Wa0000

Cyber Security Questions and Answers
OSI Model Security – 2
1. Which of the following is not a transport layer vulnerability?

a) Mishandling of undefined, poorly defined
b) The Vulnerability that allows “fingerprinting” & other enumeration of host
information
c) Overloading of transport-layer mechanisms
d) Unauthorized network access
Answer: d
Explanation: The different vulnerabilities of the Transport layer are mishandling
of undefined, poorly defined, Vulnerability that allow “fingerprinting” & other
enumeration of host information, Overloading of transport-layer mechanisms etc.
Unauthorized network access is an example of physical layer vulnerability.
2. Which of the following is not session layer vulnerability?
a) Mishandling of undefined, poorly defined
b) Spoofing and hijacking of data based on failed authentication attempts
c) Passing of session-credentials allowing intercept and unauthorized use
d) Weak or non-existent authentication mechanisms
Answer: a
Explanation: Vulnerabilities of session layer of the OSI model are spoofing and
hijacking of data based on failed authentication attempts, weak or non-existent
authentication mechanisms, and the passing of session-credentials allowing
intercept and unauthorized use.
3. Failed sessions allow brute-force attacks on access credentials. This type of
attacks are done in which layer of the OSI model?
a) Physical layer
b) Data-link Layer
c) Session layer
d) Presentation layer
Answer: c
Explanation: Session identification may be subject to spoofing may lead to data
leakage which depends on failed authentication attempts and allow hackers to
allow brute-force attacks on access credentials.
4. Transmission mechanisms can be subject to spoofing & attacks based on skilled
modified packets.
a) True
b) False
Answer: a
Explanation: Transmission mechanisms can be subject to spoofing & attacks
based on skilled modified packets. This type of attacks is done in the transport
layer of the OSI model.
5. Which of the following is not an example of presentation layer issues?
a) Poor handling of unexpected input can lead to the execution of arbitrary
instructions
b) Unintentional or ill-directed use of superficially supplied input
c) Cryptographic flaws in the system may get exploited to evade privacy
d) Weak or non-existent authentication mechanisms
Answer: d
Explanation: Cryptographic flaws may be exploited to circumvent privacy,
unintentional or ill-directed use of superficially supplied input, and poor
handling of unexpected input are examples of presentation layer flaws.
6. Which of the following is not a vulnerability of the application layer?

a) Application design bugs may bypass security controls
b) Inadequate security controls force “all-or-nothing” approach
c) Logical bugs in programs may be by chance or on purpose be used for crashing
programs
d) Overloading of transport-layer mechanisms
Answer: d
Explanation: Application design flaws may bypass security controls, inadequate
security controls as well as logical bugs in programs may be by chance or on
purpose be used for crashing programs. These all are part of application layer
vulnerability.
7. Which of the following is an example of Transport layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) poor handling of unexpected input
d) highly complex application security controls
Answer: b
Explanation: Overloading of transport-layer mechanisms is an example of
transport layer vulnerability. Other examples of Transport layer vulnerability are
mishandling of undefined, poorly defined, Vulnerability that allows
“fingerprinting” & other enumeration of host information.
8. Which of the following is an example of session layer vulnerability?
c) poor handling of unexpected input
d) highly complex application security controls
Answer: a
Explanation: Weak or non-existent mechanisms for authentication is an example
of session layer vulnerability. Other examples are spoofing and hijacking of data
based on failed-authentication attempts & passing of session-credentials
allowing intercept and unauthorized use.
9. Which of the following is an example of presentation layer vulnerability?
c) highly complex application security controls
d) poor handling of unexpected input
Answer: d
Explanation: Poor handling of unexpected input is an example of presentation
layer vulnerability. Cryptographic flaws may be exploited to circumvent privacy,
unintentional use of superficially supplied input are some other examples of
presentation layer vulnerability.
10. Which of the following is an example of application layer vulnerability?
a) Cryptographic flaws lead to the privacy issue
b) Very complex application security controls
c) MAC Address Spoofing
d) Weak or non-existent authentication
Answer: b
Explanation: Very complex application security controls can be an example of
application layer vulnerability. Inadequate security controls, as well as logical
bugs in programs, are some other examples of such type.
TCP-IP Model Security
11. TCP/IP is extensively used model for the World Wide Web for providing
network communications which are composed of 4 layers that work together.
a) True
b) False
Answer: a
Explanation: TCP/IP is extensively used model for the World Wide Web for
providing network communications which are composed of 4 layers that work
together. Each layer is composed of header and payload.
12. TCP/IP is composed of _______ number of layers.

a) 2
b) 3
c) 4
d) 5
Answer: c
Explanation: TCP/IP is extensively used model for the World Wide Web for
providing network communications which are composed of 4 layers that work
together. Each layer is composed of header and payload.
13. Trusted TCP/IP commands have the same needs & go through the identical
verification process. Which of them is not a TCP/IP command?
a) ftp
b) rexec
c) tcpexec
d) telnet
Answer: c
Explanation: Trusted TCP/IP commands such as ftp, rexec and telnet have the
same needs & go through the identical verification process. Internet & TCP/IP
are often implemented synonymously.
14. Connection authentication is offered for ensuring that the remote host has the
likely Internet Protocol (IP) ___________ & _________
a) address, name
b) address, location
c) network, name
d) network, location
Answer: a
Explanation: Connection authentication is offered for ensuring that the remote
host has the likely Internet Protocol (IP)’s address & name. This avoids a remote
host to masquerade as an added remote host.
15. Application layer sends & receives data for particular applications using Hyper
Text Transfer Protocol (HTTP), and Simple Mail Transfer Protocol (SMTP).
a) True
b) False
Answer: a
Explanation: Application layer sends & receives data for particular applications
using HyperText Transfer Protocol (HTTP), and Simple Mail Transfer Protocol
(SMTP). Hence, data encryption for HTTP and SMTP is important.
16. TLS vulnerability is also known as Return of Bleichenbacher’s Oracle Threat
a) True
b) False
Answer: a
Explanation: Return of Bleichenbacher’s Oracle Threat is a transport layer
vulnerability that allows an attacker to get hold of the RSA key essential to
decrypt TLS traffic below certain conditions.
17. RoBOT is abbreviated as ___________

a) Return of Bleichenbacher’s Oracle Team
b) Rise of Bleichenbacher’s Oracle Threat
c) Return of Bleichenbacher’s Operational Threat
d) Return of Bleichenbacher’s Oracle Threat
Answer: d
Explanation: Return of Bleichenbacher’s Oracle Threat is a transport layer
vulnerability that allows an attacker to get hold of the RSA key essential to
decrypt TLS traffic below certain conditions.
18. There are __________ different versions of IP popularly used.
a) 2
b) 3
c) 4
d) 5
Answer: 2
Explanation: There are two different versions of IPs used popularly over the
internet. These are IPv4 and IPv6. IPv4 is a 32-bits numeric address written in
decimal with 4 numbers separated by dots whereas IPv6 addresses are 128-bits
written in hexadecimal & separated by colons.
19. ____________ is an attack where the attacker is able to guess together with the
sequence number of an in progress communication session & the port number.
a) TCP Spoofing
b) TCP Blind Spoofing
c) IP Spoofing
d) IP Blind Spoofing
Answer: b
Explanation: TCP Blind Spoofing is an attack where the attacker is able to guess
together with the sequence number of an in progress communication session &
the port number.
20. ___________ is an attack technique where numerous SYN packets are spoofed
with a bogus source address which is then sent to an inundated server.
a) SYN flooding attack
b) ACK flooding attack
c) SYN & ACK flooding attack
d) Packet flooding attack
Answer: a
Explanation: SYN flooding attack is an attack technique where numerous SYN
packets are spoofed with a bogus source address which is then sent to an
inundated server. The SYN & ACK segments need to begin in a TCP
connection.
21. Which of them is not an attack done in the network layer of the TCP/IP model?
a) MITM attack
b) DoS attack
c) Spoofing attack
d) Shoulder surfing
Answer: d
Explanation: MITM, Denial of Service (DoS), and spoofing attacks are possible
in the network layer of the TCP/IP model. It is important to secure the network
layer as it is the only means to make certain that your application is not getting
flooded with attacks.
22. Which of them is not an appropriate method of router security?
a) Unused ports should be blocked
b) Unused interfaces and services should be disabled
c) Routing protocol needs to be programmed by security experts
d) Packet filtering needs to be enabled
Answer: c
Explanation: Unused ports should be blocked, Unused interfaces and services
should be disabled, and Packet filtering needs to be enabled are some of the
security measures that need to be taken for the routers.
23. Which 2 protocols are used in the Transport layer of the TCP/IP model?
a) UDP and HTTP
b) TCP and UDP
c) HTTP and TCP
d) ICMP and HTTP
Answer: b
Explanation: The transport layer can voluntarily declare the consistency of
communications. Transmission Control Protocol (TCP) & User Datagram
Protocol (UDP) are the most common transport layer protocols.
24. Which of the protocol is not used in the network layer of the TCP/IP model?
a) ICMP
b) IP
c) IGMP
d) HTTP
Answer: d
Explanation: Internet Control Message Protocol (ICMP), Internet Protocol (IP)
and Internet Group Management Protocol (IGMP) are used in the network layer.
HTTP is used in application layer of TCP/IP model.
25. ____________ protocol attack is done in the data-link layer.
a) HTTP
b) DNS
c) TCP/IP
d) POP
Answer: b
Explanation: DNS protocol attack is done in the application layer of the TCP/IP
model which allows attackers to modify DNS records in order to misdirect user
traffic and land them in some malicious or spoofed address
Data Leakage and Prevention – 1
26. _____________ is the illicit transmission of data from inside an organization or

personal system to an external location or recipient.
a) Database hacking
b) Data leakage
c) Data cracking
d) Data revealing
Answer: b
Explanation: Data leakage is the illicit transmission of data from inside an
organization or personal system to an external location or recipient. The phrase
is used for describing data which is transferred electronically or even physically.
27. Data leakage threats do not usually occur from which of the following?
a) Web and email
b) Mobile data storage
c) USB drives and laptops
d) Television
Answer: d
Explanation: Data leakage threats are common from web and emails, mobile data
storage devices such as internal or external storage and memory cards, from
USB drives and laptops.
28. Data leakage is popularly known as ___________
a) data theft
b) data crack
c) low and slow data theft
d) slow data theft
Answer: c
Explanation: Data leakage is also known as ‘low and slow data theft’, which is a
massive issue for data security & the damage caused to any firm is enormous.
Every day there is at least one report of data theft that occurs worldwide.
29. There are __________ major types of data leakage.
a) 2
b) 3
c) 4
d) 5
Answer: b
Explanation: There are three major types of data leakage. These are – data
breach by accident, data leak done by ill-intentioned employees and electronic
communication with malicious intent.
30. “Unauthorized” data leakage doesn’t essentially mean intended or malicious.

a) True
b) False
Answer: a
Explanation: “Unauthorized” data leakage doesn’t essentially mean intended or
malicious. It has been found that the majority of data leakage incidents are
accidental but the loss occurred are severe.
31. Unintentional data leakage can still result in the same penalties and reputational
damage.
a) True
b) False
Answer: a
Explanation: “Unintentional” data leakage doesn’t essentially mean intended or
malicious. It has been found that the majority of data leakage incidents are
accidental but it can still result in the same penalties and reputational damage.
32. When leakage of data is done purposely or because of the lack of employee’s
concern toward confidential data is called ___________ done by employees of an
organization.
a) Ill-intentional data leakage
b) Malfunctioned in database
c) A malfunction in online data
d) ill-intension of an outsider
Answer: a
Explanation: When leakage of data is done purposely or because of the lack of
employee’s concern toward confidential data is called Ill-intentional data leakage
done by employees of an organization.
Data Leakage and Prevention – 2
33. ______________ is the unauthorized movement of data.

a) Data exfiltration
b) Data infiltration
c) Data cracking
d) Database hacking
Answer: a
Explanation: Data exfiltration is the unauthorized movement of data. It
comprises data exportation, data extrusion, data leakage, and data theft and all of
them come under data hacking.
34. Which of them is an example of physical data leakage?

