Cyber Security Tutorial

Cyber Security Tutorial What is Cyber Security Cyber Security History Cyber Security Goals Types of Cyber Attacks
Types of Cyber Attackers Cyber Security Principles Data Security Considerations Cyber Security Technology Threats to
E-Commerce Cyber Security Policies Cyber Security Standards Digital Signature Cyber Security Tools Cyber Security
Challenges Security Risk Analysis Cyber Security Certification MITM Attacks Secure e-mail service provider Birthday
Attack in Cryptography Implementing Atbash Cipher Anti-Keylogger Advantages and Disadvantages of Cyber Security
Encryption Algorithms in Cryptography Blowfish Algorithm in Cryptography SHA Algorithm in Cryptography What is AES
What is MD5 Algorithm What is SHA- 256 Algorithm What is DES Emerging Cyber Security threats Impact of IOT on
Cyber Security

Cyber Security MCQ

This set of following multiple-choice questions and answers focuses on "Cyber Security". One shall practice these
interview questions to improve their concepts for various interviews (campus interviews, walk-in interviews, and company
interviews), placements, entrance exams, and other competitive exams.

1) In which of the following, a person is constantly followed/chased by another person or group of several peoples?

1. Phishing
2. Bulling
3. Stalking
4. Identity theft

Answer: c

Explanation: In general, Stalking refers to continuous surveillance on the target (or person) done by a group of people or
by the individual person.

Cyber Stalking is a type of cybercrime in which a person (or victim) is being followed continuously by another person or
group of several people through electronic means to harass the victim. We can also say that the primary goal of Stalking
is to observe or monitor each victim's actions to get the essential information that can be further used for threatening,
harassing, etc.

2) Which one of the following can be considered as the class of computer threats?

1. Dos Attack
2. Phishing
3. Soliciting
4. Both A and C

Answer: a

Explanation: A dos attack refers to the denial of service attack. It is a kind of cyber attack in which one tries to make a
machine (or targeted application, website etc.) unavailable for its intended users. It is usually accomplished by
disturbing the service temporarily or indefinitely of the target connected to the internet.

3) Which of the following is considered as the unsolicited commercial email?

1. Virus
2. Malware
3. Spam
4. All of the above
Answer: c

Explanation: It is a type of unsolicited email which is generally sent in bulk to an indiscriminate recipient list for
commercial purpose. Generally, these types of mail are considered unwanted because most users don't want these
emails at all.

4) Which of the following usually observe each activity on the internet of the victim, gather all information in the
background, and send it to someone else?

1. Malware
2. Spyware
3. Adware
4. All of the above

Answer: b

Explanation: It is generally defined as the software designed to enter the target's device or computer system, gather all
information, observe all user activities, and send this information to a third party. Another important thing about the
spyware is that it works in the background sends all information without your permission.

5) _______ is a type of software designed to help the user's computer detect viruses and avoid them.

1. Malware
2. Adware
3. Antivirus
4. Both B and C

Answer: c

Explanation: An antivirus is a kind of software that is specially designed to help the user's computer to detect the virus
as well as to avoid the harmful effect of them. In some cases where the virus already resides in the user's computer, it
can be easily removed by scanning the entire system with antivirus help.

6) Which one of the following is a type of antivirus program?

1. Quick heal
2. Mcafee
3. Kaspersky
4. All of the above

Answer: d

Explanation: Antivirus is a kind of software program that helps to detect and remove viruses form the user's computer
and provides a safe environment for users to work on. There are several kinds of antivirus software are available in the
market, such as Kaspersky, Mcafee, Quick Heal, Norton etc., so the correct answer is D.

7) It can be a software program or a hardware device that filters all data packets coming through the internet, a network,
etc. it is known as the_______:

1. Antivirus
2. Firewall
3. Cookies
4. Malware

Answer: b
Explanation: There are two types of firewalls - software programs and hardware-based firewalls. These types of firewalls
filter each and every data packet coming from the outside environment such as network; internet so that any kind of
virus would not be able to enter in the user's system. In some cases where the firewall detects any suspicious data
packet, it immediately burns or terminates that data packet. In short, we can also say that it is the first line of defense of
the system to avoid several kinds of viruses.

8) Which of the following refers to stealing one's idea or invention of others and use it for their own benefits?

1. Piracy
2. Plagiarism
3. Intellectual property rights
4. All of the above

Answer: d

Explanation: The stealing ideas or the invention of others and using them for their own profits can also be defined in
several different ways, such as piracy, intellectual property rights, and plagiarism.

9) Read the following statement carefully and find out whether it is correct about the hacking or not?

It can be possible that in some cases, hacking a computer or network can be legal.

1. No, in any situation, hacking cannot be legal

2. It may be possible that in some cases, it can be referred to as a legal task

Answer: b

Explanation: Nowadays, hacking is not just referred to as an illegal task because there are some good types of hackers
are also available, known as an ethical hacker. These types of hackers do not hack the system for their own purposes,
but the organization hires them to hack their system to find security falls, loop wholes. Once they find the loop whole or
venerability in the system, they get paid, and the organization removes that weak points.

10) Which of the following refers to exploring the appropriate, ethical behaviors related to the online environment and
digital media platform?

1. Cyber low
2. Cyberethics
3. Cybersecurity
4. Cybersafety

Answer: b

Explanation: Cyber Ethics refers to exploring the appropriate, ethical behaviors related to online environments and
digital media.

11) Which of the following refers to the violation of the principle if a computer is no more accessible?

1. Access control
2. Confidentiality
3. Availability
4. All of the above

Answer: c

Explanation: Availability refers to the violation of principle, if the system is no more accessible.
12) Which one of the following refers to the technique used for verifying the integrity of the message?

1. Digital signature
2. Decryption algorithm
3. Protocol
4. Message Digest

Answer: d

Explanation: Message Digest is a type of cryptographic hash function that contains a string of digits that are created by
the one-way hashing formula. It is also known as a type of technique used for verifying the integrity of the message,
data or media, and to detect if any manipulations are made. Therefore the correct answer is D.

13) Which one of the following usually used in the process of Wi-Fi-hacking?

1. Aircrack-ng
2. Wireshark
3. Norton
4. All of the above

Answer: a

Explanation: The Aircrack-ng is a kind of software program available in the Linux-based operating systems such as
Parrot, kali etc. it is usually used by users while hacking the Wi-Fi-networks or finding vulnerabilities in the network to
capture or monitor the data packets traveling in the network.

14) Which of the following port and IP address scanner famous among the users?

1. Cain and Abel

2. Angry IP Scanner
3. Snort
4. Ettercap

Answer: b

Explanation: Angry IP Scanner is a type of hacking tool that is usually used by both white hat and black hat types of
hackers. It is very famous among the users because it helps to find the weaknesses in the network devices.

15) In ethical hacking and cyber security, there are _______ types of scanning:

ADVERTISEMENT
ADVERTISEMENT

1. 1
2. 2
3. 3
4. 4

Answer: c

Explanation: There are usually three types of scanning in ethical hacking and cyber security. Therefore the correct
answer is C.

16) Which of the following is not a type of scanning?

 1. Xmas Tree Scan
2. Cloud scan
3. Null Scan
4. SYN Stealth

Answer: b

Explanation: Among the following-given options, the Cloud Scan is one, and only that is not a type of scanning.

17) In system hacking, which of the following is the most crucial activity?

1. Information gathering
2. Covering tracks
3. Cracking passwords
4. None of the above

Answer: c

Explanation: While trying to hack a system, the most important thing is cracking the passwords.

18) Which of the following are the types of scanning?

ADVERTISEMENT
ADVERTISEMENT

1. Network, vulnerability, and port scanning

2. Port, network, and services
3. Client, Server, and network
4. None of the above

Answer: a

Explanation: The vulnerability, port, and network scanning are three types of scanning.

19) Which one of the following is actually considered as the first computer virus?

1. Sasser
2. Blaster
3. Creeper
4. Both A and C

Answer: c

Explanation: The Creeper is called the first computer virus as it replicates itself (or clones itself) and spread from one
system to another. It is created by Bob Thomas at BBN in early 1971 as an experimental computer program.

20) To protect the computer system against the hacker and different kind of viruses, one must always keep _________
on in the computer system.

1. Antivirus
2. Firewall
3. Vlc player
4. Script

Answer: b
Explanation: It is essential to always keep the firewall on in our computer system. It saves the computer system against
hackers, viruses, and installing software form unknown sources. We can also consider it the first line of defense of the
computer system.

21) Code Red is a type of ________

1. An Antivirus Program
2. A photo editing software
3. A computer virus
4. A video editing software

Answer: c

Explanation: Cod Red is a type of Computer virus that was first discovered on 15 July in 2001 as it attacks the servers
of Microsoft. In a couple of next days, it infects almost 300,000 servers.

22) Which of the following can be considered as the elements of cyber security?

1. Application Security
2. Operational Security
3. Network Security
4. All of the above

Answer: d

Explanation: Application security, operational security, network security all are the main and unforgettable elements of
Cyber Security. Therefore the correct answer is D.

23) Which of the following are famous and common cyber-attacks used by hackers to infiltrate the user's system?

1. DDos and Derive-by Downloads

2. Malware & Malvertising
3. Phishing and Password attacks
4. All of the above

Answer: d

Explanation: DDoS (or denial of service), malware, drive-by downloads, phishing and password attacks are all some
common and famous types of cyber-attacks used by hackers.

24) Which one of the following is also referred to as malicious software?

1. Maliciousware
2. Badware
3. Ilegalware
4. Malware

Answer: d

Explanation: Malware is a kind of short program used by the hacker to gain access to sensitive data/ information. It is
used to denote many kinds of viruses, worms, Trojans, and several other harmful programs. Sometimes malware is also
known as malicious software.

25) Hackers usually used the computer virus for ______ purpose.
 1. To log, monitor each and every user's stroke
2. To gain access the sensitive information like user's Id and Passwords
3. To corrupt the user's data stored in the computer system
4. All of the above

Answer: d

Explanation: In general, hackers use computer viruses to perform several different tasks such as to corrupt the user's
data stored in his system, to gain access the important information, to monitor or log each user's strokes. Therefore the
correct answer is D.

26) In Wi-Fi Security, which of the following protocol is more used?

1. WPA
2. WPA2
3. WPS
4. Both A and C

Answer: b

Explanation: Nowadays, in Wi-Fi Security, the WPA2 is one of the most widely used protocols because it offers a more
secure connection rather than the WPA. It is also known as the upgraded version of the WPA protocol.

27) The term "TCP/IP" stands for_____

1. Transmission Contribution protocol/ internet protocol

2. Transmission Control Protocol/ internet protocol
3. Transaction Control protocol/ internet protocol
4. Transmission Control Protocol/ internet protocol

Answer: b

Explanation: The term "TCP/IP" stood for Transmission Control Protocol/ internet protocol and was developed by the US
government in the early days of the internet.

28) The response time and transit time is used to measure the ____________ of a network.

1. Security
2. Longevity
3. Reliability
4. Performance

Answer: d

Explanation: On the basis of response time and transit time, the performance of a network is measured.

29) Which of the following factor of the network gets hugely impacted when the number of users exceeds the network's
limit?

1. Reliability
2. Performance
3. Security
4. Longevity

Answer: d
Explanation: When the numbers of users on a network get increased and exceed the network's limit, therefore the
performance is one of the factors of the network that is hugely impacted by it.

30) In the computer networks, the encryption techniques are primarily used for improving the ________

1. Security
2. Performance
3. Reliability
4. Longevity

Answer: a

Explanation: Encryption techniques are usually used to improve the security of the network. So the correct answer will
be A.

31) Which of the following statements is correct about the firewall?

1. It is a device installed at the boundary of a company to prevent unauthorized physical access.

2. It is a device installed at the boundary of an incorporate to protect it against the unauthorized access.
3. It is a kind of wall built to prevent files form damaging the corporate.
4. None of the above.

Answer: b

Explanation: A firewall can be the type of either a software or the hardware device that filters each and every data
packet coming from the network, internet. It can also be considered as a device installed at the boundary of an
incorporate to protect form unauthorized access. Sometimes firewall also refers to the first line of defense against
viruses, unauthorized access, malicious software etc.

32) When was the first computer virus created?

