Intruder mcq

1. What are the different ways to intrude?

a) Buffer overflows
b) Unexpected combinations and unhandled input
c) Race conditions
d) All of the mentioned
Ans =d

2. What are the major components of the intrusion detection system?

a) Analysis Engine
b) Event provider
c) Alert Database
d) All of the mentioned
Ans= d

3. What are the different ways to classify an IDS?

a) anomaly detection
b) signature based misuse
c) stack based
d) all of the mentioned
Ans=d

4. What are the different ways to classify an IDS?

a) Zone based
b) Host & Network based
c) Network & Zone based
d) Level based
Ans=b

5. What are the characteristics of anomaly based IDS?

a) It models the normal usage of network as a noise characterization
b) It doesn’t detect novel attacks
c) Anything distinct from the noise is not assumed to be intrusion activity
d) It detects based on signature
Ans=a

6. What is the major drawback of anomaly detection IDS?

a) These are very slow at detection
b) It generates many false alarms
c) It doesn’t detect novel attacks
d) None of the mentioned
Ans=b
7. What are the characteristics of signature based IDS?
a) Most are based on simple pattern matching algorithms
b) It is programmed to interpret a certain series of packets
c) It models the normal usage of network as a noise characterization
d) Anything distinct from the noise is assumed to be intrusion activity
Ans=a

8. What are the drawbacks of signature based IDS?

a) They are unable to detect novel attacks
b) They suffer from false alarms
c) They have to be programmed again for every new pattern to be detected
d) All of the mentioned
Ans=d

9. What are the characteristics of Host based IDS?

a) The host operating system logs in the audit information
b) Logs includes logins,file opens and program executions
c) Logs are analysed to detect tails of intrusion
d) All of the mentioned
Ans=d

10. What are the drawbacks of the host based IDS?

a) Unselective logging of messages may increase the audit burdens
b) Selective logging runs the risk of missed attacks
c) They are very fast to detect
d) They have to be programmed for new patterns
Ans=a

11. What are the strengths of the host based IDS?

a) Attack verification
b) System specific activity
c) No additional hardware required
d) All of the mentioned
Ans=d

12. What are characteristics of stack based IDS?

a) They are integrated closely with the TCP/IP stack and watch packets
b) The host operating system logs in the audit information
c) It is programmed to interpret a certain series of packets
d) It models the normal usage of network as a noise characterization
Ans=a

13. What are characteristics of Network based IDS?

a) They look for attack signatures in network traffic
b) Filter decides which traffic will not be discarded or passed
c) It is programmed to interpret a certain series of packet
d) It models the normal usage of network as a noise characterization
Ans=a

14. What are strengths of Network based IDS?

a) Cost of ownership reduced
b) Malicious intent detection
c) Real time detection and response
d) All of the mentioned
Ans=d

15. What is the term for unauthorized access to a computer system or network?
a) Sniffing
b) Encryption
c) Intrusion
d) Authentication
Ans=c

16. An intruder who breaks into a system for personal gain or malicious purposes is
called a:
a) Script kiddie
b) Black hat hacker
c) White hat hacker
d) Grey hat hacker
Ans=b

17. Intrusion detection systems (IDS) primarily focus on:

a) Blocking unauthorized access
b) Detecting suspicious activity
c) Encrypting data
d) Providing remote access
Ans=b

18. A common technique used by intruders to exploit software vulnerabilities is:

a) Denial-of-Service (DoS) attack
b) Buffer overflow
c) Man-in-the-middle attack
d) Social engineering
Ans=b

19. Which of the following is NOT a type of intrusion detection system (IDS)?
a) Network-based IDS (NIDS)
b) Host-based IDS (HIDS)
c) Behavior-based IDS
d) Signature-based IDS
Ans=c

20. A social engineering attack relies on:

a) Exploiting software vulnerabilities
b) Tricking users into revealing sensitive information
c) Directly attacking network devices
d) Denying access to legitimate users
Ans=b

21. A firewall is a security device that:

a) Encrypts all network traffic
b) Monitors and controls incoming and outgoing traffic
c) Detects and removes malware
d) Provides secure remote access
Ans=b

22. Strong passwords are essential for network security because they:
a) Automatically update software
b) Are easy to remember
c) Make brute-force attacks more difficult
d) Encrypt all data on the network
Ans=c

