Question Bank

Unit - 3
Multiple Choice Questions (MCQs)
1. What is the primary function of an Operating System (OS)?
a) To manage hardware resources
b) To run computer programs only
c) To increase system security
d) To maintain user data

Answer: a) To manage hardware resources

2. Which of the following is a key function of an OS?
a) Memory Management
b) Graphics Rendering
c) Data Analysis
d) Game Development

Answer: a) Memory Management

3. Which of the following OS is known for being open-source and is often used in
server environments?
a) Windows
b) Linux
c) macOS
d) Android

Answer: b) Linux
4. Which security feature in Windows helps protect users from unauthorized system
changes? a) Windows Defender
b) User Account Control (UAC)
c) BitLocker
d) Firewall

Answer: b) User Account Control (UAC)

5. Linux is preferred in cloud and server environments because of its:
a) User-friendly interface
b) High performance and security
 c) Strong multimedia support
d) Integration with Microsoft applications
6. Which command in Windows is used to display active network connections?
a) ipconfig
b) netstat
c) ping
d) tracert
7. Which Linux command lists files and directories in the current directory?
a) ls
b) find
c) cp
d) chmod
8. What does the sudo command do in Linux?
a) Deletes a file
b) Changes file permissions
c) Runs commands with superuser privileges
d) Lists system processes
9. Which of the following commands is used to check network connectivity in both
Windows and Linux?
a) ping
b) nslookup
c) netstat
d) telnet

True/False Questions
1. The rm -r command in Linux is used to remove files or directories.
2. In Windows, the tracert command is used to trace the path of packets to a
destination.
3. The cd command is used in both Windows and Linux to create a new directory.
4. PowerShell in Windows is less powerful than the regular CMD command line.
5. The chmod command in Linux is used to change file permissions.
6. The Operating System serves as an interface between the user and the hardware.
7. Windows is less vulnerable to malware due to its small user base.
8. Linux uses a strict user privilege model, enforcing the principle of least privilege.
9. Device Management in an OS involves managing the system’s memory and CPU
usage.
10. BitLocker in Windows provides full disk encryption to protect user data.

Short Answer Questions

 1. What is the purpose of the ipconfig command in Windows?
2. How would you list all running processes in Linux?
3. What command would you use in Linux to check the configuration of network
interfaces?
4. What does the find command do in both Windows and Linux?
5. Explain the role of Process Management in an operating system.
6. What is the main advantage of Linux's open-source nature?
7. What makes Windows a target for various types of malware?
8. Describe one key security challenge that Linux faces despite its strong user
privilege model.
9. How does User Account Control (UAC) in Windows enhance system security?

Fill in the Blanks

1. The function of an OS that manages how data is stored and retrieved is called ____.
2. The principle of least privilege, enforced by Linux, helps reduce the risk of ____
attacks.
3. In Windows, ____ is an integrated antivirus tool that helps protect against malware.
4. A major strength of Linux is its ____, which allows for extensive customization and
control over system behavior.
5. The OS manages system resources like CPU, memory, and devices, and ensures
that each process gets ____ resources to execute properly.

Long Answers
1. What is the role of the chmod command in Linux, and why is it critical for system
security?
2. While performing an ethical hacking audit on a Windows machine, you need to shut down
the system remotely. Which command would you use in PowerShell or CMD?
3. You are working on a Linux system, and you need to remove a directory and all of
its contents, including subdirectories. What command would you use?
4. You need to locate all files named "test.txt" across your entire Linux system. Which
command would you use?

Unit - 4
1. What is SQL Injection?
A) A technique used to optimize SQL queries.
 B) A type of attack where malicious SQL code is inserted into input fields to
manipulate the database.
C) A method to encrypt SQL queries.
D) A command to create database backups.
2. Which of the following is the best method to prevent SQL injection attacks?
A) Using regular expressions to validate input.
B) Using prepared statements or parameterized queries.
C) Allowing only numeric data in input fields.
D) Disabling all SQL commands.
3. Which of the following would indicate a SQL Injection vulnerability in a login form?
A) A login form accepts only alphanumeric characters.
B) An error message displays database errors after submitting invalid input.
C) The form does not use any encryption.
D) The form checks for correct password length.
4. What is the main purpose of using parameterized queries or prepared statements?
A) To reduce the performance of SQL queries.
B) To prevent SQL injection by separating user input from SQL logic.
C) To store data in an encrypted form.
D) To make SQL queries more complex.
5. Which of the following is a common result of a successful SQL injection attack?
A) The attacker gains unauthorized access to the database.
B) The database is automatically optimized.
C) The database is backed up.
D) The system’s performance improves.
6. Which of the following would be considered a bad practice when handling user
input to prevent SQL injection?
A) Use parameterized queries.
B) Validate user input to ensure it meets expected types.
C) Directly concatenate user input into SQL queries.
D) Sanitize user inputs.
7. Which SQL injection payload can bypass authentication in a login form by always
returning true?
A) '; DROP TABLE users; --
B) ' OR 1=1; --
C) '; SELECT * FROM information_schema.tables; --
D) ' UNION SELECT NULL, NULL, NULL --
 8. Which type of database error is a potential sign that a system is vulnerable to SQL
injection attacks?
A) A generic error page without details.
B) A detailed error message revealing database schema or SQL queries.
C) A timeout error.
D) A successful login.
9. In an SQL injection attack, the UNION operator is often used to:
A) Modify the structure of the database.
B) Combine the results of multiple SQL queries to retrieve unauthorized data.
C) Create new tables in the database.
D) Delete records from the database.
10. What does the -- symbol in an SQL query do in the context of an SQL injection?
A) It adds a comment, causing the rest of the query to be ignored.
B) It terminates the SQL query.
C) It performs an additional operation on the database.
D) It is used to update a record.
11. Which of the following is NOT a valid defense against SQL injection attacks?
A) Prepared statements with parameterized queries.
B) Input validation and sanitization.
C) Limiting user permissions and roles.
D) Allowing unrestricted SQL commands in form inputs.
12. Which of the following is an example of an SQL injection payload used to extract
data from a vulnerable system?
A) ' OR 'x' = 'x' --
B) ' AND 1=1 --
C) ' UNION SELECT username, password FROM users --
D) '; DROP TABLE employees --
13. Which of the following can help reduce the impact of a successful SQL injection
attack?
A) Use of complex SQL queries with many conditions.
B) Limiting database user privileges to the minimum required.
C) Storing sensitive data in plain text.
D) Disabling all SQL queries.