1. 1970
2. 1971
3. 1972
4. 1969

Answer: b

Explanation: In 1970, the world's first computer virus was created by Robert (Bob) Thomas. This virus was designed as
it creates copies of itself or clones itself and spreads one computer to another. So the correct answer will be 1970.

33) Which of the following is considered as the world's first antivirus program?

1. Creeper
2. Reaper
3. Tinkered
4. Ray Tomlinson

Answer: b

Explanation: Reaper is considered as the world's first antivirus program or software as it can detect the copies of a
Creeper (the world's first man-made computer virus) and could delete it as well.

34) Which one of the following principles of cyber security refers that the security mechanism must be as small and
simple as possible?
 1. Open-Design
2. Economy of the Mechanism
3. Least privilege
4. Fail-safe Defaults

Answer: b

Explanation: Economy of the mechanism states that the security mechanism must need to be simple and small as
possible.

35) Which of the following principle of cyber security restricts how privileges are initiated whenever any object or subject
is created?

1. Least privilege
2. Open-Design
3. Fail-safe Defaults
4. None of the above

Answer: c

Explanation: The fail-safe Defaults principle of cyber security restricts how privileges are initiated whenever a subject or
object is created. In cases where the privileges, rights, access or some other security-related attribute is not granted
explicitly, it should also not granted access to the object.

36) Suppose an employee demands the root access to a UNIX system, where you are the administrator; that right or
access should not be given to the employee unless that employee has work that requires certain rights, privileges. It can
be considered as a perfect example of which principle of cyber security?

1. Least privileges
2. Open Design
3. Separation of Privileges
4. Both A & C

Answer: a

Explanation: The example given in the above question refers to the least privileges principle of cyber security. The least
privileges principle of cyber security states that no rights, access to the system should be given to any of the employees
of the organization unless he/she needs those particular rights, access in order to complete the given task. In short, we
can say that its primary work is to restrict or control the assignment of rights to the employees.

37) Which of the following can also consider as the instances of Open Design?

1. CSS
2. DVD Player
3. Only A
4. Both A and B

Answer: d

Explanation: The Open Design is a kind of open design artifact whose documentation is publically available, which
means anyone can use it, study, modify, distribute, and make the prototypes. However, the CSS (or Content Scrambling
System) and DVD Player are both examples of open design.

38) Which one of the following principles states that sometimes it is become more desirable to rescored the details of
intrusion that to adopt more efficient measure to avoid it?
 1. Least common mechanism
2. Compromise recording
3. Psychological acceptability
4. Work factor

Answer: b

Explanation: The principle called compromise factor states that in some cases, it is more beneficial to records or
document the details of the intrusion that to adopt more efficient measures to avoid it.

39) The web application like banking websites should ask its users to log-in again after some specific period of time, let
say 30 min. It can be considered as an example of which cybersecurity principle?

1. Compromise recording
2. Psychological acceptability
3. Complete mediation
4. None of the above

Answer: c

Explanation: The complete mediation principle of cybersecurity requires that all the access must be checked to ensure
that they are genuinely allowed. However, the example given in the above question can be considered as an example of
Complete Mediation.

40) Which one of the following statements is corret about Email security in the network security methods?

1. One has to deploy hardware, software, and security procedures to lock those apps down.
2. One should know about what the normal behavior of a network look likes so that he/she can spot any changes,
breaches in the behavior of the network.
3. Phishing is one of the most commonly used methods that are used by hackers to gain access to the network
4. All of the above

Answer: c

Explanation: In terms of Email Security, phishing is one of the standard methods that are used by Hackers to gain
access to a network. The Email Security Tools can handle several types of attacks, such as the incoming attacks, and
protect the outbound messages containing sensitive data/information as well.

41) Which of the following statements is true about the VPN in Network security?

1. It is a type of device that helps to ensure that communication between a device and a network is secure.
2. It is usually based on the IPsec( IP Security) or SSL (Secure Sockets Layer)
3. It typically creates a secure, encrypted virtual "tunnel" over the open internet
4. All of the above

Answer: d

Explanation: The term VPN stands for Virtual Private Network. It is a type of network security-enhancing tool that can be
either a software program or a hardware device. It usually authenticates the communication between a device and a
network by creating a secure encrypted virtual "tunnel". In general, the software VPNs are considered as the most cost-
effective, user friendly over the hardware VPNs.

42) Which of the following type of text is transformed with the help of a cipher algorithm?

1. Transformed text
 2. Complex text
3. Scalar text
4. Plain text

Answer: d

Explanation: The cipher algorithm is used to create an encrypted message by taking the input as understandable text or
"plain text" and obtains unreadable or "cipher text" as output. It is usually used to protect the information while
transferring one place to another place.

43) The term "CHAP" stands for __________

1. Circuit Hardware Authentication Protocols

2. Challenge Hardware Authentication Protocols
3. Challenge Handshake Authentication Protocols
4. Circuit Handshake Authentication Protocols

Answer: c

Explanation: The term "CHAP" stands for the Challenge Handshake Authentication Protocols. In computer networks, it
can be defined as an authentication scheme that avoids the transfer of unencrypted passwords over the network. The
"CHAP" is one of the many authentication schemes used by the Point To Point Protocol (PPP), which is a serial
transmission protocol for wide networks Connections (WAN).

44) Which type of the following malware does not replicate or clone them self's through infection?

1. Rootkits
2. Trojans
3. Worms
4. Viruses

Answer: b

Explanation: The Trojans type of malware does not generate copies of them self's or clone them. The main reason why
these types of viruses are referred to as the Trojans is the mythological story of the Greeks. In which some top-level
accessions were hidden in the big wooden horse-like structure and given to the enemy as a gift. So that they can enter
to the enemy's palace without come in any sight.

45) Which of the following malware's type allows the attacker to access the administrative controls and enables his/or
her to do almost anything he wants to do with the infected computers.

1. RATs
2. Worms
3. Rootkits
4. Botnets

Answer: a

Explanation: The RAT is an abbreviation of Remote Access Trojans or Remote Administration Tools, which gives the
total control of a Device, which means it, can control anything or do anything in the target device remotely. It allows the
attacker administrative control just as if they have physical access to your device.

46) Which of the following statements is true about the Trojans?

1. Trojans perform tasks for which they are designed or programmed

 2. Trojans replicates them self's or clone them self's through an infections
3. Trojans do nothing harmful to the user's computer systems
4. None of the above

47) Which of the following is just opposite to the Open Design prnciple?

1. Security through obscurity

2. Least common mechanism
3. Least privileges
4. Work factor

Answer: a

Explanation: The "Security through obscurity" is an approach which just opposite to the Open Design principle. So the
correct option is A.

48) Which of the following is a type of independent malicious program that never required any host program?

1. Trojan Horse
2. Worm
3. Trap Door
4. Virus

Answer: b

Explanation: Warm is a type of independent malicious program that does not require any host programs(or attached
with some programs). They typically cause damages to the systems by consuming the bandwidths and overloading the
servers. Warms are quite different from the virus as they are stand-alone programs, whereas viruses need some type of
triggers to activate by their host or required human interaction.

49) Which of the following usually considered as the default port number of apache and several other web servers?

1. 20
2. 40
3. 80
4. 87

Answer: c

Explanation: The default port number used by the apache and several other web servers is 80. So the correct answer
will be C.

50) DNS translates a Domain name into _________

1. Hex
2. Binary
3. IP
4. URL

Answer: d

Explanation: DNS stands for the Domain name system; the main work of a DNS is to translate the Domain name into an
IP address that is understandable to the computers.

51) Which one of the following systems cannot be considered as an example of the operating systems?
 1. Windows 8
2. Red Hat Linux
3. BSD Linux
4. Microsoft Office

Answer: d

Explanation: Microsoft office is a type of software used for creating and managing documents, which is one of the most
famous products of the Microsoft organization. So the correct answer will be the D.

52) In the CIA Triad, which one of the following is not involved?

1. Availability
2. Confidentiality
3. Authenticity
4. Integrity

Answer: c

Explanation: CIA refers to Confidentiality, Integrity, and Availability that are also considered as the CIA triad. However,
the CIA triad does not involve Authenticity.

53) In an any organization, company or firm the policies of information security come under__________

ADVERTISEMENT

1. CIA Triad
2. Confidentiality
3. Authenticity
4. None of the above

Answer: a

Explanation: Confidentiality, Integrity, Availability are the three main principles. In Short, these three principles are also
known as the CIA triad and plays a vital role as the cornerstone of the security structure of any organization.

54) Why are the factors like Confidentiality, Integrity, Availability, and Authenticity considered as the fundamentals?

1. They help in understanding the hacking process

2. These are the main elements for any security breach
3. They help to understand the security and its components in a better manner
4. All of the above

Answer: c

Explanation: Confidentiality, Integrity, Availability and Authenticity all these four elements helps in understanding
security and its components.

55) In order to ensure the security of the data/ information, we need to ____________ the data:

1. Encrypt
2. Decrypt
3. Delete
4. None of the above
Answer: a

Explanation: Data encryption is a type of method in which the plain text is converted into ciphertext, and only the
authorized users can decrypt it back to plain text by using the right key. This preserves the Confidentiality of the Data.

56) Which one of the following is considered as the most secure Linux operating system that also provides anonymity
and the incognito option for securing the user's information?

1. Ubuntu
2. Tails
3. Fedora
4. All of the above

Answer: b

Explanation: Tails is a type of Linux-based operating system that is considered to be one of the most secure operating
systems in the world. It also provides many features such as anonymity and incognito options to insure that user
information is always protected. The main reason why the tails operating system is famous among the user is that it is
almost untraceable, which keep your privacy secure.

57) Which type following UNIX account provides all types of privileges and rights which one can perform administrative
functions?

1. Client
2. Guest
3. Root
4. Administrative

Answer: d

Explanation: If a user uses the Root account of the UNIX operating system, he can carry out all types of administrative
functions because it provides all necessary privileges and rights to a user.

58) Which of the following is considered as the first hacker's conference?

ADVERTISEMENT

1. OSCON
2. DEVON
3. DEFCON
4. SECTION

Answer: c

Explanation: DEFCON is one of the most popular and largest Hacker's as well as the security consultant's conference. It
is always held once a year in Las Vegas, Nevada, where hackers of all types (such as black hats, gray hats, and white
hat hackers), government agents as well as security professionals from around the world attend the conference attends
this meeting.

59) Which of the following known as the oldest phone hacking techniques used by hackers to make free calls?

1. Phreaking
2. Phishing
3. Cracking
4. Spraining
Answer: a

Explanation: Phreaking is considered as one of the oldest phone hacking techniques used by hackers to make free
calls.

60) Name of the Hacker who breaks the SIPRNET system?

1. John Draper
2. Kevin Mitnick
3. John von Neumann
4. Kevin Poulsen

Answer: d
Explanation: The SIPRNET (or Advanced Research Project Agency Network) system was first hacked by Kevin
Poulsen as he breaks into the Pentagon network.

Cyber security protects internet-connected systems including hardware, software, and program or data from cyber
attacks.

The word cyber security is divided into two words:

 Cyber: It denotes the computer, system, network, program, or data

 Security: It denotes system security, network security, program, or data security.

Need for cyber security:

 To protect private data

 To protect intellectual data
 To protect banking or financial data
 National security
 Global economy
 Protect sensitive data

Information System

An information system is a software that helps organize and analyze data.

Information system components:

 System resource:
o People:
 Is specialist
 Is end-user
o Software
o Data
o Network
 System activity:
o Input
o Storage
o Processes
o Output
o Control and maintenance
Development of information systems:

The development of information systems is similar to the application development process. It has various approaches.
You can follow any of the following requirements.

 Classical waterfall model

 Prototyping model
 Spiral model
 Incremental model

Cyber Security MCQs

1.

Identify the term which denotes that only authorized users are capable of accessing the information

Wrong Answer

Answer: B) The term which denotes that only authorized users are capable of accessing the information is known as
availability.

Create a free personalised study plan

Get into your dream companies with expert guidance

Real-Life Problems

Prep for Target Roles

Custom Plan Duration

Create My Plan
2.

State whether True or False: Data encryption is primarily used to ensure confidentiality.

Wrong Answer

Answer: A) True. Data encryption is primarily used to ensure confidentiality.

3.