23. Regular security audits and vulnerability assessments help to:

a) Slow down network performance
b) Identify weaknesses in a network's security
c) Train employees on phishing attacks
d) Block all unauthorized traffic
Ans=b

24. Which of the following is a preventative security measure?

a) Intrusion detection
b) Vulnerability scanning
c) Incident response
d) Packet filtering
Ans=b

25. What is the process of regaining control of a system after a security breach?
a) Vulnerability assessment
b) Incident response
c) Penetration testing
d) Security patching
Ans=b

Virus mcq

Q1. A virus can be

A. Increase/decrease the word length of CPU
B. Steal CPU time
C. Steal hard disk space
D. None of Above
Ans: A

Q2. Which virus attaches with EXE files and the resulting infected EXE file attacks other EXE
files and infects them?
A. Parasitic virus
B. Boot Sector Virus
C. Memory Resident Virus
D. None of Above
Ans: A

Q3. Which of the following the relation of computer virus

A. Hardware
B. Motherboard
C. Program
D. None of Above
Ans: C

Q4. Which of the following mechanism is used by computer virus worm to duplicate itself?
A. Spawn
B. Swap
C. Increase
D. Increment
Ans: A

Q5. What is the computer virus?

A. A special type of computer program
B. A special type of hardware parts
C. Motherboard chip
D. None of Above
Ans; A

Q6. A computer virus is

A. Software
B. Hardware
C. Both
D. None
Ans: A

Q7. Which of following is the antivirus?

A. CodeRed
B. Melissa
C. Dr.Web
D. None
Ans: C

Q8. Which of the following is Antivirus?

A. Avira
B. MCAfree
C. Kaspersky
D. None
Ans: C

Q9. Which year Indian IT act was notified?

A. 2000
B. 1991
C. 1989
D. 2004
Ans: A

Q10. Which of following is not computer virus?

A. Norton
B. Melissa A
C. Trojan horse
D. None
Ans: A

Q11. Anti-virus must be regularly updated else

A. New virus wouldn’t be recognized
B. None of these
C. Software will become corrupt
D. None
Ans: A
Q12. Verification of a login name and password is known as
A. Configuration
B. Accessibility
C. Authentication
D. Both A and B
Ans: C
Q13. Which Malicious software creates new processes in an infinite loop?
A. Fork Bomb
B. Boot Sector Virus
C. Both A and B
D. None of Above
Ans: A
Q14. Alta vista is a
A. Browser
B. Search engine
C. Program
D. Hardware
Ans: A
Q15. What happens if the computer reboots itself?
A. No Enough Memory
B. Virus
C. Both A and B
D. None
Ans: B

16. Which of the below-mentioned reasons do not satisfy the reason why people create a
computer virus?
A Protection
B Identity theft
C Pranks
D Research purpose
Ans=A

17. _____________ is also known as cavity virus.

A Polymorphic Virus
B Space-filler Virus
C Overwrite Virus
D Non-resident virus
Ans=B
18. __________ deletes all the files that it infects.
A Multipartite Virus
B Polymorphic Virus
C Overwrite Virus
D Non-resident virus
Ans=C
19. ______________ are difficult to identify as they keep on changing their type and
signature.
A Polymorphic Virus
B Multipartite Virus
C Boot Sector Virus
D Non-resident virus
Ans=A
20. ______________ infects the executables as well as the boot sectors.
A Polymorphic Virus
B Multipartite Virus
C Boot Sector Virus
D Non-resident virus
Ans=B
21. Direct Action Virus is also known as ___________
A Multipartite Virus
B Non-resident virus
C Polymorphic Virus
D Boot Sector Virus
Ans=B
22._______________ gets installed & stays hidden in your computer’s memory. It stays
involved to the specific type of files which it infects.
A Direct Action Virus
B Multipartite Virus
C Polymorphic Virus
D Boot Sector Virus
Ans=A
23. _______________ infects the master boot record and it is challenging and a complex
task to remove this virus.
A Trojans
B Polymorphic
C Boot Sector Virus
D Multipartite
Ans=C
24.The virus hides itself from getting detected by ______ different ways.
A5
B2
C3
D None of these
Ans=C
25. In mid-1981, the 1st virus for Apple computers with the name _________ came into
existence.
A Apple II
B Apple Virus
C Apple III
D Apple I
Ans=A
 Types of virus mcq
1. A virus that infects the boot sector of a hard drive is classified as a:
a) File infector virus
b) System or Boot Sector Virus
c) Macro virus
d) Polymorphic virus
Ans=b
2. Which of the following is NOT a type of computer virus:
a) File infector virus
b) Resident virus
c) Trojan horse (Trojans are malicious but don't self-replicate)
d) Polymorphic virus
Ans=c

