Q1. The "CIA Triad" in information security stands for:
A) Central Intelligence Agency
B) Confidentiality, Integrity, Availability
C) Control, Integrity, Authorization
D) Confidentiality, Inspection, Authorization
E) Cyber Investigation Agency
Answer: B
Q2. Which type of Malware spreads automatically across networks without requiring any human interaction or a host file?
A) Virus
B) Trojan
C) Worm
D) Spyware
E) Adware
Answer: C
Q3. A program that appears to be useful or harmless but actually contains hidden malicious code is called a:
A) Worm
B) Trojan Horse
C) Virus
D) Patch
E) Cookie
Answer: B
Q4. "Phishing" is an attempt to:
A) Catch fish.
B) Acquire sensitive information (like passwords) by masquerading as a trustworthy entity in an email.
C) Scan for viruses.
D) Encrypt data.
E) Delete files.
Answer: B
Q5. Which malware locks your files and demands payment to unlock them?
A) Spyware
B) Adware
C) Ransomware
D) Firmware
E) Shareware
Answer: C
Q6. What is a "Firewall" used for?
A) To burn data.
B) To protect a network by filtering incoming and outgoing traffic based on rules.
C) To speed up the internet.
D) To store passwords.
E) To cool down the CPU.
Answer: B
Q7. "Keylogger" is a type of spyware that:
A) Records every keystroke you type (stealing passwords).
B) Logs you out.
C) Deletes keys.
D) Encrypts keys.
E) Unlocks doors.
Answer: A
Q8. Which attack involves flooding a server with excessive traffic to make it crash or become unavailable?
A) Phishing
B) Spoofing
C) DDoS (Distributed Denial of Service)
D) Sniffing
E) Spamming
Answer: C
Q9. "Ethical Hacking" is also known as:
A) Black Hat Hacking
B) White Hat Hacking
C) Grey Hat Hacking
D) Red Hat Hacking
E) Blue Hat Hacking
Answer: B
Q10. The process of converting readable text into unreadable gibberish to secure it is called:
A) Decryption
B) Encryption
C) Compression
D) Translation
E) Digestion
Answer: B
Q11. In "Asymmetric Encryption," how many keys are used?
A) One
B) Two (Public and Private)
C) Three
D) Four
E) Zero
Answer: B
Q12. What does the "S" in HTTPS stand for?
A) Standard
B) System
C) Secure
D) Simple
E) Speed
Answer: C
Q13. A "Botnet" is:
A) A network of robots.
B) A network of compromised/infected computers controlled by a hacker to perform attacks.
C) A fast internet connection.
D) A secure network.
E) An antivirus tool.
Answer: B
Q14. "Social Engineering" in cyber security refers to:
A) Building social networks.
B) Manipulating people into giving up confidential information (Human Hacking).
C) Programming robots.
D) Designing websites.
E) Hardware engineering.
Answer: B
Q15. Which of the following is NOT a type of virus?
A) Boot Sector Virus
B) Macro Virus
C) Polymorphic Virus
D) Norton (This is an Antivirus)
E) File Infector
Answer: D
Q16. "Spyware" is generally considered to be:
A) A virus.
B) Malware that collects information about users without their knowledge.
C) Antivirus.
D) A Firewall.
E) Operating System.
Answer: B
Q17. Which symbol indicates a secure website connection in the browser?
A) Padlock
B) Key
C) Shield
D) Checkmark
E) Warning triangle
Answer: A
Q18. "2FA" stands for:
A) 2 Factor Authentication
B) 2 Fast Authorization
C) 2 File Access
D) 2 Folder Access
E) 2 Factor Authorization
Answer: A (e.g., Password + OTP).
Q19. "Vishing" is:
A) Video Phishing.
B) Voice Phishing (Phishing over the phone).
C) Virtual Phishing.
D) Virus Phishing.
E) Visual Phishing.
Answer: B
Q20. A "Logic Bomb" is:
A) A puzzle game.
B) Malicious code inserted into a program that executes only when specific conditions are met (e.g., a specific date).
C) A physical bomb.
D) A firewall rule.
E) An antivirus update.
Answer: B
Q21. "Identity Theft" occurs when:
A) You forget your password.
B) Someone steals your personal information (Name, SSN, Credit Card) to commit fraud.
C) You lose your ID card.
D) A computer crashes.
E) You change your name.
Answer: B
Q22. "Spam" refers to:
A) Unsolicited/Unwanted bulk emails.