Identify the Debian-based OS which has 2 virtual machines and focuses on preserving users’ data.

Wrong Answer

Answer: C) Whonix has two virtual machines and focuses on preserving users’ data.

4.

Identify the oldest phone hacking technique used by hackers to make free calls.

Wrong Answer

Answer: B) Phreaking is the oldest phone hacking technique used by hackers to make free calls.
5.

Which of the following platforms is used for the safety and protection of information in the cloud?

Wrong Answer

Answer: B) Cloud workload protection platforms are used for the safety and protection of information in the cloud.

Explore InterviewBit’s Exclusive Live Events

By

No More Events to show!

6.

Identify the type of attack which uses a fraudulent server with a relay address.

Wrong Answer

Answer: A) MITM uses a fraudulent server with a relay address.

7.

Identify the port used to connect to Active Directory in Windows 2000.

Wrong Answer

Answer: D) The port used to connect to Active Directory in Windows 2000 is 389.

8.

Choose among the following techniques, which are used to hide information inside a picture.

Wrong Answer

Answer: B) Steganography is the technique used to hide information inside a picture.

9.

Identify among the following which is used to avoid browser-based hacking.

Wrong Answer

Answer: D) Remote browser access is used to avoid browser-based hacking.

10.

EDR stands for _____?

Wrong Answer

Answer: B) EDR stands for Endpoint detection and response.

11.

Which of the following is used for monitoring traffic and analyzing network flow?

Wrong Answer

Answer: C) Network traffic analysis is used for monitoring traffic and analyzing network flow.

12.

In which category does compromising confidential information fall?

Wrong Answer

Answer: A) Compromising confidential information falls under threat.

Discover your path to a Successful Tech Career for FREE!

Answer 4 simple questions & get a career plan tailored for you

13.

In which category does the lack access control policy fall?

Wrong Answer

Answer: D) Lack of access control policy falls under Vulnerability.

14.

Identify the class of computer threats.

Wrong Answer

Answer: B) DOS attacks can be considered a class of computer threats.

15.

Which software is mainly used to help users detect viruses and avoid them?

Wrong Answer

Answer: A) Antivirus is used to help users detect viruses and avoid them.
16.

Identify the term which denotes the violation of principle if the computer is no more accessible.

Wrong Answer

Answer: B) Availability denotes the violation of principle if a computer is no more accessible.

17.

Which of the following tool is used in Wi-fi hacking?

Wrong Answer

Answer: A) Aircrack-ng is used in Wi-fi hacking.

18.

Total types of scanning in cyber security is?

Wrong Answer

Answer: C) There are a total of 3 types of scanning in cyber security.

19.

Identify the incorrect type of scanning?

Wrong Answer

Answer: D) Cloud scan is an incorrect type of scanning.

20.

Identify the first computer virus among the following.

Wrong Answer

Answer: B) Creeper is the first computer virus identified.

21.

Which of the following is considered an element of cyber security?

Wrong Answer

Answer: D) All of the above are considered elements of cyber security.

22.

Which protocol is mostly used in Wi-fi security?

Wrong Answer

Answer: C) WPA2 is mostly used in Wi-fi security.

23.

Full form of TCP/IP?

Wrong Answer

Answer: A) TCP/IP is Transmission Control Protocol/ internet protocol.

24.

Why is response and transit time used?

Wrong Answer

Answer: C) Response and transit time are used to measure longevity.

25.

Identify which of the following can be considered instances of Open design.

Wrong Answer

Answer: D) Both DVD Player and CSS are instances of open design and their documentation is publicly available.

26.

What is transformed using cipher algorithms?

Wrong Answer

Answer: C) Plain text is transformed using cipher algorithms.

27.

CHAP stands for?

Wrong Answer

Answer: C) CHAP stands for Challenge Handshake Authentication Protocols.

28.

Identify the malware which does not replicate or clone through an infection?

Wrong Answer

Answer: A) Trojans do not replicate or clone through infection.

29.

Choose the features which violate cyber security.

Wrong Answer

Answer: B). Attack violates cyber security.

30.

Identify the legal form of hacking.

Wrong Answer

Answer: C) Ethical hacking is a legal form of hacking.

31.

Malware stands for?

Wrong Answer

Answer: C) Malware stands for Malicious software.

32.

Identify the least strong security encryption.

Wrong Answer

Answer: B) WEP is the least strong security encryption

33.

Identify the security protocol which is not strong.

Wrong Answer

Answer: A) SMTP is not a strong security protocol.

34.

Identify the mail transferring methodology which isn’t secured.

Wrong Answer

Answer: C) POP3 isn’t a secured mail transferring methodology.

35.

Which of the following is used for encrypting data at the network level?

Answer: D) IPSecis used for encrypting data at the network level.

36.

PCT stands for _____

Wrong Answer

Answer: C) PCT stands for private Communication Technology.

37.
Identify the private search engine.

Wrong Answer

Answer: B) Duckduckgo is a private search engine.

38.

The most common way to maintain data availability?

Wrong Answer

Answer: C) Data backup is a common way to maintain data availability.

39.

Identify the term among the following which is the first phase of ethical hacking.

Wrong Answer

Answer: A) The first phase of ethical hacking is footprinting.

40.

Which of the following suite is used for NTP enumeration?

Wrong Answer

Answer: NTP suite is used for NTP enumeration.

41.

Why is the proxy server used by a hacker?

Wrong Answer

Answer: B) A proxy server is used to hide malicious activity on the network.

42.

Identify the type of symmetric key algorithm which uses a streaming cipher to encrypt information.

Wrong Answer

Answer: C) RC4 uses a streaming cipher to encrypt information.

43.

Identify the maximum character which Linux OS supports in its file names.

Wrong Answer

Answer: D) Linux OS supports 256 character limit in its file names.

44.
Among the following, identify the one which does not need any host program and is independent.

Wrong Answer

Answer: A) Worm does not need any host program and is independent.

45.

Why is Code red?

Wrong Answer

Answer: B) Code red is a virus.

46.

Which of the following is considered as the unsolicited commercial email?

Wrong Answer

Answer: C) It is a type of unsolicited email which is generally sent in bulk to an indiscriminate recipient list for
commercial purposes.

47.

Which one of the following can be considered as the class of computer threats?

Wrong Answer

Answer: A) A dos attack refers to the denial of service attack.

48.

Choose the default port number for Apache and other web servers.

Wrong Answer

Answer: C) Default port number of apache and another webserver is 80.

49.

To what does a DNS translate a domain name

Wrong Answer

Answer: B) A DNS translates a domain name to IP.

50.

Identify the element which is not considered in the triad, according to the CIA.

Wrong Answer

Answer: D) Confidentiality is not considered in the triad according to the CIA.

51.

What is the CIA triad also known as?

Wrong Answer

Answer: A) CIA triad is also known as AIC(Availability, Integrity, Confidentiality).

52.

Identify the term which denotes the protection of data from modification by unknown users.

Wrong Answer

Answer: C) The term which denotes the protection of data from modification by unknown users is known as integrity.

Cybersecurity is an evolving industry that highly requires skilled professionals. According to Glassdoor, the average
salary of a Cyber Security professional is £45,024. All Cyber Security professionals must undergo practice tests before
applying for any Cyber Security job roles. To prepare for getting into Cyber Security job roles, it is imperative to
understand the pattern of Cyber Security MCQs that appear in exams.

In this blog, we are giving you the top list of Cyber Security MCQs with answers to help you understand the format of
Cyber Security exams. This blog will take you through a set of MCQs on Cyber Security for beginner, intermediate, and
advanced levels with a list of the top 50 Cyber Security MCQs (Multiple Choice Questions) with answers. Read further
to learn more:

Table of Contents

1) Understanding the need for Cyber Security professionals

2) Cyber Security related MCQ questions for beginner level

3) Cyber Security related MCQ questions for intermediate level

4) Cyber Security related MCQ questions for advanced level

5) Conclusion

Understanding the need for Cyber Security professionals

According to the U.S. Bureau of Labor Statistics (BLS), the job outlook for Cybersecurity experts is favourable. With the
increasing number of cyber-attacks, the demand for Cybersecurity professionals has also increased. They play a pivotal
role in combatting cyber threats like phishing, malware, and spamming.

Organisations often choose individuals with particular skill sets and advanced certificates in cybersecurity. Taking
Cybersecurity certification exams is one of the best ways to broaden your employment options.

Cyber Security-related MCQ questions for beginner level

Let’s take a look at some of the beginner-level Cyber Security MCQ questions:
1) Which of these describes an ongoing pursuit by an individual/group?

a) Stalking

b) Identity theft

c) Phishing

d) Bulling

Answer: (a) Stalking

2) Which one of the following is considered in the category of computer threats?

a) Soliciting

b) DoS attack

c) Phishing

d) Both A and B

Answer: (b) DoS attack

3) Which of the following typically keeps tabs on every online activity the victim engages in, compiles all the data in the
background, and sends it to a third party?

a) Adware

b) Malware

c) Spyware

d) All of the above

Answer: (c) Spyware

4) Which one is considered to be a type of antivirus program?

a) Kaspersky

b) Mcafee

c) Quick heal

d) All of the above

Answer: (d) All of the above

5) Which of these scanners for ports and IP addresses is most used by users?

a) Cain and Abel

b) Ettercap
 c) Snort

d) Angry IP Scanner

Answer: (d) Angry IP Scanner

6) Which of the following phrases describes taking someone else's creation or idea and using it for one's own
advantage?

a) Intellectual property rights

b) Piracy

c) Plagiarism

d) All of the above

Answer: (d) All of the above

7) Which of the following describes investigating moral conduct concerning the digital media landscape?

a) Cyberethics

b) Cyber low

c) Cybersafety

d) Cybersecurity

Answer: (a) Cyberethics

8) State whether True or False: Data encryption is used to ensure confidentiality.

a) True

b) False

c) It cannot be understood

d) None

Answer: (a) True

9) Determine the earliest method of free phone calls used by hackers.

a) Cracking

b) Spamming

c) Phreaking

d) Phishing

Answer: (c) Phreaking

10) Which of the following statements best describes how the principle would be broken if a computer was no longer
accessible?

a) Confidentiality

b) Access control

c) Availability

d) All of the above

Answer: (c) Availability

11) Which of these methods is used to check the validity of a message?

a) Digital signature

b) Protocol

c) Message Digest

d) Decryption algorithm

Answer: (c) Message Digest

12) Which of the following is typically used when hacking Wi-Fi?

a) Wireshark

b) Aircrack-ng

c) Norton

d) All of the above

Answer: (b) Aircrack-ng

13) Among the following, which is not a form of scanning?

a) Null Scan

b) Xmas Tree Scan

c) SYN Stealth

d) Cloud Scan

Answer: (d) Cloud Scan

14) The Code Red is similar to a:

a) Photo Editing Software

b) Antivirus Program
 c) Video Editing Software

d) Computer Virus

Answer: (d) Computer Virus

15) Which of these was the first antivirus software ever created?

a) Reaper

b) Ray Tomlinson

c) Creeper

d) Tinkered

Answer: (a) Reaper

Cyber Security related MCQ questions for intermediate level

Cyber Security professionals must have a strong and good command over the key terms and skills essential to build
secure networks, diagnose, and resolve security issues. These questions are designed for an intermediate level to test
your knowledge of Cybersecurity concepts and techniques. Let’s go through some of the Cyber Security intermediate
MCQ questions given below:

1) What kind of malware does not replicate or clone itself through infection?

a) Rootkits

b) Worms

c) Viruses

d) Trojans

Answer: (d) Trojans

2) The DNS would convert any domain name into:

a) Hex

b) Binary

c) URL

d) IP

Answer: (c) URL

3) The most important step in system hacking is:

a) Cracking passwords

b) Covering tracks
 c) Information gathering

d) None of the above

Answer: (a) Cracking passwords

4) Which of the following describes the different forms of scanning?

a) Client, Server, and network

b) Network, vulnerability, and port scanning

c) Port, network, and services

d) None of the above

Answer: (b) Network, vulnerability, and port scanning

5) Determine the attack type that employs a fake server with a relay address.

a) SMB

b) NetBIOS

c) NTLM

d) MITM

Answer: (d) MITM

6) Pick one of the following methods for hiding information inside a picture:

a) Image Rendering

b) Steganography

c) Rootkits

d) Bitmapping

Answer: (b) Steganography

7) Choose one of the following strategies to prevent browser-based hacking:

a) Adware remover in the browser

b) Anti-malware in the browser

c) Remote browser access

d) Incognito mode in the browser

Answer: c) Remote browser access

8) Which of these is the port number (default) for many web servers, including apache?
 a) 80

b) 20

c) 87

d) 40

Answer: (a) 80

9) They are malicious hackers whose primary goal is to commit cybercrimes to make money. Who are "they" in this
context?

a) White Hat Hackers

b) Black Hat Hackers

c) Hacktivists

d) Gray Hat Hackers

Answer: (b) Black Hat Hackers

10) Any company or organisation's IT security is managed and maintained by

a) IT Security Engineer

b) Security Auditor

c) CEO of the organisation

d) Software Security Specialist

Answer: (d) IT Security Engineer

11) What does EDR stand for?

a) Endless Detection and Response

b) Endpoint Detection and Response

c) Endpoint Detection and Recovery

d) Endless Detection and Recovery

Answer: (b) Endpoint Detection and Response

12) The _______ of a network is assessed using the response and transit times.

a) Longevity

b) Performance

c) Reliability
 d) Security

Answer: (b) Performance

13) Which of the following statements concerning the firewall is true?

a) It is a barrier created to stop files from hurting the company.

b) It is a tool put in place at a business's perimeter to stop uninvited physical entrance.

c) It is a device placed at an organisation's perimeter to prevent unwanted access.

d) None of the above

Answer: c) It is a device placed at an organisation's perimeter to prevent unwanted access.

