms
View Answer
Answer: a
Explanation: Suicide hackers are those who break into any network or system with or without
knowing the consequences of the cyber crime and its penalty. There are some suicide hackers who
intentionally do crimes and get caught to bring their names in the headlines.
7. Criminal minded individuals who work for terrorist organizations and steal information of nations
and other secret intelligence are _________
a) State sponsored hackers
b) Blue Hat Hackers
c) Cyber Terrorists
d) Red Hat Hackers
View Answer
Answer: c
Explanation: Cyber Terrorists are very expert programmers and cyber criminals who hide themselves
while doing malicious activities over the internet and they are smart enough to hide themselves or
their tracks of action. They are hired for gaining unauthorised access to nation’s data centres or break
into the network of intelligence agencies.
8. One who disclose information to public of a company, organization, firm, government and private
agency and he/she is the member or employee of that organization; such individuals are termed as
___________
a) Sponsored hackers
b) Crackers
c) Hactivist
d) Whistleblowers
View Answer
Answer: d
Explanation: Whistleblowers are those individuals who is a member or an employee of any specific
organization and is responsible for disclosing private information of those organizations, firms, either
government or private.
9. These types of hackers are the most skilled hackers in the hackers’ community. Who are “they”
referred to?
a) White hat Hackers
b) Elite Hackers
c) Licensed Penetration Testers
d) Red Hat Hackers
View Answer
Answer: b
Explanation: The tag “Elite hackers” are considered amongst the most reputed hackers who possess
most of the hacking and security skills. They are treated with utmost respect in the hackers’
community. Zero day vulnerabilities, serious hacking tools and newly introduced bugs are found and
developed by them.
10. _________ are those individuals who maintain and handles IT security in any firm or
organization.
a) IT Security Engineer
b) Cyber Security Interns
c) Software Security Specialist
d) Security Auditor
View Answer
Answer: a
Explanation: This is an intermediary level of position of an individual in an organization or firm who
builds and preserves different systems and its associated security tools of the firm of organization to
which he/she belongs.
11. Role of security auditor is to ____________
a) secure the network
b) probe for safety and security of organization’s security components and systems
c) detects and prevents cyber attacks and threats to organization
d) does penetration testing on different web applications
View Answer
Answer: b
Explanation: Security auditors are those who conduct auditing of various computer and network
systems on an organization or company and reports the safety and security issues as well as helps in
suggesting improvements or enhancements in any particular system that is threat prone.
12. ________ are senior level corporate employees who have the role and responsibilities of creating
and designing secured network or security structures.
a) Ethical Hackers
b) Chief Technical Officer
c) IT Security Engineers
d) Security Architect
View Answer
Answer: d
Explanation: Security architect are those senior grade employees of an organization who are in
charge of building, designing, implementing and testing of secured network topologies, protocols as
well as secured computers in an organization.
13. __________ security consultants uses database security monitoring & scanning tools to maintain
security to different data residing in the database / servers / cloud.
a) Database
b) Network
c) System
d) Hardware
View Answer
Answer: a
Explanation: Database Security consultants are specific individuals hired in order to monitor and
scan the database systems and keep them secured from unwanted threats and attacks by giving access
to restricted users, blocking unwanted files, multi-factor access control etc.
14. Governments hired some highly skilled hackers. These types of hackers are termed as _______
a) Special Hackers
b) Government Hackers
c) Cyber Intelligence Agents
d) Nation / State sponsored hackers
View Answer
Answer: d
Explanation: Nation / State sponsored hackers are specific individuals who are employed or hired by
the government of that nation or state and protect the nation from cyber terrorists and other groups or
individuals and to reveal their plans, communications and actions.
15. Someone (from outside) who tests security issues for bugs before launching a system or
application, and who is not a part of that organization or company are ______
a) Black Hat hacker
b) External penetration tester
c) Blue Hat hacker
d) White Hat Hacker
View Answer
Answer: c
Explanation: Blue Hat Hackers are outsiders yet security testers who are temporarily hired for
performing outsourced security test for bugs and vulnerabilities in any system before launching it to
the market or making the application live.

Cyber Security Questions and Answers – Cyber Attacks

Types
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Cyber
Attacks Types”.

1. The full form of Malware is ________

a) Malfunctioned Software
b) Multipurpose Software
c) Malicious Software
d) Malfunctioning of Security
View Answer
Answer: c
Explanation: Different types of harmful software and programs that can pose threats to a system,
network or anything related to cyberspace are termed as Malware. Examples of some common
malware are Virus, Trojans, Ransomware, spyware, worms, rootkits etc.
2. Who deploy Malwares to a system or network?
a) Criminal organizations, Black hat hackers, malware developers, cyber-terrorists
b) Criminal organizations, White hat hackers, malware developers, cyber-terrorists
c) Criminal organizations, Black hat hackers, software developers, cyber-terrorists
d) Criminal organizations, gray hat hackers, Malware developers, Penetration testers
View Answer
Answer: a
Explanation: Criminal-minded organizations, groups and individuals cyber-terrorist groups, Black
hat hackers, malware developers etc are those who can deploy malwares to any target system or
network in order to deface that system.
3. _____________ is a code injecting method used for attacking the database of a system / website.
a) HTML injection
b) SQL Injection
c) Malicious code injection
d) XML Injection
View Answer
Answer: b
Explanation: SQLi (Structured Query Language Injection) is a popular attack where SQL code is
targeted or injected; for breaking the web application having SQL vulnerabilities. This allows the
attacker to run malicious code and take access to the database of that server.
4. XSS is abbreviated as __________
a) Extreme Secure Scripting
b) Cross Site Security
c) X Site Scripting
d) Cross Site Scripting
View Answer
Answer: d
Explanation: Cross Site Scripting is another popular web application attack type that can hamper the
reputation of any site.
5. This attack can be deployed by infusing a malicious code in a website’s comment section. What is
“this” attack referred to here?
a) SQL injection
b) HTML Injection
c) Cross Site Scripting (XSS)
d) Cross Site Request Forgery (XSRF)
View Answer
Answer: c
Explanation: XSS attack can be infused by putting the malicious code (which gets automatically run)
in any comment section or feedback section of any webpage (usually a blogging page). This can
hamper the reputation of a site and the attacker may place any private data or personal credentials.
6. When there is an excessive amount of data flow, which the system cannot handle, _____ attack
takes place.
a) Database crash attack
b) DoS (Denial of Service) attack
c) Data overflow Attack
d) Buffer Overflow attack
View Answer
Answer: d
Explanation: The Buffer overflow attack takes place when an excessive amount of data occurs in the
buffer, which it cannot handle and lead to data being over-flow into its adjoined storage. This attack
can cause a system or application crash and can lead to malicious entry-point.
7. Compromising a user’s session for exploiting the user’s data and do malicious activities or misuse
user’s credentials is called ___________
a) Session Hijacking
b) Session Fixation
c) Cookie stuffing
d) Session Spying
View Answer
Answer: a
Explanation: Using session hijacking, which is popularly known as cookie hijacking is an
exploitation method for compromising the user’s session for gaining unauthorized access to user’s
information.
8. Which of this is an example of physical hacking?
a) Remote Unauthorised access
b) Inserting malware loaded USB to a system
c) SQL Injection on SQL vulnerable site
d) DDoS (Distributed Denial of Service) attack
View Answer
Answer: b
Explanation: If a suspicious gain access to server room or into any confidential area with a malicious
pen-drive loaded with malware which will get triggered automatically once inserted to USB port of
any employee’s PC; such attacks come under physical hacking, because that person in gaining
unauthorized physical access to any room or organization first, then managed to get an employee’s
PC also, all done physically – hence breaching physical security.
9. Which of them is not a wireless attack?
a) Eavesdropping
b) MAC Spoofing
c) Wireless Hijacking
d) Phishing
View Answer
Answer: d
Explanation: Wireless attacks are malicious attacks done in wireless systems, networks or devices.
Attacks on Wi-Fi network is one common example that general people know. Other such sub-types
of wireless attacks are wireless authentication attack, Encryption cracking etc.
10. An attempt to harm, damage or cause threat to a system or network is broadly termed as ______
a) Cyber-crime
b) Cyber Attack
c) System hijacking
d) Digital crime
View Answer
Answer: b
Explanation: Cyber attack is an umbrella term used to classify different computer & network attacks
or activities such as extortion, identity theft, email hacking, digital spying, stealing hardware, mobile
hacking and physical security breaching.
11. Which method of hacking will record all your keystrokes?
a) Keyhijacking
b) Keyjacking
c) Keylogging
d) Keyboard monitoring
View Answer
Answer: c
Explanation: Keylogging is the method or procedure of recording all the key strokes/keyboard button
pressed by the user of that system.
12. _________ are the special type of programs used for recording and tracking user’s keystroke.
a) Keylogger
b) Trojans
c) Virus
d) Worms
View Answer
Answer: a
Explanation: Keyloggers are surveillance programs developed for both security purpose as well as
done for hacking passwords and other personal credentials and information. This type of programs
actually saves the keystrokes done using a keyboard and then sends the recorded keystroke file to the
creator of such programs.
13. These are a collective term for malicious spying programs used for secretly monitoring
someone’s activity and actions over a digital medium.
a) Malware
b) Remote Access Trojans
c) Keyloggers
d) Spyware
View Answer
Answer: d
Explanation: Spyware is professional malicious spying software that is hard to detect by anti-
malware or anti-virus programs because they are programmed in such a skillful way. These types of
software keep on collecting personal information, surfing habits, surfing history as well as credit card
details.
14. Stuxnet is a _________
a) Worm
b) Virus
c) Trojan
d) Antivirus
View Answer
Answer: a
Explanation: Stuxnet is a popular and powerful worm that came into existence in mid 2010, which
was very powerful as it was accountable for the cause of huge damage to Iran’s Nuclear program. It
mainly targets the PLCs (Programmable Logic Controllers) in a system.
15. ___________ is a violent act done using the Internet, which either threatens any technology user
or leads to loss of life or otherwise harms anyone in order to accomplish political gain.
a) Cyber-warfare
b) Cyber campaign
c) Cyber-terrorism
d) Cyber attack
View Answer
Answer: c
Explanation: Cyber- terrorism is the term used to describe internet terrorism, where individuals and
groups are anonymously misusing ethnicities, religions as well as threaten any technology user,
which may lead to even loss of life.

Cyber Security Questions and Answers – Elements of

Security
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Elements of
Security”.

1. In general how many key elements constitute the entire security structure?
a) 1
b) 2
c) 3
d) 4
View Answer
Answer: d
Explanation: The 4 key elements that constitute the security are: confidentiality, integrity,
authenticity & availability. Authenticity is not considered as one of the key elements in some other
security models, but the popular CIA Triad eliminates this as authenticity at times comes under
confidentiality & availability.
2. According to the CIA Triad, which of the below-mentioned element is not considered in the triad?
a) Confidentiality
b) Integrity
c) Authenticity
d) Availability
View Answer
Answer: c
Explanation: According to the CIA triad the three components that a security need is the
Confidentiality, Integrity, Availability (as in short read as CIA).

3. This is the model designed for guiding the policies of Information security within a company, firm
or organization. What is “this” referred to here?
a) Confidentiality
b) Non-repudiation
c) CIA Triad
d) Authenticity
View Answer
Answer: c
Explanation: Various security models were being developed till date. This is by far the most popular
and widely used model which focuses on the information’s confidentiality, integrity as well as
availability and how these key elements can be preserved for a better security in any organization.
4. CIA triad is also known as ________
a) NIC (Non-repudiation, Integrity, Confidentiality)
b) AIC (Availability, Integrity, Confidentiality)
c) AIN (Availability, Integrity, Non-repudiation)
d) AIC (Authenticity, Integrity, Confidentiality)
View Answer
Answer: b
Explanation: This approach of naming it CIA Triad as AIC (Availability, Integrity, Confidentiality)
Triad because people get confused about this acronym with the abbreviation and the secret agency
name Central Intelligence Agency.
5. When you use the word _____ it means you are protecting your data from getting disclosed.
a) Confidentiality
b) Integrity
c) Authentication
d) Availability
View Answer
Answer: a
Explanation: Confidentiality is what every individual prefer in terms of physical privacy as well as
digital privacy. This term means our information needs to be protected from getting disclose to
unauthorised parties, for which we use different security mechanisms like password protection,
biometric security, OTPs (One Time Passwords) etc.
6. ______ means the protection of data from modification by unknown users.
a) Confidentiality
b) Integrity
c) Authentication
d) Non-repudiation
View Answer
Answer: b
Explanation: A information only seems valuable if it is correct and do not get modified during its
journey in the course of arrival. The element integrity makes sure that the data sent or generated from
other end is correct and is not modified by any unauthorised party in between.
7. When integrity is lacking in a security system, _________ occurs.
a) Database hacking
b) Data deletion
c) Data tampering
d) Data leakage
View Answer
Answer: c
Explanation: The term data tampering is used when integrity is compromised in any security model
and checking its integrity later becomes costlier. Example: let suppose you sent $50 to an authorised
person and in between a Man in the Middle (MiTM) attack takes place and the value has tampered to
$500. This is how integrity is compromised.
8. _______ of information means, only authorised users are capable of accessing the information.
a) Confidentiality
b) Integrity
c) Non-repudiation
d) Availability
View Answer
Answer: d
Explanation: Information seems useful only when right people (authorised users) access it after going
through proper authenticity check. The key element availability ensures that only authorised users are
able to access the information.
9. Why these 4 elements (confidentiality, integrity, authenticity & availability) are considered
fundamental?
a) They help understanding hacking better
b) They are key elements to a security breach
c) They help understands security and its components better
d) They help to understand the cyber-crime better
View Answer
Answer: c
Explanation: The four elements of security viz. confidentiality, integrity, authenticity & availability
helps in better understanding the pillars of security and its different components.
10. This helps in identifying the origin of information and authentic user. This referred to here as
__________
a) Confidentiality
b) Integrity
c) Authenticity
d) Availability
View Answer
Answer: c
Explanation: The key element, authenticity helps in assuring the fact that the information is from the
original source.
11. Data ___________ is used to ensure confidentiality.
a) Encryption
b) Locking
c) Deleting
d) Backup
View Answer
Answer: a
Explanation: Data encryption is the method of converting plain text to cipher-text and only
authorised users can decrypt the message back to plain text. This preserves the confidentiality of
data.
12. Which of these is not a proper method of maintaining confidentiality?
a) Biometric verification
b) ID and password based verification
c) 2-factor authentication
d) switching off the phone
View Answer
Answer: d
Explanation: Switching off the phone in the fear of preserving the confidentiality of data is not a
proper solution for data confidentiality. Fingerprint detection, face recognition, password-based
authentication, two-step verifications are some of these.
13. Data integrity gets compromised when _____ and _____ are taken control off.
a) Access control, file deletion
b) Network, file permission
c) Access control, file permission
d) Network, system
View Answer
Answer: c
Explanation: The two key ingredients that need to be kept safe are: access control & file permission
in order to preserve data integrity.
14. ______ is the latest technology that faces an extra challenge because of CIA paradigm.
a) Big data
b) Database systems
c) Cloud storages
d) Smart dust
View Answer
Answer: a
Explanation: Big data has additional challenges that it has to face because of the tremendous volume
of data that needs protection as well as other key elements of the CIA triad, which makes the entire
process costly and time-consuming.
15. One common way to maintain data availability is __________
a) Data clustering
b) Data backup
c) Data recovery
d) Data Altering
View Answer
Answer: b
Explanation: For preventing data from data-loss, or damage data backup can be done and stored in a
different geographical location so that it can sustain its data from natural disasters & unpredictable
events.

Cyber Security Questions and Answers – Information

Security Technologies
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Information
Security Technologies”.

1. _______ is the practice and precautions taken to protect valuable information from unauthorised
access, recording, disclosure or destruction.
a) Network Security
b) Database Security
c) Information Security
d) Physical Security
View Answer
Answer: c
Explanation: Information Security (abbreviated as InfoSec) is a process or set of processes used for
protecting valuable information for alteration, destruction, deletion or disclosure by unauthorised
users.
2. From the options below, which of them is not a threat to information security?
a) Disaster
b) Eavesdropping
c) Information leakage
d) Unchanged default password
View Answer
Answer: d
Explanation: Disaster, eavesdropping and information leakage come under information security
threats whereas not changing the default password of any system, hardware or any software comes
under the category of vulnerabilities that the user may pose to its system.
3. From the options below, which of them is not a vulnerability to information security?
a) flood
b) without deleting data, disposal of storage media
c) unchanged default password
d) latest patches and updates not done
View Answer
Answer: a
Explanation: Flood comes under natural disaster which is a threat to any information and not acts as a
vulnerability to any system.
4. _____ platforms are used for safety and protection of information in the cloud.
a) Cloud workload protection platforms
b) Cloud security protocols
c) AWS
d) One Drive
View Answer
Answer: a
Explanation: Nowadays data centres support workloads from different geographic locations across
the globe through physical systems, virtual machines, servers, and clouds. Their security can be
managed using Cloud workload protection platforms which manage policies regarding security of
information irrespective of its location.
5. Which of the following information security technology is used for avoiding browser-based
hacking?
a) Anti-malware in browsers
b) Remote browser access
c) Adware remover in browsers
d) Incognito mode in a browser
View Answer
Answer: b
Explanation: Cyber-criminals target browsers for breaching information security. If a user establishes
a remote browsing by isolating the browsing session of end user, cyber-criminals will not be able to
infect the system along with browser with malware, ultimately reducing the attack surface area.
6. The full form of EDR is _______
a) Endpoint Detection and recovery
b) Early detection and response
c) Endpoint Detection and response
d) Endless Detection and Recovery
View Answer
Answer: c
Explanation: It is a collective name for tools that monitor networks & endpoints of systems and
record all the activities for further reporting, analysis & detection in a central database. Analyzing the
reports generated through such EDR tools, loopholes in a system or any internal, as well as external
breaching attempts can be detected.
7. _______ technology is used for analyzing and monitoring traffic in network and information flow.
a) Cloud access security brokers (CASBs)
b) Managed detection and response (MDR)
c) Network Security Firewall
d) Network traffic analysis (NTA)
View Answer
Answer: d
Explanation: Network traffic analysis (NTA) is an approach of information security for supervising
the traffic in any network, a flow of data over the network as well as malicious threats that are trying
to breach the network. This technological solution also helps in triage the events detected by
Network Traffic Analysing tools.
8. Compromising confidential information comes under _________
a) Bug
b) Threat
c) Vulnerability
d) Attack
View Answer
Answer: b
Explanation: Threats are anything that may cause damage or harm to a computer system, individual
or any information. Compromising of confidential information means extracting out sensitive data
from a system by illegal manner.
9. Lack of access control policy is a _____________
a) Bug
b) Threat
c) Vulnerability
d) Attack
View Answer
Answer: c
Explanation: Access control policies are incorporated to a security system for restricting of
unauthorised access to any logical or physical system. Every security compliance program must need
this as a fundamental component. Those systems which lack this feature is vulnerable.
10. Possible threat to any information cannot be ________________
a) reduced
b) transferred
c) protected
d) ignored
View Answer
Answer: d
Explanation: When there lies a threat to any system, safeguards can be implemented, outsourced,
distributed or transferred to some other system, protected using security tools and techniques but
cannot be ignored.

Cyber Security Questions and Answers – Generic Steps for

Security – 1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Generic Steps
for Security – 1”.

1. How many basic processes or steps are there in ethical hacking?

a) 4
b) 5
c) 6
d) 7
View Answer
Answer: c
Explanation: According to the standard ethical hacking standards, the entire process of hacking can
be divided into 6 steps or phases. These are: Reconnaissance, Scanning, Gaining Access, Maintaining
Access, Tracks clearing, reporting.
2. ____________ is the information gathering phase in ethical hacking from the target user.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Answer: a
Explanation: Reconnaissance is the phase where the ethical hacker tries to gather different kinds of
information about the target user or the victim’s system.
3. Which of the following is not a reconnaissance tool or technique for information gathering?
a) Hping
b) NMAP
c) Google Dorks
d) Nexpose
View Answer
Answer: d
Explanation: Hping, NMAP & Google Dorks are tools and techniques for reconnaissance. Nexpose is
a tool for scanning the network for vulnerabilities.
4. There are ______ subtypes of reconnaissance.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: a
Explanation: Reconnaissance can be done in two different ways. 1st, Active Reconnaissance which
involves interacting with the target user or system directly in order to gain information; 2nd, Passive
Reconnaissance, where information gathering from target user is done indirectly without interacting
with the target user or system.
5. Which of the following is an example of active reconnaissance?
a) Searching public records
b) Telephone calls as a help desk or fake customer care person
c) Looking for the target’s details in the database
d) Searching the target’s details in paper files
View Answer
Answer: b
Explanation: As active reconnaissance is all about interacting with target victim directly, hence
telephonic calls as a legitimate customer care person or help desk person, the attacker can get more
information about the target user.
6. Which of the following is an example of passive reconnaissance?
a) Telephonic calls to target victim
b) Attacker as a fake person for Help Desk support
c) Talk to the target user in person
d) Search about target records in online people database
View Answer
Answer: d
Explanation: Passive reconnaissance is all about acquiring of information about the target indirectly,
hence searching any information about the target on online people database is an example of passive
reconnaissance.
7. ________ phase in ethical hacking is known as the pre-attack phase.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Answer: b
Explanation: In the scanning phase, the hacker actively scans for the vulnerabilities or specific
information in the network which can be exploited.
8. While looking for a single entry point where penetration testers can test the vulnerability, they use
______ phase of ethical hacking.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Answer: b
Explanation: Scanning is done to look for entry points in a network or system in order to launch an
attack and check whether the system is penetrable or not.
9. Which of them does not comes under scanning methodologies?
a) Vulnerability scanning
b) Sweeping
c) Port Scanning
d) Google Dorks
View Answer
Answer: d
Explanation: Google dork is used for reconnaissance, which uses special search queries for
narrowing down the search results. The rest three scanning methodologies are used for scanning ports
(logical), and network vulnerabilities.
10. Which of them is not a scanning tool?
a) NMAP
b) Nexpose
c) Maltego
d) Nessus
View Answer
Answer: c
Explanation: NMAP is used for both reconnaissance and scanning purposes. Nepose and Nessus are
fully scanning tool. Maltego is an example of a reconnaissance tool used for acquiring information
about target user.
11. Which of the following comes after scanning phase in ethical hacking?
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
View Answer
Answer: d
Explanation: Gaining access is the next step after scanning. Once the scanning tools are used to look
for flaws in a system, it is the next phase where the ethical hackers or penetration testers have to
technically gain access to a network or system.
12. In __________ phase the hacker exploits the network or system vulnerabilities.
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
View Answer
Answer: d
Explanation: Penetration testers after scanning the system or network tries to exploit the flaw of the
system or network in “gaining access” phase.
13. Which of the following is not done in gaining access phase?
a) Tunnelling
b) Buffer overflow
c) Session hijacking
d) Password cracking
View Answer
Answer: a
Explanation: Tunnelling is a method that is followed to cover tracks created by attackers and erasing
digital footprints. Buffer overflow, session hijacking and password cracking are examples of gaining
access to test the flaw in system or network.
14. Which of the below-mentioned penetration testing tool is popularly used in gaining access phase?
a) Maltego
b) NMAP
c) Metasploit
d) Nessus
View Answer
Answer: c
Explanation: Metasploit is a framework and the most widely used penetration testing tool used by
ethical hackers for testing the vulnerabilities in a system or network.

Cyber Security Questions and Answers – Generic Steps for

Security – 2
« Prev
Next »
This set of Cyber Security Interview Questions and Answers focuses on “Generic Steps for Security
– 2”.

1. A _________ can gain access illegally to a system if the system is not properly tested in scanning
and gaining access phase.
a) security officer
b) malicious hacker
c) security auditor
d) network analyst
View Answer
Answer: b
Explanation: Malicious hackers can gain illegal access at OS level, application level or network level
if the penetration testers or ethical hackers lack in testing and reporting the vulnerabilities in a
system.
2. In which phase, the hackers install backdoors so that his/her ownership with the victim’s system
can be retained later?
a) Scanning
b) Maintaining access
c) Maintaining Access
d) Gaining access
View Answer
Answer: c
Explanation: After gaining access to a system, the hacker needs to keep a path open so that he/she in
future can access the system. Therefore, backdoors are set which will later allow the attacker to gain
access through it easily.
3. _______ is the tool used for this purpose.
a) Powersploit
b) Aircrack – ng
c) Snort
d) Nmap
View Answer
Answer: a
Explanation: The Powersploit is an access maintaining tool used for Windows systems. This tool is
used for gaining re-access to the victim’s system using PowerShell.
4. Which of the following hacking tools and techniques hackers’ do not use for maintaining access in
a system?
a) Rootkits
b) Backdoors
c) Trojans
d) Wireshark
View Answer
Answer: d
Explanation: Wireshark is not a tool for maintaining access because it is used for analysing network
protocols at a microscopic level (very minutely). It is an interactive tool for data traffic analysing on
any computer.
5. In _______ phase, the hackers try to hide their footprints.
a) Scanning
b) Tracks clearing
c) Reconnaissance
d) Gaining access
View Answer
Answer: b
Explanation: Tracks clearing or covering tracks is the name of the phase where the hackers delete
logs of their existence & other activity records they do during the hacking process. This step is
actually an unethical one.
6. Which of them is not a track clearing technique?
a) Altering log files
b) Tunnelling
c) Port Scanning
d) Footprint removing
View Answer
Answer: c
Explanation: Port scanning is a method used in the scanning phase. Altering or changing log files,
tunnelling for hiding your identity and removing footprints from different sites are examples of
clearing tracks.
7. __________ is the last phase of ethical hacking process.
a) Scanning
b) Tracks clearing
c) Reconnaissance
d) Reporting
View Answer
Answer: d
Explanation: In the reporting phase, the penetration tester or ethical hacker has to assemble all the
flaws along with the tools and processes used for detecting then and report it to the firm or
organization.
8. Which of the following is not a footprint-scanning tool?
a) SuperScan
b) TcpView
c) Maltego
d) OWASP Zed
View Answer
Answer: c
Explanation: SuperScan, TcpView and OWASP Zed are tools used for scanning footprints. Maltego
is not a footprint-scanning tool. It is used for reconnaissance purpose only.

Cyber Security Questions and Answers – Social Engineering

and Physical Hacking
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Social
Engineering and Physical Hacking”.

1. ___________ is a special form of attack using which hackers’ exploit – human psychology.
a) Cross Site Scripting
b) Insecure network
c) Social Engineering
d) Reverse Engineering
View Answer
Answer: c
Explanation: Using social engineering techniques, hackers try to exploit the victim’s mind to gain
valuable information about that person such as his/her phone number, date of birth, pet name etc.
2. Which of the following do not comes under Social Engineering?
a) Tailgating
b) Phishing
c) Pretexting
d) Spamming
View Answer
Answer: d
Explanation: Spamming is the attack technique where the same message is sent indiscriminately
repeatedly in order to overload the inbox or harm the user.
3. _________ involves scams where an individual (usually an attacker) lie to a person (the target
victim) to acquire privilege data.
a) Phishing
b) Pretexting
c) Spamming
d) Vishing
View Answer
Answer: b
Explanation: In the pretexting technique of social engineering, the attacker pretends in need of
legitimate information from the victim for confirming his/her identity.
4. Which of the following is the technique used to look for information in trash or around dustbin
container?
a) Pretexting
b) Baiting
c) Quid Pro Quo
d) Dumpster diving
View Answer
Answer: d
Explanation: In the technology world, where information about a person seems everywhere;
dumpster diving is the name of the technique where the attacker looks for information in dustbins
and trashes. For example, after withdrawing money from ATM, the user usually throw the receipt in
which the total amount and account details are mentioned. These type of information becomes
helpful to a hacker, for which they use dumpster diving.
5. Which of the following is not an example of social engineering?
a) Dumpster diving
b) Shoulder surfing
c) Carding
d) Spear phishing
View Answer
Answer: c
Explanation: Carding is the method of trafficking of bank details, credit cards or other financial
information over the internet. Hence it’s a fraudulent technique used by hackers and does not comes
under social engineering.
6. In a phishing, attackers target the ________ technology to so social engineering.
a) Emails
b) WI-FI network
c) Operating systems
d) Surveillance camera
View Answer
Answer: a
Explanation: In a phishing attack, the attacker fraudulently attempts to obtain sensitive data (such as
username & passwords) of the target user and use emails to send fake links which redirect them to a
fake webpage which looks legitimate.
7. Tailgating is also termed as ___________
a) Piggybacking
b) Pretexting
c) Phishing
d) Baiting
View Answer
Answer: a
Explanation: Piggybacking is the technique used for social engineering, as the attacker or
unauthorized person/individual follows behind an authorized person/employee & gets into an
authorized area to observe the system, gain confidential data or for a fraudulent purpose.
8. Physical hacking is not at all possible in hospitals, banks, private firms, and non-profit
organizations.
a) True
b) False
View Answer
Answer: b
Explanation: Physical hacking, like other types of hacking, is possible in any institutions,
organizations, clinics, private firms, banks or any other financial institutions. Hence, the above
statement is false.
9. Stealing pen drives and DVDs after tailgating is an example of lack of _______ security.
a) network security
b) physical security
c) database security
d) wireless security
View Answer
Answer: b
Explanation: When cyber-criminal gain access to an authorized area and steal pen drives and DVDs
which contain sensitive information about an employee or about the organization, then it can be said
that the physical security of the organization is weak.
10. ________ is the ability of an individual to gain physical access to an authorized area.
a) Network accessing
b) Database accessing
c) Remote accessing
d) Physical accessing
View Answer
Answer: d
Explanation: Physical accessing without prior security checking is the ability of a person to gain
access to any authorized area. Physical accessing is done using piggybacking or any other suspicious
means.
11. Which of the following is not considering the adequate measure for physical security?
a) Lock the drawers
b) Keep strong passwords for corporate laptops and mobile phones
c) Keep confidential organization’s document file open in the desk
d) Hide your hand against camera while inserting the PIN code
View Answer
Answer: c
Explanation: Keeping confidential files left open in the desk is not an adequate way of maintaining
physical security; as anyone can pick these up and perform physical hacking.
12. Which of the following is not a physical security measure to protect against physical hacking?
a) Add front desk & restrict unknown access to the back room
b) Create a phishing policy
c) Analyze how employees maintain their physical data and data storage peripheral devices
d) Updating the patches in the software you’re working at your office laptop.
View Answer
Answer: d
Explanation: Updating the patches in your working software does not come under security measures
for physical hacking. Updating the patches will help your software get free from bugs and flaws in an
application as they get a fix when patches are updated.
13. IT security department must periodically check for security logs and entries made during office
hours.
a) True
b) False
View Answer
Answer: a
Explanation: Checking for security logs and entries made by employees and other outsiders who
entered the office can help in identifying whether any suspicious person is getting in and out of the
building or not.
14. Which of them is not an example of physical hacking?
a) Walk-in using piggybacking
b) Sneak-in
c) Break-in and steal
d) Phishing
View Answer
Answer: d
Explanation: Phishing does not come under physical security. Walk-in without proper authorization,
sneaking in through glass windows or other means and breaking in and stealing sensitive documents
are examples of physical hacking.
15. Physical _________ is important to check & test for possible physical breaches.
a) penetration test
b) security check
c) hacking
d) access
View Answer
Answer: a
Explanation: Physical penetration test is important in order to check for the possible physical security
breaches. Usually corporate firms and organizations stay busy in securing the networks and data and
penetration testers are hired for data and network pentesting, but physical security breach can also
equally hamper.

Cyber Security Questions and Answers – Security Protocols

–1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Security
Protocols – 1”.

1. ___________ ensures the integrity and security of data that are passing over a network.
a) Firewall
b) Antivirus
c) Pentesting Tools
d) Network-security protocols
View Answer
Answer: d
Explanation: The methods and processes in securing network data from unauthorized content
extraction are controlled by network-security protocols.
2. Which of the following is not a strong security protocol?
a) HTTPS
b) SSL
c) SMTP
d) SFTP
View Answer
Answer: c
Explanation: SMTP (is abbreviated as Simple Mail Transfer Protocol) is a standard protocol to
transmit electronic mail and is a widely used mail transmitting protocol.
3. Which of the following is not a secured mail transferring methodology?
a) POP3
b) SSMTP
c) Mail using PGP
d) S/MIME
View Answer
Answer: a
Explanation: POP (Post Office Protocol) is a simple protocol which fetches the updated mail stored
for you by the server. S/MIME (Secure/Multipurpose Internet Mail Extensions), SSMTP (Secure-
Simple Mail Transfer Protocol), and PGP (Pretty Good Privacy) are examples of protocols and
methods for secure mailing.
4. __________ is a set of conventions & rules set for communicating two or more devices residing in
the same network?
a) Security policies
b) Protocols
c) Wireless network
d) Network algorithms
View Answer
Answer: b
Explanation: Network protocols are designed with mechanisms for identifying devices and make
connections between them. In addition, some proper rules are defined as to how data packets will be
sent and received.
5. TSL (Transport Layer Security) is a cryptographic protocol used for securing HTTP/HTTPS based
connection.
a) True
b) False
View Answer
Answer: a
Explanation: TLS which has now become SSL (Secure Socket Layer) is one of the popular
cryptographic protocols developed to provide security to computer network while communication.
6. HTTPS is abbreviated as _________
a) Hypertexts Transfer Protocol Secured
b) Secured Hyper Text Transfer Protocol
c) Hyperlinked Text Transfer Protocol Secured
d) Hyper Text Transfer Protocol Secure
View Answer
Answer: d
Explanation: Hyper Text Transfer Protocol Secure (HTTPS) is a security protocol which maintains
security when data is sent from browser to server and vice versa. It denotes that all communication
setup between the browser and the server is encrypted.
7. SSL primarily focuses on _______
a) integrity and authenticity
b) integrity and non-repudiation
c) authenticity and privacy
d) confidentiality and integrity
View Answer
Answer: a
Explanation: SSL primarily focuses on maintaining the integrity of the data. Also, it maintains
authenticity which helps the customers feel secure to communicate over the internet.
8. In SSL, what is used for authenticating a message?
a) MAC (Message Access Code)
b) MAC (Message Authentication Code)
c) MAC (Machine Authentication Code)
d) MAC (Machine Access Code)
View Answer
Answer: b
Explanation: For authenticating in SSL, a short message known as MAC (Message Authentication
Code) is used for authenticating a message; where both the sender & the receiver need to implement
the same key in order to start communicating.
9. __________ is used for encrypting data at network level.
a) IPSec
b) HTTPS
c) SMTP
d) S/MIME
View Answer
Answer: a
Explanation: IPSec (Secure Internet Protocol) is used for securing data at the network level by using
3 different protocols. These are Encapsulating Secure Payload (ESP), Authentication Header, and
Internet Key Exchange (IKE).
10. S/MIME is abbreviated as __________________
a) Secure/Multimedia Internet Mailing Extensions
b) Secure/Multipurpose Internet Mailing Extensions
c) Secure/Multimedia Internet Mail Extensions
d) Secure/Multipurpose Internet Mail Extensions
View Answer
Answer: d
Explanation: Secure/Multipurpose Internet Mail Extensions is the most popular protocol used to send
encrypted messages that are digitally signed. In this protocol, the encryption is done with a digital
sign in them.
11. Users are able to see a pad-lock icon in the address bar of the browser when there is _______
connection.
a) HTTP
b) HTTPS
c) SMTP
d) SFTP
View Answer
Answer: b
Explanation: It is when HTTPS (Hyper Text Transfer Protocol Secure) connection is built an
extended validation certificate is installed in the website for security reasons.
12. Why did SSL certificate require in HTTP?
a) For making security weak
b) For making information move faster
c) For encrypted data sent over HTTP protocol
d) For sending and receiving emails unencrypted
View Answer
Answer: c
Explanation: In the case of HTTP connection, data are sent as plain-text, which is easily readable by
hackers, especially when it is credit card details and personal information. But with the incorporation
of SSL certificate, communication becomes secure and data sent and received are encrypted.
13. SFTP is abbreviated as ________
a) Secure File Transfer Protocol
b) Secured File Transfer Protocol
c) Secure Folder Transfer Protocol
d) Secure File Transferring Protocol
View Answer
Answer: a
Explanation: It is a secured FTP, where communication is made secured using SSH (Secure Shell)
which helps in secure transferring of files in both local as well as remote systems.
14. PCT is abbreviated as ________
a) Private Connecting Technology
b) Personal Communication Technology
c) Private Communication Technique
d) Private Communication Technology
View Answer
Answer: d
Explanation: Private Communication Technology (PCT) is similar to SSL except that the size of the
message is smaller in the case of PCT. It supports different encryption algorithms like DES, RSA,
Diffie-Hellman etc.
Cyber Security Questions and Answers – Security Protocols
–2
« Prev
Next »
This set of Cyber Security Questions and Answers for Freshers focuses on “Security Protocols – 2”.

1. Authentication in PCT requires _____ keys.

a) 1
b) 2
c) 3
d) 4
View Answer
Answer: b
Explanation: For message encryption using PCT it requires two separate keys. Moreover, PCT has
more options for data formats and security algorithms.
2. The latest version of TLS is _____
a) version 1.1
b) version 1.2
c) version 2.1
d) version 1.3
View Answer
Answer: b
Explanation: The latest standard version of TLS is version 1.2. Version 1.3 is still in the development
stage.
3. SIP is abbreviated as __________
a) Session Initiation Protocol
b) Secured Initiation Protocol
c) Secure Initiation Protocol
d) Session Integration Protocol
View Answer
Answer: a
Explanation: Session Initiation Protocol is an important protocol used for starting, preserving and
terminating any real time sessions over the internet.
4. In which of the following cases Session Initiation Protocol is not used?
a) Instant Messaging
b) Voice over LTE (VoLTE)
c) Internet telephony
d) Data Transferring
View Answer
Answer: d
Explanation: Session Initiation Protocol is used as real-time session maintaining and is used voice,
video as well as messaging applications for controlling multimedia communication sessions.
5. SRTP is abbreviated as ________
a) Secure Relay Transport Protocol
b) Secure Real-time Transferring Protocol
c) Secure Real-time Transport Protocol
d) Secure Real-time Transportation Protocol
View Answer
Answer: c
Explanation: Secure Real-time Transport Protocol is a real-time multimedia delivery protocol with
encryption for message integrity and authentication. It is used mostly in entertainment systems and
streaming media and sites.
6. ESP is abbreviated as ____________
a) Encapsulating Security Payload
b) Encapsulating Secure Protocol
c) Encrypted Secure Payload
d) Encapsulating Secure Payload
View Answer
Answer: d
Explanation: Encapsulating Secure Payload is a special type of protocol used for offering integrity,
authentication, and confidentiality to network packets’ data in IPSec (Secure Internet Protocol).
7. ________ is the entity for issuing digital certificates.
a) Certificate Authority (CA)
b) Cert Authority (CA)
c) Cert Authorization (CA)
d) Certificate Authorization (CA)
View Answer
Answer: a
Explanation: Digital certificates are used for certifying the ownership of a public key and the entity
who issue those certificates is the Certificate Authority.
8. IKE is abbreviated as Internet Key Exchange.
a) True
b) False
View Answer
Answer: a
Explanation: Internet Key Exchange is a security protocol used for setting up a security association in
the Secure IP protocol. IKE = Key Management Protocol (KMP) + Security Association (SA).

Cyber Security Questions and Answers – Hacking

Terminologies – 1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Hacking
Terminologies – 1”.

1. ________ is any action that might compromise cyber-security.

a) Threat
b) Vulnerability
c) Exploit
d) Attack
View Answer
Answer: a
Explanation: Threat can be termed as a possible danger that may lead to breach the cyber security
and may cause possible harm to the system or the network.
2. Existence of weakness in a system or network is called _______
a) Threat
b) Vulnerability
c) Exploit
d) Attack
View Answer
Answer: b
Explanation: Vulnerability is the term used to define weakness in any network or system that can get
exploited by an attacker. Exploiting the weakness can lead to the unexpected & undesirable event in
cyber security.
3. When any IT product, system or network is in need for testing for security reasons, then the term
used is called _________
a) Threat
b) Vulnerability
c) Target of Evaluation
d) Attack
View Answer
Answer: c
Explanation: Target of Evaluation is the term used when any IT infrastructure, system, network
require evaluation for security reasons or for fixing any bugs after being tested by penetration testers.
4. An/A ________ is an act that violates cyber-security.
a) Threat
b) Vulnerability
c) Exploit
d) Attack
View Answer
Answer: d
Explanation: An “attack” or “cyber-attack” is an attempt taken by attackers to alter, delete, steal or
expose any specific data by gaining unauthorized access.
5. ________ is a way to breach the security by using the vulnerability of that system.
a) Threat
b) Vulnerability
c) Exploit
d) Attack
View Answer
Answer: c
Explanation: An exploit can be any data, piece of code, a program, sequence of commands or any
software that uses the vulnerability or flaw of a system and helps attackers or cyber-criminals cause
unanticipated behaviour.
6. _________ is an act of hacking by the means of which a political or social message is conveyed.
a) Hacktivism
b) Whistle-blowing
c) Surveillance
d) Pseudonymization
View Answer
Answer: a
Explanation: Hacktivism is an act of defacing a website, or any network or system. Systems and
networks are compromised with a political or social agenda.
7. _______ is the method of developing or creating a structurally similar yet unauthentic and
illegitimate data of any firm or company.
a) Data copying
b) Data masking
c) Data breaching
d) Data duplicating
View Answer
Answer: b
Explanation: Data masking is the method used for developing or creating a structurally similar
version of data of any organization that is not authentic. These types of unauthentic data are
purposefully created for protecting the actual data.
8. Data masking is also known as _________
a) Data obfuscation
b) Data copying
c) Data breaching
d) Data duplicating
View Answer
Answer: a
Explanation: Data obfuscation is the alternate term used for data masking, that is used for developing
or creating a structurally similar version of data of any organization that is not authentic. These types
of unauthentic data are purposefully created for protecting the actual data.
9. ________ automates an action or attack so that repetitive tasks are done at a faster rate.
a) Auto-bots
b) Cookie-bots
c) Robots
d) Bots
View Answer
Answer: d
Explanation: Bots are a set of codes written which helps to perform repetitive tasks at a much faster
rate than humans.
10. Backdoors are also known as ____________
a) Trap doors
b) Front doors
c) Cover doors
d) Back entry
View Answer
Answer: a
Explanation: Trap-doors are hidden entry points in any already hacked system that is set to bypass
security measures.
11. Adware are pre-chosen _______ developed to display ads.
a) banner
b) software
c) malware
d) shareware
View Answer
Answer: b
Explanation: Adware is software that is displayed on system or web pages for showing pre-chosen
ads.
12. ________ is an attack technique occurs when excess data gets written to a memory block.
a) Over buffering
b) Buffering
c) Buffer overflow
d) Memory full
View Answer
Answer: c
Explanation: Buffer overflow is a flaw that occurs in memory when excessive data is written which
makes the buffer allocated to seize.
13. Finding & publishing any user’s identity with the help of different personal details is called
________
a) Doxing
b) Data breaching
c) Personal data copying
d) Secure File Transferring Protocol
View Answer
Answer: a
Explanation: When an identity of internet user is discovered and published by following his/her
details over the internet is called doxing.
14. In IP address, IP is abbreviated as __________
a) Internet Program
b) Internet Protocol
c) Intuition Programs
d) Internet Pathway
View Answer
Answer: b
Explanation: In IP Address, IP is abbreviated as Internet Protocol. It acts as a unique address or
identifier of any computer or device in the internet.
15. Whaling is the technique used to take deep and _________ information about any individual.
a) sensitive
b) powerful
c) useless
d) casual
View Answer
Answer: a
Explanation: Whaling uses phishing technique which helps hackers in stealing deep and sensitive
information about any member of an organization. The information can be private addresses, phone
number, future plans and projects, salary and bonuses.