B) A virus.
C) A firewall.
D) A hacker.
E) A type of memory.
Answer: A
Q23. "Patch" is:
A) A piece of cloth.
B) A software update designed to fix bugs or security vulnerabilities.
C) A virus.
D) A password.
E) A hardware tool.
Answer: B
Q24. "Cyber Stalking" involves:
A) Walking behind someone.
B) Using the internet to harass, threaten, or intimidate someone.
C) Stealing data.
D) Sending spam.
E) Creating viruses.
Answer: B
Q25. Which law in India deals with Cyber Crime?
A) IPC 1860
B) IT Act 2000
C) Copyright Act 1957
D) Consumer Protection Act
E) Companies Act
Answer: B (Information Technology Act).
Q26. A "Black Hat Hacker" is:
A) A security professional.
B) A hacker with malicious intent (Cyber Criminal).
C) An unskilled hacker.
D) A government hacker.
E) A hacker who wears hats.
Answer: B
Q27. "Brute Force Attack" is:
A) Hitting the computer.
B) Trying every possible combination of characters to guess a password.
C) Stealing the hard drive.
D) Sending a virus.
E) Flooding the network.
Answer: B
Q28. "Cookie Poisoning" is:
A) Making cookies taste bad.
B) Modifying the contents of a cookie to bypass security mechanisms or steal identity.
C) Deleting cookies.
D) Blocking cookies.
E) Eating cookies.
Answer: B
Q29. Which of the following is considered the strongest Wi-Fi security standard currently available for home use?
A) WEP
B) WPA
C) WPA2
D) WPA3
E) WPS
Answer: D
Q30. "Zero-Day Attack" refers to:
A) An attack that happens at midnight.
B) An attack that exploits a vulnerability before the software developer knows about it or has a patch for it.
C) An attack that causes zero damage.
D) An attack that lasts zero days.
E) An attack on day one of the month.
Answer: B
Q31. "VPN" protects your data by:
A) Speeding it up.
B) Encrypting your internet traffic through a secure tunnel.
C) Deleting it.
D) Sending it to the police.
E) Compressing it.
Answer: B
Q32. "Biometrics" uses what for authentication?
A) Passwords.
B) Physical characteristics (Fingerprint, Face, Iris).
C) Smart Cards.
D) PINs.
E) Usernames.
Answer: B
Q33. A "Digital Certificate" is used to:
A) Award a student.
B) Verify the ownership of a public key (identity of a website).
C) Print a document.
D) Encrypt a hard drive.
E) Clean a virus.
Answer: B
Q34. "Malware" is a short form for:
A) Malfunction Software
B) Malicious Software
C) Male Software
D) Main Software
E) Major Software
Answer: B
Q35. "Adware" typically:
A) Destroys data.
B) Displays unwanted advertisements.
C) Steals passwords.
D) Encrypts files.
E) Slows down the fan.
Answer: B
Q36. Which attack involves injecting malicious SQL code into a database query?
A) XSS (Cross Site Scripting)
B) CSRF
C) SQL Injection
D) Buffer Overflow
E) DoS
Answer: C
Q37. "Sniffing" in networking means:
A) Smelling the computer.
B) Intercepting and monitoring data packets flowing over a network.
C) Sending viruses.
D) Blocking traffic.
E) Hacking passwords.
Answer: B
Q38. "Rootkit" is dangerous because:
A) It is easy to find.
B) It hides deep in the OS and gives the attacker "Root" (Admin) privileges, making it very hard to detect/remove.
C) It deletes root folders.
D) It grows roots in the hardware.
E) It is a weak virus.
Answer: B
Q39. "WannaCry" was a famous example of:
A) Spyware
B) Ransomware
C) Adware
D) Trojan
E) Worm
Answer: B
Q40. "Cyber Espionage" involves:
A) Stealing money.
B) Stealing trade secrets or government information (Spying) using digital means.
C) Harassing people.
D) Defacing websites.
E) Playing games.
Answer: B
Q41. A "Proxy Server" can hide your:
A) Identity (IP Address).
B) Computer name.
C) Monitor resolution.
D) Keyboard layout.
E) Password.
Answer: A
Q42. "Clickjacking" is:
A) Stealing a mouse.
B) Tricking a user into clicking on something different from what the user perceives (e.g., an invisible button).
C) Clicking very fast.
D) Disabling the click.