14) Which of the following Cyber Security principles limits how privileges are started whenever an object or subject is
created?

a) Open-Design

b) Fail-safe Defaults

c) Least privilege

d) None of the above

Answer: (b) Fail-safe Defaults

15) Which of these conferences was the first one for hackers?

a) DEFCON

b) OSCON

c) SECTION

d) DEVON

Answer: (a) DEFCON

Cyber Security related MCQ questions for advanced level

Cyber Security is divided into several parts, out of which one part covers the beginner-level questions followed by the
intermediate-level and advanced level. The set of questions mentioned below focuses on the technical skills and
knowledge of Cyber Security advanced level questions:

1) What is changed when cypher algorithms are used?

a) Scalar test

b) Plain test

c) Complex test
d) None

Answer: (b) Plain test

2) What does CHAP stand for?

a) Circuit Handshake Authentication Protocols

b) Challenge Handshake Authentication Protocols

c) Circuit Hardware Authentication Protocols

d) Challenge Hardware Authentication Protocols

Answer: (b) Challenge Handshake Authentication Protocols

3) Which of the following is the least strong security encryption?

a) WPA

b) WPA3

c) WEP

d) WPA2

Answer: c) WEP

4) Which of the items listed below is the least strong security protocol?

a) SFTP

b) SSL

c) SMTP

d) HTTPS

Answer: c) SMTP

5) What is used for encrypting data at the network level?

a) IPSec

b) S/MIME

c) SMTP

d) HTTPS

Answer: (a) IPSec

6) What does PCT stand for?

a) Private Connecting Technology

 b) Private Communication Technique

c) Personal Communication Technology

d) Private Communication Technology

Answer: (d) Private Communication Technology

7) Which one of the following is a private search engine?

a) Bing

b) Google

c) Yahoo

d) Duckduckgo

Answer: (d) Duckduckgo

8) Choose the phrase from the list below that best describes the initial stage of ethical hacking.

a) Footprinting

b) ARP Poisoning

c) DNS Poisoning

d) Enumeration

Answer: (a) Footprinting

9) What is the purpose of using a proxy server for a hacker?

a) Create a ghost server on the network

b) Create a stronger connection with the target

c) For obtaining remote access connection

d) Hiding malicious activity on the network

Answer: (d) Hiding malicious activity on the network

10) Determine the kind of symmetric key algorithm that encrypts data using a streaming cypher.

a) Blowfish

b) MD5

c) RC4

d) SHA

Answer: c) RC4
11) Determine the number of characters the Linux OS will allow in file names.

a) 64

b) 256

c) 128

d) 32

Answer: (b) 256

12) Choose the one that is autonomous and does not require a host program from the list below:

a) Trap door

b) Trojan horse

c) Virus

d) Worm

Answer: (d) Worm

13) A DNS translates a domain name to which of these:

a) Hex

b) IP

c) Binary

d) URL

Answer: (b) IP

Conclusion

We hope this blog gives you a clear understanding of the format and pattern of Cyber Security MCQs in exams. These
Cyber Security MCQ questions and answers are also helpful to crack practice tests and entry-level exams. It is highly
recommended to stay updated with the latest changes and Scope of Cyber Security for better employment prospects.

Cyber Security MCQs (Multiple-Choice Questions)

Cyber Security MCQs: This section contains multiple-choice questions and answers on Cyber Security. Practice these
MCQs to learn and enhance your knowledge of Cyber Security. These questions are designed by the subject experts
which are helpful for the students and professionals to prepare for the different types of interviews and exams. Each
question has multiple choices, you have to guess the correct answer. The answers for all Cyber Security MCQs are
given below the question with detailed explanations.

List of Cyber Security MCQs

1. Amongst which of the following are the primary goals of cyber security?

A. Encryption, authorization, and availability

B. Confidentiality, integrity, and authentication
C. Firewalls, intrusion detection, and data backups
D. Phishing prevention, malware detection, and spam filtering

Answer: B) Confidentiality, integrity, and authentication.

Explanation:

The primary goal of cybersecurity is to provide confidentiality, integrity, and authentication, which are commonly referred
to as the CIA Triad in information security.

2. The term "Cyber Threats" in cyber security refers to ____.

A. Techniques used by cybersecurity professionals to protect systems

B. Malicious activities are carried out by hackers to breach firewalls
C. Hardware components that are susceptible to cyber-attacks
D. The process of encrypting sensitive data for secure transmission

Answer: B) Malicious activities are carried out by hackers to breach firewalls.

Explanation:

Cyber threats encompass various types of malicious activities carried out by cybercriminals and hackers such as
viruses, worms, ransomware), phishing, social engineering, and denial-of-service (DoS) attacks.

3. The process of encoding data to protect it from unauthorized access is known as ____.

A. Encryption
B. Firewall
C. Intrusion Detection
D. Multi-factor Authentication

Answer: A) Encryption

Explanation:

Encryption is a process of converting plain, readable data (plaintext) into an unreadable form (ciphertext) using an
algorithm and a cryptographic key.

4. Which of the following options best defines an attack vector in terms of cyber security?

A. A software tool used by ethical hackers to test system vulnerabilities

B. A technique to encrypt sensitive data during transmission
C. A method or avenue used by cyber threats to gain unauthorized access to a system or network
D. A hardware component that helps prevents denial-of-service attacks

Answer: C) A method or avenue used by cyber threats to gain unauthorized access to a system or network.

Explanation:
An attack vector in the context of cybersecurity refers to the method or avenue through which cyber threats, such as
hackers or malicious actors, gain unauthorized access to a system, network, or application.

5. What is the significance of a firewall in cybersecurity?

A. To prevent unauthorized physical access to a computer

B. To detect and remove malware from a computer
C. To protect a computer from unauthorized network access
D. To encrypt sensitive data on a computer

Answer: C) To protect a computer from unauthorized network access.

Explanation:

Firewalls are hardware or software-based security barriers that control incoming and outgoing network traffic.

6. Which of the following options correctly identifies the two primary types of encryption used in cybersecurity?

A. Symmetric encryption and multi-factor authentication

B. Asymmetric encryption and Private-key encryption
C. Single-factor encryption and Decryption
D. Symmetric encryption and Asymmetric encryption

Answer: D) Symmetric encryption and Asymmetric encryption

Explanation:

The process of encoding data to protect it from unauthorized access is known as encryption. There are two primary
types of encryption: symmetric encryption and asymmetric encryption.

7. Phishing is a type of cyber threat that involves ____.

A. Mimicking an authorized user to steal sensitive information

B. Gaining unauthorized access to a system
C. Local storage destruction
D. Sending large amounts of fake traffic to a server

Answer: A) Mimicking an authorized user to steal sensitive information.

Explanation:

Phishing is a cyber-attack where the attacker attempts to deceive individuals into revealing sensitive information, such
as login credentials, credit card numbers, or other personal data.

8. What does the term "Malware" stands for?

A. Malfunctioning Software
B. Malicious Firmware
C. Malfunctioning Hardware
D. Malicious Software

Answer: D) Malicious Software

Explanation:
The term "malware" stands for "malicious software." Malware refers to any type of software or code that is specifically
designed to harm, exploit, or gain unauthorized access to computer systems, networks, or user devices.

9. Which of the following is an example of a cyber-attack on physical infrastructure?

A. Phishing attack on employee's email

B. DDoS attack on the company's server
C. Stuxnet attack on an irrigation control system
D. Ransomware attack on company's server

Answer: C) Stuxnet attack on an irrigation control system.

Explanation:

The Stuxnet attack is an example of a cyber-attack on physical infrastructure. The worm used in this attack was
designed to infiltrate and manipulate Programmable Logic Controllers (PLCs) used in centrifuges to enrich uranium.

10. What does the term "VPN" stand for?

A. Virtual Personal Network

B. Virtual Private Network
C. Virtual Portable Network
D. Virtual Public Network

Answer: B) Virtual Private Network

Explanation:

The term "VPN" stands for Virtual Private Network. A VPN is a secure and encrypted network connection that allows
users to access the Internet or other private networks securely over a public network (usually the Internet).

11. Amongst which of the following shows the importance of regular data backups in cyber security?

A. To protect against social engineering attacks

B. To encrypt sensitive data during transmission
C. To prevent unauthorized access to a network
D. To ensure data recovery in case of data loss or cyber-attacks

Answer: D) To ensure data recovery in case of data loss or cyber-attacks.

Explanation:

Regular data backups are important in cybersecurity for prevention against data loss, ransomware, cyber-attacks,
disaster recovery, etc.

12. Which of the following is a common type of social engineering attack?

A. Brute force attack

B. Distributed Denial of Service (DDoS) attack
C. Phishing attack
D. SQL injection attack

Answer: C) Phishing attack

Explanation:
Phishing attack is a common type of social engineering attack. The goal of the phishing attack is to trick recipients into
revealing sensitive information, such as login credentials, personal data, or financial details.

13. Which of the following is not a typical source of data leakage threats?

A. Phishing attacks
B. Insider threats
C. Antivirus software
D. Unsecured Wi-Fi networks

Answer: C) Antivirus software

Explanation:

Antivirus software is not a typical source of data leakage threats. In fact, antivirus software is designed to protect against
data leakage.

14. Amongst which of the following is not an example of physical data leakage?

A. Printer
B. Using weak passwords for online accounts
C. Dumpster diving
D. Shoulder surfing

Answer: B) Using weak passwords for online accounts.

Explanation:

Physical data leakage refers to the unauthorized disclosure or exposure of sensitive data in a physical form. It involves
the cases where physical items, such as documents, storage devices, or hardware, containing sensitive information are
mishandled or lost.

15. Safeguarding the data from unauthorized modification by unknown users is known as ____.

A. Integrity
B. Confidentiality
C. Availability
D. Authenticity

Answer: A) Integrity

Explanation:

Data Integrity refers to the security principle of ensuring that data remains accurate, unaltered, and trustworthy
throughout its entire life cycle.

16. What occurs when integrity is lacking in a system?

A. Data breaches and unauthorized access

B. Loss of data due to hardware failure
C. Encryption of sensitive information
D. Secure transmission of data over the internet

Answer: A) Data breaches and unauthorized access.

Explanation:

When integrity is lacking in a system, data breaches and unauthorized access becomes significant risks.

17. Which one of the following is a common way to maintain data availability?

A. Data Encryption
B. Regular Data Backups
C. Intrusion Detection Systems
D. Multi-factor Authentication

Answer: B) Regular Data Backups

Explanation:

Maintaining data availability is essential to ensure that data is accessible when needed and remains available to
authorized users. One common way to achieve data availability is through regular data backups.

