1. What is the primary purpose of the Internet Protocol (IP)?

A. Encrypt data for secure transmission

B. Provide device authentication
C. Address and route data packets
D. Translate domain names to IP addresses

Answer: 1 - C

2. Which version of IP supports 128-bit addressing?

A. IPv1
B. IPv4
C. IPv5
D. IPv6

Answer: 2 - D

3. What is the main difference between TCP and UDP?

A. TCP is connectionless; UDP is connection-oriented
B. TCP offers reliability; UDP does not
C. UDP uses handshakes; TCP does not
D. TCP is faster than UDP

Answer: 3 - B

4. Which protocol is used to translate MAC addresses to IP addresses?

A. ICMP
B. DNS
C. ARP
D. DHCP

Answer: 4 - C

5. What is the purpose of ICMP in networking?

A. Encrypt messages
B. Translate IP to MAC
C. Test network connectivity and report errors
D. Assign IP addresses

Answer: 5 - C
6. Which protocol assigns dynamic IP addresses to hosts on a network?
A. DNS
B. DHCP
C. ICMP
D. FTP

Answer: 6 - B

7. Which transport layer protocol is most suitable for time-sensitive

applications like VoIP?
A. TCP
B. IP
C. UDP
D. ICMP

Answer: 7 - C

8. Which field in the IP header determines the maximum hops a packet

can travel?
A. Source IP
B. TTL
C. Protocol
D. Destination IP

Answer: 8 - B

9. In networking, what does MTU stand for?

A. Maximum Transfer Usage
B. Minimum Transmit Unit
C. Maximum Transmission Unit
D. Media Transmit Unit

Answer: 9 - C

10. Which of the following is a valid IPv4 address?

A. 256.1.1.1
B. 192.168.0.1
C. 1234:5678:9abc:def0::
D. 192.168.500.1

Answer: 10 - B
🔹 B2: Network Architectures (10 Questions)

11. What is the primary function of a firewall in a network architecture?

A. To assign IP addresses
B. To analyze protocol headers
C. To block or allow traffic based on rules
D. To encrypt traffic end-to-end

Answer: 11 - C

12. Which of the following is NOT a layer in the OSI model?

A. Session
B. Internet
C. Presentation
D. Transport

Answer: 12 - B

13. At which OSI layer does the IP protocol operate?

A. Data Link
B. Network
C. Transport
D. Application

Answer: 13 - B

14. What is the purpose of a DMZ in a network?

A. Increase internet speed
B. Isolate internal systems from untrusted networks
C. Block DNS traffic
D. Encrypt local traffic

Answer: 14 - B

15. Which device operates at Layer 3 of the OSI model?

A. Switch
B. Router
C. Hub
D. Repeater

Answer: 15 - B
16. Which type of network topology is most resilient to a single point of
failure?
A. Star
B. Bus
C. Ring
D. Mesh

Answer: 16 - D

17. Which of the following is a characteristic of a flat network

architecture?
A. High segmentation
B. No VLANs
C. Encrypted tunnels between layers
D. Frequent routing decisions

Answer: 17 - B

18. In a typical 3-tier architecture, what is the role of the application tier?
A. Handling data storage
B. Managing routing and switching
C. Processing business logic
D. Encrypting client data

Answer: 18 - C

19. Which network device typically connects a LAN to the internet?

A. Switch
B. Hub
C. Router
D. Bridge

Answer: 19 - C

20. What is network segmentation used for?

A. Increasing bandwidth
B. Improving cable management
C. Enhancing security and limiting broadcast domains
D. Preventing MAC address flooding
Answer: 20 - C

21. What is the primary goal of network mapping?

A. Detect malware
B. Identify open ports only
C. Understand the structure and devices on a network
D. Encrypt communications between nodes

Answer: 21 - C

22. Which tool is commonly used for network scanning and mapping?
A. Wireshark
B. Netcat
C. Nmap
D. Hydra

Answer: 22 - C

23. What does the -sP or -sn option in Nmap perform?

A. Full TCP connect scan
B. Port scan
C. Ping scan (host discovery only)
D. UDP scan

Answer: 23 - C

24. What type of scan can help identify live hosts without scanning ports?
A. TCP SYN Scan
B. Ping Sweep
C. NULL Scan
D. TCP FIN Scan

Answer: 24 - B

25. Which layer is primarily involved when identifying live systems using
ICMP echo requests?
A. Layer 3 – Network
B. Layer 2 – Data Link
C. Layer 5 – Session
D. Layer 7 – Application

Answer: 25 - A
26. Which port scanning method is least likely to be logged by the target
system?
A. TCP Connect Scan
B. TCP SYN Scan
C. UDP Scan
D. TCP FIN Scan