a) Dumpster diving
b) MiTM
c) DDoS
d) Phishing
Answer: a
Explanation: Physical data leakage can be done intentionally by criminal-minded
people who can fetch data from dumpster diving, shoulder surfing, data
mentioned in printed papers or taken out of photocopiers.
35. Which of them is not an example of data leakage done using electronic
communication with malicious intent?
a) Phishing
b) Spoofed Email
c) Attacks using malware
d) Dumpster diving
Answer: d
Explanation: Many organizations provide employees right to use the internet,
emails as well as instant messaging as part of their role. But these are prior
targets of hackers for data leaking using techniques such as phishing, spoofing
and attacking target victim using malware.
36. The three steps of data loss prevention are – Identify, Discover
and______________
a) Classify
b) Clarify
c) Deletion
d) Detection
Answer: a
Explanation: The three steps of data loss prevention are – Identify, Discover and
Classify. First, you have to identify the systems of records. Then you’ve to
classify what comprises of sensitive data on those systems & discover the data
elements which are sensitive depending on those classifications.
37. Which of the following is not a step of data-loss prevention?

a) Identify
b) Manage
c) Classify
d) Discover
Answer: b
Explanation: The three steps of data loss prevention are – Identify, Discover and
Classify. First, you have to identify the systems of records. Then you’ve to
classify what comprises of sensitive data on those systems & discover the data
elements which are sensitive depending on those classifications.
38. Mapping of data-flow in an organization is very useful in understanding the
risk better due to actual & potential data leakage.
a) True
b) False
Answer: a
Explanation: Mapping of data-flow in an organization from different systems (to
record the downstream and upstream sources) is very useful in understanding the
risk better due to actual & potential data leakage.
39. Data leakage prevention is based on factors like access controls, persistent,
encryption, alerting, tokenization, blocking dynamic data masking, etc.
a) True
b) False
Answer: a
Explanation: Data leakage prevention is based on factors like access controls,
persistent, encryption, alerting, tokenization, blocking dynamic data masking,
etc. Like data loss prevention, data leakage also needs concern and care for data
safety.
40. Data leakage threats are done by internal agents. Which of them is not an
example of an internal data leakage threat?
a) Data leak by 3rd Party apps
b) Data leak by partners
c) Data leak by employees
d) Data leak from stolen credentials from the desk
Answer: a
Explanation: Data leak by 3rd Party apps is an example of malicious outsider
threat that falsely gained access by masquerading itself. Data leak by business
partners, employees or from stolen credentials are insider’s data-leakage threats.
41. _____________ focuses on the detection & prevention of sensitive data
exfiltration and lost data.
a) Data loss prevention
b) Data loss measurement
c) Data stolen software
d) Data leak prevention
Answer: a
Explanation: Data loss prevention focuses on the detection & prevention of
sensitive data exfiltration and lost data. It also deals with lost & stolen thumb
drive or data blocked by ransomware attacks
Information Gathering Phase & Techniques – 1
42. ________________ is a component of the reconnaissance stage that is used to

gather possible information for a target computer system or network.
a) Fingerprinting
b) 3D printing
c) Footprinting
d) Data printing
Answer: c
Explanation: Footprinting is a component of the reconnaissance stage that is
used to gather possible information for a target computer system or network. It
can be either active or passive footprinting.
43. How many types of footprinting are there?

a) 5
b) 4
c) 3
d) 2
Answer: d
can be of 2 types: active or passive footprinting.
44. ________________ is one of the 3 pre-attacking phase.
a) Fingerprinting
b) 3D printing
c) Footprinting
d) Data printing
Answer: c
can be either active or passive footprinting.
45. A/An ______________ spends 85% of his/her time in profiling an organization
and rest amount in launching the attack.
a) security analyst
b) attacker
c) auditor
d) network engineer
Answer: b
Explanation: An attacker spends 85% of his/her time in profiling an organization
and rest amount in launching the attack. Footprinting results in a unique
organization profile with respect to the networks.
46. _______________ is necessary to methodically & systematically ensure all
pieces of information related to target.
a) Fingerprinting
b) 3D printing
c) Footprinting
d) Data printing
Answer: c
Explanation: Footprinting is a component of the reconnaissance stage which is
necessary to methodically & systematically ensure all pieces of information
related to the target. It can be either active or passive footprinting.
47. Which of the following is not a spot from where attackers seek information?
a) Domain name
b) IP address
c) System enumeration
d) Document files
Answer: d
Explanation: Internet is a common medium for gathering information such as
from Domain name, IP address of the target user, enumeration of victim’s
system, IDSes running, TCP & UDP services etc.
48. Which of them is not an information source over the internet for target
attackers?
a) Whois
b) YouTube
c) Nslookup
d) Archive sites
Answer: b
Explanation: Information can be available free from some sites and databases
residing on the internet. These services and sites are – Whois, Nslookup, Archive
Sites, open-source software sites etc.
49. Footprinting is used to collect information such as namespace, employee info,
phone number and emails, job details.
a) True
b) False
Answer: a
Explanation: Footprinting is used to collect information such as namespace,
employee info, phone number and emails, job details, IP address domain name,
geo-location, browsing history etc.
50. Spywares can be used to steal _______________ from the attacker’s browser.
a) browsing history
b) company details
c) plug-ins used
d) browser details
Answer: a
Explanation: Spywares can be used to steal browsing history, browsing habits
and other related searches from the attacker’s browser. Google chrome itself has
a search box in the address bar which the spyware might monitor to take search
results as information for the attacker.
51. https://archive.org is a popular site where one can enter a domain name in its
search box for finding out how the site was looking at a given date.
a) True
b) False
Answer: a
Explanation: https://archive.org is a popular archive site where one can enter a
domain name in its search box for finding out how the site was looking at a
given date. It stores all the details about the look and working of the site, even
when the site got updated.
52. Information about people is available people search sites. Which of them is an
example of people data searching site?
a) people.com
b) indivinfo.org
c) intelius.com
d) peopleinfo.org
Answer: c
Explanation: Information about people is available people search sites.
https://www.intelius.com/ is an example of such site which holds records of
people’s information.
53. You can attain a series of IP addresses allotted to a particular company using
__________ site.
a) https://www.ipdata.org/
b) https://www.arin.net/
c) https://www.ipip.com/
d) https://www.goipaddr.net/
Answer: b
Explanation: Hackers can attain a series of IP addresses allotted to a particular
company using https://www.arin.net/ site. Hackers can enter the company name
in the search box for finding a list of all the assigned IP addresses.
54. ARIN is abbreviated as _____________
a) American Registry for Internet Numbers
b) American Registry for IP Numbers
c) All Registry for Internet Numbers
d) American Registry for IP Numbering
Answer: a
Explanation: ARIN is abbreviated as American Registry for Internet Numbers.
Hackers can attain a series of IP addresses allotted to a particular company using
https://www.arin.net/ site. Hackers can enter the company name in the search
box for finding a list of all the assigned IP addresses.
55. Using spyware is an example of _________ type of information gathering.
a) active
b) passive
c) active & passive
d) non-passive
Answer: a
Explanation: Using spyware is an example of an active information gathering
technique. Spywares can be used to steal browsing history, browsing habits and
other related searches from the attacker’s browser. Google chrome itself has a
search box in the address bar which the spyware might monitor to take search
results as information for the attacker.
56. Collecting freely available information over the internet is an example of
____________ type of information gathering.
a) active
b) passive
c) active & passive
d) non-passive
Answer: b
Explanation: Collecting freely available information over the internet is an
example of passive information gathering technique. It uses archive sites,
Google, domain name, people search, Nslookup etc
Information Gathering Phase & Techniques – 2
57. ____________ is the term used for gathering information about your
competitors from online resources, researches, and newsgroups.
a) Competitive Intelligence gathering
b) Cognitive Intelligence gathering
c) Cyber Intelligence gathering
d) Competitors Info gathering
Answer: a
Explanation: Competitive Intelligence gathering is the term used for gathering
information about your competitors from online resources, researches, and
newsgroups. The competitive intelligence gathering is non-interfering & subtle
in nature.
58. The ______________ intelligence gathering is non-interfering & subtle in

nature.
a) cognitive
b) competitive
c) cyber
d) concrete
Answer: b
Explanation: Competitive Intelligence gathering is the term used for gathering
information about your competitors from online resources, researches, and
newsgroups. The competitive intelligence gathering is non-interfering & subtle
in nature.
59. In the world of data, where data is considered the oil and fuel of modern
technology _____________ is both a product and a process.
Answer: a
Explanation: In the world of data, where data is considered the oil and fuel of
modern technology, Competitive Intelligence gathering is both a product and a
process.
60. Which of them is not a proper step in competitive intelligence data processing?
a) Data gathering
b) Data analysis
c) Information security
d) Network analysis
Answer: d
process which comprises of some predefined steps to handle data. These are data
gathering, analysis, verification, and security.
61. Which one of the following is a proper step in competitive intelligence data
processing?
a) Competitors’ data compromising
b) Data hacking
c) Data analysis
d) Competitors’ data stealing
Answer: c
process which comprises of some specific steps to handle data. These are data
gathering, analysis, verification, and security.
62. There are __________ types of cognitive hacking and information gathering
which is based on the source type, from where data is fetched.
a) 6
b) 5
c) 4
d) 3
Answer: d
Explanation: There are two types of cognitive hacking and information gathering
which are based on the source type, from where data is fetched. These are single
source & multiple sources.
63. ______________ is important to grab a quick understanding and analyzing

about your competitors or target user’s need.
Answer: a
process. Hackers are hired with skills for gathering competitive knowledge so
that data analysts can analyze those for further understanding of products.
64. Which of them is not a reason for competitive information gathering?
a) Compare your product with competitors
b) Analyze the market position of yours with competitors
c) Fetching confidential plans about your competitors
d) Pull out a list of your competitive firms in the market
Answer: c
Explanation: Fetching confidential plans about your competitors’ is not the work
of ethical hackers hired for competitive information gathering. Also fetching
such type of confidential information is a crime.
65. Competitive information gathering if done in the form of active attack using
malware or by other illicit means can put your hired hacker or your company at
stake.
a) True
b) False
Answer: a
Explanation: By the name of competitive information gathering if done in the
form of active attack using malware or by other illicit means can put your hired
hacker or your company at stake. It’s a cyber-crime also.
66. Predict and analyze the tactics of competitors from data taken out from online
data sources is a crime.
a) True
b) False
Answer: b
Explanation: Predict and analyze the tactics of competitors from data taken out
from online data sources is a crime. In the world of data, where data is
considered the oil and fuel of modern technology. It can be done using
competitive intelligence gathering techniques.
67. https://www.bidigital.com/ci/ is a website which is used for
_________________
Answer: a
process. https://www.bidigital.com/ci/ is a website which is used for such
purpose.
68. Which of the following is a site used for Competitive Intelligence gathering?
a) https://www.bidigital.gov/
b) https://www.cig.com/ci/
c) https://www.coginfo.com/ci/
d) https://www.bidigital.com/ci/
Answer: d
process. https://www.bidigital.com/ci/ is a website which is used for such
purpose.
69. Which of the following is not an example of a firm that provides info regarding
competitive intelligence gathering?
a) Carratu International
b) CI Center
c) Microsoft CI
d) Marven Consulting Group
Answer: c
Explanation: Carratu International, CI Center, Marven Consulting Group,
Lubrinco Pvt Ltd. are some of the names of firms and companies that provide
info regarding competitive intelligence gathering.
70. Using _____________ for doing competitive information gathering is a crime.
a) Spyware
b) Antivirus
c) Anti-malware
d) Adware
Answer: a
Explanation: By the name of competitive information gathering if done in the
form of active attack using malware or by other illicit means can put your hired
hacker or your company at stake. It’s a cyber-crime.
71. Competitive Intelligence gathering is both a ___________ and a
____________
a) process, product
b) process, item
c) product & data to sell to 3rd party
d) data to sell to a 3rd party and a product
Answer: a
process which comprises of some predefined steps to handle data
Scanning Phase for Security – 1
72. There are _______ types of scanning.

a) 2
b) 3
c) 4
d) 5
Answer: b
Explanation: There are a total of three types of scanning in ethical hacking and
cyber-security. These are vulnerability scanning, network scanning & port
scanning.
73. Which of the following is not an objective of scanning?