18. Which of the following options is true about "Vulnerability"?

A. Vulnerability refers to the act of maliciously exploiting software flaws

B. Vulnerability is a measure of the potential impact of a cyber-attack
C. Vulnerability is a security mechanism used to protect computer systems
D. Vulnerability is a weakness or flaw in a system that could be exploited by threats

Answer: D) Vulnerability is a weakness or flaw in a system that could be exploited by threats.

Explanation:

Vulnerability refers to a weakness or flaw in a system, network, software, or application that makes it susceptible to
exploitation by potential threats or attackers.

19. Social engineering is ____.

A. A software technique used to prevent unauthorized access to a system

B. A method used to protect data from modification by unauthorized users
C. A cybersecurity principle that focuses on data confidentiality
D. A type of cyber-attack that manipulates human psychology to deceive individuals and gain unauthorized access

Answer: D) A type of cyber-attack that manipulates human psychology to deceive individuals and gain unauthorized
access.

Explanation:

Social engineering is a type of cyber-attack that relies on manipulating human psychology and behavior to deceive
individuals into revealing sensitive information, providing unauthorized access, or performing certain actions that
compromise security.

20. What does the letter "A" stand for in the CIA triad of cybersecurity?

A. Authorization
B. Accessibility
C. Authentication
D. Anonymity
Answer: C) Authentication

Explanation:

Authentication, represented by the letter "A," it is a crucial component of the CIA triad. It refers to the process of
verifying the identity of users, systems, or entities attempting to access resources.

21. Which type of encryption uses the same key for both encryption and decryption?

A. Symmetric encryption
B. Asymmetric encryption
C. Hybrid encryption
D. Public-key encryption

Answer: A) Symmetric encryption

Explanation:

In symmetric encryption, the same secret key is used for both encryption and decryption of data.

22. PGP is primarily used for ____.

A. Network routing and packet filtering

B. Securely transferring files over FTP
C. Encrypting and decrypting email messages
D. Managing database access and permissions

Answer: C) Encrypting and decrypting email messages.

Explanation:

PGP stands for Pretty Good Privacy, and it is primarily used for encrypting and decrypting email messages. PGP is a
widely used encryption software that provides a high level of security and is used for encrypting and decrypting email
messages.

23. Which of the following encryption standard is used to secure Internet communications?

A. AES (Advanced Encryption Standard)

B. RSA (Rivest-Shamir-Adleman)
C. DES (Data Encryption Standard)
D. MD5 (Message Digest Algorithm 5)

Answer: A) AES (Advanced Encryption Standard)

Explanation:

AES is widely used to secure sensitive data transmitted over the internet, such as online transactions, communication
between web browsers and servers (HTTPS), and securing data stored in databases and cloud services.

24. The process of converting ciphertext back into its original plaintext is known as ____.

A. Encryption
B. Decryption
C. Phishing
D. Hashing
Answer: B) Decryption

Explanation:

Decryption is the reverse operation of encryption, which scrambles the plaintext to make it unintelligible to unauthorized
users during transmission or storage.

25. Which key is kept private and known only to the owner in public-key encryption?

A. Public key
B. Secret key
C. Private key
D. Shared key

Answer: C) Private key

Explanation:

In public-key encryption (also known as asymmetric encryption), a pair of mathematically related keys are used: a public
key and a private key.

26. SQL injection is a cyber-attack that targets ____.

A. Social media accounts of individuals

B. Web applications with poorly sanitized input fields
C. Domain Name System (DNS) servers
D. Internet of Things (IoT) devices

Answer: B) Web applications with poorly sanitized input fields.

Explanation:

SQL injection is a type of cyber-attack that targets web applications with poorly sanitized input fields. It is a widespread
and critical vulnerability that occurs when an attacker can manipulate or inject malicious SQL (Structured Query
Language) code into the input fields of a w

27. Spear-phishing is a variation of phishing that targets ____.

A. A broad range of individuals and organizations

B. Only high-profile individuals and celebrities
C. Specific individuals or a particular organization
D. Social media platforms

Answer: C) Specific individuals or a particular organization.

Explanation:

Spear-phishing is a variation of phishing that targets specific individuals or a particular organization. Unlike traditional
phishing attacks that cast a wide net to target many potential victims, spear phishing is highly targeted and
personalized.

28. What does "DoS" stands for?

A. Denial of Software
B. Distributed Online Security
 C. Data Overload Strike
D. Denial of Service

Answer: D) Denial of Service

Explanation:

Denial of Service (DoS) is a type of cyber-attack that aims to make a service, network, or website unavailable to its
legitimate users by overwhelming it with a large volume of traffic or requests.

29. Which of the following uses a combination of symmetric and asymmetric encryption?

A. Public Key Infrastructure (PKI)

B. Digital Signature
C. Pretty Good Privacy (PGP)
D. Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Answer: C) Pretty Good Privacy (PGP)

Explanation:

PGP (Pretty Good Privacy) is a cryptographic encryption and decryption program that uses a combination of both
symmetric and asymmetric encryption algorithms to provide secure and private communication.

30. What is the purpose of the man-in-middle attack?

A. To steal sensitive data from the target system

B. To overload the target system's resources
C. To deceive the user into clicking on a malicious link
D. To intercept and tamper with communication between two parties

Answer: D) To intercept and tamper with communication between two parties.

Explanation:

The purpose of a man-in-the-middle attack is to intercept and tamper with the communication between two parties who
believe they are directly communicating with each other.

31. A cryptographic value that is generated by combining a secret key with a message is known as ____.

A. Digital Signature
B. Encryption Key
C. Message Authentication Code (MAC)
D. Public Key

Answer: C) Message Authentication Code (MAC)

Explanation:

A Message Authentication Code (MAC) is a cryptographic value that is generated by combining a secret key with a
message to ensure message integrity and authentication.

32. A digital signature created by ____.

A. By encrypting the entire message with a private key

 B. By appending the sender's private key to the message
C. By creating a hash of the message and encrypting it with a public key
D. By combining the sender's public key with the message

Answer: C) By creating a hash of the message and encrypting it with a public key.

Explanation:

A digital signature is created using a process that involves cryptographic techniques to ensure the authenticity, integrity,
and non-repudiation of a digital message or document.

33. Which of the following options is TRUE about Message Authentication Code (MAC)?

A. It should be easy to generate a MAC value from the message and key
B. The same MAC value should be generated for two different messages with the same key
C. The MAC value should be long and complex for better security
D. It should be possible to derive the original message from the MAC value

Answer: A) It should be easy to generate a MAC value from the message and key.

Explanation:

MACs are designed to be efficiently computable; it should be easy and quick to generate the MAC value from the input
message and the shared secret key.

34. Digital signatures are ____.

A. Ensuring data confidentiality during transmission

B. Preventing unauthorized access to a computer network
C. Verifying the integrity and authenticity of a message
D. Encrypting sensitive information in emails

Answer: C) Verifying the integrity and authenticity of a message.

Explanation:

Digital signatures are cryptographic mechanisms used to provide assurance regarding the authenticity, integrity, and
non-repudiation of digital messages or documents.

35. The purpose of an SSL certificate is to ____.

A. Authenticate the identity of the server and encrypt data during transmission
B. Authenticate the identity of the client and encrypt data during transmission
C. Identify potential cyber threats in the network
D. Filter and block malicious websites

Answer: A) Authenticate the identity of the server and encrypt data during transmission.

Explanation:

The purpose of an SSL (Secure Sockets Layer) certificate is to authenticate the identity of the server and encrypt data
during transmission.

36. Which is a more secure and commonly used version of SSL?

 A. SSL 2.0
B. SSL 3.0
C. TLS 1.0
D. TLS 1.3

Answer: D) TLS 1.3

Explanation:

TLS 1.3, the latest version of the TLS protocol, was standardized in August 2018 and offers significant improvements in
security and performance. It provides stronger encryption algorithms, enhances forward secrecy, reduces handshake
latency, and removes outdated and vulnerable features present in previous versions.

37. What does the term "defence in depth" refers to?

A. Relying on a single security measure for protection

B. Implementing multiple layers of security controls to mitigate risks
C. Prioritizing confidentiality over availability
D. Focusing solely on physical security measures

Answer: B) Implementing multiple layers of security controls to mitigate risks.

Explanation:

The concept of defense in depth is based on the principle that no single security measure can provide complete
protection against all possible threats and vulnerabilities. By employing multiple layers, even if one layer is breached,
other layers can still provide protection.

38. Amongst which of the following is an example of physical security control?

A. Firewalls
B. Antivirus software
C. Biometric authentication
D. Encryption

Answer: C) Biometric authentication

Explanation:

Biometric authentication is an example of a physical security control as it involves using unique physical characteristics
of individuals to verify their identity.

39. Insider threat is a situation where ____.

A. Cybersecurity measures fail to protect the network

B. An organization faces a natural disaster or physical breach
C. Unauthorized users attempt to gain access to sensitive data
D. Employees or individuals within an organization pose a security risk

Answer: D) Employees or individuals within an organization pose a security risk.

Explanation:

Insider threats can come from current or former employees, contractors, business partners, or anyone with legitimate
access to sensitive information or critical infrastructure.
40. Which of the following is a type of antivirus program?

A. Quick heal
B. McAfee
C. Kaspersky
D. All of the above

Answer: D) All of the above

Explanation:

Antivirus software is designed to detect, prevent, and remove malware (such as viruses, worms, Trojans, and other
malicious software) from computer systems and networks. All the listed programs are anti-virus programs.

41. What does the term "Cyber Ethics" refer to?

A. The study of computer programming languages

B. Ethical guidelines and principles for using computers and technology responsibly
C. The process of developing secure computer networks
D. The legal regulations governing cybercrimes

Answer: B) Ethical guidelines and principles for using computers and technology responsibly.

Explanation:

Cyber ethics seeks to address the moral dilemmas and ethical challenges that arise in cyberspace, where technology
intersects with human interaction and information exchange.

42. A decoy system or network designed to attract and monitor unauthorized access attempts is known as ____.

A. Honeypot
B. Firewall
C. Encryption
D. Intrusion Detection System (IDS)

Answer: A) Honeypot

Explanation:

A honeypot is a decoy or trap set up by cybersecurity professionals to attract and monitor cyber attackers. It is a
simulated system or network designed to appear as a legitimate target with valuable data or resources.

43. Which of the following is not a cyber threat?

A. DoS
B. AES
C. Man-in-middle
D. Malware

Answer: B) AES

Explanation:

AES (Advanced Encryption Standard) is not a cyber threat; rather, it is a cryptographic algorithm used to secure and
encrypt data.
44. What are Botnets?

A. Networks of physical robots used for industrial automation

B. Large-scale computer networks are used for scientific research
C. Groups of interconnected computers controlled by a malicious actor perform coordinated cyberattacks
D. Online forums for discussing topics related to robotics and artificial intelligence

Answer: C) Groups of interconnected computers controlled by a malicious actor perform coordinated cyberattacks.

Explanation:

A botnet is a network of compromised computers, also known as "bots" or "zombies," that are under the control of a
malicious actor, often referred to as the "botmaster" or "bot herder."

45. What type of data is usually stored in a honeypot?

A. Sensitive user information and passwords

B. Classified government documents
C. Fake data and logs mimic a real system
D. All the encrypted data from the organization

Answer: C) Fake data and logs mimic a real system.

Explanation:

To achieve its goal effectively, a honeypot typically stores fake or simulated data that mimics a real system. This data
can include fabricated user accounts, non-sensitive information, and system logs that appear genuine.

46. In which layer, vulnerabilities are directly associated with physical access to networks and hardware?

A. Physical
B. Data-link
C. Network
D. Application

Answer: A) Physical

Explanation:

Vulnerabilities at the physical layer could include unauthorized physical access to network devices or hardware, such as
routers, switches, servers, and cabling.

47. Which technology is commonly used by VPNs to establish secure connections?

A. HTTP
B. SSL
C. TCP
D. UDP

Answer: B) SSL

Explanation:

SSL can be used as a component in some VPN implementations to provide secure communications.
48. Which type of cyberattack directly impacts data integrity?

A. Phishing attacks
B. Ransomware attacks
C. Distributed Denial of Service (DDoS) attacks
D. Man-in-the-Middle (MitM) attacks

Answer: B) Ransomware attacks

Explanation:

Since ransomware encrypts the victim's data, it directly impacts data integrity by making the data unusable and
inaccessible to the owner.

