Cyber Security Questions and Answers – Information

Security Technologies
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on
“Information Security Technologies”.

1. _______ is the practice and precautions taken to protect valuable information from
unauthorized access, recording, disclosure or destruction.
a) Network Security
b) Database Security
c) Information Security
d) Physical Security
View Answer
Answer: c
Explanation: Information Security (abbreviated as InfoSec) is a process or set of processes
used for protecting valuable information for alteration, destruction, deletion or disclosure by
unauthorized users.

2. From the options below, which of them is not a threat to information security?
a) Disaster
b) Eavesdropping
c) Information leakage
d) Unchanged default password
View Answer
Answer: d
Explanation: Disaster, eavesdropping and information leakage come under information
security threats whereas not changing the default password of any system, hardware or any
software comes under the category of vulnerabilities that the user may pose to its system.

3. From the options below, which of them is not a vulnerability to information security?
a) flood
b) without deleting data, disposal of storage media
c) unchanged default password
d) latest patches and updates not done
View Answer
Answer: a
Explanation: Flood comes under natural disaster which is a threat to any information and
not acts as a vulnerability to any system.
advertisement
4. _____ platforms are used for safety and protection of information in the cloud.
a) Cloud workload protection platforms
b) Cloud security protocols
c) AWS
d) One Drive
View Answer
Answer: a
Explanation: Nowadays data centres support workloads from different geographic locations
across the globe through physical systems, virtual machines, servers, and clouds. Their
security can be managed using Cloud workload protection platforms which manage policies
regarding security of information irrespective of its location.

5. Which of the following information security technology is used for avoiding browser-based
hacking?
a) Anti-malware in browsers
b) Remote browser access
c) Adware remover in browsers
d) Incognito mode in a browser
View Answer
Answer: b
Explanation: Cyber-criminals target browsers for breaching information security. If a user
establishes a remote browsing by isolating the browsing session of end user, cyber-
criminals will not be able to infect the system along with browser with malware, ultimately
reducing the attack surface area.

6. The full form of EDR is _______

a) Endpoint Detection and recovery
b) Early detection and response
c) Endpoint Detection and response
d) Endless Detection and Recovery
View Answer
Answer: c
Explanation: It is a collective name for tools that monitor networks & endpoints of systems
and record all the activities for further reporting, analysis & detection in a central database.
Analyzing the reports generated through such EDR tools, loopholes in a system or any
internal, as well as external breaching attempts can be detected.

7. _______ technology is used for analyzing and monitoring traffic in network and
information flow.
a) Cloud access security brokers (CASBs)
b) Managed detection and response (MDR)
c) Network Security Firewall
d) Network traffic analysis (NTA)
View Answer
Answer: d
Explanation: Network traffic analysis (NTA) is an approach of information security for
supervising the traffic in any network, a flow of data over the network as well as malicious
threats that are trying to breach the network. This technological solution also helps in triage
the events detected by Network Traffic Analyzing tools.

8. Compromising confidential information comes under _________

a) Bug
b) Threat
c) Vulnerability
d) Attack
View Answer
Answer: b
Explanation: Threats are anything that may cause damage or harm to a computer system,
individual or any information. Compromising of confidential information means extracting out
sensitive data from a system by illegal manner.

9. Lack of access control policy is a _____________

a) Bug
b) Threat
c) Vulnerability
d) Attack
View Answer
Answer: c
Explanation: Access control policies are incorporated to a security system for restricting of
unauthorized access to any logical or physical system. Every security compliance program
must need this as a fundamental component. Those systems which lack this feature is
vulnerable.
10. Possible threat to any information cannot be ________________
a) reduced
b) transferred
c) protected
d) ignored
View Answer
Answer: d

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on
“Generic Steps for Security – 1”.

1. How many basic processes or steps are there in ethical hacking?

a) 4
b) 5
c) 6
d) 7
View Answer
Answer: c
Explanation: According to the standard ethical hacking standards, the entire process of
hacking can be divided into 6 steps or phases. These are: Reconnaissance, Scanning,
Gaining Access, Maintaining Access, Tracks clearing, reporting.

2. ____________ is the information gathering phase in ethical hacking from the target user.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Answer: a
Explanation: Reconnaissance is the phase where the ethical hacker tries to gather different
kinds of information about the target user or the victim’s system.

3. Which of the following is not a reconnaissance tool or technique for information

gathering?
a) Hping
b) NMAP
c) Google Dorks
d) Nexpose
View Answer
Answer: d
Explanation: Hping, NMAP & Google Dorks are tools and techniques for reconnaissance.
Nexpose is a tool for scanning the network for vulnerabilities.
advertisement
4. There are ______ subtypes of reconnaissance.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: a
Explanation: Reconnaissance can be done in two different ways. 1st, Active Reconnaissance
which involves interacting with the target user or system directly in order to gain information;
2nd, Passive Reconnaissance, where information gathering from target user is done
indirectly without interacting with the target user or system.
5. Which of the following is an example of active reconnaissance?
a) Searching public records
b) Telephone calls as a help desk or fake customer care person
c) Looking for the target’s details in the database
d) Searching the target’s details in paper files
View Answer
Answer: b
Explanation: As active reconnaissance is all about interacting with target victim directly,
hence telephonic calls as a legitimate customer care person or help desk person, the
attacker can get more information about the target user.

Sanfoundry Certification Contest of the Month is Live. 100+ Subjects. Participate

Now!

6. Which of the following is an example of passive reconnaissance?

a) Telephonic calls to target victim
b) Attacker as a fake person for Help Desk support
c) Talk to the target user in person
d) Search about target records in online people database
View Answer
Answer: d
Explanation: Passive reconnaissance is all about acquiring of information about the target
indirectly, hence searching any information about the target on online people database is an
example of passive reconnaissance.