a) Detection of the live system running on network
b) Discovering the IP address of the target system
c) Discovering the services running on target system
d) Detection of spyware in a system
Answer: d
Explanation: Detection of the live system running on the network, discovering
the IP address of the target system, & discovering the services running on the
target system are some of the objectives of scanning.
74. For discovering the OS running on the target system, the scanning has a
specific term. What is it?
a) Footprinting
b) 3D Printing
c) Fingerprinting
d) screen-printing
Answer: c
Explanation: Fingerprinting is the name of that specific type of scanning For
discovering the OS running on the target system in a network which comes
under OS scanning technique.
75. Which of them is not a scanning methodology?
a) Check for live systems
b) Check for open ports
c) Identifying the malware in the system
d) Identifying of services
76. ICMP scanning is used to scan _______________

a) open systems
b) live systems
c) malfunctioned systems
d) broken systems
Answer: b
Explanation: Check for live systems, open ports and identification of services
running on the systems are some of the steps and methodologies used in
scanning. ICMP scanning is used for checking live systems.
77. In live system scanning, it is checked which hosts are up in the network by
pinging the systems in the network.
a) True
b) False
Answer: a
Explanation: Check for live systems, open ports and identification of services
running on the systems are some of the steps and methodologies used in
scanning. In live system scanning, it is checked which hosts are up in the
network by pinging the systems in the network.
78. ________ attribute is used to tweak the ping timeout value.

a) -time
b) -t
c) -p
d) -tout
Answer: b
Explanation: -t attribute is used while pinging any system to tweak the ping
timeout value. It is an example of live system scanning, to check which hosts are
up in the network by pinging the systems in the network.
79. Which of them do not comes under NETBIOS information?
a) Name of the system / PC
b) Workgroup name
c) MAC address
d) RAM space
Answer: d
Explanation: Scanning using IP address simply pings each IP address for
checking if it is live or not. This helps in providing NETBIOS information such
as the name of the system, workgroup and MAC address.
80. A ______________ is a simple network scanning technique used for
determining which range of IP address map to live hosts.
a) scan sweep
b) ping sweep
c) scan ping
d) host ping
Answer: b
Explanation: A ping sweep is a simple network scanning technique used for
determining which range of IP address map to live hosts. The ping sweep
consists of ICMP ECHO requests.
81. Ping sweep is also known as ________________
a) ICMP Sweep
b) ICMP Call
c) IGMP Sweep
d) ICMP pinging
Answer: a
Explanation: Ping sweep is also known as ICMP sweep is a simple network
scanning technique used for determining which range of IP address map to live
hosts. The ping sweep consists of ICMP ECHO requests.
82. If any given address is running live, it will return an ICMP ECHO reply.
a) True
b) False
Answer: a
Explanation: ICMP sweep is a simple network scanning technique used for
determining which range of IP address map to live hosts. The ping sweep
consists of ICMP ECHO requests. If any given address is running live, it will
return an ICMP ECHO reply.
83. __________ scanning is done when a series of messages are sent by someone
keeping in mind to break into a computer.
a) Network
b) Port
c) Vulnerability
d) System
Answer: b
Explanation: Scanning is done when a series of messages are sent by someone
keeping in mind to break into a computer to learn about computer network
services.
84. ____________ scanning is a procedure to identify active hosts on your

network.
a) Network
b) Port
c) Vulnerability
d) System
Answer: a
Explanation: Network scanning is a procedure to identify active hosts on your
network. It is done with the intention to either attack your system or for security
purposes by ethical hackers.
85. _____________ scanning is an automatic process for identifying vulnerabilities
of the system within a network.
a) Network
b) Port
c) Vulnerability
d) System
Answer: c
Explanation: Vulnerability scanning is an automatic process for identifying
vulnerabilities of a computing system within a network. It is one of the popular
scanning methodologies.
86. Which of them is not a standard scanning type or terminology?
a) Network
b) Port
c) Vulnerability
d) System
Answer: d
Explanation: There are a total of three types of scanning in ethical hacking and
cyber-security. These are vulnerability scanning, network scanning & port
scanning. System scanning is not a standard terminology or type of scanning
Scanning Phase for Security – 2
87. In port scanning, a port is always associated with the _____________

(typically of host system) & the type of ____________ employed for
communication.
a) IP address, protocol
b) MAC address, protocol
c) IP address, IMEI number
d) MAC address, network model
Answer: a
Explanation: In port scanning, a port is always associated with an IP address
(typically of host system) & the type of protocol (UDP or TCP) employed for
communication.
88. ________________ is a tool which uses traceroute-like techniques for

analyzing IP packet responses.
a) Firewalk
b) Firesweep
c) PingSweeper
d) ICMPwalker
Answer: a
Explanation: Firewalk is a tool which is used traceroute-like techniques for
analysing IP packet responses. It determines gateway ACL and filters & map
networks. Specifically, it determines filter rules in place on all packet forwarding
devices.
89. In port scanning, a _________ is always associated with an IP address (usually
of the host system) & the type of protocol (UDP or TCP) employed for
communication.
a) address
b) port
c) system
d) network
Answer: b
Explanation: In port scanning, a port is always associated with an IP address
(typically of the host system) & the type of protocol (UDP or TCP) employed for
communication.
90. Firewalk tool employs a technique to determine the ___________ rules in place
on the ___________ forwarding device.
a) filter, packet
b) filter, port
c) routing, packet
d) routing, port
Answer: a
Explanation: Firewalk is a tool which uses traceroute-like techniques for
analyzing IP packet responses. It determines gateway ACL and filters & map
networks. Specifically, it determines filter rules in place on all packet forwarding
devices.
91. Firewalk works by sending ________ & ________ packets.
a) UDP, HTTP
b) TCP, HTTP
c) ICMP, TCP
d) UDP, TCP
Answer: d
Explanation: Firewalk is a tool which uses traceroute-like techniques for
analyzing IP packet responses. Firewalk works by sending UDP & TCP packets.
It determines filter rules in place on all packet forwarding devices.
92. Using 3-way handshake, it is possible to check for open ports.
a) True
b) False
Answer: a
Explanation: Open ports can be checked where a computer initiates a connection
to the server with SYN flag set. The server replies with both SYN & ACK flag
set. Finally, the client responds back to the server with the ACK packet.
93. Which of them is not a standard flag used in TCP communication between
client and server?
a) Synchronize
b) Acknowledgment
c) Finish
d) Start
Answer: d
Explanation: Start is not a standard and valid flag of TCP communication in a
client-server connection. These standard flags are: Synchronize
Acknowledgement, Push, Urgent, Finish and Reset.
94. How many standard flags are used in a TCP communication?
a) 4
b) 5
c) 6
d) 7
Answer: c
Explanation: There are 7 standard flags are used in a TCP communication
between client and server. These standard flags are: Synchronize
Acknowledgement, Push, Urgent, Finish and Reset.
95. Which of the following is not a valid scanning method?
a) Xmas Tree scan
b) SYN Stealth scan
c) Null Scan
d) Cloud scan
Answer: d
Explanation: Some popular scanning methods used for scanning connections and
ports are – Xmas Tree scan, SYN Stealth Scan, Null Scan, Window Scan, ACK
scan, UDP scan etc.
96. ___________ is a command-line TCP/IP packet assembler and analyzer tool.
a) IGMP Ping
b) Hping2
c) Nmap
d) Maltego
Answer: b
Explanation: Hping2 is a command-line TCP/IP packet assembler and analyzer
tool. Also, it has a trace-route mode. It has the ability to send files between
covered channels & also supports ICMP echo requests.
97. Which of the following is not a feature of Hping2 tool?
a) Firewall testing
b) Port scanning
c) Network testing
d) Server malware scanning
Answer: d
Explanation: Hping2 is a command-line TCP/IP packet assembler and analyzer
tool. Also, it has a trace-route mode. It has the ability to send files between
covered channels & also supports ICMP echo requests. Server malware scanning
is not a valid feature of Hping2 tool.
98. _________________is quite an esoteric process for preventing session creation
through a particular port.
a) Port knocking
b) Port cracking
c) Port hacking
d) Port-jacking
Answer: a
Explanation: Port knocking is quite an esoteric process for preventing session
creation through a particular port. Port knocking is not presently used by default
in any stack, but soon patches will come to allow the use of knocking protocols.
99. Which one of them is not a network scanner?

a) NMAP
b) Qualys
c) SoftPerfect
d) Netcat
Answer: d
Explanation: NMAP, Qualys, and SoftPerfect are all network scanning tools.
Network scanning is used for a computer network to gather information about
the computing systems.
100. Which of them is not a port scanning tool?
a) Netcat
b) Unicornscan
c) Maltego
d) Angry IP Scanner
Answer: c
Explanation: Netcat, Unicornscan, Angry IP scanners are some of the popular
tools used for port scanning. These types of tools are a special type of
application designed for probing a server or host for open ports.
101. Which of them is not a vulnerability scanning tool?
a) Nexpose
b) Nessus Professional
c) Snort
d) Nikto Web scanner
Answer: c
Explanation: Nexpose, Nikto Web scanner, and Nessus Professional are some of
the popular vulnerability scanning tools. Vulnerability scanners are inspection
tools used to check for potential points of exploit on a system or network for
identifying security holes
Email Security – 1
102. There are _______ major ways of stealing email information.

a) 2
b) 3
c) 4
d) 5
Answer: b
Explanation: There are three major ways of stealing email information. These are
by stealing cookies, social engineering and password phishing technique.
103. Which of them is not a major way of stealing email information?

a) Stealing cookies
b) Reverse Engineering
c) Password Phishing
d) Social Engineering
Answer: b
Explanation: Reverse engineering is not a way of stealing email information.
104. ____________ is the method for keeping sensitive information in email
communication & accounts secure against unofficial access, loss, or compromise.
a) Email security
b) Email hacking
c) Email protection
d) Email safeguarding
Answer: a
Explanation: Email security is the method for keeping sensitive information in
email communication & accounts secure against unofficial access, loss, or
compromise.
105____________ is a famous technological medium for the spread of malware,
facing problems of spam, & phishing attacks.
a) Cloud
b) Pen drive
c) Website
d) Email
Answer: d
Explanation: Email is a famous technological medium for the spread of malware,
facing problems of spam, & phishing attacks and to entice recipients in divulging
sensitive information, by open attachments and/or by clicking on hyperlinks
which in background install malware on the victim’s device.
106. Which of them is not a proper method for email security?
a) Use Strong password
b) Use email Encryption
c) Spam filters and malware scanners
d) Click on unknown links to explore
Answer: d
Explanation: Use of strong passwords and email encryption other than planting
spam filters and installing malware scanners are some of the proper methods for
email security.
107. If a website uses a cookie, or a browser contains the cookie, then every time
you visit that website, the browser transfers the cookie to that website.
a) True
b) False
Answer: a
Explanation: If a website uses a cookie, or a browser contains the cookie, then
every time you visit that website, the browser transfers the cookie to that
website. This helps in initiating cookie stealing attack.
108. The stored cookie which contains all your personal data about that website
can be stolen away by _____________ using _____________ or trojans.
a) attackers, malware
b) hackers, antivirus
c) penetration testers, malware
d) penetration testers, virus
Answer: a
Explanation: If a website uses a cookie, or a browser contains the cookie, then
every time you visit that website, the browser transfers the cookie to that
website. This stored cookie which contains all your personal data about that
website can be stolen away by attackers using malwares or trojans.
109. If the data stored in the _____________ is not encrypted, then after cookie
stealing, attackers can see information such as username and password stored by
the cookie.
a) memory
b) quarantine
c) cookies
d) hard drive
Answer: c
Explanation: If the data stored in the cookies is not encrypted, then after cookie
stealing, attackers can see information such as username and password stored by
the cookie.
110. Which of the following is a non-technical type of intrusion or attack
technique?
a) Reverse Engineering
b) Malware Analysis
c) Social Engineering
d) Malware Writing
Answer: c
Explanation: Social Engineering is a non-technical type of intrusion or attack
technique which relies heavily on human interaction. It involves tricking target
users to break normal security postures.
111. Which of them is an example of grabbing email information?
a) Cookie stealing
b) Reverse engineering
c) Port scanning
d) Banner grabbing
Answer: a
Explanation: There are three major ways of stealing email information. These are
by stealing cookies, social engineering and password phishing technique. The
remaining three (in the option) are not ways of stealing email information.
112. _____________ is the technique used for tricking users to disclose their
username and passwords through fake pages.
a) Social Engineering
b) Phishing
c) Cookie Stealing
d) Banner Grabbing
Answer: b
Explanation: Phishing is the technique used for tricking users to disclose their
username and passwords through fake pages.
113. Using email hacking illicit hackers can send & spread ___________ virus
_____________ and spam emails.
a) trojans, redirected malicious URLs
b) antivirus, patches
c) cracked software, redirected malicious URLs
d) malware, security patches
Answer: a
Explanation: Using email hacking illicit hackers can send & spread malware,
trojans, virus, worms, redirected malicious URLs which can take the target
recipients to some infected webpage also.
114. Unsolicited Bulk E-mails (UBI) are called __________