49. Amongst which of the following is not a common VPN protocol?

A. PPTP
B. SSL
C. HTTPS
D. L2TP/IPsec

Answer: C) HTTPS

Explanation:

HTTPS is not a VPN protocol but rather an extension of HTTP. It is used to secure data transmission between a user's
web browser and a website server.

50. Which of the following best describes the role of a Security Operations Center (SOC) in the field of cybersecurity?

A. A physical facility that stores sensitive data and information

B. A team of cybersecurity professionals responsible for developing software applications
C. A centralized unit that monitors, detects, and responds to security incidents in real time
D. A set of guidelines and policies for safe internet usage in an organization

Answer: C) A centralized unit that monitors, detects, and responds to security incidents in real time.

Explanation:

The SOC's primary role is to detect security breaches, respond to incidents promptly, and mitigate cyber threats to
ensure the organization's data and systems remain secure

Cyber Security

MCQs on " Cyber Security": Find the multiple choice questions on " Cyber Security", frequently asked for all competitive
examinations.

The technique of protecting laptops, websites, mobile platforms, communications devices, networking, and data from
hostile intrusions is known as cyber security. Today, someone can send or receive any source of data, whether it’s
videos, or mail, in just one click, but has he ever wondered how secure this information is conveyed to another person
with no data leakage? Cybersecurity is the appropriate answer. Today more than 61% of full industry exchanges are
done on the internet, so this for the area is a prerequisite for high-quality security for direct and best exchanges. Thus,
cybersecurity has become the most recent issue (Dervojeda et al., 2014). More than two-thirds of whole market
transactions are now conducted through online mode, demanding a degree of security for straight and best transactions
in this field. As a result, cybersecurity has recently become a major topic.

Multiple Choice Questions(MCQ)

1. Cyber Security provide security against what?

1.
1. Against Malware
2. Against cyber-terrorists
3. Defends a device from threat.
4. All mentioned options

Answer: D

2. Who is popularly known as the father of cyber security?

1.
1. Robert
2. August Kerckhoffs
3. Bob Thomas
4. Charles

Answer: B

3. Which of the below is a kind of cyber security?

1.
1. Cloud Security
2. Application Security
3. Cloud Security
4. All options mentioned above

Answer: D

4. Which of the below does not constitute a cybercrime?

1. refusal of service
2. Man in the middle
3. Phishing
4. AES

Answer: D (AES stands for Advanced Encryption Standard) safeguards data by encoding it)

5. Which of the below benefits of cyber security is not true?

1. System getting slower

2. Computer lagging and crashes
3. provide privacy to users
4. Secures system against viruses

Answer: A
6. Who coined the term “ Cyberspace”?

1.
1. William Gibson
2. Andrew Tannenbaum
3. Scott Fahlman
4. Richard Stallman

Answer: A

7. Which of the below is a hacking technique in which cybercriminals create fictitious web pages or domains to deceive
or obtain more traffic?

1. Pharming
2. Mimicking
3. Spamming
4. Website-Duplication

Answer: A ( Pharming is a method and technique used by cybercriminals to deceive people by creating fake websites
and domains)

8. Which of the below is a popular victim of cyber attackers looking to gain the IP address of a target or victim user?

1. emails
2. websites
3. IP tracer
4. web pages

Answer: B

9. Which of the below does not qualify as a form of peer-to-peer cybercrime?

1. Trojans are implanted into a targeted device.

2. On the deep web, payment information is leaked.
3. mm
4. Phishing

Answer: B

10. An act to injure, corrupt, or threaten a system or network is characterised as which of the below?

1. Digital crime
2. Threats
3. System hijacking
4. Cyber Attack

Answer: D

11. Any company or agency’s IT protection is managed and maintained by?

1. Software Security Specialist

2. CEO of the organisation
3. Security Auditor
4. IT Security Engineer
Answer: D ( This is a profession in which a professional develops and maintains various systems and security devices
for the firm or organisation)

12. Which of the below is an internet fraud in which a consumer is digitally persuaded to reveal personal data by
cybercriminals?

1. MiTM attack
2. Phishing attack
3. Website attack
4. DoS attack

Answer: B

13. Which of the below security encryption standards is the weakest?

1. WPA3
2. WPA2
3. WPA
4. WEP

Answer: D ( WEP stands for wired Equivalent Privacy. It is a most insecure encrypted protocol)

14. Which of the below measures can help reduce the risk of data leakage?

1. Steganography
2. Chorography
3. Cryptography
4. Authentication

Answer: A ( Steganography functions as concealing information in a non-suspicious manner)

15. This is the concept for guiding information security policy within a corporation, firm, or organisation. What exactly is
“this” in this context?

1. Confidentiality
2. Non-repudiation
3. CIA Triad
4. Authenticity

Answer: C (CIA Triad is the most popular and frequently used approach, focusing on the confidentiality of information)

16. ___________ means the security of data from tampering by unidentified users.

1. Confidentiality
2. Integrity
3. Authentication
4. Non-repudiation

Answer: B

17. Which of the below implemented is not a good means of safeguarding privacy?

1. Biometric verification
2. ID and password-based verification
3. 2-factor authentication
 4. switching off the phone

Answer: D

18. When ____ and ____ are in charge of data, the integrity of the data is imperilled?

1. Access control, file deletion

2. Network, file permission
3. Access control, file permission
4. Network, system

Answer: C

19. The authenticity and security of data travelling over a network are ensured by?

1. Firewall
2. Antivirus
3. Pentesting Tools
4. Network-security protocols

Answer: D ( Network-security protocols govern the procedures and processes used to protect network data against
illegal content collection)

20. _________ creates an isolated passage across a public network that enables computing devices to communicate
and receive data discreetly as though they were directly linked to the private network.

1. Visual Private Network

2. Virtual Protocol Network
3. Virtual Protocol Networking
4. Virtual Private Network

Answer: D

21. ___________ is one of the safest Linux operating systems, offering invisibility and an incognito mode to protect user
data.

1. Fedora
2. Tails
3. Ubuntu
4. OpenSUSE

Answer: B

22. What is a single entrance for multiple connectivities called?

1. Web services
2. phishing
3. Directory service
4. worms

Answer: C (A directory service is the following system of software and protocols that keep track of knowledge about the
company, clients, or sometimes both)

23. Circuit-level gateway firewalls have which of the below disadvantages?

 1. They’re expensive
2. They’re complex in architecture
3. They do not filter individual packets
4. They’re complex to setup

Answer: C

24. The initial phase of ethical hacking is?

1. DNS poisoning
2. Footprinting
3. ARP-poisoning
4. Enumeration

Answer: B ( In this Phase, The attacker attempts to find as many attack vectors as he can, reconnaissance is another
term for footprinting)

25. Which of the below can be classified as a type of computer threat?

1. Dos Attack
2. Phishing
3. Soliciting
4. Both A and C

Answer: A ( A denial of service attack is referred to as a dos attack, it’s a type of cyber-attack in which someone tries to
prevent a machine from serving its intended consumers)

26. In system hacking, which of the below is the most crucial activity?

1. Information gathering
2. Covering tracks
3. Cracking passwords
4. None of the above

Answer: C

27. When the number of users surpasses the network’s capacity, which of the below network factors suffers the most?

1. Reliability
2. Performance
3. Security
4. Longevity

Answer: D

28. Which of the below cyber security principles states that the security system should be as compact and
straightforward as possible?

1. Open-design
2. The economy of the Mechanism
3. Least privilege
4. Fail-safe Defaults

Answer: B
29. Which of the below malware types permits the hackers to access administrative controls and do nearly everything
he wants with the infected systems?

1. RATs
2. Worms
3. Rootkits
4. Botnets

Answer: A ( RATs stands for Remote Access Trojans which gives the attacker administrative power over your device,
just as if they had physical access)

30. The first hacker’s conference was held in which of the below locations?

1. OSCON
2. DEVON
3. DEFCON
4. SECTION

Answer: C ( DEFCON is one of the most well-known and biggest hackers and security consultant conferences in the
world. It’s often conducted in Las Vegas, Nevada, once a year)

31. When any IT device, service, or system requires security checks, the term “security testing” is employed.?

1. Threat
2. Vulnerability
3. Objective of evaluation
4. Attack

Answer: C ( When any IT system, device, or platform requires assessment for safety purposes or to address any faults
after being evaluated by security researchers, the term “objective of evaluation” is used)

32. Which of the below is used to analyse network flow and monitor traffic?

1. Managed detection and response

2. Cloud access security broker
3. Network traffic analysis
4. Network traffic analysis

Answer: C

33. Which of the below is a method of gaining access to a computer program or an entire computer system while
circumventing all security measures?

1. Backdoor
2. Masquerading
3. Phishing
4. Trojan Horse

Answer: Backdoor ( A backdoor is a sort of malware that bypasses standard authentication mechanisms to gain access
to a system)

34. The term “protection from ______of source code” refers to limiting access to the source code to just authorised
individuals.

1. disclosure
 2. alteration
3. destruction
4. log of changes

Answer: C

35. _______________ are programmes or procedures that enable hackers to maintain control of a computer system.?

1. Exploits
2. Antivirus
3. Firewall by-passers
4. Worms

Answer: A ( Exploits are programs or algorithms that allow hackers to gain total control of a computer system)

1. BYJU'S GATE
2. GATE
3. GATE Study Material
4. Mcqs
5. Cyber Security Mcqs

Cyber Securit MCQs

Cyber security is the protection of systems, programmes, networks, devices, and data from cyber attacks with the help
of technology and processes. Its primary aim is to reduce cyber attacks and protect systems, networks, and
technologies from unauthorised exploitation.

MCQs on Cyber Security

Solve Cyber Security Multiple-Choice Questions to prepare better for GATE. If you wish to learn more about Cyber
Security and Cyber Security MCQs, you can check notes, mock tests, and previous years’ question papers. Gauge the
pattern of MCQs on Cyber Security by solving the ones that we have compiled below for your practice:

Cyber Security Multiple-Choice Questions

1. In which of these a person is continually chased/followed by another person or a group of various people?

a. Identity theft

b. Stalking

c. Bullying

d. Phishing

Answer: (b) Stalking

2. Which of these is an antivirus program type?

a. Kaspersky
b. Quick heal

c. Mcafee

d. All of the above

Answer: (d) All of the above

3. A ____________ can be a hardware device or a software program that filters all the packets of data that comes
through a network, the internet, etc.

a. Firewall

b. Antivirus

c. Malware

d. Cookies

Answer: (a) Firewall

4. Which of these would refer to the exploration of the apt, ethical behaviours that are related to the digital media
platform and online environment?

