Security Questions and Answers
Security Questions and Answers
Security Technologies
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on
“Information Security Technologies”.
1. _______ is the practice and precautions taken to protect valuable information from
unauthorized access, recording, disclosure or destruction.
a) Network Security
b) Database Security
c) Information Security
d) Physical Security
View Answer
Answer: c
Explanation: Information Security (abbreviated as InfoSec) is a process or set of processes
used for protecting valuable information for alteration, destruction, deletion or disclosure by
unauthorized users.
2. From the options below, which of them is not a threat to information security?
a) Disaster
b) Eavesdropping
c) Information leakage
d) Unchanged default password
View Answer
Answer: d
Explanation: Disaster, eavesdropping and information leakage come under information
security threats whereas not changing the default password of any system, hardware or any
software comes under the category of vulnerabilities that the user may pose to its system.
3. From the options below, which of them is not a vulnerability to information security?
a) flood
b) without deleting data, disposal of storage media
c) unchanged default password
d) latest patches and updates not done
View Answer
Answer: a
Explanation: Flood comes under natural disaster which is a threat to any information and
not acts as a vulnerability to any system.
advertisement
4. _____ platforms are used for safety and protection of information in the cloud.
a) Cloud workload protection platforms
b) Cloud security protocols
c) AWS
d) One Drive
View Answer
Answer: a
Explanation: Nowadays data centres support workloads from different geographic locations
across the globe through physical systems, virtual machines, servers, and clouds. Their
security can be managed using Cloud workload protection platforms which manage policies
regarding security of information irrespective of its location.
5. Which of the following information security technology is used for avoiding browser-based
hacking?
a) Anti-malware in browsers
b) Remote browser access
c) Adware remover in browsers
d) Incognito mode in a browser
View Answer
Answer: b
Explanation: Cyber-criminals target browsers for breaching information security. If a user
establishes a remote browsing by isolating the browsing session of end user, cyber-
criminals will not be able to infect the system along with browser with malware, ultimately
reducing the attack surface area.
7. _______ technology is used for analyzing and monitoring traffic in network and
information flow.
a) Cloud access security brokers (CASBs)
b) Managed detection and response (MDR)
c) Network Security Firewall
d) Network traffic analysis (NTA)
View Answer
Answer: d
Explanation: Network traffic analysis (NTA) is an approach of information security for
supervising the traffic in any network, a flow of data over the network as well as malicious
threats that are trying to breach the network. This technological solution also helps in triage
the events detected by Network Traffic Analyzing tools.
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on
“Generic Steps for Security – 1”.
2. ____________ is the information gathering phase in ethical hacking from the target user.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Answer: a
Explanation: Reconnaissance is the phase where the ethical hacker tries to gather different
kinds of information about the target user or the victim’s system.
8. While looking for a single entry point where penetration testers can test the vulnerability,
they use ______ phase of ethical hacking.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Answer: b
Explanation: Scanning is done to look for entry points in a network or system in order to
launch an attack and check whether the system is penetrable or not.
11. Which of the following comes after scanning phase in ethical hacking?
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
View Answer
Answer: d
Explanation: Gaining access is the next step after scanning. Once the scanning tools are
used to look for flaws in a system, it is the next phase where the ethical hackers or
penetration testers have to technically gain access to a network or system.
12. In __________ phase the hacker exploits the network or system vulnerabilities.
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
View Answer
Answer: d
Explanation: Penetration testers after scanning the system or network tries to exploit the
flaw of the system or network in “gaining access” phase.
14. Which of the below-mentioned penetration testing tool is popularly used in gaining
access phase?
a) Maltego
b) NMAP
c) Metasploit
d) Nessus
View Answer
Answer: c
1. A _________ can gain access illegally to a system if the system is not properly tested in
scanning and gaining access phase.
a) security officer
b) malicious hacker
c) security auditor
d) network analyst
View Answer
Answer: b
Explanation: Malicious hackers can gain illegal access at OS level, application level or
network level if the penetration testers or ethical hackers lack in testing and reporting the
vulnerabilities in a system.
2. In which phase, the hackers install backdoors so that his/her ownership with the victim’s
system can be retained later?
a) Scanning
b) Gaining Access
c) Maintaining Access
d) Reporting
View Answer
Answer: c
Explanation: After gaining initial access to a system, the hacker needs to keep a path open
so that he/she in future can access the system. Therefore, backdoors are set which will later
allow the attacker to gain access through it easily.
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Social
Engineering and Physical Hacking”.
