Category: Cyber Security Objective Questions

Cyber Security Multiple Choice Questions on “Elements of Security”.

1. In general how many key elements constitute the entire security structure?
a) 1
b) 2
c) 3
d) 4

Answer: d
Clarification: The 4 key elements that constitute the security are: confidentiality, integrity, authenticity & availability. Authenticity is not considered as one of the key elements in some other security models, but the popular CIA Triad eliminates this as authenticity at times comes under confidentiality & availability.

2. According to the CIA Triad, which of the below-mentioned element is not considered in the triad?
a) Confidentiality
b) Integrity
c) Authenticity
d) Availability
Answer: c

3. This is the model designed for guiding the policies of Information security within a company, firm or organization. What is “this” referred to here?
a) Confidentiality
b) Non-repudiation
c) CIA Triad
d) Authenticity

Answer: c
Clarification: Various security models were being developed till date. This is by far the most popular and widely used model which on the information’s confidentiality, integrity as well as availability and how these key elements can be preserved for a better security in any organization.

4. CIA triad is also known as ________
a) NIC (Non-repudiation, Integrity, Confidentiality)
b) AIC (Availability, Integrity, Confidentiality)
c) AIN (Availability, Integrity, Non-repudiation)
d) AIC (Authenticity, Integrity, Confidentiality)

Answer: b
Clarification: This approach of naming it CIA Triad as AIC (Availability, Integrity, Confidentiality) Triad because people get confused about this acronym with the abbreviation and the secret agency name Central Intelligence Agency.

5. When you use the word _____ it means you are protecting your data from getting disclosed.
a) Confidentiality
b) Integrity
c) Authentication
d) Availability

Answer: a
Clarification: Confidentiality is what every individual prefer in terms of physical privacy as well as digital privacy. This term means our information needs to be protected from getting disclose to unauthorised parties, for which we use different security mechanisms like password protection, biometric security, OTPs (One Time Passwords) etc.

6. ______ means the protection of data from modification by unknown users.
a) Confidentiality
b) Integrity
c) Authentication
d) Non-repudiation

Answer: b
Clarification: A information only seems valuable if it is correct and do not get modified during its journey in the course of arrival. The element integrity makes sure that the data sent or generated from other end is correct and is not modified by any unauthorised party in between.

7. When integrity is lacking in a security system, _________ occurs.
a) Database hacking
b) Data deletion
c) Data tampering
d) Data leakage

Answer: c
Clarification: The term data tampering is used when integrity is compromised in any security model and checking its integrity later becomes costlier. Example: let suppose you sent $50 to an authorised person and in between a Man in the Middle (MiTM) attack takes place and the value has tampered to $500. This is how integrity is compromised.

8. _______ of information means, only authorised users are capable of accessing the information.
a) Confidentiality
b) Integrity
c) Non-repudiation
d) Availability

Answer: d
Clarification: Information seems useful only when right people (authorised users) access it after going through proper authenticity check. The key element availability ensures that only authorised users are able to access the information.

9. Why these 4 elements (confidentiality, integrity, authenticity & availability) are considered fundamental?
a) They help understanding hacking better
b) They are key elements to a security breach
c) They help understands security and its components better
d) They help to understand the cyber-crime better

Answer: c
Clarification: The four elements of security viz. confidentiality, integrity, authenticity & availability helps in better understanding the pillars of security and its different components.

10. This helps in identifying the origin of information and authentic user. This referred to here as __________
a) Confidentiality
b) Integrity
c) Authenticity
d) Availability

Answer: c
Clarification: The key element, authenticity helps in assuring the fact that the information is from the original source.

11. Data ___________ is used to ensure confidentiality.
a) Encryption
b) Locking
c) Deleting
d) Backup

Answer: a
Clarification: Data encryption is the method of converting plain text to cipher-text and only authorised users can decrypt the message back to plain text. This preserves the confidentiality of data.