E) Clicking ads.
Answer: B
Q43. Which of the following is a physical security measure?
A) Firewall
B) Antivirus
C) Biometric Door Lock
D) Encryption
E) Password
Answer: C
Q44. "Penetration Testing" (Pen Testing) is:
A) Testing a pen.
B) An authorized simulated cyberattack on a computer system to evaluate its security (Ethical Hacking).
C) Writing code.
D) Checking hardware.
E) Testing internet speed.
Answer: B
Q45. "Shoulder Surfing" is:
A) A water sport.
B) Looking over someone's shoulder to see their password/PIN.
C) Surfing the web.
D) Hacking Wi-Fi.
E) Sending emails.
Answer: B
Q46. "CAPTCHA" stands for:
A) Completely Automated Public Turing test to tell Computers and Humans Apart.
B) Computer Automated Public Test.
C) Control Automated Public Test.
D) Computer Access Public Test.
E) None of the above.
Answer: A
Q47. "Non-Repudiation" means:
A) You can deny sending a message.
B) The sender cannot deny having sent the message (Proof of Origin).
C) The receiver cannot read the message.
D) The message is deleted.
E) The message is encrypted.
Answer: B
Q48. "Cryptojacking" is:
A) Stealing cryptocurrency wallets.
B) Unauthorized use of someone's computer to mine cryptocurrency.
C) Encrypting data.
D) Hacking banks.
E) Stealing keys.
Answer: B
Q49. Which protocol provides secure communication over the internet (replacing SSL)?
A) TLS (Transport Layer Security)
B) TCP
C) IP
D) HTTP
E) FTP
Answer: A
Q50. "Dumpster Diving" in security terms means:
A) Searching through trash to find discarded documents with sensitive info (passwords, bank statements).
B) Cleaning the Recycle Bin.
C) Deleting files.
D) Diving into a pool.
E) Formatting a drive.
Answer: A
Q51. The "Sandbox" technique in security involves:
A) Playing in sand.
B) Running suspicious programs in an isolated environment to analyze their behavior without risking the main system.
C) Deleting files.
D) Blocking websites.
E) Cleaning viruses.
Answer: B
Q52. "Cross-Site Scripting" (XSS) is an attack where:
A) The hacker steals the server.
B) Malicious scripts are injected into trusted websites and executed by the victim's browser.
C) The website crashes.
D) Passwords are guessed.
E) Emails are spammed.
Answer: B
Q53. A "Honeypot" is:
A) A sweet trap.
B) A decoy computer system designed to attract hackers to study their methods or distract them.
C) A secure server.
D) A password manager.
E) An antivirus.
Answer: B
Q54. Which of the following is considered "Two-Step Verification"?
A) Entering a password twice.
B) Entering a password and a PIN.
C) Entering a password and receiving a code on your phone (OTP).
D) Entering a username and ID.
E) Using two different computers.
Answer: C
Q55. "Symmetric Encryption" uses:
A) Different keys for encryption and decryption.
B) The same key (Secret Key) for both encryption and decryption.
C) No keys.
D) Three keys.
E) Biometrics.
Answer: B
Q56. "Data Masking" is:
A) Deleting data.
B) Obfuscating specific data elements (like credit card numbers) to protect sensitive information (e.g., showing XXXXXX1234).
C) Hiding folders.
D) Encrypting the whole drive.
E) Backing up data.
Answer: B
Q57. "War Driving" is:
A) Fighting a war.
B) Driving around searching for open/unsecured Wi-Fi networks.
C) Driving a tank.
D) Racing online.
E) Hacking cars.
Answer: B
Q58. Which of the following is NOT a biometric method?
A) Fingerprint Scan
B) Retina Scan
C) Voice Recognition
D) Password
E) Face Recognition
Answer: D
Q59. "IP Spoofing" involves:
A) Hiding the IP.
B) Creating IP packets with a false source IP address to impersonate another computer system.
C) Tracking an IP.
D) Changing the IP legally.
E) Blocking an IP.
Answer: B
Q60. A "Backdoor" in software is:
A) The exit button.
B) A hidden method of bypassing normal authentication to access the system.
C) A security feature.
D) A virus.
E) A type of firewall.
Answer: B
Q61. "Salting" a password means:
A) Adding random data to the password before hashing it to defend against dictionary attacks.
B) Writing it on paper.
C) Changing it frequently.
D) Making it longer.
E) Encrypting it twice.