7. ________ phase in ethical hacking is known as the pre-attack phase.

a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Answer: b
Explanation: In the scanning phase, the hacker actively scans for the vulnerabilities or
specific information in the network which can be exploited.

8. While looking for a single entry point where penetration testers can test the vulnerability,
they use ______ phase of ethical hacking.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Answer: b
Explanation: Scanning is done to look for entry points in a network or system in order to
launch an attack and check whether the system is penetrable or not.

9. Which of them does not comes under scanning methodologies?

a) Vulnerability scanning
b) Sweeping
c) Port Scanning
d) Google Dorks
View Answer
Answer: d
Explanation: Google dork is used for reconnaissance, which uses special search queries for
narrowing down the search results. The rest three scanning methodologies are used for
scanning ports (logical), and network vulnerabilities.
10. Which of them is not a scanning tool?
a) NMAP
b) Nexpose
c) Maltego
d) Nessus
View Answer
Answer: c
Explanation: NMAP is used for both reconnaissance and scanning purposes. Nepose and
Nessus are fully scanning tool. Maltego is an example of a reconnaissance tool used for
acquiring information about target user.

11. Which of the following comes after scanning phase in ethical hacking?
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
View Answer
Answer: d
Explanation: Gaining access is the next step after scanning. Once the scanning tools are
used to look for flaws in a system, it is the next phase where the ethical hackers or
penetration testers have to technically gain access to a network or system.

12. In __________ phase the hacker exploits the network or system vulnerabilities.
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
View Answer
Answer: d
Explanation: Penetration testers after scanning the system or network tries to exploit the
flaw of the system or network in “gaining access” phase.

13. Which of the following is not done in gaining access phase?

a) Tunnelling
b) Buffer overflow
c) Session hijacking
d) Password cracking
View Answer
Answer: a
Explanation: Tunnelling is a method that is followed to cover tracks created by attackers
and erasing digital footprints. Buffer overflow, session hijacking and password cracking are
examples of gaining access to test the flaw in system or network.

14. Which of the below-mentioned penetration testing tool is popularly used in gaining
access phase?
a) Maltego
b) NMAP
c) Metasploit
d) Nessus
View Answer
Answer: c

1. A _________ can gain access illegally to a system if the system is not properly tested in
scanning and gaining access phase.
a) security officer
b) malicious hacker
c) security auditor
d) network analyst
View Answer
Answer: b
Explanation: Malicious hackers can gain illegal access at OS level, application level or
network level if the penetration testers or ethical hackers lack in testing and reporting the
vulnerabilities in a system.

2. In which phase, the hackers install backdoors so that his/her ownership with the victim’s
system can be retained later?
a) Scanning
b) Gaining Access
c) Maintaining Access
d) Reporting
View Answer
Answer: c
Explanation: After gaining initial access to a system, the hacker needs to keep a path open
so that he/she in future can access the system. Therefore, backdoors are set which will later
allow the attacker to gain access through it easily.

3. _______ is the tool used for this purpose.

a) Powersploit
b) Aircrack – ng
c) Snort
d) Nmap
View Answer
Answer: a
Explanation: The Powersploit is an access maintaining tool used for Windows systems. This
tool is used for gaining re-access to the victim’s system using PowerShell.
advertisement
4. Which of the following hacking tools and techniques hackers’ do not use for maintaining
access in a system?
a) Rootkits
b) Backdoors
c) Trojans
d) Wireshark
View Answer
Answer: d
Explanation: Wireshark is not a tool for maintaining access because it is used for analysing
network protocols at a microscopic level (very minutely). It is an interactive tool for data
traffic analysing on any computer.

5. In _______ phase, the hackers try to hide their footprints.

a) Scanning
b) Tracks clearing
c) Reconnaissance
d) Gaining access
View Answer
Answer: b
Explanation: Tracks clearing or covering tracks is the name of the phase where the hackers
delete logs of their existence & other activity records they do during the hacking process.
This step is actually an unethical one.

Sanfoundry Certification Contest of the Month is Live. 100+ Subjects. Participate

Now!
6. Which of them is not a track clearing technique?
a) Altering log files
b) Tunnelling
c) Port Scanning
d) Footprint removing
View Answer
Answer: c
Explanation: Port scanning is a method used in the scanning phase. Altering or changing
log files, tunnelling for hiding your identity and removing footprints from different sites are
examples of clearing tracks.

7. __________ is the last phase of ethical hacking process.

a) Scanning
b) Tracks clearing
c) Reconnaissance
d) Reporting
View Answer
Answer: d
Explanation: In the reporting phase, the penetration tester or ethical hacker has to assemble
all the flaws along with the tools and processes used for detecting then and report it to the
firm or organization.

8. Which of the following is not a footprint-scanning tool?

a) SuperScan
b) TcpView
c) Maltego
d) OWASP Zed
View Answer
Answer: c

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Social
Engineering and Physical Hacking”.

1. ___________ is a special form of attack using which hackers’ exploit – human

psychology.
a) Cross Site Scripting
b) Insecure network
c) Social Engineering
d) Reverse Engineering
View Answer
Answer: c
Explanation: Using social engineering techniques, hackers try to exploit the victim’s mind to
gain valuable information about that person such as his/her phone number, date of birth, pet
name etc.