3. A virus that remains active in memory and infects other programs as they are loaded is
called a:
a) File infector virus
b) Resident virus
c) Macro virus
d) Overwrite virus
Ans=b

4. A virus that infects both program files and the boot sector is known as a:
a) Polymorphic virus
b) Direct action virus
c) Multipartite virus
d) Space-filler virus
Ans=c
5. Viruses that constantly change their code structure to evade detection are classified as:
a) File infector virus
b) Overwrite virus
c) Polymorphic virus
d) Macro virus (Macros are not viruses themselves)
Ans=c

6. A virus that directly infects a program and overwrites existing code is called a:
a) Resident virus
b) Overwrite virus
c) Space-filler virus
d) Multipartite virus
Ans=b
7. Viruses that fill unused space in files with junk data are categorized as:
a) Polymorphic virus
b) Space-filler virus
c) Direct action virus
d) File infector virus
Ans=c

8. A virus that specifically targets and infects macro code within documents is known as a:
a) File infector virus
b) Resident virus
c) Macro virus
d) Boot sector virus
Ans=c
9. Viruses that hide system processes and grant unauthorized access are classified as:
a) Polymorphic virus
b) File infector virus
c) Macro virus
d) Rootkit virus
Ans=d
10.Which of the following statements about viruses is FALSE?
a) Viruses can steal sensitive data.
b) Viruses can corrupt or delete files.
c) Viruses can cause system crashes.
d) Viruses can install legitimate software. (Viruses typically install malicious software)
Ans=d
11.Virus cannot spread through
A.USB
B.Email
C.Downloads
D.Uploads
Ans=D

12.Which of the following is not an antivirus software?

A.Bitdefender
B.Norton
C.Evadobe
D.McAfee
Ans=C

13.What are the signs of a computer virus?

A.Changes on homepage
B.Pop-up windows
C.Repeated programs start up
D.Option A and B
Ans=D
14.What should be avoided to prevent your computer from a virus attack?
A.Check the internet connection
B.Turn your computer on without any unknown cables
C.Download spyware software
D.Always scan email attachments before opening
Ans=D

15.Trojan horse is a useful software and can also

A.Release all the viruses from your computer
B.Do damage to your computer once installed or run on your computer
C.Prevent a virus from attacking your computer
D.Clean up the malicious code
Ans=B

16. What is a disadvantage of a virus attack?

A.None of the below
B.It can destroy your operating system
C.Depending on the severity of the virus, it can damage your hardware
D.Can create an explosion within the CPU
Ans=C

19. A worm cannot:

A.Look similar to the virus
B.Can travel from computer to computer
C.Can replicate itself into a large amount of worms and spread itself fast.
D.Can reduce the virus threat
Ans=D

20. Which antivirus is harmful to the computer?

A. shareware
B. anti virus
C.virus
D.freeware
E.All of these
F.None of these
Ans= C

21.What is a computer virus?

a) A hardware component
b) A type of antivirus software
c) A Malicious software that infects other files
d) A computer programming language
Ans=c

22.A polymorphic virus can ______ .

a) Spreading through social media platforms
b) Change its apearance
c) Deleting files randomly
d) Only infecting specific file types
Ans=b

23. How do viruses typically spread?

a) Through physical contact with infected computers
b) Via infected email attachments, websites, or removable media
c) Only through software downloads from official sources
d) By manipulating computer hardware
Ans=b
24. Which type of virus hides within another legitimate program?
a) Worm
b) Trojan horse
c) Macro virus
d) Spyware
Ans=b
25. What does a rootkit virus typically do?
a) Encrypts files and demands ransom
b) Monitors and hides its presence on a system
c) Spreads through infected email attachments
d) Disables the antivirus software
Ans=b

Firewall mcq
1. Network layer firewall works as a __________
a) Frame filter
b) Packet filter
c) Content filter
d) Virus filter
Ans=b

2. Network layer firewall has two sub-categories as _________

a) State full firewall and stateless firewall
b) Bit oriented firewall and byte oriented firewall
c) Frame firewall and packet firewall
d) Network layer firewall and session layer firewall
Ans=a