Cyber Security Questions and Answers – Hacking

Terminologies – 2
« Prev
Next »
This set of Cyber Security Interview Questions and Answers for freshers focuses on “Hacking
Terminologies – 2”.

1. _________ are a specific section of any virus or malware that performs illicit activities in a
system.
a) Malicious programs
b) Worms
c) Spyware
d) Payload
View Answer
Answer: d
Explanation: Payloads are parts of a virus that helps in performing malicious activities such as
destroying information, blocking network traffic, compromising data, steal and spy for sensitive
information.
2. ____________ is a scenario when information is accessed without authorization.
a) Data infiltration
b) Data Hack
c) Information compromise
d) Data Breach
View Answer
Answer: d
Explanation: Data breach is the term used when the cyber-security incident takes place where
sensitive information is accessed without authority.
3. ____________ is an attempt to steal, spy, damage or destroy computer systems, networks or their
associated information.
a) Cyber-security
b) Cyber attack
c) Digital hacking
d) Computer security
View Answer
Answer: b
Explanation: Cyber attack can be defined as an attempt to steal, spy, damage or destroy different
components of cyberspace such as computer systems, associated peripherals, network systems, and
information.
4. ___________ is a device which secretly collects data from credit / debit cards.
a) Card Skimmer
b) Data Stealer
c) Card Copier
d) Card cloner
View Answer
Answer: a
Explanation: Card skimmer is hardware that is installed and setup in ATMs secretly so that when any
user will swipe or insert their card in the ATM, the skimmer will fetch all information from the
magnetic strip.
5. _____________ is a technique used when artificial clicks are made which increases revenue
because of pay-per-click.
a) Clickjacking
b) Clickfraud
c) Keylogging
d) Click-hacking
View Answer
Answer: b
Explanation: Clickfraud is an attack technique used when artificial clicks get generated to increase
the revenue in ad-campaigns online.
6. __________ is the practice implemented to spy someone using technology for gathering sensitive
information.
a) Cyber espionage
b) Cyber-spy
c) Digital Spying
d) Spyware
View Answer
Answer: a
Explanation: Cyber espionage is a practice done by both ethical and non-ethical hackers to spy on
others for gathering confidential information.
7. ____________ is the way or technique through which majority of the malware gets installed in our
system.
a) Drive-by click
b) Drive-by redirection
c) Drive-by download
d) Drive-by injecting USB devices
View Answer
Answer: c
Explanation: An accidental yet dangerous action that takes place in the cyberspace which helps
attackers place their malware into the victim’s system. This technique is called Drive-by download.
8. ______ is the term used for toolkits that are purchased and used for targeting different exploits.
a) Exploit bag
b) Exploit set
c) Exploit Toolkit
d) Exploit pack
View Answer
Answer: d
Explanation: Exploit pack or Exploit kit is the term used for toolkits that are purchased and used for
targeting different exploits.
9. Identity theft is the term used when a cyber-thief uses anybody’s personal information to
impersonate the victim for their benefit.
a) True
b) False
View Answer
Answer: a
Explanation: Identity theft is the term used when a cyber-thief uses anybody’s personal information
to impersonate the victim for their benefit. In this type of cyber-crime, information like social
security number, personal details, and images, hobbies and passion details, driving license number
and address details are compromised.
10. _________ is the hacking approach where cyber-criminals design fake websites or pages for
tricking or gaining additional traffic.
a) Cyber-replication
b) Mimicking
c) Website-Duplication
d) Pharming
View Answer
Answer: a
Explanation: The technique and approach through which cyber-crooks develop fake web pages and
sites to trick people for gaining personal details such as login ID and password as well as personal
information, is known as pharming.
11. RAM-Scraping is a special kind of malware that looks (scrape) for sensitive data in the hard
drive.
a) True
b) False
View Answer
Answer: a
Explanation: It is a special kind of malware that looks for sensitive data that you’ve stored in your
hard drive. RAM-scraping is one of those kinds.
12. When you book online tickets by swiping your card, the details of the card gets stored in ______
a) database system
b) point-of-sale system
c) servers
d) hard drives
View Answer
Answer: b
Explanation: The point-of-sale system is a system where the retailer or company stores financial
records and card details of the e-commerce system or online business transactions.
13. Point-of-sale intrusion does not deal with financial details and credit card information.
a) True
b) False
View Answer
Answer: b
Explanation: Point-of-sale intrusion is an attack that deals with financial details and credit card
information, where the payment system of the company or retailer is compromised and left with
customer’s financial information at risk.
14. _______ are deadly exploits where the vulnerability is known and found by cyber-criminals but
not known and fixed by the owner of that application or company.
a) Unknown attacks
b) Secret attacks
c) Elite exploits
d) Zero-day exploits
View Answer
Answer: d
Explanation: Zero-day exploits are used to attack a system as soon as cyber-criminals came to know
about the weakness or the day the weaknesses are discovered in a system. Hackers exploit these types
of vulnerabilities before the creator releases the patch or fix the issue.
15. Zero-day exploits are also called __________
a) zero-day attacks
b) hidden attacks
c) un-patched attacks
d) un-fixed exploits
View Answer
Answer: a
Explanation: Zero-day exploits are also called zero-day attacks where the vulnerability is known and
found by cyber-criminals or ethical hackers but not known and fixed by the creator/owner of that
application or company.

Cyber Security Questions and Answers – Ports and Its Types

–1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Ports and Its
Types – 1”.

1. There are ______ major types of ports in computers.

a) 1
b) 2
c) 3
d) 4
View Answer
Answer: b
Explanation: There are 2 major types of ports in computer systems. These are physical ports and
logical ports.
2. PS2 and DVI are examples of Logical ports.
a) True
b) False
View Answer
Answer: b
Explanation: PS2 and DVI are examples of physical ports. Physical ports can be touched and seen
with our naked eyes.
3. Physical ports are usually referred to as ___________
a) jacks
b) cables
c) interfaces
d) hardware plugs
View Answer
Answer: c
Explanation: Physical ports are connections that connect two systems for their interactions. LAN,
PS2 and DVI are examples of physical ports.
4. ____________ are logical numbers assigned for logical connections.
a) Logical ports
b) Physical ports
c) Networking cables
d) IP address
View Answer
Answer: a
Explanation: Logical ports are end-point to a logical connection. The numbers are pre-assigned by
IANA (Internet Assigned Numbers Authority) which ranges from 0 – 65536.
5. Number of logical ports ranges from _____ to _____
a) 0, 255
b) 1, 65535
c) 1, 65536
d) 0, 65536
View Answer
Answer: d
Explanation: The numbers are pre-assigned by IANA (Internet Assigned Numbers Authority) which
ranges from 0 – 65536. All the used protocols are assigned with a unique port number.
6. Logical ports are also known as ________________
a) numbered ports
b) virtual numbering
c) virtual ports
d) network protocol ports
View Answer
Answer: c
Explanation: Logical ports are also known as virtual ports which are part of TCP/IP networking. The
numbers of ports are pre-assigned by IANA (Internet Assigned Numbers Authority) which ranges
from 0 – 65536.
7. Virtual ports help software in sharing without interference all hardware resources.
a) True
b) False
View Answer
Answer: a
Explanation: Virtual ports also known as logical ports helps different applications in sharing without
the interference of all hardware resources. The network traffic is automatically managed by routers
using these ports.
8. ________ needs some control for data flow on each and every logical port.
a) Antivirus
b) Network firewall
c) Intrusion Detection Systems (IDS)
d) Anti-malware
View Answer
Answer: b
Explanation: For security reason, there is some additional control provided by the network firewall
over data traffic going through each logical ports.
9. The logical port is associated with the type of protocol used along with the IP address of the host.
a) True
b) False
View Answer
Answer: a
Explanation: During a communication, the logical port is ass associated with the type of protocol
used along with the IP address of the host. The numbers logical ports are pre-assigned by IANA
(Internet Assigned Numbers Authority) which ranges from 0 – 65536.
10. Which of the following is the port number for FTP data?
a) 20
b) 21
c) 22
d) 23
View Answer
Answer: a
Explanation: Port number 20 is the logical port number for FTP data service. FTP protocol is a
standard protocol used for transmitting and receiving files from client to server through a network.
11. Which of the following is the port number for FTP control?
a) 20
b) 21
c) 22
d) 23
View Answer
Answer: b
Explanation: Port number 21 is the logical port number for FTP control service. FTP protocol is a
standard protocol used for transmitting and receiving files from client to server through a network.
12. Which of the following is the port number for SSH (Secure Shell)?
a) 20
b) 21
c) 22
d) 23
View Answer
Answer: c
Explanation: Port number 22 is the logical port number for Secure Shell service. SSH gives users
(specifically system administrators), a way to securely access computers on unsecured network
connectivity.
13. Which of the following is the port number for Telnet?
a) 20
b) 21
c) 22
d) 23
View Answer
Answer: d
Explanation: Port number 23 is the logical port number for Telnet. Telnet is used for bi-directional
communication over the internet in text-oriented format. It also gives virtual terminal connectivity.

Cyber Security Questions and Answers – Ports and Its Types

–2
« Prev
Next »
This set of Cyber Security Questions and Answers for Experienced people focuses on “Ports and Its
Types – 2”.

1. Which of the following is the port number for SMTP service?

a) 29
b) 27
c) 25
d) 23
View Answer
Answer: c
Explanation: Port number 25 is the logical port number for Simple Mail Transfer Protocol (SMTP)
service. SMTP is an Internet standard protocol for email transmission.
2. Which of the following are the port numbers for IPSec service?
a) 50, 51
b) 49, 50
c) 51, 52
d) 23, 24
View Answer
Answer: a
Explanation: Port numbers 50 and 51 are the logical port numbers for IPSec service. IPSec is a
standard protocols suite used among 2 communication points that help in providing data
authentication, confidentiality, and integrity.
3. Which of the following are the port numbers for DHCP?
a) 66, 67
b) 67, 68
c) 65, 66
d) 68, 69
View Answer
Answer: c
Explanation: Port numbers 67 and 68 are the logical port numbers for Dynamic Host Configuration
Protocol (DHCP) service. It helps in providing Internet Protocol (IP) host automatically along with
related configuration information like subnet mask and default gateway.
4. Which of the following is the port number for TFTP service?
a) 69
b) 70
c) 71
d) 72
View Answer
Answer: a
Explanation: Port number 69 is the logical port number for Trivial File Transfer Protocol (TFTP)
service. It is an internet software utility protocol used for transferring files.
5. Port 80 handles unencrypted web traffic.
a) True
b) False
View Answer
Answer: a
Explanation: Ports are assigned to different services for identification of which port is sending traffic
over the network. Port 80 is used by the popular HTTP (Hyper Text Transfer Protocol) that handles
unencrypted web traffic.
6. Why it is important to know which service is using which port number?
a) For database security
b) For reporting data security to the auditor
c) For understanding which data is going through secured traffic and which is not
d) For checking unused data traffic
View Answer
Answer: c
Explanation: If a security analyst or ethical hacker knows which port is open and through which port
data is going, he/she will be able to know which data is going in encrypted form and which one is
not. Also, it helps in securing a system by closing the logical ports so that hackers cannot gain access
through them.
7. Which of the following is the port number for SFTP service?
a) 21
b) 22
c) 23
d) 69
View Answer
Answer: b
Explanation: Port number 22 is both used as the logical port for Secure File Transfer Protocol (SFTP)
as well as Secure Shell (SSH) service. This is because SFTP also uses SSH for encryption.
8. Which of the following is the port number for HTTP?
a) 79
b) 80
c) 81
d) 82
View Answer
Answer: b
Explanation: Port number 80 is the logical port number for the popular Hyper-Text Transfer Protocol
(HTTP) service. This protocol defines how messages are formatted and transmitted over unencrypted
traffic.
9. TACACS+ uses TCP port 49.
a) True
b) False
View Answer
Answer: a
Explanation: Terminal Access Controller Access-Control System (TACACS) is used for handling
remote authentication and associated services. TACACS+ was developed by Cisco Systems in the
year 1993.
10. Which of the following is the port number for Kerberos?
a) 87
b) 88
c) 89
d) 86
View Answer
Answer: b
Explanation: Port number 88 is the logical port number for Kerberos service. It is a computer
network authentication protocol that works on a non-secure network to prove the identity.
11. Which of the following is the port number for POP3?
a) 110
b) 111
c) 112
d) 113
View Answer
Answer: a
Explanation: Port number 110 is the logical port number for Post Office Protocol-3 service. This
protocol periodically checks our mail-box for synchronizing our latest emails with that of the server.
12. Which of the following is the port number for SNMP?
a) 160
b) 161
c) 162
d) 163
View Answer
Answer: b
Explanation: Port number 161 is the logical port number for Simple Network Management Protocol
(SNMP) service. It’s an application layer protocol that helps in managing and monitoring our
network devices.
13. Which of the following is the port number for SNMP – Trap?
a) 160
b) 161
c) 162
d) 163
View Answer
Answer: c
Explanation: Port number 161 is the logical port number for Simple Network Management Protocol
(SNMP) – Trap service, where Trap is used for services like prompting with alerts if the device that
is using SNMP-trap is overheated.

Cyber Security Questions and Answers – Firewalls – 1

« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Firewalls –
1”.

1. Firewalls can be of _______ kinds.

a) 1
b) 2
c) 3
d) 4
View Answer
Answer: c
Explanation: Firewalls are of three kinds – one is the hardware firewalls, another is software
firewalls and the other is a combination of both hardware and software.
2. _________________ is the kind of firewall is connected between the device and the network
connecting to internet.
a) Hardware Firewall
b) Software Firewall
c) Stateful Inspection Firewall
d) Microsoft Firewall
View Answer
Answer: a
Explanation: Hardware firewalls are those firewalls that need to be connected as additional hardware
between the device through which the internet is coming to the system and the network used for
connecting to the internet.
3. _________ is software that is installed using an internet connection or they come by-default with
operating systems.
a) Hardware Firewall
b) Software Firewall
c) Stateful Inspection Firewall
d) Microsoft Firewall
View Answer
Answer: b
Explanation: Software firewalls are those kinds of firewalls that are installed in the system using
internet connection as we install normal applications and update them. Some operating system
vendors provide default firewalls with their operating systems.
4. Which of the following is not a software firewall?
a) Windows Firewall
b) Outpost Firewall Pro
c) Endian Firewall
d) Linksys Firewall
View Answer
Answer: d
Explanation: Windows Firewall, Outpost Firewall Pro and Endian Firewall are software firewalls that
are installed in the system. Linksys firewall is not an example of a software firewall.
5. Firewall examines each ____________ that are entering or leaving the internal network.
a) emails users
b) updates
c) connections
d) data packets
View Answer
Answer: d
Explanation: Firewalls examines each data packets that are entering or leaving the internal network
which ultimately prevents unauthorized access.
6. A firewall protects which of the following attacks?
a) Phishing
b) Dumpster diving
c) Denial of Service (DoS)
d) Shoulder surfing
View Answer
Answer: c
Explanation: Firewalls are used to protect the computer network and restricts illicit traffic. Denial of
Service (DoS) attack is one such automated attack which a firewall with proper settings and the
updated version can resist and stop from getting executed.
7. There are ______ types of firewall.
a) 5
b) 4
c) 3
d) 2
View Answer
Answer: b
Explanation: There are four types of firewall based on their working and characteristics. These are
Packet Filtering Firewalls, Circuit Level Gateway Firewalls, Application level Gateway Firewalls,
and Stateful Multilayer Inspection Firewalls.
8. Packet filtering firewalls are deployed on ________
a) routers
b) switches
c) hubs
d) repeaters
View Answer
Answer: a
Explanation: Packet filtering firewalls are deployed on routers that help in connecting internal
network worldwide via the internet.
9. In the ______________ layer of OSI model, packet filtering firewalls are implemented.
a) Application layer
b) Session layer
c) Presentation layer
d) Network layer
View Answer
Answer: d
Explanation: In the network layer, which is the third layer of the OSI (Open Systems
Interconnection) model, packet filtering firewalls are implemented.
10. The __________ defines the packet filtering firewall rules.
a) Access Control List
b) Protocols
c) Policies
d) Ports
View Answer
Answer: a
Explanation: The Access Control List is a table containing rules that instruct the firewall system to
provide the right access. It checks all the packets and scans them against the defined rule set by
Network administrator in the packet filtering firewall.
11. ACL stands for _____________
a) Access Condition List
b) Anti-Control List
c) Access Control Logs
d) Access Control List
View Answer
Answer: d
Explanation: The Access Control List is a table containing to check all the packets and scans them
against the defined rule set by Network administrator in any particular system or firewall.
12. When a packet does not fulfil the ACL criteria, the packet is _________
a) resend
b) dropped
c) destroyed
d) acknowledged as received
View Answer
Answer: b
Explanation: In the packet filtering firewall, when the rules defined by the Access Control List is not
meet by any data packet, the packet is dropped & logs are updated in the firewall.
13. Network administrators can create their own ACL rules based on _______ ________ and
_______
a) Address, Protocols and Packet attributes
b) Address, Protocols and security policies
c) Address, policies and Packet attributes
d) Network topology, Protocols and data packets
View Answer
Answer: a
Explanation: Network administrators can create their own ACL rules based on Address, Protocols
and Packet attributes. This is generally done where the specific customised type of data packets need
to pass through firewall screening.
14. One advantage of Packet Filtering firewall is __________
a) more efficient
b) less complex
c) less costly
d) very fast
View Answer
Answer: c
Explanation: Packet filtering firewalls are more advantageous because they are less costly and they
use fewer resources and are used effectively in small networks.
15. Packet filtering firewalls work effectively in _________ networks.
a) very simple
b) smaller
c) large
d) very large complex
View Answer
Answer: b
Explanation: Packet Filtering Firewalls are applied within routers which connect the internal
Network system with the outside network using the internet. It works effectively if the internal
network is smaller in size.

Cyber Security Questions and Answers – Firewalls – 2

« Prev
Next »
This set of Cyber Security Interview Questions and Answers for Experienced people focuses on
“Firewalls – 2”.

1. Packet filtering firewalls are vulnerable to __________

a) hardware vulnerabilities
b) MiTM
c) phishing
d) spoofing
View Answer
Answer: d
Explanation: One popular disadvantage of the packet filtering technique is that it cannot support the
complex models of rules and is spoofing attack-prone in some cases as well.
2. Circuit-level gateway firewalls are installed in _______ layer of OSI model.
a) Application layer
b) Session layer
c) Presentation layer
d) Network layer
View Answer
Answer: b
Explanation: In the session layer (which is the fifth layer) of the OSI model, circuit-level gateway
firewalls are deployed for monitoring TCP sessions for 3-way handshakes.
3. Which of these comes under the advantage of Circuit-level gateway firewalls?
a) They maintain anonymity and also inexpensive
b) They are light-weight
c) They’re expensive yet efficient
d) They preserve IP address privacy yet expensive
View Answer
Answer: a
Explanation: For a private network, or for organizations, circuit-level gateway firewalls maintain
anonymity. They’re also inexpensive as compared to other firewall types.
4. Which of the following is a disadvantage of Circuit-level gateway firewalls?
a) They’re expensive
b) They’re complex in architecture
c) They do not filter individual packets
d) They’re complex to setup
View Answer
Answer: c
Explanation: Circuit-level gateway firewalls don’t filter packets individually which gives the attacker
a chance to take access in the network.
5. _____________ gateway firewalls are deployed in application-layer of OSI model.
a) Packet Filtering Firewalls
b) Circuit Level Gateway Firewalls
c) Application-level Gateway Firewalls
d) Stateful Multilayer Inspection Firewalls
View Answer
Answer: c
Explanation: Application level Gateway Firewalls are deployed in the application-layer of OSI model
for protecting the network for different protocols of the application layer.
6. Application level gateway firewalls protect the network for specific _____________
a) application layer protocol
b) session layer protocol
c) botnet attacks
d) network layer protocol
View Answer
Answer: a
Explanation: Some specific application layer protocols need protection from attacks which is done by
the application level gateway firewall in the application layer of the OSI model.
7. Application level gateway firewalls are also used for configuring cache-servers.
a) True
b) False
View Answer
Answer: a
Explanation: As caching servers, the application level gateway firewalls are configured that helps in
increasing the network performance making it smooth for logging traffic.
8. ___________ firewalls are a combination of other three types of firewalls.
a) Packet Filtering
b) Circuit Level Gateway
c) Application-level Gateway
d) Stateful Multilayer Inspection
View Answer
Answer: d
Explanation: Stateful Multilayer Inspection firewalls are a combination of other three types of
firewalls. These combinations are Packet filtering, circuit level and application-level gateway
firewalls.
9. Stateful Multilayer Inspection firewall cannot perform which of the following?
a) Filter network layer packets
b) Check for legitimate session
c) Scans for illicit data packets at the presentation layer
d) Evaluate packets at application lager
View Answer
Answer: c
Explanation: Stateful Multilayer Inspection firewalls are designed to perform filtering packets in the
network layer, check for legitimate sessions in the session layer as well as evaluate all packets at the
application layer of OSI model. But it cannot scan for illicit data packets at the presentation layer.
10. We can also implement ____________ in Stateful Multilayer Inspection firewall.
a) external programs
b) algorithms
c) policies
d) algorithms and external programs
View Answer
Answer: b
Explanation: Stateful Multilayer Inspection firewall can also allow us to implement algorithms as
well as complex security modes making data transfer more secure.
11. One advantage of Stateful Multilayer Inspection firewall is __________
a) costlier but easy to understand
b) large to manage
c) complex internal architecture
d) large to manage but efficient
View Answer
Answer: c
Explanation: Stateful Multilayer Inspection firewalls are complex internally due to multiple
characteristics of different firewalls incorporated together which makes it powerful and more secure.
12. Packet filtering firewalls are also called ____________
a) first generation firewalls
b) second generation firewalls
c) third generation firewalls
d) fourth generation firewalls
View Answer
Answer: a
Explanation: Packet filtering firewalls are also called the first generation firewalls. It came into the
picture around the 1980s. Packet filtering technique cannot support the complex models of rules and
is spoofing attack-prone in some cases as well.
13. Stateful Multilayer firewalls are also called ____________
a) first generation firewalls
b) second generation firewalls
c) third generation firewalls
d) fourth generation firewalls
View Answer
Answer: b
Explanation: Stateful multilayer firewalls are also called second generation firewalls. They came into
the picture in around 1989-1990. Due to multiple characteristics of different firewalls in Multilayer
Inspection firewalls, it makes such type of firewalls powerful and more secure.
14. Application layer firewalls are also called ____________
a) first generation firewalls
b) second generation firewalls
c) third generation firewalls
d) fourth generation firewalls
View Answer
Answer: c
Explanation: Application layer firewalls are also called third generation firewalls. They came into the
picture in around 1995-1998. Application level gateway firewalls are helped in making the network
performance smooth for logging traffic.

Cyber Security Questions and Answers – VPNs

« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “VPNs”.

1. VPN is abbreviated as __________

a) Visual Private Network
b) Virtual Protocol Network
c) Virtual Private Network
d) Virtual Protocol Networking
View Answer
Answer: c
Explanation: A Virtual Private Network i.e. VPN is a technique used in networking or other
intermediate networks for connecting computers and making them isolated remote computer
networks, maintaining a tunnel of security and privacy.
2. __________ provides an isolated tunnel across a public network for sending and receiving data
privately as if the computing devices were directly connected to the private network.
a) Visual Private Network
b) Virtual Protocol Network
c) Virtual Protocol Networking
d) Virtual Private Network
View Answer
Answer: d
Explanation: A Virtual Private Network i.e. VPN is a technique used in networking or other
intermediate networks for connecting computers and making them isolated remote computer
networks, maintaining a tunnel of security and privacy.
3. Which of the statements are not true to classify VPN systems?
a) Protocols used for tunnelling the traffic
b) Whether VPNs are providing site-to-site or remote access connection
c) Securing the network from bots and malwares
d) Levels of security provided for sending and receiving data privately
View Answer
Answer: c
Explanation: VPN systems have specific protocols for tunnelling the traffic, secure remote access
connectivity as well as make sure how many levels of security it is providing for private data
communication.
4. What types of protocols are used in VPNs?
a) Application level protocols
b) Tunnelling protocols
c) Network protocols
d) Mailing protocols
View Answer
Answer: a
Explanation: All VPNs are formed with a combination of tunnelling protocols as well as encryption
techniques for maintaining privacy and security.
5. VPNs uses encryption techniques to maintain security and privacy which communicating remotely
via public network.
a) True
b) False
View Answer
Answer: a
Explanation: All VPNs are formed with a combination of tunnelling protocols as well as encryption
techniques for maintaining privacy and security.
6. There are _________ types of VPNs.
a) 3
b) 2
c) 5
d) 4
View Answer
Answer: b
Explanation: VPNs are of two types. These are remote access VPNs & Site-to-site VPNs. Remote
Access VPNs are used for business & home users. Site-to-site VPNs are mainly used in companies
and firms with different geographical locations.
7. Site-to-site VPNs are also known as ________
a) Switch-to-switch VPNs
b) Peer-to-Peer VPNs
c) Point-to-point VPNs
d) Router-to-router VPNs
View Answer
Answer: d
Explanation: Site-to-site VPNs are also known as Router-to-router VPNs. They are mainly used in
companies and firms with different geographical locations.
8. _________ type of VPNs are used for home private and secure connectivity.
a) Remote access VPNs
b) Site-to-site VPNs
c) Peer-to-Peer VPNs
d) Router-to-router VPNs
View Answer
Answer: a
Explanation: Remote access VPN allows individual users to connect to private networks at home and
access resources remotely.
9. Which types of VPNs are used for corporate connectivity across companies residing in different
geographical location?
a) Remote access VPNs
b) Site-to-site VPNs
c) Peer-to-Peer VPNs
d) Country-to-country VPNs
View Answer
Answer: b
Explanation: Site-to-site VPNs are also known as Router-to-router VPNs which are typically used in
companies and firms for connecting remotely different branches with different geographical
locations.
10. Site-to-Site VPN architecture is also known as _________
a) Remote connection based VPNs
b) Peer-to-Peer VPNs
c) Extranet based VPN
d) Country-to-country VPNs
View Answer
Answer: c
Explanation: Site-to-site VPN architecture is also known as extranet based VPNs because these type
of VPNs are typically used to connect firms externally between different branches of the same
company.
11. There are ________ types of VPN protocols.
a) 3
b) 4
c) 5
d) 6
View Answer
Answer: d
Explanation: There are six types of protocols used in VPN. These are Internet Protocol Security or
IPSec, Layer 2 Tunnelling Protocol (L2TP), Point – to – Point Tunnelling Protocol (PPTP), Secure
Sockets Layer (SSL), OpenVPN and Secure Shell (SSH).
12. For secure connection, Remote access VPNs rely on ___________ and ____________
a) IPSec, SSL
b) L2TP, SSL
c) IPSec, SSH
d) SSH, SSL
View Answer
Answer: a
Explanation: A remote-access VPN typically depends on either Secure Sockets Layer (SSL) or IP
Security (IPsec) for a secure connection over public network.
13. A ______ can hide a user’s browsing activity.
a) Firewall
b) Antivirus
c) Incognito mode
d) VPN
View Answer
Answer: d
Explanation: VPNs are used for hiding user’s browsing activities and maintain anonymity. This also
helps in preventing user’s personal browsing data leakage and protects the leakage of browsing
habits.
14. __________ masks your IP address.
a) Firewall
b) Antivirus
c) VPN
d) Incognito mode
View Answer
Answer: c
Explanation: VPNs are used for masking user’s IP address and maintain anonymity. This protects
leakage of IP address that almost every website grabs when a user opens a website.
15. _________ are also used for hides user’s physical location.
a) Firewall
b) Antivirus
c) Incognito mode
d) VPN
View Answer
Answer: d
Explanation: VPNs are used for hiding your physical location which helps in maintaining anonymity.
Using IP address and browsing habits, link search, your physical location can be traced.
16. Using VPN, we can access _______________
a) Access sites that are blocked geographically
b) Compromise other’s system remotely
c) Hide our personal data in the cloud
d) Encrypts our local drive files while transferring
View Answer
Answer: a
Explanation: With the help of VPN, users can access and connect to sites that are kept blocked by the
ISPs based on a specific geographic location.

Cyber Security Questions and Answers – Linux OS and its

Security
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Linux OS and
its Security”.

1. _________ is one of the most secured Linux OS that provides anonymity and an incognito option
for securing its user data.
a) Fedora
b) Tails
c) Ubuntu
d) OpenSUSE
View Answer
Answer: b
Explanation: If any user is looking for Linux based security solutions, Tails is one of the most
popular Linux-based operating systems that provides anonymity and an incognito option for securing
its user data.
2. Which of the following OS does not comes under a secured Linux OS list?
a) Qubes OS
b) Tails
c) Tin Hat
d) Ubuntu
View Answer
Answer: d
Explanation: Qubes OS, Tails OS, and Tin Hat are amongst the most secured Linux Operating
Systems (OS) that provide fast and secure Linux experience along with maintaining anonymity for
the users.
3. ____________ is a Debian-Linux based OS that has 2 VMs (Virtual Machines) that help in
preserving users’ data private.
a) Fedora
b) Ubuntu
c) Whonix
d) Kubuntu
View Answer
Answer: c
Explanation: Whonix is a Debian-Linux based OS that has 2 VMs (Virtual Machines) that help in
preserving users’ data private. One VM is a Tor Gateway that runs Debian while the other is
Workstation.
4. Subgraph OS is a Debian based Linux distro which provides hardcore anonymity and is approved
by Edward Snowden.
a) True
b) False
View Answer
Answer: a
Explanation: Subgraph OS is a secured Debian-based Linux distro which provides hardcore
anonymity and is approved by Edward Snowden. It helps the users give anonymous digital
experience along with data hardening feature.
5. Which of the following comes under secured Linux based OS?
a) Ubuntu
b) Fedora
c) Kubuntu
d) Tails
View Answer
Answer: d
Explanation: If any user is looking for Linux based security solutions, Tails is one of the most
popular Linux-based operating systems that provide anonymity and incognito option for securing its
user data.
6. Using the ______ account of a UNIX system, one can carry out administrative functions.
a) root
b) administrative
c) user
d) client
View Answer
Answer: a
Explanation: Using the root account of a UNIX system, one can carry out administrative functions in
the system. Rest of the accounts in the system are unprivileged, i.e. other accounts have no rights
beyond accessing of files having proper permission.
7. In your Linux-based system, you have to log-in with your root account for managing any feature
of your system.
a) True
b) False
View Answer
Answer: b
Explanation: Try to avoid logging in as a root user. In your Linux-based system, you don’t have to
log-in with your root account for managing any feature of your system. For the administrative task,
you can use the tool or command ‘sudo’ or ‘su’ that gives root privileges.
8. In a Linux-based system, the accounts may be members of 1 or more than one group.
a) True
b) False
View Answer
Answer: a
Explanation: In a Linux-based system, the accounts may be members of 1 or more groups. If any
group has been assigned to access resources, then from the security perspective, one needs to keep in
mind that every member of that group gets access to it automatically.
9. MAC is abbreviated as _______________
a) Machine Access Control
b) Mandatory Accounts Control
c) Mandatory Access Controlling
d) Mandatory Access Control
View Answer
Answer: d
Explanation: Mandatory Access Control systems provides separation of a computer and its OS into
several small discrete sections. This is because the user of a system can only utilize those pieces of a
system for which they’ve been given permission to.
10. _______________ in a system is given so that users can use dedicated parts of the system for
which they’ve been given access to.
a) Machine Access Control
b) Mandatory Accounts Control
c) Mandatory Access Control
d) Mandatory Access Controlling
View Answer
Answer: c
Explanation: Mandatory Access Control is a technique that provides separation of a computer with
its OS into several small discrete sections so that the user of a system can only utilize those pieces of
a system for which they’ve been given permission to.
11. DTE is abbreviated as ___________________
a) Domain and Type Enforcing
b) Domain and Type Enforcement
c) DNS and Type Enforcement
d) DNS and Type Enforcing
View Answer
Answer: b
Explanation: Domain and Type Enforcement is a technique for access-control in technology and in
OS like Linux which helps in limiting the access of programs that are running, to limited users, or
only to those who have permission to access.
12. RBAC is abbreviated as ______________
a) Rule-Based Accessing Control
b) Role-Based Access Control
c) Rule-Based Access Control
d) Role-Based Accessing Control
View Answer
Answer: b
Explanation: RBAC which is abbreviated as Role-Based Access Control defines a set of functions for
users in a Linux system and is often built on top of DTE systems. Here users can log for certain roles
and run particular programs that are apposite for the role.

Cyber Security Questions and Answers – Buffer Overflow –

1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Buffer
Overflow – 1”.

1. A __________ is a sequential segment of the memory location that is allocated for containing
some data such as a character string or an array of integers.
a) stack
b) queue
c) external storage
d) buffer
View Answer
Answer: d
Explanation: A buffer is a sequential segment of the memory location that is allocated for containing
some data such as a character string or an array of integers. The buffer can handle data only if limited
data is inserted.
2. In a _____________ attack, the extra data that holds some specific instructions in the memory for
actions is projected by a cyber-criminal or penetration tester to crack the system.
a) Phishing
b) MiTM
c) Buffer-overflow
d) Clickjacking
View Answer
Answer: c
Explanation: In a buffer-overflow attack, the extra data that holds some specific instructions in the
memory for actions is projected by a cyber-criminal or penetration tester to crack the system.
3. How many types of buffer-overflow attack are there?
a) 4
b) 2
c) 5
d) 3
View Answer
Answer: b
Explanation: There are two different types of buffer-overflow attack. These are stack-based and
heap-based buffer overflow. In both the cases, this type of exploit takes advantage of an application
that waits for user’s input.
4. Let suppose a search box of an application can take at most 200 words, and you’ve inserted more
than that and pressed the search button; the system crashes. Usually this is because of limited
__________
a) buffer
b) external storage
c) processing power
d) local storage
View Answer
Answer: a
Explanation: In a scenario, where to suppose a search box of an application can take at most 200
words, and you’ve inserted more than that and pressed the search button; the system crashes.
Usually, this is because of the limited buffer.
5. ______________ is a widespread app’s coding mistake made by developers which could be
exploited by an attacker for gaining access or malfunctioning your system.
a) Memory leakage
b) Buffer-overrun
c) Less processing power
d) Inefficient programming
View Answer
Answer: b
Explanation: Buffer-overflow, also known as buffer-overrun is a widespread application’s coding
mistake made by developers which could be exploited by an attacker for gaining access or
malfunctioning your system.
6. Buffer-overflow is also known as ______________
a) buffer-overrun
b) buffer-leak
c) memory leakage
d) data overflow
View Answer
Answer: a
Explanation: Buffer-overflow, also known as buffer-overrun is a widespread application’s coding
mistake made by app developers which could be exploited by an attacker for gaining access or
malfunctioning your system.
7. Buffer-overflow may remain as a bug in apps if __________ are not done fully.
a) boundary hacks
b) memory checks
c) boundary checks
d) buffer checks
View Answer
Answer: c
Explanation: Buffer-overflow may remain as a bug in apps if boundary checks are not done fully by
developers or are skipped by the QA (Quality Assurance) testers of the software development team.
8. Applications developed by programming languages like ____ and ______ have this common
buffer-overflow error.
a) C, Ruby
b) Python, Ruby
c) C, C++
d) Tcl, C#
View Answer
Answer: c
Explanation: Applications developed by programming languages like C and C++ have this common
buffer-overflow error. The strcat(), strcpy(), sprintf(), gets() etc when called in C and C++ can be
exploited because these functions don’t check whether the stack is large enough for storing the data.
9. Why apps developed in languages like C, C++ is prone to Buffer-overflow?
a) No string boundary checks in predefined functions
b) No storage check in the external memory
c) No processing power check
d) No database check
View Answer
Answer: a
Explanation: The strcat(), strcpy(), sprintf(), gets() etc when called in C and C++ can be exploited
because these functions don’t check whether the stack is large enough for storing the data fetched
from some other variable holding larger data.
10. Old operating systems like _______ and NT-based systems have buffer-overflow attack a
common vulnerability.
a) Windows 7
b) Chrome
c) IOS12
d) UNIX
View Answer
Answer: d
Explanation: Old operating systems like UNIX and NT-based systems have buffer-overflow attack a
common vulnerability. This is because they were developed in old programming languages.

Cyber Security Questions and Answers – Buffer Overflow –

2
« Prev
Next »
This set of Cyber Security test focuses on “Buffer Overflow – 2”.

1. Buffer-overflow attack can take place if a machine can execute a code that resides in the data/stack
segment.
a) True
b) False
View Answer
Answer: a
Explanation: Buffer-overflow attack can take place either the programmer lack boundary testing or if
a machine can execute a code that resides in the data/stack segment.
2. Among the two types ____________buffer-overflow is complex to execute and the least common
attack that may take place.
a) memory-based
b) queue-based
c) stack-based
d) heap-based
View Answer
Answer: d
Explanation: Among the two types of buffer-overflow, heap-based buffer-overflow attacks are hard
to execute and the least common of the 2 types. It attacks the application by flooding the space of
memory that is reserved for a program.
3. _____________ buffer overflows, which are more common among attackers.
a) Memory-based
b) Queue-based
c) Stack-based
d) Heap-based
View Answer
Answer: c
Explanation: In the case of stack-based buffer overflows, which is very common among the two
types of buffer-overflow; it exploits applications by flooding the stack: memory-space where users
externally input the data.
4. With the lack of boundary check, the program ends abnormally and leads to ___________ error.
a) logical
b) segmentation
c) compile-time
d) syntax
View Answer
Answer: b
Explanation: In buffer-overflow, with the lack of boundary check, the program ends abnormally and
leads to segmentation error or bus error. Sometimes the application on which the attack was done get
stuck or hang and suddenly the app closes.
5. In an application that uses heap, the memory for data is allocated ____________
a) logical
b) dynamically
c) statically
d) at the beginning of the program
View Answer
Answer: b
Explanation: In an application that uses the heap, memory utilized by the application is allocated
dynamically at runtime. Access to such memories is comparatively slower than memories that use the
stack.
6. In an application that uses stack, the memory for data is allocated ____________
a) logical
b) dynamically
c) statically
d) at the end of the program
View Answer
Answer: c
Explanation: In application that uses heap, memory utilized by the application is allocated at the
beginning of the function call and the memory get released at the end of a program. Accessing of
values in the stack is very fast.
7. Malicious code can be pushed into the _________ during ______________ attack.
a) stack, buffer-overflow
b) queue, buffer-overflow
c) memory-card, buffer-overflow
d) external drive, buffer-overflow
View Answer
Answer: a
Explanation: Malicious code can be pushed into the stack during the buffer-overflow attack. The
overflow can be used to overwrite the return pointer so that the control-flow switches to the
malicious code.
8. Variables that gets created dynamically when a function (such as malloc()) is called is created in
the form of _______ data-structure.
a) array
b) queue
c) stack
d) heap
View Answer
Answer: d
Explanation: Variables that gets created dynamically when a function (such as malloc()) is called is
created in the form of heap data-structure. In heap-based overflow, the buffer is placed on the lower
part of the heap, overwriting all dynamically generated variables.
9. How many primary ways are there for detecting buffer-overflow?
a) 6
b) 3
c) 2
d) 5
View Answer
Answer: c
Explanation: There are two ways to detect buffer-overflow in an application. One way is to look into
the code and check whether the boundary check has been properly incorporated or not. The other
way is to make the executable build of the product, feed the application with a huge amount of data
and check for abnormal behaviour.
10. Testing for buffer-overflow in a system can be done manually and has two possible ways.
a) True
b) False
View Answer
Answer: a
Explanation: Testing for buffer-overflow in a system can be done manually, and has two possible
ways. One way is to look into the code and check whether the boundary check has been properly
incorporated or not. The other way is to make the executable build of the product, feed the
application with a huge amount of data and check for abnormal behaviour

Cyber Security Questions and Answers – Enumerating in

Cyber Security
« Prev
Next »
This set of Cyber Security Question Paper focuses on “Enumerating in Cyber Security”.

1. Attackers commonly target ____________ for fetching IP address of a target or victim user.
a) websites
b) web pages
c) ip tracker
d) emails
View Answer
Answer: a
Explanation: Enumeration by cyber-attackers is possible through websites also, as the attackers target
websites for fetching the IP address of the victim or the target user.
2. Developing a fake or less useful website and is meant to just fetch the IP address is very easily
done by attackers.
a) True
b) False
View Answer
Answer: a
Explanation: Developing a fake or less useful website and is meant to just fetch the IP address is very
easily done by attackers. Enumeration by cyber-attackers is possible through websites also, as the
attackers target websites for fetching the IP address of the victim or the target user.
3. What common web scripting languages are used by attackers to fetch various details from its
surfing users?
a) Tcl and C#
b) C++ and HTML
c) HTML and Python
d) Perl and JavaScript
View Answer
Answer: d
Explanation: Various scripting languages are used by attackers, such as Perl and JavaScript, that are
programmed to fetch not only the IP address from the site but also other user’s personal information.
4. ______________ is the first phase of ethical hacking.
a) DNS poisoning
b) Footprinting
c) ARP-poisoning
d) Enumeration
View Answer
Answer: d
Explanation: Enumeration is the first phase of Ethical Hacking where a gathering of information is
done for the process of hacking or attacking any victim or system. Here that attacker tries to discover
as much attack vectors as possible.
5. Enumeration is done to gain information. Which of the following cannot be achieved using
enumeration?
a) IP Tables
b) SNMP data, if not secured appropriately
c) Private chats
d) List of username and password policies
View Answer
Answer: c
Explanation: Enumeration is an information gaining technique used in ethical hacking to achieve data
regarding victim’s IP table, SNMP data, lists of username and passwords of different systems etc but
not private chats.
6. Enumeration does not depend on which of the following services?
a) DNS enumeration
b) SNMP enumeration
c) NTP enumeration
d) HTTPS enumeration
View Answer
Answer: d
Explanation: Enumerations depend on the different services that the system offers. These services are
– SMB enumeration, DNS enumeration, SNMP numeration, NTP enumeration, and Linux/Windows
enumeration.
7. __________ suite is used for NTP enumeration.
a) DNS
b) NTP
c) HTTP
d) SNMP
View Answer
Answer: b
Explanation: NTP Suite is employed for NTP enumeration. This is significant for a network
environment; where anyone can discover other primary servers which assist the hosts to update their
time, and the entire process can be done without authenticating.
8. enum4linux is used to enumerate _______________
a) Linux systems
b) Windows systems
c) Chrome systems
d) Mac systems
View Answer
Answer: a
Explanation: ‘enum4linux’ is implemented for enumerating the Linux systems. Using this, the
attacker can examine and establish the usernames that are present in a target host.
9. ___________ is used that tries for guessing the usernames by using SMTP service.
a) smtp-user-enum
b) smtp-enum
c) snmp-enum
d) snmp-user-enum
View Answer
Answer: a
Explanation: SNMP-user-enum is used that tries to guess the usernames by using SMTP service.
Using this, an attacker can examine and establish the usernames that are present in a target host.
10. To stop your system from getting enumerated, you have to disable all services.
a) True
b) False
View Answer
Answer: a
Explanation: To stop your system from getting enumerated, it is recommended to disable all services
that are not in use. It lessens the potential of OS enumeration of your system.
11. Even our emails contain the IP address of the sender which helps in the enumeration. We can get
this IP from ___________ from within the email.
a) ‘forward’ option
b) ‘show original’ option
c) ‘Show full email’
d) ‘View Original’ option
View Answer
Answer: b
Explanation: It is possible to know the IP address of the sender of your email by opening the email
and going to the ‘more’ button and then selecting the ‘show original’ option. In this way, one can
find the IP address and do enumeration.
12. __________________is a computing action used in which usernames & info about user-groups,
shares as well as services of networked computers can be regained.

a) Hardware enumeration
b) System enumeration
c) Network enumeration
d) Cloud enumeration
View Answer
Answer: c
Explanation: Network enumeration is a computing action used in which usernames & info about
user-groups, shares as well as services of networked computers can be regained.
13. Network enumeration is the finding of __________ or devices on a network.
a) hosts
b) servers
c) network connection
d) cloud storage
View Answer
Answer: a
Explanation: Network enumeration is the detection of hosts or devices on a particular network.
Network enumeration is a computing action used in which usernames & info about user-groups,
shares as well as services of networked computers can be regained.
14. A _______________ is a computer program implemented for recovering usernames & info on
groups, shares as well as services of networked computers.
a) hardware enumerator
b) software enumerator
c) network enumerator
d) cloud enumerator
View Answer
Answer: c
Explanation: A network enumerator is a computer program implemented for recovering usernames &
info on groups, shares as well as services of networked computers. These type of programs are used
for network enumeration in order to detect hosts or devices on a particular network.
15. Network enumerator is also known as ________________
a) hardware scanner
b) software enumerator
c) program enumerator
d) network scanner
View Answer
Answer: d
Explanation: Network enumerator is also known as Network scanner which is a computer program
implemented for recovering usernames & info on groups, shares as well as services of networked
computers.

