In today’s digital era, cyber security plays a pivotal role in ensuring that our data, systems, and digital infrastructure remain safe from malicious threats. As cyber-attacks become increasingly sophisticated, understanding the basics of cyber security is more important than ever. Embark on this journey with 25 MCQs that will test and enhance your knowledge of the cyber security landscape.
1. What is the primary objective of cyber security?
Answer:
Explanation:
The primary goal of cyber security is to defend systems, networks, and data from digital attacks or unauthorized access.
2. Which of the following refers to verifying the identity of a user, system, or application?
Answer:
Explanation:
Authentication ensures that users are who they claim to be. It's like checking an ID card at the entrance.
3. Which of the following is a common tool used for authentication?
Answer:
Explanation:
An OTP is a password that is valid for only one login session or transaction. It is a commonly used mechanism for authentication.
4. Which of the following is NOT a type of malware?
Answer:
Explanation:
While "phishing" is a cyber attack method that aims to gather sensitive information, "phish" isn't a type of malware. Worms, Trojans, and viruses are all malware types.
5. Which attack specifically targets vulnerabilities in a web application?
Answer:
Explanation:
SQL injection attacks target web applications by inserting malicious SQL code into query strings, potentially gaining unauthorized access to the underlying database.
6. What does "CIA" stand for in the context of information security principles?
Answer:
Explanation:
The CIA triad is a widely-used model that guides policies for information security within an organization.
7. Which tool is primarily used for passive reconnaissance?
Answer:
Explanation:
Whois is used to gather information about who owns a domain name or IP address, making it a tool for passive reconnaissance.
8. 'Authorization' in Cyber Security is mainly concerned with:
Answer:
Explanation:
While authentication validates the user's identity, authorization determines what permissions that authenticated user has.
9. Which type of attack captures data packets to extract information?
Answer:
Explanation:
Sniffing attacks involve capturing and inspecting data packets as they travel across networks to extract sensitive information.
10. What is a honeypot in the context of cyber security?
Answer:
Explanation:
A honeypot is a decoy system or network site that appears to be part of a network, but is actually isolated and monitored. Its purpose is to attract and divert an attacker.
11. Which of the following is NOT a type of access control?
Answer:
Explanation:
MAV isn't a recognized access control type. MAC, RBAC, and DAC are common methodologies to define and restrict system access to authorized users.
12. Which of the following refers to the process of confirming the identity of a user?
Answer:
Explanation:
Authentication is the process of verifying the identity of a user, system, or application.
13. A VPN (Virtual Private Network) primarily helps in:
Answer:
Explanation:
VPNs are designed to create a private network from a public internet connection. They ensure your browsing remains private and secure.
14. What is the primary goal of a Distributed Denial of Service (DDoS) attack?
Answer:
Explanation:
DDoS attacks aim to overwhelm target services with excessive requests, causing service interruptions or outages.
15. Which encryption method encodes information in such a way that only the authorized party can read it, but does not require a secret key for decryption?
Answer:
Explanation:
Hashing converts information into a fixed size of characters, which usually isn't meant to be decrypted. It is commonly used for verifying data integrity.
16. Which of the following best describes the term "firewall"?
Answer:
Explanation:
A firewall is a system that monitors and controls incoming and outgoing network traffic based on predetermined security policies, effectively establishing a barrier between trusted and untrusted networks.
17. In cyber security, what does "VPN" stand for?
Answer:
Explanation:
A VPN extends a private network across a public network and enables users to send and receive data across shared or public networks as if their devices were directly connected to the private network.
18. What is a primary difference between a worm and a virus?
Answer:
Explanation:
Both worms and viruses are malicious software. However, a primary difference is that worms can replicate themselves and spread without any user action, while viruses typically require some form of user action to spread.
19. Which of the following techniques can hide malware in an image or audio file?
Answer:
Explanation:
Steganography is the practice of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection.
20. A digital certificate is used to verify the:
Answer:
Explanation:
Digital certificates are used to confirm the identity of the certificate holder and provide the receiver with a means to encode their messages to the holder.
21. Which term refers to software applications that are specifically designed to detect and block malware?
Answer:
Explanation:
Antivirus software is specifically designed to detect, prevent, and remove malicious software, including viruses.
22. An attacker who relies on user error to gain unauthorized access, typically by tricking the user, is using:
Answer:
Explanation:
Social engineering exploits human psychology rather than technical vulnerabilities, often tricking individuals into revealing sensitive information or performing specific actions.
23. Which type of attack redirects a web user to a fake website even when the user has typed in the correct address?
Answer:
Explanation:
Pharming redirects users to fraudulent websites without their knowledge or consent, often achieved by hijacking domain names or manipulating DNS servers.
24. What does "2FA" stand for in the realm of cyber security?
Answer:
Explanation:
Two-Factor Authentication is an added layer of security that requires a user to provide two types of identification before accessing an account.
25. Which of the following tools is widely used for penetration testing?
Answer:
Explanation:
Metasploit is a popular penetration testing framework used to discover, exploit, and validate vulnerabilities in various systems.