Answer: 26 - D

27. What is banner grabbing used for?

A. Encrypt HTTP traffic
B. Retrieve service and version information
C. Map network topology
D. Sniff credentials

Answer: 27 - B

28. Which Nmap option enables OS detection?

A. -sU
B. -O
C. -sX
D. -T4

Answer: 28 - B

29. What does the traceroute command help determine?

A. MAC address of a system
B. DNS cache state
C. Path packets take to a target
D. Number of open ports

Answer: 29 - C

30. Which tool is most appropriate for automated network enumeration

and asset discovery?
A. John the Ripper
B. Shodan
C. Nikto
D. Burp Suite
Answer: 30 - B

🔹 B5: Interpreting Tool Output (5 Questions)

31. In Nmap output, what does “open|filtered” indicate?

A. Port is definitely open
B. Port is definitely filtered
C. Nmap is unsure whether port is open or filtered
D. Port is closed

Answer: 31 - C

32. What does a TTL value of 128 in a ping reply often indicate about the
host OS?
A. Linux/Unix system
B. Windows-based system
C. Firewall blocking TTL
D. Router device

Answer: 32 - B

33. Which tool shows results like SYN_RECV and ESTABLISHED in its
output?
A. Wireshark
B. Traceroute
C. Netstat
D. Nikto

Answer: 33 - C

34. A netstat output shows a large number of connections in TIME_WAIT.

What does this imply?
A. High DNS traffic
B. Too many open UDP connections
C. Closed TCP connections awaiting cleanup
D. ARP spoofing in progress

Answer: 34 - C

35. In Wireshark, which filter shows only HTTP requests?

A. tcp.dstport == 443
B. ip.src == 127.0.0.1
C. http.request
D. icmp

Answer: 35 - C

🔹 B6: Filtering Avoidance Techniques (5 Questions)

36. Which Nmap scan type is designed to evade basic firewalls?

A. TCP Connect Scan
B. SYN Scan
C. Xmas Scan
D. ICMP Ping Scan

Answer: 36 - C

37. What is the purpose of using decoy IPs in Nmap (--decoy)?

A. Mask actual host scanning the target
B. Increase speed of scan
C. Scan UDP ports
D. Disable firewall

Answer: 37 - A

38. Which technique is effective for bypassing stateless firewalls?

A. Using SYN flood
B. Fragmented packets
C. UDP port scan
D. DNS poisoning

Answer: 38 - B

39. Which header manipulation can help evade basic IDS detection?
A. Increasing TTL value
B. Setting content-length to 0
C. Inserting whitespace or case variation in payloads
D. Removing host header

Answer: 39 - C
40. What does the Nmap -f flag do?
A. Enables full port scan
B. Forces service detection
C. Sends fragmented packets
D. Filters UDP ports

Answer: 40 - C

41. Which of the following is a purpose of threat modeling?

A. Conduct port scanning
B. Identify and prioritize potential security risks
C. Create firewall rules
D. Patch operating systems

Answer: 41 - B

42. What is a key purpose of vulnerability assessment?

A. Gain access to a target system
B. Discover and evaluate known security weaknesses
C. Prevent all attacks
D. Upgrade firmware

Answer: 42 - B

43. The primary difference between a vulnerability assessment and

penetration testing is:
A. Penetration testing is legal
B. Vulnerability assessment is manual
C. Penetration testing includes exploitation
D. Both use the same tools

Answer: 43 - C

44. A red team engagement differs from a penetration test by:

A. Only testing web apps
B. Simulating a real-world attacker with stealth
C. Using more firewalls
D. Focusing only on network scans

Answer: 44 - B
45. What does the acronym MITM stand for?
A. Manual Internet Threat Management
B. Managed Internal Traffic Mapper
C. Man-in-the-Middle
D. Mandatory Integrity Traffic Mechanism

Answer: 45 - C

46. What tool would you most likely use to capture credentials on a
network?
A. Nikto
B. Hydra
C. Wireshark
D. Burp Suite

Answer: 46 - C

47. Which of the following is commonly used to simulate phishing attacks

in a controlled environment?
A. Nessus
B. Metasploit
C. GoPhish
D. Nikto

Answer: 47 - C

🔹 B8: OS Fingerprinting – 7 Questions

48. What is OS fingerprinting?

A. Guessing passwords on login forms
B. Identifying services running on open ports
C. Determining the operating system of a target host
D. Sniffing packets between hosts