12. Which of these is not a proper method of maintaining confidentiality?
a) Biometric verification
b) ID and password based verification
c) 2-factor authentication
d) switching off the phone

Answer: d
Clarification: Switching off the phone in the fear of preserving the confidentiality of data is not a proper solution for data confidentiality. Fingerprint detection, face recognition, password-based authentication, two-step verifications are some of these.

13. Data integrity gets compromised when _____ and _____ are taken control off.
a) Access control, file deletion
b) Network, file permission
c) Access control, file permission
d) Network, system

Answer: c
Clarification: The two key ingredients that need to be kept safe are: access control & file permission in order to preserve data integrity.

14. ______ is the latest technology that faces an extra challenge because of CIA paradigm.
a) Big data
b) Database systems
c) Cloud storages
d) Smart dust

Answer: a
Clarification: Big data has additional challenges that it has to face because of the tremendous volume of data that needs protection as well as other key elements of the CIA triad, which makes the entire process costly and time-consuming.

15. One common way to maintain data availability is __________
a) Data clustering
b) Data backup
c) Data recovery
d) Data Altering

Answer: b
Clarification: For preventing data from data-loss, or damage data backup can be done and stored in a different geographical location so that it can sustain its data from natural disasters & unpredictable events.

Cyber Security test on “Buffer Overflow”.

1. Buffer-overflow attack can take place if a machine can execute a code that resides in the data/stack segment.
a) True
b) False

Answer: a
Clarification: Buffer-overflow attack can take place either the programmer lack boundary testing or if a machine can execute a code that resides in the data/stack segment.

2. Among the two types ____________buffer-overflow is complex to execute and the least common attack that may take place.
a) memory-based
b) queue-based
c) stack-based
d) heap-based

Answer: d
Clarification: Among the two types of buffer-overflow, heap-based buffer-overflow attacks are hard to execute and the least common of the 2 types. It attacks the application by flooding the space of memory that is reserved for a program.

3. _____________ buffer overflows, which are more common among attackers.
a) Memory-based
b) Queue-based
c) Stack-based
d) Heap-based

Answer: c
Clarification: In the case of stack-based buffer overflows, which is very common among the two types of buffer-overflow; it exploits applications by flooding the stack: memory-space where users externally input the data.

4. With the lack of boundary check, the program ends abnormally and leads to ___________ error.
a) logical
b) segmentation
c) compile-time
d) syntax

Answer: b
Clarification: In buffer-overflow, with the lack of boundary check, the program ends abnormally and leads to segmentation error or bus error. Sometimes the application on which the attack was done get stuck or hang and suddenly the app closes.

5. In an application that uses heap, the memory for data is allocated ____________
a) logical
b) dynamically
c) statically
d) at the beginning of the program

Answer: b
Clarification: In an application that uses the heap, memory utilized by the application is allocated dynamically at runtime. Access to such memories is comparatively slower than memories that use the stack.

6. In an application that uses stack, the memory for data is allocated ____________
a) logical
b) dynamically
c) statically
d) at the end of the program

Answer: c
Clarification: In application that uses heap, memory utilized by the application is allocated at the beginning of the function call and the memory get released at the end of a program. Accessing of values in the stack is very fast.

7. Malicious code can be pushed into the _________ during ______________ attack.
a) stack, buffer-overflow
b) queue, buffer-overflow
c) memory-card, buffer-overflow
d) external drive, buffer-overflow

Answer: a
Clarification: Malicious code can be pushed into the stack during the buffer-overflow attack. The overflow can be used to overwrite the return pointer so that the control-flow switches to the malicious code.

8. Variables that gets created dynamically when a function (such as malloc()) is called is created in the form of _______ data-structure.
a) array
b) queue
c) stack
d) heap

Answer: d
Clarification: Variables that gets created dynamically when a function (such as malloc()) is called is created in the form of heap data-structure. In heap-based overflow, the buffer is placed on the lower part of the heap, overwriting all dynamically generated variables.