a. Cybersecurity

b. Cybersafety

c. Cyberethics

d. Cyber low

Answer: (c) Cyberethics

5. Which of these is a technique that is used to verify a message’s integrity?

a. Message Digest

b. Protocol

c. Decryption algorithm

d. Digital signature

Answer: (a) Message Digest

6. Which of these ports and IP address scanners is popular among the users?

a. Ettercap

b. Snort

c. Angry IP Scanner

d. Cain and Abel

Answer: (c) Angry IP Scanner

7. Which of these is NOT a scanning type?

a. Null Scan

b. Xmas Tree Scan

c. SYN Stealth

d. Cloud Scan

Answer: (d) Cloud Scan

8. The Code Red is a sort of a ___________.

a. Video Editing Software

b. Computer Virus

c. Photo Editing Software

d. Antivirus Program

Answer: (b) Computer Virus

9. Which of these is also malicious software?

a. Badware

b. Malicious Ware

c. Malware

d. Ilegalware

Answer: (c) Malware

10. We use the transit time and the response time to measure a network’s ___________.

a. Reliability

b. Performance

c. Longevity

d. Security

Answer: (b) Performance

11. Which of these is the world’s very first antivirus program?

a. Tinkered

b. Creeper
c. Ray Tomlinson

d. Reaper

Answer: (d) Reaper

12. The Hacker who did break the SIPRNET system is ___________.

a. Kevin Poulsen

b. John von Neumann

c. Kevin Mitnick

d. John Draper

Answer: (a) Kevin Poulsen

13. Using the cipher algorithm, which of these types of text would be transformed?

a. Plain text

b. Scalar text

c. Complex text

d. Transformed text

Answer: (a) Plain text

14. Which of the following malware types does not clone or replicate itself through infection?

a. Viruses

b. Worms

c. Trojans

d. Rootkits

Answer: (c) Trojans

15. The DNS would translate any Domain name into ___________.

a. IP

b. URL

c. Binary

d. Hex

Answer: (b) URL

16. Which of these is usually referred to as the port number (default) of several web servers like apache?
a. 40

b. 20

c. 87

d. 80

Answer: (d) 80

17. Which of these is a sort of independent type of malicious program that would not require any host program?

a. Virus

b. Trap Door

c. Worm

d. Trojan Horse

Answer: (c) Worm

18. Which of these is NOT involved in the CIA Triad?

a. Confidentiality

b. Availability

c. Integrity

d. Authenticity

Answer: (d) Authenticity

19. Which of these is the oldest techniques used by hackers for phone hacking to make free calls?

a. Phishing

b. Phreaking

c. Spraining

d. Cracking

Answer: (b) Phreaking

20. Which of these is the very first hacker’s conference?

a. DEFCON

b. OSCON

c. SECTION

d. DEVON
Answer: (a) DEFCON

1. Cyber Security provide security against what? 1. Against Malware 2. Against cyber-terrorists 3. Defends a device
from threat. 4. All mentioned options Answer: D 2. Who is popularly known as the father of cyber security? 1. Robert 2.
August Kerckhoffs 3. Bob Thomas 4. Charles Answer: B 3. Which of the below is a kind of cyber security? 1. Cloud
Security 2. Application Security 3. Cloud Security 4. All options mentioned above Answer: D 4. Which of the below does
not constitute a cybercrime? 1. refusal of service 2. Man in the middle 3. Phishing 4. AES Answer: D (AES stands for
Advanced Encryption Standard) safeguards data by encoding it) 5. Which of the below benefits of cyber security is not
true? 1. System getting slower 2. Computer lagging and crashes 3. provide privacy to users 4. Secures system against
viruses
Answer: A 6. Who coined the term " Cyberspace"? 1. William Gibson 2. Andrew Tannenbaum 3. Scott Fahlman 4.
Richard Stallman Answer: A 7. Which of the below is a hacking technique in which cybercriminals create fictitious web
pages or domains to deceive or obtain more traffic? 1. Pharming 2. Mimicking 3. Spamming 4. Website-Duplication
Answer: A (Pharming is a method and technique used by cybercriminals to deceive people by creating fake websites
and domains) 8. Which of the below is a popular victim of cyber attackers looking to gain the IP address of a target or
victim user? 1. emails 2. websites 3. IP tracer 4. web pages Answer: B 9. Which of the below does not qualify as a form
of peer-to-peer cybercrime? 1. Trojans are implanted into a targeted device. 2. On the deep web, payment information is
leaked. 3. mm 4. Phishing Answer: B 10. An act to injure, corrupt, or threaten a system or network is characterised as
which of the below?
1. Digital crime 2. Threats 3. System hijacking 4. Cyber Attack Answer: D 11. Any company or agency's IT protection is
managed and maintained by? 1. Software Security Specialist 2. CEO of the organisation 3. Security Auditor 4. IT
Security Engineer Answer: D (This is a profession in which a professional develops and maintains various systems and
security devices for the firm or organisation) 12. Which of the below is an internet fraud in which a consumer is digitally
persuaded to reveal personal data by cybercriminals? 1. MiTM attack 2. Phishing attack 3. Website attack 4. DoS attack
Answer: B 13. Which of the below security encryption standards is the weakest? 1. WPA3 2. WPA2 3. WPA 4. WEP
Answer: D (WEP stands for wired Equivalent Privacy. It is a most insecure encrypted protocol) 14. Which of the below
measures can help reduce the risk of data leakage? 1. Steganography 2. Chorography 3. Cryptography 4.
Authentication
Answer: A (Steganography functions as concealing information in a non-suspicious manner) 15. This is the concept for
guiding information security policy within a corporation, firm, or organisation. What exactly is "this" in this context? 1.
Confidentiality 2. Non-repudiation 3. CIA Triad 4. Authenticity Answer: C (CIA Triad is the most popular and frequently
used approach, focusing on the confidentiality of information) 16. ___________ means the security of data from
tampering by unidentified users. 1. Confidentiality 2. Integrity 3. Authentication 4. Non-repudiation Answer: B 17. Which
of the below implemented is not a good means of safeguarding privacy? 1. Biometric verification 2. ID and password-
based verification 3. 2-factor authentication 4. switching off the phone Answer: D 18. When ____ and ____ are in
charge of data, the integrity of the data is imperilled? 1. Access control, file deletion 2. Network, file permission 3.
Access control, file permission 4. Network, system Answer: C 19. The authenticity and security of data travelling over a
network are ensured by? 1. Firewall
2. Antivirus 3. Pentesting Tools 4. Network-security protocols Answer: D (Network-security protocols govern the
procedures and processes used to protect network data against illegal content collection) 20. _________ creates an
isolated passage across a public network that enables computing devices to communicate and receive data discreetly
as though they were directly linked to the private network. 1. Visual Private Network 2. Virtual Protocol Network 3.
Virtual Protocol Networking 4. Virtual Private Network Answer: D 21. ___________ is one of the safest Linux operating
systems, offering invisibility and an incognito mode to protect user data. 1. Fedora 2. Tails 3. Ubuntu 4. OpenSUSE
Answer: B 22. What is a single entrance for multiple connectivities called? 1. Web services 2. phishing 3. Directory
service 4. worms Answer: C (A directory service is the following system of software and protocols that keep track of
knowledge about the company, clients, or sometimes both) 23. Circuit-level gateway firewalls have which of the below
disadvantages? 1. They're expensive 2. They're complex in architecture 3. They do not filter individual packets
4. They're complex to setup Answer: C 24. The initial phase of ethical hacking is? 1. DNS poisoning 2. Footprinting 3.
ARP-poisoning 4. Enumeration Answer: B (In this Phase, The attacker attempts to find as many attack vectors as he
can, reconnaissance is another term for footprinting) 25. Which of the below can be classified as a type of computer
threat? 1. Dos Attack 2. Phishing 3. Soliciting 4. Both A and C Answer: A (A denial of service attack is referred to as a
dos attack, it's a type of cyber-attack in which someone tries to prevent a machine from serving its intended consumers)
26. In system hacking, which of the below is the most crucial activity? 1. Information gathering 2. Covering tracks 3.
Cracking passwords 4. None of the above Answer: C 27. When the number of users surpasses the network's capacity,
which of the below network factors suffers the most? 1. Reliability 2. Performance 3. Security 4. Longevity Answer: D
28. Which of the below cyber security principles states that the security system should be as compact and
straightforward as possible? 1. Open-design 2. The economy of the Mechanism 3. Least privilege 4. Fail-safe Defaults
Answer: B 29. Which of the below malware types permits the hackers to access administrative controls and do nearly
everything he wants with the infected systems? 1. RATs 2. Worms 3. Rootkits 4. Botnets Answer: A (RATs stands for
Remote Access Trojans which gives the attacker administrative power over your device, just as if they had physical
access) 30. The first hacker's conference was held in which of the below locations? 1. OSCON 2. DEVON 3. DEFCON
4. SECTION Answer: C (DEFCON is one of the most well-known and biggest hackers and security consultant
conferences in the world. It's often conducted in Las Vegas, Nevada, once a year) 31. When any IT device, service, or
system requires security checks, the term "security testing" is employed? 1. Threat 2. Vulnerability 3. Objective of
evaluation 4. Attack Answer: C (When any IT system, device, or platform requires assessment for safety purposes or to
address any faults after being evaluated by security researchers, the term "objective of evaluation" is used)
32. Which of the below is used to analyse network flow and monitor traffic? 1. Managed detection and response 2.
Cloud access security broker 3. Network traffic analysis 4. Network traffic analysis Answer: C 33. Which of the below is
a method of gaining access to a computer program or an entire computer system while circumventing all security
measures? 1. Backdoor 2. Masquerading 3. Phishing 4. Trojan Horse Answer: Backdoor (A backdoor is a sort of
malware that bypasses standard authentication mechanisms to gain access to a system) 34. The term "protection from
______of source code" refers to limiting access to the source code to just authorised individuals. 1. disclosure 2.
alteration 3. destruction 4. log of changes Answer: C 35. _______________ are programmes or procedures that enable
hackers to maintain control of a computer system? 5. Exploits 6. Antivirus 7. Firewall by-passers 8. Worms Answer: A
(Exploits are programs or algorithms that allow hackers to gain total control of a computer system)
1. In which of these a person is continually chased/followed by another person or a group of various people? a. Identity
theft b. Stalking c. Bullying d. Phishing Answer: (b) Stalking 2. Which of these is an antivirus program type? a.
Kaspersky b. Quick heal c. Mcafee d. All of the above Answer: (d) All of the above 3. A ____________ can be a
hardware device or a software program that filters all the packets of data that comes through a network, the internet,
etc. a. Firewall b. Antivirus c. Malware d. Cookies Answer: (a) Firewall 4. Which of these would refer to the exploration
of the apt, ethical behaviours that are related to the digital media platform and online environment? a. Cybersecurity b.
Cybersafety c. Cyberethics d. Cyber low Answer: (c) Cyberethics 5. Which of these is a technique that is used to verify a
message's integrity? a. Message Digest b. Protocol c. Decryption algorithm d. Digital signature Answer: (a) Message
Digest 6. Which of these ports and IP address scanners is popular among the users? a. Ettercap b. Snort c. Angry IP
Scanner
d. Cain and Abel Answer: (c) Angry IP Scanner 7. Which of these is NOT a scanning type? a. Null Scan b. Xmas Tree
Scan c. SYN Stealth d. Cloud Scan Answer: (d) Cloud Scan 8. The Code Red is a sort of a ___________. a. Video
Editing Software b. Computer Virus c. Photo Editing Software d. Antivirus Program Answer: (b) Computer Virus 9.
Which of these is also malicious software? a. Badware b. Malicious Ware c. Malware d. Ilegalware Answer: (c) Malware
10. We use the transit time and the response time to measure a network's ___________. a. Reliability b. Performance c.
Longevity d. Security Answer: (b) Performance 11. Which of these is the world's very first antivirus program? a. Tinkered
b. Creeper c. Ray Tomlinson d. Reaper Answer: (d) Reaper 12. The Hacker who did break the SIPRNET system is
___________. a. Kevin Poulsen b. John von Neumann
c. Kevin Mitnick d. John Draper Answer: (a) Kevin Poulsen 13. Using the cipher algorithm, which of these types of text
would be transformed? a. Plain text b. Scalar text c. Complex text d. Transformed text Answer: (a) Plain text 14. Which
of the following malware types does not clone or replicate itself through infection? a. Viruses b. Worms c. Trojans d.
Rootkits Answer: (c) Trojans 15. The DNS would translate any Domain name into ___________. a. IP b. URL c. Binary
d. Hex Answer: (b) URL 16. Which of these is usually referred to as the port number (default) of several web servers like
apache? a. 40 b. 20 c. 87 d. 80 Answer: (d) 80 17. Which of these is a sort of independent type of malicious program
that would not require any host program? a. Virus b. Trap Door c. Worm d. Trojan Horse Answer: (c) Worm 18. Which of
these is NOT involved in the CIA Triad?
a. Confidentiality b. Availability c. Integrity d. Authenticity Answer: (d) Authenticity 19. Which of these is the oldest
techniques used by hackers for phone hacking to make free calls? a. Phishing b. Phreaking c. Spraining d. Cracking
Answer: (b) Phreaking 20. Which of these is the very first hacker's conference? a. DEFCON b. OSCON c. SECTION d.
DEVON Answer: (a) DEFCON
1. What is Cyber Security? a) Cyber Security provides security against malware b) Cyber Security provides security
against cyber-terrorists c) Cyber Security protects a system from cyber attacks d) All of the mentioned Answer: d
Explanation: Cyber Security provides security to a system against cyber-attacks by using various technologies, and
processes. 2. What does cyber security protect? a) Cyber security protects criminals b) Cyber security protects internet-
connected systems c) Cyber security protects hackers d) None of the mentioned Answer: a Explanation: It protects
internet-connected systems such as hardware, software, and data from cyber-attacks. It aims to reduce cyber attacks