2. Which of the following do not comes under Social Engineering?

a) Tailgating
b) Phishing
c) Pretexting
d) Spamming
View Answer
Answer: d
Explanation: Spamming is the attack technique where the same message is sent
indiscriminately repeatedly in order to overload the inbox or harm the user.
3. _________ involves scams where an individual (usually an attacker) lie to a person (the
target victim) to acquire privilege data.
a) Phishing
b) Pretexting
c) Spamming
d) Vishing
View Answer
Answer: b
Explanation: In the pretexting technique of social engineering, the attacker pretends in need
of legitimate information from the victim for confirming his/her identity.
advertisement
4. Which of the following is the technique used to look for information in trash or around
dustbin container?
a) Pretexting
b) Baiting
c) Quid Pro Quo
d) Dumpster diving
View Answer
Answer: d
Explanation: In the technology world, where information about a person seems everywhere;
dumpster diving is the name of the technique where the attacker looks for information in
dustbins and trashes. For example, after withdrawing money from ATM, the user usually
throw the receipt in which the total amount and account details are mentioned. These type
of information becomes helpful to a hacker, for which they use dumpster diving.

5. Which of the following is not an example of social engineering?

a) Dumpster diving
b) Shoulder surfing
c) Carding
d) Spear phishing
View Answer
Answer: c
Explanation: Carding is the method of trafficking of bank details, credit cards or other
financial information over the internet. Hence it’s a fraudulent technique used by hackers
and does not comes under social engineering.

Subscribe Now: Cyber Security Newsletter | Important Subjects Newsletters

6. In a phishing, attackers target the ________ technology to so social engineering.

a) Emails
b) WI-FI network
c) Operating systems
d) Surveillance camera
View Answer
Answer: a
Explanation: In a phishing attack, the attacker fraudulently attempts to obtain sensitive data
(such as username & passwords) of the target user and use emails to send fake links which
redirect them to a fake webpage which looks legitimate.

7. Tailgating is also termed as ___________

a) Piggybacking
b) Pretexting
c) Phishing
d) Baiting
View Answer
Answer: a
Explanation: Piggybacking is the technique used for social engineering, as the attacker or
unauthorized person/individual follows behind an authorized person/employee & gets into
an authorized area to observe the system, gain confidential data or for a fraudulent
purpose.

8. Physical hacking is not at all possible in hospitals, banks, private firms, and non-profit
organizations.
a) True
b) False
View Answer
Answer: b
Explanation: Physical hacking, like other types of hacking, is possible in any institutions,
organizations, clinics, private firms, banks or any other financial institutions. Hence, the
above statement is false.

9. Stealing pen drives and DVDs after tailgating is an example of lack of _______ security.
a) network security
b) physical security
c) database security
d) wireless security
View Answer
Answer: b
Explanation: When cyber-criminal gain access to an authorized area and steal pen drives
and DVDs which contain sensitive information about an employee or about the organization,
then it can be said that the physical security of the organization is weak.

10. ________ is the ability of an individual to gain physical access to an authorized area.
a) Network accessing
b) Database accessing
c) Remote accessing
d) Physical accessing
View Answer
Answer: d
Explanation: Physical accessing without prior security checking is the ability of a person to
gain access to any authorized area. Physical accessing is done using piggybacking or any
other suspicious means.

11. Which of the following is not considering the adequate measure for physical security?
a) Lock the drawers
b) Keep strong passwords for corporate laptops and mobile phones
c) Keep confidential organization’s document file open in the desk
d) Hide your hand against camera while inserting the PIN code
View Answer
Answer: c
Explanation: Keeping confidential files left open in the desk is not an adequate way of
maintaining physical security; as anyone can pick these up and perform physical hacking.

12. Which of the following is not a physical security measure to protect against physical
hacking?
a) Add front desk & restrict unknown access to the back room
b) Create a phishing policy
c) Analyze how employees maintain their physical data and data storage peripheral devices
d) Updating the patches in the software you’re working at your office laptop.
View Answer
Answer: d
Explanation: Updating the patches in your working software does not come under security
measures for physical hacking. Updating the patches will help your software get free from
bugs and flaws in an application as they get a fix when patches are updated.

13. IT security department must periodically check for security logs and entries made during
office hours.
a) True
b) False
View Answer
Answer: a
Explanation: Checking for security logs and entries made by employees and other outsiders
who entered the office can help in identifying whether any suspicious person is getting in
and out of the building or not.

14. Which of them is not an example of physical hacking?

a) Walk-in using piggybacking
b) Sneak-in
c) Break-in and steal
d) Phishing
View Answer
Answer: d
Explanation: Phishing does not come under physical security. Walk-in without proper
authorization, sneaking in through glass windows or other means and breaking in and
stealing sensitive documents are examples of physical hacking.

15. Physical _________ is important to check & test for possible physical breaches.
a) penetration test
b) security check
c) hacking
d) access
View Answer
Answer: a

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on
“Firewalls – 1”.

1. Firewalls can be of _______ kinds.

a) 1
b) 2
c) 3
d) 4
View Answer
Answer: c
Explanation: Firewalls are of three kinds – one is the hardware firewalls, another is software
firewalls and the other is a combination of both hardware and software.

2. _________________ is the kind of firewall is connected between the device and the
network connecting to internet.
a) Hardware Firewall
b) Software Firewall
c) Stateful Inspection Firewall
d) Microsoft Firewall
View Answer
Answer: a
Explanation: Hardware firewalls are those firewalls that need to be connected as additional
hardware between the device through which the internet is coming to the system and the
network used for connecting to the internet.
3. _________ is software that is installed using an internet connection or they come by-
default with operating systems.
a) Hardware Firewall
b) Software Firewall
c) Stateful Inspection Firewall
d) Microsoft Firewall
View Answer
Answer: b
Explanation: Software firewalls are those kinds of firewalls that are installed in the system
using internet connection as we install normal applications and update them. Some
operating system vendors provide default firewalls with their operating systems.
advertisement
4. Which of the following is not a software firewall?
a) Windows Firewall
b) Outpost Firewall Pro
c) Endian Firewall
d) Linksys Firewall
View Answer
Answer: d
Explanation: Windows Firewall, Outpost Firewall Pro and Endian Firewall are software
firewalls that are installed in the system. Linksys firewall is not an example of a software
firewall.