a) SMS
b) MMS
c) Spam emails
d) Malicious emails
Answer: c
Explanation: Unsolicited Bulk E-mails (UBI) are an act of sending unwanted
emails which one has no specific or important thing in it. Email spams are
actually junk emails that are sent by commercial firms as an of their products
and services.
115. Fraudulent email messages are some fake email messages that seem
legitimate which ask for your bank details and reply those emails with updated
confidential information.
a) True
b) False
Answer: a
Explanation: Yes, fraudulent email messages are some fake email messages that
seem legitimate which ask for your bank details and reply those emails with
updated confidential information. Email users must stay aware of such e-frauds.
116. Fraudulent email messages are some fake email messages that seem
legitimate which asks for your confidential bank details such as _____________
details _________ and passwords.
a) credit card, antivirus name
b) credit card, login ID
c) cell phone, antivirus name
d) car model, account ID
Answer: b
Explanation: Fraudulent email messages are some fake email messages that seem
legitimate which ask for your confidential bank details such as credit card
details, cell phone number, Login ID and passwords
Cyber Security Questions and Answers – Email Security – 2
117. Which of the following is a micro-virus that can bring down the
confidentiality of an email (specifically)?
a) Zeus
b) Stuxnet
c) Reaper Exploit
d) Friday the 13
Answer: c
Explanation: Reaper exploit is a micro-virus that can compromise the email
security as it works in the background and sends a copy of reply or forwarded
the email to its creator or sender.
118. Email users who use IE as their _________________ are vulnerable to Reaper
Exploit.
a) Web engine
b) Rendering engine
c) Game engine
d) HTML engine
Answer: d
Explanation: Email users who use Internet Explorer as their HTML engine are
vulnerable to Reaper Exploit. It works in the background and sends a copy of a
reply or forwarded the email to its creator or sender.
119. _______________ needs to be turned off in order to prevent from this attack.
a) Email scripting
b) Email attachments
c) Email services
d) Third party email programs
Answer: a
Explanation: Email users who use Internet Explorer as their HTML engine are
vulnerable to Reaper Exploit. It works in the background and sends a copy of a
reply or forwarded the email to its creator or sender. Email scripting needs to be
turned off in order to prevent from this attack.
120. Which of the following is a tool to monitor outgoing traffic of target PC’s
email and intercept all the emails sent from it?
a) Wireshark
b) Advanced Stealth Email Redirector
c) MS Outlook
d) Cisco Jabber
Answer: b
Explanation: Advanced Stealth Email Redirector is a tool to monitor outgoing
traffic of target PC’s email and intercept all the emails send from it. Intercepted
emails are then forwarded to a pre-specified email ID.
121. Advanced SER is abbreviated as ___________
a) Advanced Stealth Electronic Redirector
b) Advanced Security Email Redirector
c) Advanced Stealth Email Redirector
d) Advanced Stealth Email Recorder
Answer: c
Explanation: Advanced Stealth Email Redirector (Advanced SER) is a tool to
monitor outgoing traffic of target PC’s email and intercept all the emails send
from it. Intercepted emails are then forwarded to a pre-specified email ID.
122. Which of the following will not help in preserving email security?
a) Create a strong password
b) Connect your email to a phone number
c) Use two-factor authentication for password verification and login
d) Click on unknown links and sites
Answer: d
Explanation: Some of the following measures to preserve your email security is
via creating a strong password, connecting your emails to your personal phone
number and set up 2-factor authentication for login.
123. Once the email is compromised, all other sites and services online associated
with this email can be compromised.
a) True
b) False
Answer: a
Explanation: Email security is very much necessary because once the email is
compromised, all other sites and services online associated with this email can
be compromised and the hacker will be able to access all other accounts linked to
this email.
124. _____________ is an encryption program or add-ons which provides
cryptographic privacy & authentication for email communication.
a) Powerful Good Privacy
b) Pretty Good Privacy
c) Pretty Good Encryption
d) Pretty Strong Encryption
Answer: b
Explanation: Pretty Good Privacy is an encryption program which provides
cryptographic privacy & authentication for email communication. Basically, it is
used for securing user’s texts, emails, attachments etc.
125. PGP is abbreviated as _______________
a) Pretty Good Privacy
b) Powerful Good Privacy
c) Protocol Giving Privacy
d) Pretty Good Protocol
Answer: a
Explanation: Pretty Good Privacy (PGP) is an encryption program which
provides cryptographic privacy & authentication for email communication.
Basically, it is used for securing user’s texts, emails, attachments etc.
126. Which of them is not an example of business email security tool?
a) Microsoft Office Trust Center
b) Sendinc
c) Hushmail Business
d) Cisco Jabber
Answer: d
Explanation: Cisco Jabber is a unified communications application that lets users
access, send instant messaging, voice, voice messaging, desktop sharing, &
conferencing. The rest three are a business email security tools.
127. Which of them is not an example of business email security tool?
a) Enlocked
b) RPost Office
c) MS Outlook
d) Sendinc
Answer: c
Explanation: MS Outlook is a web-based desktop app as well as an online suite
of webmail, tasks, contacts & calendaring services developed by Microsoft. The
rest three are a business email security tools.
128. ________________ is a free extension of browser that enables you in
decrypting as well as encrypting emails.
a) Enlocked
b) MS Outlook
c) Cisco Jabber
d) Mailvelope
Answer: d
Explanation: Mailvelope is a free extension of the browser (which is available
for both Google Chrome as well as Mozilla Firefox) that enables users in
decrypting as well as encrypting emails using an openPGP standard of
encryption.
129. Which of the following is not an email related hacking tool?

a) Email Finder Pro
b) Sendinc
c) Mail PassView
d) Mail Password
Answer: b
Explanation: Sendinc is not an email data compromising tool. It is used for
securing business email accounts and offers a quick web-based way to jump into
offering secure emails for firms. The rest three are email compromising tools.
130. _______________ is targeted bulk email marketing software.
a) Email Spider Toolkit
b) Email Spider Easy
c) Email Crawler Easy
d) Email Spider Toolkit
Answer: b
Explanation: Email Spider Easy is targeted bulk email marketing software. It
rapidly & automatically searches & spider from the search engine for finding
email addresses. This tool is integrated with top search engines.
131. ______________ is a tool that is integrated with top 90 search engines to grab
quick search for email addresses and other details.
a) Email Spider Toolkit
b) Email Spider Easy
c) Email Crawler Easy
d) Email Spider Toolkit
Answer: b
Explanation: Email Spider Easy is targeted bulk email marketing software. It
rapidly & automatically searches & spider from the search engine for finding
email addresses. This tool is integrated with top search engines & its speed
allows up to 500 email extraction threads simultaneously.
132. MegaHackerZ helps crackers to crack email passwords.
a) True
b) False
Answer: a
Explanation: MegaHackerZ helps crackers to crack email passwords. Though it
is not used very much as the versions are deprecated. But it is still useful for
weak passwords to crack
Password Cracking and Security Measures – 1
133. System hacking involves password hacking as one of the major hacking
methodologies.
a) True
b) False
Answer: a
Explanation: System hacking, which is of four types involves password hacking
as one of the major hacking methodologies. It is used to crack the security of a
system and gain access for stealing data.
134. Password cracking in system hacking is of ________ types.

a) 2
b) 3
c) 4
d) 5
Answer: c
Explanation: System hacking involves password hacking as one of the major
hacking methodologies. It is of 4 types. These are passive online attack, active
online attack, offline attack, and non-electronic attack.
135. There are ________ major types of passwords.
a) 4
b) 5
c) 6
d) 7
Answer: d
Explanation: There are seven major types of passwords. These are a password
containing only letters, a password containing only number, a password
containing only special characters, a password containing only alpha-numeric
characters, a password containing letters, numbers as well as special symbols or
password containing any two combinations of the three.
136. In _______________ attacks an attacker do not contact with authorizing party
for stealing password.
a) passive online
b) active online
c) offline
d) non-electronic
Answer: a
Explanation: In passive online attacks, the attacker do not contact with an
authorized party to steal the password, rather the attacker attempts to grab
password hacking without communicating with the victim or his/her victim
account.
137. Which of the following is an example of passive online attack?
a) Phishing
b) Social Engineering
c) Spamming
d) Wire sniffing
Answer: d
Explanation: Attacker do not contact with an authorized party to steal the
password in the passive online attack, rather the attacker attempts to grab
password hacking without communicating with the victim or his/her victim
account. Examples of passive online attacks include wire sniffing, Man in the
middle attack and reply attack.
138. Which of the following is not an example of a passive online attack?
a) MiTM
b) Reply Attack
c) Phishing
d) Wire sniffing
Answer: c
Explanation: Phishing is not an example of a passive online attack. In passive
online attacks, the attacker does not contact with an authorized party to steal the
password. Types of passive online attacks include wire sniffing, Man in the
middle attack and reply attack.
139. Which of the following do not comes under hurdles of passive online attack
for hackers?
a) Hard to perpetrate
b) Computationally complex
c) Time taking, so patience has to be there
d) Tools not available
Answer: d
Explanation: Tools for doing a passive offline attack on passwords is widely
available so it doesn’t come under disadvantage or hurdles of passive offline
attack. But passive offline attacks are computationally complex, hard to
perpetrate and may take time.
140. Which of the following case comes under victims’ list of an active online
attack?
a) Strong password based accounts
b) Unsecured HTTP users
c) Open authentication points
d) Logged in systems and services
Answer: c
Explanation: Systems with bad or weak passwords & with open authentication
points often becomes the victim of an active online attack where the attacker
directly tries different passwords 1-by-1 against victim’s system/account.
141. In _______________ password grabbing attack the attacker directly tries
different passwords 1-by-1 against victim’s system/account.
a) passive online
b) active online
c) offline attack
d) non-electronic
Answer: b
Explanation: Users with open authentication points and bad or weak passwords
often becomes the victim of an active online attack where the attacker directly
tries different passwords 1-by-1 against victim’s system/account.
142. Which of them is not a disadvantage of active online attack?
a) Takes a long time
b) Easily and automatically detected
c) Need high network bandwidth
d) Need the patience to crack
Answer: b
Explanation: In an active online attack, the attacker directly tries different
passwords 1-by-1 against victim’s system/account. It has some disadvantages as
it takes a long time, hence a lot of patience & high network bandwidth also.
143. _________________ can be alternatively termed as password guessing attack.
a) passive online
b) active online
c) offline attack
d) non-electronic
Answer: b
Explanation: Users with open authentication points and bad or weak passwords
often becomes the victim of the active online attack. It is alternatively termed as
password guessing attack where the attacker directly tries different passwords 1-
by-1 against victim’s system/account.
144. ________________ attacks are carried out from a location other than the real
computer where the password reside or was used.
a) passive online
b) active online
c) offline password
d) non-electronic
Answer: c
Explanation: For this cyber-criminal needs to have physical access to the system
and so offline password attacks are carried out from a location other than the real
computer where the password reside or was used. They are common examples of
physical data breaching & hacking.
145. _______________ attacks always need physical access to the system that is
having password file or the hacker needs to crack the system by other means.
a) online
b) offline
c) password
d) non-electronic
Answer: b
Explanation: Offline password attacks are carried out from a location other than
the real computer where the password resides or was used. They need physical
access to the system that is having a password file or the hacker needs to crack
the system by other means.
146. Which of the following is not an example of offline password attack?
a) Dictionary attack
b) Rainbow attacks
c) Brute force attack
d) Spamming attack
Answer: d
Explanation: The offline attack needs physical access to the system that is having
a password file or the hacker needs to crack the system by other means. A
dictionary attack, rainbow, and brute force come under offline attack.
147. Passwords need to be kept encrypted to protect from such offline attacks.
a) True
b) False
Answer: a
Explanation: Physical access is needed in offline attack to the system that is
having a password file or the hacker needs to crack the system by other means.
Hence, even if hackers gain physical access to the system, if the passwords are in
the encrypted mode, it will be almost impossible to steal passwords
Password Cracking and Security Measures – 2
148. Saving passwords in the browser is a good habit.