Cyber Security Questions and Answers – Hacking and

Security Skills
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Hacking and
Security Skills”.

1. An ethical hacker must need to have the skills of understanding the problem, networking
knowledge and to know how the technology works.
a) True
b) False
View Answer
Answer: a
Explanation: An ethical hacker must need to have the skills of understanding the problem,
networking knowledge and to know how the technology works. Password guessing and securing,
network traffic sniffing, exploring for vulnerabilities are some other skills.
2. _________ persistence and up-to-date with the latest technological updates and their flaws are
some of the major qualities; an ethical hacker must need to have.
a) Lack of understanding
b) Weak programming skills
c) High patience
d) Low perseverance
View Answer
Answer: c
Explanation: High patience, persistence, perseverance, and up-to-date with the latest technological
updates and their flaws are some of the major qualities, an ethical hacker must need to have.
3. ________________ enables a hacker to open a piece of program or application and re-build it with
further features & capabilities.
a) Social engineering
b) Reverse engineering
c) Planting malware
d) Injecting code
View Answer
Answer: b
Explanation: Reverse engineering is the technique used to enable a hacker to open a piece of program
or application (usually in a low-level language such as Assembly language) and re-build it with
further features & capabilities.
4. Which of the following do not comes under the intangible skills of hackers?
a) Creative thinking
b) Problem-solving capability
c) Persistence
d) Smart attacking potential
View Answer
Answer: d
Explanation: Every hacker must possess some intangible skill-set such as creative thinking to process
out a new way of penetrating a system, problem-solving skills as to cease down any active attack and
persistence, try in different ways without losing hope.
5. Why programming language is important for ethical hackers and security professionals?
a) Only to write malware
b) For solving problems and building tool and programs
c) To teach programming
d) To develop programs to harm others
View Answer
Answer: b
Explanation: A programming language is important for hackers and security professionals to
understand so that they can understand the working behaviour of any virus, ransomware, or other
malware, or write their own defense code to solve a problem. Nowadays, security tools and malware
are developed by security professionals with high skills and knowledge.
6. Understanding of ___________ is also important for gaining access to a system through networks.
a) os
b) email-servers
c) networking
d) hardware
View Answer
Answer: c
Explanation: A proper understanding of networking is very important for hackers who are trying to
gain access to a system through networks. How TCP/IP works, how topologies are formed and what
protocols are used for what purposes are some mandatory stuff a hacker or security professional must
understand.
7. For hacking a database or accessing and manipulating data which of the following language the
hacker must know?
a) SQL
b) HTML
c) Tcl
d) F#
View Answer
Answer: a
Explanation: For hacking a database or accessing and manipulating data, a hacker must need to have
the knowledge of SQL (Structured Query Language). From a hacker’s perspective, if you’ve
accessed any database for short period of time and want to change some specific data, you must need
to write a proper SQL query to search for or implement your hack faster.
8. Information Gathering about the system or the person or about organization or network is not
important.
a) True
b) False
View Answer
Answer: b
Explanation: Information Gathering about the system or the person or about organization or network
is not important so that as a hacker one can get to know well about the target system or victim.

Cyber Security Questions and Answers – Fingerprinting

« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on
“Fingerprinting”.

1. ________________ is an ethical hacking technique used for determining what operating system
(OS) is running on a remote computer.
a) Footprinting
b) Cyber-printing
c) OS fingerprinting
d) OS penetration testing
View Answer
Answer: c
Explanation: OS fingerprinting is an ethical hacking technique used for determining what operating
system (OS) is running on a remote computer.
2. How many types of fingerprinting are there in ethical hacking?
a) 5
b) 4
c) 3
d) 2
View Answer
Answer: d
Explanation: There are two types of fingerprinting in ethical hacking. These are active fingerprinting
and passive fingerprinting. Active fingerprinting is gained if you send especially skilled packets to a
target machine whereas passive fingerprinting is dependent on sniffer traces from the remote
computer.
3. _______________________ is gained if you send especially skilled packets to a target machine.
a) Active fingerprinting
b) Passive fingerprinting
c) OS fingerprinting
d) Network fingerprinting
View Answer
Answer: a
Explanation: Active fingerprinting is gained if you send especially skilled packets to a target machine
and then listing down its replies and analyzing the information gathered for determining the target
OS.
4. _______________________ is based on sniffer traces from the remote system.
a) Active fingerprinting
b) Passive fingerprinting
c) OS fingerprinting
d) Network fingerprinting
View Answer
Answer: b
Explanation: Passive fingerprinting is dependent on the sniffing traces from any remote system.
Depending on the sniffing traces done by tools like Wireshark, attackers can establish and verify the
OS of the remote host.
5. How many basic elements are there for OS fingerprinting?
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: c
Explanation: There are four basic elements that an ethical hacker should look at to determine the
operating system. These are TTL, Don’t fragment bit, Window Size, and Type of Service (TOS).
6. Which of the following do not comes under the important element of OS fingerprinting?
a) TTL
b) TOS
c) DF bits
d) Firewall
View Answer
Answer: d
Explanation: There are four basic elements that an ethical hacker should look at to determine the
operating system. These are TTL (time to Live), Don’t fragment bit, Window Size, and Type of
Service (TOS).
7. By analyzing the factors like TTL, DF bits, Window Size and TOS of a packet, an ethical hacker
may verify the operating system remotely.
a) True
b) False
View Answer
Answer: a
Explanation: There are four basic elements that an ethical hacker should look at to determine the
operating system. By analyzing these elements TTL, DF bits, Window Size and TOS of a packet, an
ethical hacker may verify the operating system remotely.
8. ______________ is a common tool used for doing OS fingerprinting.
a) Hping
b) Wireshark
c) Nmap
d) Nessus
View Answer
Answer: c
Explanation: Nmap is a common tool that is used for performing OS fingerprinting. Before targeting
any system for the attack, it is necessary to know what OS the website is hosting, which can be found
out using some simple command of this tool.
9. To secure your system from such type of attack, you have to hide your system behind any VPN or
proxy server.
a) True
b) False
View Answer
Answer: a
Explanation: It is recommended to hide your system from such fingerprinting attack, performed by
hackers, with a secure proxy server by using VPN tools. This technique will completely preserve
your identity and hence your system.
10. A _____________ is a network scanning practice through which hackers can use to conclude to a
point which IP address from a list of IP addresses is mapping to live hosts.
a) ping-based hacking
b) ping sweep
c) ping-range
d) pinging
View Answer
Answer: b
Explanation: A ping sweep is a network scanning practice through which hackers can use to conclude
to a point which IP address from a list of IP addresses is mapping to live hosts.
11. Ping sweep is also known as ________________
a) ICMP sweep
b) SNMP sweep
c) SGNP sweep
d) SICMP sweep
View Answer
Answer: a
Explanation: A ping sweep which is also known as ICMP sweep is a network scanning practice
through which hackers can use to conclude to a point which IP address from a list of IP addresses is
mapping to live hosts.
12. The _____________ command is used on Linux for getting the DNS and host-related
information.
a) dnslookup
b) lookup
c) nslookup
d) infolookup
View Answer
Answer: c
Explanation: The ‘nslookup’ command is used on Linux for getting the DNS and host-related
information. DNS enumeration is the method used to locate all the DNS-servers and their associated
records.
13. ___________________ is the method used to locate all the DNS-servers and their associated
records for an organization.
a) DNS enumeration
b) DNS hacking
c) DNS cracking
d) DNS server hacking
View Answer
Answer: a
Explanation: DNS enumeration is the method used to locate all the DNS-servers and their associated
records for an organization. ‘nslookup’ command can be used on Linux for getting the DNS and
host-related information.
14. Which of the following operations DNSenum cannot perform?
a) Perform reverse lookups
b) Get the host’s addresses
c) Get extra names and sub-domains through Google scraping
d) Get the admin password
View Answer
Answer: d
Explanation: DNSenum is a popular Perl script that can fetch information such as – fetching host
address, perform a reverse lookup, get additional name and sub-domain through Google scraping etc.
15. The configuration of DNS needs to be done in a secure way.
a) True
b) False
View Answer
Answer: a
Explanation: Configuration of DNS needs to be done in a secure way, otherwise it is possible that
cyber-criminals and hackers may take away lots of sensitive information from the organization

Cyber Security Questions and Answers – Exploits and

Exploitation
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Exploits and
Exploitation”.

1. ________________ are piece of programs or scripts that allow hackers to take control over any
system.
a) Exploits
b) Antivirus
c) Firewall by-passers
d) Worms
View Answer
Answer: a
Explanation: Exploits are the piece of programs or scripts that allow hackers to take control over any
system. Vulnerability scanners such as Nexpose and Nessus are used for finding such vulnerabilities.
2. The process of finding vulnerabilities and exploiting them using exploitable scripts or programs
are known as _____________
a) infiltrating
b) exploitation
c) cracking
d) hacking
View Answer
Answer: b
Explanation: The process of finding vulnerabilities and exploiting them using exploitable scripts or
programs are known as exploitation. Vulnerability scanners such as Nexpose and Nessus are used for
finding such vulnerabilities and then they are exploited using such programs and scripts.
3. Which of them is not a powerful vulnerability detecting tool?
a) Nessus
b) Nexpose
c) Metasploit
d) Nmap
View Answer
Answer: d
Explanation: Some of the most widely used tools for detecting vulnerabilities in a system are Nessus,
Nexpose, Metasploit and OpenVAS. Hackers use these tools for detecting vulnerabilities and then
write exploits to exploit the systems.
4. __________ is the specific search engine for exploits where anyone can find all the exploits
associated to vulnerability.
a) Google
b) Bing
c) Exploit-db
d) Exploit-engine
View Answer
Answer: c
Explanation: Since based on vulnerabilities, we can find exploits, Exploit-db is the specific search
engine for exploits where anyone can find all the exploits associated with vulnerability. You can find
this from https://www.exploit-db.com.
5. Which of the following are not a vulnerability-listed site/database?
a) Exploit-db
b) Common Vulnerabilities and Exposures (CVE)
c) National Vulnerability Database (NVD)
d) Bing Vulnerability database (BVD)
View Answer
Answer: d
Explanation: Exploit-db (https://www.exploit-db.com/), Common Vulnerabilities and Exposures
(CVE) (https://cve.mitre.org/), and National Vulnerability Database (NVD) (https://nvd.nist.gov/) are
three vulnerability listing site.
6. There are __________ types of exploits based on their working.
a) two
b) three
c) four
d) five
View Answer
Answer: a
Explanation: There are two different types of exploits. These are remote exploits – where hackers can
gain access to the system or network remotely, and local exploits – where the hacker need to access
the system physically and overpass the rights.
7. How many types of exploits are there based on their nature from hacking’s perspective?
a) 4
b) 3
c) 2
d) 5
View Answer
Answer: c
Explanation: There are basically 2 types of exploits based on the nature of their existence and
knowledge. These are known and unknown (i.e. Zero Day). Known exploits are those that are
released publicly and people know about them. Unknown exploits are such type of exploits that are
not known or the bugs are not fixed by vendors or owners.
8. Known exploits have a confirmation of and measures can be taken against it to resolve them.
a) True
b) False
View Answer
Answer: a
Explanation: Known exploits have a confirmation of and measures can be taken against it to resolve
them. These types of vulnerabilities and exploit details are available online in blogs and sites.
9. Unknown exploits are those exploits that have not yet been reported openly and hence present a
straightforward attack at firms and the government agencies.
a) True
b) False
View Answer
Answer: a
Explanation: Unknown exploits are those exploits that have not yet been reported openly and hence
present a straightforward attack at firms and the government agencies. They’re also called Zero-day
exploits.
10. A ____________ is a set of changes done to any program or its associated data designed for
updating, fixing, or improving it.
a) scratch
b) patch
c) fixer
d) resolver
View Answer
Answer: b
Explanation: The term ‘patch’ in the applied computer science is a set of changes done to any
program or its associated data designed for updating, fixing, or improving it. Patch releases are done
by vendors to solve any bug in a system.
11. Fixing of security vulnerabilities in a system by additional programs is known as __________
patches.
a) hacking
b) database
c) server
d) security
View Answer
Answer: d
Explanation: Fixing of security vulnerabilities in a system by additional programs is known as
security patches. These type of patches helps in fixing security bugs and improving the overall
security of the system.
12. Known bugs can be solved or removed by __________________ develop by the vendors of the
application.
a) removing the application
b) changing the software
c) installing security patches
d) installing database patches
View Answer
Answer: c
Explanation: Known bugs and vulnerabilities of a system can be solved or installing or updating the
security patches developed by the vendor or owner of that particular application.
13. ___________________ are some very frequent updates that come for every anti-virus.
a) Patch update
b) Data update
c) Code update
d) Definition update
View Answer
Answer: d
Explanation: Definition updates are some very frequent updates that come for every anti-virus. These
updates are frequently rolled out in order to update your antivirus software with the latest releases of
attack vectors and bugs.
14. National Vulnerability Database (NVD) is _________________ repository of data regarding
vulnerability standards.
a) U.S. government
b) India government
c) Russian government
d) China Government
View Answer
Answer: a
Explanation: National Vulnerability Database (NVD) is the US government repository of data
regarding vulnerability standards. It is available from the link https://nvd.nist.gov.
15. CVE is a directory of lists of publicly recognized information security vulnerabilities as well as
exposures.
a) True
b) False
View Answer
Answer: a
Explanation: CVE is a directory of lists of publicly recognized information security vulnerabilities as
well as exposures. It is available from the link https://cve.mitre.org.

Cyber Security Questions and Answers – Cyber Laws and IT

laws – 1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Cyber Laws
and IT laws – 1”.

1. Which of the following is not a type of cyber crime?

a) Data theft
b) Forgery
c) Damage to data and systems
d) Installing antivirus for protection
View Answer
Answer: d
Explanation: Cyber crimes are one of the most threatening terms that is an evolving phase. It is said
that major percentage of the World War III will be based on cyber-attacks by cyber armies of
different countries.
2. Cyber-laws are incorporated for punishing all criminals only.
a) True
b) False
View Answer
Answer: b
Explanation: Cyber-laws were incorporated in our law book not only to punish cyber criminals but to
reduce cyber crimes and tie the hands of citizens from doing illicit digital acts that harm or damage
other’s digital property or identity.
3. Cyber-crime can be categorized into ________ types.
a) 4
b) 3
c) 2
d) 6
View Answer
Answer: c
Explanation: Cyber crime can be categorized into 2 types. These are peer-to-peer attack and
computer as weapon. In peer-to-peer attack, attackers target the victim users; and in computer as
weapon attack technique, computers are used by attackers for a mass attack such as illegal and
banned photo leak, IPR violation, pornography, cyber terrorism etc.
4. Which of the following is not a type of peer-to-peer cyber-crime?
a) Phishing
b) Injecting Trojans to a target victim
c) MiTM
d) Credit card details leak in deep web
View Answer
Answer: d
Explanation: Phishing, injecting Trojans and worms to individuals comes under peer-to-peer cyber
crime. Whereas, leakage of credit card data of a large number of people in deep web comes under
computer as weapon cyber-crime.
5. Which of the following is not an example of a computer as weapon cyber-crime?
a) Credit card fraudulent
b) Spying someone using keylogger
c) IPR Violation
d) Pornography
View Answer
Answer: b
Explanation: DDoS (Distributed Denial of Service), IPR violation, pornography are mass attacks
done using a computer. Spying someone using keylogger is an example of peer-to-peer attack.
6. Which of the following is not done by cyber criminals?
a) Unauthorized account access
b) Mass attack using Trojans as botnets
c) Email spoofing and spamming
d) Report vulnerability in any system
View Answer
Answer: d
Explanation: Cyber-criminals are involved in activities like accessing online accounts in
unauthorized manner; use Trojans to attack large systems, sending spoofed emails. But cyber-
criminals do not report any bug is found in a system, rather they exploit the bug for their profit.
7. What is the name of the IT law that India is having in the Indian legislature?
a) India’s Technology (IT) Act, 2000
b) India’s Digital Information Technology (DIT) Act, 2000
c) India’s Information Technology (IT) Act, 2000
d) The Technology Act, 2008
View Answer
Answer: c
Explanation: The Indian legislature thought of adding a chapter that is dedicated to cyber law. This
finally brought India’s Information Technology (IT) Act, 2000 which deals with the different cyber-
crimes and their associated laws.
8. In which year India’s IT Act came into existence?
a) 2000
b) 2001
c) 2002
d) 2003
View Answer
Answer: a
Explanation: On 17th Oct 2000, the Indian legislature thought of adding a chapter that is dedicated to
cyber law, for which India’s Information Technology (IT) Act, 2000 came into existence.
9. What is the full form of ITA-2000?
a) Information Tech Act -2000
b) Indian Technology Act -2000
c) International Technology Act -2000
d) Information Technology Act -2000
View Answer
Answer: d
Explanation: Information Technology Act -2000 (ITA-2000), came into existence on 17th Oct 2000,
that is dedicated to cyber-crime and e-commerce law in India.
10. The Information Technology Act -2000 bill was passed by K. R. Narayanan.
a) True
b) False
View Answer
Answer: b
Explanation: The bill was passed & signed by Dr. K. R. Narayanan on 9th May, in the year 2000.
The bill got finalised by head officials along with the Minister of Information Technology, Dr.
Pramod Mahajan.
11. Under which section of IT Act, stealing any digital asset or information is written a cyber-crime.
a) 65
b) 65-D
c) 67
d) 70
View Answer
Answer: a
Explanation: When a cyber-criminal steals any computer documents, assets or any software’s source
code from any organization, individual, or from any other means then the cyber crime falls under
section 65 of IT Act, 2000.
12. What is the punishment in India for stealing computer documents, assets or any software’s source
code from any organization, individual, or from any other means?
a) 6 months of imprisonment and a fine of Rs. 50,000
b) 1 year of imprisonment and a fine of Rs. 100,000
c) 2 years of imprisonment and a fine of Rs. 250,000
d) 3 years of imprisonment and a fine of Rs. 500,000
View Answer
Answer: d
Explanation: The punishment in India for stealing computer documents, assets or any software’s
source code from any organization, individual, or from any other means is 3 years of imprisonment
and a fine of Rs. 500,000.
13. What is the updated version of the IT Act, 2000?
a) IT Act, 2007
b) Advanced IT Act, 2007
c) IT Act, 2008
d) Advanced IT Act, 2008
View Answer
Answer: c
Explanation: In the year 2008, the IT Act, 2000 was updated and came up with a much broader and
precise law on different computer-related crimes and cyber offenses.
14. In which year the Indian IT Act, 2000 got updated?
a) 2006
b) 2008
c) 2010
d) 2012
View Answer
Answer: b
Explanation: In the year 2008, the IT Act, 2000 was updated and came up with a much broader and
precise law on different computer-related crimes and cyber offenses.
15. What type of cyber-crime, its laws and punishments does section 66 of the Indian IT Act holds?
a) Cracking or illegally hack into any system
b) Putting antivirus into the victim
c) Stealing data
d) Stealing hardware components
View Answer
Answer: a
Explanation: Under section 66 of IT Act, 2000 which later came up with a much broader and precise
law says that cracking or illegally hacking into any victim’s computer is a crime. It covers a wide
range of cyber-crimes under this section of the IT Act.

Cyber Security Questions and Answers – Cyber Laws and IT

laws – 2
« Prev
Next »
This set of Cyber Security Quiz focuses on “Cyber Laws and IT laws – 2”.

1. Accessing computer without prior authorization is a cyber-crimes that come under _______
a) Section 65
b) Section 66
c) Section 68
d) Section 70
View Answer
Answer: b
Explanation: Under section 66 of IT Act, 2000 which later came up with a much broader and precise
law says that without prior authorization or permission, if any individual access any computer
system, it is a cyber-crime.
2. Cracking digital identity of any individual or doing identity theft, comes under __________ of IT
Act.
a) Section 65
b) Section 66
c) Section 68
d) Section 70
View Answer
Answer: b
Explanation: Under section 66 of IT Act, 2000 which later came up with a much broader and precise
law (as IT Act, 2008) says that if any individual steals the identity or misuse any victim’s identity for
his/her own profit, it is a cyber-crime.
3. Accessing Wi-Fi dishonestly is a cyber-crime.
a) True
b) False
View Answer
Answer: a
Explanation: Under section 66 of IT Act, 2000 which later came up with a much broader and precise
law (as IT Act, 2008) says that if any individual access anyone’s Wi-Fi network without the
permission of the owner or for doing a malicious activity, it is a cyber-crime.
4. Download copy, extract data from an open system done fraudulently is treated as _________
a) cyber-warfare
b) cyber-security act
c) data-backup
d) cyber-crime
View Answer
Answer: d
Explanation: Download copy, extract data from an open system done fraudulently is treated as
according to section 66 of the Indian IT Act.
5. Any cyber-crime that comes under section 66 of IT Act, the accused person gets fined of around
Rs ________
a) 2 lacs
b) 3 lacs
c) 4 lacs
d) 5 lacs
View Answer
Answer: d
Explanation: Any cyber-crime that comes under section 66 of the Indian IT Act, the person accused
of such cyber-crime gets fined of around five lacs rupees.
6. How many years of imprisonment can an accused person face, if he/she comes under any cyber-
crime listed in section 66 of the Indian IT Act, 2000?
a) 1 year
b) 2 years
c) 3 years
d) 4 years
View Answer
Answer: c
Explanation: Any cyber-crime that comes under section 66 of the Indian IT Act, the person accused
of such cyber-crime gets fined of around five lacs rupees and 3 years of imprisonment.
7. Any digital content which any individual creates and is not acceptable to the society, it’s a cyber-
crime that comes under _________ of IT Act.
a) Section 66
b) Section 67
c) Section 68
d) Section 69
View Answer
Answer: b
Explanation: Any digital content which is either lascivious is not acceptable by the society or viewers
or that digital item corrupts the minds of the audience, then the creator of such contents falls under
the cyber-crime of section 67 of the Indian IT Act.
8. IT Act 2008 make cyber-crime details more precise where it mentioned if anyone publishes
sexually explicit digital content then under ___________ of IT Act, 2008 he/she has to pay a
legitimate amount of fine.
a) section 67-A
b) section 67-B
c) section 67-C
d) section 67-D
View Answer
Answer: a
Explanation: IT Act 2008 makes cyber-crime details more precise where it mentioned if anyone
publishes sexually explicit digital content then under section 67 – A he/she has to pay a legitimate
amount of fine.
9. If anyone publishes sexually explicit type digital content, it will cost that person imprisonment of
_________ years.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: d
Explanation: IT Act 2008 make cyber-crime details more precise where it mentioned if anyone
publishes sexually explicit digital content then under section 67 – A he/she has to pay a legitimate
amount of fine and imprisonment of five years.
10. Using spy cameras in malls and shops to capture private parts of any person comes under
_______ of IT Act, 2008.
a) Section 66
b) Section 67
c) Section 68
d) Section 69
View Answer
Answer: b
Explanation: Using of spy cameras in malls and shops to capture private parts of any person, without
the concern of that victim, then it comes under section 67 of IT Act, 2008 as a punishable offense.
11. Using spy cameras in malls and shops to capture private parts of any person comes under section
67 of IT Act, 2008 and is punished with a fine of Rs. 5 Lacs.
a) True
b) False
View Answer
Answer: a
Explanation: Using of spy cameras in malls and shops to capture private parts of any person, without
the concern of that victim, then it comes under section 67 of IT Act, 2008 where the person doing
such crime is punished with a fine of Rs. 5 Lacs.
12. Using of spy cameras in malls and shops to capture private parts of any person comes under
section 67 of IT Act, 2008 and is punished with imprisonment of ___________
a) 2 years
b) 3 years
c) 4 years
d) 5 years
View Answer
Answer: b
Explanation: Using of spy cameras in malls and shops to capture private parts of any person, without
the concern of that victim, then it comes under section 67 of IT Act, 2008 where the person doing
such crime is punished with imprisonment of 3 years.
13. Misuse of digital signatures for fraudulent purposes comes under __________ of IT Act.
a) section 65
b) section 66
c) section 71
d) section 72
View Answer
Answer: d
Explanation: Cyber-criminals and black hat hackers do one common form of cyber-crime that is a
misuse of digital signatures. The law for this fraudulent act comes under section 72 of the Indian IT
Act.
14. Sending offensive message to someone comes under _____________ of the Indian IT Act
______
a) section 66-A, 2000
b) section 66-B, 2008
c) section 67, 2000
d) section 66-A, 2008
View Answer
Answer: d
Explanation: Sending an offensive message, emails o any digital content through an electronic
medium to your recipient is a punishable offense that comes under section 66 – A of the Indian IT
Act, 2008.
15. Stealing of digital files comes under __________ of the Indian IT Act.
a) section 66-A
b) section 66-B
c) section 66-C
d) section 66-D
View Answer
Answer: c
Explanation: Stealing of digital files, e-documents from any system or cloud or electronic device is a
punishable offense that comes under section 66 – C of the Indian IT Act.
16. Section 79 of the Indian IT Act declares that any 3rd party information or personal data leakage in
corporate firms or organizations will be a punishable offense.
a) True
b) False
View Answer
Answer: a
Explanation: Section 79 of the Indian IT Act covers some of the corporate and business laws
circulating technologies and cyberspace; declares that any 3rd party information or personal data
leakage in corporate firms or organizations will be a punishable offense.

Cyber Security Questions and Answers – Popular Tools used

in Security – 1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Popular
Tools used in Security – 1”.

1. Which of the following attach is not used by LC4 to recover Windows password?
a) Brute-force attack
b) Dictionary attack
c) MiTM attack
d) Hybrid attacks
View Answer
Answer: c
Explanation: LC4 is a password auditing and recovery tool; used for testing strength of a password
and also helps in recovering lost Microsoft Windows passwords using a hybrid attack, brute-force
attack as well as using a dictionary attack.
2. ____________ is the world’s most popular vulnerability scanner used in companies for checking
vulnerabilities in the network.
a) Wireshark
b) Nessus
c) Snort
d) WebInspect
View Answer
Answer: b
Explanation: Nessus is a popular and proprietary network vulnerability scanning tool developed by
Tenable Network Security. It helps in easily identifying vulnerabilities and fix them, which includes
missing patches and software flaws.
3. _____________ is a tool which can detect registry issues in an operating system.
a) Network Stumbler
b) Ettercap
c) Maltego
d) LANguard Network Security Scanner
View Answer
Answer: d
Explanation: LANguard Network Security Scanner helps in monitoring networks by scanning
connected machines to provide information for every node. It can also be used for identifying
registry issues.
4. Network Stumbler is a Windows Wi-Fi monitoring tool.
a) True
b) False
View Answer
Answer: a
Explanation: Network Stumbler is a popular tool that helps in detecting WLANs and helps hackers in
finding non-broadcasting wireless networks. It is popularly used as Wi-Fi scanning and monitoring
tool for Windows.
5. ToneLoc is abbreviated as __________
a) Tone Locking
b) Tone Locator
c) Tone Locker
d) Tune Locator
View Answer
Answer: c
Explanation: ToneLoc is a popular and primitive tool written for MS-DOS users. It is basically used
by malicious attackers to guess user accounts, finding entry points in modems and locating modems
connected in the network.
6. __________ is a debugger and exploration tool.
a) Netdog
b) Netcat
c) Tcpdump
d) BackTrack
View Answer
Answer: b
Explanation: Netcat is an easy Unix utility that helps in reading and writing data across network
connections, using TCP or UDP protocol. It is popularly used as a debugger and exploration tool that
is found free for Windows and Mac OS also.
7. __________ is a popular command-line packet analyser.
a) Wireshark
b) Snort
c) Metasploit
d) Tcpdump
View Answer
Answer: d
Explanation: Tcpdump is a popular command-line network packet analyzer. It allows its user in
displaying TCP / IP as well as other data packets being transmitted or received over the computer
network.
8. ________________ is a platform that essentially keeps the log of data from networks, devices as
well as applications in a single location.
a) EventLog Analyser
b) NordVPN
c) Wireshark
d) PacketFilter Analyzer
View Answer
Answer: a
Explanation: EventLog Analyser is a tool that basically keeps the log of data from networks, devices
as well as applications in a single location. Latest encryption techniques are used for securing its
stored data.
9. ______________ is competent to restore corrupted Exchange Server Database files as well as
recovering unapproachable mails in mailboxes.
a) Outlook
b) Nessus
c) Mailbox Exchange Recovery
d) Mail Exchange Recovery toolkit
View Answer
Answer: c
Explanation: Mailbox Exchange Recovery is competent to restore corrupted Exchange Server
Database files as well as recovering unapproachable mails in mailboxes. This tool is popularly used
by ethical hackers and cyber-forensics investigators in recovering emails, calendars, attachments,
contacts from inaccessible mail-servers.
10. ________________ helps in protecting businesses against data breaches that may make threats to
cloud.
a) Centrify
b) Mailbox Exchange Recovery
c) Nessus
d) Dashline
View Answer
Answer: a
Explanation: Centrify helps in protecting businesses against data breaches that may make threats to
the cloud. This is done by securing Centrify users by providing internal, external and privileged
users.
11. __________ is a popular corporate security tool that is used to detect the attack on email with
cloud only services.
a) Cain and Abel
b) Proofpoint
c) Angry IP Scanner
d) Ettercap
View Answer
Answer: b
Explanation: Proofpoint is a popular corporate security tool that is used to detect an attack on email
with cloud-only services. It helps firms detect attack vectors and loopholes in different security
systems through which attackers may gain access.
12. _____________ helps in protecting corporate data, communications and other assets.
a) Snort
b) CipherCloud
c) Burp Suit
d) Wireshark
View Answer
Answer: b
Explanation: CipherCloud helps in protecting corporate data, different communications as well as
other assets. This includes anti-virus scanning facility, encryption & traffic monitoring. In addition, it
provides mobile security support also

Cyber Security Questions and Answers – Popular Tools used

in Security – 2
« Prev
Next »
This set of Cyber Security MCQs focuses on “Popular Tools used in Security – 2”.

1. _________ framework made cracking of vulnerabilities easy like point and click.
a) .Net
b) Metasploit
c) Zeus
d) Ettercap
View Answer
Answer: b
Explanation: In the year 2003, the Metasploit framework was released which made finding and
cracking of vulnerabilities easy and is used by both white as well as black hat hackers.
2. Nmap is abbreviated as Network Mapper.
a) True
b) False
View Answer
Answer: a
Explanation: Network Mapper (Nmap) is a popular open-source tool used for discovering network as
well as security auditing. It can be used for either a single host network or large networks.
3. __________ is a popular tool used for discovering networks as well as in security auditing.
a) Ettercap
b) Metasploit
c) Nmap
d) Burp Suit
View Answer
Answer: c
Explanation: Network Mapper (Nmap) is a popular open-source tool used for discovering network as
well as security auditing. It can be used for either a single host network or large networks.
4. Which of this Nmap do not check?
a) services different hosts are offering
b) on what OS they are running
c) what kind of firewall is in use
d) what type of antivirus is in use
View Answer
Answer: d
Explanation: Network Mapper (Nmap) is a popular open-source tool used for discovering network as
well as security auditing. It usually checks for different services used by the host, what operating
system it is running and the type of firewall it is using.
5. Which of the following deals with network intrusion detection and real-time traffic analysis?
a) John the Ripper
b) L0phtCrack
c) Snort
d) Nessus
View Answer
Answer: c
Explanation: Snort is a network intrusion detecting application that deals with real-time traffic
analysis. As the rules are set and kept updated, they help in matching patterns against known patterns
and protect your network.
6. Wireshark is a ____________ tool.
a) network protocol analysis
b) network connection security
c) connection analysis
d) defending malicious packet-filtering
View Answer
Answer: a
Explanation: Wireshark is popular standardized network protocol analysis tools that allow in-depth
check and analysis of packets from different protocols used by the system.
7. Which of the below-mentioned tool is used for Wi-Fi hacking?
a) Wireshark
b) Nessus
c) Aircrack-ng
d) Snort
View Answer
Answer: c
Explanation: Weak wireless encryption protocols get easily cracked using Aircrack WPA and
Aircrack WEP attacks that comes with Aircrack-ng tool. Its packet sniffing feature keeps track of all
its traffic without making any attack.
8. Aircrack-ng is used for ____________
a) Firewall bypassing
b) Wi-Fi attacks
c) Packet filtering
d) System password cracking
View Answer
Answer: b
Explanation: Weak wireless encryption protocols get easily cracked using Aircrack WPA and
Aircrack WEP. Its packet sniffing feature keeps track of all its traffic without making any attack.
9. _____________ is a popular IP address and port scanner.
a) Cain and Abel
b) Snort
c) Angry IP Scanner
d) Ettercap
View Answer
Answer: c
Explanation: Angry IP scanner is a light-weight, cross-platform IP and port scanning tool that scans a
range of IP. It uses the concept of multithreading for making fast efficient scanning.
10. _______________ is a popular tool used for network analysis in multiprotocol diverse network.
a) Snort
b) SuperScan
c) Burp Suit
d) EtterPeak
View Answer
Answer: d
Explanation: EtterPeak is a network analysis tool that can be used for multiprotocol heterogeneous
networking architecture. It can help in sniffing packets of network traffic.
11. ____________ scans TCP ports and resolves different hostnames.
a) SuperScan
b) Snort
c) Ettercap
d) QualysGuard
View Answer
Answer: a
Explanation: SuperScan has a very nice user-friendly interface and it is used for scanning TCP ports
as well as resolve hostnames. It is popularly used for scanning ports from a given range of IP.
12. ___________ is a web application assessment security tool.
a) LC4
b) WebInspect
c) Ettercap
d) QualysGuard
View Answer
Answer: b
Explanation: WebInspect is a popular web application security tool used for identifying known
vulnerabilities residing in web-application layer. It also helps in penetration testing of web servers.
13. Which of the following attack-based checks WebInspect cannot do?
a) cross-site scripting
b) directory traversal
c) parameter injection
d) injecting shell code
View Answer
Answer: d
Explanation: WebInspect can check whether a web server is properly configured or not by attempting
for common attacks such as Cross-site scripting, directory traversal, and parameter injection. But it
cannot inject malicious shell code in the server.
14. ________ is a password recovery and auditing tool.
a) LC3
b) LC4
c) Network Stumbler
d) Maltego
View Answer
Answer: b
Explanation: LC4 which was previously known as L0phtCrack is a password auditing and recovery
tool; used for testing strength of a password and also helps in recovering lost Microsoft Windows
passwords.
15. L0phtCrack is formerly known as LC3.
a) True
b) False
View Answer
Answer: b
Explanation: L0phtCrack is now commonly known as LC4 is a password auditing and recovery tool;
used for testing strength of a password and also helps in recovering lost Microsoft Windows
passwords.

Cyber Security Questions and Answers – Bugs and

Vulnerabilities
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Bugs and
Vulnerabilities”.

1. ___________ is a weakness that can be exploited by attackers.

a) System with Virus
b) System without firewall
c) System with vulnerabilities
d) System with a strong password
View Answer
Answer: c
Explanation: In cyber-security, a system having vulnerabilities is defined as the weakness in a system
that can be exploited by cyber-criminals and attackers for their own benefit. For this, they use special
tools and techniques in order to crack into the system through the vulnerabilities.
2. _________ is the sum of all the possible points in software or system where unauthorized users
can enter as well as extract data from the system.
a) Attack vector
b) Attack surface
c) Attack point
d) Attack arena
View Answer
Answer: b
Explanation: Attack surface can be defined as the sum of all the possible points in software or system
where unauthorized users can enter as well as extract data from the system. More the security, lesser
is the attack surface.
3. ____________ is the cyclic practice for identifying & classifying and then solving the
vulnerabilities in a system.
a) Bug protection
b) Bug bounty
c) Vulnerability measurement
d) Vulnerability management
View Answer
Answer: d
Explanation: Vulnerability management is a cyclic process for identifying & classifying and then
solving the vulnerabilities in a system. This term is generally used in software vulnerability detection
and resolving process.
4. Risk and vulnerabilities are the same things.
a) True
b) False
View Answer
Answer: b
Explanation: Risk and vulnerability cannot be used interchangeably. Risk can be defined as the
potential of an impact that can grow from exploiting the vulnerability. There is some vulnerability
that doesn’t possess risk, known as “Vulnerabilities without risk”.
5. _____________ is a special type of vulnerability that doesn’t possess risk.
a) Vulnerabilities without risk
b) Vulnerabilities without attacker
c) Vulnerabilities without action
d) Vulnerabilities no one knows
View Answer
Answer: a
Explanation: Vulnerabilities is defined as the weakness in a system that can be exploited by cyber-
criminals and attackers. Risk can be defined as the potential of an impact that can grow from
exploiting the vulnerability. There is some vulnerability that doesn’t possess risk, known as
“Vulnerabilities without risk”.
6. A/An __________ is a piece of software or a segment of command that usually take advantage of
a bug to cause unintended actions and behaviors.
a) malware
b) trojan
c) worms
d) exploit
View Answer
Answer: d
Explanation: An exploit is a piece of software or a segment of command that usually take advantage
of a bug to cause unintended actions and behaviors. Using exploits, attackers can gain access in a
system or allow privilege escalation also.
7. There are ________ types of exploit.
a) 3
b) 2
c) 5
d) 4
View Answer
Answer: b
Explanation: Exploits can be categorized based on various criteria. But the most prominent
categorization is done by how exploits communicate with vulnerable software. These are categorized
as local exploits and remote exploits.
8. Remote exploits is that type of exploits acts over any network to exploit on security vulnerability.
a) True
b) False
View Answer
Answer: a
Explanation: Remote exploits is that type of exploits which uses internet for exploiting on security
vulnerability without gaining any prior access to the target system.
9. ________ type of exploit requires accessing to any vulnerable system for enhancing privilege for
an attacker to run the exploit.
a) Local exploits
b) Remote exploits
c) System exploits
d) Network exploits
View Answer
Answer: a
Explanation: Local exploits are those type of exploit requires accessing to any vulnerable system for
enhancing privilege for an attacker to run the exploit. They’ve to pass through granted system
administration in order to harm the system.
10. ___________ is a technique used by penetration testers to compromise any system within a
network for targeting other systems.
a) Exploiting
b) Cracking
c) Hacking
d) Pivoting
View Answer
Answer: d
Explanation: Pivoting is a technique used by penetration testers to compromise any system within a
network for targeting other systems. They test systems within the same network for vulnerabilities
using this technique.
11. A _________ is a software bug that attackers can take advantage to gain unauthorized access in a
system.
a) System error
b) Bugged system
c) Security bug
d) System virus
View Answer
Answer: c
Explanation: A security bug is a software bug that attackers can take advantage to gain unauthorized
access in a system. They can harm all legitimate users, compromise data confidentiality and integrity.
12. Security bugs are also known as _______
a) security defect
b) security problems
c) system defect
d) software error
View Answer
Answer: a
Explanation: A security bug also known as security defect is a software bug that attackers can take
advantage to gain unauthorized access in a system. They can harm legitimate users, compromise data
confidentiality and integrity.
13. __________ is the timeframe from when the loophole in security was introduced till the time
when the bug was fixed.
a) Time-frame of vulnerability
b) Window of vulnerability
c) Time-lap of vulnerability
d) Entry-door of vulnerability
View Answer
Answer: b
Explanation: Window of vulnerability is the timeframe from when the loophole in security was
introduced or released till the time when the bug was fixed, or the illicit access was removed or the
attacker was disabled.
14. ISMS is abbreviated as __________
a) Information Server Management System
b) Information Security Management Software
c) Internet Server Management System
d) Information Security Management System
View Answer
Answer: d
Explanation: ISMS (Information Security Management System) is a set of policies concerning
various information security management. ISMS (Information Security Management System) was
developed for managing risk management principles and countermeasures for ensuring security
through rules and regulations.
15. A zero-day vulnerability is a type of vulnerability unknown to the creator or vendor of the system
or software.
a) True
b) False
View Answer
Answer: a
Explanation: Zero-day vulnerability is a type of vulnerability unknown to the creator or vendor of the
system or software. Until such bugs get fixed, hackers take advantage of these vulnerabilities to
exploit the system.

Cyber Security Questions and Answers – Ethics of Ethical

Hacking
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Ethics of
Ethical Hacking”.