5. Firewall examines each ____________ that are entering or leaving the internal network.
a) emails users
b) updates
c) connections
d) data packets
View Answer
Answer: d
Explanation: Firewalls examines each data packets that are entering or leaving the internal
network which ultimately prevents unauthorized access.

Note: Join free Sanfoundry classes at Telegram or Youtube

6. A firewall protects which of the following attacks?

a) Phishing
b) Dumpster diving
c) Denial of Service (DoS)
d) Shoulder surfing
View Answer
Answer: c
Explanation: Firewalls are used to protect the computer network and restricts illicit traffic.
Denial of Service (DoS) attack is one such automated attack which a firewall with proper
settings and the updated version can resist and stop from getting executed.

7. There are ______ types of firewall.

a) 5
b) 4
c) 3
d) 2
View Answer
Answer: b
Explanation: There are four types of firewall based on their working and characteristics.
These are Packet Filtering Firewalls, Circuit Level Gateway Firewalls, Application level
Gateway Firewalls, and Stateful Multilayer Inspection Firewalls.
8. Packet filtering firewalls are deployed on ________
a) routers
b) switches
c) hubs
d) repeaters
View Answer
Answer: a
Explanation: Packet filtering firewalls are deployed on routers that help in connecting
internal network worldwide via the internet.

9. In the ______________ layer of OSI model, packet filtering firewalls are implemented.
a) Application layer
b) Session layer
c) Presentation layer
d) Network layer
View Answer
10. The __________ defines the packet filtering firewall rules.
a) Access Control List
b) Protocols
c) Policies
d) Ports
View Answer
Answer: a
Explanation: The Access Control List is a table containing rules that instruct the firewall
system to provide the right access. It checks all the packets and scans them against the
defined rule set by Network administrator in the packet filtering firewall.

11. ACL stands for _____________

a) Access Condition List
b) Anti-Control List
c) Access Control Logs
d) Access Control List
View Answer
Answer: d
Explanation: The Access Control List is a table containing to check all the packets and
scans them against the defined rule set by Network administrator in any particular system or
firewall.

12. When a packet does not fulfil the ACL criteria, the packet is _________
a) resend
b) dropped
c) destroyed
d) acknowledged as received
View Answer
Answer: b
Explanation: In the packet filtering firewall, when the rules defined by the Access Control
List is not meet by any data packet, the packet is dropped & logs are updated in the firewall.

13. Network administrators can create their own ACL rules based on _______ ________
and _______
a) Address, Protocols and Packet attributes
b) Address, Protocols and security policies
c) Address, policies and Packet attributes
d) Network topology, Protocols and data packets
View Answer
Answer: a
Explanation: Network administrators can create their own ACL rules based on Address,
Protocols and Packet attributes. This is generally done where the specific customised type
of data packets need to pass through firewall screening.

14. One advantage of Packet Filtering firewall is __________

a) more efficient
b) less complex
c) less costly
d) very fast
View Answer
Answer: c
Explanation: Packet filtering firewalls are more advantageous because they are less costly
and they use fewer resources and are used effectively in small networks.

15. Packet filtering firewalls work effectively in _________ networks.

a) very simple
b) smaller
c) large
d) very large complex
View Answer
Answer: b

Firewalls – 2
This set of Cyber Security Interview Questions and Answers for Experienced people
focuses on “Firewalls – 2”.

1. Packet filtering firewalls are vulnerable to __________

a) hardware vulnerabilities
b) MiTM
c) phishing
d) spoofing
View Answer
Answer: d
Explanation: One popular disadvantage of the packet filtering technique is that it cannot
support the complex models of rules and is spoofing attack-prone in some cases as well.

2. Circuit-level gateway firewalls are installed in _______ layer of OSI model.

a) Application layer
b) Session layer
c) Presentation layer
d) Network layer
View Answer
Answer: b
Explanation: In the session layer (which is the fifth layer) of the OSI model, circuit-level
gateway firewalls are deployed for monitoring TCP sessions for 3-way handshakes.

3. Which of these comes under the advantage of Circuit-level gateway firewalls?

a) They maintain anonymity and also inexpensive
b) They are light-weight
c) They’re expensive yet efficient
d) They preserve IP address privacy yet expensive
View Answer
Answer: a
Explanation: For a private network, or for organizations, circuit-level gateway firewalls
maintain anonymity. They’re also inexpensive as compared to other firewall types.
 advertisement
4. Which of the following is a disadvantage of Circuit-level gateway firewalls?
a) They’re expensive
b) They’re complex in architecture
c) They do not filter individual packets
d) They’re complex to setup
View Answer
Answer: c
Explanation: Circuit-level gateway firewalls don’t filter packets individually which gives the
attacker a chance to take access in the network.

5. _____________ gateway firewalls are deployed in application-layer of OSI model.

a) Packet Filtering Firewalls
b) Circuit Level Gateway Firewalls
c) Application-level Gateway Firewalls
d) Stateful Multilayer Inspection Firewalls
View Answer
Answer: c
Explanation: Application level Gateway Firewalls are deployed in the application-layer of
OSI model for protecting the network for different protocols of the application layer.

Sanfoundry Certification Contest of the Month is Live. 100+ Subjects. Participate

Now!