8. Physical hacking is not at all possible in hospitals, banks, private firms, and non-profit
organizations.
a) True
b) False
View Answer
Answer: b
Explanation: Physical hacking, like other types of hacking, is possible in any institutions,
organizations, clinics, private firms, banks or any other financial institutions. Hence, the
above statement is false.
9. Stealing pen drives and DVDs after tailgating is an example of lack of _______ security.
a) network security
b) physical security
c) database security
d) wireless security
View Answer
Answer: b
Explanation: When cyber-criminal gain access to an authorized area and steal pen drives
and DVDs which contain sensitive information about an employee or about the organization,
then it can be said that the physical security of the organization is weak.
10. ________ is the ability of an individual to gain physical access to an authorized area.
a) Network accessing
b) Database accessing
c) Remote accessing
d) Physical accessing
View Answer
Answer: d
Explanation: Physical accessing without prior security checking is the ability of a person to
gain access to any authorized area. Physical accessing is done using piggybacking or any
other suspicious means.
11. Which of the following is not considering the adequate measure for physical security?
a) Lock the drawers
b) Keep strong passwords for corporate laptops and mobile phones
c) Keep confidential organization’s document file open in the desk
d) Hide your hand against camera while inserting the PIN code
View Answer
Answer: c
Explanation: Keeping confidential files left open in the desk is not an adequate way of
maintaining physical security; as anyone can pick these up and perform physical hacking.
12. Which of the following is not a physical security measure to protect against physical
hacking?
a) Add front desk & restrict unknown access to the back room
b) Create a phishing policy
c) Analyze how employees maintain their physical data and data storage peripheral devices
d) Updating the patches in the software you’re working at your office laptop.
View Answer
Answer: d
Explanation: Updating the patches in your working software does not come under security
measures for physical hacking. Updating the patches will help your software get free from
bugs and flaws in an application as they get a fix when patches are updated.
13. IT security department must periodically check for security logs and entries made during
office hours.
a) True
b) False
View Answer
Answer: a
Explanation: Checking for security logs and entries made by employees and other outsiders
who entered the office can help in identifying whether any suspicious person is getting in
and out of the building or not.
15. Physical _________ is important to check & test for possible physical breaches.
a) penetration test
b) security check
c) hacking
d) access
View Answer
Answer: a
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on
“Firewalls – 1”.
2. _________________ is the kind of firewall is connected between the device and the
network connecting to internet.
a) Hardware Firewall
b) Software Firewall
c) Stateful Inspection Firewall
d) Microsoft Firewall
View Answer
Answer: a
Explanation: Hardware firewalls are those firewalls that need to be connected as additional
hardware between the device through which the internet is coming to the system and the
network used for connecting to the internet.
3. _________ is software that is installed using an internet connection or they come by-
default with operating systems.
a) Hardware Firewall
b) Software Firewall
c) Stateful Inspection Firewall
d) Microsoft Firewall
View Answer
Answer: b
Explanation: Software firewalls are those kinds of firewalls that are installed in the system
using internet connection as we install normal applications and update them. Some
operating system vendors provide default firewalls with their operating systems.
advertisement
4. Which of the following is not a software firewall?
a) Windows Firewall
b) Outpost Firewall Pro
c) Endian Firewall
d) Linksys Firewall
View Answer
Answer: d
Explanation: Windows Firewall, Outpost Firewall Pro and Endian Firewall are software
firewalls that are installed in the system. Linksys firewall is not an example of a software
firewall.
5. Firewall examines each ____________ that are entering or leaving the internal network.
a) emails users
b) updates
c) connections
d) data packets
View Answer
Answer: d
Explanation: Firewalls examines each data packets that are entering or leaving the internal
network which ultimately prevents unauthorized access.
9. In the ______________ layer of OSI model, packet filtering firewalls are implemented.
a) Application layer
b) Session layer
c) Presentation layer
d) Network layer
View Answer
10. The __________ defines the packet filtering firewall rules.
a) Access Control List
b) Protocols
c) Policies
d) Ports
View Answer
Answer: a
Explanation: The Access Control List is a table containing rules that instruct the firewall
system to provide the right access. It checks all the packets and scans them against the
defined rule set by Network administrator in the packet filtering firewall.
12. When a packet does not fulfil the ACL criteria, the packet is _________
a) resend
b) dropped
c) destroyed
d) acknowledged as received
View Answer
Answer: b
Explanation: In the packet filtering firewall, when the rules defined by the Access Control
List is not meet by any data packet, the packet is dropped & logs are updated in the firewall.