9. How many primary ways are there for detecting buffer-overflow?
a) 6
b) 3
c) 2
d) 5

Answer: c
Clarification: There are two ways to detect buffer-overflow in an application. One way is to look into the code and check whether the boundary check has been properly incorporated or not. The other way is to make the executable build of the product, feed the application with a huge amount of data and check for abnormal behaviour.

10. Testing for buffer-overflow in a system can be done manually and has two possible ways.
a) True
b) False

Answer: a
Clarification: Testing for buffer-overflow in a system can be done manually, and has two possible ways. One way is to look into the code and check whether the boundary check has been properly incorporated or not. The other way is to make the executable build of the product, feed the application with a huge amount of data and check for abnormal behaviour.

Cyber Security Multiple Choice Questions on “Security Phases – Data Leakage and Prevention”.

1. _____________ is the illicit transmission of data from inside an organization or personal system to an external location or recipient.
a) Database hacking
b) Data leakage
c) Data cracking
d) Data revealing

Answer: b
Clarification: Data leakage is the illicit transmission of data from inside an organization or personal system to an external location or recipient. The phrase is used for describing data that is transferred electronically or even physically.

2. Data leakage threats do not usually occur from which of the following?
a) Web and email
b) Mobile data storage
c) USB drives and laptops
d) Television

Answer: d
Clarification: Data leakage threats are common from web and emails, mobile data storage devices such as internal or external storage and memory cards, from USB drives and laptops.

3. Data leakage is popularly known as ___________
a) data theft
b) data crack
c) low and slow data theft
d) slow data theft

Answer: c
Clarification: Data leakage is also known as ‘low and slow data theft’, which is a massive issue for data security & the damage caused to any firm is enormous. Every day there is at least one report of data theft that occurs worldwide.

4. There are __________ major types of data leakage.
a) 2
b) 3
c) 4
d) 5

Answer: b
Clarification: There are three major types of data leakage. These are – data breach by accident, data leak done by ill-intentioned employees and electronic communication with malicious intent.

5. “Unauthorized” data leakage doesn’t essentially mean intended or malicious.
a) True
b) False

Answer: a
Clarification: “Unauthorized” data leakage doesn’t essentially mean intended or malicious. It has been found that the majority of data leakage incidents are accidental but the loss occurred are severe.

6. Unintentional data leakage can still result in the same penalties and reputational damage.
a) True
b) False

Answer: a
Clarification: “Unintentional” data leakage doesn’t essentially mean intended or malicious. It has been found that the majority of data leakage incidents are accidental but it can still result in the same penalties and reputational damage.

7. When leakage of data is done purposely or because of the lack of employee’s concern toward confidential data is called ___________ done by employees of an organization.
a) Ill-intentional data leakage
b) Malfunctioned in database
c) A malfunction in online data
d) ill-intension of an outsider

Answer: a
Clarification: When leakage of data is done purposely or because of the lack of employee’s concern toward confidential data is called Ill-intentional data leakage done by employees of an organization.

8. Which of them is not an example of physical data leakage?
a) dumpster diving
b) shoulder surfing
c) printers and photocopiers
d) phishing

Answer: d
Clarification: Physical data leakage can be done intentionally by criminal-minded people who can fetch data from dumpster diving, shoulder surfing, data mentioned in printed papers or taken out of photocopiers.

Cyber Security Multiple Choice Questions on “Attack Vectors – Botnets”.

1. A ___________ consists of at least one bot server or controller and one or more client-bots.
a) Virus
b) Trojan
c) Botnet
d) Adware

Answer: c
Clarification: The botnet comprises one bot server or controller and one or more client-bots. Botnets are managed by bot-herders. They have become major threats to security as they are getting popular in the cyber-crime world.

2. Botnets are managed by ______________
a) Bot-holders
b) Bot-herders
c) Bot-trainers
d) Bot-creators

Answer: b
Clarification: A botnet consists of at least one bot server or controller and one or more client-bots. Botnets are managed by bot-herders. The exact term is bot herders.