Answer: A
Q62. "Hashing" is different from "Encryption" because:
A) Hashing is reversible; Encryption is not.
B) Hashing is one-way (irreversible); Encryption is two-way (reversible with a key).
C) Hashing is slower.
D) Hashing uses keys.
E) They are the same.
Answer: B
Q63. Which algorithm is commonly used for secure hashing?
A) SHA-256
B) AES
C) RSA
D) DES
E) TCP
Answer: A
Q64. Which algorithm is commonly used for Symmetric Encryption?
A) AES (Advanced Encryption Standard)
B) RSA
C) SHA
D) MD5
E) Diffie-Hellman
Answer: A
Q65. Which algorithm is commonly used for Asymmetric Encryption?
A) RSA
B) AES
C) DES
D) 3DES
E) Blowfish
Answer: A
Q66. "Session Hijacking" involves:
A) Stealing a laptop.
B) Taking over a user's active session (stealing the session cookie) to act as that user.
C) Crashing the session.
D) Recording the screen.
E) Blocking the user.
Answer: B
Q67. "Bluejacking" is:
A) Sending unsolicited messages to Bluetooth-enabled devices.
B) Hacking Wi-Fi.
C) Stealing blue cables.
D) Crashing a phone.
E) A virus.
Answer: A
Q68. "Bluesnarfing" is:
A) Stealing data (contacts/messages) from a device via Bluetooth connection.
B) Sending messages via Bluetooth.
C) Turning off Bluetooth.
D) Connecting headphones.
E) A type of music.
Answer: A (More dangerous than Bluejacking).
Q69. "Data Breach" refers to:
A) Data getting lost.
B) Unauthorized access and retrieval of sensitive data by an individual or application.
C) Deleting data.
D) Encrypting data.
E) Moving data.
Answer: B
Q70. "Information Assurance" focuses on:
A) Managing risks related to the use, processing, storage, and transmission of information.
B) Assuring the user.
C) Insuring the hardware.
D) Backing up data only.
E) Installing antivirus.
Answer: A
Q71. A "Script Kiddie" is:
A) A professional hacker.
B) An unskilled individual who uses scripts or programs developed by others to attack computer systems.
C) A child learning to code.
D) A virus writer.
E) A security expert.
Answer: B
Q72. "Computer Forensics" is:
A) Repairing computers.
B) The application of investigation and analysis techniques to gather and preserve evidence from a computing device (for legal purposes).
C) Building computers.
D) Cleaning computers.
E) Selling computers.
Answer: B
Q73. The "Dark Web" is often associated with illegal activity because:
A) It is dark in color.
B) It provides high anonymity using Tor, making users hard to trace.
C) It has no police.
D) It is offline.
E) It is expensive.
Answer: B
Q74. "Tailgating" (or Piggybacking) in physical security is:
A) Driving a car.
B) Following an authorized person into a secure area without using one's own credentials.
C) Hacking a gate.
D) Breaking a lock.
E) Using a fake ID.
Answer: B
Q75. Which ISO standard relates to Information Security Management?
A) ISO 9001
B) ISO 27001
C) ISO 14001
D) ISO 20000
E) ISO 50001
Answer: B
Q76. "Air Gapping" a computer means:
A) Cooling it with air.
B) Physically isolating it from unsecured networks (like the internet) – literally having a gap of air between it and the network.
C) Using Wi-Fi.
D) Cleaning the dust.
E) Placing it in the cloud.
Answer: B (Very high security).
Q77. "Dictionary Attack" is a method of:
A) Learning words.
B) Cracking passwords by trying every word in a dictionary.
C) Attacking a library.
D) Stealing books.
E) Encrypting text.
Answer: B
Q78. "Rainbow Table" is used for:
A) Drawing rainbows.
B) Cracking password hashes by looking up pre-computed hash chains.
C) Designing websites.
D) Sorting colors.
E) Encrypting data.
Answer: B
Q79. "Polymorphic Virus":
A) Changes its code/signature every time it replicates to evade detection by antivirus.
B) Stays the same.
C) Deletes files.
D) Slows down PC.
E) Attacks mobile phones.
Answer: A
Q80. "Steganography" is:
A) Writing in secret code.
B) Hiding a message/file inside another file (like hiding text inside an image) so no one knows it exists.
C) Drawing maps.
D) Encrypting data.
E) Creating passwords.
Answer: B
Q81. "Exploit" in cyber security is:
A) A heroic act.