1. What is the ethics behind training how to hack a system?

a) To think like hackers and know how to defend such attacks
b) To hack a system without the permission
c) To hack a network that is vulnerable
d) To corrupt software or service using malware
View Answer
Answer: a
Explanation: It is important for ethical hackers and security professional to know how the cyber-
criminals think and proceed to target any system or network. This is why ethical hackers and
penetration testers are trained with proper ethics to simulate such a scenario as how the real cyber-
attack takes place.
2. Performing a shoulder surfing in order to check other’s password is ____________ ethical
practice.
a) a good
b) not so good
c) very good social engineering practice
d) a bad
View Answer
Answer: d
Explanation: Overlooking or peeping into someone’s system when he/she is entering his/her
password is a bad practice and is against the ethics of conduct for every individual. Shoulder surfing
is a social engineering attack approach used by some cyber-criminals to know your password and
gain access to your system later.
3. ___________ has now evolved to be one of the most popular automated tools for unethical
hacking.
a) Automated apps
b) Database software
c) Malware
d) Worms
View Answer
Answer: c
Explanation: Malware is one of the biggest culprits that harm companies because they are
programmed to do the malicious task automatically and help hackers do illicit activities with
sophistication.
4. Leaking your company data to the outside network without prior permission of senior authority is
a crime.
a) True
b) False
View Answer
Answer: a
Explanation: Without prior permission of the senior authority or any senior member, if you’re
leaking or taking our your company’s data outside (and which is confidential), then it’s against the
code of corporate ethics.
5. _____________ is the technique used in business organizations and firms to protect IT assets.
a) Ethical hacking
b) Unethical hacking
c) Fixing bugs
d) Internal data-breach
View Answer
Answer: a
Explanation: Ethical hacking is that used by business organizations and firms for exploiting
vulnerabilities to secure the firm. Ethical hackers help in increasing the capabilities of any
organization or firm in protecting their IT and information assets.
6. The legal risks of ethical hacking include lawsuits due to __________ of personal data.
a) stealing
b) disclosure
c) deleting
d) hacking
View Answer
Answer: b
Explanation: The legal risks of ethical hacking contains lawsuits due to disclosure of personal data
during the penetration testing phase. Such disclosure of confidential data may lead to a legal fight
between the ethical hacker and the organization.
7. Before performing any penetration test, through legal procedure, which key points listed below is
not mandatory?
a) Know the nature of the organization
b) Characteristics of work done in the firm
c) System and network
d) Type of broadband company used by the firm
View Answer
Answer: d
Explanation: Before performing any penetration test, through the legal procedure the key points that
the penetration tester must keep in mind are –
i) Know the nature of the organization
ii) what type of work the organization do and
iii) the system and networks used in various departments and their confidential data that are sent and
received over the network.
8. An ethical hacker must ensure that proprietary information of the firm does not get leaked.
a) True
b) False
View Answer
Answer: a
Explanation: Yes, it is very important for an ethical hacker to make sure that while doing penetration
tests, the confidential data and proprietary information are preserved properly and not get leaked to
the external network.
9. After performing ____________ the ethical hacker should never disclose client information to
other parties.
a) hacking
b) cracking
c) penetration testing
d) exploiting
View Answer
Answer: c
Explanation: It is against the laws and ethics of ethical hackers that after doing penetration tests, the
ethical hacker should never disclose client information to other parties. The protection of client data
is in the hands of the ethical hacker who performed the tests.
10. __________ is the branch of cyber security that deals with morality and provides different
theories and a principle regarding the view-points about what is right and wrong.
a) Social ethics
b) Ethics in cyber-security
c) Corporate ethics
d) Ethics in black hat hacking
View Answer
Answer: d
Explanation: Ethics in cyber-security is the branch of cyber security that deals with morality and
provides different theories and principles’ regarding the view-points about what is right and what
need not to be done.
11. ________ helps to classify arguments and situations, better understand a cyber-crime and helps to
determine appropriate actions.
a) Cyber-ethics
b) Social ethics
c) Cyber-bullying
d) Corporate behaviour
View Answer
Answer: a
Explanation: Cyber-ethics and knowledge of proper ethical aspects while doing penetration tests
helps to classify arguments and situations, better understand a cyber crime and helps to determine
appropriate actions.
12. A penetration tester must identify and keep in mind the ___________ & ___________
requirements of a firm while evaluating the security postures.
a) privacy and security
b) rules and regulations
c) hacking techniques
d) ethics to talk to seniors
View Answer
Answer: a
Explanation: A penetration tester must keep in mind the privacy & security requirements as well as
policies of a firm while evaluating the security postures of the target, which is called as “industry and
business ethics policies”.

Cyber Security Questions and Answers – How Security

Breach Takes Place
« Prev
Next »
This set of Advanced Cyber Security Questions and Answers focuses on “How Security Breach
Takes Place”.

1. ___________ is an activity that takes place when cyber-criminals infiltrates any data source and
takes away or alters sensitive information.
a) Data-hack
b) Data-stealing
c) Database altering
d) Data breach
View Answer
Answer: d
Explanation: Data breach an activity that takes place when cyber-criminals infiltrates any data source
and takes away or alters sensitive information. This is either done using a network to steal all local
files or get access physically to a system.
2. Which of these is not a step followed by cyber-criminals in data breaching?
a) Research and info-gathering
b) Attack the system
c) Fixing the bugs
d) Exfiltration
View Answer
Answer: c
Explanation: During a hack, the cyber-criminals first do a research on the victim gathers information
on the victim’s system as well as network. Then perform the attack. Once the attacker gains access it
steals away confidential data.
3. What types of data are stolen by cyber-criminals in most of the cases?
a) Data that will pay once sold
b) Data that has no value
c) Data like username and passwords only
d) Data that is old
View Answer
Answer: a
Explanation: Usually, cyber-criminals steal those data that are confidential and adds value once they
are sold to the dark-market or in different deep web sites. Even these days, different companies buy
customer data at large for analyzing data and gain profit out of it.
4. Which of the companies and organizations do not become the major targets of attackers for data
stealing?
a) Business firms
b) Medical and Healthcare
c) Government and secret agencies
d) NGOs
View Answer
Answer: d
Explanation: Attackers target large organizations and firms that consists of business firms, financial
corporations, medical and healthcare firms, government and secret agencies, banking sectors.
They’ve valuable information which can cost them huge so major targets for hackers focuses such
firms only.
5. ___________ will give you an USB which will contain ___________ that will take control of your
system in the background.
a) Attackers, Trojans
b) White hat hackers, antivirus
c) White hat hackers, Trojans
d) Attackers, antivirus
View Answer
Answer: a
Explanation: To do a security breaching in your system, your friend or anyone whom you deal with
may come up with a USB drive and will give you to take from you some data. But that USB drive
may contain Trojan that will get to your computer once triggered. So try using updated antivirus in
your system.
6. An attacker, who is an employee of your firm may ___________ to know your system password.
a) do peeping
b) perform network jamming
c) do shoulder surfing
d) steal your laptop
View Answer
Answer: c
Explanation: An attacker, who is an employee of your firm may do shoulder surfing to know your
system password. Shoulder surfing is a social engineering technique used to secretly peep to gain
knowledge of your confidential information.
7. You may throw some confidential file in a dustbin which contains some of your personal data.
Hackers can take your data from that thrown-away file also, using the technique _________
a) Dumpster diving
b) Shoulder surfing
c) Phishing
d) Spamming
View Answer
Answer: a
Explanation: Dumpster diving is a social engineering technique used by hackers to grab your
personal and confidential data from that thrown-away file also. Using these data attackers may use
password guessing or fraud calls (if they find your personal phone number).
8. ATM Skimmers are used to take your confidential data from your ATM cards.
a) True
b) False
View Answer
Answer: a
Explanation: ATM card skimmers are set up by attackers in ATM machines which look exactly same
but that secretly inserted machine will take information from the magnetic strip of your card and
store it in its memory card or storage chip.
9. _____________ will encrypt all your system files and will ask you to pay a ransom in order to
decrypt all the files and unlock the system.
a) Scareware
b) Ransomware
c) Adware
d) Spyware
View Answer
Answer: b
Explanation: Ransomware is special types of malware that will infect your system, compromise all
data by encrypting them and will pop up asking you for a ransom which will be in the form of
Bitcoins (so that the attacker do not get tracked) and once the ransom is paid, it will release all files.
10. ______________ are special malware programs written by elite hackers and black hat hackers to
spy your mobile phones and systems.
a) Scareware
b) Ransomware
c) Adware
d) Spyware
View Answer
Answer: d
Explanation: Spywares are special malware programs written by elite hackers and black hat hackers
to spies your mobile phones and systems. This program secretly spy on the target system or user and
takes their browsing activities, app details and keeps track of their physical locations.
11. The antivirus or PC defender software in a system helps in detecting virus and Trojans.
a) True
b) False
View Answer
Answer: a
Explanation: The antivirus or PC defender software in a system helps in detecting virus and Trojans
provided the antivirus or the defender application needs to be up-to-date.
12. Clicking a link which is there in your email which came from an unknown source can redirect
you to ____________ that automatically installs malware in your system.
a) that vendor’s site
b) security solution site
c) malicious site
d) software downloading site
View Answer
Answer: c
Explanation: Clicking a link which is there in your email which came from an unknown source can
redirect you to a malicious site that will automatically install malware in your system. The mail will
be sent by the attacker.
13. An attacker may use automatic brute forcing tool to compromise your ____________
a) username
b) employee ID
c) system / PC name
d) password
View Answer
Answer: d
Explanation: In most of the cases, the attacker uses automated brute force tools for compromising
your PIN or password. This makes fetching of your password easier by a combination of different
letters as a trial-and-error approach.
14. The attacker will use different bots (zombie PCs) to ping your system and the name of the attack
is _________________
a) Distributed Denial-of-Service (DDoS)
b) Permanent Denial-of-Service (PDoS)
c) Denial-of-Service (DoS)
d) Controlled Denial-of-Service (CDoS)
View Answer
Answer: a
Explanation: Here the attacker uses multiple PCs and floods the bandwidth/resources of the victim’s
system, (usually 1 or many web-servers). The attack uses zombie PCs and each of the PC’s are
remotely controlled by the attacker.
15. Illicit hackers may enter your personal area or room or cabin to steal your laptop, pen drive,
documents or other components to make their hands dirty on your confidential information.
a) True
b) False
View Answer
Answer: a
Explanation: Illicit hackers may enter your personal area or room or cabin to steal your laptop, pen
drive, documents or other components to make their hands dirty on your confidential information.
This type of hacking comes under physical hacking

Cyber Security Questions and Answers – Corporate Cyber

Security
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Corporate
Cyber Security”.

1. _____________ is a malicious method used by cyber-criminals to trick a user into clicking on

something different from what the user wants.
a) Click-hacking
b) Click-fraud
c) Clickjacking
d) Using torrent links
View Answer
Answer: c
Explanation: Clickjacking is a malicious method used by cyber-criminals to trick a user into clicking
on something else which is illicit from what the user wants. The single click usually redirects the
employee to a strange site from where infected files get downloaded into the system of the employee.
2. Through the clickjacking attack, the employee’s confidential ______________ may get leaked or
stolen.
a) information
b) papers
c) hardcopy files
d) media files
View Answer
Answer: a
Explanation: Through clickjacking, the employee’s system may get compromised by an infected
program, trojans or spyware which got downloaded in the background automatically as the user fell
into the trick of an attacker.
3. Which of the following is not a proper aspect of user integration?
a) Employee’s authentication
b) Physical authorization
c) Access control
d) Representing users in the database
View Answer
Answer: b
Explanation: There are 3 main aspects that need to keep in mind when putting together new
employees or users into an application. These are: Representing users in the database, Access control,
and Employee’s authentication.
4. It is very important to block unknown, strange and ______________ within the corporate network.
a) infected sites
b) programs
c) unwanted files
d) important folders
View Answer
Answer: a
Explanation: It is very important to block unknown, strange and infected sites within the corporate
network, by the network administrator so that any employee may not accidentally access those sites
or open infected sites by means of clickjacking or URL-redirection techniques.
5. Every employee of the firm must need to have some basic knowledge of cyber-security and types
of hacking and how they are done.
a) True
b) False
View Answer
Answer: a
Explanation: Every employee of the firm must need to have some basic knowledge of cyber-security
and types of hacking and how they are done. This will make each employee aware of the various
malicious activities and can report to their seniors in this regard.
6. Use of _______________ can bring external files and worms and virus along with it to the internal
systems.
a) smart-watch
b) pen drive
c) laptop
d) iPod
View Answer
Answer: b
Explanation: Use of pen drive to bring your work from home tasks to office systems may bring
worms and virus along with it (if your home system is infected with any malware or infected
programs) and may cause harm to your office systems.
7. A ____________ takes over your system’s browser settings and the attack will redirect the
websites you visit some other websites of its preference.
a) MiTM
b) Browser hacking
c) Browser Hijacker
d) Cookie-stealing
View Answer
Answer: c
Explanation: Browser hijacking is a technique that takes over your system’s browser settings and the
attack will redirect the websites you visit some other websites of its preference.
8. ________________ has become a popular attack since last few years, and the attacker target board
members, high-ranked officials and managing committee members of an organization.
a) Spyware
b) Ransomware
c) Adware
d) Shareware
View Answer
Answer: b
Explanation: Ransomware has become a popular attack since last few years, and the attacker target
board members, high-ranked officials and managing committee members of an organization; where
the ransomware compromise the system by encrypting all files and ask for some ransom in order to
unlock or decrypt all files.
9. ________________ important and precious file is a solution to prevent your files from
ransomware.
a) Deleting all
b) Keeping backup of
c) Not saving
d) Keeping in pen drive
View Answer
Answer: b
Explanation: Keeping a secured backup of the important and precious file is a solution to prevent
your files from ransomware. The backup should have to be made in some secured cloud storage of
any other location (server) in an encrypted form.
10. ___________ is the technique to obtain permission from a company for using, manufacturing &
selling one or more products within a definite market area.
a) algorithm-licensing
b) code-licensing
c) item licensing
d) product licensing
View Answer
Answer: d
Explanation: Product licensing is the technique to obtain permission from a firm or organization for
using, manufacturing & selling one or more products within a definite market area. This is done by
the company for security reasons and usually takes a royal fee/amount from its users.
11. Which of the following do not comes under security measures for cloud in firms?
a) Firewall
b) Antivirus
c) Load Balancer
d) Encryption
View Answer
Answer: b
Explanation: For keeping cloud service secure and fully working, firewalls, encryption mechanisms
and load-balancers are used but antivirus is not used it could for any security purpose.
12. It is important to limit ____________ to all data and information as well as limit the authority for
installing software.
a) work-load
b) employee access
c) admin permission
d) installing unwanted apps
View Answer
Answer: b
Explanation: It is important to limit employee access to all data and information as well as limit the
authority for installing software. Otherwise, any employee with illicit intention may install programs
that are either pirated version or may cause damage to the internal corporate network.
13. One must isolate payment systems and payment processes from those computers that you think
are used by ____________ or may contain ____________
a) strangers, keyloggers
b) strangers, antivirus
c) unknown, firewalls
d) unknown, antivirus
View Answer
Answer: a
Explanation: One must isolate payment systems and payment processes from those computers that
you think are used by strangers or may contain keyloggers. Otherwise, your card details and PIN may
get compromised.
14. If you’re working in your company’s system/laptop and suddenly a pop-up window arise asking
you to update your security application, you must ignore it.
a) True
b) False
View Answer
Answer: b
Explanation: If you’re working in your company’s system/laptop and suddenly a pop-up window
arise asking you to update your security application, you must verify it once with the senior member,
or tech-department if you feel it is for the first time, otherwise you must not skip updating your
system security applications.

Cyber Security Questions and Answers – Network Models –

OSI Model Security – 1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Network
Models – OSI Model Security – 1”.

1. The ____________ model is 7-layer architecture where each layer is having some specific
functionality to perform.
a) TCP/IP
b) Cloud
c) OSI
d) OIS
View Answer
Answer: c
Explanation: The OSI model is 7-layer architecture where each layer is having some specific
functionality to perform. All these layers work in collaboration for transmitting the data from 1
person to another worldwide.
2. The full form of OSI is OSI model is ______________
a) Open Systems Interconnection
b) Open Software Interconnection
c) Open Systems Internet
d) Open Software Internet
View Answer
Answer: a
Explanation: The OSI model is 7-layer architecture where each layer is having some specific
functionality to perform. All these layers work in collaboration for transmitting the data from 1
person to another worldwide.
3. Which of the following is not physical layer vulnerability?
a) Physical theft of data & hardware
b) Physical damage or destruction of data & hardware
c) Unauthorized network access
d) Keystroke & Other Input Logging
View Answer
Answer: c
Explanation: Unauthorized network access is not an example of physical layer vulnerability. The rest
three – Physical theft of data & hardware, damage or destruction of data & hardware and keystroke
& Other Input Logging are physical layer vulnerabilities.
4. In __________________ layer, vulnerabilities are directly associated with physical access to
networks and hardware.
a) physical
b) data-link
c) network
d) application
View Answer
Answer: a
Explanation: In the physical layer, vulnerabilities are directly associated with physical access to
networks and hardware such as unauthorised network access, damage or destruction of data &
hardware and keystroke & Other Input Logging.
5. Loss of power and unauthorized change in the functional unit of hardware comes under problems
and issues of the physical layer.
a) True
b) False
View Answer
Answer: a
Explanation: Loss of power and unauthorized change in the functional unit of hardware comes under
problems and issues of the physical layer. Other such issues are unauthorised network access,
damage or destruction of data & hardware and keystroke & Other Input Logging.
6. Which of the following is not a vulnerability of the data-link layer?
a) MAC Address Spoofing
b) VLAN circumvention
c) Switches may be forced for flooding traffic to all VLAN ports
d) Overloading of transport-layer mechanisms
View Answer
Answer: d
Explanation: MAC Address Spoofing, VLAN circumvention and switches may be forced for
flooding traffic to all VLAN ports are examples of data-link layer vulnerability.
7. ____________ is data-link layer vulnerability where stations are forced to make direct
communication with another station by evading logical controls.
a) VLAN attack
b) VLAN Circumvention
c) VLAN compromisation method
d) Data-link evading
View Answer
Answer: b
Explanation: VLAN Circumvention is data-link layer vulnerability where stations are forced to make
direct communication with another station by evading logical controls implemented using subnets
and firewalls.
8. ________________may be forced for flooding traffic to all VLAN ports allowing interception of
data through any device that is connected to a VLAN.
a) Switches
b) Routers
c) Hubs
d) Repeaters
View Answer
Answer: a
Explanation: Switches may be forced for flooding traffic to all VLAN ports allowing interception of
data through any device that are connected to a VLAN. It is a vulnerability of data link layer.
9. Which of the following is not a vulnerability of the network layer?
a) Route spoofing
b) Identity & Resource ID Vulnerability
c) IP Address Spoofing
d) Weak or non-existent authentication
View Answer
Answer: d
Explanation: Weak or non-existent authentication is a vulnerability of the session layer. Route
spoofing, identity & resource ID vulnerability & IP Address Spoofing are examples of network layer
vulnerability.
10. Which of the following is an example of physical layer vulnerability?
a) MAC Address Spoofing
b) Physical Theft of Data
c) Route spoofing
d) Weak or non-existent authentication
View Answer
Answer: b
Explanation: Physical theft of data is an example of physical layer vulnerability. Other such issues
are unauthorized network access, damage or destruction of data & hardware and keystroke & Other
Input Logging.
11. Which of the following is an example of data-link layer vulnerability?
a) MAC Address Spoofing
b) Physical Theft of Data
c) Route spoofing
d) Weak or non-existent authentication
View Answer
Answer: a
Explanation: MAC Address spoofing is an example of data-link layer vulnerability. VLAN
circumvention, as well as switches, may be forced for flooding traffic to all VLAN ports are some
other examples of data-link layer vulnerability.
12. Which of the following is an example of network layer vulnerability?
a) MAC Address Spoofing
b) Physical Theft of Data
c) Route spoofing
d) Weak or non-existent authentication
View Answer
Answer: c
Explanation: Route spoofing is an example of network layer vulnerability. Other examples of
network layer vulnerabilities are IP Address Spoofing and Identity & Resource ID Vulnerability.
13. Which of the following is an example of physical layer vulnerability?
a) MAC Address Spoofing
b) Route spoofing
c) Weak or non-existent authentication
d) Keystroke & Other Input Logging
View Answer
Answer: d
Explanation: Keystroke & other input logging is an example of physical layer vulnerability. Other
such physical layer vulnerabilities are unauthorized network access, damage or destruction of data &
hardware and keystroke & Other Input Logging.
14. Which of the following is an example of data-link layer vulnerability?
a) Physical Theft of Data
b) VLAN circumvention
c) Route spoofing
d) Weak or non-existent authentication
View Answer
Answer: b
Explanation: VLAN circumvention is an example of data-link layer vulnerability. MAC Address
Spoofing, as well as switches, may be forced for flooding traffic to all VLAN ports are some other
examples of data-link layer vulnerability.

Cyber Security Questions and Answers – Network Models –

OSI Model Security – 2
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers focuses on “Network Models –
OSI Model Security – 2”.

1. Which of the following is not a transport layer vulnerability?

a) Mishandling of undefined, poorly defined
b) The Vulnerability that allows “fingerprinting” & other enumeration of host information
c) Overloading of transport-layer mechanisms
d) Unauthorized network access
View Answer
Answer: d
Explanation: The different vulnerabilities of the Transport layer are mishandling of undefined, poorly
defined, Vulnerability that allow “fingerprinting” & other enumeration of host information,
Overloading of transport-layer mechanisms etc. Unauthorized network access is an example of
physical layer vulnerability.
2. Which of the following is not session layer vulnerability?
a) Mishandling of undefined, poorly defined
b) Spoofing and hijacking of data based on failed authentication attempts
c) Passing of session-credentials allowing intercept and unauthorized use
d) Weak or non-existent authentication mechanisms
View Answer
Answer: a
Explanation: Vulnerabilities of session layer of the OSI model are spoofing and hijacking of data
based on failed authentication attempts, weak or non-existent authentication mechanisms, and the
passing of session-credentials allowing intercept and unauthorized use.
3. Failed sessions allow brute-force attacks on access credentials. This type of attacks are done in
which layer of the OSI model?
a) Physical layer
b) Data-link Layer
c) Session layer
d) Presentation layer
View Answer
Answer: c
Explanation: Session identification may be subject to spoofing may lead to data leakage which
depends on failed authentication attempts and allow hackers to allow brute-force attacks on access
credentials.
4. Transmission mechanisms can be subject to spoofing & attacks based on skilled modified packets.
a) True
b) False
View Answer
Answer: a
Explanation: Transmission mechanisms can be subject to spoofing & attacks based on skilled
modified packets. This type of attacks is done in the transport layer of the OSI model.
5. Which of the following is not an example of presentation layer issues?
a) Poor handling of unexpected input can lead to the execution of arbitrary instructions
b) Unintentional or ill-directed use of superficially supplied input
c) Cryptographic flaws in the system may get exploited to evade privacy
d) Weak or non-existent authentication mechanisms
View Answer
Answer: d
Explanation: Cryptographic flaws may be exploited to circumvent privacy, unintentional or ill-
directed use of superficially supplied input, and poor handling of unexpected input are examples of
presentation layer flaws.
6. Which of the following is not a vulnerability of the application layer?
a) Application design bugs may bypass security controls
b) Inadequate security controls force “all-or-nothing” approach
c) Logical bugs in programs may be by chance or on purpose be used for crashing programs
d) Overloading of transport-layer mechanisms
View Answer
Answer: d
Explanation: Application design flaws may bypass security controls, inadequate security controls as
well as logical bugs in programs may be by chance or on purpose be used for crashing programs.
These all are part of application layer vulnerability.
7. Which of the following is an example of Transport layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) poor handling of unexpected input
d) highly complex application security controls
View Answer
Answer: b
Explanation: Overloading of transport-layer mechanisms is an example of transport layer
vulnerability. Other examples of Transport layer vulnerability are mishandling of undefined, poorly
defined, Vulnerability that allows “fingerprinting” & other enumeration of host information.
8. Which of the following is an example of session layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) poor handling of unexpected input
d) highly complex application security controls
View Answer
Answer: a
Explanation: Weak or non-existent mechanisms for authentication is an example of session layer
vulnerability. Other examples are spoofing and the hijacking of data based on failed-authentication
attempts & passing of session-credentials allowing intercept and unauthorized use.
9. Which of the following is an example of presentation layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) highly complex application security controls
d) poor handling of unexpected input
View Answer
Answer: d
Explanation: Poor handling of unexpected input is an example of presentation layer vulnerability.
Cryptographic flaws may be exploited to circumvent privacy, unintentional use of superficially
supplied input are some other examples of presentation layer vulnerability.
10. Which of the following is an example of application layer vulnerability?
a) Cryptographic flaws lead to the privacy issue
b) Very complex application security controls
c) MAC Address Spoofing
d) Weak or non-existent authentication
View Answer
Answer: b
Explanation: Very complex application security controls can be an example of application layer
vulnerability. Inadequate security controls, as well as logical bugs in programs, are some other
examples of such type.

Cyber Security Questions and Answers – Network Models –

TCP-IP Model Security
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Network
Models – TCP-IP Model Security”.

1. TCP/IP is extensively used model for the World Wide Web for providing network
communications which are composed of 4 layers that work together.
a) True
b) False
View Answer
Answer: a
Explanation: TCP/IP is extensively used model for the World Wide Web for providing network
communications which are composed of 4 layers that work together. Each layer is composed of
header and payload.
2. TCP/IP is composed of _______ number of layers.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: c
Explanation: TCP/IP is extensively used model for the World Wide Web for providing network
communications which are composed of 4 layers that work together. Each layer is composed of
header and payload.
3. Trusted TCP/IP commands have the same needs & go through the identical verification process.
Which of them is not a TCP/IP command?
a) ftp
b) rexec
c) tcpexec
d) telnet
View Answer
Answer: c
Explanation: Trusted TCP/IP commands such as ftp, rexec and telnet have the same needs & go
through the identical verification process. Internet & TCP/IP are often implemented synonymously.
4. Connection authentication is offered for ensuring that the remote host has the likely Internet
Protocol (IP) ___________ & _________
a) address, name
b) address, location
c) network, name
d) network, location
View Answer
Answer: a
Explanation: Connection authentication is offered for ensuring that the remote host has the likely
Internet Protocol (IP)’s address & name. This avoids a remote host to masquerade as an added
remote host.
5. Application layer sends & receives data for particular applications using Hyper Text Transfer
Protocol (HTTP), and Simple Mail Transfer Protocol (SMTP).
a) True
b) False
View Answer
Answer: a
Explanation: Application layer sends & receives data for particular applications using HyperText
Transfer Protocol (HTTP), and Simple Mail Transfer Protocol (SMTP). Hence, data encryption for
HTTP and SMTP is important.
6. TLS vulnerability is also known as Return of Bleichenbacher’s Oracle Threat.
a) True
b) False
View Answer
Answer: a
Explanation: Return of Bleichenbacher’s Oracle Threat is a transport layer vulnerability that allows
an attacker to get hold of the RSA key essential to decrypt TLS traffic below certain conditions.
7. RoBOT is abbreviated as ___________
a) Return of Bleichenbacher’s Oracle Team
b) Rise of Bleichenbacher’s Oracle Threat
c) Return of Bleichenbacher’s Operational Threat
d) Return of Bleichenbacher’s Oracle Threat
View Answer
Answer: d
Explanation: Return of Bleichenbacher’s Oracle Threat is a transport layer vulnerability that allows
an attacker to get hold of the RSA key essential to decrypt TLS traffic below certain conditions.
8. There are __________ different versions of IP popularly used.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: a
Explanation: There are two different versions of IPs used popularly over the internet. These are IPv4
and IPv6. IPv4 is a 32-bits numeric address written in decimal with 4 numbers separated by dots
whereas IPv6 addresses are 128-bits written in hexadecimal & separated by colons.
9. ____________ is an attack where the attacker is able to guess together with the sequence number
of an in progress communication session & the port number.
a) TCP Spoofing
b) TCP Blind Spoofing
c) IP Spoofing
d) IP Blind Spoofing
View Answer
Answer: b
Explanation: TCP Blind Spoofing is an attack where the attacker is able to guess together with the
sequence number of an in progress communication session & the port number.
10. ___________ is an attack technique where numerous SYN packets are spoofed with a bogus
source address which is then sent to an inundated server.
a) SYN flooding attack
b) ACK flooding attack
c) SYN & ACK flooding attack
d) Packet flooding attack
View Answer
Answer: a
Explanation: SYN flooding attack is an attack technique where numerous SYN packets are spoofed
with a bogus source address which is then sent to an inundated server. The SYN & ACK segments
need to begin in a TCP connection.
11. Which of them is not an attack done in the network layer of the TCP/IP model?
a) MITM attack
b) DoS attack
c) Spoofing attack
d) Shoulder surfing
View Answer
Answer: d
Explanation: MITM, Denial of Service (DoS), and spoofing attacks are possible in the network layer
of the TCP/IP model. It is important to secure the network layer as it is the only means to make
certain that your application is not getting flooded with attacks.
12. Which of them is not an appropriate method of router security?
a) Unused ports should be blocked
b) Unused interfaces and services should be disabled
c) Routing protocol needs to be programmed by security experts
d) Packet filtering needs to be enabled
View Answer
Answer: c
Explanation: Unused ports should be blocked, Unused interfaces and services should be disabled, and
Packet filtering needs to be enabled are some of the security measures that need to be taken for the
routers.
13. Which 2 protocols are used in the Transport layer of the TCP/IP model?
a) UDP and HTTP
b) TCP and UDP
c) HTTP and TCP
d) ICMP and HTTP
View Answer
Answer: b
Explanation: The transport layer can voluntarily declare the consistency of communications.
Transmission Control Protocol (TCP) & User Datagram Protocol (UDP) are the most common
transport layer protocols.
14. Which of the protocol is not used in the network layer of the TCP/IP model?
a) ICMP
b) IP
c) IGMP
d) HTTP
View Answer
Answer: d
Explanation: Internet Control Message Protocol (ICMP), Internet Protocol (IP) and Internet Group
Management Protocol (IGMP) are used in the network layer. HTTP is used in application layer of
TCP/IP model.
15. ____________ protocol attack is done in the data-link layer.
a) HTTP
b) DNS
c) TCP/IP
d) POP
View Answer
Answer: b
Explanation: DNS protocol attack is done in the application layer of the TCP/IP model which allows
attackers to modify DNS records in order to misdirect user traffic and land them in some malicious or
spoofed address

Cyber Security Questions and Answers – Security Phases –

Data Leakage and Prevention – 1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Security
Phases – Data Leakage and Prevention – 1”.

1. _____________ is the illicit transmission of data from inside an organization or personal system to
an external location or recipient.
a) Database hacking
b) Data leakage
c) Data cracking
d) Data revealing
View Answer
Answer: b
Explanation: Data leakage is the illicit transmission of data from inside an organization or personal
system to an external location or recipient. The phrase is used for describing data that is transferred
electronically or even physically.
2. Data leakage threats do not usually occur from which of the following?
a) Web and email
b) Mobile data storage
c) USB drives and laptops
d) Television
View Answer
Answer: d
Explanation: Data leakage threats are common from web and emails, mobile data storage devices
such as internal or external storage and memory cards, from USB drives and laptops.
3. Data leakage is popularly known as ___________
a) data theft
b) data crack
c) low and slow data theft
d) slow data theft
View Answer
Answer: c
Explanation: Data leakage is also known as ‘low and slow data theft’, which is a massive issue for
data security & the damage caused to any firm is enormous. Every day there is at least one report of
data theft that occurs worldwide.
4. There are __________ major types of data leakage.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: b
Explanation: There are three major types of data leakage. These are – data breach by accident, data
leak done by ill-intentioned employees and electronic communication with malicious intent.
5. “Unauthorized” data leakage doesn’t essentially mean intended or malicious.
a) True
b) False
View Answer
Answer: a
Explanation: “Unauthorized” data leakage doesn’t essentially mean intended or malicious. It has
been found that the majority of data leakage incidents are accidental but the loss occurred are severe.
6. Unintentional data leakage can still result in the same penalties and reputational damage.
a) True
b) False
View Answer
Answer: a
Explanation: “Unintentional” data leakage doesn’t essentially mean intended or malicious. It has
been found that the majority of data leakage incidents are accidental but it can still result in the same
penalties and reputational damage.
7. When leakage of data is done purposely or because of the lack of employee’s concern toward
confidential data is called ___________ done by employees of an organization.
a) Ill-intentional data leakage
b) Malfunctioned in database
c) A malfunction in online data
d) ill-intension of an outsider
View Answer
Answer: a
Explanation: When leakage of data is done purposely or because of the lack of employee’s concern
toward confidential data is called Ill-intentional data leakage done by employees of an organization.
8. Which of them is not an example of physical data leakage?
a) dumpster diving
b) shoulder surfing
c) printers and photocopiers
d) phishing
View Answer
Answer: d
Explanation: Physical data leakage can be done intentionally by criminal-minded people who can
fetch data from dumpster diving, shoulder surfing, data mentioned in printed papers or taken out of
photocopiers.
Cyber Security Questions and Answers – Security Phases –
Data Leakage and Prevention – 2
« Prev
Next »
This set of Cyber Security online test focuses on “Security Phases – Data Leakage and Prevention –
2”.

1. ______________ is the unauthorized movement of data.

a) Data exfiltration
b) Data infiltration
c) Data cracking
d) Database hacking
View Answer
Answer: a
Explanation: Data exfiltration is the unauthorized movement of data. It comprises data exportation,
data extrusion, data leakage, and data theft and all of them come under data hacking.
2. Which of them is an example of physical data leakage?
a) Dumpster diving
b) MiTM
c) DDoS
d) Phishing
View Answer
Answer: a
Explanation: Physical data leakage can be done intentionally by criminal-minded people who can
fetch data from dumpster diving, shoulder surfing, data mentioned in printed papers or taken out of
photocopiers.
3. Which of them is not an example of data leakage done using electronic communication with
malicious intent?
a) Phishing
b) Spoofed Email
c) Attacks using malware
d) Dumpster diving
View Answer
Answer: d
Explanation: Many organizations provide employees right to use the internet, emails as well as
instant messaging as part of their role. But these are prior targets of hackers for data leaking using
techniques such as phishing, spoofing and attacking target victim using malware.
4. The three steps of data loss prevention are – Identify, Discover and______________
a) Classify
b) Clarify
c) Deletion
d) Detection
View Answer
Answer: a
Explanation: The three steps of data loss prevention are – Identify, Discover and Classify. First, you
have to identify the systems of records. Then you’ve to classify what comprises of sensitive data on
those systems & discover the data elements which are sensitive depending on those classifications.
5. Which of the following is not a step of data-loss prevention?
a) Identify
b) Manage
c) Classify
d) Discover
View Answer
Answer: b
Explanation: The three steps of data loss prevention are – Identify, Discover and Classify. First, you
have to identify the systems of records. Then you’ve to classify what comprises of sensitive data on
those systems & discover the data elements which are sensitive depending on those classifications.
6. Mapping of data-flow in an organization is very useful in understanding the risk better due to
actual & potential data leakage.
a) True
b) False
View Answer
Answer: a
Explanation: Mapping of data-flow in an organization from different systems (to record the
downstream and upstream sources) is very useful in understanding the risk better due to actual &
potential data leakage.
7. Data leakage prevention is based on factors like access controls, persistent, encryption, alerting,
tokenization, blocking dynamic data masking, etc.
a) True
b) False
View Answer
Answer: a
Explanation: Data leakage prevention is based on factors like access controls, persistent, encryption,
alerting, tokenization, blocking dynamic data masking, etc. Like data loss prevention, data leakage
also needs concern and care for data safety.
8. Data leakage threats are done by internal agents. Which of them is not an example of an internal
data leakage threat?
a) Data leak by 3rd Party apps
b) Data leak by partners
c) Data leak by employees
d) Data leak from stolen credentials from the desk
View Answer
Answer: a
Explanation: Data leak by 3rd Party apps is an example of malicious outsider threat that falsely
gained access by masquerading itself. Data leak by business partners, employees or from stolen
credentials are insider’s data-leakage threats.
9. _____________ focuses on the detection & prevention of sensitive data exfiltration and lost data.
a) Data loss prevention
b) Data loss measurement
c) Data stolen software
d) Data leak prevention
View Answer
Answer: a
Explanation: Data loss prevention focuses on the detection & prevention of sensitive data exfiltration
and lost data. It also deals with lost & stolen thumb drive or data blocked by ransomware attacks.

Cyber Security Questions and Answers – Information

Gathering Phase & Techniques – 1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Information
Gathering Phase & Techniques – 1”.

1. ________________ is a component of the reconnaissance stage that is used to gather possible

information for a target computer system or network.
a) Fingerprinting
b) 3D printing
c) Footprinting
d) Data printing
View Answer
Answer: c
Explanation: Footprinting is a component of the reconnaissance stage that is used to gather possible
information for a target computer system or network. It can be either active or passive footprinting.
2. How many types of footprinting are there?
a) 5
b) 4
c) 3
d) 2
View Answer
Answer: d
Explanation: Footprinting is a component of the reconnaissance stage that is used to gather possible
information for a target computer system or network. It can be of 2 types: active or passive
footprinting.
3. ________________ is one of the 3 pre-attacking phase.
a) Fingerprinting
b) 3D printing
c) Footprinting
d) Data printing
View Answer
Answer: c
Explanation: Footprinting is a component of the reconnaissance stage that is used to gather possible
information for a target computer system or network. It can be either active or passive footprinting.
4. A/An ______________ spends 85% of his/her time in profiling an organization and rest amount in
launching the attack.
a) security analyst
b) attacker
c) auditor
d) network engineer
View Answer
Answer: b
Explanation: An attacker spends 85% of his/her time in profiling an organization and rest amount in
launching the attack. Footprinting results in a unique organization profile with respect to the
networks.
5. _______________ is necessary to methodically & systematically ensure all pieces of information
related to target.
a) Fingerprinting
b) 3D printing
c) Footprinting
d) Data printing
View Answer
Answer: c
Explanation: Footprinting is a component of the reconnaissance stage which is necessary to
methodically & systematically ensure all pieces of information related to the target. It can be either
active or passive footprinting.
6. Which of the following is not a spot from where attackers seek information?
a) Domain name
b) IP address
c) System enumeration
d) Document files
View Answer
Answer: d
Explanation: Internet is a common medium for gathering information such as from Domain name, IP
address of the target user, enumeration of victim’s system, IDSes running, TCP & UDP services etc.
7. Which of them is not an information source over the internet for target attackers?
a) Whois
b) YouTube
c) Nslookup
d) Archive sites
View Answer
Answer: b
Explanation: Information can be available free from some sites and databases residing on the
internet. These services and sites are – Whois, Nslookup, Archive Sites, open-source software sites
etc.
8. Footprinting is used to collect information such as namespace, employee info, phone number and
emails, job details.
a) True
b) False
View Answer
Answer: a
Explanation: Footprinting is used to collect information such as namespace, employee info, phone
number and emails, job details, IP address domain name, geo-location, browsing history etc.
9. Spywares can be used to steal _______________ from the attacker’s browser.
a) browsing history
b) company details
c) plug-ins used
d) browser details
View Answer
Answer: a
Explanation: Spywares can be used to steal browsing history, browsing habits and other related
searches from the attacker’s browser. Google chrome itself has a search box in the address bar which
the spyware might monitor to take search results as information for the attacker.
10. https://archive.org is a popular site where one can enter a domain name in its search box for
finding out how the site was looking at a given date.
a) True
b) False
View Answer
Answer: a
Explanation: https://archive.org is a popular archive site where one can enter a domain name in its
search box for finding out how the site was looking at a given date. It stores all the details about the
look and working of the site, even when the site got updated.
11. Information about people is available people search sites. Which of them is an example of people
data searching site?
a) people.com
b) indivinfo.org
c) intelius.com
d) peopleinfo.org
View Answer
Answer: c
Explanation: Information about people is available people search sites. https://www.intelius.com/ is
an example of such site which holds records of people’s information.
12. You can attain a series of IP addresses allotted to a particular company using __________ site.
a) https://www.ipdata.org/
b) https://www.arin.net/
c) https://www.ipip.com/
d) https://www.goipaddr.net/
View Answer
Answer: b
Explanation: Hackers can attain a series of IP addresses allotted to a particular company using
https://www.arin.net/ site. Hackers can enter the company name in the search box for finding a list of
all the assigned IP addresses.
13. ARIN is abbreviated as _____________
a) American Registry for Internet Numbers
b) American Registry for IP Numbers
c) All Registry for Internet Numbers
d) American Registry for IP Numbering
View Answer
Answer: a
Explanation: ARIN is abbreviated as American Registry for Internet Numbers. Hackers can attain a
series of IP addresses allotted to a particular company using https://www.arin.net/ site. Hackers can
enter the company name in the search box for finding a list of all the assigned IP addresses.
14. Using spyware is an example of _________ type of information gathering.
a) active
b) passive
c) active & passive
d) non-passive
View Answer
Answer: a
Explanation: Using spyware is an example of an active information gathering technique. Spywares
can be used to steal browsing history, browsing habits and other related searches from the attacker’s
browser. Google chrome itself has a search box in the address bar which the spyware might monitor
to take search results as information for the attacker.
15. Collecting freely available information over the internet is an example of ____________ type of
information gathering.
a) active
b) passive
c) active & passive
d) non-passive
View Answer
Answer: b
Explanation: Collecting freely available information over the internet is an example of passive
information gathering technique. It uses archive sites, Google, domain name, people search,
Nslookup etc.

Cyber Security Questions and Answers – Information

Gathering Phase & Techniques – 2
« Prev
Next »
This set of Cyber Security online quiz focuses on “Information Gathering Phase & Techniques – 2”.

1. ____________ is the term used for gathering information about your competitors from online
resources, researches, and newsgroups.
a) Competitive Intelligence gathering
b) Cognitive Intelligence gathering
c) Cyber Intelligence gathering
d) Competitors Info gathering
View Answer
Answer: a
Explanation: Competitive Intelligence gathering is the term used for gathering information about
your competitors from online resources, researches, and newsgroups. The competitive intelligence
gathering is non-interfering & subtle in nature.
2. The ______________ intelligence gathering is non-interfering & subtle in nature.
a) cognitive
b) competitive
c) cyber
d) concrete
View Answer
Answer: b
Explanation: Competitive Intelligence gathering is the term used for gathering information about
your competitors from online resources, researches, and newsgroups. The competitive intelligence
gathering is non-interfering & subtle in nature.
3. In the world of data, where data is considered the oil and fuel of modern technology
_____________ is both a product and a process.
a) Competitive Intelligence gathering
b) Cognitive Intelligence gathering
c) Cyber Intelligence gathering
d) Competitors Info gathering
View Answer
Answer: a
Explanation: In the world of data, where data is considered the oil and fuel of modern technology,
Competitive Intelligence gathering is both a product and a process.
4. Which of them is not a proper step in competitive intelligence data processing?
a) Data gathering
b) Data analysis
c) Information security
d) Network analysis
View Answer
Answer: d
Explanation: In the world of data, where data is considered the oil and fuel of modern technology,
Competitive Intelligence gathering is both a product and a process which comprises of some
predefined steps to handle data. These are data gathering, analysis, verification, and security.
5. Which one of the following is a proper step in competitive intelligence data processing?
a) Competitors’ data compromising
b) Data hacking
c) Data analysis
d) Competitors’ data stealing
View Answer
Answer: c
Explanation: In the world of data, where data is considered the oil and fuel of modern technology,
Competitive Intelligence gathering is both a product and a process which comprises of some specific
steps to handle data. These are data gathering, analysis, verification, and security.
6. There are __________ types of cognitive hacking and information gathering which is based on the
source type, from where data is fetched.
a) 6
b) 5
c) 4
d) 3
View Answer
Answer: d
Explanation: There are two types of cognitive hacking and information gathering which are based on
the source type, from where data is fetched. These are single source & multiple sources.
7. ______________ is important to grab a quick understanding and analyzing about your competitors
or target user’s need.
a) Competitive Intelligence gathering
b) Cognitive Intelligence gathering
c) Cyber Intelligence gathering
d) Competitors Info gathering
View Answer
Answer: a
Explanation: In the world of data, where data is considered the oil and fuel of modern technology,
Competitive Intelligence gathering is both a product and a process. Hackers are hired with skills for
gathering competitive knowledge so that data analysts can analyze those for further understanding of
products.
8. Which of them is not a reason for competitive information gathering?
a) Compare your product with competitors
b) Analyze the market position of yours with competitors
c) Fetching confidential plans about your competitors
d) Pull out a list of your competitive firms in the market
View Answer
Answer: c
Explanation: Fetching confidential plans about your competitors’ is not the work of ethical hackers
hired for competitive information gathering. Also fetching such type of confidential information is a
crime.
9. Competitive information gathering if done in the form of active attack using malware or by other
illicit means can put your hired hacker or your company at stake.
a) True
b) False
View Answer
Answer: a
Explanation: By the name of competitive information gathering if done in the form of active attack
using malware or by other illicit means can put your hired hacker or your company at stake. It’s a
cyber-crime also.
10. Predict and analyze the tactics of competitors from data taken out from online data sources is a
crime.
a) True
b) False
View Answer
Answer: b
Explanation: Predict and analyze the tactics of competitors from data taken out from online data
sources is a crime. In the world of data, where data is considered the oil and fuel of modern
technology. It can be done using competitive intelligence gathering techniques.
11. https://www.bidigital.com/ci/ is a website which is used for _________________
a) Competitive Intelligence gathering
b) Cognitive Intelligence gathering
c) Cyber Intelligence gathering
d) Competitors Info gathering
View Answer
Answer: a
Explanation: In the world of data, where data is considered the oil and fuel of modern technology,
Competitive Intelligence gathering is both a product and a process. https://www.bidigital.com/ci/ is a
website which is used for such purpose.
12. Which of the following is a site used for Competitive Intelligence gathering?
a) https://www.bidigital.gov/
b) https://www.cig.com/ci/
c) https://www.coginfo.com/ci/
d) https://www.bidigital.com/ci/
View Answer
Answer: d
Explanation: In the world of data, where data is considered the oil and fuel of modern technology,
Competitive Intelligence gathering is both a product and a process. https://www.bidigital.com/ci/ is a
website which is used for such purpose.
13. Which of the following is not an example of a firm that provides info regarding competitive
intelligence gathering?
a) Carratu International
b) CI Center
c) Microsoft CI
d) Marven Consulting Group
View Answer
Answer: c
Explanation: Carratu International, CI Center, Marven Consulting Group, Lubrinco Pvt Ltd. are some
of the names of firms and companies that provide info regarding competitive intelligence gathering.
14. Using _____________ for doing competitive information gathering is a crime.
a) Spyware
b) Antivirus
c) Anti-malware
d) Adware
View Answer
Answer: a
Explanation: By the name of competitive information gathering if done in the form of active attack
using malware or by other illicit means can put your hired hacker or your company at stake. It’s a
cyber-crime.
15. Competitive Intelligence gathering is both a ___________ and a ____________
a) process, product
b) process, item
c) product & data to sell to 3rd party
d) data to sell to a 3rd party and a product
View Answer
Answer: a
Explanation: In the world of data, where data is considered the oil and fuel of modern technology,
Competitive Intelligence gathering is both a product and a process which comprises of some
predefined steps to handle data.