a) True
b) False
Answer: b
Explanation: Saving passwords in the browser for your different user accounts
and web services is not a good habit. All browsers do not keep these passwords
as an encrypted format. Chrome allows you to see those passwords if you know
the system’s password which can lead to a security breach.
149. Which of the following is not an advantage of dictionary attack?

a) Very fast
b) Time-saving
c) Easy to perform
d) Very tough and inefficient
Answer: d
Explanation: A dictionary attack is a process of breaking a password protected
system or server by simply & automatically entering every word in a dictionary
as a password. It is very fast, time-saving and easy to perform.
150. A _______________ is a process of breaking a password protected system or
server by simply & automatically entering every word in a dictionary as a
password.
a) Dictionary attack
b) Phishing attack
c) Social engineering attack
d) MiTM attack
Answer: a
151. Which of the following comes under the advantage of dictionary attack?
a) Time-consuming
b) Moderate efficient
c) Very fast
d) Complex to carry-out
Answer: c
152. The hybrid attack is a combination of dictionary attack followed by inserting
entropy & performs brute force.
a) True
b) False
Answer: a
Explanation: A hybrid attack is a combination of both brute force attack &
dictionary attack. So, while a dictionary attack would comprise a wordlist of
passwords, the brute force attack would be functional for each possible password
in the given list.
153. Brute force attack is ______________

a) fast
b) inefficient
c) slow
d) complex to understand
Answer: c
Explanation: A brute force is the simplest process of gaining access to any
password-protected system. It tries a variety of combinations of usernames &
passwords again and again until it cracks it or password matches. But it is
comparatively slow.
154. A _____________ attack one of the simplest processes of gaining access to
any password-protected system.
a) Clickjacking
b) Brute force
c) Eavesdropping
d) Waterhole
Answer: b
Explanation: A brute force is the simplest process of gaining access to any
password-protected system. It tries a variety of combinations of usernames &
passwords again and again until it cracks it or password matches.
155. ____________ attack is a combination of Dictionary attack & brute force
attack.
a) Syllable
b) Syllabi
c) Database
d) Phishing
Answer: a
Explanation: Syllable attack is a combination of Dictionary attack & brute force
attack. This technique may be implemented when the password is a non-existing
word and attacker tries some techniques to crack it.
156. Attackers can use the _______________ when he/she gets some information
or hint regarding password he/she wants to crack.
a) Syllable attack
b) Rule-based attack
c) Offline attack
d) Hybrid attack
Answer: b
Explanation: Attackers can use the rule-based attack when he/she gets some
information or hint regarding password he/she wants to crack. Examples of such
scenarios are like: hacker knows about the type of password, or size or what type
of data it might contain.
157. _______________ are based on dictionary attack techniques.
a) Hybrid attacks
b) Network attacks
c) TCP attacks
d) Database attacks
Answer: a
Explanation: Hybrid attacks are based on dictionary attack techniques. In such
types of attacks, the dictionary attack is mixed with some numerals and special
symbols.
158. _____________ are based on dictionary attack techniques where the

dictionary attack is mixed with some numerals and special symbols.
a) Syllable attack
b) Rule-based attack
c) Offline attack
d) Hybrid attack
Answer: d
Explanation: Hybrid attack is a type of offline attack which is based on
dictionary attack methods. In such types of attacks, the dictionary attack is mixed
with some numerals and special symbols.
159. Which of the following is not an example of non-technical attack techniques?
a) Shoulder surfing
b) Keyboard sniffing
c) Phishing
d) Social engineering
Answer: c
Explanation: In the non-technical type of attacks, it is not required to have any
technical knowledge to attack your target victim. Examples of such types of
attacks are shoulder surfing, keyboard sniffing, and social engineering
Windows Security
160. __________ passwords are next level of security.

a) BIOS
b) CMOS
c) SMOS
d) BOIS
Answer: a
Explanation: BIOS passwords are next level of security where the password is
set in the CMOS (which is a tiny battery) chip on the motherboard, which keeps
on running even after the PC is turned off.
161. BIOS is abbreviated as _______________

a) Basic Input Output Server
b) Basic Internet Output Systems
c) Basic Input Output System
d) Battery-based Input Output System
Answer: c
Explanation: BIOS (Basic Input Output System) passwords are next level of
security. BIOS is an essential part of your system & comes with it as you bring
the computer home where the password gets stored in CMOS which keeps on
running even after the PC gets shut down.
162. Most computers have BIOS which can be configured so that it can ask for a
password once the system starts.
a) True
b) False
Answer: a
Explanation: Most computers have BIOS which can be configured so that it can
ask for a password once the system starts. It is the next level of security where
the password is set in the CMOS.
163. Find out, select & uninstall all ________________ programs from your
computer.
a) useful
b) pre-installed
c) unwanted
d) utility
Answer: c
Explanation: Find out, select & uninstall all unwanted programs from your
computer to maintain security. At times, there are some programs that get
installed with useful applications as separate programs or as complementary
programs. If you’re not using those programs or don’t know about their usage
and from where they came, it can be a malware also.
164. As a backup for securing your device, it is necessary to create a
_____________
a) backup point
b) copy of files in separate drives
c) copy of files in the same drives
d) restore point
Answer: d
Explanation: As a backup for securing your device, it is necessary to create a
restore point so that you can roll-back all the changes and programs installed by
restoring the system to the state before those changes.
165. The _______________ is a security app by Microsoft which is a built-in one

into Windows OS that is designed to filter network data from your Windows
system & block harmful communications or the programs which are initiating
them.
a) Windows Security Essentials
b) Windows Firewall
c) Windows app blocker
d) Windows 10
Answer: b
Explanation: The Windows Firewall is a security app by Microsoft which is a
built-in one into Windows OS that is designed to filter network data from your
Windows system & block harmful communications or the programs which are
initiating them.
166. _____________ are essential because they frequently comprises of critical
patches to security holes.
a) System software
b) Utility Software
c) Software executables
d) Software updates
Answer: d
Explanation: Software updates are essential because they frequently comprise
critical patches to security holes. In fact, a lot of harmful malware attacks can be
stopped with official updates from vendors.
167. The ______________ account and the __________ account have the same
file privileges, but their working and functionalities have difference.
a) system, administrator
b) system, user
c) group, user
d) user, administrator
Answer: a
Explanation: The system account and the administrator account have the same
file privileges, but their working and functionalities have a difference. Actually,
the system account is used by the OS & by services which run under Windows.
And, administrator account gives the user full control to their files, directories,
services.
168. ________________ is an anti-malware tool found in newer OS which is
designed for protecting computers from viruses, spyware & other malware.
a) Norton Antivirus
b) Windows Defender
c) Anti-malware
d) Microsoft Security Essentials
Answer: b
Explanation: Windows Defender is an anti-malware tool found in newer OS
which is designed for protecting computers from viruses, spyware & other
malware. It comes built-in with Windows 8 & Windows 10.
169. ____________ is an application which now comes built-in Windows OS & it
allows Windows users to encrypt all drive for security purpose.
a) MS Windows Defender
b) MSE
c) BitLocker
d) MS Office
Answer: c
Explanation: BitLocker is an application which now comes as built-in Windows
OS and it allows Windows users to encrypt all drives for |security purpose. It
checks for TPM status whether activated or not.
170. A __________ is a dedicatedly designed chip on an endpoint device which

stores RSA encryption keys particular to the host system for the purpose of
hardware authentication.
a) Trusted Platform Mode
b) Trusted Protocol Module
c) Trusted Privacy Module
d) Trusted Platform Module
Answer: d
Explanation: A Trusted Platform Module is a dedicatedly designed chip on an
endpoint device which stores RSA encryption keys particular to the host system
for the purpose of hardware authentication.
171. TPM is abbreviated as ____________
a) Trusted Platform Mode
b) Trusted Platform Module
c) Trusted Privacy Module
d) True Platform Module
Answer: b
Explanation: Port knocking is quite an esoteric process for preventing session
creation through a particular port. Port knocking is not presently used by default
in any stack, but soon patches will come to allow the use of knocking protocols
Mobile Phone Security
172. Which of the following is not an appropriate way of targeting a mobile phone
for hacking?
a) Target mobile hardware vulnerabilities
b) Target apps’ vulnerabilities
c) Setup Keyloggers and spyware in smart-phones
d) Snatch the phone
Answer: d
Explanation: Snatching is not a type of hacking any smart-phone. Targeting the
hardware and application level vulnerabilities and setting some keylogger or
spyware in the target mobile can help get valuable info about the victim.
173. Which of the following is not an OS for mobile?

a) Palm
b) Windows
c) Mango
d) Android
Answer: c
Explanation: A mobile/smart-phone operating system is software which allows
smart-phones, tablets, phablets & other devices to run apps & programs within it.
Palm OS, Windows OS, and Android OS are some of the examples of Mobile
OS.
174. Mobile Phone OS contains open APIs that may be _____________ attack.
a) useful for
b) vulnerable to
c) easy to
d) meant for
Answer: b
Explanation: Mobile phone operating systems contain open APIs that or may be
vulnerable to different attacks. OS has a number of connectivity mechanisms
through which attackers can spread malware.
175. ____________ gets propagated through networks and technologies like SMS,
Bluetooth, wireless medium, USBs and infrared to affect mobile phones.
a) Worms
b) Antivirus
c) Malware
d) Multimedia files
Answer: c
Explanation: Malware gets propagated through networks and technologies like
SMS, Bluetooth, wireless medium, USBs and infrared to affect mobile phones.
176. ____________ is the protection of smart-phones, phablets, tablets, and other
portable tech-devices, & the networks to which they connect to, from threats &
bugs.
a) OS Security
b) Database security
c) Cloud security
d) Mobile security
Answer: d
Explanation: Mobile security is the protection of smart-phones, phablets, tablets,
and other portable tech-devices, & the networks to which they connect to, from
threats & bugs.
177. Mobile security is also known as ____________
a) OS Security
b) Wireless security
c) Cloud security
d) Database security
Answer: b
Explanation: Mobile security also known as wireless security is the protection of
smart-phones, phablets, tablets, and other portable tech-devices, & the networks
to which they connect to, from threats & bugs.
178. DDoS in mobile systems wait for the owner of the _____________ to trigger
the attack.
a) worms
b) virus
c) botnets
d) programs
Answer: c
Explanation: Botnets on compromised mobile devices wait for instructions from
their owner. After getting the owner’s instruction it launches DDoS flood attack.
This result in a failure in connecting calls or transmitting data.
179. Hackers cannot do which of the following after compromising your phone?
a) Steal your information
b) Rob your e-money
c) Shoulder surfing
d) Spying
Answer: c
Explanation: Shoulder surfing is done before compromising the mobile. So,
hackers can steal your information; rob your e-money or do spying after
compromising your smart-phone.
180. Hackers cannot do which of the following after compromising your phone?
a) Shoulder surfing
b) Accessing your voice mail
c) Steal your information
d) Use your app credentials
Answer: a
Explanation: Shoulder surfing is done before compromising the mobile. So,
hackers can steal your information; accessing your voice mail or use your app
credentials after compromising your smart-phone.
181. App permissi81ns can cause trouble as some apps may secretly access your
memory card or contact data.
a) True
b) False
Answer: a
Explanation: App permissions can cause trouble as some apps may secretly
access your memory card or contact data. Almost all applications nowadays ask
for such permission, so make sure you do a proper survey on these apps before
allowing such access.
182. Activate _____________ when you’re required it to use, otherwise turn it off
for security purpose.
a) Flash Light
b) App updates
c) Bluetooth
d) Rotation
Answer: c
Explanation: Activate Bluetooth when you’re required it to use, otherwise turn it
off for security purpose. This is because; there are various tools and
vulnerabilities that may gain access to your smart-phone using Bluetooth.
183. Try not to keep ________________ passwords, especially fingerprint for your
smart-phone, because it can lead to physical hacking if you’re not aware or asleep.
a) Biometric
b) PIN-based
c) Alphanumeric
d) Short
Answer: a
Explanation: Try not to keep biometric passwords, especially fingerprint for your
smart-phone containing very confidential data, because anyone can do physical
hacking if you’re not aware or asleep.
184. Which of the following tool is used for Blackjacking?