against the system, network, and technologies by reducing unauthorized exploitation, vulnerability, and threats. 3. Who
is the father of computer security? a) August Kerckhoffs b) Bob Thomas c) Robert d) Charles Answer: a Explanation:
August Kerckhoffs, a linguist and German professor at HEC, wrote an essay in the Journal of Military Science in
February 1883. Kerckhoff had unwittingly established the foundations for contemporary encryption, earning him the title
of "Father of Computer Security." 4. Which of the following is defined as an attempt to steal, spy, damage or destroy
computer systems, networks, or their associated information? a) Cyber attack b) Computer security c) Cryptography d)
Digital hacking Answer: a Explanation: An effort to steal, spy on, damage, or destroy diverse components of
cyberspace, such as computer systems, related peripherals, network systems, and information, is known as a cyber
attack. 5. Which of the following is a type of cyber security? a) Cloud Security b) Network Security c) Application
Security d) All of the above Answer:d Explanation: Since technology is improving, the threat and attacks against the
technology are also increasing. Hence, to provide security, it is divided into the following types: Cloud Security: Provides
security for the data stored on the cloud. Network Security: Protects the internal network from threats. Application
Security: Protects data stored in the application software. advertisement 6. What are the features of cyber security? a)
Compliance b) Defense against internal threats c) Threat Prevention d) All of the above Answer: d Explanation: The
features are as follows: Compliance: Creating a program that meets the requirements and rules of the users. Defense
against internal threats: Should provide security against internal exploitation. Threat Prevention: Should be capable of
detecting the threat and preventing them. 7. Which of the following is an objective of network security? a) Confidentiality
b) Integrity c) Availability d) All of the above Answer: d Explanation: The objectives of network security are
Confidentiality, Integrity, and Availability. Confidentiality: The function of confidentiality is to keep sensitive company
information safe from unwanted access. The confidentiality component of network security ensures that data is only
accessible to those who are authorized to see it. Integrity: This goal entails ensuring and preserving data accuracy and
consistency. The purpose of integrity is to ensure that data is accurate and not tampered with by unauthorized
individuals. Availability: The purpose of availability in Network Security is to ensure that data, network resources, and
services are always available to legitimate users, whenever they need them. 8. Which of the following is not a
cybercrime? a) Denial of Service b) Man in the Middle c) Malware d) AES Answer: d Explanation: Denial of Service,
Man in the Middle, and Malware exploit the system causing a threat to security, hence they are considered as
cybercrime. AES (Advanced Encryption Standard) provides security by encrypting the data. 9. Which of the following is
a component of cyber security? a) Internet Of Things b) AI
c) Database d) Attacks Answer: a Explanation: The Internet of Things (IoT) is a network of physical objects embedded
with sensors, software, and other technologies to connect and exchange data with other devices and systems through
the internet. 10. Which of the following is a type of cyber attack? a) Phishing b) SQL Injections c) Password Attack d) All
of the above Answer: d Explanation: Attacks are Phishing, SQL Injections, and Password Attack. Phishing: The attacker
sends a large number of fraudulent emails and gains access to the system. SQL Injections: The attacker gains access
to the protected information by adding malicious code to the SQL server. Password Attack: Attackers gain access to the
passwords unethically and gain access to the confidential data. 11. Which of the following is not an advantage of cyber
security? a) Makes the system slower b) Minimizes computer freezing and crashes c) Gives privacy to users d) Protects
system against viruses Answer: a Explanation: The advantages are minimization of computer freezing and crashes,
user privacy, and protection against viruses, worms, etc. Disadvantages include the system becoming slow, configuring
firewalls correctly can be difficult, need to update the new software in order to keep security up to date. 12.
"Cyberspace" was coined by _________ a) Richard Stallman b) William Gibson c) Andrew Tannenbaum d) Scott
Fahlman Answer: b Explanation: William Gibson, an American-Canadian fiction pioneer, and coiner, examined the many
streams of technology and invented the word "cyberspace" in 1821. The phrase refers to linked technologies that aid in
information exchange, interaction with digital devices, storage and digital entertainment, computer and network security,
and other information technology-related matters. 13. In which year has hacking become a practical crime and a matter
of concern in the field of cyber technology? a) 1991 b) 1983 c) 1970
d) 1964 Answer: c Explanation: In the case of hackers in the 1970s, hackers and cyber thieves found out how wired
technologies operate and how they might be abused to obtain a competitive edge or misuse the technology. 14.
Governments hired some highly skilled hackers for providing cyber security for the country or state. These types of
hackers are termed as _______ a) Nation / State sponsored hackers b) CIA triad c) Special Hackers d) Government
Hackers Answer: a Explanation: Nation / State-sponsored hackers are those who are engaged or paid by a nation's or
state's government to safeguard the country from cyber terrorists and other groups or individuals, as well as to expose
their plans, communications, and activities. 15. Which of the following act violates cyber security? a) Exploit b) Attack c)
Threat d) Vulnerability Answer: b Explanation: A threat is a possible danger that might lead to a security breach and
cause harm to the system or network. Vulnerability is a word that refers to a flaw in a network or system that might be
exploited by an attacker. Exploiting a security flaw might result in unexpected and unwanted effects. A cyber-attack is an
attempt by attackers to alter, delete, steal or expose any specific data by gaining unauthorized access. 16. Which of the
following actions compromise cyber security? a) Vulnerability b) Attack c) Threat d) Exploit Answer: c Explanation: A
threat is defined as a potential hazard that might result in a breach of security and cause harm to the system or network.
Vulnerability is a term that refers to a weakness in a network or system that an attacker may exploit. Exploiting a
weakness in security might have unintended and undesirable consequences. 17. Which of the following is the hacking
approach where cyber-criminals design fake websites or pages for tricking or gaining additional traffic? a) Pharming b)
Website-Duplication c) Mimicking d) Spamming Answer: a Explanation: Pharming is a strategy and approach used by
cybercriminals to create
phony web pages and sites in order to mislead users into giving over personal information such as login IDs and
passwords. 18. Which of the following is not a type of peer-to-peer cyber-crime? a) MiTM b) Injecting Trojans to a target
victim c) Credit card details leak in the deep web d) Phishing Answer: c Explanation: Peer-to-peer includes phishing, as
well as the distribution of Trojans and worms to individuals. The leakage of a huge number of people's credit card data
on the deep web, on the other hand, is classified as a computer-as-weapon cyber-crime. 19. A cyber-criminal or
penetration tester uses the additional data that stores certain special instructions in the memory for activities to break
the system in which of the following attack? a) Clickjacking b) Buffer-overflow c) Phishing d) MiTM Answer: b
Explanation: The excess data that contains certain specific instructions in the memory for actions are projected by a
cyber-criminal or penetration tester to break the system in a buffer-overflow attack. 20. Which of the following do Cyber
attackers commonly target for fetching IP address of a target or victim user? a) ip tracker b) emails c) websites d) web
pages Answer: c Explanation: Enumeration by cyber-attackers is also feasible via websites since attackers target
websites in order to obtain the victim's or target user's IP address. 21. Which of the following is defined as an attempt to
harm, damage or cause threat to a system or network? a) Digital crime b) Threats c) System hijacking d) Cyber Attack
Answer: d Explanation: Extortion, identity theft, email hacking, digital surveillance, stealing hardware, mobile hacking,
and physical security breaches are all examples of cyber assaults or activities. 22. They are nefarious hackers, and their
main motive is to gain financial profit by doing cyber crimes. Who are "they" referred to here? a) White Hat Hackers
b) Black Hat Hackers c) Hactivists d) Gray Hat Hackers Answer: b Explanation: Black Hat hackers, often known as
"crackers," are a sort of cyber crime that gain illegal access to a user's account or system in order to steal confidential
data or introduce malware into the system for personal gain or to harm the company. 23. IT security in any firm or
organization is maintained and handled by ____________________ a) Software Security Specialist b) CEO of the
organization c) Security Auditor d) IT Security Engineer Answer: d Explanation: This is a position in a company or
organisation where an individual develops and maintains different systems and security tools for the company or
organisation to which he or she belongs. 24. Where did the term "hacker" originate? a) MIT b) New York University c)
Harvard University d) Bell's Lab Answer: a Explanation: The term "hacker" was coined at MIT (Massachusetts Institute
of Technology) because individuals and highly competent professionals use computer languages to address various
challenges. In this context, labels such as geeks and nerds have been coined. 25. What is the existence of weakness in
a system or network is known as? a) Attack b) Exploit c) Vulnerability d) Threat Answer: c Explanation: Vulnerability is a
term that refers to a weakness in a network or system that an attacker may exploit. Exploiting a weakness in security
might have unintended and undesirable consequences. 26. Which of the following is an internet scam done by cyber-
criminals where the user is convinced digitally to provide confidential information. a) MiTM attack b) Phishing attack c)
Website attack d) DoS attack Answer: b Explanation: Phishing is a type of cybercrime in which a person is digitally
persuaded to
disclose private information. Phishing comes in a variety of forms. Some of them employ malware and emails to divert
users to various websites. 27. Which of the following is not a step followed by cyber-criminals in data breaching? a)
Exfiltration b) Research and info-gathering c) Attack the system d) Fixing the bugs Answer: d Explanation: During a
hack, cyber-criminals first do research on the target, gathering data about the victim's system and network. Then go
ahead and attack. Once the attacker has gained access, he or she takes sensitive information. 28. Which of the
following online service's privacy cannot be protected using Tor? a) Browsing data b) Instant messaging c) Login using
ID d) Relay chats Answer: c Explanation: Login using ID will obviously take your ID in order to access your account and
is not the headache of Tor. Privacy regarding instant messaging, browsing data, relay chats are some of the following
online services protected by Tor. 29. Which of the following term refers to a group of hackers who are both white and
black hat? a) Yellow Hat hackers b) Grey Hat hackers c) Red Hat Hackers d) White-Black Hat Hackers Answer: b
Explanation: Grey Hat Hackers are a hybrid of ethical and unethical hacker personalities. They hack other people's
computers for fun, but they don't hurt them, and they exploit network faults and vulnerabilities without the admin or
owner's awareness. 30. Which of the following is not an email-related hacking tool? a) Mail Password b) Email Finder
Pro c) Mail PassView d) Sendinc Answer: d Explanation: Sendinc is not a tool that compromises email data. It is used to
protect business email accounts and provides a fast web-based solution for businesses to start delivering secure
emails. The other three are email hacking tools. 30. Which of the following DDoS in mobile systems wait for the owner
to trigger the cyber attack? a) botnets b) programs c) virus
d) worms Answer: a Explanation: Botnets on infected mobile devices are waiting for orders from their owners. It starts a
DDoS flood attack after receiving the owner's instructions. As a result, calls are not connected or data is not sent. 31.
Which of the following is the least strong security encryption standard? a) WPA3 b) WPA2 c) WPA d) WEP Answer: d
Explanation: Wireless security is an important aspect of cyber-security. Wired Equivalent Privacy (WEP), Wi-Fi
Protected Access (WPA), WPA2, and WPA3 are the most common kinds of wireless security. WEP is a famously
insecure encryption protocol. 32. Which of the following is a Stuxnet? a) Trojan b) Antivirus c) Worm d) Virus Answer: c
Explanation: Stuxnet is a popular and powerful worm that came into existence in mid 2010, which was very powerful as
it was accountable for the cause of huge damage to Iran's Nuclear program. It mainly targets the PLCs (Programmable
Logic Controllers) in a system. 33. Which of the following ethical hacking technique is used for determining which
operating system (OS) is running on a remote computer? a) Operating System fingerprinting b) Operating System
penetration testing c) Digital-printing d) Machine printing Answer: a Explanation: OS fingerprinting is an ethical hacking
technique used for determining what operating system (OS) is running on a remote computer. OS Fingerprinting is the
practice of examining data packets that come from a network in order to extract intelligence that may be utilized in future
assaults. 34. Which of the following can diminish the chance of data leakage? a) Steganography b) Chorography c)
Cryptography d) Authentication Answer: a Explanation: Ordinary files are targeted by hackers or other cyber criminals in
order to
disguise distinct data or information within another data file. You can reduce the risk of data leaking by employing
steganography