Cyber Security Questions and Answers – Scanning Phase for

Security – 1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Scanning
Phase for Security – 1”.

1. There are _______ types of scanning.

a) 2
b) 3
c) 4
d) 5
View Answer
Answer: b
Explanation: There are a total of three types of scanning in ethical hacking and cyber-security. These
are vulnerability scanning, network scanning & port scanning.
2. Which of the following is not an objective of scanning?
a) Detection of the live system running on network
b) Discovering the IP address of the target system
c) Discovering the services running on target system
d) Detection of spyware in a system
View Answer
Answer: d
Explanation: Detection of the live system running on the network, discovering the IP address of the
target system, & discovering the services running on the target system are some of the objectives of
scanning.
3. For discovering the OS running on the target system, the scanning has a specific term. What is it?
a) Footprinting
b) 3D Printing
c) Fingerprinting
d) screen-printing
View Answer
Answer: c
Explanation: Fingerprinting is the name of that specific type of scanning For discovering the OS
running on the target system in a network which comes under OS scanning technique.
4. Which of them is not a scanning methodology?
a) Check for live systems
b) Check for open ports
c) Identifying the malware in the system
d) Identifying of services
View Answer
Answer: c
Explanation: Check for live systems, open ports and identification of services running on the systems
are some of the steps and methodologies used in scanning.
5. ICMP scanning is used to scan _______________
a) open systems
b) live systems
c) malfunctioned systems
d) broken systems
View Answer
Answer: b
Explanation: Check for live systems, open ports and identification of services running on the systems
are some of the steps and methodologies used in scanning. ICMP scanning is used for checking live
systems.
6. In live system scanning, it is checked which hosts are up in the network by pinging the systems in
the network.
a) True
b) False
View Answer
Answer: a
Explanation: Check for live systems, open ports and identification of services running on the systems
are some of the steps and methodologies used in scanning. In live system scanning, it is checked
which hosts are up in the network by pinging the systems in the network.
7. ________ attribute is used to tweak the ping timeout value.
a) -time
b) -t
c) -p
d) -tout
View Answer
Answer: b
Explanation: -t attribute is used while pinging any system to tweak the ping timeout value. It is an
example of live system scanning, to check which hosts are up in the network by pinging the systems
in the network.
8. Which of them do not comes under NETBIOS information?
a) Name of the system / PC
b) Workgroup name
c) MAC address
d) RAM space
View Answer
Answer: d
Explanation: Scanning using IP address simply pings each IP address for checking if it is live or not.
This helps in providing NETBIOS information such as the name of the system, workgroup and MAC
address.
9. A ______________ is a simple network scanning technique used for determining which range of
IP address map to live hosts.
a) scan sweep
b) ping sweep
c) scan ping
d) host ping
View Answer
Answer: b
Explanation: A ping sweep is a simple network scanning technique used for determining which range
of IP address map to live hosts. The ping sweep consists of ICMP ECHO requests.
10. Ping sweep is also known as ________________
a) ICMP Sweep
b) ICMP Call
c) IGMP Sweep
d) ICMP pinging
View Answer
Answer: a
Explanation: Ping sweep is also known as ICMP sweep is a simple network scanning technique used
for determining which range of IP address map to live hosts. The ping sweep consists of ICMP
ECHO requests.
11. If any given address is running live, it will return an ICMP ECHO reply.
a) True
b) False
View Answer
Answer: a
Explanation: ICMP sweep is a simple network scanning technique used for determining which range
of IP address map to live hosts. The ping sweep consists of ICMP ECHO requests. If any given
address is running live, it will return an ICMP ECHO reply.
12. __________ scanning is done when a series of messages are sent by someone keeping in mind to
break into a computer.
a) Network
b) Port
c) Vulnerability
d) System
View Answer
Answer: b
Explanation: Scanning is done when a series of messages are sent by someone keeping in mind to
break into a computer to learn about computer network services.
13. ____________ scanning is a procedure to identify active hosts on your network.
a) Network
b) Port
c) Vulnerability
d) System
View Answer
Answer: a
Explanation: Network scanning is a procedure to identify active hosts on your network. It is done
with the intention to either attack your system or for security purposes by ethical hackers.
14. _____________ scanning is an automatic process for identifying vulnerabilities of the system
within a network.
a) Network
b) Port
c) Vulnerability
d) System
View Answer
Answer: c
Explanation: Vulnerability scanning is an automatic process for identifying vulnerabilities of a
computing system within a network. It is one of the popular scanning methodologies.
15. Which of them is not a standard scanning type or terminology?
a) Network
b) Port
c) Vulnerability
d) System
View Answer
Answer: d
Explanation: There are a total of three types of scanning in ethical hacking and cyber-security. These
are vulnerability scanning, network scanning & port scanning. System scanning is not a standard
terminology or type of scanning.

Cyber Security Questions and Answers – Scanning Phase for

Security – 2
« Prev
Next »
This set of Cyber Security Question Bank focuses on “Scanning Phase for Security – 2”.

1. In port scanning, a port is always associated with the _____________ (typically of host system) &
the type of ____________ employed for communication.
a) IP address, protocol
b) MAC address, protocol
c) IP address, IMEI number
d) MAC address, network model
View Answer
Answer: a
Explanation: In port scanning, a port is always associated with an IP address (typically of host
system) & the type of protocol (UDP or TCP) employed for communication.
2. ________________ is a tool which uses traceroute-like techniques for analyzing IP packet
responses.
a) Firewalk
b) Firesweep
c) PingSweeper
d) ICMPwalker
View Answer
Answer: a
Explanation: Firewalk is a tool which is used traceroute-like techniques for analysing IP packet
responses. It determines gateway ACL and filters & map networks. Specifically, it determines filter
rules in place on all packet forwarding devices.
3. In port scanning, a _________ is always associated with an IP address (usually of the host system)
& the type of protocol (UDP or TCP) employed for communication.
a) address
b) port
c) system
d) network
View Answer
Answer: b
Explanation: In port scanning, a port is always associated with an IP address (typically of the host
system) & the type of protocol (UDP or TCP) employed for communication.
4. Firewalk tool employs a technique to determine the ___________ rules in place on the
___________ forwarding device.
a) filter, packet
b) filter, port
c) routing, packet
d) routing, port
View Answer
Answer: a
Explanation: Firewalk is a tool which uses traceroute-like techniques for analyzing IP packet
responses. It determines gateway ACL and filters & map networks. Specifically, it determines filter
rules in place on all packet forwarding devices.
5. Firewalk works by sending ________ & ________ packets.
a) UDP, HTTP
b) TCP, HTTP
c) ICMP, TCP
d) UDP, TCP
View Answer
Answer: d
Explanation: Firewalk is a tool which uses traceroute-like techniques for analyzing IP packet
responses. Firewalk works by sending UDP & TCP packets. It determines filter rules in place on all
packet forwarding devices.
6. Using 3-way handshake, it is possible to check for open ports.
a) True
b) False
View Answer
Answer: a
Explanation: Open ports can be checked where a computer initiates a connection to the server with
SYN flag set. The server replies with both SYN & ACK flag set. Finally, the client responds back to
the server with the ACK packet.
7. Which of them is not a standard flag used in TCP communication between client and server?
a) Synchronize
b) Acknowledgment
c) Finish
d) Start
View Answer
Answer: d
Explanation: Start is not a standard and valid flag of TCP communication in a client-server
connection. These standard flags are: Synchronize Acknowledgement, Push, Urgent, Finish and
Reset.
8. How many standard flags are used in TCP communication?
a) 4
b) 5
c) 6
d) 7
View Answer
Answer: d
Explanation: There are 7 standard flags are used in a TCP communication between client and server.
These standard flags are: Synchronize Acknowledgement, Push, Urgent, Finish and Reset.
9. Which of the following is not a valid scanning method?
a) Xmas Tree scan
b) SYN Stealth scan
c) Null Scan
d) Cloud scan
View Answer
Answer: d
Explanation: Some popular scanning methods used for scanning connections and ports are – Xmas
Tree scan, SYN Stealth Scan, Null Scan, Window Scan, ACK scan, UDP scan etc.
10. ___________ is a command-line TCP/IP packet assembler and analyzer tool.
a) IGMP Ping
b) Hping2
c) Nmap
d) Maltego
View Answer
Answer: b
Explanation: Hping2 is a command-line TCP/IP packet assembler and analyzer tool. Also, it has a
trace-route mode. It has the ability to send files between covered channels & also supports ICMP
echo requests.
11. Which of the following is not a feature of Hping2 tool?
a) Firewall testing
b) Port scanning
c) Network testing
d) Server malware scanning
View Answer
Answer: d
Explanation: Hping2 is a command-line TCP/IP packet assembler and analyzer tool. Also, it has a
trace-route mode. It has the ability to send files between covered channels & also supports ICMP
echo requests. Server malware scanning is not a valid feature of Hping2 tool.
12. _________________ is quite an esoteric process for preventing session creation through a
particular port.
a) Port knocking
b) Port cracking
c) Port hacking
d) Port-jacking
View Answer
Answer: a
Explanation: Port knocking is quite an esoteric process for preventing session creation through a
particular port. Port knocking is not presently used by default in any stack, but soon patches will
come to allow the use of knocking protocols.
13. Which one of them is not a network scanner?
a) NMAP
b) Qualys
c) SoftPerfect
d) Netcat
View Answer
Answer: d
Explanation: NMAP, Qualys, and SoftPerfect are all network scanning tools. Network scanning is
used for a computer network to gather information about the computing systems.
14. Which of them is not a port scanning tool?
a) Netcat
b) Unicornscan
c) Maltego
d) Angry IP Scanner
View Answer
Answer: c
Explanation: Netcat, Unicornscan, Angry IP scanners are some of the popular tools used for port
scanning. These types of tools are a special type of application designed for probing a server or host
for open ports.
15. Which of them is not a vulnerability scanning tool?
a) Nexpose
b) Nessus Professional
c) Snort
d) Nikto Web scanner
View Answer
Answer: c
Explanation: Nexpose, Nikto Web scanner, and Nessus Professional are some of the popular
vulnerability scanning tools. Vulnerability scanners are inspection tools used to check for potential
points of exploit on a system or network for identifying security holes.

Cyber Security Questions and Answers – Email Security – 1

« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Email
Security – 1”.
1. There are _______ major ways of stealing email information.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: b
Explanation: There are three major ways of stealing email information. These are by stealing
cookies, social engineering and password phishing technique.
2. Which of them is not a major way of stealing email information?
a) Stealing cookies
b) Reverse Engineering
c) Password Phishing
d) Social Engineering
View Answer
Answer: b
Explanation: There are three major ways of stealing email information. These are by stealing
cookies, social engineering and password phishing technique. Reverse engineering is not a way of
stealing email information.
3. ____________ is the method for keeping sensitive information in email communication &
accounts secure against unofficial access, loss, or compromise.
a) Email security
b) Email hacking
c) Email protection
d) Email safeguarding
View Answer
Answer: a
Explanation: Email security is the method for keeping sensitive information in email communication
& accounts secure against unofficial access, loss, or compromise.
4. _____________ is a famous technological medium for the spread of malware, facing problems of
spam, & phishing attacks.
a) Cloud
b) Pen drive
c) Website
d) Email
View Answer
Answer: d
Explanation: Email is a famous technological medium for the spread of malware, facing problems of
spam, & phishing attacks and to entice recipients in divulging sensitive information, by open
attachments and/or by clicking on hyperlinks which in background install malware on the victim’s
device.
5. Which of them is not a proper method for email security?
a) Use Strong password
b) Use email Encryption
c) Spam filters and malware scanners
d) Click on unknown links to explore
View Answer
Answer: d
Explanation: Use of strong passwords and email encryption other than planting spam filters and
installing malware scanners are some of the proper methods for email security.
6. If a website uses a cookie, or a browser contains the cookie, then every time you visit that website,
the browser transfers the cookie to that website.
a) True
b) False
View Answer
Answer: a
Explanation: If a website uses a cookie, or a browser contains the cookie, then every time you visit
that website, the browser transfers the cookie to that website. This helps in initiating cookie stealing
attack.
7. The stored cookie which contains all your personal data about that website can be stolen away by
_____________ using _____________ or trojans.
a) attackers, malware
b) hackers, antivirus
c) penetration testers, malware
d) penetration testers, virus
View Answer
Answer: a
Explanation: If a website uses a cookie, or a browser contains the cookie, then every time you visit
that website, the browser transfers the cookie to that website. This stored cookie which contains all
your personal data about that website can be stolen away by attackers using malware or trojans.
8. If the data stored in the _____________ is not encrypted, then after cookie stealing, attackers can
see information such as username and password stored by the cookie.
a) memory
b) quarantine
c) cookies
d) hard drive
View Answer
Answer: c
Explanation: If the data stored in the cookies is not encrypted, then after cookie stealing, attackers
can see information such as username and password stored by the cookie.
9. Which of the following is a non-technical type of intrusion or attack technique?
a) Reverse Engineering
b) Malware Analysis
c) Social Engineering
d) Malware Writing
View Answer
Answer: c
Explanation: Social Engineering is a non-technical type of intrusion or attack technique which relies
heavily on human interaction. It involves tricking target users to break normal security postures.
10. Which of them is an example of grabbing email information?
a) Cookie stealing
b) Reverse engineering
c) Port scanning
d) Banner grabbing
View Answer
Answer: a
Explanation: There are three major ways of stealing email information. These are by stealing
cookies, social engineering and password phishing technique. The remaining three (in the option) are
not ways of stealing email information.
11. _____________ is the technique used for tricking users to disclose their username and passwords
through fake pages.
a) Social Engineering
b) Phishing
c) Cookie Stealing
d) Banner Grabbing
View Answer
Answer: b
Explanation: Phishing is the technique used for tricking users to disclose their username and
passwords through fake pages.
12. Using email hacking illicit hackers can send & spread ___________ virus _____________ and
spam emails.
a) trojans, redirected malicious URLs
b) antivirus, patches
c) cracked software, redirected malicious URLs
d) malware, security patches
View Answer
Answer: a
Explanation: Using email hacking illicit hackers can send & spread malware, trojans, virus, worms,
redirected malicious URLs which can take the target recipients to some infected webpage also.
13. Unsolicited Bulk E-mails (UBI) are called __________
a) SMS
b) MMS
c) Spam emails
d) Malicious emails
View Answer
Answer: c
Explanation: Unsolicited Bulk E-mails (UBI) are an act of sending unwanted emails which one has
no specific or important thing in it. Email spams are actually junk emails that are sent by commercial
firms as an advertisement of their products and services.
14. Fraudulent email messages are some fake email messages that seem legitimate which ask for
your bank details and reply those emails with updated confidential information.
a) True
b) False
View Answer
Answer: a
Explanation: Yes, fraudulent email messages are some fake email messages that seem legitimate
which ask for your bank details and reply those emails with updated confidential information. Email
users must stay aware of such e-frauds.
15. Fraudulent email messages are some fake email messages that seem legitimate which asks for
your confidential bank details such as _____________ details _________ and passwords.
a) credit card, antivirus name
b) credit card, login ID
c) cell phone, antivirus name
d) car model, account ID
View Answer
Answer: b
Explanation: Fraudulent email messages are some fake email messages that seem legitimate which
ask for your confidential bank details such as credit card details, cell phone number, Login ID and
passwords

Cyber Security Questions and Answers – Email Security – 2

« Prev
Next »
This set of Cyber Security Questions and Answers for Entrance exams focuses on “Email Security –
2”.

1. Which of the following is a micro-virus that can bring down the confidentiality of an email
(specifically)?
a) Zeus
b) Stuxnet
c) Reaper Exploit
d) Friday the 13
View Answer
Answer: c
Explanation: Reaper exploit is a micro-virus that can compromise the email security as it works in
the background and sends a copy of reply or forwarded the email to its creator or sender.
2. Email users who use IE as their _________________ are vulnerable to Reaper Exploit.
a) Web engine
b) Rendering engine
c) Game engine
d) HTML engine
View Answer
Answer: d
Explanation: Email users who use Internet Explorer as their HTML engine are vulnerable to Reaper
Exploit. It works in the background and sends a copy of a reply or forwarded the email to its creator
or sender.
3. _______________ needs to be turned off in order to prevent from this attack.
a) Email scripting
b) Email attachments
c) Email services
d) Third party email programs
View Answer
Answer: a
Explanation: Email users who use Internet Explorer as their HTML engine are vulnerable to Reaper
Exploit. It works in the background and sends a copy of a reply or forwarded the email to its creator
or sender. Email scripting needs to be turned off in order to prevent from this attack.
4. Which of the following is a tool to monitor outgoing traffic of target PC’s email and intercept all
the emails sent from it?
a) Wireshark
b) Advanced Stealth Email Redirector
c) MS Outlook
d) Cisco Jabber
View Answer
Answer: b
Explanation: Advanced Stealth Email Redirector is a tool to monitor outgoing traffic of target PC’s
email and intercept all the emails send from it. Intercepted emails are then forwarded to a pre-
specified email ID.
5. Advanced SER is abbreviated as ___________
a) Advanced Stealth Electronic Redirector
b) Advanced Security Email Redirector
c) Advanced Stealth Email Redirector
d) Advanced Stealth Email Recorder
View Answer
Answer: c
Explanation: Advanced Stealth Email Redirector (Advanced SER) is a tool to monitor outgoing
traffic of target PC’s email and intercept all the emails send from it. Intercepted emails are then
forwarded to a pre-specified email ID.
6. Which of the following will not help in preserving email security?
a) Create a strong password
b) Connect your email to a phone number
c) Use two-factor authentication for password verification and login
d) Click on unknown links and sites
View Answer
Answer: d
Explanation: Some of the following measures to preserve your email security is via creating a strong
password, connecting your emails to your personal phone number and set up 2-factor authentication
for login.
7. Once the email is compromised, all other sites and services online associated with this email can
be compromised.
a) True
b) False
View Answer
Answer: a
Explanation: Email security is very much necessary because once the email is compromised, all other
sites and services online associated with this email can be compromised and the hacker will be able
to access all other accounts linked to this email.
8. _____________ is an encryption program or add-ons which provides cryptographic privacy &
authentication for email communication.
a) Powerful Good Privacy
b) Pretty Good Privacy
c) Pretty Good Encryption
d) Pretty Strong Encryption
View Answer
Answer: b
Explanation: Pretty Good Privacy is an encryption program which provides cryptographic privacy &
authentication for email communication. Basically, it is used for securing user’s texts, emails,
attachments etc.
9. PGP is abbreviated as _______________
a) Pretty Good Privacy
b) Powerful Good Privacy
c) Protocol Giving Privacy
d) Pretty Good Protocol
View Answer
Answer: a
Explanation: Pretty Good Privacy (PGP) is an encryption program which provides cryptographic
privacy & authentication for email communication. Basically, it is used for securing user’s texts,
emails, attachments etc.
10. Which of them is not an example of business email security tool?
a) Microsoft Office Trust Center
b) Sendinc
c) Hushmail Business
d) Cisco Jabber
View Answer
Answer: d
Explanation: Cisco Jabber is a unified communications application that lets users access, send instant
messaging, voice, voice messaging, desktop sharing, & conferencing. The rest three are a business
email security tools.
11. Which of them is not an example of business email security tool?
a) Enlocked
b) RPost Office
c) MS Outlook
d) Sendinc
View Answer
Answer: c
Explanation: MS Outlook is a web-based desktop app as well as an online suite of webmail, tasks,
contacts & calendaring services developed by Microsoft. The rest three are a business email security
tools.
12. ________________ is a free extension of browser that enables you in decrypting as well as
encrypting emails.
a) Enlocked
b) MS Outlook
c) Cisco Jabber
d) Mailvelope
View Answer
Answer: d
Explanation: Mailvelope is a free extension of the browser (which is available for both Google
Chrome as well as Mozilla Firefox) that enables users in decrypting as well as encrypting emails
using an openPGP standard of encryption.
13. Which of the following is not an email related hacking tool?
a) Email Finder Pro
b) Sendinc
c) Mail PassView
d) Mail Password
View Answer
Answer: b
Explanation: Sendinc is not an email data compromising tool. It is used for securing business email
accounts and offers a quick web-based way to jump into offering secure emails for firms. The rest
three are email compromising tools.
14. _______________ is targeted bulk email marketing software.
a) Email Spider Toolkit
b) Email Spider Easy
c) Email Crawler Easy
d) Email Spider Toolkit
View Answer
Answer: b
Explanation: Email Spider Easy is targeted bulk email marketing software. It rapidly & automatically
searches & spider from the search engine for finding email addresses. This tool is integrated with top
search engines.
15. ______________ is a tool that is integrated with top 90 search engines to grab quick search for
email addresses and other details.
a) Email Spider Toolkit
b) Email Spider Easy
c) Email Crawler Easy
d) Email Spider Toolkit
View Answer
Answer: b
Explanation: Email Spider Easy is targeted bulk email marketing software. It rapidly & automatically
searches & spider from the search engine for finding email addresses. This tool is integrated with top
search engines & its speed allows up to 500 email extraction threads simultaneously.
16. MegaHackerZ helps crackers to crack email passwords.
a) True
b) False
View Answer
Answer: a
Explanation: MegaHackerZ helps crackers to crack email passwords. Though it is not used very
much as the versions are deprecated. But it is still useful for weak passwords to crack easily.
Cyber Security Questions and Answers – Password
Cracking and Security Measures – 1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Password
Cracking and Security Measures – 1”.

1. System hacking involves password hacking as one of the major hacking methodologies.
a) True
b) False
View Answer
Answer: a
Explanation: System hacking, which is of four types involves password hacking as one of the major
hacking methodologies. It is used to crack the security of a system and gain access for stealing data.
2. Password cracking in system hacking is of ________ types.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: c
Explanation: System hacking involves password hacking as one of the major hacking methodologies.
It is of 4 types. These are passive online attack, active online attack, offline attack, and non-
electronic attack.
3. There are ________ major types of passwords.
a) 4
b) 5
c) 6
d) 7
View Answer
Answer: d
Explanation: There are seven major types of passwords. These are a password containing only letters,
a password containing only number, a password containing only special characters, a password
containing only alpha-numeric characters, a password containing letters, numbers as well as special
symbols or password containing any two combinations of the three.
4. In _______________ attacks an attacker do not contact with authorizing party for stealing
password.
a) passive online
b) active online
c) offline
d) non-electronic
View Answer
Answer: a
Explanation: In passive online attacks, the attacker do not contact with an authorized party to steal
the password, rather the attacker attempts to grab password hacking without communicating with the
victim or his/her victim account.
5. Which of the following is an example of passive online attack?
a) Phishing
b) Social Engineering
c) Spamming
d) Wire sniffing
View Answer
Answer: d
Explanation: Attacker do not contact with an authorized party to steal the password in the passive
online attack, rather the attacker attempts to grab password hacking without communicating with the
victim or his/her victim account. Examples of passive online attacks include wire sniffing, Man in the
middle attack and reply attack.
6. Which of the following is not an example of a passive online attack?
a) MiTM
b) Reply Attack
c) Phishing
d) Wire sniffing
View Answer
Answer: c
Explanation: Phishing is not an example of a passive online attack. In passive online attacks, the
attacker does not contact with an authorized party to steal the password. Types of passive online
attacks include wire sniffing, Man in the middle attack and reply attack.
7. Which of the following do not comes under hurdles of passive online attack for hackers?
a) Hard to perpetrate
b) Computationally complex
c) Time taking, so patience has to be there
d) Tools not available
View Answer
Answer: d
Explanation: Tools for doing a passive offline attack on passwords is widely available so it doesn’t
come under disadvantage or hurdles of passive offline attack. But passive offline attacks are
computationally complex, hard to perpetrate and may take time.
8. Which of the following case comes under victims’ list of an active online attack?
a) Strong password based accounts
b) Unsecured HTTP users
c) Open authentication points
d) Logged in systems and services
View Answer
Answer: c
Explanation: Systems with bad or weak passwords & with open authentication points often becomes
the victim of an active online attack where the attacker directly tries different passwords 1-by-1
against victim’s system/account.
9. In _______________ password grabbing attack the attacker directly tries different passwords 1-
by-1 against victim’s system/account.
a) passive online
b) active online
c) offline attack
d) non-electronic
View Answer
Answer: b
Explanation: Users with open authentication points and bad or weak passwords often becomes the
victim of an active online attack where the attacker directly tries different passwords 1-by-1 against
victim’s system/account.
10. Which of them is not a disadvantage of active online attack?
a) Takes a long time
b) Easily and automatically detected
c) Need high network bandwidth
d) Need the patience to crack
View Answer
Answer: b
Explanation: In an active online attack, the attacker directly tries different passwords 1-by-1 against
victim’s system/account. It has some disadvantages as it takes a long time, hence a lot of patience &
high network bandwidth also.
11. _________________ can be alternatively termed as password guessing attack.
a) passive online
b) active online
c) offline attack
d) non-electronic
View Answer
Answer: b
Explanation: Users with open authentication points and bad or weak passwords often becomes the
victim of the active online attack. It is alternatively termed as password guessing attack where the
attacker directly tries different passwords 1-by-1 against victim’s system/account.
12. ________________ attacks are carried out from a location other than the real computer where the
password reside or was used.
a) passive online
b) active online
c) offline password
d) non-electronic
View Answer
Answer: c
Explanation: For this cyber-criminal needs to have physical access to the system and so offline
password attacks are carried out from a location other than the real computer where the password
reside or was used. They are common examples of physical data breaching & hacking.
13. _______________ attacks always need physical access to the system that is having password file
or the hacker needs to crack the system by other means.
a) online
b) offline
c) password
d) non-electronic
View Answer
Answer: b
Explanation: Offline password attacks are carried out from a location other than the real computer
where the password resides or was used. They need physical access to the system that is having a
password file or the hacker needs to crack the system by other means.
14. Which of the following is not an example of offline password attack?
a) Dictionary attack
b) Rainbow attacks
c) Brute force attack
d) Spamming attack
View Answer
Answer: d
Explanation: The offline attack needs physical access to the system that is having a password file or
the hacker needs to crack the system by other means. A dictionary attack, rainbow, and brute force
come under offline attack.
15. Passwords need to be kept encrypted to protect from such offline attacks.
a) True
b) False
View Answer
Answer: a
Explanation: Physical access is needed in offline attack to the system that is having a password file or
the hacker needs to crack the system by other means. Hence, even if hackers gain physical access to
the system, if the passwords are in the encrypted mode, it will be almost impossible to steal
passwords.

Cyber Security Questions and Answers – Password

Cracking and Security Measures – 2
« Prev
Next »
This set of Cyber Security Questions and Answers for Campus interviews focuses on “Password
Cracking and Security Measures – 2”.

1. Saving passwords in the browser is a good habit.

a) True
b) False
View Answer
Answer: b
Explanation: Saving passwords in the browser for your different user accounts and web services is
not a good habit. All browsers do not keep these passwords as an encrypted format. Chrome allows
you to see those passwords if you know the system’s password which can lead to a security breach.
2. Which of the following is not an advantage of dictionary attack?
a) Very fast
b) Time-saving
c) Easy to perform
d) Very tough and inefficient
View Answer
Answer: d
Explanation: A dictionary attack is a process of breaking a password protected system or server by
simply & automatically entering every word in a dictionary as a password. It is very fast, time-saving
and easy to perform.
3. A _______________ is a process of breaking a password protected system or server by simply &
automatically entering every word in a dictionary as a password.
a) Dictionary attack
b) Phishing attack
c) Social engineering attack
d) MiTM attack
View Answer
Answer: a
Explanation: A dictionary attack is a process of breaking a password protected system or server by
simply & automatically entering every word in a dictionary as a password. It is very fast, time-saving
and easy to perform.
4. Which of the following comes under the advantage of dictionary attack?
a) Time-consuming
b) Moderate efficient
c) Very fast
d) Complex to carry-out
View Answer
Answer: c
Explanation: A dictionary attack is a process of breaking a password protected system or server by
simply & automatically entering every word in a dictionary as a password. It is very fast, time-saving
and easy to perform.
5. The hybrid attack is a combination of dictionary attack followed by inserting entropy & performs
brute force.
a) True
b) False
View Answer
Answer: a
Explanation: A hybrid attack is a combination of both brute force attack & dictionary attack. So,
while a dictionary attack would comprise a wordlist of passwords, the brute force attack would be
functional for each possible password in the given list.
6. Brute force attack is ______________
a) fast
b) inefficient
c) slow
d) complex to understand
View Answer
Answer: c
Explanation: A brute force is the simplest process of gaining access to any password-protected
system. It tries a variety of combinations of usernames & passwords again and again until it cracks it
or password matches. But it is comparatively slow.
7. A _____________ attack one of the simplest processes of gaining access to any password-
protected system.
a) Clickjacking
b) Brute force
c) Eavesdropping
d) Waterhole
View Answer
Answer: b
Explanation: A brute force is the simplest process of gaining access to any password-protected
system. It tries a variety of combinations of usernames & passwords again and again until it cracks it
or password matches.
8. ____________ attack is a combination of Dictionary attack & brute force attack.
a) Syllable
b) Syllabi
c) Database
d) Phishing
View Answer
Answer: a
Explanation: Syllable attack is a combination of Dictionary attack & brute force attack. This
technique may be implemented when the password is a non-existing word and attacker tries some
techniques to crack it.
9. Attackers can use the _______________ when he/she gets some information or hint regarding
password he/she wants to crack.
a) Syllable attack
b) Rule-based attack
c) Offline attack
d) Hybrid attack
View Answer
Answer: b
Explanation: Attackers can use the rule-based attack when he/she gets some information or hint
regarding password he/she wants to crack. Examples of such scenarios are like: hacker knows about
the type of password, or size or what type of data it might contain.
10. _______________ are based on dictionary attack techniques.
a) Hybrid attacks
b) Network attacks
c) TCP attacks
d) Database attacks
View Answer
Answer: a
Explanation: Hybrid attacks are based on dictionary attack techniques. In such types of attacks, the
dictionary attack is mixed with some numerals and special symbols.
11. _____________ are based on dictionary attack techniques where the dictionary attack is mixed
with some numerals and special symbols.
a) Syllable attack
b) Rule-based attack
c) Offline attack
d) Hybrid attack
View Answer
Answer: d
Explanation: Hybrid attack is a type of offline attack which is based on dictionary attack methods. In
such types of attacks, the dictionary attack is mixed with some numerals and special symbols.
12. Which of the following is not an example of non-technical attack techniques?
a) Shoulder surfing
b) Keyboard sniffing
c) Phishing
d) Social engineering
View Answer
Answer: c
Explanation: In the non-technical type of attacks, it is not required to have any technical knowledge
to attack your target victim. Examples of such types of attacks are shoulder surfing, keyboard
sniffing, and social engineering.

Cyber Security Questions and Answers – Cyber Security

Types – Windows Security
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Cyber
Security Types – Windows Security”.

1. __________ passwords are next level of security.

a) BIOS
b) CMOS
c) SMOS
d) BOIS
View Answer
Answer: a
Explanation: BIOS passwords are next level of security where the password is set in the CMOS
(which is a tiny battery) chip on the motherboard, which keeps on running even after the PC is turned
off.
2. BIOS is abbreviated as _______________
a) Basic Input Output Server
b) Basic Internet Output Systems
c) Basic Input Output System
d) Battery-based Input Output System
View Answer
Answer: c
Explanation: BIOS (Basic Input Output System) passwords are next level of security. BIOS is an
essential part of your system & comes with it as you bring the computer home where the password
gets stored in CMOS which keeps on running even after the PC gets shut down.
3. Most computers have BIOS which can be configured so that it can ask for a password once the
system starts.
a) True
b) False
View Answer
Answer: a
Explanation: Most computers have BIOS which can be configured so that it can ask for a password
once the system starts. It is the next level of security where the password is set in the CMOS.
4. Find out, select & uninstall all ________________ programs from your computer.
a) useful
b) pre-installed
c) unwanted
d) utility
View Answer
Answer: c
Explanation: Find out, select & uninstall all unwanted programs from your computer to maintain
security. At times, there are some programs that get installed with useful applications as separate
programs or as complementary programs. If you’re not using those programs or don’t know about
their usage and from where they came, it can be a malware also.
5. As a backup for securing your device, it is necessary to create a _____________
a) backup point
b) copy of files in separate drives
c) copy of files in the same drives
d) restore point
View Answer
Answer: d
Explanation: As a backup for securing your device, it is necessary to create a restore point so that you
can roll-back all the changes and programs installed by restoring the system to the state before those
changes.
6. The _______________ is a security app by Microsoft which is a built-in one into Windows OS
that is designed to filter network data from your Windows system & block harmful communications
or the programs which are initiating them.
a) Windows Security Essentials
b) Windows Firewall
c) Windows app blocker
d) Windows 10
View Answer
Answer: b
Explanation: The Windows Firewall is a security app by Microsoft which is a built-in one into
Windows OS that is designed to filter network data from your Windows system & block harmful
communications or the programs which are initiating them.
7. _____________ are essential because they frequently comprises of critical patches to security
holes.
a) System software
b) Utility Software
c) Software executables
d) Software updates
View Answer
Answer: d
Explanation: Software updates are essential because they frequently comprise critical patches to
security holes. In fact, a lot of harmful malware attacks can be stopped with official updates from
vendors.
8. The ______________ account and the __________ account have the same file privileges, but their
working and functionalities have difference.
a) system, administrator
b) system, user
c) group, user
d) user, administrator
View Answer
Answer: a
Explanation: The system account and the administrator account have the same file privileges, but
their working and functionalities have a difference. Actually, the system account is used by the OS &
by services which run under Windows. And, administrator account gives the user full control to their
files, directories, services.
9. ________________ is an anti-malware tool found in newer OS which is designed for protecting
computers from viruses, spyware & other malware.
a) Norton Antivirus
b) Windows Defender
c) Anti-malware
d) Microsoft Security Essentials
View Answer
Answer: b
Explanation: Windows Defender is an anti-malware tool found in newer OS which is designed for
protecting computers from viruses, spyware & other malware. It comes built-in with Windows 8 &
Windows 10.
10. ____________ is an application which now comes built-in Windows OS & it allows Windows
users to encrypt all drive for security purpose.
a) MS Windows Defender
b) MSE
c) BitLocker
d) MS Office
View Answer
Answer: c
Explanation: BitLocker is an application which now comes as built-in Windows OS and it allows
Windows users to encrypt all drives for |security purpose. It checks for TPM status whether activated
or not.
11. A __________ is a dedicatedly designed chip on an endpoint device which stores RSA
encryption keys particular to the host system for the purpose of hardware authentication.
a) Trusted Platform Mode
b) Trusted Protocol Module
c) Trusted Privacy Module
d) Trusted Platform Module
View Answer
Answer: d
Explanation: A Trusted Platform Module is a dedicatedly designed chip on an endpoint device which
stores RSA encryption keys particular to the host system for the purpose of hardware authentication.
12. TPM is abbreviated as ____________
a) Trusted Platform Mode
b) Trusted Platform Module
c) Trusted Privacy Module
d) True Platform Module
View Answer
Answer: b
Explanation: Port knocking is quite an esoteric process for preventing session creation through a
particular port. Port knocking is not presently used by default in any stack, but soon patches will
come to allow the use of knocking protocols

Cyber Security Questions and Answers – Cyber Security

Types – Mobile Phone Security
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Cyber
Security Types – Mobile Phone Security”.

1. Which of the following is not an appropriate way of targeting a mobile phone for hacking?
a) Target mobile hardware vulnerabilities
b) Target apps’ vulnerabilities
c) Setup Keyloggers and spyware in smart-phones
d) Snatch the phone
View Answer
Answer: d
Explanation: Snatching is not a type of hacking any smart-phone. Targeting the hardware and
application level vulnerabilities and setting some keylogger or spyware in the target mobile can help
get valuable info about the victim.
2. Which of the following is not an OS for mobile?
a) Palm
b) Windows
c) Mango
d) Android
View Answer
Answer: c
Explanation: A mobile/smart-phone operating system is software which allows smart-phones, tablets,
phablets & other devices to run apps & programs within it. Palm OS, Windows OS, and Android OS
are some of the examples of Mobile OS.
3. Mobile Phone OS contains open APIs that may be _____________ attack.
a) useful for
b) vulnerable to
c) easy to
d) meant for
View Answer
Answer: b
Explanation: Mobile phone operating systems contain open APIs that or may be vulnerable to
different attacks. OS has a number of connectivity mechanisms through which attackers can spread
malware.
4. ____________ gets propagated through networks and technologies like SMS, Bluetooth, wireless
medium, USBs and infrared to affect mobile phones.
a) Worms
b) Antivirus
c) Malware
d) Multimedia files
View Answer
Answer: c
Explanation: Malware gets propagated through networks and technologies like SMS, Bluetooth,
wireless medium, USBs and infrared to affect mobile phones.
5. ____________ is the protection of smart-phones, phablets, tablets, and other portable tech-devices,
& the networks to which they connect to, from threats & bugs.
a) OS Security
b) Database security
c) Cloud security
d) Mobile security
View Answer
Answer: d
Explanation: Mobile security is the protection of smart-phones, phablets, tablets, and other portable
tech-devices, & the networks to which they connect to, from threats & bugs.
6. Mobile security is also known as ____________
a) OS Security
b) Wireless security
c) Cloud security
d) Database security
View Answer
Answer: b
Explanation: Mobile security also known as wireless security is the protection of smart-phones,
phablets, tablets, and other portable tech-devices, & the networks to which they connect to, from
threats & bugs.
7. DDoS in mobile systems wait for the owner of the _____________ to trigger the attack.
a) worms
b) virus
c) botnets
d) programs
View Answer
Answer: c
Explanation: Botnets on compromised mobile devices wait for instructions from their owner. After
getting the owner’s instruction it launches DDoS flood attack. This result in a failure in connecting
calls or transmitting data.
8. Hackers cannot do which of the following after compromising your phone?
a) Steal your information
b) Rob your e-money
c) Shoulder surfing
d) Spying
View Answer
Answer: c
Explanation: Shoulder surfing is done before compromising the mobile. So, hackers can steal your
information; rob your e-money or do spying after compromising your smart-phone.
9. Hackers cannot do which of the following after compromising your phone?
a) Shoulder surfing
b) Accessing your voice mail
c) Steal your information
d) Use your app credentials
View Answer
Answer: a
Explanation: Shoulder surfing is done before compromising the mobile. So, hackers can steal your
information; accessing your voice mail or use your app credentials after compromising your smart-
phone.
10. App permissions can cause trouble as some apps may secretly access your memory card or
contact data.
a) True
b) False
View Answer
Answer: a
Explanation: App permissions can cause trouble as some apps may secretly access your memory card
or contact data. Almost all applications nowadays ask for such permission, so make sure you do a
proper survey on these apps before allowing such access.
11. Activate _____________ when you’re required it to use, otherwise turn it off for security
purpose.
a) Flash Light
b) App updates
c) Bluetooth
d) Rotation
View Answer
Answer: c
Explanation: Activate Bluetooth when you’re required it to use, otherwise turn it off for security
purpose. This is because; there are various tools and vulnerabilities that may gain access to your
smart-phone using Bluetooth.
12. Try not to keep ________________ passwords, especially fingerprint for your smart-phone,
because it can lead to physical hacking if you’re not aware or asleep.
a) Biometric
b) PIN-based
c) Alphanumeric
d) Short
View Answer
Answer: a
Explanation: Try not to keep biometric passwords, especially fingerprint for your smart-phone
containing very confidential data, because anyone can do physical hacking if you’re not aware or
asleep.
13. Which of the following tool is used for Blackjacking?
a) BBAttacker
b) BBProxy
c) Blackburried
d) BBJacking
View Answer
Answer: b
Explanation: BBProxy (installed on blackberry phones) is the name of the tool used to conduct
blackjacking. What attackers do is they install BBProxy on user’s blackberry and once the tool is
activated it opens a covert channel between the hacker and the compromised host.
14. BBProxy tool is used in which mobile OS?
a) Android
b) Symbian
c) Raspberry
d) Blackberry
View Answer
Answer: d
Explanation: BBProxy (installed on blackberry phones) is the name of the tool used to conduct
blackjacking. What attackers do is they install BBProxy on user’s blackberry and once the tool is
activated it opens a covert channel between the hacker and the compromised host.
15. Which of the following is not a security issue for PDAs?
a) Password theft
b) Data theft
c) Reverse engineering
d) Wireless vulnerability
View Answer
Answer: c
Explanation: Reverse engineering is not an issue of PDA (Personal Digital Assistant). Password
theft, data theft, wireless vulnerability exploitation, data corruption using virus are some of them.

Cyber Security Questions and Answers – Cyber Security

Types – Wireless Security
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Cyber
Security Types – Wireless Security”.