a) BBAttacker
b) BBProxy
c) Blackburried
d) BBJacking
Answer: b
Explanation: BBProxy (installed on blackberry phones) is the name of the tool
used to conduct blackjacking. What attackers do is they install BBProxy on
user’s blackberry and once the tool is activated it opens a covert channel between
the hacker and the compromised host.
185. BBProxy tool is used in which mobile OS?
a) Android
b) Symbian
c) Raspberry
d) Blackberry
Answer: d
Explanation: BBProxy (installed on blackberry phones) is the name of the tool
used to conduct blackjacking. What attackers do is they install BBProxy on
user’s blackberry and once the tool is activated it opens a covert channel between
the hacker and the compromised host.
186.hich of the following is not a security issue for PDAs?
a) Password theft
b) Data theft
c) Reverse engineering
d) Wireless vulnerability
Answer: c
Explanation: Reverse engineering is not an issue of PDA (Personal Digital
Assistant). Password theft, data theft, wireless vulnerability exploitation, data
corruption using virus are some of them.
Wireless Security
187. ____________________ is the anticipation of unauthorized access or break to

computers or data by means of wireless networks.
a) Wireless access
b) Wireless security
c) Wired Security
d) Wired device apps
Answer: b
Explanation: Wireless security is the anticipation of unauthorized access or
breaks to computers or data by means of wireless networks. The most
widespread types of wireless securities are Wired Equivalent Privacy (WEP),
Wi-Fi Protected Access (WPA), WPA2 and recently released WPA3.
188. Which among them has the strongest wireless security?

a) WEP
b) WPA
c) WPA2
d) WPA3
Answer: d
Explanation: The most extensive types of wireless securities are Wired
Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 and WPA3.
WPA3 is the strongest and recently released.
189. Which among the following is the least strong security encryption standard?
a) WEP
b) WPA
c) WPA2
d) WPA3
Answer: a
Explanation: A prime branch of cyber-security is wireless security. The most
widespread types of wireless securities are Wired Equivalent Privacy (WEP),
Wi-Fi Protected Access (WPA), WPA2 and WPA3. WEP is notoriously weak
encryption standard.
190. _________ is an old IEEE 802.11 standard from the year 1999.
a) WPA2
b) WPA3
c) WEP
d) WPA
Answer: c
Explanation: The most widespread types of wireless securities are Wired
Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 and WPA3.
WEP is an old IEEE 802.11 standard from the year 1999.
191. _______________ is the central node of 802.11 wireless operations.
a) WPA
b) Access Point
c) WAP
d) Access Port
Answer: b
Explanation: The central node of 802.11 wireless operations is the Access Point
(AP). It is that interface which acts as an intermediary of a wired & wireless
network; and all the associated wireless clients’ use this to exchange data with it.
192. AP is abbreviated as _____________
a) Access Point
b) Access Port
c) Access Position
d) Accessing Port
Answer: a
Explanation: The central node of 802.11 is that interface which acts as an
intermediary of a wired & wireless network; and all the associated wireless
clients’ use this and exchange data.
193. ___________________ is alike as that of Access Point (AP) from 802.11, &
the mobile operators uses it for offering signal coverage.
a) Base Signal Station
b) Base Transmitter Station
c) Base Transceiver Station
d) Transceiver Station
Answer: c
Explanation: Base Transceiver Station (BTS) which is also known as a base
station (BS) or radio base station (RBS) is alike as that of Access Point (AP)
from 802.11, & the mobile operators use it for offering signal coverage.
194. BTS stands for ___________________
a) Basement Transceiver Server
b) Base Transmitter Station
c) Base Transceiver Server
d) Base Transceiver Station
Answer: d
Explanation: Base Transceiver Station is a section of equipment which facilitates
wireless communication from 802.11 & the mobile operators use it for offering
signal coverage. Examples are GSM, 3G, 4G etc.
195. There are __________ types of wireless authentication modes.
a) 2
b) 3
c) 4
d) 5
Answer: a
Explanation: There are 2 achievable authentication types or schemes which are
implemented in the wireless security. These are Pre-Shared Key – based
authentication & Open Authentication.
196. When a wireless user authenticates to any AP, both of them go in the course
of four-step authentication progression which is called _____________
a) AP-handshaking
b) 4-way handshake
c) 4-way connection
d) wireless handshaking
Answer: b
Explanation: When a wireless user authenticates to any AP, both of them go in
the course of four-step authentication progression which is called 4-way
handshake.
197. WPS stands for __________________
a) WiFi Protected System
b) WiFi Protected Setup
c) WiFi Protocol Setup
d) Wireless Protected Setup
Answer: b
Explanation: WPS stands for WiFi Protected Setup began to show up a few years
back on wireless access points as a new way of adding or connecting new
devices to the network by just pushing a key (within the router) & inserting the
password.
198. It is recommended to use WPA2 or WPA3 encryption standard as they are
strong and more secure.
a) True
b) False
Answer: a
Explanation: It is recommended to use WPA2 or WPA3 encryption standard as
they are strong and more secure. WPA2 & WPA3 characterizes the protocols a
router & Wi-Fi client devices use for performing “handshake” securely for
communication.
199. __________ is a process of wireless traffic analysis that may be helpful for
forensic investigations or during troubleshooting any wireless issue.
a) Wireless Traffic Sniffing
b) WiFi Traffic Sniffing
c) Wireless Traffic Checking
d) Wireless Transmission Sniffing
Answer: a
Explanation: Wireless Traffic Sniffing is a process of analyzing wireless traffic
that may be helpful for forensic investigations or during troubleshooting any
wireless issue.
200. Which of the following is a Wireless traffic Sniffing tool?
a) Maltego
b) BurpSuit
c) Nessus
d) Wireshark
Answer: d
Explanation: The process of analyzing wireless traffic that may be helpful for
forensic investigations or during troubleshooting any wireless issue is called
Wireless Traffic Sniffing. Popular tools used in this case are Wireshark and
Kismet.
201. ___________________ began to show up few years back on wireless access
points as a new way of adding or connecting new devices.
a) WPA2
b) WPA
c) WPS
d) WEP
Answer: c
Explanation: WiFi Protected Setup (WPS) began to show up a few years back
on wireless access points as a new way of adding or connecting new devices to
the network by just pushing a key (within the router) & typing an eight-digit
password on the client device
Virus and Worms
202. There are _________ types of computer virus.
a) 5
b) 7
c) 10
d) 12
Answer: c
Explanation: There are a total of 10 types of virus. These are categorized based
on their working and characteristics. These are System or Boot Sector Virus,
Direct Action Virus, Resident Virus, Multipartite Virus, Polymorphic Virus,
Overwrite Virus, Space-filler Virus, File infectors, Macro Virus, Rootkit virus.
203. Which of the following is not a type of virus?

a) Boot sector
b) Polymorphic
c) Multipartite
d) Trojans
Answer: d
Explanation: Types of viruses are System or Boot Sector Virus, Direct Action
Virus, Resident Virus, Multipartite Virus, Polymorphic Virus, Overwrite Virus,
Space-filler Virus, File infectors, Macro Virus, Rootkit virus. Trojan does not
come under types of virus.
204. A computer ________ is a malicious code which self-replicates by copying
itself to other programs.
a) program
b) virus
c) application
d) worm
Answer: b
Explanation: A computer virus is a malicious code which self-replicates by
copying itself to other programs. The computer virus gets spread by itself into
other executable code or documents. The intention of creating a virus is to infect
vulnerable systems.
205. Which of them is not an ideal way of spreading the virus?
a) Infected website
b) Emails
c) Official Antivirus CDs
d) USBs
Answer: c
Explanation: The ideal means of spreading computer virus are through emails,
USB drives that are used portable and injected and ejected in different systems
as well as from infected websites. Antivirus selling vendors do not place a virus
in their CDs and DVDs.
206. In which year Apple II virus came into existence?
a) 1979
b) 1980
c) 1981
d) 1982
Answer: c
Explanation: In mid-1981, the 1st virus for Apple computers with the name
Apple II came into existence. It was also called Elk Cloner, which resided in the
boot sectors of a 3.3 floppy disk.
207.In mid-1981, the 1st virus for Apple computers with the name _________ came
into existence.
a) Apple I
b) Apple II
c) Apple III
d) Apple Virus
Answer: b
Explanation: In mid-1981, the 1st virus for Apple computers with the name
Apple II came into existence. It was also called Elk Cloner, which resided in the
boot sectors of a 3.3 floppy disk.
208. The virus hides itself from getting detected by ______ different ways.
a) 2
b) 3
c) 4
d) 5
Answer: b
Explanation: The virus hides itself from getting detected by three different ways.
These are by encrypting itself, by altering the disk directory with additional virus
bytes or it uses stealth algorithm to redirect disk data.
209. ______________ infects the master boot record and it is challenging and a
complex task to remove this virus.
a) Boot Sector Virus
b) Polymorphic
c) Multipartite
d) Trojans
Answer: a
Explanation: Boot Sector Virus infects the master boot record & it is a
challenging & a complex task to remove such virus. Mostly such virus spreads
through removable devices.
210. ________________ gets installed & stays hidden in your computer’s
memory. It stays involved to the specific type of files which it infects.
a) Boot Sector Virus
b) Direct Action Virus
c) Polymorphic Virus
d) Multipartite Virus
Answer: b
Explanation: Direct Action Virus gets installed & stays hidden in your
computer’s memory. Such type of virus stays involved to the specific type of
files which it infects.
211. Direct Action Virus is also known as ___________
a) Non-resident virus
b) Boot Sector Virus
Answer: a
Explanation: Direct Action Virus is also known as a non-resident virus which
gets installed & stays hidden in your computer’s memory. Such type of virus
stays involved to the specific type of files which it infects.
212. ______________ infects the executables as well as the boot sectors.
Answer: d
Explanation: Multipartite Virus infects the executables as well as the boot
sectors. It infects the computer or get into any system through multiple mediums
and are hard to remove.
213. ____________ are difficult to identify as they keep on changing their type
and signature.
Answer: c
Explanation: Polymorphic Virus is difficult to identify as they keep on changing
their type and signature. They’re not easily detectable by traditional antivirus. It
usually changes the signature pattern whenever it replicates itself.
214. ____________ deletes all the files that it infects.

b) Overwrite Virus
Answer: b
Explanation: Overwrite virus deletes all files that it infects. It can be removed by
only deleting those infected files. Mostly, it gets spread via emails.
215. _____________ is also known as cavity virus.
b) Overwrite Virus
d) Space-filler Virus
Answer: d
Explanation: Space-fillers are a special type of virus which usually does not
cause any serious harm to the system except it fills up the empty space in
memory and codes leading to wastage of memory.
216. Which of the below-mentioned reasons do not satisfy the reason why people
create a computer virus?
a) Research purpose
b) Pranks
c) Identity theft
d) Protection
Answer: d
Explanation: Computer virus is not created for protection. Virus writers may
have other reasons like for research purpose, pranks, vandalism, financial gain,
identity theft, and some other malicious purposes
Cyber Security Questions and Answers – Trojans and Backdoors – 1
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses
on “Trojans and Backdoors – 1”.
1. A ___________ is a small malicious program that runs hidden on infected
system.
a) Virus
b) Trojan
c) Shareware
d) Adware
Answer: b
Explanation: A Trojan is a small malicious program that runs hidden on the
infected system. They are created with the intent and they infected the system by
misleading the user. It works in the background and steals sensitive data.
2. ____________ works in background and steals sensitive data.

a) Virus
b) Shareware
c) Trojan
d) Adware
Answer: c
Explanation: Trojans are malicious files designed to work hidden on the infected
system. They are intended to infect the system by misleading the user. It works
in the background and steals sensitive information about the target user.
3. By gaining access to the Trojaned system the attacker can stage different types
of attack using that ____________ program running in the background.
a) Trojan
b) Virus
c) Antivirus
d) Anti-malware
Answer: a
Explanation: By gaining access to the Trojaned system the attacker can stage
different types of attack using that Trojan program running in the background
when the infected user’s system goes online.
4. Trojan creators do not look for _______________
a) Credit card information
b) Confidential data
c) Important documents
d) Securing systems with such programs
Answer: d
Explanation: Trojan creators do not look for securing victim’s system with their
programs, rather they create such trojans for stealing credit card and financial
details as well as important documents and files.
5. Which of them is not a proper way of getting into the system?
a) IM
b) Attachments
c) Official product sites
d) Un-trusted sites, freeware and pirated software
Answer: c
Explanation: Official product sites such as Microsoft’s site giving the option for
downloading their updates and OS won’t contain any Trojans. Other than that
Trojans can access your system by email attachments, Instant Messaging apps,
un-trusted sites & links.
6. Which of the following port is not used by Trojans?
a) UDP
b) TCP
c) SMTP
d) MP
Answer: d
Explanation: MP is not a valid port name and does not have any port number
also. But usually, Trojans likeBack Orifice, Deep Throat use UDP port; Trojans
like Netbus, Master Paradise uses TCP & SMTP port to gain access to a system.
7. Trojans do not do one of the following. What is that?

