Cyber Security MCQ

Leave a Comment / By /

In today’s digital era, cyber security plays a pivotal role in ensuring that our data, systems, and digital infrastructure remain safe from malicious threats. As cyber-attacks become increasingly sophisticated, understanding the basics of cyber security is more important than ever. Embark on this journey with 25 MCQs that will test and enhance your knowledge of the cyber security landscape.

1. What is the primary objective of cyber security?

a) Monitoring user activities
b) Protecting systems from threats
c) Developing software applications
d) Enhancing system performance

Answer:

b) Protecting systems from threats

Explanation:

The primary goal of cyber security is to defend systems, networks, and data from digital attacks or unauthorized access.

2. Which of the following refers to verifying the identity of a user, system, or application?

a) Authentication
b) Encryption
c) Authorization
d) Validation

Answer:

a) Authentication

Explanation:

Authentication ensures that users are who they claim to be. It's like checking an ID card at the entrance.

3. Which of the following is a common tool used for authentication?

a) VPN
b) Firewall
c) One-time password (OTP)
d) Authorization Matrix

Answer:

c) One-time password (OTP)

Explanation:

An OTP is a password that is valid for only one login session or transaction. It is a commonly used mechanism for authentication.

4. Which of the following is NOT a type of malware?

a) Phish
b) Worm
c) Trojan
d) Virus

Answer:

a) Phish

Explanation:

While "phishing" is a cyber attack method that aims to gather sensitive information, "phish" isn't a type of malware. Worms, Trojans, and viruses are all malware types.

5. Which attack specifically targets vulnerabilities in a web application?

a) DDoS attack
b) Man-in-the-middle attack
c) SQL injection
d) Phishing

Answer:

c) SQL injection

Explanation:

SQL injection attacks target web applications by inserting malicious SQL code into query strings, potentially gaining unauthorized access to the underlying database.

6. What does "CIA" stand for in the context of information security principles?

a) Confidentiality, Integrity, Authentication
b) Confidentiality, Integrity, Authorization
c) Confidentiality, Integrity, Availability
d) Confidentiality, Inspection, Authentication

Answer:

c) Confidentiality, Integrity, Availability

Explanation:

The CIA triad is a widely-used model that guides policies for information security within an organization.

7. Which tool is primarily used for passive reconnaissance?

a) Nmap
b) Metasploit
c) Whois
d) John the Ripper

Answer:

c) Whois

Explanation:

Whois is used to gather information about who owns a domain name or IP address, making it a tool for passive reconnaissance.

8. 'Authorization' in Cyber Security is mainly concerned with:

a) Verifying user identity
b) Deciding which resources a user can access
c) Protecting data from viruses
d) Setting up VPNs

Answer:

b) Deciding which resources a user can access

Explanation:

While authentication validates the user's identity, authorization determines what permissions that authenticated user has.

9. Which type of attack captures data packets to extract information?

a) Sniffing
b) Spoofing
c) Spamming
d) Pharming

Answer:

a) Sniffing

Explanation:

Sniffing attacks involve capturing and inspecting data packets as they travel across networks to extract sensitive information.

10. What is a honeypot in the context of cyber security?

a) A tool to detect vulnerabilities in software
b) A type of malware that gathers information
c) A decoy system to attract cyber attackers
d) A method to encrypt data

Answer:

c) A decoy system to attract cyber attackers

Explanation:

A honeypot is a decoy system or network site that appears to be part of a network, but is actually isolated and monitored. Its purpose is to attract and divert an attacker.

11. Which of the following is NOT a type of access control?

a) Mandatory Access Control (MAC)
b) Role-Based Access Control (RBAC)
c) Discretionary Access Control (DAC)
d) Malware Access Control (MAV)

Answer:

d) Malware Access Control (MAV)

Explanation:

MAV isn't a recognized access control type. MAC, RBAC, and DAC are common methodologies to define and restrict system access to authorized users.

12. Which of the following refers to the process of confirming the identity of a user?

a) Authorization
b) Availability
c) Encryption
d) Authentication

Answer:

d) Authentication

Explanation:

Authentication is the process of verifying the identity of a user, system, or application.