1. ____________________ is the anticipation of unauthorized access or break to computers or data

by means of wireless networks.
a) Wireless access
b) Wireless security
c) Wired Security
d) Wired device apps
View Answer
Answer: b
Explanation: Wireless security is the anticipation of unauthorized access or breaks to computers or
data by means of wireless networks. The most widespread types of wireless securities are Wired
Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 and recently released WPA3.
2. Which among them has the strongest wireless security?
a) WEP
b) WPA
c) WPA2
d) WPA3
View Answer
Answer: d
Explanation: The most extensive types of wireless securities are Wired Equivalent Privacy (WEP),
Wi-Fi Protected Access (WPA), WPA2 and WPA3. WPA3 is the strongest and recently released.
3. Which among the following is the least strong security encryption standard?
a) WEP
b) WPA
c) WPA2
d) WPA3
View Answer
Answer: a
Explanation: A prime branch of cyber-security is wireless security. The most widespread types of
wireless securities are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 and
WPA3. WEP is notoriously weak encryption standard.
4. _________ is an old IEEE 802.11 standard from the year 1999.
a) WPA2
b) WPA3
c) WEP
d) WPA
View Answer
Answer: c
Explanation: The most widespread types of wireless securities are Wired Equivalent Privacy (WEP),
Wi-Fi Protected Access (WPA), WPA2 and WPA3. WEP is an old IEEE 802.11 standard from the
year 1999.
5. _______________ is the central node of 802.11 wireless operations.
a) WPA
b) Access Point
c) WAP
d) Access Port
View Answer
Answer: b
Explanation: The central node of 802.11 wireless operations is the Access Point (AP). It is that
interface which acts as an intermediary of a wired & wireless network; and all the associated wireless
clients’ use this to exchange data with it.
6. AP is abbreviated as _____________
a) Access Point
b) Access Port
c) Access Position
d) Accessing Port
View Answer
Answer: a
Explanation: The central node of 802.11 is that interface which acts as an intermediary of a wired &
wireless network; and all the associated wireless clients’ use this and exchange data.
7. ___________________ is alike as that of Access Point (AP) from 802.11, & the mobile operators
uses it for offering signal coverage.
a) Base Signal Station
b) Base Transmitter Station
c) Base Transceiver Station
d) Transceiver Station
View Answer
Answer: c
Explanation: Base Transceiver Station (BTS) which is also known as a base station (BS) or radio
base station (RBS) is alike as that of Access Point (AP) from 802.11, & the mobile operators use it
for offering signal coverage.
8. BTS stands for ___________________
a) Basement Transceiver Server
b) Base Transmitter Station
c) Base Transceiver Server
d) Base Transceiver Station
View Answer
Answer: d
Explanation: Base Transceiver Station is a section of equipment which facilitates wireless
communication from 802.11 & the mobile operators use it for offering signal coverage. Examples are
GSM, 3G, 4G etc.
9. There are __________ types of wireless authentication modes.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: a
Explanation: There are 2 achievable authentication types or schemes which are implemented in the
wireless security. These are Pre-Shared Key – based authentication & Open Authentication.
10. When a wireless user authenticates to any AP, both of them go in the course of four-step
authentication progression which is called _____________
a) AP-handshaking
b) 4-way handshake
c) 4-way connection
d) wireless handshaking
View Answer
Answer: b
Explanation: When a wireless user authenticates to any AP, both of them go in the course of four-
step authentication progression which is called 4-way handshake.
11. WPS stands for __________________
a) WiFi Protected System
b) WiFi Protected Setup
c) WiFi Protocol Setup
d) Wireless Protected Setup
View Answer
Answer: b
Explanation: WPS stands for WiFi Protected Setup began to show up a few years back on wireless
access points as a new way of adding or connecting new devices to the network by just pushing a key
(within the router) & inserting the password.
12. It is recommended to use WPA2 or WPA3 encryption standard as they are strong and more
secure.
a) True
b) False
View Answer
Answer: a
Explanation: It is recommended to use WPA2 or WPA3 encryption standard as they are strong and
more secure. WPA2 & WPA3 characterizes the protocols a router & Wi-Fi client devices use for
performing “handshake” securely for communication.
13. ___________ is a process of wireless traffic analysis that may be helpful for forensic
investigations or during troubleshooting any wireless issue.
a) Wireless Traffic Sniffing
b) WiFi Traffic Sniffing
c) Wireless Traffic Checking
d) Wireless Transmission Sniffing
View Answer
Answer: a
Explanation: Wireless Traffic Sniffing is a process of analyzing wireless traffic that may be helpful
for forensic investigations or during troubleshooting any wireless issue.
14. Which of the following is a Wireless traffic Sniffing tool?
a) Maltego
b) BurpSuit
c) Nessus
d) Wireshark
View Answer
Answer: d
Explanation: The process of analyzing wireless traffic that may be helpful for forensic investigations
or during troubleshooting any wireless issue is called Wireless Traffic Sniffing. Popular tools used in
this case are Wireshark and Kismet.
15. ___________________ began to show up few years back on wireless access points as a new way
of adding or connecting new devices.
a) WPA2
b) WPA
c) WPS
d) WEP
View Answer
Answer: c
Explanation: WiFi Protected Setup (WPS) began to show up a few years back on wireless access
points as a new way of adding or connecting new devices to the network by just pushing a key
(within the router) & typing an eight-digit password on the client device.

Cyber Security Questions and Answers – Attack Vectors –

Virus and Worms
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – Virus and Worms”.

1. There are _________ types of computer virus.

a) 5
b) 7
c) 10
d) 12
View Answer
Answer: c
Explanation: There are a total of 10 types of virus. These are categorized based on their working and
characteristics. These are System or Boot Sector Virus, Direct Action Virus, Resident Virus,
Multipartite Virus, Polymorphic Virus, Overwrite Virus, Space-filler Virus, File infectors, Macro
Virus, Rootkit virus.
2. Which of the following is not a type of virus?
a) Boot sector
b) Polymorphic
c) Multipartite
d) Trojans
View Answer
Answer: d
Explanation: Types of viruses are System or Boot Sector Virus, Direct Action Virus, Resident Virus,
Multipartite Virus, Polymorphic Virus, Overwrite Virus, Space-filler Virus, File infectors, Macro
Virus, Rootkit virus. Trojan does not come under types of virus.
3. A computer ________ is a malicious code which self-replicates by copying itself to other
programs.
a) program
b) virus
c) application
d) worm
View Answer
Answer: b
Explanation: A computer virus is a malicious code which self-replicates by copying itself to other
programs. The computer virus gets spread by itself into other executable code or documents. The
intention of creating a virus is to infect vulnerable systems.
4. Which of them is not an ideal way of spreading the virus?
a) Infected website
b) Emails
c) Official Antivirus CDs
d) USBs
View Answer
Answer: c
Explanation: The ideal means of spreading computer virus are through emails, USB drives that are
used portable and injected and ejected in different systems as well as from infected websites.
Antivirus selling vendors do not place a virus in their CDs and DVDs.
5. In which year Apple II virus came into existence?
a) 1979
b) 1980
c) 1981
d) 1982
View Answer
Answer: c
Explanation: In mid-1981, the 1st virus for Apple computers with the name Apple II came into
existence. It was also called Elk Cloner, which resided in the boot sectors of a 3.3 floppy disk.
6. In mid-1981, the 1st virus for Apple computers with the name _________ came into existence.
a) Apple I
b) Apple II
c) Apple III
d) Apple Virus
View Answer
Answer: b
Explanation: In mid-1981, the 1st virus for Apple computers with the name Apple II came into
existence. It was also called Elk Cloner, which resided in the boot sectors of a 3.3 floppy disk.
7. The virus hides itself from getting detected by ______ different ways.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: b
Explanation: The virus hides itself from getting detected in three different ways. These are by
encrypting itself, by altering the disk directory with additional virus bytes or it uses stealth algorithm
to redirect disk data.
8. _______________ infects the master boot record and it is challenging and a complex task to
remove this virus.
a) Boot Sector Virus
b) Polymorphic
c) Multipartite
d) Trojans
View Answer
Answer: a
Explanation: Boot Sector Virus infects the master boot record & it is a challenging & a complex task
to remove such virus. Mostly such virus spreads through removable devices.
9. ________________ gets installed & stays hidden in your computer’s memory. It stays involved to
the specific type of files which it infects.
a) Boot Sector Virus
b) Direct Action Virus
c) Polymorphic Virus
d) Multipartite Virus
View Answer
Answer: b
Explanation: Direct Action Virus gets installed & stays hidden in your computer’s memory. Such
type of virus stays involved to the specific type of files which it infects.
10. Direct Action Virus is also known as ___________
a) Non-resident virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus
View Answer
Answer: a
Explanation: Direct Action Virus is also known as a non-resident virus which gets installed & stays
hidden in your computer’s memory. Such type of virus stays involved to the specific type of files
which it infects.
11. ______________ infects the executables as well as the boot sectors.
a) Non-resident virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus
View Answer
Answer: d
Explanation: Multipartite Virus infects the executables as well as the boot sectors. It infects the
computer or get into any system through multiple mediums and are hard to remove.
12. ______________ are difficult to identify as they keep on changing their type and signature.
a) Non-resident virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus
View Answer
Answer: c
Explanation: Polymorphic Virus is difficult to identify as they keep on changing their type and
signature. They’re not easily detectable by traditional antivirus. It usually changes the signature
pattern whenever it replicates itself.
13. ____________ deletes all the files that it infects.
a) Non-resident virus
b) Overwrite Virus
c) Polymorphic Virus
d) Multipartite Virus
View Answer
Answer: b
Explanation: Overwrite virus deletes all files that it infects. It can be removed by only deleting those
infected files. Mostly, it gets spread via emails.
14. _____________ is also known as cavity virus.
a) Non-resident virus
b) Overwrite Virus
c) Polymorphic Virus
d) Space-filler Virus
View Answer
Answer: d
Explanation: Space-fillers are a special type of virus which usually does not cause any serious harm
to the system except it fills up the empty space in memory and codes leading to wastage of memory.
15. Which of the below-mentioned reasons do not satisfy the reason why people create a computer
virus?
a) Research purpose
b) Pranks
c) Identity theft
d) Protection
View Answer
Answer: d
Explanation: Computer virus is not created for protection. Virus writers may have other reasons like
for research purpose, pranks, vandalism, financial gain, identity theft, and some other malicious
purposes.

Cyber Security Questions and Answers – Attack Vectors –

Trojans and Backdoors – 2
« Prev
Next »
This set of Cyber Security Questions and Answers for Aptitude test focuses on “Attack Vectors –
Trojans and Backdoors – 2”.

1. A/an ___________ is a program that steals your logins & passwords for instant messaging
applications.
a) IM – Trojans
b) Backdoor Trojans
c) Trojan-Downloader
d) Ransom Trojan
View Answer
Answer: a
Explanation: An IM Trojan is a program that steals your logins & passwords for instant messaging
applications. It popularly attacked apps like AOL, Yahoo Pager, and Skype with vulnerabilities.
2. _____________ can modify data on your system – so that your system doesn’t run correctly or
you can no longer access specific data, or it may even ask for ransom in order to give your access.
a) IM – Trojans
b) Backdoor Trojans
c) Trojan-Downloader
d) Ransom Trojan
View Answer
Answer: d
Explanation: Ransom Trojan can modify data on your system – so that your system doesn’t run
correctly or you can no longer access specific data, or it may even ask for ransom in order to give
your access.
3. The ______________ can cost you money, by sending text messages from your mobile phone
numbers.
a) IM – Trojans
b) Backdoor Trojans
c) SMS Trojan
d) Ransom Trojan
View Answer
Answer: c
Explanation: The SMS Trojans can cost you money, by sending text messages from your mobile
phone numbers. These generally target the smart-phones & some of them are designed to send their
own composed SMS also, to embarrass the receiver as well as the sender of the SMS.
4. Trojan-Spy programs can keep an eye on how you are using your system.
a) True
b) False
View Answer
Answer: a
Explanation: Trojan-Spy programs can keep an eye on how you are using your system. These are one
of the most notorious silent observers which even track your browsing data and record your
behaviour. Also, it keeps track of all the programs you use.
5. A ___________ is a method in which a computer security mechanism is bypassed untraceable for
accessing the computer or its information.
a) front-door
b) backdoor
c) clickjacking
d) key-logging
View Answer
Answer: b
Explanation: Using backdoors hackers can breach computer security mechanism for accessing the
computer or its information. This type of code usually comes attached with Trojans.
6. A _________________ may be a hidden part of a program, a separate infected program a Trojan
in disguise of an executable or code in the firmware of any system’s hardware.
a) crypter
b) virus
c) backdoor
d) key-logger
View Answer
Answer: c
Explanation: A backdoor may be a hidden part of a program, a separate infected program a Trojan in
disguise of an executable or code in the firmware of any system’s hardware.
7. Backdoors cannot be designed as ______________
a) the hidden part of a program
b) as a part of Trojans
c) embedded code of the firmware
d) embedded with anti-malware
View Answer
Answer: d
Explanation: Cyber-criminals use backdoors as a means through which they can bypassed security
postures untraceable. They may be a hidden part of a program, a separate infected program a Trojan
in disguise of an executable or code in the firmware of any system’s hardware.
8. Trojans having backdoors are harmless.
a) True
b) False
View Answer
Answer: b
Explanation: Backdoor trojans can cause huge damage as this is a method used by hackers to breach
computer security mechanism. These types of code usually come attached with Trojans programs and
can steal your personal data.
9. The threat of backdoors started when ____________ & ____________ OSs became widely
accepted.
a) single-user, Windows
b) multiuser, networked
c) single-user, UNIX
d) multiuser, UNIX
View Answer
Answer: b
Explanation: Hackers take the help of backdoor to breach security mechanism & bypassed for
stealing different types of information from the target system. The threat of backdoors started when
multiuser & networked OS became widely accepted.
10. Backdoors are also known as ______________
a) Malware-doors
b) Trojan-backups
c) Front-doors
d) Trapdoors
View Answer
Answer: d
Explanation: Trapdoors popularly known as backdoors are used my cyber-criminals as a method in
which a system’s security methods can be bypassed untraceable.
11. __________ is a powerful RAT build using the language Delphi 7.
a) Stuxnet
b) T-Bomb
c) Beast
d) Zeus
View Answer
Answer: c
Explanation: Beast is a powerful RAT build using the language Delphi 7. One special feature of
Beast is that it can help attackers to create all types of Trojans & it has capabilities of multiple Trojan
types.
12. Which of the following is a remote Trojan?
a) Troya
b) DaCryptic
c) BankerA
d) Game-Troj
View Answer
Answer: a
Explanation: Trojan is a small malicious program that runs hidden on the infected system. They are
created with the intent and they infected the system by misleading the user. Troya is a remote Trojan
that works remotely for its creator.

Cyber Security Questions and Answers – Attack Vectors –

Botnets
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – Botnets”.

1. A ___________ consists of at least one bot server or controller and one or more client-bots.
a) Virus
b) Trojan
c) Botnet
d) Adware
View Answer
Answer: c
Explanation: The botnet comprises one bot server or controller and one or more client-bots. Botnets
are managed by bot-herders. They have become major threats to security as they are getting popular
in the cyber-crime world.
2. Botnets are managed by ______________
a) Bot-holders
b) Bot-herders
c) Bot-trainers
d) Bot-creators
View Answer
Answer: b
Explanation: A botnet consists of at least one bot server or controller and one or more client-bots.
Botnets are managed by bot-herders. The exact term is bot herders.
3. A _____________ is a number of Internet-connected systems, where each of them is running one
or more bots.
a) Trojan
b) Virus
c) Worms
d) Botnet
View Answer
Answer: d
Explanation: A botnet is a number of Internet-connected devices, each of which is running one or
more bots. Botnets are managed by bot-herders. These botnets have become foremost threats to
cyber-security.
4. _____________ are implemented to carry out distributed DDoS attacks, steal data, send spam
messages & permits the hacker to access various devices & its connection.
a) Trojan
b) Virus
c) Botnet
d) Worms
View Answer
Answer: c
Explanation: Botnets are implemented to carry out distributed DDoS attacks, steal data, send spam
messages & permits the hacker to access various devices & its connection.
5. Botnets are not used for ______________
a) Perform DDoS
b) Steal bulk amount of sensitive data
c) Spamming
d) Encrypting for ransom
View Answer
Answer: d
Explanation: Botnets usually are not used for encrypting files for ransom. Botnets are implemented to
carry out distributed DDoS attacks, steal data, send spam messages & permits the hacker to access
various devices & its connection.
6. The owner of botnets can control the botnet using ___________________ software.
a) trojans
b) command and control
c) servers
d) infected servers
View Answer
Answer: b
Explanation: A botnet owner can govern and manage the botnet through command & programs.
Botnets are implemented to carry out distributed DDoS attacks, steal data, send spam messages &
permits the hacker to access various devices & its connection.
7. The full form of C&C is ____________
a) command and control
b) copy and cut
c) command and capture
d) copy and control
View Answer
Answer: a
Explanation: The owner of botnets can control the botnet using command & control (C&C) software.
Botnets are implemented to carry out distributed DDoS attacks, steal data, send spam messages &
permits the hacker to access various devices & its connection.
8. The word “botnet” is a blend of the words _____________ & ___________
a) robot, network
b) rocket, network
c) bot, network
d) bot, internet
View Answer
Answer: a
Explanation: The word “botnet” is a blend of the words robot & network. Botnets usually are not
used for encrypting files for ransom. They are implemented to carry out distributed DDoS attacks,
steal data, send spam messages and compromise various services & its connection.
9. Botnets are not the logical connection of which of the following?
a) Smart-phones
b) IoT devices
c) Computer systems
d) Modems
View Answer
Answer: d
Explanation: Botnets are logical connections of smart-phones, IoT devices, computer systems etc.
They are strong enough to carry out distributed denial of service attacks & permit hackers to access
various devices & its connection.
10. Infected computers and other systems within the botnet are called __________
a) killers
b) vampires
c) zombies
d) gargoyles
View Answer
Answer: c
Explanation: Attackers use the botnet for connecting of smart-phones, IoT devices, computer systems
etc. These infected computers and other systems within the botnet connection are called zombies or
zombie computers.
11. The bot program allows the bot-herders to perform all operations from a ___________ location.
a) local
b) open
c) corporate
d) remote
View Answer
Answer: d
Explanation: Infected computers and other systems within the botnet are called zombies systems
which are controlled by bot programs that allow the bot-herders to perform all operations from a
remote location.
12. Nowadays, most botnets rely on existing _______________ networks for communication.
a) server-to-server
b) peer-to-peer
c) client-to-server
d) host-to-server
View Answer
Answer: b
Explanation: Botnets are compromised connectivity of systems like smart-phones, IoT devices,
computer systems etc. Now-a-days, most botnets rely on existing peer-to-peer networks for
communication.
13. Which of the following is not an example of a botnet program?
a) Zeus
b) GameOver
c) ZeroAccess
d) MyDoom
View Answer
Answer: d
Explanation: Examples of some popular botnets are gameover, ZeroAccess, and Zeus. The infect
computers & other systems and turned them into zombies which are also called zombies systems.
14. Which of the following is an example of Botnet?
a) Zeus
b) ILOVEYOU
c) Storm Worm
d) MyDoom
View Answer
Answer: a
Explanation: Botnets are can compromise any system and turn them into zombie computers.
GameOver, Zeus etc. are examples of some popular botnets programs.
15. Which of the following is an example of a Botnet program?
a) Slammer
b) GameOver
c) Stuxnet
d) Anna Kournikova
View Answer
Answer: b
Explanation: Botnets create logical connections with internet connected devices like smart-phones,
IoT devices, computer systems etc. Examples of some popular botnets are GameOver, ZeroAccess,
& Zeus.

Cyber Security Questions and Answers – Attack Vectors –

Digital Privacy
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – Digital Privacy”.

1. _______________deals with the protection of an individual’s information which is implemented

while using the Internet on any computer or personal device.
a) Digital agony
b) Digital privacy
c) Digital secrecy
d) Digital protection
View Answer
Answer: b
Explanation: Digital Privacy deals with the protection of an individual’s information which is
implemented while using the Internet on any computer or personal device.
2. _______________ is a combined term which encompasses 3 sub-pillars; information privacy,
individual privacy, and communication privacy.
a) Digital Integrity
b) Digital privacy
c) Digital secrecy
d) Digital protection
View Answer
Answer: b
Explanation: Digital Privacy is a combined term which encompasses 3 sub-pillars; information
privacy, individual privacy, and communication privacy where all of them deal with the protection of
an individual’s information.
3. Which of the following do not comes under the three pillars of digital privacy?
a) Information privacy
b) Individual privacy
c) Communication privacy
d) Family privacy
View Answer
Answer: d
Explanation: Digital Privacy encompasses 3 sub-pillars; information privacy, individual privacy, and
communication privacy. Family privacy is not a part of its 3-pillars.
4. Which of the following is not an appropriate solution for preserving privacy?
a) Use privacy-focussed SE
b) Use private Browser-window
c) Disable cookies
d) Uninstall Antivirus
View Answer
Answer: d
Explanation: Preserving data privacy needs some appropriate which are by using privacy-focussed
search engines, using private browser window and by disabling cookies.
5. Which of the following is not an appropriate solution for preserving privacy?
a) Use privacy-focussed SE
b) Close all logical ports
c) Do not use malicious sites and torrent sites
d) Use VPN
View Answer
Answer: b
Explanation: Closing of all logical ports is done to secure system from Trojans. Some appropriate
way out for preserving privacy is by using VPNs, using private browser window & by disabling
cookies also.
6. Which of the following is not a private Search-engine?
a) Yahoo
b) DuckDuckGo
c) StartPage
d) Wolfram Alpha
View Answer
Answer: a
Explanation: Digital Privacy includes information privacy, individual privacy & communication
privacy. One appropriate solution for preserving privacy is by using privacy-focussed search engines
like DuckDuckGo, StartPage and Wolfram Alpha.
7. Which of the following is a private Search-engine and do not track our searching data?
a) Google
b) Search Encrypt
c) Bing
d) Yahoo
View Answer
Answer: b
Explanation: Digital Privacy can be preserved in different ways. Few suitable solutions for
preserving privacy are by using privacy-focussed search engines like Search Encrypt, DuckDuckGo,
StartPage and Wolfram Alpha.
8. It is necessary to use ________________ for maintaining searched data privacy.
a) Private email services
b) Private search engines
c) Tor Browser
d) Private Browser window
View Answer
Answer: b
Explanation: It is necessary to use private search engines for maintaining searched data privacy. They
do not keep track of your searched terms or your browsing behaviour and habits. Examples are like
Search Encrypt, DuckDuckGo, StartPage and Wolfram Alpha.
9. Which of the following browser is used for Privacy purpose?
a) Chrome
b) Firefox
c) Opera
d) Tor
View Answer
Answer: d
Explanation: In the complex world where e-privacy is a concern, one should preserve their online
privacy. Some appropriate measures for preserving privacy are by using browsers like Tor and by
disabling cookies.
10. The Tor browser protects your privacy by bouncing your connection and links around a
distributed network over the globe run by volunteers. It gives three layers of anonymity.
a) True
b) False
View Answer
Answer: a
Explanation: The Tor browser protects your privacy by bouncing your connection and links around a
distributed network over the globe run by volunteers. It gives three layers of anonymity.
11. The __________________ protects your privacy by bouncing your connection and links around a
distributed network over the globe run by volunteers. It gives three layers of anonymity.
a) Cookie removers
b) Private Search Engines
c) Tor browser
d) VPNs
View Answer
Answer: c
Explanation: Privacy of data and communication is a major concern nowadays. The Tor browser
protects your privacy by bouncing your connection and links around a distributed network over the
globe run by volunteers.
12. Which of the following is not an example of privacy-browser?
a) Tor
b) Brave
c) Epic
d) Opera
View Answer
Answer: d
Explanation: Digital Privacy gets eliminated if you are using usual browsers that do not have
encrypted security measures to preserve your piracy. One appropriate solution for preserving privacy
is by using browsers like Tor, Brave and Epic.
13. ____________ allow its users to attach to the internet via a remote or virtual server which
preserves privacy.
a) Cookie removers
b) VPNs
c) Tor browser
d) Private Search Engines
View Answer
Answer: b
Explanation: There is a suitable solution for preserving privacy is by using privacy-focussed search
engines, and by using VPNs. VPNs allow its users to attach to the internet via a remote or virtual
server which preserves privacy.
14. The ____________ transferred between your device & the server is securely encrypted if you are
using VPNs.
a) data
b) virus
c) music files
d) document files
View Answer
Answer: a
Explanation: VPNs allow its users to attach to the internet via a remote or virtual server which
preserves privacy. The data transferred between your device & the server is securely encrypted if you
are using VPNs.
15. The data transferred between your device & the server is securely _____________ if you’re using
VPNs.
a) locked
b) sealed
c) packed
d) encrypted
View Answer
Answer: d
Explanation: VPNs allow its users to attach to the internet via a remote or virtual server which
preserves privacy. If you are using VPN, the data between your device & the server gets securely
transmitted.

Cyber Security Questions and Answers – Attack Vectors –

DoS and DDoS
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – DoS and DDoS”.

1. A ______________ tries to formulate a web resource occupied or busy its users by flooding the
URL of the victim with unlimited requests than the server can handle.
a) Phishing attack
b) DoS attack
c) Website attack
d) MiTM attack
View Answer
Answer: b
Explanation: A DoS attack tries to formulate a web resource occupied or busy to its users by flooding
the URL of the victim with unlimited requests than the server can handle.
2. During a DoS attack, the regular traffic on the target _____________ will be either dawdling down
or entirely interrupted.
a) network
b) system
c) website
d) router
View Answer
Answer: c
Explanation: Using of DoS attack put together web resource by flooding its users with unlimited
requests. During a DoS attack, the regular traffic on the target website will be either dawdling down
or entirely interrupted.
3. The intent of a ______________ is to overkill the targeted server’s bandwidth and other resources
of the target website.
a) Phishing attack
b) DoS attack
c) Website attack
d) MiTM attack
View Answer
Answer: b
Explanation: Web resource gets occupied or busy as it floods its users performing DoS attack. The
intent of this attack is to overkill the targeted server’s bandwidth and other resources of the target
website.
4. DoS is abbreviated as _____________________
a) Denial of Service
b) Distribution of Server
c) Distribution of Service
d) Denial of Server
View Answer
Answer: a
Explanation: A Denial of Service attack targets its victim by flooding the URL of the victim with
unlimited requests. The intent of this attack is to overkill the targeted server’s bandwidth and other
resources of the target website.
5. A DoS attack coming from a large number of IP addresses, making it hard to manually filter or
crash the traffic from such sources is known as a _____________
a) GoS attack
b) PDoS attack
c) DoS attack
d) DDoS attack
View Answer
Answer: d
Explanation: A DoS attack coming from a large number of IP addresses, making it hard to manually
filter or crash the traffic from such sources is known as a Distributed Denial of Service (DDoS)
attack.
6. DDoS stands for _________________
a) Direct Distribution of Server
b) Distributed Denial of Service
c) Direct Distribution of Service
d) Distributed Denial of Server
View Answer
Answer: b
Explanation: When a DoS attack comes from a large number of IP addresses, this makes it hard to
manually filter or crash the traffic from such sources and the attack is known as a Distributed Denial
of Service (DDoS) attack.
7. Instead of implementing single computer & its internet bandwidth, a ____________ utilizes
various systems & their connections for flooding the targeted website.
a) GoS attack
b) PoS attack
c) DDoS attack
d) DoS attack
View Answer
Answer: c
Explanation: DDoS is another leading attack type. Instead of implementing single computer & its
internet bandwidth, a DDoS utilizes various systems & their connections for flooding the targeted
website.
8. There are ______ types of DoS attack.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: a
Explanation: With the help of DoS attack attackers try to busy its users by flooding the URL of the
victim with limitless requests. There are two types of DoS attack. These are Application Layer
Attacks and Network Layer DoS attacks.
9. Application layer DoS attack is also known as _______________
a) Layer4 DoS attack
b) Layer5 DoS attack
c) Layer6 DoS attack
d) Layer7 DoS attack
View Answer
Answer: d
Explanation: A DoS attack is a very dangerous threat for users who have their services running via
the internet. The Application Layer DoS is also known as Layer-7 DoS attack.
10. ___________ is a type of DoS threats to overload a server as it sends a large number of requests
requiring resources for handling & processing.
a) Network Layer DoS
b) Physical Layer DoS
c) Transport Layer DoS
d) Application Layer DoS
View Answer
Answer: d
Explanation: DoS attacks are of two types. These are Application Layer Attacks and Network Layer
DoS attacks. Application Layer DoS is a type of DoS threats to overload a server as it sends a large
number of requests requiring resources for handling & processing.
11. Which of the following is not a type of application layer DoS?
a) HTTP flooding
b) Slowloris
c) TCP flooding
d) DNS query flooding
View Answer
Answer: c
Explanation: In application Layer DoS, its threats to overload a server as it sends a large quantity of
requests requiring resources for handling & processing. This category includes HTTP flooding, slow-
flooding attack and DNS query flooding.
12. Network layer attack is also known as ________________
a) Layer3-4 DoS attack
b) Layer5 DoS attack
c) Layer6-7 DoS attack
d) Layer2 DoS attack
View Answer
Answer: a
Explanation: Denial of Service attack becomes dangerous because it floods the target service over the
internet. There are two types of DoS attack. The Network Layer DoS is also known as the Layer 3-4
DoS attack.
13. Which of the following do not comes under network layer DoS flooding?
a) UDP flooding
b) HTTP Flooding
c) SYN flooding
d) NTP Amplification
View Answer
Answer: b
Explanation: Network layer DoS attack is set up to congest the “pipelines” that are connecting user’s
network. This includes attacks such as NTP amplification, SYN flooding, UDP flooding and DNS
amplification.
14. Which of the following do not comes under network layer DoS flooding?
a) DNS amplification
b) UDP flooding
c) DNS query flooding
d) NTP Amplification
View Answer
Answer: c
Explanation: Network layer DoS attack includes attacks such as NTP amplification, SYN flooding,
UDP flooding and DNS amplification. DNS query flooding does not come under the Network layer
DoS attack.
15. DDoS are high traffic events that are measured in Gigabits per second (Gbps) or packets per
second (PPS).
a) True
b) False
View Answer
Answer: a
Explanation: At the time of DoS attack, it becomes hard to manually filter or crash the traffic from
such sources. DDoS are high traffic events that are measured in Gigabits per second (Gbps) or
packets per second (PPS).
16. A DDoS with 20 to 40 Gbps is enough for totally shutting down the majority network
infrastructures.
a) True
b) False
View Answer
Answer: a
Explanation: A DoS attack is very dangerous for any targeted victim because it can seize business
and bring loss to a company running on the website. A DDoS with 20 to 40 Gbps is enough for
totally shutting down the majority network infrastructures.

Cyber Security Questions and Answers – Attack Vectors –

Phishing and its Types
« Prev
Next »
This set of Tricky Cyber Security Questions and Answers focuses on “Attack Vectors – Phishing and
its Types”.

1. ______________ is an internet scam done by cyber-criminals where the user is convinced digitally
to provide confidential information.
a) Phishing attack
b) DoS attack
c) Website attack
d) MiTM attack
View Answer
Answer: a
Explanation: Phishing is an internet scam done by cyber-criminals where the user is convinced
digitally to provide confidential information. There are different types of phishing. Some of them
redirect the user to different sites via emails & spyware.
2. In _______________ some cyber-criminals redirect the legitimate users to different phishing sites
and web pages via emails, IMs, ads and spyware.
a) URL Redirection
b) DoS
c) Phishing
d) MiTM attack
View Answer
Answer: c
Explanation: Phishing is an internet scam done by hackers to provide classified information. In some
of them, cyber-criminals redirect the users to different sites via emails, IMs, and ads.
3. Phishers often develop ______________ websites for tricking users & filling their personal data.
a) legitimate
b) illegitimate
c) genuine
d) official
View Answer
Answer: b
Explanation: Phishing is a category of social engineering attack that is used to steal user data.
Phishers often develop illegitimate websites for tricking users & filling their personal data.
4. Which of the following type of data, phishers cannot steal from its target victims?
a) bank details
b) phone number
c) passwords
d) apps installed in the mobile
View Answer
Answer: d
Explanation: Phishers often develop illegitimate websites for tricking users & filling their personal
data such as bank account details, phone number, address, username, and passwords etc.
5. Algorithm-Based Phishing was developed in the year __________
a) 1988
b) 1989
c) 1990
d) 1991
View Answer
Answer: c
Explanation: Algorithm-Based Phishing was developed in the year 1990 where the first team of
phishers developed an algorithm for generating random credit card numbers for getting an original
card’s match.
6. ______________ was the first type of phishing where the phishers developed an algorithm for
generating random credit card numbers.
a) Algo-based phishing
b) Email-based phishing
c) Domain Phishing
d) Vishing
View Answer
Answer: a
Explanation: Phishing is a category of social engineering attack. In Algorithm-Based Phishing, an
algorithm for generating random credit card numbers for getting an original card’s match.
7. Email Phishing came into origin in the year __________
a) 1990
b) 2000
c) 2005
d) 2015
View Answer
Answer: b
Explanation: Email Phishing came into origin in the year 2000 which is more tech-savvy. Here the
email is created as if it has been sent from a legitimate source with a legitimate link to its official
website.
8. _________________ type of phishing became very popular as if it has been sent from a legitimate
source with a legitimate link to its official website.
a) Algo-based phishing
b) Email-based phishing
c) Domain Phishing
d) Vishing
View Answer
Answer: b
Explanation: In email phishing, the email is fashioned as if it has been sent from a legitimate source
with a legitimate link to its official website. It came into origin in the year 2000.
9. _____________ refers to phishing performed over smart-phone by calling.
a) Algo-based phishing
b) Email-based phishing
c) Domain Phishing
d) Vishing
View Answer
Answer: d
Explanation: Phishers often develop illegitimate websites for tricking users & filling their personal
data. Vishing refers to phishing performed over smart-phone by calling. As the phishing is done
through voice so it is called vishing = voice + phishing.
10. _____________ = voice + phishing.
a) Algo-based phishing
b) Vishing
c) Domain Phishing
d) Email-based phishing
View Answer
Answer: b
Explanation: Phishing occurs when a cyber-criminal masquerade as a trusted entity. Vishing refers to
phishing performed where the phishing is done through voice hence called vishing = voice +
phishing.
11. Victims of phishing are mostly ___________________
a) Tech enthusiast
b) Professional computer engineers
c) Lack of computer knowledge
d) Lack of management skill
View Answer
Answer: c
Explanation: Phishers often develop illegitimate websites for tricking users & filling their personal
data. Victims of such type of attacks are those users with lack of computer knowledge.
12. ___________________ is usually targeted by nature where the emails are exclusively designed to
target any exact user.
a) Algo-based phishing
b) Vishing
c) Domain Phishing
d) Spear phishing
View Answer
Answer: d
Explanation: In spear phishing, hackers usually targeted specifically where the emails are exclusively
designed to target any particular user. It occurs when an attacker masquerades the victim a trusted
party.
13. ____________ or smishing is one of the simplest types of phishing where the target victims may
get a fake order detail with a cancellation link.
a) Algo-based phishing
b) SMS phishing
c) Domain Phishing
d) Spear phishing
View Answer
Answer: b
Explanation: SMS phishing or Smishing is one of the simplest types of phishing where the target
victims may get a fake order detail with a cancellation link or any other link that leads you to a
malicious link.
14. ________________ phishing is that type of phishing where the construction of a fake webpage is
done for targeting definite keywords & waiting for the searcher to land on the fake webpage.
a) Voice
b) SMS
c) Search engine
d) Email
View Answer
Answer: c
Explanation: Search engine phishing is that type of phishing where the construction of a fake
webpage is done for targeting definite keywords & waiting for the searcher to land on the fake
webpage.
15. Which of the following is not an example or type of phishing?
a) Spear phishing
b) Deceptive phishing
c) Whaling
d) Monkey in the Middle
View Answer
Answer: d
Explanation: Phishing is an internet scam done by cyber-criminals where the user is convinced
digitally to provide confidential information. There are different types of phishing. Some of them are
Spear phishing, deceptive phishing, whaling, pharming, vishing.
16. Which of the following is not an example or type of phishing?
a) Tracking
b) Vishing
c) Smishing
d) Pharming
View Answer
Answer: a
Explanation: A popular internet scam done by black hat hackers and crackers to grab confidential
information by masquerading is the phishing technique. Smishing, email phishing, whaling,
pharming, vishing are some popular types of phishing.
Cyber Security Questions and Answers – Attack Vectors –
Sniffing
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – Sniffing”.

1. _____________ is data interception method used by hackers.

a) Phishing
b) DoS
c) Sniffing
d) MiTM
View Answer
Answer: c
Explanation: Sniffing is data interception method used by hackers. Sniffing is the method used to
monitor & capture all data packets passing through any target network using sniffing tools.
2. Sniffing is also known as ___________________
a) network-tapping
b) wiretapping
c) net-tapping
d) wireless-tapping
View Answer
Answer: b
Explanation: Sniffing which is also known as wiretapping is data interception method used by
hackers. It is a technique used for monitoring & capturing all data packets passing through any target
network.
3. _____________ are programs or devices that capture the vital information from the target network
or particular network.
a) Routers
b) Trappers
c) Wireless-crackers
d) Sniffers
View Answer
Answer: d
Explanation: Sniffing is data interception method used by cyber-criminals. Sniffers are programs or
devices that capture vital information from the target network or particular network.
4. Which of them is not an objective of sniffing for hackers?
a) Fetching passwords
b) Email texts
c) Types of files transferred
d) Geographic location of a user
View Answer
Answer: d
Explanation: The method used to capture data packets through any target network is called sniffing.
The various objectives of sniffing for hackers are fetching passwords, email texts and the type of files
transferred.
5. Which of the following tech-concepts cannot be sniffed?
a) Router configuration
b) ISP details
c) Email Traffic
d) Web Traffic
View Answer
Answer: b
Explanation: Sniffing is data interception method and is not used for sniffing ISP details. It is
particularly used for capturing router configuration, email traffic & web traffic.
6. Which of the following tech-concepts cannot be sniffed?
a) Cloud sessions
b) FTP passwords
c) Telnet passwords
d) Chat sessions
View Answer
Answer: a
Explanation: Sniffing technique is used to monitor packets of target network using sniffer programs.
It cannot sniff cloud sessions. It is used to capture and monitor router configuration, Telnet
passwords, chat sessions etc.
7. Which of the below-mentioned protocol is not susceptible to sniffing?
a) HTTP
b) SMTP
c) POP
d) TCP
View Answer
Answer: d
Explanation: The technique used to supervise & confine all data packets through any target network
is called sniffing. HTTP, SMTP, POP are some protocols that are susceptible to sniffing.
8. Which of the below-mentioned protocol is not susceptible to sniffing?
a) NNTP
b) UDP
c) FTP
d) IMAP
View Answer
Answer: b
Explanation: NNTP, FTP, POP and IMAP are some protocols that are susceptible to sniffing. UDP
protocol is not susceptible to sniffing attack. Sniffing is mainly used for capturing email traffic,
router’s configuration, & web traffic.
9. There are __________ types of sniffing.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: a
Explanation: Sniffing is data surveillance technique used by hackers and is used to keep an eye on as
well as detain all data packets with the help of sniffing tools. There are two types of sniffing attacks.
These are passive sniffing and active sniffing.
10. Active sniffing is difficult to detect.
a) True
b) False
View Answer
Answer: b
Explanation: Sniffing is like “tapping phone calls” and try to know about any conversation. There are
two types of sniffing. These are passive sniffing and active sniffing. Passive sniffing is difficult to
detect.
11. Which of the following is not a sniffing tool?
a) Wireshark
b) Dude Sniffer
c) Maltego
d) Look@LAN
View Answer
Answer: c
Explanation: Packet sniffers are utility tools which are used since the release of Ethernet. List of
some of these sniffing tools are Wireshark, Dude Sniffer, Look@LAN etc.
12. A sniffer, on the whole turns your system’s NIC to the licentious mode so that it can listen to all
your data transmitted on its division.
a) True
b) False
View Answer
Answer: a
Explanation: A sniffer on the whole turns your system’s NIC to the licentious mode so that it can
listen to all your data transmitted on its division. This is how it works to sniff all data packets.
13. A ______________ on the whole turns your system’s NIC to the licentious mode so that it can
listen to all your data transmitted on its division.
a) Phishing site
b) Sniffer tool
c) Password cracker
d) NIC cracker
View Answer
Answer: b
Explanation: A sniffer tool turns your machine’s NIC to the dissolute mode so that hackers can listen
to & observe all your data packets. Hence they can know what type of data is being transmitted and
received.
14. In _____________ sniffing, the network traffic is not only supervised & locked but also be can
be altered in different ways to accomplish the attack.
a) passive
b) signal
c) network
d) active
View Answer
Answer: d
Explanation: Sniffing is like tapping the phone calls & over-heard about any discussion. In active
sniffing, the network traffic is not only supervised & locked but also be can be altered in different
ways to accomplish the attack.
15. __________________ are those devices which can be plugged into your network at the hardware
level & it can monitor traffic.
a) Hardware sniffers & analyzers
b) Hardware protocol analyzers
c) Hardware protocol sniffers
d) Hardware traffic sniffers and observers
View Answer
Answer: b
Explanation: Sniffing is data interception method which can be done using hardware also. Hardware
protocol analyzers are those devices which can be plugged into your network at the hardware level &
it can monitor traffic without manipulating it.

Cyber Security Questions and Answers – Attack Vectors –

Session Hijacking
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – Session Hijacking”.

1. _____________ attack is the exploitation of the web-session & its mechanism that is usually
managed with a session token.
a) Session Hacking
b) Session Hijacking
c) Session Cracking
d) Session Compromising
View Answer
Answer: b
Explanation: Session Hijacking attack is the exploitation of the web-session & its mechanism that is
usually managed with a session token. Mostly it is called TCP session hijacking that deals with a
security attack on any target victim’s session over a protected network.
2. The most commonly used session hijacking attack is the _______________
a) IP hacking
b) IP spooling
c) IP spoofing
d) IP tracking
View Answer
Answer: c
Explanation: Session Hijacking is the utilization of a valid system session  which is usually managed
with a token. The most commonly used session hijacking attack is IP spoofing.
3. ________________ are required because HTTP uses a lot of diverse TCP connections, so, the web
server needs a means to distinguish every user’s connections.
a) Internet
b) Network
c) Hijacking
d) Sessions
View Answer
Answer: d
Explanation: Sessions are required because HTTP uses a lot of diverse TCP connections, so, the web
server needs the means to distinguish every user’s connections. Session hijacking attack is the
exploitation of the web-session & its mechanism that is usually managed with a session token.
4. Since most _______________________ occur at the very beginning of the TCP session, this
allows hackers to gain access to any system.
a) authentications
b) breaches
c) integrations
d) associations
View Answer
Answer: a
Explanation: TCP session hijacking that deals with a security attack on any target victim’s session
over a protected network. Since most authentications occur at the very beginning of the TCP session,
this allows hackers to gain access to any machine.
5. _______________ is done only after the target user has connected to the server.
a) Server hacking
b) Banner grabbing
c) Cracking
d) Hijacking
View Answer
Answer: d
Explanation: Hijacking is done only after the target user has connected to the server. Session
hijacking attack is the misuse of the web-session that is usually handled with a session token.
6. In _______________ attack, the attacker doesn’t actively take over another user to perform the
attack.
a) phishing
b) spoofing
c) hijacking
d) vishing
View Answer
Answer: b
Explanation: In a spoofing attack, the attacker doesn’t actively take over another user to perform the
attack. The most commonly used session hijacking attack is IP spoofing.
7. There are ___________ types of session hijacking.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: a
Explanation: The session hijacking is a form of web attack usually managed with a session token.
There are two types of session hijacking. These are active and passive session hijacking.
8. With ___________________ attack, an attacker hijacks a session but do not alter anything. They
just sit back and watch or record all the traffic and data being sent forth.
a) network session hijacking
b) passive session hijacking
c) active session hijacking
d) social-networking session hijacking
View Answer
Answer: b
Explanation: There are 2 types of session hijacking viz. active and passive session hijacking. With a
passive session hijacking attack, an attacker hijacks a session but do not alter anything. They just sit
back and watch or record all the traffic and data being sent forth.
9. In an _________________ attack, an attacker finds an active session & takes over that session.
a) network session hijacking
b) passive session hijacking
c) active session hijacking
d) social-networking session hijacking
View Answer
Answer: c
Explanation: There are 2 types of session hijacking. These are active and passive session hijacking.
In an active session hijacking attack, an attacker finds an active session & takes over that session.
10. Session hijacking takes place at ____________ number of levels.
a) five
b) four
c) three
d) two
View Answer
Answer: d
Explanation: Session Hijacking works based on the principle of system’s sessions. Session hijacking
takes place at two levels. These are network level and application level hijacking.
11. The ______________ hijacking is implemented on the data flow of protocol shared by all web
applications.
a) network level
b) physical level
c) application level
d) data level
View Answer
Answer: a
Explanation: TCP session hijacking that deals with a security attack on any target victim’s session
over a protected network. The network hijacking is implemented on the data flow of protocol shared
by all web applications.
12. Which of the following example do not comes under network level session hijacking.
a) TCP/IP Hijacking
b) RST Hijacking
c) Domain Hijacking
d) Blind Hijacking
View Answer
Answer: c
Explanation: The network hijacking is implemented on the data flow of protocol shared by all web
applications. Examples of network level hijacking are TCP/IP hijacking, RST hijacking, blind
hijacking UDP hijacking etc.
13. In ___________________ session hijacking, hackers gain session ID for taking control of
existing session or even create a new unauthorized session.
a) network level
b) physical level
c) application level
d) data level
View Answer
Answer: b
Explanation: These are network level and application level hijacking. In application level session
hijacking, hackers gain session ID for taking control of existing session or even create a new
unauthorized session.
14. Which of them is not a session hijacking tool?
a) Juggernaut
b) IP watcher
c) Wireshark
d) Paros HTTP Hijacker
View Answer
Answer: c
Explanation: The session depicts the time period in which communication of 2 computer systems
takes place. Some of the sessions hijacking tools are Jiggernaut, IP watcher and Paros HTTP
Hijacker.
15. Which of the following is a session hijacking tool?
a) T-Sight
b) Wireshark
c) Maltego
d) Nessus
View Answer
Answer: a
Explanation: The session remains valid up to the ending of any communication. Some of the sessions
hijacking tools are T-Sight, Jiggernaut, IP watcher and Paros HTTP Hijacker.
16. Hjksuite Tool is a collection of programs for hijacking. It contains a library called hjklib which
can help in implementing TCP/IP stack-over hijacking.
a) True
b) False
View Answer
Answer: a
Explanation: Hjksuite tool is a collection of programs used for session hijacking. It contains a library
called hjklib which can help in implementing TCP/IP stack-over hijacking

Cyber Security Questions and Answers – Web Server

Attacks
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Web Server
Attacks”.