6. Application level gateway firewalls protect the network for specific _____________
a) application layer protocol
b) session layer protocol
c) botnet attacks
d) network layer protocol
View Answer
Answer: a
Explanation: Some specific application layer protocols need protection from attacks which is
done by the application level gateway firewall in the application layer of the OSI model.

7. Application level gateway firewalls are also used for configuring cache-servers.
a) True
b) False
View Answer
Answer: a
Explanation: As caching servers, the application level gateway firewalls are configured that
helps in increasing the network performance making it smooth for logging traffic.

8. ___________ firewalls are a combination of other three types of firewalls.

a) Packet Filtering
b) Circuit Level Gateway
c) Application-level Gateway
d) Stateful Multilayer Inspection
View Answer
Answer: d
Explanation: Stateful Multilayer Inspection firewalls are a combination of other three types of
firewalls. These combinations are Packet filtering, circuit level and application-level gateway
firewalls.

9. Stateful Multilayer Inspection firewall cannot perform which of the following?

a) Filter network layer packets
b) Check for legitimate session
c) Scans for illicit data packets at the presentation layer
d) Evaluate packets at application lager
View Answer
Answer: c
Explanation: Stateful Multilayer Inspection firewalls are designed to perform filtering packets
in the network layer, check for legitimate sessions in the session layer as well as evaluate
all packets at the application layer of OSI model. But it cannot scan for illicit data packets at
the presentation layer.

10. We can also implement ____________ in Stateful Multilayer Inspection firewall.

a) external programs
b) algorithms
c) policies
d) algorithms and external programs
View Answer
11. One advantage of Stateful Multilayer Inspection firewall is __________
a) costlier but easy to understand
b) large to manage
c) complex internal architecture
d) large to manage but efficient
View Answer
Answer: c
Explanation: Stateful Multilayer Inspection firewalls are complex internally due to multiple
characteristics of different firewalls incorporated together which makes it powerful and more
secure.

12. Packet filtering firewalls are also called ____________

a) first generation firewalls
b) second generation firewalls
c) third generation firewalls
d) fourth generation firewalls
View Answer
Answer: a
Explanation: Packet filtering firewalls are also called the first generation firewalls. It came
into the picture around the 1980s. Packet filtering technique cannot support the complex
models of rules and is spoofing attack-prone in some cases as well.

13. Stateful Multilayer firewalls are also called ____________

a) first generation firewalls
b) second generation firewalls
c) third generation firewalls
d) fourth generation firewalls
View Answer
Answer: b
Explanation: Stateful multilayer firewalls are also called second generation firewalls. They
came into the picture in around 1989-1990. Due to multiple characteristics of different
firewalls in Multilayer Inspection firewalls, it makes such type of firewalls powerful and more
secure.

14. Application layer firewalls are also called ____________

a) first generation firewalls
b) second generation firewalls
c) third generation firewalls
d) fourth generation firewalls
View Answer
Answer: c
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Types
of Cryptography – 1”.

1. _________________ is the process or mechanism used for converting ordinary plain text
into garbled non-human readable text & vice-versa.
a) Malware Analysis
b) Exploit writing
c) Reverse engineering
d) Cryptography
View Answer
Answer: d
Explanation: Cryptography is the process or mechanism used for converting ordinary plain
text into garbled non-human readable text & vice-versa. It is a means of storing &
transmitting information in a specific format so that only those for whom it is planned can
understand or process it.

2. ______________ is a means of storing & transmitting information in a specific format so

that only those for whom it is planned can understand or process it.
a) Malware Analysis
b) Cryptography
c) Reverse engineering
d) Exploit writing
View Answer
Answer: b
Explanation: Cryptography is a means of storing & transmitting information in a specific
format so that only those for whom it is planned can understand or process it where
“kryptos” means secret, “graphein” means to-write.

3. When plain text is converted to unreadable format, it is termed as _____________

a) rotten text
b) raw text
c) cipher-text
d) ciphen-text
View Answer
Answer: c
Explanation: Cryptography helps in securing information in a specific format so that only
intended users can understand or process it. When plain text is converted to the unreadable
format, that type of text is termed as cipher-text.
advertisement
4. Cryptographic algorithms are based on mathematical algorithms where these algorithms
use ___________ for a secure transformation of data.
a) secret key
b) external programs
c) add-ons
d) secondary key
View Answer
Answer: a
Explanation: When plain text is converted to unreadable format through some algorithms,
that type of text is termed as cipher text. Cryptographic algorithms are based on
mathematical algorithms where these algorithms use the secret key for a secure
transformation of data.

5. Cryptography can be divided into ______ types.

a) 5
b) 4
c) 3
d) 2
View Answer
Answer: d
Explanation: Cryptography can be divided into two types. These are classic cryptography &
modern cryptography. Using these techniques, users can secure their information from
illegitimate ones.

Sanfoundry Certification Contest of the Month is Live. 100+ Subjects. Participate

Now!

6. Data which is easily readable & understandable without any special algorithm or method
is called _________________
a) cipher-text
b) plain text
c) raw text
d) encrypted text
View Answer
Answer: b
Explanation: The means of storing or sending data in a specific format so that only intended
users can process it is called cryptography. Data which is easily readable & understandable
without any special algorithm or method is called plain text.

7. Plain text are also called _____________

a) cipher-text
b) raw text
c) clear-text
d) encrypted text
View Answer
Answer: c
Explanation: Data which is easily readable & understandable without any special algorithm
or method is called plain text or clear-text. This text is not secured and can be readable by
anyone who is not even a legitimate user.

8. There are ________ types of cryptographic techniques used in general.

a) 2
b) 3
c) 4
d) 5
View Answer
Answer: b
Explanation: There are three types of cryptographic techniques used in general. These are
Symmetric Key cryptography, public key cryptography, and Hash functions based
cryptography.