13. Network administrators can create their own ACL rules based on _______ ________
and _______
a) Address, Protocols and Packet attributes
b) Address, Protocols and security policies
c) Address, policies and Packet attributes
d) Network topology, Protocols and data packets
View Answer
Answer: a
Explanation: Network administrators can create their own ACL rules based on Address,
Protocols and Packet attributes. This is generally done where the specific customised type
of data packets need to pass through firewall screening.
Firewalls – 2
This set of Cyber Security Interview Questions and Answers for Experienced people
focuses on “Firewalls – 2”.
6. Application level gateway firewalls protect the network for specific _____________
a) application layer protocol
b) session layer protocol
c) botnet attacks
d) network layer protocol
View Answer
Answer: a
Explanation: Some specific application layer protocols need protection from attacks which is
done by the application level gateway firewall in the application layer of the OSI model.
7. Application level gateway firewalls are also used for configuring cache-servers.
a) True
b) False
View Answer
Answer: a
Explanation: As caching servers, the application level gateway firewalls are configured that
helps in increasing the network performance making it smooth for logging traffic.
1. _________________ is the process or mechanism used for converting ordinary plain text
into garbled non-human readable text & vice-versa.
a) Malware Analysis
b) Exploit writing
c) Reverse engineering
d) Cryptography
View Answer
Answer: d
Explanation: Cryptography is the process or mechanism used for converting ordinary plain
text into garbled non-human readable text & vice-versa. It is a means of storing &
transmitting information in a specific format so that only those for whom it is planned can
understand or process it.
6. Data which is easily readable & understandable without any special algorithm or method
is called _________________
a) cipher-text
b) plain text
c) raw text
d) encrypted text
View Answer
Answer: b
Explanation: The means of storing or sending data in a specific format so that only intended
users can process it is called cryptography. Data which is easily readable & understandable
without any special algorithm or method is called plain text.
11. _______________ cryptography deals with traditional characters, i.e., letters & digits
directly.
a) Modern
b) Classic
c) Asymmetric
d) Latest
View Answer
Answer: b
Explanation: Cryptography can be divided into two types. These are classic cryptography &
modern cryptography. Classic cryptography deals with traditional characters, i.e., letters &
digits directly.
13. __________ cryptography has always been focussing on the concept of ‘security
through obscurity’.
a) Modern
b) Asymmetric
c) Classic
d) Latest
View Answer
Answer: c
Explanation: Cryptography can be divided into two types. These are classic cryptography &
modern cryptography. Classic cryptography deals with traditional characters, i.e., letters &
digits directly. It is based on the concept of ‘security through obscurity’.
2. The process of disguising plaintext in such a way that its substance gets hidden (into
what is known as cipher-text) is called _________________
a) cryptanalysis
b) decryption
c) reverse engineering
d) encryption
View Answer
Answer: d
Explanation: Cryptography is a means of storing & transmitting information in a specific
format so that only those for whom it is planned can understand or process it. The process
of disguising plaintext in such a way that its substance gets hidden (into what is known as
cipher-text) is called encryption.
3. The method of reverting the encrypted text which is known as cipher text to its original
form i.e. plain text is known as ________________
a) cryptanalysis
b) decryption
c) reverse engineering
d) encryption
View Answer
Answer: b
Explanation: Cryptography helps in securing a specific format so that only intended users
can understand or process it. The method of reversing the encrypted text which is known as
cipher text to its original form i.e. plain text is known as decryption.
advertisement
4. Which of the following is not the primary objective of cryptography?
a) Confidentiality
b) Data Integrity
c) Data Redundancy
d) Authentication
View Answer
Answer: c
Explanation: The key intent of implementing cryptography is to offer the following 4
fundamental information security features. These are Confidentiality, Data Integrity,
Authentication and non-repudiation.
6. Cryptography offers a set of required security services. Which of the following is not
among that 4 required security services?
a) Encryption
b) Message Authentication codes
c) Hash functions
d) Steganography
View Answer
Answer: d
Explanation: There are 4 desired & necessary security services are encryption, Message
Authentication Codes (MAC), digital signatures and hash functions. These help in securing
the transmission of data.
9. _______________ takes the plain text and the key as input for creating cipher-text.
a) Decryption Algorithm
b) Hashing Algorithm
c) Tuning Algorithm
d) Encryption Algorithm
View Answer
Answer: d
Explanation: Encryption Algorithm is the mathematical procedure or algorithm which
produces a cipher-text for any specified plaintext. Inputs it takes are the plain text and the
key.