1. Which of the following is not an appropriate way to compromise web servers?

a) Misconfiguration in OS
b) Using network vulnerabilities
c) Misconfiguration in networks
d) Bugs in OS which allow commands to run on web servers
View Answer
Answer: b
Explanation: Websites get hosted on web servers. Web servers are actually computers running that
makes us available & accessible files (web pages) through the internet. Various ways that can help
compromise a web server are a misconfiguration of network or OS, bugs in web server’s OS etc.
2. Which of the following is not an appropriate method of defacing web server?
a) Fetching credentials through MiTM
b) Brute-forcing Admin Password
c) IP address spoofing
d) DNS Attack through cache poisoning
View Answer
Answer: c
Explanation: Various ways which can help a hacker deface the web server. These are by fetching
credentials through MiTM, brute-forcing administrator password, DNS attack through cache
poisoning, FTP server intrusion and many more.
3. Which of the following is not an appropriate method of defacing web server?
a) Mail server intrusion
b) Web application bugs
c) Web shares misconfiguration
d) Sessions hijacking
View Answer
Answer: d
Explanation: Defacing the web server can be done in various ways by fetching credentials through
brute-forcing administrator password, through cache poisoning, mail server intrusion, web app bugs
and many more.
4. _________ is one of the most widely used web server platforms.
a) IIS
b) IAS
c) ISS
d) AIS
View Answer
Answer: a
Explanation: Websites get hosted on web servers. Web servers are actually computers running that
makes us available & accessible files (web pages) through the internet. IIS is one of the most widely
used web server platforms.
5. IIS stands for __________________
a) Interconnected Information Server
b) Interconnected Information Services
c) Internet Information Server
d) Internet Information Services
View Answer
Answer: d
Explanation: Web servers are actually computers running that makes us available & accessible files
(web pages) through the internet. The most widely used web server platform is the IIS (Internet
Information Services).
6. ____________ is a tiny script that if uploaded to a web server can give hacker complete control of
a remote PC.
a) Spyware
b) ASP Trojan
c) Web ransomware
d) Stuxnet
View Answer
Answer: b
Explanation: ASP Trojan is a tiny script that if uploaded to a web server can give hacker complete
control of remote PC. ASP Trojan can be easily attached to web applications creating a backdoor in
web server hacking.
7. ____________ logs all the visits in log files which is located at <%systemroot%>\logfiles.
a) IIS
b) Microsoft Server
c) Linux
d) IAS
View Answer
Answer: a
Explanation: Internet Information Services logs all the visits in log files which are located at
<%systemroot%>\logfiles. IIS (Internet Information Services) is one of the most widely used web
server platforms.
8. Which of the following is not a web server attack type?
a) DOS attack
b) Website Defacement using SQLi
c) Directory Traversal
d) Password guessing
View Answer
Answer: d
Explanation: The web servers are actually computers running that makes us available & accessible
files (web pages) through the internet. Different web server attack types are through DOS attack,
website defacement using SQLi and directory traversal.
9. ______________ tool clears the log entries in the IIS log files filtered by an IP address.
a) CleanIISLoging
b) CleanLogger
c) CleanIISLog
d) ClearIISLog
View Answer
Answer: c
Explanation: IIS (Internet Information Services) is one of the most widely used web server platform.
IIS logs all the visits in log files which are located at <%systemroot%>\logfiles. CleanIISLog tool
clears the log entries in the IIS log files filtered by an IP address.
10. CleanIISLog is not a hacking tool.
a) True
b) False
View Answer
Answer: b
Explanation: CleanIISLog tool is used to clear the log entries in the IIS log files filtered by an IP
address. It is a hacking tool which can help in easily remove all traces of her log file from the server.
11. Which of the following is not an appropriate countermeasure for web server hacking?
a) Patch updates need to be done regularly
b) Not to use default configurations
c) Use IDS and firewalls with signature updates
d) Use low-speed internet
View Answer
Answer: d
Explanation: To protect against web server hacking, one need to patch updates regularly, not to use
default configurations, use IDS and firewalls with signature updates.
12. Which of the following is not an appropriate countermeasure for web server hacking?
a) Using OS or antivirus without updates
b) Scan web server applications for vulnerabilities
c) Using secure protocols
d) Follow strict access control policy
View Answer
Answer: a
Explanation: For defending against web server hacking, one needs to scan web server applications
for vulnerabilities, make use of secure protocols, and follow strict access control policy.

Cyber Security Questions and Answers – Attack Vectors –

Web Application Vulnerabilities
« Prev
Next »
This set of Tough Cyber Security Questions and Answers focuses on “Attack Vectors – Web
Application Vulnerabilities”.

1. A _______________ is a program application which is stored on a remote-server & distributed

over the Internet when a user uses a browser interface to request for such applications.
a) Android application
b) Web application
c) PC application
d) Cloud application
View Answer
Answer: b
Explanation: A Web application is a program application that is stored on a remote-server &
distributed over the Internet when a user uses a browser interface to request for such applications.
2. Which of the following is not an example of web application hacking?
a) Defacing websites
b) Stealing credit card information
c) Reverse engineering PC apps
d) Exploiting server-side scripting
View Answer
Answer: c
Explanation: Reverse engineering PC apps is not an example of web application hacking. Stealing
credit card information, reverse engineering PC apps, and exploiting server-side scripting are
examples of web application hacking.
3. _______________ hacking refers to mistreatment of applications through HTTP or HTTPS that
can be done by manipulating the web application through its graphical web interface or by tampering
the Uniform Resource Identifier (URI).
a) Android application
b) Web application
c) PC application
d) Cloud application
View Answer
Answer: b
Explanation: Web application hacking can be defined as the mistreatment of applications through
HTTP or HTTPS that can be done by manipulating the web application through its graphical web
interface or by tampering the Uniform Resource Identifier (URI).
4. Which of the following is not an appropriate method of web application hacking?
a) XSS
b) CSRF
c) SQLi
d) Brute-force
View Answer
Answer: d
Explanation: The mistreatment of online services and applications that uses HTTP or HTTPS can be
done by manipulating the web application through its graphical web interface. Popular hacking
methods are XSS, CSRF, SQLi.
5. XSS stands for _________________
a) Crack Site Scripting
b) Cross Site Server
c) Cross Site Scripting
d) Crack Server Scripting
View Answer
Answer: c
Explanation: Cross-site scripting (XSS) is a kind of external injection attack on web-app security
where an attacker injects some abnormal data, such as a malicious code/script to harm or lower down
the reputation of trusted websites.
6. Which of the following is not an example of web application hacking?
a) DNS Attack
b) Dumpster diving
c) Injecting Malicious code
d) Using the shell to destroy web application data
View Answer
Answer: b
Explanation: Domain Name Server (DNS) Attack, injecting Malicious code, using the shell to
destroy web application data, exploiting server-side scripting are examples of web application
hacking.
7. Which of the following is not a threat of web application?
a) Reverse engineering
b) Command injection
c) DMZ protocol attack
d) Buffer Overflow
View Answer
Answer: a
Explanation: Web applications are mistreated via HTTP or HTTPS for manipulating the web
application through its graphical web interface and this technique is called Web application hacking.
Web application threats are command injection, DMZ protocol attack, buffer overflow attack etc.
8. Which of the following is not a threat of web application?
a) Session poisoning
b) Phishing
c) Cryptographic interception
d) Cookie snooping
View Answer
Answer: b
Explanation: Web application hacking is the mistreatment of online applications and services. Some
web application threats are session poisoning, cryptographic interception, cookie snooping etc.
9. ________ Injection attack is a special attack done through character elements “Carriage Return” or
“Line Feed.” Exploitation can be done when an attacker is capable to inject a CRLF series in an
HTTP stream.
a) XSS
b) CSRF
c) CRLF
d) SQL
View Answer
Answer: c
Explanation: CRLF Injection attack is a special attack done through character elements “Carriage
Return” or “Line Feed.” Exploitation can be done when an attacker is capable to inject a CRLF series
in an HTTP stream.
10. Which of the following scripting language is used for injecting executable malicious code for
web-app hacking?
a) C++
b) Tcl
c) Frame-Script
d) JavaScript
View Answer
Answer: d
Explanation: Web application hacking can be defined as the mistreatment of applications through
HTTP or HTTPS that can be done by manipulating the web application through its graphical web
interface. JavaScript is used for injecting code for web-app hacking.
11. ______________ takes advantage if hidden fields that work as the only security measure in some
applications.
a) Parameter tampering
b) Data tampering
c) Tampering of network topology
d) Protocol tampering
View Answer
Answer: a
Explanation: Parameter tampering takes advantage if hidden fields that work as the only security
measure in some applications. Modifying this hidden field value will cause the web application to
change according to new data incorporated.
12. _____________ is the attack method for decoding user credentials. Using this technique an
attacker can log on as a user & gain access to unauthorized data.
a) Cache Snooping
b) Cookie-jacking
c) Cookie Snooping
d) Cache-compromising
View Answer
Answer: c
Explanation: Cookie Snooping is the attack method for decoding user credentials. Using this
technique an attacker can log on as a user & gain access to unauthorized data.
13. Which of the following is not an example of web application hacking technique?
a) LDAP injection
b) Cryptanalysis
c) Race condition attack
d) OS command injection.
View Answer
Answer: b
Explanation: Cryptanalysis is the study of cipher-text & cryptosystems keeping in mind to improvise
the crypto-algorithm by understanding how they work & finding alternate techniques. The rest three
are examples of web application hacking techniques.

Cyber Security Questions and Answers – Attack Vectors –

Adwares
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – Adwares”.

1. _____________ are unwanted software intended to pitch advertisements upon the user’s screen,
most often within a web browser.
a) Shareware
b) Adware
c) Bloatware
d) Ransomware
View Answer
Answer: b
Explanation: Adwares are unwanted software intended to pitch advertisements upon the user’s
screen, most often within a web browser. Sometimes, hackers embed malware along with it to
compromise systems. So, security professionals treat it as modern-day PUP (potentially unwanted
programs).
2. PUP is abbreviated as ____________
a) Potentially Useless Programs
b) Potentially Unwanted Protocols
c) Potentially Unwanted Programs
d) Partial Unwanted Programs
View Answer
Answer: c
Explanation: Adwares are designed to pitch advertisements upon user’s screen, most often within a
web browser. So, security professionals treat it as modern-day PUP (potentially unwanted programs).
3. Users might invite some bogus virus in his/her system by clicking the ____________
a) Shareware
b) Spyware
c) URL
d) Adware
View Answer
Answer: d
Explanation: The unwanted software used to pitch ads on the user’s screen is the adware, displayed
most often within a web browser. Users might invite some bogus virus in his/her system by clicking
the adware.
4. Which among the following is not an abnormal symptom found once you click any malicious
adware?
a) Automatic opening of new tabs in the browser
b) Automatic updates of antivirus
c) Changes in home page
d) Popping up of new Search engines on your browser
View Answer
Answer: b
Explanation: Some abnormal symptom found once you click any malicious adware are the automatic
opening of new tabs in the browser, changes in a home page, popping up of new Search engines on
your browser etc.
5. Once _____________ hijacks your system, it might perform different sorts of unwanted tasks.
a) Server hacking
b) Banner grabbing
c) Cracking
d) Hijacking
View Answer
Answer: d
Explanation: Once adware hijacks your system, it might perform different kinds of superfluous tasks.
The adware’s functions may be intended to analyze a victim’s location & what different Internet sites
he/she is visiting.
6. Creators of _____________ also sell your browsing behaviour & information to 3rd parties.
a) Shareware
b) Spyware
c) URL
d) Adware
View Answer
Answer: d
Explanation: The adware’s functions may be intended to analyze a victim’s location & what different
Internet sites he/she is visiting. Creators of adware also sell your browsing behaviour & information
to 3rd parties.
7. Modern ____________ can even use it to target users with additional advertisements that are
customized to the browsing habits.
a) smart shareware
b) smart adware
c) smart bloatware
d) smart spyware
View Answer
Answer: b
Explanation: Creators of adware also sell your browsing behaviour & information to 3rd parties.
Modern smart adware can even use it to target users with additional advertisements that are
customized to browsing habits.
8. Creators of adware also sell your browsing behaviour & information to 3rd parties.
a) True
b) False
View Answer
Answer: a
Explanation: The adware’s functions may be intended to analyze the victim’s location & what
different Internet sites he/she is visiting. Creators of adware also sell your browsing behaviour &
information to 3rd parties.
9. Which among the following is not a symptom of your system compromised with adware?
a) Website links redirect to sites unlike from what user is intended
b) Web browser acts slows to a crawl
c) System takes restarts frequently
d) The browser might crash frequently
View Answer
Answer: c
Explanation: When adware hijacks your system, various kinds of unessential tasks keep on
happening. Website links redirect to sites unlike from what user is intended, web browser acts slows
to a crawl, the browser might crash frequently etc are some of the symptoms of adware infected
system.
10. Malicious adware may sneak into your system by __________ different ways.
a) five
b) four
c) three
d) two
View Answer
Answer: d
Explanation: Malicious adware may sneak into your system in 2 different ways. 1 st, if you download
and install a program that is freeware or shareware, it might install some other programs and ads –
popping applications. 2nd, through insidious – websites containing adware.
11. Which of the following term is not a valid terminology and type of adware?
a) Mobile adware
b) Mac Adware
c) Smart-home adware
d) Windows adware
View Answer
Answer: c
Explanation: Website links redirect to sites unlike from what the user is intended, web browser acts
slows to a crawl, the browser might crash frequently etc are some of the symptoms of adware
infected system. These are mobile/android adware, Mac and Windows adware etc.
12. Adware will not come to your system if you are using Chrome.
a) True
b) False
View Answer
Answer: b
Explanation: As adware hijacks your system, various kinds of unessential tasks keep occurring.
Adware may come and junk up your system through any browser, whether it is Firefox, Chrome,
Opera or Edge.

Cyber Security Questions and Answers – Attack Vectors –

Spywares
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – Spywares”.
1. ________________ are unnecessary software which infiltrates user’s system, spy on user’s
activities, stealing internet usage data & sensitive information of that user.
a) Shareware
b) Spyware
c) Ransomware
d) Freeware
View Answer
Answer: b
Explanation: Spyware is preventable software that spy on user’s activities, stealing internet usage
data & sensitive information of that user. Spyware is categorized as a sub-type of malware intended
to spy & gain access to or damage the system data, without your acquaintance.
2. They spy on our digital habits and spy on which data is more sensitive or useful for its creator.
Who are ‘they’ referring to here?
a) Shareware
b) Ransomware
c) Spyware
d) Freeware
View Answer
Answer: c
Explanation: Here ‘they’ refer to spyware which is an unnecessary software which infiltrates user’s
system, spy on user’s activities, stealing internet usage data & sensitive information of that user.
3. Spyware collects user’s personal data & spreads it to______________ data-firms, or its creator.
a) advertisers
b) dark-market
c) antivirus company
d) share market
View Answer
Answer: a
Explanation: Spyware is unnecessary software which infiltrates user’s system, spy on the user’s
activities, stealing internet usage data & sensitive information of that user. Spyware collects user’s
personal data & spreads it to advertisers, data-firms, or its creator.
4. Which of the following activity is not done by spyware?
a) sell internet usage data
b) capture credit card details
c) user’s personal identity
d) steal signature of the different virus
View Answer
Answer: d
Explanation: Spyware are harmful programs intended to spy & gain access to or damage the system
data, without your acquaintance. It captures credit card details, user’s personal identity, sells internet
usage data etc.
5. Which of the following activity is not done by spyware?
a) Monitors your internet activity
b) Track user’s login details and passwords
c) Uninstalls your mobile browser
d) Spy on sensitive information
View Answer
Answer: c
Explanation: Spyware is harmful software which infiltrates user’s system, spy on user’s activities,
stealing internet usage data & sensitive information of that user. It monitors your internet activity,
track login credentials and spy on user’s sensitive information.
6. Spyware is not a powerful & one of the most widespread threats on the internet.
a) True
b) False
View Answer
Answer: b
Explanation: Spyware is one of the most powerful & widespread threats on the internet. Spyware is
categorized as a sub-type of malware intended to spy & gain access to or damage the system data,
without your acquaintance.
7. It actually infects your device easily & makes it hard to _____________
a) delete
b) identify
c) modify
d) copy
View Answer
Answer: b
Explanation: The most powerful & widespread threats for users are the spyware. It actually infects
your device easily & makes it hard to detect. Once detected, we need specific tools and antivirus
programs to delete them.
8. There are __________ main types of spyware.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: c
Explanation: Spyware actually infects your device easily & makes it hard to detect. There are 4 major
types of spyware. These are adware, tracking cookies, spy-trojans & system monitoring spyware.
9. _____________ track the user’s online activities like search queries, history pages & downloads,
for selling purposes.
a) Ad-based spyware
b) System Monitors
c) Spy-trojans
d) Tracking cookies
View Answer
Answer: d
Explanation: There are 4 major types of spyware. One of them is the tracking cookies which track the
user’s online activities like search queries, history pages & downloads, for selling purposes.
10. _____________ tracks your data and displays those products as ads for promotions.
a) Ad-based spyware
b) System Monitors
c) Spy-trojans
d) Tracking cookies
View Answer
Answer: a
Explanation: Spyware are of four major types. One of them is adware. Adware or ad-based spyware
tracks your data and displays those products as ads for promotions.
11. _________________ disguises them as legitimate software & appear as Java or Flash Player
updates. They will periodically collect your system data and send it to its creator.
a) Ad-based spyware
b) System Monitors
c) Spy-trojans
d) Tracking cookies
View Answer
Answer: c
Explanation: There are four major types of spyware. One of them is the spy-trojans which disguise
them as legitimate software & appear as Java or Flash Player updates. They will periodically collect
your system data and send it to its creator.
12. ____________ records all your key-strokes, chat-room dialogs, program run in your system, and
system details.
a) Ad-based spyware
b) System Monitors
c) Spy-trojans
d) Tracking cookies
View Answer
Answer: b
Explanation: One of the types of spyware is the system monitoring spyware which records all your
key-strokes, chat-room dialogs, a program run in your system, and system details.
13. Which of the following do not lead you to invite spyware into your system?
a) Accepting fishy prompt or pop-ups
b) Downloading apps from an unreliable source
c) Opening unknown attachments
d) Installing antivirus patches
View Answer
Answer: d
Explanation: Some of the largest possible ways your system can become contaminated with spyware
is when you accept fishy prompts and pop-ups, download apps from unreliable sources or opening
unknown attachments from mailing services.
14. As you sense your device has been infected with spyware, you should run a scan with your
existing security software/AV for making sure it has cleaned up all malicious contents.
a) True
b) False
View Answer
Answer: a
Explanation: As you sense your device has been infected with spyware, you should run a scan with
your existing security software/AV for making sure it has cleaned up all malicious contents. In this
manner, you can protect your system before the spyware takes away all your sensitive data.
15. Which of the following is not an anti-spyware tool?
a) MalwareBytes Anti-Malware tool
b) SpyBot Search and Destroy
c) Emsisoft Emergency Kit
d) MS Firewall Defender
View Answer
Answer: d
Explanation: MS Firewall Defender is not used for detecting & removing spyware. MalwareBytes
Anti-Malware tool, SpyBot Search and Destroy & Emsisoft Emergency Kit are some of the anti-
spyware tools.
16. If you’ve accidentally clicked any pop-up which seems malicious, it is recommended to take
steps to remove it and proactively change your ________ and delete browsing activities from web
browser.
a) passwords
b) email ID
c) name
d) address
View Answer
Answer: a
Explanation: If you’ve accidentally clicked any pop-up which seems malicious, it is recommended to
take steps to remove it and proactively change your passwords, and delete browsing activities from a
web browser.

Cyber Security Questions and Answers – Attack Vectors –

Reverse Engineering – 1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – Reverse Engineering – 1”.

1. ______________ can be defined as the duplication of another creator’s or developer’s product

trailing a thorough examination of its production or development.
a) Reverse hacking
b) Cracking
c) Social engineering
d) Reverse engineering
View Answer
Answer: d
Explanation: Reverse engineering can be defined as the duplication of another creator’s or
developer’s product trailing a thorough examination of its production or development. This process
involves how the system or the application works and what needs to be done in order to crack it.
2. _____________ can be made functional to diverse aspects of software development & hardware
improvement activities.
a) Reverse hacking
b) Cracking
c) Reverse engineering
d) Social engineering
View Answer
Answer: c
Explanation: Reverse engineering can be made functional to diverse aspects of software development
& hardware improvement activities. This practice absorbs how the system or the application works &
what concepts have to implement in order to crack or duplicate it.
3. RE is often defined as the crafting technique of ____________ who uses his skills to remove copy
protection or trial versions from software or media.
a) crackers
b) risk assessment team
c) auditors
d) surveillance monitoring team
View Answer
Answer: a
Explanation: Reverse Engineering is often defined as the crafting technique of crackers who uses his
skills to remove copy protection or trial versions from software or media. Reverse engineering can be
made functional to diverse aspects of software development & hardware improvement activities.
4. Which of the following activity is a good aspect of reverse engineering in ethical hacking?
a) Cracking the trial version of the product to make it full-version
b) Removing the product key insertion step
c) Jumping the code for premium facilities
d) Determining the vulnerabilities in the product.
View Answer
Answer: d
Explanation: Reverse engineering (RE) can be defined as the duplication of another creator’s or
developer’s product trailing a thorough examination of its production or development. Determining
the vulnerabilities in the product is one good aspect of RE.
5. Which of the following activity is a good aspect of reverse engineering in ethical hacking?
a) Cracking the trial version of the product to make it full-version
b) Removing the product key insertion step
c) Jumping the code for premium facilities
d) Determine whether the app contains any undocumented functionality
View Answer
Answer: d
Explanation: The duplication of another creation or developed product trailing thorough examination
of its production or development is termed as Reverse Engineering. Determine whether the app
contains any undocumented functionality is one good aspect of RE.
6. Which of the following is not a proper use of RE for ethical hackers?
a) Check for poorly designed protocols
b) Check for error conditions
c) Cracking for making paid apps free for use
d) Testing for boundary conditions
View Answer
Answer: c
Explanation: Cracking for making paid apps free for use is not an acceptable reverse engineering
work for ethical hackers. This process involves how the system or the application works internally
and how to change the logic to crack the system or app.
7. ________________ is the opposite of assembler.
a) Reassembler
b) Disassembler
c) Compiler
d) Interpreter
View Answer
Answer: b
Explanation: An assembler converts code written in assembly language to binary/machine code,
disassembler does the reverse for cracking purpose. The disassembler is the opposite of assembler.
8. ______________ comes under tools for reverse engineering (RE).
a) Reassembler
b) Compiler
c) Disassembler
d) Interpreter
View Answer
Answer: c
Explanation: Disassembler is the opposite of assembler. As assemblers are used to convert code
written in assembly language to binary/machine code, disassembler does the reverse for cracking
purpose & it comes under reverse engineering tool.
9. De-compilation is not done for _______________
a) Recovery of lost source code
b) Migration of assembly language
c) Determining the existence of malicious code in any app
d) Targeting users with stealing code
View Answer
Answer: d
Explanation: De-compilation is a technique of reverse engineering which is used for recovery of lost
source code, migration of assembly language or determining the existence of malicious code in any
app.
10. Which of the following is not a disassembler tool?
a) IDA Pro
b) PE Explorer
c) Turbo C
d) W32DASM
View Answer
Answer: c
Explanation: As assembler converts code written in assembly language to binary/machine code,
disassembler does the reverse for cracking purpose & it comes under reverse engineering tool. Turbo
C is not a disassembler tool.
11. There are ______ types of reverse engineering methodologies.
a) 6
b) 2
c) 5
d) 3
View Answer
Answer: b
Explanation: There are two types of reverse engineering methodologies. One is where the source-
code is obtainable, but the high-level aspects of the program are not. For the other type, the
software’s source code is not obtainable.
12. Which of the following is not an actual Reverse Engineering tool?
a) Debugger
b) Disassembler
c) Text Editor
d) Hex Editor
View Answer
Answer: c
Explanation: Reverse engineering is the art of finding out & duplication of another creator’s or
developer’s product by examination of any product or development methodologies. A text editor is
not a Reverse Engineering tool.
13. Hex editors permit programmers to inspect & alter binaries based on some software
requirements.
a) True
b) False
View Answer
Answer: a
Explanation: Hex editors are reverse engineering tools that permit programmers to inspect & alter
binaries based on some software requirements. They help in manipulating fundamental binary data in
an app.
14. PE & Resource Viewer permits programmers to inspect & alter resources which are entrenched
in the EXE file of any software.
a) PE & Resource Viewer
b) Debugger
c) Disassembler
d) Hex Editor
View Answer
Answer: a
Explanation: There are various categories of reverse engineering tools. PE & Resource Viewer
permits programmers to inspect & alter resources which are entrenched in the EXE file of any
software.
15. IDAPro is used as a _________________ in manual binary code analysis and also used a
debugger.
a) PE & Resource Viewer
b) Debugger
c) Disassembler
d) Hex Editor
View Answer
Answer: c
Explanation: Disassembler in Reverse Engineering used to slice up binary codes into assembly
codes. IDAPro is used as a disassembler in manual binary code analysis and also used as a debugger.

Cyber Security Questions and Answers – Attack Vectors –

Reverse Engineering – 2
« Prev
Next »
This set of Cyber Security Assessment Questions and Answers focuses on “Attack Vectors – Reverse
Engineering – 2”.

1. ________________ is a type of reverse engineering tool that is used to dissect binary codes into
assembly codes.
a) PE & Resource Viewer
b) Debugger
c) Disassembler
d) Hex Editor
View Answer
Answer: c
Explanation: Disassembler is a type of reverse engineering tool that is used to dissect binary codes
into assembly codes. They are also in use to extract functions, strings, libraries, and other parts of a
program.
2. Which of the following is not a function or use of disassembler?
a) Extracting functions & libraries
b) Extracting strings and values
c) Assemble medium-level codes
d) Dissect binary codes
View Answer
Answer: c
Explanation: Assembling of medium-level codes is not the use of disassembler. The disassembler is a
type of reverse engineering tool that is used to dissect binary codes into assembly codes.
3. Which of the following is not a feature of IDAPro?
a) Instant debugging
b) Connect local and remote systems easily
c) Explore in-depth binary data
d) Convert machine language to high-level code
View Answer
Answer: d
Explanation: IDAPro is used as a disassembler in manual binary code analysis and also used as
debugger which is used for instant debugging, connect local and remote systems easily and explore
in-depth binary data.
4. A _____________ takes executable file as input and tries to generate high level code.
a) Debugger
b) Decompiler
c) Disassembler
d) Hex Editor
View Answer
Answer: b
Explanation: A decompiler takes an executable file as input and tries to generate high-level code.
They can be said as opposite of compiler. It does not attempt to reverse the actions of the compiler;
rather it transforms the input program repeatedly until HLL code is achieved.
5. ________________ does not attempt to reverse the actions of compiler; rather it transforms the
input program repeatedly until HLL code is achieved.
a) Debugger
b) Hex Editor
c) Disassembler
d) Decompiler
View Answer
Answer: d
Explanation: Usually, decompiler is feed with executable files and it tries to produce high-level code.
They can be said as opposite of compiler. It does not attempt to reverse the actions of a compiler;
rather it transforms the input program repeatedly until HLL code is achieved.
6. _____________ will not recreate the original source file created by the compiler.
a) Debugger
b) Hex Editor
c) Decompiler
d) Disassembler
View Answer
Answer: c
Explanation: Decompilers does not attempt to reverse the actions of a compiler; rather it transforms
the input program repeatedly until HLL code is achieved. They will not recreate the original source
file created by the compiler.
7. Which of the following is not a decompiler tool?
a) DCC decompiler
b) Borol and C
c) Boomerang Decompiler
d) ExeToC
View Answer
Answer: b
Explanation: Decompilers are part of Reverse Engineering tools that try to generate high-level code.
Some common decompiler tools are DCC decompiler, Boomerang Decompiler, ExeToC, REC
(reverse engineering compiler) etc.
8. REC stands for ________________
a) Reverse Engineering Compiler
b) Reverse Engineering Computer
c) Return-to-Code Engineering Compiler
d) Reversing Engineered Compiler
View Answer
Answer: a
Explanation: Reverse Engineering Compiler (REC) is a decompiler tool that is part of Reverse
Engineering tools which takes an executable file as input and tries to generate high-level code.
9. _______________ is a universal interactive program environment for reverse engineering.
a) TurboC
b) Andromeda Decompiler
c) IDAPro
d) PE Explorer
View Answer
Answer: b
Explanation: Andromeda Decompiler is a universal interactive program environment for reverse
engineering. It is a popular interactive decompiler that tries to generate high-level code.
10. Which one is not an example of .Net application decompiler?
a) Salamander
b) Dis#
c) Decompiler.Net
d) MultiRipper
View Answer
Answer: d
Explanation: Decompilers are part of Reverse Engineering tools that take an executable file as input
and tries to generate high-level code. MultiRipper is a Delphi and C++ decompiler. Salamander,
Dis#, Anakrino & Decompiler.Net are .NET application decompilers.

Cyber Security Questions and Answers – Attack Vectors –

DNS Hacking and Security
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – DNS Hacking and Security”.

1. __________ is a naming system given to different computers which adapt to human-readable

domain names.
a) HTTP
b) DNS
c) WWW
d) ISP
View Answer
Answer: b
Explanation: DNS is a naming system given to different computers that adapt to human-readable
domain names. For example, Google.co.in has a computer-readable IP address which is 8.8.8.8 &
8.8.4.4 as the primary & secondary DNS addresses.
2. DNS stands for _____________
a) Data Name System
b) Domain Name Server
c) Domain Name System
d) Domain’s Naming System
View Answer
Answer: c
Explanation: Domain Name System can be compared to the phonebook of the WWW. Users’ access
information over the web through these human readable domain names. For example
www.google.co.in gas computer-readable IP address which is 8.8.8.8 & 8.8.4.4 as the primary &
secondary DNS addresses.
3. Some security issues might exist owing to misconfigured __________________ which can direct
to disclosure of information regarding the domain.
a) DNS names
b) HTTP setup
c) ISP setup
d) FTP-unsecured
View Answer
Answer: a
Explanation: Some security issues might exist owing to misconfigured DNS names which can direct
to disclosure of information regarding the domain. DNS adapts to human readable domain names.
4. ______________ is a form of nasty online attack in which a user gets redirects queries to a DNS
because of override of system’s TCP/IP settings.
a) DNS mal-functioning
b) DNS cracking
c) DNS redirecting
d) DNS hijacking
View Answer
Answer: d
Explanation: Misconfigured DNS names which can direct to disclosure of information regarding the
domain. DNS hijacking is a form of nasty online attack in which a user gets redirects queries to a
DNS because of override of system’s TCP/IP settings.
5. _____________ can be attained by the use of malware or by changing the server’s settings.
a) DNS poisoning
b) DNS cracking
c) DNS hijacking
d) DNS redirecting
View Answer
Answer: c
Explanation: DNS hijacking is a form of nasty online attack in which a user gets redirects queries to
a DNS because of override of system’s TCP/IP settings. It can be attained by the use of malware or
by changing the server’s settings.
6. There are _________ main types of DNS hijacking.
a) 4
b) 2
c) 3
d) 5
View Answer
Answer: b
Explanation: There are two main types of DNS hijacking. These are by infecting the computer with
malware or DNS trojans and the other type is hacking the target website and changes its DNS
address.
7. DNS trojans are used for performing a type of DNS hijacking.
a) True
b) False
View Answer
Answer: a
Explanation: DNS hijacking is a form of nasty online attack in which a user gets redirects queries to
a DNS because of override of system’s TCP/IP settings. There are two main types of DNS hijacking.
These are by infecting the computer with malware or DNS trojans.
8. The _______________ matches and maps to the user friendly domain name.
a) HTTP
b) DNS
c) WWW
d) ISP
View Answer
Answer: b
Explanation: The DNS matches for directing the user-friendly domain name (like google.co.in) to its
equivalent IP address. DNS servers are typically owned by any ISPs or other business organizations.
9. Which of the following is not an example of DNS hijacking?
a) ISP DNS hijacking
b) DNS hijacking for phishing
c) DNS hijacking for pharming
d) HTTP-based DNS hacking
View Answer
Answer: d
Explanation: DNS hijacking is a form of nasty online attack in which a user gets redirects queries to
a DNS because of override of system’s TCP/IP settings. ISP DNS hijacking, DNS hijacking for
phishing, DNS hijacking for pharming are some of the examples of DNS hijacking attack.
10. A ______________ is essentially a text file residing on the server that hosts different domain
containing entries for dissimilar resource records.
a) Zone file
b) Robot file
c) Bot file
d) DNS file
View Answer
Answer: a
Explanation: A Zone file is essentially a text file residing on the server that hosts different domain
containing entries for dissimilar resource records. It is used in DNS hijacking.
11. ______________ which is also termed as DNS spoofing, is a kind of attack which uses DNS
based vulnerabilities for diverting the traffic of the internet.
a) DNS poisoning
b) DNS re-routing
c) DNS cracking
d) Domain link poisoning
View Answer
Answer: a
Explanation: DNS cache poisoning which is also termed as DNS spoofing, is a kind of attack which
uses DNS based vulnerabilities for diverting the traffic of the internet away from genuine servers.
12. DNS poisoning is very dangerous because it can extend its reach from one ___________ to
another.
a) ISP server
b) DNS server
c) Linux server
d) Domain user
View Answer
Answer: b
Explanation: DNS poisoning which is also termed as DNS spoofing is a kind of attack which uses
DNS based vulnerabilities for diverting the traffic of the internet. DNS poisoning is very dangerous
because it can extend its reach from one DNS server to another.
13. A _________________ can be poisoned if it is having an erroneous entry where the invader gets
to organize the DNS server & change different kinds of information on it.
a) Server data
b) Domain name
c) DNS cache
d) System file
View Answer
Answer: c
Explanation: A DNS cache can be poisoned if it is having an erroneous entry where the invader gets
to organize the DNS server & change different kinds of information on it. DNS poisoning is very
dangerous because it can extend its reach from one DNS server to another.
14. The ____________ Domain Name Server data will get spread to the ISPs & will be cached there.
a) working
b) compromised
c) corrupted
d) poisoned
View Answer
Answer: d
Explanation: DNS cache poisoning is a kind of attack which uses DNS based vulnerabilities for
diverting the traffic of the internet. The poisoned Domain Name Server data will get spread to the
ISPs & will be cached there.
15. The user could be influenced by DNS hijacking if the government of that country uses DNS
redirecting as a mechanism to mask censorship.
a) True
b) False
View Answer
Answer: a
Explanation: A DNS cache can be poisoned if it is having an erroneous entry where the invader gets
to organize the DNS server & change different kinds of information on it. The user could be
influenced by DNS hijacking if the government of that country uses DNS redirecting as a mechanism
to mask censorship.
Cyber Security Questions and Answers – Attack Vectors –
Caches and Cookies
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – Caches and Cookies”.

1. Which of the following data is not appropriate here, if you delete cache, cookies, and browser
history?
a) Address bar predictions
b) Saved passwords
c) Browser plug-ins
d) Shopping cart content
View Answer
Answer: c
Explanation: Clearing the browser’s cookies, cache & history may eradicate data such as address bar
predictions, saved passwords and shopping cart contents. In this way, hackers won’t be able to take
your data through browser hacking or cookie stealing.
2. ____________ are tiny files which get downloaded to your system when you visit a website.
a) Cookies
b) Caches
c) Bots
d) Crawlers
View Answer
Answer: a
Explanation: Cookies are tiny files which get downloaded to your system when you visit a website.
They are a very important part of hacking and so clearing the browser’s cookies, cache & history
may eradicate data such as address bar predictions, saved passwords and shopping cart contents so
that hackers don’t steal them.
3. Browser ___________ are impermanent internet files which helps the browsers download web
images, data & documents for rapid performance & viewing in the future.
a) plug-ins
b) cache
c) ad-on
d) history
View Answer
Answer: b
Explanation: Browser caches are impermanent internet files that helps the browsers download web
images, data & documents for rapid performance & viewing in the future.
4. ___________ is just a group of data downloaded for helping in displaying a web page faster.
a) plug-ins
b) cache
c) ad-ons
d) history
View Answer
Answer: b
Explanation: A cache is just a group of data downloaded for helping in displaying a web page faster.
These files help the browsers download web images, data & documents for rapid performance &
viewing in the future.
5. Attackers could steal ___________ to achieve illegitimate accessing to online accounts & disturbs
the personal information.
a) plug-ins
b) cache
c) cookies
d) history
View Answer
Answer: c
Explanation: Attackers could steal cookies to achieve illegitimate accessing online accounts &
disturbs the personal information. Hence, clearing the browser’s cookies may eradicate data such as
saved passwords and IDs as well as shopping cart contents.
6. Which of the following is not an example of browsing data?
a) Forms and Search-bar data
b) Cache data
c) Downloading history
d) Start bar search data
View Answer
Answer: d
Explanation: Attackers may target data such as forms and Search-bar data, cache & cookies data,
browsing and download history records, active logins and site preferences to steal user’s sensitive
data.
7. There are cookies that are designed to track your browsing habits & aim ads to you.
a) True
b) False
View Answer
Answer: a
Explanation: Cookies are tiny files which get downloaded to your system when you visit a website.
There are cookies that are designed to track your browsing habits & aim ads that are relevant to the
user.
8. Keeping browsing habits & aiming specific ads to you is harmless but it might reduce your online
privacy.
a) True
b) False
View Answer
Answer: a
Explanation: There are cookies that are designed to track your browsing habits & aim ads that are
relevant to the user. Keeping browsing habits & aiming specific ads to users is harmless but it might
reduce your online privacy.
9. There are ____________ that are designed to track your browsing habits & aim ads that are
relevant to the user.
a) plug-ins
b) cache
c) cookies
d) history
View Answer
Answer: c
Explanation: Cookies are tiny files which get downloaded to your system when you visit a website.
There are cookies that are designed to track your browsing habits & aim ads that are relevant to the
user.

Cyber Security Questions and Answers – Attack Vectors –

Social Networking Security
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – Social Networking Security”.

1. Which of the following is the most viral section of the internet?

a) Chat Messenger
b) Social networking sites
c) Tutorial sites
d) Chat-rooms
View Answer
Answer: b
Explanation: Social networking sites are the most used sites and the most viral section of the internet.
So users must keep their accounts secure and safe from getting into wrong hands.
2. ____________ type of sites are known as friend-of-a-friend site.
a) Chat Messenger
b) Social networking sites
c) Tutorial sites
d) Chat-rooms
View Answer
Answer: b
Explanation: Social networking sites are the most used site which acts to connect people for social
interaction. So users must keep their accounts secure & safe from getting into wrong hands.
3. Which of the following is not an appropriate measure for securing social networking accounts?
a) Strong passwords
b) Link your account with a phone number
c) Never write your password anywhere
d) Always maintain a soft copy of all your passwords in your PC
View Answer
Answer: d
Explanation: ‘Always maintain a soft copy of all your passwords in your PC’ is not an appropriate
measure for securing your online accounts because, if your system got accessed by anyone or
anybody put spyware or screen-recording malware, then all your passwords will get revealed.
4. Which of them is a proper measure of securing social networking account?
a) Never keep your password with any relevant names
b) Keep written records of your passwords
c) Keep records of your password in audio format in your personal cell-phone
d) Passwords are kept smaller in size to remember
View Answer
Answer: a
Explanation: Never keep your password with any relevant names because there are different types of
hackers who either use password guessing techniques or some of them are hard-working and they do
social engineering and research on different data associated to the victim.
5. If hackers gain access to your social media accounts, they can do some illicit or shameless act to
degrade your reputation.
a) True
b) False
View Answer
Answer: a
Explanation: Yes, there are script-kiddies or young-hackers who start their hacking career by
cracking simple & weak passwords to enlighten their skills to others. These hackers may gain access
to your social media accounts & can do some illicit or shameless act on behalf of your name to
degrade your reputation.
6. ________________ is a popular tool to block social-media websites to track your browsing
activities.
a) Fader
b) Blur
c) Social-Media Blocker
d) Ad-blocker
View Answer
Answer: b
Explanation: Blur is a free browser extension and a popular tool used to block social-media websites
to track your browsing activities & prevent users from these surfing pattern stealers.
7. Try to keep your passwords without meaning so that _____________ attack becomes almost
impossible to perform successfully.
a) social engineering
b) phishing
c) password guessing
d) brute force
View Answer
Answer: c
Explanation: Try to keep your passwords without meaning so that password guessing attack becomes
almost impossible to perform successfully. This will reduce the potential to do both passwords
guessing as well as dictionary attacks.
8. Keeping the password by the name of your pet is a good choice.
a) True
b) False
View Answer
Answer: b
Explanation: Keeping the password by the name of your pet is not at all a good choice. Because they
do social engineering & research on different data associated with you as a victim and will perform
password guessing techniques.
9. Increase your security for social media account by always ____________ as you step away from
the system.
a) signing in
b) logging out
c) signing up
d) logging in
View Answer
Answer: b
Explanation: Increase your security for social media account by always logging out as you step away
from the system. This will reduce both remote hacking as well as physical hacking.
10. Clicking on enticing Ads can cause trouble.
a) True
b) False
View Answer
Answer: a
Explanation: Clicking on enticing Ads can cause trouble. Viruses & malware frequently find their
mode of entering onto the victim computer through these annoying & enticing ads.
11. Strangers cannot cause much trouble if we connect to them over social media.
a) True
b) False
View Answer
Answer: b
Explanation: Strangers can cause huge trouble if we connect to them or chat with them without
knowing exact details or whether the account is genuine or not. The stranger may send infected links
which you might click and will redirect you to infected sites.
12. Part of the social media sites are the various games & 3rd party applications which helps
______________ to get access to your data.
a) ethical hackers
b) penetration testers
c) security auditors
d) cyber-criminals
View Answer
Answer: d
Explanation: Part of the social media sites are the various games & 3rd party applications which help
cyber criminals to get access to your data. In this way, they can compromise your account or grab
your valuable & confidential data.
13. Many social media sites and services provide _______________ for legitimate account
verification.
a) Retina scanning
b) Fingerprint scanning
c) CAPTCHA
d) 2-step verification
View Answer
Answer: d
Explanation: With 2-Step Verification (which is also known as 2-factor authentication), users can
add an extra layer of security to your account. After login, it asks for your existing phone number to
send an OTP for layer-2 verification.
14. Scanning your system and destroying suspicious files can reduce risks of data compromise or
leakage of compromised data over social media.
a) True
b) False
View Answer
Answer: a
Explanation: Scanning your system and destroying suspicious files can reduce risks of data
compromise or leakage of compromised data over social media. There are different website caches
and bots that gets automatically downloaded to your system when you open different social-media
sites and they store your sensitive data related to your social media account.
15. Different social media services offer tips as of how to use their services and site, still maintaining
a high altitude of security.
a) True
b) False
View Answer
Answer: a
Explanation: Different social media services offer tips as of how to use their services and site, still
maintaining a high altitude of security. Every user must use those links to educate themselves and
learn various features towards social-media security.