9. Conventional cryptography is also known as _____________ or symmetric-key

encryption.
a) secret-key
b) public key
c) protected key
d) primary key
View Answer
Answer: a
Explanation: The various cryptographic techniques are symmetric Key cryptography, public
key cryptography, and Hash functions based cryptography. Conventional cryptography is
also known as secret-key cryptography or symmetric-key encryption.
10. Data Encryption Standard is an example of a _____________ cryptosystem.
a) conventional
b) public key
c) hash key
d) asymmetric-key
View Answer
Answer: a
Explanation: Conventional cryptography is also known as secret-key cryptography or
symmetric-key encryption. Data Encryption Standard is an example of a conventional
cryptosystem.

11. _______________ cryptography deals with traditional characters, i.e., letters & digits
directly.
a) Modern
b) Classic
c) Asymmetric
d) Latest
View Answer
Answer: b
Explanation: Cryptography can be divided into two types. These are classic cryptography &
modern cryptography. Classic cryptography deals with traditional characters, i.e., letters &
digits directly.

12. ____________ cryptography operates on binary-bit series and strings.

a) Modern
b) Classic
c) Traditional
d) Primitive
View Answer
Answer: a
Explanation: Cryptography can be divided into two types. These are classic cryptography &
modern cryptography. Modern cryptography operates on binary-bit series and strings.

13. __________ cryptography has always been focussing on the concept of ‘security
through obscurity’.
a) Modern
b) Asymmetric
c) Classic
d) Latest
View Answer
Answer: c
Explanation: Cryptography can be divided into two types. These are classic cryptography &
modern cryptography. Classic cryptography deals with traditional characters, i.e., letters &
digits directly. It is based on the concept of ‘security through obscurity’.

14. ________________ cryptography is based on publicly known mathematically designed

algorithms to encrypt the information.
a) Modern
b) Classic
c) Traditional
d) Primitive
View Answer
Answer: a

This set of Cyber Security Problems focuses on “Types of Cryptography – 2”.

1. _____________________ is the art & science of cracking the cipher-text without knowing
the key.
a) Cracking
b) Cryptanalysis
c) Cryptography
d) Crypto-hacking
View Answer
Answer: b
Explanation: Cryptanalysis is the art & science of cracking the cipher-text without knowing
the key. This technique is also implemented for designing new cryptographic algorithms or
to test their strengths.

2. The process of disguising plaintext in such a way that its substance gets hidden (into
what is known as cipher-text) is called _________________
a) cryptanalysis
b) decryption
c) reverse engineering
d) encryption
View Answer
Answer: d
Explanation: Cryptography is a means of storing & transmitting information in a specific
format so that only those for whom it is planned can understand or process it. The process
of disguising plaintext in such a way that its substance gets hidden (into what is known as
cipher-text) is called encryption.

3. The method of reverting the encrypted text which is known as cipher text to its original
form i.e. plain text is known as ________________
a) cryptanalysis
b) decryption
c) reverse engineering
d) encryption
View Answer
Answer: b
Explanation: Cryptography helps in securing a specific format so that only intended users
can understand or process it. The method of reversing the encrypted text which is known as
cipher text to its original form i.e. plain text is known as decryption.
advertisement
4. Which of the following is not the primary objective of cryptography?
a) Confidentiality
b) Data Integrity
c) Data Redundancy
d) Authentication
View Answer
Answer: c
Explanation: The key intent of implementing cryptography is to offer the following 4
fundamental information security features. These are Confidentiality, Data Integrity,
Authentication and non-repudiation.

5. Which of the following is not the primary objective of cryptography?

a) Confidentiality
b) Data Redundancy
c) Non-repudiation
d) Authentication
View Answer
Answer: b
Explanation: Cryptography offers 4 fundamental information security features. These are
Confidentiality, Data Integrity, Authentication and non-repudiation.

Sanfoundry Certification Contest of the Month is Live. 100+ Subjects. Participate

Now!

6. Cryptography offers a set of required security services. Which of the following is not
among that 4 required security services?
a) Encryption
b) Message Authentication codes
c) Hash functions
d) Steganography
View Answer
Answer: d
Explanation: There are 4 desired & necessary security services are encryption, Message
Authentication Codes (MAC), digital signatures and hash functions. These help in securing
the transmission of data.

7. A cryptosystem is also termed as ______________

a) secure system
b) cipher system
c) cipher-text
d) secure algorithm
View Answer
Answer: b
Explanation: Cryptography is a means of storing & transmitting information in a specific
format so that only those for whom it is planned can understand or process it. Cryptosystem
which is also known as a cipher system is execution of cryptographic algorithms &
techniques.

8. ______________ is the mathematical procedure or algorithm which produces a cipher-

text for any specified plaintext.
a) Encryption Algorithm
b) Decryption Algorithm
c) Hashing Algorithm
d) Tuning Algorithm
View Answer
Answer: a
Explanation: Encryption Algorithm is the mathematical procedure or algorithm which
produces a cipher-text for any specified plaintext. Inputs it takes are the plain text and the
key.

9. _______________ takes the plain text and the key as input for creating cipher-text.
a) Decryption Algorithm
b) Hashing Algorithm
c) Tuning Algorithm
d) Encryption Algorithm
View Answer
Answer: d
Explanation: Encryption Algorithm is the mathematical procedure or algorithm which
produces a cipher-text for any specified plaintext. Inputs it takes are the plain text and the
key.