True/False Questions:
 1. SQL injection attacks can exploit poorly validated user inputs to access or
manipulate a database.
Answer: True
2. The -- symbol in an SQL query is used to comment out parts of the query and can
be used in SQL injection attacks to bypass authentication.
Answer: True
3. Sanitizing user input is the only method needed to protect a system from SQL
injection attacks.
Answer: False (While input sanitization is important, using prepared statements and
proper access control are also necessary to protect from SQL injection.)

Fill-in-the-Blank Questions:
1. A DBMS stands for __
2. SQL is primarily used for querying ____ databases.
3. RAID level ____ is known for mirroring and providing data redundancy.
4. A NoSQL database is typically used for storing ____ or semi-structured data.
5. The key principle behind RAID 5 is _ with parity.
6. MongoDB is an example of a _ database.
7. The SELECT statement in SQL is used to _ data from a table.
8. In SQL, the _ keyword is used to modify existing records in a table.
9. The INSERT statement is used to _ data into a table.
10. RAID 0 provides _ performance but no data redundancy.
11. The WHERE clause in SQL is used to _ data based on conditions.
12. ACID stands for Atomicity, Consistency, ___ , and Durability.
13. In a relational DBMS, data is stored in _ , rows, and columns.
14. RAID 1 provides _ by duplicating data across two drives.
15. SQL injection is a common type of _ attack targeting SQL databases.
16. **SQL Injection occurs when an attacker inserts malicious SQL code into ___
17. **In an SQL injection attack, an attacker may use a command like ' OR 1=1; -- to
bypass ___
18. To prevent SQL injection, it is essential to use ____ queries, which separate user
input from SQL logic.

True/False Questions:
1. A DBMS is designed to store, manage, and retrieve data efficiently.
 2. SQL databases are non-relational and do not require a schema.
3. RAID 0 provides data redundancy by mirroring data across multiple disks.
4. NoSQL databases are better suited for handling large-scale, unstructured data.
5. RAID 5 combines data striping and parity, providing a balance of performance and
redundancy.
6. The SELECT statement in SQL is used to delete records from a table.
7. SQL injection attacks can manipulate SQL queries to bypass authentication and
access unauthorized data.
8. In SQL, the GROUP BY clause is used to filter data based on specific conditions.
9. NoSQL databases support complex transactions and are generally ACID-compliant.
10. RAID 10 combines the benefits of RAID 1 (mirroring) and RAID 0 (striping), offering
both performance and redundancy.

Short Answer Questions:

1. What are the main functions of a Database Management System (DBMS)?
2. Explain the difference between SQL and NoSQL databases.
3. What is the purpose of the RAID technology?
4. What are the advantages of using RAID 10 over RAID 1 and RAID 0?
5. Describe the role of ACID properties in transaction management.
6. How does a JOIN operation work in SQL, and what is it used for?
7. What is the purpose of the GROUP BY clause in SQL?
8. What security measure should be taken to prevent SQL Injection attacks?
9. Define the term Data Redundancy in the context of RAID.
10. What is the difference between INSERT and UPDATE SQL statements?