13. A VPN (Virtual Private Network) primarily helps in:

a) Speeding up the internet connection
b) Setting user permissions
c) Creating a secure connection over the internet
d) Authenticating users

Answer:

c) Creating a secure connection over the internet

Explanation:

VPNs are designed to create a private network from a public internet connection. They ensure your browsing remains private and secure.

14. What is the primary goal of a Distributed Denial of Service (DDoS) attack?

a) Steal sensitive information
b) Gain unauthorized access to systems
c) Disrupt service availability
d) Inject malicious scripts into web applications

Answer:

c) Disrupt service availability

Explanation:

DDoS attacks aim to overwhelm target services with excessive requests, causing service interruptions or outages.

15. Which encryption method encodes information in such a way that only the authorized party can read it, but does not require a secret key for decryption?

a) Symmetric encryption
b) Hashing
c) Asymmetric encryption
d) Steganography

Answer:

b) Hashing

Explanation:

Hashing converts information into a fixed size of characters, which usually isn't meant to be decrypted. It is commonly used for verifying data integrity.

16. Which of the following best describes the term "firewall"?

a) A tool to detect malware
b) A system designed to block unauthorized access
c) A type of virus
d) An encryption algorithm

Answer:

b) A system designed to block unauthorized access

Explanation:

A firewall is a system that monitors and controls incoming and outgoing network traffic based on predetermined security policies, effectively establishing a barrier between trusted and untrusted networks.

17. In cyber security, what does "VPN" stand for?

a) Virtual Protocol Network
b) Vital Protection Notation
c) Verified Private Node
d) Virtual Private Network

Answer:

d) Virtual Private Network

Explanation:

A VPN extends a private network across a public network and enables users to send and receive data across shared or public networks as if their devices were directly connected to the private network.

18. What is a primary difference between a worm and a virus?

a) Worms are harmful, viruses are not
b) Worms replicate themselves, viruses do not
c) Viruses replicate themselves, worms do not
d) Worms require user action to spread, viruses do not

Answer:

b) Worms replicate themselves, viruses do not

Explanation:

Both worms and viruses are malicious software. However, a primary difference is that worms can replicate themselves and spread without any user action, while viruses typically require some form of user action to spread.

19. Which of the following techniques can hide malware in an image or audio file?

a) SQL injection
b) DDoS attack
c) Steganography
d) Cross-site scripting

Answer:

c) Steganography

Explanation:

Steganography is the practice of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection.

20. A digital certificate is used to verify the:

a) Integrity of a message
b) Identity of a website or entity
c) Password strength of a user
d) Efficiency of a security policy

Answer:

b) Identity of a website or entity

Explanation:

Digital certificates are used to confirm the identity of the certificate holder and provide the receiver with a means to encode their messages to the holder.

21. Which term refers to software applications that are specifically designed to detect and block malware?

a) IDS (Intrusion Detection System)
b) UTM (Unified Threat Management)
c) Antivirus
d) Proxy Server

Answer:

c) Antivirus

Explanation:

Antivirus software is specifically designed to detect, prevent, and remove malicious software, including viruses.

22. An attacker who relies on user error to gain unauthorized access, typically by tricking the user, is using:

a) a RAT
b) social engineering
c) ransomware
d) a logic bomb

Answer:

b) social engineering

Explanation:

Social engineering exploits human psychology rather than technical vulnerabilities, often tricking individuals into revealing sensitive information or performing specific actions.

23. Which type of attack redirects a web user to a fake website even when the user has typed in the correct address?

a) Spoofing
b) Pharming
c) Sniffing
d) Phishing

Answer:

b) Pharming

Explanation:

Pharming redirects users to fraudulent websites without their knowledge or consent, often achieved by hijacking domain names or manipulating DNS servers.

24. What does "2FA" stand for in the realm of cyber security?

a) Two-Function Authentication
b) Two-Factor Algorithm
c) Two-Field Access
d) Two-Factor Authentication

Answer:

d) Two-Factor Authentication

Explanation:

Two-Factor Authentication is an added layer of security that requires a user to provide two types of identification before accessing an account.

25. Which of the following tools is widely used for penetration testing?

a) Wireshark
b) Metasploit
c) McAfee
d) Wi-Fi Analyzer

Answer:

b) Metasploit

Explanation:

Metasploit is a popular penetration testing framework used to discover, exploit, and validate vulnerabilities in various systems.


Related MCQ (Multiple Choice Questions) :

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top