Answer: 48 - C

49. Which Nmap option performs aggressive OS detection?

A. -sT
B. -O
C. -A
D. -Pn
Answer: 49 - C

50. What is a tell-tale indicator of Windows OS in Nmap OS fingerprinting?

A. TTL = 64
B. Port 22 open
C. TTL = 128 and closed port response behavior
D. SYN-ACK flags are disabled

Answer: 50 - C

51. Passive OS fingerprinting relies on:

A. Banner grabbing
B. ICMP echo requests
C. Analyzing packet headers from network traffic
D. DNS requests

Answer: 51 - C

52. Which of these fields is often examined in TCP/IP packets for OS

fingerprinting?
A. Hostname
B. Payload
C. Initial TTL and TCP Window Size
D. DNS Server

Answer: 52 - C

53. What is the purpose of using tools like Xprobe2?

A. Web application scanning
B. Password cracking
C. Active OS fingerprinting
D. Sniffing SMTP traffic

Answer: 53 - C

54. Which protocol provides the most accurate active OS fingerprinting

information?
A. FTP
B. HTTP
C. TCP/IP
D. SMTP

Answer: 54 - C

🔹 B9: Application Fingerprinting and Evaluating Unknown Services

– 6 Questions

55. What is application fingerprinting?

A. Identifying the OS version
B. Scanning ports
C. Identifying specific software and its version running on open ports
D. Analyzing encrypted data

Answer: 55 - C

56. Which tool is best suited for web application fingerprinting?

A. Hydra
B. Nikto
C. Tcpdump
D. Wireshark

Answer: 56 - B

57. What is banner grabbing used for in application fingerprinting?

A. Identifying email addresses
B. Capturing screenshots
C. Retrieving version and service details from applications
D. Encrypting service communications

Answer: 57 - C

58. You connect to port 8080 and receive an HTTP response. What does
this suggest?
A. SSH is running on 8080
B. HTTP service is hosted on an uncommon port
C. Port 8080 is closed
D. DNS is being served over TCP

Answer: 58 - B
59. Which Nmap flag helps with application version detection?
A. -O
B. -A
C. -sS
D. -sU

Answer: 59 - B

60. You find a non-standard port responding with a MySQL banner. What
should your next step be?
A. Run a port scan
B. Ignore it
C. Try brute forcing SSH
D. Investigate the service and look for known vulnerabilities in that MySQL
version

Answer: 60 - D

61. What is the purpose of Network Access Control (NAC)?

A. Preventing DNS leaks
B. Controlling who and what can access the network
C. Encrypting Wi-Fi traffic
D. Performing port scanning

Answer: 61 - B

62. 802.1X is primarily used for:

A. Email encryption
B. Port security on switches
C. Wireless signal amplification
D. Application firewalling

Answer: 62 - B

63. Which of the following is a characteristic of a NAC system?

A. Passive monitoring only
B. Enforces policy before granting network access
C. Only works on wired networks
D. Works only with firewalls

Answer: 63 - B
64. Which protocol is typically used in 802.1X for authentication?
A. SSH
B. RADIUS
C. DNS
D. DHCP

Answer: 64 - B

65. What is the best description of MAC address filtering?

A. Changing the MAC address of a router
B. Allowing or denying network access based on device MAC addresses
C. Encrypting wireless traffic
D. Blocking all unknown protocols

Answer: 65 - B

66. A posture assessment in NAC involves:

A. Identifying open ports on the firewall
B. Checking system configuration and health before access
C. Assigning IP addresses to all devices
D. Measuring latency in the network

Answer: 66 - B

67. What is one limitation of MAC address-based access control?

A. It uses too much bandwidth
B. MAC addresses are encrypted
C. MAC addresses can be easily spoofed
D. It only works with IPv6

Answer: 67 - C

🔹 B11: Cryptography – 7 Questions

68. What is the purpose of cryptography?

A. To prevent DDoS attacks
B. To test network speed
C. To ensure confidentiality, integrity, and authenticity of data
D. To block IP addresses

Answer: 68 - C
69. Which of the following is an example of symmetric encryption?
A. RSA
B. Diffie-Hellman
C. AES
D. ECC

Answer: 69 - C

70. Which key is used in public key encryption to encrypt data?

A. Private key of the sender
B. Public key of the receiver
C. Private key of the receiver
D. Public key of the sender

Answer: 70 - B

71. What is a hash function used for?

A. Data encryption
B. Generating a fixed-size digest to verify integrity
C. Data compression
D. File signing

Answer: 71 - B

72. Which algorithm is considered broken due to vulnerabilities?

A. SHA-256
B. RSA-2048
C. MD5
D. AES-256

Answer: 72 - C

73. What makes asymmetric encryption different from symmetric

encryption?
A. It uses the same key for encryption and decryption
B. It is used only for hashing
C. It uses separate keys for encryption and decryption
D. It cannot be used over the internet

Answer: 73 - C
74. Which protocol uses cryptography for secure web browsing?
A. FTP
B. HTTP
C. TLS
D. SMTP