B) Code that takes advantage of a software vulnerability / bug.
C) A patch.
D) A virus scanner.
E) A firewall rule.
Answer: B
Q82. Which of the following protects intellectual property?
A) Firewall
B) Copyright
C) Password
D) Antivirus
E) VPN
Answer: B
Q83. A "Grey Hat Hacker":
A) Hacks for fun or to find bugs, sometimes breaking laws but without malicious intent (mix of White and Black).
B) Is a criminal.
C) Is a government employee.
D) Is a beginner.
E) Hides in shadows.
Answer: A
Q84. "Whaling" is a specific type of Phishing that targets:
A) Anyone.
B) High-profile targets (CEOs, CFOs, Top Executives).
C) Whales.
D) Poor people.
E) Students.
Answer: B
Q85. "Compliance" in security means:
A) Agreeing with hackers.
B) Adhering to laws, regulations, and guidelines (like GDPR, HIPAA).
C) Complaining about security.
D) Ignoring rules.
E) Installing software.
Answer: B
Q86. "GDPR" stands for:
A) General Data Protection Regulation (EU Law).
B) Global Data Protection Rule.
C) General Digital Protection Right.
D) Global Digital Privacy Rule.
E) Good Data Practice Rule.
Answer: A
Q87. "Buffer Overflow" is an attack that:
A) Overflows the water buffer.
B) Writes more data to a block of memory (buffer) than it can hold, corrupting adjacent data or crashing the system.
C) Clears the buffer.
D) Speeds up the buffer.
E) Encrypts the buffer.
Answer: B
Q88. "BYOD" stands for:
A) Bring Your Own Device
B) Build Your Own Database
C) Buy Your Own Disk
D) Bring Your Own Data
E) Back Your Own Data
Answer: A (Employees using personal phones/laptops for work).
Q89. "Endpoint Security" focuses on protecting:
A) The internet cables.
B) The devices (endpoints) like laptops, mobiles, and desktops connected to the network.
C) The server room.
D) The cloud.
E) The power supply.
Answer: B
Q90. "Hacktivism" is:
A) Hacking for money.
B) Hacking to promote a political or social cause.
C) Hacking for fun.
D) Learning to hack.
E) Accidental hacking.
Answer: B
Q91. "MD5" is a:
A) Hashing Algorithm (produces 128-bit hash).
B) Encryption Algorithm.
C) Virus.
D) Antivirus.
E) Protocol.
Answer: A (Considered weak/broken now).
Q92. "Multi-Factor Authentication" (MFA) requires:
A) Two or more verification methods from different categories (Something you know, Something you have, Something you are).
B) Multiple passwords.
C) Multiple users.
D) Multiple computers.
E) Multiple emails.
Answer: A
Q93. A "Cold Site" in disaster recovery is:
A) A backup facility with power/cooling but no hardware/data installed.
B) A fully operational backup site.
C) A site in a cold climate.
D) A website that is offline.
E) A frozen computer.
Answer: A
Q94. A "Hot Site" in disaster recovery is:
A) A fully equipped backup facility that can take over operations immediately.
B) A site on fire.
C) A popular website.
D) An empty room.
E) A cloud server.
Answer: A
Q95. "Least Privilege" principle means:
A) Giving users the lowest possible access rights needed to do their job.
B) Giving everyone Admin rights.
C) Giving no rights.
D) Giving rights to guests.
E) Ignoring rights.
Answer: A
Q96. "Packet Sniffer" tool examples include:
A) Wireshark
B) Photoshop
C) Excel
D) Paint
E) Word
Answer: A
Q97. "Shoulder Surfing" can be prevented by:
A) Using privacy screen filters.
B) Typing louder.
C) Using a bigger monitor.
D) Turning off the monitor.
E) Standing up.
Answer: A
Q98. "Soft Token" is:
A) A physical key fob.
B) A software app (like Google Authenticator) that generates OTPs.
C) A coin.
D) A password.
E) A virus.
Answer: B
Q99. "Time Bomb" virus:
A) Explodes the computer.
B) Activates on a specific date or time.
C) Stops the clock.
D) Speeds up time.
E) Deletes the calendar.
Answer: B
Q100. The weakest link in any security chain is usually:
A) The Firewall.
B) The Encryption.
C) The Human (User).
D) The Hardware.
E) The Software.
Answer: C
0 Comments
Post a Comment