3. A _____________ is a number of Internet-connected systems, where each of them is running one or more bots.
a) Trojan
b) Virus
c) Worms
d) Botnet

Answer: d
Clarification: A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets are managed by bot-herders. These botnets have become foremost threats to cyber-security.

4. _____________ are implemented to carry out distributed DDoS attacks, steal data, send spam messages & permits the hacker to access various devices & its connection.
a) Trojan
b) Virus
c) Botnet
d) Worms

Answer: c
Clarification: Botnets are implemented to carry out distributed DDoS attacks, steal data, send spam messages & permits the hacker to access various devices & its connection.

5. Botnets are not used for ______________
a) Perform DDoS
b) Steal bulk amount of sensitive data
c) Spamming
d) Encrypting for ransom

Answer: d
Clarification: Botnets usually are not used for encrypting files for ransom. Botnets are implemented to carry out distributed DDoS attacks, steal data, send spam messages & permits the hacker to access various devices & its connection.

6. The owner of botnets can control the botnet using ___________________ software.
a) trojans
b) command and control
c) servers
d) infected servers

Answer: b
Clarification: A botnet owner can govern and manage the botnet through command & programs. Botnets are implemented to carry out distributed DDoS attacks, steal data, send spam messages & permits the hacker to access various devices & its connection.

7. The full form of C&C is ____________
a) command and control
b) copy and cut
c) command and capture
d) copy and control

Answer: a
Clarification: The owner of botnets can control the botnet using command & control (C&C) software. Botnets are implemented to carry out distributed DDoS attacks, steal data, send spam messages & permits the hacker to access various devices & its connection.

8. The word “botnet” is a blend of the words _____________ & ___________
a) robot, network
b) rocket, network
c) bot, network
d) bot, internet

Answer: a
Clarification: The word “botnet” is a blend of the words robot & network. Botnets usually are not used for encrypting files for ransom. They are implemented to carry out distributed DDoS attacks, steal data, send spam messages and compromise various services & its connection.

9. Botnets are not the logical connection of which of the following?
a) Smart-phones
b) IoT devices
c) Computer systems
d) Modems

Answer: d
Clarification: Botnets are logical connections of smart-phones, IoT devices, computer systems etc. They are strong enough to carry out distributed denial of service attacks & permit hackers to access various devices & its connection.

10. Infected computers and other systems within the botnet are called __________
a) killers
b) vampires
c) zombies
d) gargoyles

Answer: c
Clarification: Attackers use the botnet for connecting of smart-phones, IoT devices, computer systems etc. These infected computers and other systems within the botnet connection are called zombies or zombie computers.

11. The bot program allows the bot-herders to perform all operations from a ___________ location.
a) local
b) open
c) corporate
d) remote

Answer: d
Clarification: Infected computers and other systems within the botnet are called zombies systems which are controlled by bot programs that allow the bot-herders to perform all operations from a remote location.

12. Nowadays, most botnets rely on existing _______________ networks for communication.
a) server-to-server
b) peer-to-peer
c) client-to-server
d) host-to-server

Answer: b
Clarification: Botnets are compromised connectivity of systems like smart-phones, IoT devices, computer systems etc. Now-a-days, most botnets rely on existing peer-to-peer networks for communication.

13. Which of the following is not an example of a botnet program?
a) Zeus
b) GameOver
c) ZeroAccess
d) MyDoom

Answer: d
Clarification: Examples of some popular botnets are gameover, ZeroAccess, and Zeus. The infect computers & other systems and turned them into zombies which are also called zombies systems.

14. Which of the following is an example of Botnet?
a) Zeus
b) ILOVEYOU
c) Storm Worm
d) MyDoom

Answer: a
Clarification: Botnets are can compromise any system and turn them into zombie computers. GameOver, Zeus etc. are examples of some popular botnets programs.