a) Deleting Data
b) Protecting Data
c) Modifying Data
d) Copying Data
Answer: b
Explanation: Trojans perform malicious actions and operations. These are to
modify data, copy data to its creator, delete data from the infected system or
blocking data by carrying ransomware or other malicious programs along with it.
8. Some Trojans carry ransomware with them to encrypt the data and ask for
ransom.
a) True
b) False
Answer: a
Explanation: Trojans are usually created to carry out the following actions like:
modify data, copy data to its creator, delete data from the infected system or
blocking data by carrying ransomware embedded in it.
9. Once activated, ___________ can enable ____________to spy on the victim,
steal their sensitive information & gain backdoor access to the system.
a) virus, cyber-criminals
b) malware, penetration testers
c) trojans, cyber-criminals
d) virus, penetration testers
Answer: c
Explanation: Once activated, trojans can enable cyber-criminals to spy on the
victim, steal their sensitive information & gain backdoor access to the system.
10. Trojans can not ______________
a) steal data
b) self-replicate
c) steal financial information
d) steal login credentials
Answer: b
Explanation: A Trojan is a malicious program that runs hidden on the infected
system. They are developed with the intent and they infected the system by
misleading the user. It works behind the system and steals sensitive data but
cannot self-replicate.
11. A _______________ provides malicious users remote control over the targeted
computer.
a) DDoS-Trojan
b) Backdoor Trojan
c) Trojan-Banker
d) Trojan-Downloader
Answer: b
Explanation: A Backdoor Trojan provides malicious users remote control over
the targeted computer. These trojans enable the author to perform anything they
desire on the infected system which includes sending, receiving, launching &
deleting files.
12. _______________ programs are specially designed for stealing your account
data for online banking systems, e-payment services & credit/debit cards.
a) DDoS-Trojan
b) Backdoor Trojan
c) Trojan-Banker
Answer: c
Explanation: Trojan-Banker is programs are specially designed for stealing your
account data for online banking systems, e-payment services & credit/debit
cards. They work silently in the back of the system process to steal such data.
13. ______________ perform automated DoS (Denial of Service) attacks on a

targeted web address.
a) DDoS-Trojan
b) Backdoor Trojan
c) Trojan-Banker
Answer: a
Explanation: DDoS Trojan perform automated DoS (Denial of Service) attacks
on a targeted web address. By sending multiple requests from your system, it can
target different websites which can lead to a Denial of Service attack.
14. Trojan-Downloader is a special type of trojans which can download & install
new versions of malicious programs.
a) True
b) False
Answer: a
Explanation: Trojan-Downloader is another type of trojans that can download &
install new versions of malicious programs. They work secretly & keep on
downloading other malicious programs when the system is online.
15. ____________ work in background & keeps on downloading other malicious
programs when the system is online.
a) DDoS-Trojan
b) Backdoor Trojan
c) Trojan-Banker
Answer: d
Explanation: Trojan-Downloader is a special type of trojans which work secretly
& keep on downloading other malicious programs when the system is online.
They can also download & install new versions of malicious programs.
Cyber Security Questions and Answers – Trojans and Backdoors – 2
This set of Cyber Security Questions and Answers for Aptitude test focuses on
“Trojans and Backdoors – 2”.
1. A/an ___________ is a program that steals your logins & passwords for instant
messaging applications.
a) IM – Trojans
b) Backdoor Trojans
c) Trojan-Downloader
d) Ransom Trojan
Answer: a
Explanation: An IM Trojan is a program that steals your logins & passwords for
instant messaging applications. It popularly attacked apps like AOL, Yahoo
Pager, and Skype with vulnerabilities.
2. _____________ can modify data on your system – so that your system doesn’t
run correctly or you can no longer access specific data, or it may even ask for
ransom in order to give your access.
a) IM – Trojans
b) Backdoor Trojans
c) Trojan-Downloader
d) Ransom Trojan
Answer: d
Explanation: Ransom Trojan can modify data on your system – so that your
system doesn’t run correctly or you can no longer access specific data, or it may
even ask for ransom in order to give your access.
3. The ______________ can cost you money, by sending text messages from your
mobile phone numbers.
a) IM – Trojans
b) Backdoor Trojans
c) SMS Trojan
d) Ransom Trojan
Answer: c
Explanation: The SMS Trojans can cost you money, by sending text messages
from your mobile phone numbers. These generally target the smart-phones &
some of them are designed to send their own composed SMS also, to embarrass
the receiver as well as the sender of the SMS.
4. Trojan-Spy programs can keep an eye on how you are using your system.
a) True
b) False
Answer: a
Explanation: Trojan-Spy programs can keep an eye on how you are using your
system. These are one of the most notorious silent observers which even track
your browsing data and record your behaviour. Also, it keeps track of all the
programs you use.
5. A ___________ is a method in which a computer security mechanism is
bypassed untraceable for accessing the computer or its information.
a) front-door
b) backdoor
c) clickjacking
d) key-logging
Answer: b
Explanation: Using backdoors hackers can breach computer security mechanism
for accessing the computer or its information. This type of code usually comes
attached with Trojans.
6. A _________________ may be a hidden part of a program, a separate infected

program a Trojan in disguise of an executable or code in the firmware of any
system’s hardware.
a) crypter
b) virus
c) backdoor
d) key-logger
Answer: c
Explanation: A backdoor may be a hidden part of a program, a separate infected
program a Trojan in disguise of an executable or code in the firmware of any
system’s hardware.
7. Backdoors cannot be designed as ______________
a) the hidden part of a program
b) as a part of Trojans
c) embedded code of the firmware
d) embedded with anti-malware
Answer: d
Explanation: Cyber-criminals use backdoors as a means through which they can
bypassed security postures untraceable. They may be a hidden part of a program,
a separate infected program a Trojan in disguise of an executable or code in the
firmware of any system’s hardware.
8. Trojans having backdoors are harmless.
a) True
b) False
Answer: b
Explanation: Backdoor trojans can cause huge damage as this is a method used
by hackers to breach computer security mechanism. These types of code usually
come attached with Trojans programs and can steal your personal data.
9. The threat of backdoors started when ____________ & ____________ OSs
became widely accepted.
a) single-user, Windows
b) multiuser, networked
c) single-user, UNIX
d) multiuser, UNIX
Answer: b
Explanation: Hackers take the help of backdoor to breach security mechanism &
bypassed for stealing different types of information from the target system. The
threat of backdoors started when multiuser & networked OS became widely
accepted.
10. Backdoors are also known as ______________
a) Malware-doors
b) Trojan-backups
c) Front-doors
d) Trapdoors
Answer: d
Explanation: Trapdoors popularly known as backdoors are used my cyber-
criminals as a method in which a system’s security methods can be bypassed
untraceable.
11. __________ is a powerful RAT build using the language Delphi 7.

a) Stuxnet
b) T-Bomb
c) Beast
d) Zeus
Answer: c
Explanation: Beast is a powerful RAT build using the language Delphi 7. One
special feature of Beast is that it can help attackers to create all types of Trojans
& it has capabilities of multiple Trojan types.
12. Which of the following is a remote Trojan?
a) Troya
b) DaCryptic
c) BankerA
d) Game-Troj
Answer: a
Explanation: Trojan is a small malicious program that runs hidden on the
infected system. They are created with the intent and they infected the system by
misleading the user. Troya is a remote Trojan which works remotely for its
creator.
Next Page »
Cyber Security Questions and Answers – Botnets
on “Botnets”.
1. A ___________ consists of at least one bot server or controller and one or more
client-bots.
a) Virus
b) Trojan
c) Botnet
d) Adware
Answer: c
Explanation: The botnet comprises one bot server or controller and one or more
client-bots. Botnets are managed by bot-herders. They have become major
threats to security as they are getting popular in the cyber-crime world.
2. Botnets are managed by ______________

a) Bot-holders
b) Bot-herders
c) Bot-trainers
d) Bot-creators
Answer: b
Explanation: A botnet consists of at least one bot server or controller and one or
more client-bots. Botnets are managed by bot-herders. The exact term is bot
herders.
3. A _____________ is a number of Internet-connected systems, where each of
them is running one or more bots.
a) Trojan
b) Virus
c) Worms
d) Botnet
Answer: d
Explanation: A botnet is a number of Internet-connected devices, each of which
is running one or more bots. Botnets are managed by bot-herders. These botnets
have become foremost threats to cyber-security.
4. _____________ are implemented to carry out distributed DDoS attacks, steal
data, send spam messages & permits the hacker to access various devices & its
connection.
a) Trojan
b) Virus
c) Botnet
d) Worms
Answer: c
Explanation: Botnets are implemented to carry out distributed DDoS attacks,
steal data, send spam messages & permits the hacker to access various devices &
its connection.
5. Botnets are not used for ______________
a) Perform DDoS
b) Steal bulk amount of sensitive data
c) Spamming
d) Encrypting for ransom
Answer: d
Explanation: Botnets usually are not used for encrypting files for ransom.
Botnets are implemented to carry out distributed DDoS attacks, steal data, send
spam messages & permits the hacker to access various devices & its connection.
6. The owner of botnets can control the botnet using ___________________
software.
a) trojans
b) command and control
c) servers
d) infected servers
7. The full form of C&C is ____________

a) command and control
b) copy and cut
c) command and capture
d) copy and control
Answer: a
Explanation: The owner of botnets can control the botnet using command &
control (C&C) software. Botnets are implemented to carry out distributed DDoS
attacks, steal data, send spam messages & permits the hacker to access various
devices & its connection.
8. The word “botnet” is a blend of the words _____________ & ___________
a) robot, network
b) rocket, network
c) bot, network
d) bot, internet
Answer: a
Explanation: The word “botnet” is a blend of the words robot & network.
Botnets usually are not used for encrypting files for ransom. They are
implemented to carry out distributed DDoS attacks, steal data, send spam
messages and compromise various services & its connection.
9. Botnets are not the logical connection of which of the following?
a) Smart-phones
b) IoT devices
c) Computer systems
d) Modems
Answer: d
Explanation: Botnets are logical connections of smart-phones, IoT devices,
computer systems etc. They are strong enough to carry out distributed denial of
service attacks & permit hackers to access various devices & its connection.
10. Infected computers and other systems within the botnet are called __________
a) killers
b) vampires
c) zombies
d) gargoyles
Answer: c
Explanation: Attackers use the botnet for connecting of smart-phones, IoT
devices, computer systems etc. These infected computers and other systems
within the botnet connection are called zombies or zombie computers.
11. The bot program allows the bot-herders to perform all operations from a
___________ location.
a) local
b) open
c) corporate
d) remote
Answer: d
Explanation: Infected computers and other systems within the botnet are called
zombies systems which are controlled by bot programs that allow the bot-herders
to perform all operations from a remote location.
12. Nowadays, most botnets rely on existing _______________ networks for
communication.
a) server-to-server
b) peer-to-peer
c) client-to-server
d) host-to-server
Answer: b
Explanation: Botnets are compromised connectivity of systems like smart-
phones, IoT devices, computer systems etc. Now-a-days, most botnets rely on
existing peer-to-peer networks for communication.
13. Which of the following is not an example of a botnet program?