3. A firewall is installed at the point where the secure internal network and untrusted
external network meet which is also known as __________
a) Chock point
b) Meeting point
c) Firewall point
d) Secure point
Ans=a
4. Which of the following is / are the types of firewall?
a) Packet Filtering Firewall
b) Dual Homed Gateway Firewall
c) Screen Host Firewall
d) Dual Host Firewall
Ans=a

5. A proxy firewall filters at _________

a) Physical layer
b) Data link layer
c) Network layer
d) Application layer
Ans=d

6. A packet filter firewall filters at __________

a) Physical layer
b) Data link layer
c) Network layer or Transport layer
d) Application layer
Ans=c

7. What is one advantage of setting up a DMZ with two firewalls?

a) You can control where traffic goes in three networks
b) You can do stateful packet filtering
c) You can do load balancing
d) Improved network performance
Ans=c

8. What tells a firewall how to reassemble a data stream that has been divided into packets?
a) The source routing feature
b) The number in the header’s identification field
c) The destination IP address
d) The header checksum field in the packet header
Ans=a

9. A stateful firewall maintains a ___________ which is a list of active connections.

a) Routing table
b) Bridging table
c) State table
d) Connection table
Ans=a

10. A firewall needs to be __________ so that it can grow proportionally with the network
that it protects.
a) Robust
b) Expansive
c) Fast
d) Scalable
Ans=b
11. Circuit-level gateway firewalls are installed in _______ layer of OSI model.
a) Application layer
b) Session layer
c) Presentation layer
d) Network layer
Ans=b

12. Which of these comes under the advantage of Circuit-level gateway firewalls?
a) They maintain anonymity and also inexpensive
b) They are light-weight
c) They’re expensive yet efficient
d) They preserve IP address privacy yet expensive
Ans=a

13. Which of the following is a disadvantage of Circuit-level gateway firewalls?

a) They’re expensive
b) They’re complex in architecture
c) They do not filter individual packets
d) They’re complex to setup
Ans=c

14. _____________ gateway firewalls are deployed in application-layer of OSI model.

a) Packet Filtering Firewalls
b) Circuit Level Gateway Firewalls
c) Application-level Gateway Firewalls
d) Stateful Multilayer Inspection Firewalls
Ans=c

15. Application level gateway firewalls protect the network for specific _____________
a) application layer protocol
b) session layer protocol
c) botnet attacks
d) network layer protocol
Ans=a

16. ___________ firewalls are a combination of other three types of firewalls.

a) Packet Filtering
b) Circuit Level Gateway
c) Application-level Gateway
d) Stateful Multilayer Inspection
Ans=d

17. Stateful Multilayer Inspection firewall cannot perform which of the following?
a) Filter network layer packets
b) Check for legitimate session
c) Scans for illicit data packets at the presentation layer
d) Evaluate packets at application lager
Ans=c

18. We can also implement ____________ in Stateful Multilayer Inspection firewall.

a) external programs
b) algorithms
c) policies
d) algorithms and external programs
Ans=b

19. One advantage of Stateful Multilayer Inspection firewall is __________

a) costlier but easy to understand
b) large to manage
c) complex internal architecture
d) large to manage but efficient
Ans=c

20. Packet filtering firewalls are also called ____________

a) first generation firewalls
b) second generation firewalls
c) third generation firewalls
d) fourth generation firewalls
Ans=a

21. Stateful Multilayer firewalls are also called ____________

a) first generation firewalls
b) second generation firewalls
c) third generation firewalls
d) fourth generation firewalls
Ans=b

22. Application layer firewalls are also called ____________

a) first generation firewalls
b) second generation firewalls
c) third generation firewalls
d) fourth generation firewalls
Ans=c
23. What is the primary purpose of a firewall in network
security?
a) Speed up internet connection
b) Block all incoming and outgoing traffic
c) Monitor user activity
d) Control and filter network traffic
Ans=d

24. Which layer of the OSI model do firewalls primarily

operate at?
 a) Application layer
b) Transport layer
c) Network layer
d) Data link layer
Ans=c

25. Which type of firewall examines packets and makes

decisions based on the state of active connections?
a) Proxy firewall
b) Stateful firewall
c) Packet-filtering firewall
d) Application-layer firewall
Ans=b

Simple Network Manual Protocol mcq

1. The application-level protocol in which a few manager stations control a set of
agents is called ______
a) HTML
b) TCP
c) SNMP
d) SNMP/IP
Ans=c

