Uploaded by ENDER BLASTER

QUIZ COMP QUESTIONS[1]

advertisement
1. Which of the following best describes a "zero-day vulnerability"?
A) A software vulnerability known to attackers but not yet patched.
B) A vulnerability that has been patched but is still exploited.
C) A vulnerability that has been known for at least a day.
D) A vulnerability with zero impact on system security.
2. What type of attack involves an attacker intercepting communication between two parties and
then relaying the messages without their knowledge?
A) Man-in-the-Middle (MitM) attack
B) Distributed Denial of Service (DDoS) attack
C) Phishing attack
D) Ransomware attack
3. Which encryption algorithm is considered the most secure and is widely used to secure internet
communication?
A) AES (Advanced Encryption Standard)
B) DES (Data Encryption Standard)
C) RSA (Rivest-Shamir-Adleman)
D) SHA-256 (Secure Hash Algorithm 256-bit)
4. What is the primary purpose of a firewall in network security?
A) Detect and remove malware from a network.
B) Encrypt all network traffic for privacy.
C) Filter and control incoming and outgoing network traffic.
D) Create a virtual private network (VPN) for secure communication.
5. Which of the following authentication factors falls under the category of "something you are"?
A) Password
B) PIN
C) Fingerprint
D) Security token
6. What type of malware disguises itself as legitimate software but performs malicious actions
without the user's knowledge?
A) Worm
B) Trojan horse
C) Ransomware
D) Spyware
7. In the context of cybersecurity, what does "phishing" refer to?
A) Hacking into computer systems using phishing lures.
B) Sending unsolicited marketing emails.
C) Deceiving individuals into revealing sensitive information.
D) Attacking network infrastructure with fraudulent emails.
8. What does the term "Two-Factor Authentication (2FA)" mean in cybersecurity?
A) Using two different antivirus programs on a computer.
B) Authenticating through a fingerprint and a retina scan.
C) Using two separate authentication methods to verify identity.
D) Accessing two different secure websites simultaneously.
9. Which cybersecurity principle involves restricting user access rights to only the resources
necessary for their job?
A) Least Privilege
B) Defense in Depth
C) Security by Obscurity
D) Security through Obscurity
10. What is the main goal of a "penetration test" in cybersecurity?
A) To detect and remove malware from a network.
B) To identify vulnerabilities in a system or network before attackers can exploit them.
C) To secure a wireless network from unauthorized access.
D) To test the speed and bandwidth of a network connection.
11. What does the term "BYOD" stand for in the context of cybersecurity?
A) Bring Your Own Device
B) Build Your Own Defense
C) Block Your Online Data
D) Backup Your Operating Devices
12. Which of the following is NOT a common authentication factor used in multi-factor
authentication (MFA)?
A) Something you know
B) Something you have
C) Something you see
D) Something you are
13. What type of cyberattack occurs when an attacker floods a network or website with excessive
traffic to make it unavailable to users?
A) Phishing attack
B) Brute force attack
C) DDoS (Distributed Denial of Service) attack
D) Ransomware attack
14. What is the main purpose of a Virtual Private Network (VPN) in cybersecurity?
A) To encrypt email messages
B) To provide a secure connection over an untrusted network
C) To block all incoming network traffic
D) To detect and remove malware from a computer
15. What is the primary function of an Intrusion Detection System (IDS) in cybersecurity?
A) To prevent unauthorized access to a network
B) To encrypt sensitive data
C) To monitor network traffic and detect suspicious activity
D) To back up data to an offsite location
16. Which cybersecurity concept involves the practice of creating regular backups of data and
systems to prevent data loss in case of an incident?
A) Digital forensics
B) Disaster recovery
C) Honeypot
D) Social engineering
17. What does the acronym "IoT" stand for in the context of cybersecurity?
A) Internet of Things
B) Input/Output Technology
C) Information Overload Technology
D) International Online Transactions
18. Which type of malware is designed to self-replicate and spread to other computers without the
user's knowledge?
A) Ransomware
B) Spyware
C) Worm
D) Trojan horse
19. Which of the following is an example of a strong and secure password?
A) "password123"
B) "P@ssw0rd!2023"
C) "123456"
D) "admin"
20. What is the primary purpose of a Security Information and Event Management (SIEM) system in
cybersecurity?
A) To provide antivirus protection
B) To manage encryption keys
C) To collect, analyze, and correlate security event data
D) To perform vulnerability assessments
21. In the context of cybersecurity, what is a "honeypot"?
A) A cybersecurity training program
B) A deceptive system designed to attract and trap attackers
C) A type of encryption algorithm
D) A tool for encrypting emails
22. What is the purpose of a "sandbox" in cybersecurity?
A) To store sensitive data
B) To test and isolate potentially malicious software
C) To block all network traffic
D) To monitor user activity
23. Which protocol is commonly used for secure communication on the web and is represented by
"https://" in URLs?
A) HTTP (Hypertext Transfer Protocol)
B) SMTP (Simple Mail Transfer Protocol)
C) FTP (File Transfer Protocol)
D) SSL/TLS (Secure Sockets Layer/Transport Layer Security)
24. What does "social engineering" involve in cybersecurity?
A) Attacking computer systems through social media
B) Manipulating people into revealing confidential information or performing actions against their
best interests
C) Enhancing social media security
D) Developing secure social networking sites
25. Which type of malware encrypts a user's files and demands a ransom payment for their release?
A) Spyware
B) Adware
C) Ransomware
D) Worm
26. What is a "zero-trust" security model, and how does it differ from traditional security models?
A) A model that trusts all users and devices equally.
B) A model that relies on strong perimeter defenses.
C) A model that assumes no trust and requires verification for every user and device attempting to
access resources.
D) A model that only trusts users with the highest security clearances.
27. What is a "supply chain attack" in cybersecurity, and why is it a significant threat?
A) An attack on a company's vending machine supply.
B) An attack on a company's internal communication systems.
C) An attack that targets vulnerabilities in third-party software or hardware providers to
compromise a target organization.
D) An attack that targets a company's financial supply chain.
28. What is "E2EE" in the context of messaging apps, and why is it important for user privacy?
A) End-to-End Encryption; it ensures that messages are only readable by the sender.
B) End-to-End Encryption; it ensures that messages are only stored on the sender's device.
C) End-to-End Erasure Encryption; it ensures that messages are deleted immediately after being
read.
D) End-to-End Erasure Encryption; it ensures that messages are never transmitted.
29. What is the "Principle of Least Common Mechanism" in computer security, and how does it
relate to system security?
A) It states that the most common security mechanisms should be used in all systems.
B) It recommends using a single, common security mechanism for all systems to simplify
management.
C) It suggests that each user or component should have its own unique security mechanism,
reducing the risk of compromise.
D) It argues that common security mechanisms should be shared across multiple systems to
improve efficiency.
30. In the context of cybersecurity, what does "threat intelligence" refer to, and how can
organizations use it to enhance their security posture?
A) It is information about potential threats but has no practical use for security.
B) It is the process of gathering information about competitors in the cybersecurity industry.
C) It refers to the knowledge and analysis of potential threats and vulnerabilities that
organizations can use to proactively protect their systems.
D) It is the intelligence agencies' assessment of national security threats unrelated to
cybersecurity.
Download