10. ____________________ is a mathematical algorithm that produces a unique plain text

for a given cipher text along with a decryption key.
a) Decryption Algorithm
b) Hashing Algorithm
c) Tuning Algorithm
d) Encryption Algorithm
View Answer
Answer: a
Explanation: Decryption Algorithm is a mathematical algorithm that produces a unique plain
text for a given cipher text along with a decryption key. Inputs it takes are the cipher-text &
the decryption key.

11. A set of all probable decryption keys are collectively termed as ____________
a) key-stack
b) key bunch
c) key space
d) key pack
View Answer
Answer: c
Explanation: A set of all probable decryption keys are collectively termed as key space. A
mathematical algorithm which produces a unique plain text for a given cipher text along with
a decryption key is called a decryption algorithm.

12. Encryption-decryption in cryptosystem is done in ______ ways.

a) 4
b) 3
c) 5
d) 2
View Answer
Answer: d
Explanation: Cryptosystem which is also known as cipher system is the execution of
cryptographic algorithms & techniques. Encryption-decryption in a cryptosystem is done in
two ways. These are by Symmetric Key Encryption and by Asymmetric Key Encryption.

13. In _____________________ same keys are implemented for encrypting as well as

decrypting the information.
a) Symmetric Key Encryption
b) Asymmetric Key Encryption
c) Asymmetric Key Decryption
d) Hash-based Key Encryption
View Answer
Answer: a
Explanation: Encryption-decryption in a cryptosystem is done in two ways. These are by
Symmetric Key Encryption and by Asymmetric Key Encryption. In Symmetric Key
Encryption, same keys are implemented for encrypting as well as decrypting the
information.

14. In __________________ 2 different keys are implemented for encrypting as well as

decrypting that particular information.
a) Symmetric Key Encryption
b) Asymmetric Key Encryption
c) Asymmetric Key Decryption
d) Hash-based Key Encryption
View Answer
Answer: b
Explanation: In Asymmetric Key Encryption 2 different keys are implemented for encrypting
as well as decrypting that particular information. Inputs it takes are the plain text and 2
different key.
15. A set of all probable decryption keys are collectively termed as key space.
a) True
b) False
View Answer
Answer: a

Cryptography – Different Ciphers and their Security

Strength
This set of Cyber Security Puzzles focuses on “Cryptography – Different Ciphers and their
Security Strength”.

1. ____________ is a mono-alphabetic encryption code wherein each & every letter of

plain-text is replaced by another letter in creating the cipher-text.
a) Polyalphabetic Cipher
b) Caesar Cipher
c) Playfair Cipher
d) Monoalphabetic Cipher
View Answer
Answer: b
Explanation: Caesar Cipher is the simplest type of substitution cipher with a mono-
alphabetic encryption code wherein each letter of plain-text is replaced by another letter in
creating the cipher-text.

2. _____________ is the concept that tells us about the replacement of every alphabet by
another alphabet and the entire series gets ‘shifted’ by some fixed quantity.
a) Rolling Cipher
b) Shift Cipher
c) Playfair Cipher
d) Block Cipher
View Answer
Answer: b
Explanation: Shift Cipher is the concept that tells us about the replacement of every
alphabet by another alphabet and the entire series gets ‘shifted’ by some fixed quantity
(which is the key) between 0 and 25.

3. ________________ is a cipher formed out of substitution where for a given key-value the
cipher alphabet for every plain text remains fixed all through the encryption procedure.
a) Polyalphabetic Cipher
b) Caesar Cipher
c) Playfair Cipher
d) Monoalphabetic Cipher
View Answer
Answer: d
Explanation: Monoalphabetic cipher is a cipher formed out of substitution where for a given
key-value the cipher alphabet for every plain text remains fixed all through the encryption
procedure.
advertisement
4. In Playfair cipher, at first, a key table is produced. That key table is a 5 by 5 grid of
alphabets which operates as the key to encrypt the plaintext.
a) Rolling Cipher
b) Shift Cipher
c) Playfair Cipher
d) Block Cipher
View Answer
Answer: c
Explanation: In Playfair cipher, at first, a key table is produced. That key table is a 5 by 5
grid of alphabets which operates as the key to encrypt the plaintext. All the twenty-five
alphabets have to be unique and letter J gets omitted.

5. ______________ employs a text string as a key that is implemented to do a series of

shifts on the plain-text.
a) Vigenere Cipher
b) Shift Cipher
c) Playfair Cipher
d) Block Cipher
View Answer
Answer: a
Explanation: Vigenere Cipher employs a text string as a key that is implemented to do a
series of shifts on the plain-text. Here the sender & the receiver settle on a single key.

Subscribe Now: Cyber Security Newsletter | Important Subjects Newsletters

6. The ________________ has piece of the keyword that has the same length as that of the
plaintext.
a) Block Cipher
b) One-time pad
c) Hash functions
d) Vigenere Cipher
View Answer
Answer: b
Explanation: The one-time pad has a piece of the keyword that has the same length as that
of the plaintext. The keyword gets a randomly produced string of alphabets. For only once,
its keyword is used.

7. In _____________ a sequence of actions is carried out on this block after a block of

plain-text bits is chosen for generating a block of cipher-text bits.
a) Block Cipher
b) One-time pad
c) Hash functions
d) Vigenere Cipher
View Answer
Answer: a
Explanation: In block cipher, a sequence of actions is carried out on this block after a block
of plain-text bits is chosen for generating a block of cipher-text bits. Blocks in these have
fixed number of bits.

8. In _______________ the plain-text is processed 1-bit at a time & a series of actions is

carried out on it for generating one bit of cipher-text.
a) Block Cipher
b) One-time pad
c) Stream cipher
d) Vigenere Cipher
View Answer
Answer: c
Explanation: In stream ciphers, the plain-text is processed 1-bit at a time & a series of
actions is carried out on it for generating one bit of cipher-text.