11. A set of all probable decryption keys are collectively termed as ____________
a) key-stack
b) key bunch
c) key space
d) key pack
View Answer
Answer: c
Explanation: A set of all probable decryption keys are collectively termed as key space. A
mathematical algorithm which produces a unique plain text for a given cipher text along with
a decryption key is called a decryption algorithm.
2. _____________ is the concept that tells us about the replacement of every alphabet by
another alphabet and the entire series gets ‘shifted’ by some fixed quantity.
a) Rolling Cipher
b) Shift Cipher
c) Playfair Cipher
d) Block Cipher
View Answer
Answer: b
Explanation: Shift Cipher is the concept that tells us about the replacement of every
alphabet by another alphabet and the entire series gets ‘shifted’ by some fixed quantity
(which is the key) between 0 and 25.
3. ________________ is a cipher formed out of substitution where for a given key-value the
cipher alphabet for every plain text remains fixed all through the encryption procedure.
a) Polyalphabetic Cipher
b) Caesar Cipher
c) Playfair Cipher
d) Monoalphabetic Cipher
View Answer
Answer: d
Explanation: Monoalphabetic cipher is a cipher formed out of substitution where for a given
key-value the cipher alphabet for every plain text remains fixed all through the encryption
procedure.
advertisement
4. In Playfair cipher, at first, a key table is produced. That key table is a 5 by 5 grid of
alphabets which operates as the key to encrypt the plaintext.
a) Rolling Cipher
b) Shift Cipher
c) Playfair Cipher
d) Block Cipher
View Answer
Answer: c
Explanation: In Playfair cipher, at first, a key table is produced. That key table is a 5 by 5
grid of alphabets which operates as the key to encrypt the plaintext. All the twenty-five
alphabets have to be unique and letter J gets omitted.
6. The ________________ has piece of the keyword that has the same length as that of the
plaintext.
a) Block Cipher
b) One-time pad
c) Hash functions
d) Vigenere Cipher
View Answer
Answer: b
Explanation: The one-time pad has a piece of the keyword that has the same length as that
of the plaintext. The keyword gets a randomly produced string of alphabets. For only once,
its keyword is used.
11. Data Encryption Standard is implemented using the Feistel Cipher which employs 16
round of Feistel structure.
a) DES
b) IDEA
c) Caesar cipher
d) Twofish
View Answer
Answer: a
Explanation: Data Encryption Standard is a block cipher which implements the Feistel
Cipher which employs 16 round of Feistel structure. The block size it uses is 64-bit.
13. ____________ carries out all its calculations on bytes rather than using bits and is at
least 6-times faster than 3-DES.
a) AES
b) DES
c) IDEA
d) Twofish
View Answer
Answer: a
Explanation: Advanced Encryption Standard is a comparatively innovative block cipher that
carries out all its calculations on bytes rather than using bits and is at least 6-times faster
than 3-DES.
This set of Basic Cyber Security Questions and Answers focuses on “Cryptography –
Steganography for Security”.
1. _____________ is another data hiding technique which can be used in conjunction with
cryptography for the extra-secure method of protecting data.
a) Cryptography
b) Steganography
c) Tomography
d) Chorography
View Answer
Answer: b
Explanation: Steganography is the technique of hiding data in another raw data.
Steganography is another data hiding technique which can be used in conjunction with
cryptography for an extra-secure method of protecting data.
2. _____________ is hiding of data within data, where we can hide images, text, and other
messages within images, videos, music or recording files.
a) Cryptography
b) Tomography
c) Steganography
d) Chorography
View Answer
Answer: c
Explanation: Steganography helps in hiding any form of data within data, where we can hide
images, text, and other messages within images, videos, music or recording files.
8. The main motive for using steganography is that hackers or other users can hide a secret
message behind a ______________
a) special file
b) ordinary file
c) program file
d) encrypted file
View Answer
Answer: b
Explanation: The main motive for using steganography is that hackers or other users can
hide a secret message behind ordinary files. Some steganography tools are SSuite Picsel,
rSteg etc.
9. People will normally think it as a normal/regular file and your secret message will pass on
without any _______________
a) suspicion
b) decryption
c) encryption
d) cracking
View Answer
Answer: a
Explanation: Steganography techniques help hackers or other users to conceal covert
message behind regular files. People will normally think it as a normal/regular file and your
secret message will pass on without any suspicion.
10. By using ______________ you can diminish the chance of data leakage.
a) Cryptography
b) Tomography
c) Chorography
d) Steganography
View Answer
Answer: d