2. Full duplex mode increases the capacity of each domain by ________

a) 10 to 20 mbps
b) 20 to 30 mbps
c) 30 to 40 mbps
d) 40 to 50 mbps
Ans=a

3. Configuration management can be divided into which two subsystems?

a) Reconfiguration and documentation
b) Management and configuration
c) Documentation and dialing up
d) Configuration and dialing up
Ans=a

4. To use a Simple Network Management System, we need _______

a) Servers
b) IP
c) Protocols
d) Rules
Ans=d
5. The main difference between SNMPv3 and SNMPv2 is _______
a) Management
b) Integration
c) Classification
d) Enhanced security
Ans=d

6. In Network Management System, the division that is responsible for controlling access to
network based on a predefined policy is called _________
a) Fault Management
b) Secured Management
c) Active Management
d) Security Management
Ans=d

7. BER stands for ________

a) Basic Encoding Rules
b) Basic Encoding Resolver
c) Basic Encoding Rotator
d) Basic Encoding Router
Ans=a

8. Control of the users’ access to network resources through charges is the main
responsibility of ________
a) Reactive Fault Management
b) Reconfigured Fault Management
c) Accounting Management
d) Security Management
Ans=c

9. SNMP is the framework for managing devices in an internet using the ______
a) TCP/IP protocol
b) UDP
c) SMTP
d) None
Ans=a

10. Structure of Management Information (SMI), is the guideline of ________

a) HTTP
b) SNMP
c) URL
d) MIB
Ans=b

11.SNMP operates at which layer of the OSI model?

a) Physical Layer
b) Data Link Layer
c) Network Layer
d) Application Layer
Ans=d

12.What is the primary function of SNMP?

a) File transfer
b) Web browsing
c) Network device management
d) Email communication
Ans=c

13.In SNMP, which component gathers information from network devices?

a) NMS (Network Management Station)
b) Agent
c) Trap
d) Community String
Ans=b

14. In SNMP, what component monitors and analyzes information gathered from agents?
a) NMS (Network Management Station)
b) Agent
c) Trap
d) Community String
Ans=a

15. What is a Community String used for in SNMP?

a) Data encryption
b) Authentication between NMS and agent
c) Network device configuration
d) Trap forwarding
Ans=b

16.SNMP uses which protocol for communication between NMS and agents?
a) UDP (User Datagram Protocol)
b) TCP (Transmission Control Protocol)
c) IP (Internet Protocol)
d) HTTP (Hypertext Transfer Protocol)
Ans=a

17.What are SNMP traps?

a) User-initiated requests for information
b) Alerts sent by agents to NMS for critical events
c) Configuration settings for network devices
d) Periodic updates from agents to NMS
Ans=b

18.Which version of SNMP introduced improved security features?

a) SNMPv1
b) SNMPv2
c) SNMPv3
d) All of the above
Ans=b

19.SNMPv3 utilizes which security model for user-based access control?

a) Community String access
b) Simple authentication
c) User-based security model
d) None of the above
Ans=c

20.What is the purpose of the Management Information Base (MIB) in SNMP?

a) Defines network device communication protocols
b) Defines the structure of network management information
c) Encrypts data transmission
d) Enables web browsing on network devices
Ans=b

21.SNMP is a vendor-independent protocol. What does this mean?

a) It only works with specific network device brands.
b) It can be used with devices from different manufacturers.
c) Requires additional configuration for each device type.
d) Limited to managing network security settings.
Ans=b

22.What is a disadvantage of using SNMPv1 for network management?

a) Efficient data transfer
b) Wide range of MIB support
c) Lack of strong authentication
d) Easy to use and configure
Ans=c

23.What is a benefit of using SNMP traps for network monitoring?

a) Requires manual polling for updates
b) Provides real-time notifications for critical events
c) Less efficient use of network bandwidth
d) Limited to specific types of network devices
Ans=b

24.SNMP is a crucial tool for network administrators. What is one of the primary tasks it
helps with?
a) Downloading software updates
b) Sharing files between devices
c) Monitoring network device performance and health
d) Setting up new user accounts
Ans=c

25. Which of the following is an example of Bluetooth?

a) wide area network
b) virtual private network
c) local area network
d) personal area network
Ans=d

……………………………………….…………………*****************………………………………………………………………