15. Which of the following is an example of a Botnet program?
a) Slammer
b) GameOver
c) Stuxnet
d) Anna Kournikova

Answer: b
Clarification: Botnets create logical connections with internet connected devices like smart-phones, IoT devices, computer systems etc. Examples of some popular botnets are GameOver, ZeroAccess, & Zeus.

Cyber Security Multiple Choice Questions on “Types of Cryptography”.

1. _________________ is the process or mechanism used for converting ordinary plain text into garbled non-human readable text & vice-versa.
a) Malware Analysis
b) Exploit writing
c) Reverse engineering
d) Cryptography

Answer: d
Clarification: Cryptography is the process or mechanism used for converting ordinary plain text into garbled non-human readable text & vice-versa. It is a means of storing & transmitting information in a specific format so that only those for whom it is planned can understand or process it.

2. ______________ is a means of storing & transmitting information in a specific format so that only those for whom it is planned can understand or process it.
a) Malware Analysis
b) Cryptography
c) Reverse engineering
d) Exploit writing

Answer: b
Clarification: Cryptography is a means of storing & transmitting information in a specific format so that only those for whom it is planned can understand or process it where “kryptos” means secret, “graphein” means to-write.

3. When plain text is converted to unreadable format, it is termed as _____________
a) rotten text
b) raw text
c) cipher-text
d) ciphen-text

Answer: c
Clarification: Cryptography helps in securing information in a specific format so that only intended users can understand or process it. When plain text is converted to the unreadable format, that type of text is termed as cipher-text.

4. Cryptographic algorithms are based on mathematical algorithms where these algorithms use ___________ for a secure transformation of data.
a) secret key
b) external programs
c) add-ons
d) secondary key

Answer: a
Clarification: When plain text is converted to unreadable format through some algorithms, that type of text is termed as cipher text. Cryptographic algorithms are based on mathematical algorithms where these algorithms use the secret key for a secure transformation of data.

5. Cryptography can be divided into ______ types.
a) 5
b) 4
c) 3
d) 2

Answer: d
Clarification: Cryptography can be divided into two types. These are classic cryptography & modern cryptography. Using these techniques, users can secure their information from illegitimate ones.

6. Data which is easily readable & understandable without any special algorithm or method is called _________________
a) cipher-text
b) plain text
c) raw text
d) encrypted text

Answer: b
Clarification: The means of storing or sending data in a specific format so that only intended users can process it is called cryptography. Data which is easily readable & understandable without any special algorithm or method is called plain text.

7. Plain text are also called _____________
a) cipher-text
b) raw text
c) clear-text
d) encrypted text

Answer: c
Clarification: Data which is easily readable & understandable without any special algorithm or method is called plain text or clear-text. This text is not secured and can be readable by anyone who is not even a legitimate user.

8. There are ________ types of cryptographic techniques used in general.
a) 2
b) 3
c) 4
d) 5

Answer: b
Clarification: There are three types of cryptographic techniques used in general. These are Symmetric Key cryptography, public key cryptography, and Hash functions based cryptography.

9. Conventional cryptography is also known as _____________ or symmetric-key encryption.
a) secret-key
b) public key
c) protected key
d) primary key

Answer: a
Clarification: The various cryptographic techniques are symmetric Key cryptography, public key cryptography, and Hash functions based cryptography. Conventional cryptography is also known as secret-key cryptography or symmetric-key encryption.

10. Data Encryption Standard is an example of a _____________ cryptosystem.
a) conventional
b) public key
c) hash key
d) asymmetric-key

Answer: a
Clarification: Conventional cryptography is also known as secret-key cryptography or symmetric-key encryption. Data Encryption Standard is an example of a conventional cryptosystem.

11. _______________ cryptography deals with traditional characters, i.e., letters & digits directly.
a) Modern
b) Classic
c) Asymmetric
d) Latest

Answer: b
Clarification: Cryptography can be divided into two types. These are classic cryptography & modern cryptography. Classic cryptography deals with traditional characters, i.e., letters & digits directly.

12. ____________ cryptography operates on binary-bit series and strings.
a) