Q.1 What does CIA in cybersecurity stand for?
Confidentiality, Integrity, Availability
Control, Inspection, Authentication
Cryptography, Integrity, Access
Confidentiality, Information, Authorization
Explanation - CIA stands for Confidentiality, Integrity, and Availability, which are the three core principles of cybersecurity.
Correct answer is: Confidentiality, Integrity, Availability
Q.2 Which of the following best describes a 'Zero-Day Vulnerability'?
A bug found after a patch is released
A flaw unknown to the vendor with no fix available
A virus that lasts zero seconds
A type of denial of service attack
Explanation - A zero-day vulnerability is a software flaw unknown to the vendor, making it exploitable until a fix is developed.
Correct answer is: A flaw unknown to the vendor with no fix available
Q.3 Which encryption method uses the same key for encryption and decryption?
Asymmetric Encryption
Symmetric Encryption
Hashing
Digital Signatures
Explanation - Symmetric encryption relies on the same secret key for both encrypting and decrypting the data.
Correct answer is: Symmetric Encryption
Q.4 In SQL injection, what is typically exploited?
Operating System commands
Web browser cache
Improper input validation in SQL queries
Encryption algorithms
Explanation - SQL injection exploits weak input validation, allowing attackers to manipulate SQL queries to access or alter data.
Correct answer is: Improper input validation in SQL queries
Q.5 What is the main purpose of a firewall?
Encrypt data transmissions
Filter incoming and outgoing network traffic
Prevent phishing emails
Detect malware on a system
Explanation - A firewall acts as a barrier that filters network traffic based on predefined security rules.
Correct answer is: Filter incoming and outgoing network traffic
Q.6 What is 'Phishing' in cybersecurity?
Guessing passwords
Tricking users to reveal sensitive information
Overloading a system with traffic
Intercepting network packets
Explanation - Phishing involves deceiving users into revealing sensitive information like passwords through fake emails or websites.
Correct answer is: Tricking users to reveal sensitive information
Q.7 Which of the following is an example of two-factor authentication?
Password only
Password and OTP sent to phone
Fingerprint only
Captcha verification
Explanation - Two-factor authentication requires two different verification factors, like a password and a one-time code.
Correct answer is: Password and OTP sent to phone
Q.8 Which type of attack involves overwhelming a system with excessive requests?
SQL Injection
Man-in-the-Middle
Denial of Service
Phishing
Explanation - Denial of Service (DoS) attacks overwhelm a system with requests, preventing legitimate users from accessing it.
Correct answer is: Denial of Service
Q.9 What does SSL stand for in web security?
Secure System Login
Secure Socket Layer
System Security Lock
Strong Safety Layer
Explanation - SSL (Secure Socket Layer) is a protocol that encrypts data transferred between a web server and browser.
Correct answer is: Secure Socket Layer
Q.10 What is a 'Man-in-the-Middle' attack?
Intercepting communication between two parties
Replacing software with malware
Using brute force on passwords
Overloading a server with traffic
Explanation - A Man-in-the-Middle attack occurs when an attacker secretly intercepts and alters communication between two parties.
Correct answer is: Intercepting communication between two parties
Q.11 What is the purpose of hashing in security?
Encrypt and decrypt data
Generate unique fixed-size values for data
Block unauthorized access
Create backups of data
Explanation - Hashing converts input data into a fixed-size hash value, mainly used for password storage and integrity checks.
Correct answer is: Generate unique fixed-size values for data
Q.12 Which of the following is NOT a strong password?
P@ssw0rd!
123456
Qwerty#99
S3cur3$Key
Explanation - A strong password includes a mix of letters, numbers, and symbols. '123456' is weak and easily guessable.
Correct answer is: 123456
Q.13 What is the purpose of intrusion detection systems (IDS)?
Encrypt data traffic
Detect unauthorized access attempts
Provide firewall services
Prevent hardware failures
Explanation - An IDS monitors network/system activities for malicious actions or policy violations.
Correct answer is: Detect unauthorized access attempts
Q.14 Which one is an example of social engineering?
Brute force attack
Phishing email
SQL injection
Buffer overflow
Explanation - Social engineering manipulates people into revealing information. Phishing emails trick users to share credentials.
Correct answer is: Phishing email
Q.15 Which security model emphasizes 'least privilege'?
Bell-LaPadula
Clark-Wilson
Role-Based Access Control
Discretionary Access Control
Explanation - RBAC assigns minimum necessary permissions to users based on their roles, following the principle of least privilege.
Correct answer is: Role-Based Access Control
Q.16 What is the main purpose of digital signatures?
Ensure data confidentiality
Verify authenticity and integrity of data
Encrypt communications
Block malware
Explanation - Digital signatures are used to verify the authenticity of a sender and ensure data integrity.
Correct answer is: Verify authenticity and integrity of data
Q.17 What is ransomware?
Software used for secure backup
Malware that encrypts data and demands payment
Program for managing passwords
Tool for preventing phishing attacks
Explanation - Ransomware is malicious software that encrypts files and demands payment for their release.
Correct answer is: Malware that encrypts data and demands payment
Q.18 What does 'Brute Force Attack' mean?
Overloading a server with requests
Trying all possible password combinations
Injecting malicious SQL code
Intercepting network data
Explanation - Brute force attacks involve guessing passwords by trying all possible combinations until the correct one is found.
Correct answer is: Trying all possible password combinations
Q.19 What is the main function of a VPN?
Provide free internet
Encrypt internet traffic and hide IP address
Detect viruses
Block phishing attempts
Explanation - A VPN secures connections by encrypting traffic and masking the user's IP address.
Correct answer is: Encrypt internet traffic and hide IP address
Q.20 What is the primary risk of using public Wi-Fi without protection?
Faster internet speed
IP address exposure only
Being vulnerable to packet sniffing and MITM attacks
Loss of email access
Explanation - Unsecured public Wi-Fi allows attackers to intercept communications through packet sniffing or MITM attacks.
Correct answer is: Being vulnerable to packet sniffing and MITM attacks
Q.21 What does the principle of 'Defense in Depth' mean?
Using multiple layers of security controls
Encrypting data only once
Having a strong firewall alone
Keeping software updated
Explanation - Defense in Depth involves using multiple overlapping security measures to protect systems and data.
Correct answer is: Using multiple layers of security controls
Q.22 Which of these is a type of malware that spreads without user interaction?
Trojan Horse
Worm
Spyware
Keylogger
Explanation - A worm is self-replicating malware that spreads across networks without user intervention.
Correct answer is: Worm
Q.23 What does patch management involve?
Developing new software features
Applying updates to fix vulnerabilities
Encrypting application code
Creating backups
Explanation - Patch management involves updating systems with fixes for vulnerabilities to prevent exploitation.
Correct answer is: Applying updates to fix vulnerabilities
Q.24 Which of these attacks targets human psychology more than technology?
Buffer Overflow
Trojan Horse
Social Engineering
SQL Injection
Explanation - Social engineering manipulates human behavior rather than exploiting technical flaws.
Correct answer is: Social Engineering
Q.25 What is the purpose of penetration testing?
To design a secure network
To intentionally exploit vulnerabilities for testing security
To encrypt network data
To block all unauthorized users
Explanation - Penetration testing simulates attacks to identify security weaknesses before real attackers exploit them.
Correct answer is: To intentionally exploit vulnerabilities for testing security