Answer: 74 - C

🔹 B12: Applications of Cryptography – 6 Questions

75. Which of the following uses cryptography to ensure message integrity

and sender authenticity?
A. Symmetric encryption
B. Digital signatures
C. Firewalls
D. Password managers

Answer: 75 - B

76. What is the main use of a digital certificate in HTTPS?

A. Authenticate the client
B. Store IP addresses
C. Encrypt traffic and verify server identity
D. Provide MAC filtering

Answer: 76 - C

77. What is the purpose of a VPN from a cryptography standpoint?

A. To assign dynamic IP addresses
B. To filter spam emails
C. To provide encrypted communication over an untrusted network
D. To increase bandwidth

Answer: 77 - C

78. Which of these provides both confidentiality and integrity in secure

communication?
A. FTP
B. TLS
C. Telnet
D. DNS
Answer: 78 - B

79. Which cryptographic concept ensures that data has not been
changed?
A. Confidentiality
B. Availability
C. Integrity
D. Non-repudiation

Answer: 79 - C

80. What is non-repudiation in the context of cryptography?

A. Preventing unauthorized access
B. Ensuring availability
C. Ensuring the sender cannot deny having sent the message
D. Ensuring network redundancy

Answer: 80 - C

81. Which permission allows a user to read the contents of a file in Linux?
A. Execute
B. Write
C. Read
D. Modify

Answer: 81 - C

82. What does the permission chmod 755 assign?

A. Read/write/execute to all users
B. Full permissions to owner, read/execute to others
C. Read-only to all users
D. Full permissions to everyone

Answer: 82 - B

83. In Windows NTFS permissions, what does "Full Control" include?

A. Read, Write
B. Read, Execute
C. All permissions including permission changes
D. Modify only

Answer: 83 - C
84. What is the significance of the sticky bit on a directory in Linux?
A. Files can be modified by anyone
B. Only the file owner can delete their own files
C. It allows scheduling file execution
D. It blocks all users

Answer: 84 - B

85. Which of the following best describes the purpose of access control
lists (ACLs)?
A. Encrypt files
B. Provide granular permission settings beyond standard user/group/other
C. Only allow root user access
D. Disable firewall rules

Answer: 85 - B

86. What permission must be granted to execute a file in Linux?

A. Read
B. Write
C. Execute
D. Modify

Answer: 86 - C

87. Which Linux command shows file permissions?

A. showperm
B. chmod
C. ls -l
D. netstat

Answer: 87 - C

88. What does chmod 644 typically mean?

A. Full access to all users
B. Read/write for owner, read-only for group and others
C. Execute permission for all
D. Write-only for owner

Answer: 88 - B
89. In a Linux system, who owns a file by default when it's created?
A. root
B. The user who created it
C. The admin group
D. Nobody

Answer: 89 - B

90. What does “umask” control in Linux?

A. File encryption
B. Network settings
C. Default permission settings for new files
D. Login restrictions

Answer: 90 - C

🔹 B14: Audit Techniques – 10 Questions

91. What is the main purpose of auditing in cybersecurity?

A. Increase network speed
B. Detect unauthorized activity and ensure policy compliance
C. Encrypt data
D. Disable unused services

Answer: 91 - B

92. Which of the following is a key element of an audit trail?

A. Username
B. Timestamp
C. Action performed
D. All of the above

Answer: 92 - D

93. Which command in Linux is used to review authentication logs?

A. dmesg
B. tail /var/log/auth.log
C. sudo logs
D. chmod logs

Answer: 93 - B
94. What is the primary purpose of SIEM systems?
A. Encrypt files
B. Monitor and analyze security logs
C. Patch operating systems
D. Provide VPN services

Answer: 94 - B

95. Which of the following is most useful in detecting privilege escalation?

A. Network scan
B. Password guessing
C. Audit log review
D. Ping sweep

Answer: 95 - C

96. What is the best way to ensure log integrity?

A. Store logs on the same system
B. Use syslog without authentication
C. Write logs to a secure, centralized location
D. Rotate logs every 5 minutes

Answer: 96 - C

97. Why is time synchronization important in auditing?

A. It saves power
B. It ensures logs across systems can be correlated accurately
C. It increases encryption strength
D. It allows remote access

Answer: 97 - B

98. What does “non-repudiation” mean in auditing?

A. Data is encrypted
B. Logs are deleted
C. Users cannot deny their actions
D. Admins can alter logs

Answer: 98 - C
99. Which standard is commonly referenced for audit logging controls?
A. ISO 27001
B. GDPR
C. TLS
D. WPA2

Answer: 99 - A

100. A failed login attempt entry in an audit log is an example of:

A. Compliance logging
B. System noise
C. Security-relevant event
D. Log sanitization

Answer: 100 - C