9. The procedure to add bits to the last block is termed as _________________

a) decryption
b) hashing
c) tuning
d) padding
View Answer
Answer: d
Explanation: For a block cipher, a chain of actions is performed on this block after a block of
plain-text. In block ciphers procedure to add bits to the last block is termed as padding.

10. Which of the following is not an example of a block cipher?

a) DES
b) IDEA
c) Caesar cipher
d) Twofish
View Answer
Answer: c
Explanation: In a block cipher, a sequence of actions is carried out on this block after a
block of plain-text bits is chosen for generating a block of cipher-text bits. Examples of block
ciphers are DES, IDEA, Twofish etc.

11. Data Encryption Standard is implemented using the Feistel Cipher which employs 16
round of Feistel structure.
a) DES
b) IDEA
c) Caesar cipher
d) Twofish
View Answer
Answer: a
Explanation: Data Encryption Standard is a block cipher which implements the Feistel
Cipher which employs 16 round of Feistel structure. The block size it uses is 64-bit.

12. DES stands for ________________

a) Data Encryption Security
b) Data Encrypted Standard
c) Device Encryption Standard
d) Data Encryption Standard
View Answer
Answer: d
Explanation: DES which is abbreviated as Data Encryption Standard falls under the
category of a block cipher that implements the Feistel Cipher which employs 16 round of
Feistel structure.

13. ____________ carries out all its calculations on bytes rather than using bits and is at
least 6-times faster than 3-DES.
a) AES
b) DES
c) IDEA
d) Twofish
View Answer
Answer: a
Explanation: Advanced Encryption Standard is a comparatively innovative block cipher that
carries out all its calculations on bytes rather than using bits and is at least 6-times faster
than 3-DES.

14. AES stands for ________________

a) Advanced Encryption Security
b) Advanced Encryption Standard
c) Advanced Encrypted Standard
d) Active Encryption Standard
View Answer
Answer: b
Explanation: AES is abbreviated as Advanced Encryption Standard which is a moderately
innovative block cipher which carries out all its calculations on bytes rather than using bits
and is at least six times faster than 3-DES.

15. AES is at least 6-times faster than 3-DES.

a) True
b) False
View Answer
Answer: a

This set of Basic Cyber Security Questions and Answers focuses on “Cryptography –
Steganography for Security”.

1. _____________ is another data hiding technique which can be used in conjunction with
cryptography for the extra-secure method of protecting data.
a) Cryptography
b) Steganography
c) Tomography
d) Chorography
View Answer
Answer: b
Explanation: Steganography is the technique of hiding data in another raw data.
Steganography is another data hiding technique which can be used in conjunction with
cryptography for an extra-secure method of protecting data.

2. _____________ is hiding of data within data, where we can hide images, text, and other
messages within images, videos, music or recording files.
a) Cryptography
b) Tomography
c) Steganography
d) Chorography
View Answer
Answer: c
Explanation: Steganography helps in hiding any form of data within data, where we can hide
images, text, and other messages within images, videos, music or recording files.

3. Steganography follows the concept of security through obscurity.

a) True
b) False
View Answer
Answer: a
Explanation: Hiding of data within another data through obscurity is called steganography. It
is another data hiding technique which can be used in conjunction with cryptography for an
extra-secure method of protecting data.
advertisement
4. The word ________________is a combination of the Greek words ‘steganos’ which
means “covered or concealed”, and ‘graphein’ which means “writing”.
a) Cryptography
b) Tomography
c) Steganography
d) Chorography
View Answer
Answer: c
Explanation: The word steganography is a combination of the Greek words ‘steganos’ which
means “covered or concealed”, and ‘graphein’ which means “writing”. Steganography is
hiding of data within data, where we can hide images, text, and other messages within
images, videos, music or recording files.

5. A ________________ tool permits security professional or a hacker to embed hidden

data within a carrier file like an image or video which can later be extracted from them.
a) Cryptography
b) Tomography
c) Chorography
d) Steganography
View Answer
Answer: d
Explanation: A steganography tool is a software tool that permits a security professional or
a hacker to embed hidden data within a carrier file like an image or video which can later be
extracted from them.

Note: Join free Sanfoundry classes at Telegram or Youtube

6. Which of the following is not a steganography tool?

a) Xaio steganography
b) Image steganography
c) ReaperExploit
d) Steghide
View Answer
Answer: c
Explanation: ReaperExploit is not a steganography tool that permits security through
obscurity. Xaio steganography, image steganography, Steghide etc are examples of such
tools.

7. Which of the following is not a steganography tool?

a) Crypture
b) SteganographX Plus
c) rSteg
d) Burp Suite
View Answer
Answer: d
Explanation: There are some software tools that helps hackers to embed hidden data within
a which can later be extracted from them. SSuite Picsel, rSteg, SteganographX Plus, and
crypture are examples of such tools.

8. The main motive for using steganography is that hackers or other users can hide a secret
message behind a ______________
a) special file
b) ordinary file
c) program file
d) encrypted file
View Answer
Answer: b
Explanation: The main motive for using steganography is that hackers or other users can
hide a secret message behind ordinary files. Some steganography tools are SSuite Picsel,
rSteg etc.

9. People will normally think it as a normal/regular file and your secret message will pass on
without any _______________
a) suspicion
b) decryption
c) encryption
d) cracking
View Answer
Answer: a
Explanation: Steganography techniques help hackers or other users to conceal covert
message behind regular files. People will normally think it as a normal/regular file and your
secret message will pass on without any suspicion.

10. By using ______________ you can diminish the chance of data leakage.
a) Cryptography
b) Tomography
c) Chorography
d) Steganography
View Answer
Answer: d