Long Answer Questions:

1. Discuss the advantages and disadvantages of SQL and NoSQL databases.
2. Explain the RAID levels 0, 1, 5, and 10 in detail.
3. Describe the concept of SQL Injection and how it affects database security.
4. Explain the concept of Data Integrity in a DBMS and its importance in database
security.
5. Compare the structure and operation of relational DBMS (RDBMS) and NoSQL
databases, with a focus on data retrieval and scalability.
Unit - 5

MCQ
1. Which of the following is the largest WAN (Wide Area Network)?
A) LAN
B) PAN
C) The Internet
D) MAN
2. What is the primary function of the Transport Layer (Layer 4) in the OSI Model?
A) Route packets to their destination.
B) Establish, manage, and terminate communication sessions.
C) Ensure end-to-end communication between devices.
D) Translate data into a readable format.
3. Which network type covers a small geographic area, such as a home or office?
A) WAN
B) PAN
C) LAN
D) MAN
4. Which protocol operates on port 80 for transferring web pages without encryption?
A) FTP
B) SMTP
C) HTTP
D) HTTPS
5. What is the purpose of the Presentation Layer (Layer 6) in the OSI Model?
A) Data routing and forwarding.
B) Providing encryption and data translation.
C) Managing communication sessions.
D) Ensuring reliable data transfer.
6. Which protocol is commonly used for secure remote access to a server?
A) SSH
B) FTP
C) DNS
D) SMTP
7. Which of the following is an example of a Metropolitan Area Network (MAN)?
A) A city’s fiber optic network.
B) A home Wi-Fi network.
 C) A global office network.
D) A Bluetooth connection between devices.
8. Which layer of the OSI model is responsible for the physical transmission of data
over cables or wireless signals?
A) Network Layer
B) Application Layer
C) Physical Layer
D) Transport Layer
9. What type of network is typically used for a small, short-range network like
Bluetooth or Wi-Fi?
A) LAN
B) PAN
C) WAN
D) MAN
10. Which of the following is a secure version of HTTP that uses encryption?
A) SMTP
B) FTP
C) HTTPS
D) POP3
11. Which protocol is used to translate domain names into IP addresses?
A) DNS
B) HTTP
C) FTP
D) TCP
12. Which protocol is used for sending emails across the Internet?
A) SMTP
B) POP3
C) FTP
D) DNS
13. What does a MAC address operate in?
A) Application Layer
B) Network Layer
C) Data Link Layer
D) Transport Layer
14. Which of the following is a common vulnerability associated with the Application
Layer?
A) IP spoofing
 B) SQL Injection
C) Routing attacks
D) ARP poisoning
15. Which protocol is used for real-time communication like VoIP or live streaming?
A) TCP
B) UDP
C) HTTP
D) FTP

Fill in the Blanks:

1. The Internet is the largest ___ , connecting millions of networks worldwide.
2. **A network that covers a large geographic area like a city or campus is called a ___
3. **The protocol that ensures secure communication over the web by using encryption is
called ___
4. In the OSI model, the layer that deals with routing and forwarding data packets is
the ___ layer.
5. The ___ layer in the OSI model ensures that data is presented in a readable format
and may include encryption.
6. A typical home Wi-Fi network is an example of a ___ network.
7. The ___ protocol is used for translating domain names into IP addresses.
8. Port 21 is primarily used for the ___ protocol, which is used to transfer files between
a client and a server.
9. The ___ protocol provides error-free, reliable data transmission between devices.
10. The ___ layer in the OSI model is responsible for managing communication
sessions.
11. The protocol ___ is used to send emails between email clients and servers.
12. The ___ layer in the OSI model is responsible for physically transmitting data over
cables or wireless networks.
13. The protocol ___ is used for remote server administration and operates over port
22.
14. **A very small network connecting personal devices within a short range is known as a
___
15. Port 443 is used for secure web traffic with the ___ protocol.
True/False Questions:
1. True/False: The Internet is an example of a WAN.
2. True/False: A MAN (Metropolitan Area Network) is used to connect personal devices
like smartphones and laptops.
3. True/False: The OSI Model consists of 7 layers, and each layer has a distinct
function in network communication.
4. True/False: TCP is a connectionless protocol used for real-time applications like
VoIP.
5. True/False: The Application Layer is responsible for handling data transmission
over the network.
6. True/False: FTP operates on port 21 and is used for transferring files between a
client and a server.
7. True/False: The Physical Layer is the topmost layer in the OSI Model.
8. True/False: Wi-Fi and Ethernet are technologies that operate at the Data Link Layer
of the OSI model.
9. True/False: DNS is responsible for converting human-readable domain names to IP
addresses.
10. True/False: ARP poisoning is a common attack used at the Network Layer to
manipulate data forwarding.

Short Questions:
1. What does the OSI model help ethical hackers understand?
2. What is the primary difference between TCP and UDP?
3. What layer of the OSI model deals with encryption?
4. What is the function of the Transport Layer?
5. Which protocol is used for secure remote server access?
6. What is a PAN (Personal Area Network)?
7. What does the Session Layer manage?
8. What is DNS and why is it important?
9. What is the purpose of SSL/TLS in HTTPS?

Long Questions:
1. Explain the 7 layers of the OSI model and their functions in network communication.
2. Describe the different types of networks (LAN, WAN, MAN, and PAN) and their
security implications.
3. What is the importance of understanding networking for ethical hackers, and how
do they use this knowledge to identify vulnerabilities?
4. Discuss the different protocols (TCP, UDP, HTTP, HTTPS, FTP, SSH, etc.) and their
respective use cases.
5. Explain how attacks like SQL injection, ARP poisoning, and session hijacking
exploit vulnerabilities at various layers of the OSI model.