Cyber Security Questions and Answers – Attack Vectors –

Spamming
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – Spamming”.

1. ______________ is populating the inbox of any target victim with unsolicited or junk emails.
a) Phishing
b) Spamming
c) Hooking
d) DoS
View Answer
Answer: b
Explanation: Spamming is populating the inbox of any target victim with unsolicited or junk emails.
These junk emails may contain malicious computer programs that may harm the recipient.
2. _________________ technique is also used in product advertisement.
a) Phishing
b) Cookies
c) e-Banners
d) Spamming
View Answer
Answer: c
Explanation: Spamming attack over-fills the mail box of the target victim with unwanted
spontaneous emails. The technique is also used in product advertisement through mass mailing.
3. Which of the following is not a technique used by spanners?
a) Spoofing the domain
b) Sending attached virus in spams
c) Junk tags associated with spam-emails
d) Making important deals through such emails
View Answer
Answer: d
Explanation: Spoofing the domain, sending attached virus & junk tags associated with spam-emails
are some of the techniques used by spammers. Spam is one of the popular attack techniques.
4. ___________ are used which crawl web pages looking for email Ids and copies them to the
database.
a) Caches
b) Cookies
c) Bots
d) Spiders
View Answer
Answer: d
Explanation: Spiders also known as crawlers are used which crawl different web pages looking for
email Ids and copies them to the database. These emails are collected together and used for the
purpose of spamming.
5. Which of the following is not a proper way of how spammers get the email Ids?
a) When a user registers to online services, blogs, and sites
b) Databases formed by spiders fetching email Ids from different sources
c) From offline form fill-up documents
d) Online ad-tracking tools
View Answer
Answer: c
Explanation: Spammers can get email IDs from sources such as data when a user registers to online
services, blogs, and sites, databases formed by spiders fetching email Ids from different sources,
online ad-tracking tools, email-ID extraction tools, spyware and cookies etc.
6. There are ___________ major ways of spamming.
a) 4
b) 2
c) 3
d) 5
View Answer
Answer: b
Explanation: There are two major ways of spamming. First, by Usenet spam, where a single message
is sent to more than 50 recipients or more Usenet newsgroup, which has become old form of attack.
The second one is by email-spam which target individual users and tools are used to send spams
directly to them.
7. There are _______ types of spamming.
a) 3
b) 4
c) 5
d) 6
View Answer
Answer: d
Explanation: Spam attack populates the mail-box of any victim with unwanted emails. There are 6
types of spamming attack. These are by hidden text and links, double-tags, cloaking, blog & wiki
spams, image spamming, and page-jacking.
8. Which of the following is not a type of spamming attack?
a) Page-jacking
b) Image spamming
c) Spear phishing
d) Blog & wiki spamming
View Answer
Answer: c
Explanation: Spear phishing is not an example of a spamming attack. Hidden text & links, double-
tags, cloaking, blog & wiki spams, image spamming, and page-jacking are types of spamming attack.
9. Which of the following is not a bulk emailing tool?
a) Fairlogic Worldcast
b) 123 Hidden sender
c) YL Mail Man
d) NetCut
View Answer
Answer: d
Explanation: Bulk emailing tools are used for sending spams and emails in an uncountable number to
flood the recipient’s inbox with junk emails. Fairlogic Worldcast, 123 Hidden sender, YL Mail Man,
Sendblaster are examples of bulk emailing tool.
10. Which of the following is not a bulk emailing tool?
a) Wireshark
b) Sendblaster
c) Direct Sender
d) Hotmailer
View Answer
Answer: a
Explanation: There are tools and applications used for sending spams and emails in a huge number
for flooding the recipient’s inbox with unwanted emails. Sendblaster, direct Sender, hotmailer are
examples of bulk emailing tool.
11. Which of the following is not an anti-spam technique?
a) Signature-based content filtering
b) DNS routing
c) Bayesian Content Filtering
d) Collaborative content filtering
View Answer
Answer: b
Explanation: Anti-spamming techniques help in reducing the spamming of unwanted messages and
emails. Signature-based content filtering, Bayesian Content Filtering, and collaborative content
filtering are examples of anti-spam technique.
12. Which of the following is not an anti-spam technique?
a) Reputation control
b) Sender policy framework
c) DNS-based block-list
d) Domain-based blocking
View Answer
Answer: d
Explanation: The techniques used in dropping the spamming of unwanted messages and emails.
Reputation control, sender policy framework, DNS-based block-list are some of the anti-spamming
techniques.
13. ___________ is a tool used as spam filter in association with email programs and automatically
intercepts spam emails.
a) Nessus
b) SpamExpert Desktop
c) Spam-Rescurer
d) Burp-Suite
View Answer
Answer: b
Explanation: SpamExpert Desktop is a tool used as a spam filter in association with email programs
and automatically intercepts spam emails. It is not keyword dependent for detecting spams; rather it
checks the email content.
14. Which of the following is not an anti-spamming tool or system?
a) Spam-Eater Pro
b) SpyTech Spam Agent
c) SpamExperts Desktop
d) Anti-spyware Tech
View Answer
Answer: d
Explanation: Some anti-spamming tools and systems that can be used for preventing your email from
spamming are Spam-Eater Pro, SpyTech Spam Agent, SpamExperts Desktop etc.

Cyber Security Questions and Answers – Attack Vectors –

Trojans and Backdoors – 1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack
Vectors – Trojans and Backdoors – 1”.
1. A ___________ is a small malicious program that runs hidden on infected system.
a) Virus
b) Trojan
c) Shareware
d) Adware
View Answer
Answer: b
Explanation: A Trojan is a small malicious program that runs hidden on the infected system. They
are created with the intent and they infected the system by misleading the user. It works in the
background and steals sensitive data.
2. ____________ works in background and steals sensitive data.
a) Virus
b) Shareware
c) Trojan
d) Adware
View Answer
Answer: c
Explanation: Trojans are malicious files designed to work hidden on the infected system. They are
intended to infect the system by misleading the user. It works in the background and steals sensitive
information about the target user.
3. By gaining access to the Trojaned system the attacker can stage different types of attack using that
____________ program running in the background.
a) Trojan
b) Virus
c) Antivirus
d) Anti-malware
View Answer
Answer: a
Explanation: By gaining access to the Trojaned system the attacker can stage different types of attack
using that Trojan program running in the background when the infected user’s system goes online.
4. Trojan creators do not look for _______________
a) Credit card information
b) Confidential data
c) Important documents
d) Securing systems with such programs
View Answer
Answer: d
Explanation: Trojan creators do not look for securing victim’s system with their programs, rather
they create such trojans for stealing credit card and financial details as well as important documents
and files.
5. Which of them is not a proper way of getting into the system?
a) IM
b) Attachments
c) Official product sites
d) Un-trusted sites, freeware and pirated software
View Answer
Answer: c
Explanation: Official product sites such as Microsoft’s site giving the option for downloading their
updates and OS won’t contain any Trojans. Other than that Trojans can access your system by email
attachments, Instant Messaging apps, un-trusted sites & links.
6. Which of the following port is not used by Trojans?
a) UDP
b) TCP
c) SMTP
d) MP
View Answer
Answer: d
Explanation: MP is not a valid port name and does not have any port number also. But usually,
Trojans likeBack Orifice, Deep Throat use UDP port; Trojans like Netbus, Master Paradise uses TCP
& SMTP port to gain access to a system.
7. Trojans do not do one of the following. What is that?
a) Deleting Data
b) Protecting Data
c) Modifying Data
d) Copying Data
View Answer
Answer: b
Explanation: Trojans perform malicious actions and operations. These are to modify data, copy data
to its creator, delete data from the infected system or blocking data by carrying ransomware or other
malicious programs along with it.
8. Some Trojans carry ransomware with them to encrypt the data and ask for ransom.
a) True
b) False
View Answer
Answer: a
Explanation: Trojans are usually created to carry out the following actions like: modify data, copy
data to its creator, delete data from the infected system or blocking data by carrying ransomware
embedded in it.
9. Once activated __________ can enable ____________to spy on the victim, steal their sensitive
information & gain backdoor access to the system.
a) virus, cyber-criminals
b) malware, penetration testers
c) trojans, cyber-criminals
d) virus, penetration testers
View Answer
Answer: c
Explanation: Once activated, trojans can enable cyber-criminals to spy on the victim, steal their
sensitive information & gain backdoor access to the system.
10. Trojans can not ______________
a) steal data
b) self-replicate
c) steal financial information
d) steal login credentials
View Answer
Answer: b
Explanation: A Trojan is a malicious program that runs hidden on the infected system. They are
developed with the intent and they infected the system by misleading the user. It works behind the
system and steals sensitive data but cannot self-replicate.
11. A _______________ provides malicious users remote control over the targeted computer.
a) DDoS-Trojan
b) Backdoor Trojan
c) Trojan-Banker
d) Trojan-Downloader
View Answer
Answer: b
Explanation: A Backdoor Trojan provides malicious users remote control over the targeted computer.
These trojans enable the author to perform anything they desire on the infected system which
includes sending, receiving, launching & deleting files.
12. _______________ programs are specially designed for stealing your account data for online
banking systems, e-payment services & credit/debit cards.
a) DDoS-Trojan
b) Backdoor Trojan
c) Trojan-Banker
d) Trojan-Downloader
View Answer
Answer: c
Explanation: Trojan-Banker is programs are specially designed for stealing your account data for
online banking systems, e-payment services & credit/debit cards. They work silently in the back of
the system process to steal such data.
13. ______________ perform automated DoS (Denial of Service) attacks on a targeted web address.
a) DDoS-Trojan
b) Backdoor Trojan
c) Trojan-Banker
d) Trojan-Downloader
View Answer
Answer: a
Explanation: DDoS Trojan performs automated DoS (Denial of Service) attacks on a targeted web
address. By sending multiple requests from your system, it can target different websites which can
lead to a Denial of Service attack.
14. Trojan-Downloader is a special type of trojans which can download & install new versions of
malicious programs.
a) True
b) False
View Answer
Answer: a
Explanation: Trojan-Downloader is another type of trojans that can download & install new versions
of malicious programs. They work secretly & keep on downloading other malicious programs when
the system is online.
15. ____________ work in background & keeps on downloading other malicious programs when the
system is online.
a) DDoS-Trojan
b) Backdoor Trojan
c) Trojan-Banker
d) Trojan-Downloader
View Answer
Answer: d
Explanation: Trojan-Downloader is a special type of trojans that work secretly & keep on
downloading other malicious programs when the system is online. They can also download & install
new versions of malicious programs.

Cyber Security Questions and Answers – Types of

Cryptography – 1
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Types of
Cryptography – 1”.

1. _________________ is the process or mechanism used for converting ordinary plain text into
garbled non-human readable text & vice-versa.
a) Malware Analysis
b) Exploit writing
c) Reverse engineering
d) Cryptography
View Answer
Answer: d
Explanation: Cryptography is the process or mechanism used for converting ordinary plain text into
garbled non-human readable text & vice-versa. It is a means of storing & transmitting information in
a specific format so that only those for whom it is planned can understand or process it.
2. ______________ is a means of storing & transmitting information in a specific format so that only
those for whom it is planned can understand or process it.
a) Malware Analysis
b) Cryptography
c) Reverse engineering
d) Exploit writing
View Answer
Answer: b
Explanation: Cryptography is a means of storing & transmitting information in a specific format so
that only those for whom it is planned can understand or process it where “kryptos” means secret,
“graphein” means to-write.
3. When plain text is converted to unreadable format, it is termed as _____________
a) rotten text
b) raw text
c) cipher-text
d) ciphen-text
View Answer
Answer: c
Explanation: Cryptography helps in securing information in a specific format so that only intended
users can understand or process it. When plain text is converted to the unreadable format, that type of
text is termed as cipher-text.
4. Cryptographic algorithms are based on mathematical algorithms where these algorithms use
___________ for a secure transformation of data.
a) secret key
b) external programs
c) add-ons
d) secondary key
View Answer
Answer: a
Explanation: When plain text is converted to unreadable format through some algorithms, that type
of text is termed as cipher text. Cryptographic algorithms are based on mathematical algorithms
where these algorithms use the secret key for a secure transformation of data.
5. Cryptography can be divided into ______ types.
a) 5
b) 4
c) 3
d) 2
View Answer
Answer: d
Explanation: Cryptography can be divided into two types. These are classic cryptography & modern
cryptography. Using these techniques, users can secure their information from illegitimate ones.
6. Data which is easily readable & understandable without any special algorithm or method is called
_________________
a) cipher-text
b) plain text
c) raw text
d) encrypted text
View Answer
Answer: b
Explanation: The means of storing or sending data in a specific format so that only intended users
can process it is called cryptography. Data which is easily readable & understandable without any
special algorithm or method is called plain text.
7. Plain text are also called _____________
a) cipher-text
b) raw text
c) clear-text
d) encrypted text
View Answer
Answer: c
Explanation: Data which is easily readable & understandable without any special algorithm or
method is called plain text or clear-text. This text is not secured and can be readable by anyone who
is not even a legitimate user.
8. There are ________ types of cryptographic techniques used in general.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: b
Explanation: There are three types of cryptographic techniques used in general. These are Symmetric
Key cryptography, public key cryptography, and Hash functions based cryptography.
9. Conventional cryptography is also known as _____________ or symmetric-key encryption.
a) secret-key
b) public key
c) protected key
d) primary key
View Answer
Answer: a
Explanation: The various cryptographic techniques are symmetric Key cryptography, public key
cryptography, and Hash functions based cryptography. Conventional cryptography is also known as
secret-key cryptography or symmetric-key encryption.
10. Data Encryption Standard is an example of a _____________ cryptosystem.
a) conventional
b) public key
c) hash key
d) asymmetric-key
View Answer
Answer: a
Explanation: Conventional cryptography is also known as secret-key cryptography or symmetric-key
encryption. Data Encryption Standard is an example of a conventional cryptosystem.
11. _______________ cryptography deals with traditional characters, i.e., letters & digits directly.
a) Modern
b) Classic
c) Asymmetric
d) Latest
View Answer
Answer: b
Explanation: Cryptography can be divided into two types. These are classic cryptography & modern
cryptography. Classic cryptography deals with traditional characters, i.e., letters & digits directly.
12. ____________ cryptography operates on binary-bit series and strings.
a) Modern
b) Classic
c) Traditional
d) Primitive
View Answer
Answer: a
Explanation: Cryptography can be divided into two types. These are classic cryptography & modern
cryptography. Modern cryptography operates on binary-bit series and strings.
13. __________ cryptography has always been focussing on the concept of ‘security through
obscurity’.
a) Modern
b) Asymmetric
c) Classic
d) Latest
View Answer
Answer: c
Explanation: Cryptography can be divided into two types. These are classic cryptography & modern
cryptography. Classic cryptography deals with traditional characters, i.e., letters & digits directly. It
is based on the concept of ‘security through obscurity’.
14. ________________ cryptography is based on publicly known mathematically designed
algorithms to encrypt the information.
a) Modern
b) Classic
c) Traditional
d) Primitive
View Answer
Answer: a
Explanation: There are 2 types of cryptography – classic cryptography & modern cryptography.
Modern cryptography operates on binary-bit series and strings. It is based on publicly known
mathematically designed algorithms to encrypt the information.

Cyber Security Questions and Answers – Types of

Cryptography – 2
« Prev
Next »
This set of Cyber Security Problems focuses on “Types of Cryptography – 2”.

1. _____________________ is the art & science of cracking the cipher-text without knowing the
key.
a) Cracking
b) Cryptanalysis
c) Cryptography
d) Crypto-hacking
View Answer
Answer: b
Explanation: Cryptanalysis is the art & science of cracking the cipher-text without knowing the key.
This technique is also implemented for designing new cryptographic algorithms or to test their
strengths.
2. The process of disguising plaintext in such a way that its substance gets hidden (into what is
known as cipher-text) is called _________________
a) cryptanalysis
b) decryption
c) reverse engineering
d) encryption
View Answer
Answer: d
Explanation: Cryptography is a means of storing & transmitting information in a specific format so
that only those for whom it is planned can understand or process it. The process of disguising
plaintext in such a way that its substance gets hidden (into what is known as cipher-text) is called
encryption.
3. The method of reverting the encrypted text which is known as cipher text to its original form i.e.
plain text is known as ________________
a) cryptanalysis
b) decryption
c) reverse engineering
d) encryption
View Answer
Answer: b
Explanation: Cryptography helps in securing a specific format so that only intended users can
understand or process it. The method of reversing the encrypted text which is known as cipher text to
its original form i.e. plain text is known as decryption.
4. Which of the following is not the primary objective of cryptography?
a) Confidentiality
b) Data Integrity
c) Data Redundancy
d) Authentication
View Answer
Answer: c
Explanation: The key intent of implementing cryptography is to offer the following 4 fundamental
information security features. These are Confidentiality, Data Integrity, Authentication and non-
repudiation.
5. Which of the following is not the primary objective of cryptography?
a) Confidentiality
b) Data Redundancy
c) Non-repudiation
d) Authentication
View Answer
Answer: b
Explanation: Cryptography offers 4 fundamental information security features. These are
Confidentiality, Data Integrity, Authentication and non-repudiation.
6. Cryptography offers a set of required security services. Which of the following is not among that 4
required security services?
a) Encryption
b) Message Authentication codes
c) Hash functions
d) Steganography
View Answer
Answer: d
Explanation: There are 4 desired & necessary security services are encryption, Message
Authentication Codes (MAC), digital signatures and hash functions. These help in securing the
transmission of data.
7. A cryptosystem is also termed as ______________
a) secure system
b) cipher system
c) cipher-text
d) secure algorithm
View Answer
Answer: b
Explanation: Cryptography is a means of storing & transmitting information in a specific format so
that only those for whom it is planned can understand or process it. Cryptosystem which is also
known as a cipher system is execution of cryptographic algorithms & techniques.
8. ______________ is the mathematical procedure or algorithm which produces a cipher-text for any
specified plaintext.
a) Encryption Algorithm
b) Decryption Algorithm
c) Hashing Algorithm
d) Tuning Algorithm
View Answer
Answer: a
Explanation: Encryption Algorithm is the mathematical procedure or algorithm which produces a
cipher-text for any specified plaintext. Inputs it takes are the plain text and the key.
9. _______________ takes the plain text and the key as input for creating cipher-text.
a) Decryption Algorithm
b) Hashing Algorithm
c) Tuning Algorithm
d) Encryption Algorithm
View Answer
Answer: a
Explanation: Encryption Algorithm is the mathematical procedure or algorithm which produces a
cipher-text for any specified plaintext. Inputs it takes are the plain text and the key.
10. ____________________ is a mathematical algorithm that produces a unique plain text for a
given cipher text along with a decryption key.
a) Decryption Algorithm
b) Hashing Algorithm
c) Tuning Algorithm
d) Encryption Algorithm
View Answer
Answer: a
Explanation: Decryption Algorithm is a mathematical algorithm that produces a unique plain text for
a given cipher text along with a decryption key. Inputs it takes are the cipher-text & the decryption
key.
11. A set of all probable decryption keys are collectively termed as ____________
a) key-stack
b) key bunch
c) key space
d) key pack
View Answer
Answer: c
Explanation: A set of all probable decryption keys are collectively termed as key space. A
mathematical algorithm which produces a unique plain text for a given cipher text along with a
decryption key is called a decryption algorithm.
12. Encryption-decryption in cryptosystem is done in ______ ways.
a) 4
b) 3
c) 5
d) 2
View Answer
Answer: d
Explanation: Cryptosystem which is also known as cipher system is the execution of cryptographic
algorithms & techniques. Encryption-decryption in a cryptosystem is done in two ways. These are by
Symmetric Key Encryption and by Asymmetric Key Encryption.
13. In _____________________ same keys are implemented for encrypting as well as decrypting the
information.
a) Symmetric Key Encryption
b) Asymmetric Key Encryption
c) Asymmetric Key Decryption
d) Hash-based Key Encryption
View Answer
Answer: a
Explanation: Encryption-decryption in a cryptosystem is done in two ways. These are by Symmetric
Key Encryption and by Asymmetric Key Encryption. In Symmetric Key Encryption, same keys are
implemented for encrypting as well as decrypting the information.
14. In __________________ 2 different keys are implemented for encrypting as well as decrypting
that particular information.
a) Symmetric Key Encryption
b) Asymmetric Key Encryption
c) Asymmetric Key Decryption
d) Hash-based Key Encryption
View Answer
Answer: b
Explanation: In Asymmetric Key Encryption 2 different keys are implemented for encrypting as well
as decrypting that particular information. Inputs it takes are the plain text and 2 different key.
15. A set of all probable decryption keys are collectively termed as key space.
a) True
b) False
View Answer
Answer: a
Explanation: Decryption Algorithm is a mathematical algorithm that produces a unique plain text for
a given cipher text along with a decryption key. A set of all probable decryption keys are collectively
termed as key space.

Cyber Security Questions and Answers – Cryptography –

Different Ciphers and their Security Strength
« Prev
Next »
This set of Cyber Security Puzzles focuses on “Cryptography – Different Ciphers and their Security
Strength”.

1. ____________ is a mono-alphabetic encryption code wherein each & every letter of plain-text is
replaced by another letter in creating the cipher-text.
a) Polyalphabetic Cipher
b) Caesar Cipher
c) Playfair Cipher
d) Monoalphabetic Cipher
View Answer
Answer: b
Explanation: Caesar Cipher is the simplest type of substitution cipher with a mono-alphabetic
encryption code wherein each letter of plain-text is replaced by another letter in creating the cipher-
text.
2. _____________ is the concept that tells us about the replacement of every alphabet by another
alphabet and the entire series gets ‘shifted’ by some fixed quantity.
a) Rolling Cipher
b) Shift Cipher
c) Playfair Cipher
d) Block Cipher
View Answer
Answer: b
Explanation: Shift Cipher is the concept that tells us about the replacement of every alphabet by
another alphabet and the entire series gets ‘shifted’ by some fixed quantity (which is the key)
between 0 and 25.
3. ________________ is a cipher formed out of substitution where for a given key-value the cipher
alphabet for every plain text remains fixed all through the encryption procedure.
a) Polyalphabetic Cipher
b) Caesar Cipher
c) Playfair Cipher
d) Monoalphabetic Cipher
View Answer
Answer: d
Explanation: Monoalphabetic cipher is a cipher formed out of substitution where for a given key-
value the cipher alphabet for every plain text remains fixed all through the encryption procedure.
4. In Playfair cipher, at first, a key table is produced. That key table is a 5 by 5 grid of alphabets
which operates as the key to encrypt the plaintext.
a) Rolling Cipher
b) Shift Cipher
c) Playfair Cipher
d) Block Cipher
View Answer
Answer: c
Explanation: In Playfair cipher, at first, a key table is produced. That key table is a 5 by 5 grid of
alphabets which operates as the key to encrypt the plaintext. All the twenty-five alphabets have to be
unique and letter J gets omitted.
5. ______________ employs a text string as a key that is implemented to do a series of shifts on the
plain-text.
a) Vigenere Cipher
b) Shift Cipher
c) Playfair Cipher
d) Block Cipher
View Answer
Answer: a
Explanation: Vigenere Cipher employs a text string as a key that is implemented to do a series of
shifts on the plain-text. Here the sender & the receiver settle on a single key.
6. The ________________ has piece of the keyword that has the same length as that of the plaintext.
a) Block Cipher
b) One-time pad
c) Hash functions
d) Vigenere Cipher
View Answer
Answer: b
Explanation: The one-time pad has a piece of the keyword that has the same length as that of the
plaintext. The keyword gets a randomly produced string of alphabets. For only once, its keyword is
used.
7. In _____________ a sequence of actions is carried out on this block after a block of plain-text bits
is chosen for generating a block of cipher-text bits.
a) Block Cipher
b) One-time pad
c) Hash functions
d) Vigenere Cipher
View Answer
Answer: a
Explanation: In block cipher, a sequence of actions is carried out on this block after a block of plain-
text bits is chosen for generating a block of cipher-text bits. Blocks in these have fixed number of
bits.
8. In _______________ the plain-text is processed 1-bit at a time & a series of actions is carried out
on it for generating one bit of cipher-text.
a) Block Cipher
b) One-time pad
c) Stream cipher
d) Vigenere Cipher
View Answer
Answer: c
Explanation: In stream ciphers, the plain-text is processed 1-bit at a time & a series of actions is
carried out on it for generating one bit of cipher-text.
9. The procedure to add bits to the last block is termed as _________________
a) decryption
b) hashing
c) tuning
d) padding
View Answer
Answer: d
Explanation: For a block cipher, a chain of actions is performed on this block after a block of plain-
text. In block ciphers procedure to add bits to the last block is termed as padding.
10. Which of the following is not an example of a block cipher?
a) DES
b) IDEA
c) Caesar cipher
d) Twofish
View Answer
Answer: c
Explanation: In a block cipher, a sequence of actions is carried out on this block after a block of
plain-text bits is chosen for generating a block of cipher-text bits. Examples of block ciphers are
DES, IDEA, Twofish etc.
11. Data Encryption Standard is implemented using the Feistel Cipher which employs 16 round of
Feistel structure.
a) DES
b) IDEA
c) Caesar cipher
d) Twofish
View Answer
Answer: a
Explanation: Data Encryption Standard is a block cipher which implements the Feistel Cipher which
employs 16 round of Feistel structure. The block size it uses is 64-bit.
12. DES stands for ________________
a) Data Encryption Security
b) Data Encrypted Standard
c) Device Encryption Standard
d) Data Encryption Standard
View Answer
Answer: d
Explanation: DES which is abbreviated as Data Encryption Standard falls under the category of a
block cipher that implements the Feistel Cipher which employs 16 round of Feistel structure.
13. ____________ carries out all its calculations on bytes rather than using bits and is at least 6-times
faster than 3-DES.
a) AES
b) DES
c) IDEA
d) Twofish
View Answer
Answer: a
Explanation: Advanced Encryption Standard is a comparatively innovative block cipher that carries
out all its calculations on bytes rather than using bits and is at least 6-times faster than 3-DES.
14. AES stands for ________________
a) Advanced Encryption Security
b) Advanced Encryption Standard
c) Advanced Encrypted Standard
d) Active Encryption Standard
View Answer
Answer: b
Explanation: AES is abbreviated as Advanced Encryption Standard which is a moderately innovative
block cipher which carries out all its calculations on bytes rather than using bits and is at least six
times faster than 3-DES.
15. AES is at least 6-times faster than 3-DES.
a) True
b) False
View Answer
Answer: a
Explanation: AES is a relatively innovative type of block cipher on bytes rather than using bits. It is
one of the most popular forms of a block cipher and helps in securing various applications and
systems.

Cyber Security Questions and Answers – Cryptography –

Steganography for Security
« Prev
Next »
This set of Basic Cyber Security Questions and Answers focuses on “Cryptography – Steganography
for Security”.

1. _____________ is another data hiding technique which can be used in conjunction with
cryptography for the extra-secure method of protecting data.
a) Cryptography
b) Steganography
c) Tomography
d) Chorography
View Answer
Answer: b
Explanation: Steganography is the technique of hiding data in another raw data. Steganography is
another data hiding technique which can be used in conjunction with cryptography for an extra-
secure method of protecting data.
2. _____________ is hiding of data within data, where we can hide images, text, and other messages
within images, videos, music or recording files.
a) Cryptography
b) Tomography
c) Steganography
d) Chorography
View Answer
Answer: c
Explanation: Steganography helps in hiding any form of data within data, where we can hide images,
text, and other messages within images, videos, music or recording files.
3. Steganography follows the concept of security through obscurity.
a) True
b) False
View Answer
Answer: a
Explanation: Hiding of data within another data through obscurity is called steganography. It is
another data hiding technique which can be used in conjunction with cryptography for an extra-
secure method of protecting data.
4. The word ________________is a combination of the Greek words ‘steganos’ which means
“covered or concealed”, and ‘graphein’ which means “writing”.
a) Cryptography
b) Tomography
c) Steganography
d) Chorography
View Answer
Answer: c
Explanation: The word steganography is a combination of the Greek words ‘steganos’ which means
“covered or concealed”, and ‘graphein’ which means “writing”. Steganography is hiding of data
within data, where we can hide images, text, and other messages within images, videos, music or
recording files.
5. A ________________ tool permits security professional or a hacker to embed hidden data within a
carrier file like an image or video which can later be extracted from them.
a) Cryptography
b) Tomography
c) Chorography
d) Steganography
View Answer
Answer: d
Explanation: A steganography tool is a software tool that permits a security professional or a hacker
to embed hidden data within a carrier file like an image or video which can later be extracted from
them.
6. Which of the following is not a steganography tool?
a) Xaio steganography
b) Image steganography
c) ReaperExploit
d) Steghide
View Answer
Answer: c
Explanation: ReaperExploit is not a steganography tool that permits security through obscurity. Xaio
steganography, image steganography, Steghide etc are examples of such tools.
7. Which of the following is not a steganography tool?
a) Crypture
b) SteganographX Plus
c) rSteg
d) Burp Suite
View Answer
Answer: d
Explanation: There are some software tools that helps hackers to embed hidden data within a which
can later be extracted from them. SSuite Picsel, rSteg, SteganographX Plus, and crypture are
examples of such tools.
8. The main motive for using steganography is that hackers or other users can hide a secret message
behind a ______________
a) special file
b) ordinary file
c) program file
d) encrypted file
View Answer
Answer: b
Explanation: The main motive for using steganography is that hackers or other users can hide a secret
message behind ordinary files. Some steganography tools are SSuite Picsel, rSteg etc.
9. People will normally think it as a normal/regular file and your secret message will pass on without
any _______________
a) suspicion
b) decryption
c) encryption
d) cracking
View Answer
Answer: a
Explanation: Steganography techniques help hackers or other users to conceal covert message behind
regular files. People will normally think it as a normal/regular file and your secret message will pass
on without any suspicion.
10. By using ______________ you can diminish the chance of data leakage.
a) Cryptography
b) Tomography
c) Chorography
d) Steganography
View Answer
Answer: d
Explanation: Hackers or other cyber criminals target ordinary files to hide different data or
information within another data file. By using steganography, you can diminish the chance of data
leakage.
Cyber Security Questions and Answers – Cyber Security
Privacy – Tor Services
« Prev
Next »
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Cyber
Security Privacy – Tor Services”.

1. _____________ makes it likely for its users to hide their physical locations & offering a variety of
services like web publishing or an IM maintaining privacy.
a) AnonyMode
b) In-private mode
c) Incognito mode
d) Tor
View Answer
Answer: d
Explanation: Tor makes it likely for its users to hide their physical locations & offering a variety of
services like web publishing or an IM maintaining privacy.
2. TOR stands for _______________
a) The Open Router
b) The Onion Reader
c) The Onion Router
d) Tactical Onion Router
View Answer
Answer: c
Explanation: Tor is abbreviated as The Onion Router, is an open-source program which allows
internet users to shield their privacy as well as security and data gathering techniques.
3. Tor services are also popularly known as _____________
a) onion services
b) garlic services
c) privacy policy service
d) anti-surveillance service
View Answer
Answer: a
Explanation: The Onion Router (TOR) is an open-source service that allows internet users to
preserve their privacy as well as security against different online surveillance.
4. Tor was originally designed for the _____________ for protecting government communications.
a) U.S. Navy
b) Indian Navy
c) US army
d) Chinese cyber army
View Answer
Answer: a
Explanation: Tor is an open-source service designed to preserve privacy as well as security against
different online. Tor was originally designed for the US Navy for protecting government
communications.
5. Tor is written in ______ language having roughly 146,000 LOC (lines of code).
a) C#
b) C++
c) C
d) Objective C
View Answer
Answer: c
Explanation: Tor was originally designed for the US Navy for secure communication which was
written in the popular C language having roughly 146,000 LOC (lines of code).
6. __________ contains a huge proxy DB which users can use to protect their online privacy and
preserve their identity online.
a) AnonyMode
b) In-private mode
c) Incognito mode
d) Tor
View Answer
Answer: d
Explanation: Tor was at first designed for secure communication and preserving US Navy’s data
privacy. It contains a huge proxy DB which users can use to protect their online privacy and preserve
their identity online.
7. The _________ is developed for negotiating a virtual tunnel throughout the network by encrypting
& arbitrarily bouncing all of its communications via relay networks.
a) AnonyMode
b) Tor
c) Incognito mode
d) In-private mode
View Answer
Answer: b
Explanation: The Tor is developed for negotiating a virtual tunnel throughout the network by
encrypting & arbitrarily bouncing all of its communications via relay networks.
8. Which of the following online services’ privacy cannot be protected using Tor?
a) Instant messaging
b) Browsing data
c) Relay chats
d) Login using ID
View Answer
Answer: d
Explanation: Login using ID will obviously take your ID in order to access your account and is not
the headache of Tor. Privacy regarding instant messaging, browsing data, relay chats are some of the
following online services protected by Tor.
9. Tor is usually used by the military, cyber-criminals, activists, journalists, law enforcement officers
etc.
a) True
b) False
View Answer
Answer: a
Explanation: Privacy regarding instant messaging, browsing data, relay chats are some of the
following online services protected by Tor hence it is used by the military, cyber-criminals, activists,
journalists, law enforcement officers etc.
10. ___________________ is employed by encrypting the application layer with a communication
protocol stack, nested in various layers of onion.
a) Privacy routing
b) Onion routing
c) Turbo routing
d) DHCP routing
View Answer
Answer: b
Explanation: Onion routing is employed by encrypting the application layer with a communication
protocol stack, nested in various layers of the onion. This service is used by the military, cyber-
criminals, activists, journalists, law enforcement officers etc

Cyber Security Questions and Answers – Cyber Security

Privacy – Anonymity & Pseudonymity
« Prev
Next »
This set of Cyber Security written test Questions & Answers focuses on “Cyber Security Privacy –
Anonymity & Pseudonymity”.

1. The term _____________ means taking care of a user’s name as well as the identity hidden or
veiled using a variety of applications.
a) pseudonymous
b) anonymous
c) eponymous
d) homonymous
View Answer
Answer: b
Explanation: The term anonymous means taking care of a user’s name as well as the identity is
hidden or veiled using a variety of applications. Some data are kept anonymous for maintaining
privacy or protecting them from cyber-crimes like personal identity theft.
2. Sometimes __________________ anonymize them to perform criminal activities.
a) virus
b) incident handlers
c) cyber-criminals
d) ethical hackers
View Answer
Answer: c
Explanation: Sometimes cyber-criminals anonymize their identity or network to perform criminal
activities so that it becomes difficult by forensic investigators or cyber cell to identify them.
3. An _______________ allows users for accessing the web while blocking the trackers or agents
that keep tracing the identity online.
a) intranet
b) extranet
c) complex network
d) anonymity network
View Answer
Answer: d
Explanation: An anonymity network allows users to access the web while blocking the trackers or
agents that keep tracking the identity online. Some data are kept anonymous for maintaining privacy
or protecting them from cyber-crimes like personal identity theft.
4. _________ services are examples of anonymity services that conceal the location and usage of any
user.
a) Tor
b) Encrypted router
c) Firewall
d) HTTPS
View Answer
Answer: a
Explanation: Tor services are examples of anonymity services that conceal the location and usage of
any user. An anonymity network allows users for accessing the web while blocking the trackers or
agents that keep tracing the identity online.
5. Another anonymity network is the I2P identity-sensitive network which gets distributed & is
dynamic in nature as they route traffic through other peers.
a) True
b) False
View Answer
Answer: a
Explanation: Another anonymity network is the I2P identity-sensitive network which gets distributed
& is dynamic in nature as they route traffic through other peers.
6. Which of the following is not an example of approaches for maintaining anonymity?
a) Use of VPNs
b) Use of Tor Browser
c) Use of Proxy servers
d) Use of Antivirus
View Answer
Answer: d
Explanation: An anonymity network allows users to block the trackers or agents which track the
identity online. Use of VPNs, Tor Browser, proxy servers are examples of approaches usually taken
by online users for maintaining anonymity.
7. Which of the following is not an example of approaches for maintaining anonymity?
a) Using encrypted search engines that don’t share your search data
b) Use firewalls
c) Fake email services
d) Use file shielders
View Answer
Answer: b
Explanation: Using encrypted search engines that don’t share your search data, fake email services,
file shielders are examples of approaches usually taken by online users for maintaining anonymity.
8. Big multinational companies are providing us with search engines to easily search for data for free.
But they are also taking our searched data and browsing habits as well as choices.
a) True
b) False
View Answer
Answer: a
Explanation: Big multinational companies are providing us with search engines to easily search for
data for free. But they are also taking our searched data and browsing habits as well as choices which
hamper our e-privacy.
9. Which of the following is not a VPN used for preserving our anonymity?
a) Nord VPN
b) Express VPN
c) Microsoft Security Essential
d) CyberGhost
View Answer
Answer: c
Explanation: An anonymity network allows users to access the web while blocking the trackers or
agents that keep tracing the identity online. Nord VPN, Express VPN, and CyberGhost are examples
of VPNs that can preserve your anonymity.
10. __________________ are those search engines that are intended and designed not to take our
searched data or browsing habits hence do not hampers our online privacy.
a) Paid search engines
b) Incognito mode
c) In-private mode
d) Private search engines
View Answer
Answer: d
Explanation: Private search engines are those search engines that are intended and designed not to
take our searched data or browsing habits hence do not hampers our online privacy and users can use
them for free.
11. Which of the following is a private search engine?
a) Bing
b) Google
c) Duckduckgo
d) Yahoo
View Answer
Answer: c
Explanation: There are different private search engines that are designed not to take our searched
data or browsing habits. Hence it does not hamper users’ online privacy and security. Duckduckgo is
an example of such SE.
12. Which of the following is not a private search engine?
a) StartPage
b) Baidu
c) SearX.me
d) Qwant
View Answer
Answer: b
Explanation: Baidu is not a private search engine. Private search engines are those search engines
that are intended and designed not to take our searched data or browsing habits hence do not hampers
our online privacy and users can use them for free.
13. Which of the below-mentioned search engine can provide you with anonymity while searching?
a) Privatelee
b) Baidu
c) Google
d) Bing
View Answer
Answer: a
Explanation: Privatelee is a private search engine that can provide users with anonymity. Private
search engines are those search engines that are intended and designed not to take our searched data
or browsing habits hence do not hampers our online privacy and users can use them for free.

Cyber Security Questions and Answers – Deep Web and

Darknet
« Prev
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Deep Web
and Darknet”.

1. The ____________ is anything which your search engine cannot search.

a) Haunted web
b) World Wide Web
c) Surface web
d) Deep Web
View Answer
Answer: d
Explanation: The Deep Web is anything which your search engine cannot search. Whereas, the
surface web is that part of the web which can be indexed by any popular search engine.
2. The ______________ is categorized as an unknown segment of the Deep Web which has been
purposely kept hidden & is inaccessible using standard web browsers.
a) Haunted web
b) World Wide Web
c) Dark web
d) Surface web
View Answer
Answer: c
Explanation: The Dark web is categorized as an unknown segment of the Deep Web which has been
purposely kept hidden & is inaccessible using standard web browsers.
3. ________________ is a network construct over the internet that is encrypted. It offers anonymity
to its users. Tor (The Onion Router) is a common service of Darknet.
a) Freenet
b) Darknet
c) ARPANET
d) Stuxnet
View Answer
Answer: b
Explanation: Darknet is a network construct over the internet that is encrypted. It offers anonymity to
its users. Tor (The Onion Router) is a common service of Darknet.
4. A special tool is necessary for entering the network which is _______________ that helps the
anonymous internet users to access into the Tor’s network and use various Tor services.
a) Opera browser
b) Mozilla browser
c) Chrome browser
d) Tor browser
View Answer
Answer: d
Explanation: Special tool is necessary for entering the network which is a Tor browser that helps the
anonymous internet users to access into the Tor’s network and use various Tor services.
5. ____________ is also a part of darknet that is employed for transferring files anonymously.
a) Freenet
b) Darknet
c) ARPANET
d) Stuxnet
View Answer
Answer: a
Explanation: A network construct over the internet that is encrypted and not always accessible is the
darknet. It offers anonymity to its users. Freenet is also a part of darknet that is employed for
transferring files anonymously.
6. One example of a popular website on ______________ is the silk-road that was used to sell drugs
that were later taken down by the FBI.
a) Freenet
b) Darknet
c) ARPANET
d) Stuxnet
View Answer
Answer: b
Explanation: Darknet offers anonymity to its users. It has a collection of websites with special
anonymous features. One example of a popular website on darknet is the silk-road that was used to
sell drug which was later taken down by the FBI.
7. Deep web is also known as ______________
a) Freenet
b) Darknet
c) ARPANET
d) Hidden web
View Answer
Answer: d
Explanation: Deep Web is also known as the hidden web. Whereas, the surface web is that part of the
web which can be indexed by any popular search engine. This invisible web is not indexed by
standard search engines.
8. The popular computer scientist _____________ has coined the term “deep web” in the year 2001.
a) Mr. Tim B. Lee
b) Mr. Narcos Maralli
c) Mr. Michael K. Bergman
d) Mr. Ken Thompson
View Answer
Answer: c
Explanation: The popular computer scientist Mr. Michael K. Bergman has coined the term “deep
web” in the year 2001. The Deep Web is anything which your search engine cannot search.
9. The popular computer scientist Mr. Michael K. Bergman has coined the term “deep web” in the
year ____________
a) 2000
b) 2001
c) 2002
d) 2003
View Answer
Answer: b
Explanation: The popular computer scientist Mr. Michael K. Bergman has coined the term “deep
web” in the year 2001. This invisible web uses the encrypted browser and search engines and so is
not indexed by standard search engine.
10. The __________ was a huge marketplace of Dark Web specifically famous for selling of illegal
drugs & narcotics as well as you can find a wide range of other goods for sale.
a) Silk Road
b) Cotton Road
c) Dark Road
d) Drug Road
View Answer
Answer: a
Explanation: The Silk Road was a huge marketplace of Dark Web specifically famous for selling of
illegal drugs & narcotics as well as you can find a wide range of other goods for sale.
11. Your online activity can still be tracked even if you use different Tor services, but not in much
detail.
a) True
b) False
View Answer
Answer: a
Explanation: The Tor browser helps the anonymous internet users to access into the Tor’s network &
use various Tor services. Though it preserves your anonymity your online activity can still be tracked
even if you use different Tor services, but not in much detail.
12. Tor (The Onion Router) is not a service or part of the darknet.
a) True
b) False
View Answer
Answer: b
Explanation: Tor (The Onion Router) is not a service or part of the darknet. A special tool is
necessary for entering the network which is a Tor browser that helps the anonymous internet users to
access into the Tor’s network and use various Tor services.