a) Zeus
b) GameOver
c) ZeroAccess
d) MyDoom
Answer: d
Explanation: Examples of some popular botnets are gameOver, ZeroAccess, and
Zeus. The infect computers & other systems and turned them into zombies which
are also called zombies systems.
14. Which of the following is an example of Botnet?
a) Zeus
b) ILOVEYOU
c) Storm Worm
d) MyDoom
Answer: a
Explanation: Botnets are can compromise any system and turn them into zombie
computers. GameOver, Zeus etc. are examples of some popular botnets
programs.
15. Which of the following is an example of a Botnet program?
a) Slammer
b) GameOver
c) Stuxnet
d) Anna Kournikova
Answer: b
Explanation: Botnets create logical connections with internet connected devices
like smart-phones, IoT devices, computer systems etc. Examples of some
popular botnets are GameOver, ZeroAccess, & Zeus
Cyber Security Questions and Answers – Botnets
on “Botnets”.
1. A ___________ consists of at least one bot server or controller and one or more
client-bots.
a) Virus
b) Trojan
c) Botnet
d) Adware
2. Botnets are managed by ______________

a) Bot-holders
b) Bot-herders
c) Bot-trainers
d) Bot-creators
3. A _____________ is a number of Internet-connected systems, where each of

them is running one or more bots.
a) Trojan
b) Virus
c) Worms
d) Botnet
Answer: d
Explanation: A botnet is a number of Internet-connected devices, each of which
is running one or more bots. Botnets are managed by bot-herders. These botnets
have become foremost threats to cyber-security.
4. _____________ are implemented to carry out distributed DDoS attacks, steal
data, send spam messages & permits the hacker to access various devices & its
connection.
a) Trojan
b) Virus
c) Botnet
d) Worms
5. Botnets are not used for ______________
a) Perform DDoS
b) Steal bulk amount of sensitive data
c) Spamming
d) Encrypting for ransom
Answer: d
Explanation: Botnets usually are not used for encrypting files for ransom.
Botnets are implemented to carry out distributed DDoS attacks, steal data, send
spam messages & permits the hacker to access various devices & its connection.
6. The owner of botnets can control the botnet using ___________________
software.
a) trojans
b) command and control
c) servers
d) infected servers
Answer: b
Explanation: A botnet owner can govern and manage the botnet through
command & programs. Botnets are implemented to carry out distributed DDoS
7. The full form of C&C is ____________

a) command and control
b) copy and cut
c) command and capture
d) copy and control
Answer: a
Explanation: The owner of botnets can control the botnet using command &
control (C&C) software. Botnets are implemented to carry out distributed DDoS
8. The word “botnet” is a blend of the words _____________ & ___________
a) robot, network
b) rocket, network
c) bot, network
d) bot, internet
9. Botnets are not the logical connection of which of the following?

a) Smart-phones
b) IoT devices
c) Computer systems
d) Modems
Answer: d
Explanation: Botnets are logical connections of smart-phones, IoT devices,
computer systems etc. They are strong enough to carry out distributed denial of
service attacks & permit hackers to access various devices & its connection.
10. Infected computers and other systems within the botnet are called __________
a) killers
b) vampires
c) zombies
d) gargoyles
Answer: c
Explanation: Attackers use the botnet for connecting of smart-phones, IoT
devices, computer systems etc. These infected computers and other systems
within the botnet connection are called zombies or zombie computers.
11. The bot program allows the bot-herders to perform all operations from a
___________ location.
a) local
b) open
c) corporate
d) remote
Answer: d
Explanation: Infected computers and other systems within the botnet are called
zombies systems which are controlled by bot programs that allow the bot-herders
to perform all operations from a remote location.
12. Nowadays, most botnets rely on existing _______________ networks for
communication.
a) server-to-server
b) peer-to-peer
c) client-to-server
d) host-to-server
13. Which of the following is not an example of a botnet program?

a) Zeus
b) GameOver
c) ZeroAccess
d) MyDoom
Answer: d
Explanation: Examples of some popular botnets are gameOver, ZeroAccess, and
Zeus. The infect computers & other systems and turned them into zombies which
are also called zombies systems.
14. Which of the following is an example of Botnet?
a) Zeus
b) ILOVEYOU
c) Storm Worm
d) MyDoom
Answer: a
Explanation: Botnets are can compromise any system and turn them into zombie
computers. GameOver, Zeus etc. are examples of some popular botnets
programs.
15. Which of the following is an example of a Botnet program?
a) Slammer
b) GameOver
c) Stuxnet
d) Anna Kournikova
Answer: b
Explanation: Botnets create logical connections with internet connected devices
like smart-phones, IoT devices, computer systems etc. Examples of some
popular botnets are GameOver, ZeroAccess, & Zeus.
Cyber Security Questions and Answers – Digital Privacy
on “Digital Privacy”.
1. _______________deals with the protection of an individual’s information which
is implemented while using the Internet on any computer or personal device.
a) Digital agony
b) Digital privacy
c) Digital secrecy
d) Digital protection
Answer: b
Explanation: Digital Privacy deals with the protection of an individual’s
information which is implemented while using the Internet on any computer or
personal device.
2. _______________ is a combined term which encompasses 3 sub-pillars;

information privacy, individual privacy, and communication privacy.
a) Digital Integrity
b) Digital privacy
c) Digital secrecy
d) Digital protection
Answer: b
Explanation: Digital Privacy is a combined term which encompasses 3 sub-
pillars; information privacy, individual privacy, and communication privacy
where all of them deal with the protection of an individual’s information.
3. Which of the following do not comes under the three pillars of digital privacy?
a) Information privacy
b) Individual privacy
c) Communication privacy
d) Family privacy
Answer: d
Explanation: Digital Privacy encompasses 3 sub-pillars; information privacy,
individual privacy, and communication privacy. Family privacy is not a part of
its 3-pillars.
4. Which of the following is not an appropriate solution for preserving privacy?
a) Use privacy-focussed SE
b) Use private Browser-window
c) Disable cookies
d) Uninstall Antivirus
Answer: d
Explanation: Preserving data privacy needs some appropriate which are by using
privacy-focussed search engines, using private browser window and by disabling
cookies.
5. Which of the following is not an appropriate solution for preserving privacy?
a) Use privacy-focussed SE
b) Close all logical ports
c) Do not use malicious sites and torrent sites
d) Use VPN
Answer: b
Explanation: Closing of all logical ports is done to secure system from Trojans.
Some appropriate way out for preserving privacy is by using VPNs, using
private browser window & by disabling cookies also.
6. Which of the following is not a private Search-engine?
a) Yahoo
b) DuckDuckGo
c) StartPage
d) Wolfram Alpha
Answer: a
Explanation: Digital Privacy includes information privacy, individual privacy &
communication privacy. One appropriate solution for preserving privacy is by
using privacy-focussed search engines like DuckDuckGo, StartPage and
Wolfram Alpha.
7. Which of the following is a private Search-engine and do not track our searching
data?
a) Google
b) Search Encrypt
c) Bing
d) Yahoo
Answer: b
Explanation: Digital Privacy can be preserved in different ways. Few suitable
solutions for preserving privacy are by using privacy-focussed search engines
like Search Encrypt, DuckDuckGo, StartPage and Wolfram Alpha.
8. It is necessary to use ________________ for maintaining searched data privacy.
a) Private email services
b) Private search engines
c) Tor Browser
d) Private Browser window
Answer: b
Explanation: It is necessary to use private search engines for maintaining
searched data privacy. They do not keep track of your searched terms or your
browsing behaviour and habits. Examples are like Search Encrypt,
DuckDuckGo, StartPage and Wolfram Alpha.
9. Which of the following browser is used for Privacy purpose?
a) Chrome
b) Firefox
c) Opera
d) Tor
Answer: d
Explanation: In the complex world where e-privacy is a concern, one should
preserve their online privacy. Some appropriate measures for preserving privacy
are by using browsers like Tor and by disabling cookies.
10. The Tor browser protects your privacy by bouncing your connection and links
around a distributed network over the globe run by volunteers. It gives three layers
of anonymity.
a) True
b) False
Answer: a
Explanation: The Tor browser protects your privacy by bouncing your
connection and links around a distributed network over the globe run by
volunteers. It gives three layers of anonymity.
11. The __________________ protects your privacy by bouncing your connection
and links around a distributed network over the globe run by volunteers. It gives
three layers of anonymity.
a) Cookie removers
b) Private Search Engines
c) Tor browser
d) VPNs
Answer: c
Explanation: Privacy of data and communication is a major concern nowadays.
The Tor browser protects your privacy by bouncing your connection and links
around a distributed network over the globe run by volunteers.
12. Which of the following is not an example of privacy-browser?
a) Tor
b) Brave
c) Epic
d) Opera
Answer: d
Explanation: Digital Privacy gets eliminated if you are using usual browsers that
do not have encrypted security measures to preserve your piracy. One
appropriate solution for preserving privacy is by using browsers like Tor, Brave
and Epic.
13. ____________ allow its users to attach to the internet via a remote or virtual
server which preserves privacy.
a) Cookie removers
b) VPNs
c) Tor browser
d) Private Search Engines
Answer: b
Explanation: There is a suitable solution for preserving privacy is by using
privacy-focussed search engines, and by using VPNs. VPNs allow its users to
attach to the internet via a remote or virtual server which preserves privacy.
14. The ____________ transferred between your device & the server is securely
encrypted if you are using VPNs.
a) data
b) virus
c) music files
d) document files
Answer: a
Explanation: VPNs allow its users to attach to the internet via a remote or virtual
server which preserves privacy. The data transferred between your device & the
server is securely encrypted if you are using VPNs.
15. The data transferred between your device & the server is securely
_____________ if you’re using VPNs.
a) locked
b) sealed
c) packed
d) encrypted
Answer: d
Explanation: VPNs allow its users to attach to the internet via a remote or virtual
server which preserves privacy. If you are using VPN, the data between your
device & the server gets securely transmitted

Wa0000

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Wa0000

Încărcat de

Drepturi de autor:

Formate disponibile

Cyber Security Questions and Answers

OSI Model Security – 2

1. Which of the following is not a transport layer vulnerability?

6. Which of the following is not a vulnerability of the application layer?

TCP-IP Model Security

12. TCP/IP is composed of _______ number of layers.

17. RoBOT is abbreviated as ___________

Data Leakage and Prevention – 1

26. _____________ is the illicit transmission of data from inside an organization or

30. “Unauthorized” data leakage doesn’t essentially mean intended or malicious.

Data Leakage and Prevention – 2

33. ______________ is the unauthorized movement of data.

34. Which of them is an example of physical data leakage?

37. Which of the following is not a step of data-loss prevention?

42. ________________ is a component of the reconnaissance stage that is used to

43. How many types of footprinting are there?

Information Gathering Phase & Techniques – 2

58. The ______________ intelligence gathering is non-interfering & subtle in

63. ______________ is important to grab a quick understanding and analyzing

Scanning Phase for Security – 1

72. There are _______ types of scanning.

73. Which of the following is not an objective of scanning?

76. ICMP scanning is used to scan _______________

78. ________ attribute is used to tweak the ping timeout value.

84. ____________ scanning is a procedure to identify active hosts on your

Scanning Phase for Security – 2

87. In port scanning, a port is always associated with the _____________

88. ________________ is a tool which uses traceroute-like techniques for

99. Which one of them is not a network scanner?

102. There are _______ major ways of stealing email information.

103. Which of them is not a major way of stealing email information?

114. Unsolicited Bulk E-mails (UBI) are called __________

Cyber Security Questions and Answers – Email Security – 2

129. Which of the following is not an email related hacking tool?

Password Cracking and Security Measures – 1

134. Password cracking in system hacking is of ________ types.

Password Cracking and Security Measures – 2

148. Saving passwords in the browser is a good habit.

149. Which of the following is not an advantage of dictionary attack?

153. Brute force attack is ______________

158. _____________ are based on dictionary attack techniques where the

160. __________ passwords are next level of security.

161. BIOS is abbreviated as _______________

165. The _______________ is a security app by Microsoft which is a built-in one

170. A __________ is a dedicatedly designed chip on an endpoint device which

Mobile Phone Security

173. Which of the following is not an OS for mobile?

184. Which of the following tool is used for Blackjacking?

187. ____________________ is the anticipation of unauthorized access or break to

188. Which among them has the strongest wireless security?

203. Which of the following is not a type of virus?

214. ____________ deletes all the files that it infects.

Cyber Security Questions and Answers – Trojans and Backdoors – 1

2. ____________ works in background and steals sensitive data.

7. Trojans do not do one of the following. What is that?

13. ______________ perform automated DoS (Denial of Service) attacks on a

Cyber Security Questions and Answers – Trojans and Backdoors – 2

6. A _________________ may be a hidden part of a program, a separate infected

11. __________ is a powerful RAT build using the language Delphi 7.

Cyber Security Questions and Answers – Botnets

2. Botnets are managed by ______________

7. The full form of C&C is ____________

13. Which of the following is not an example of a botnet program?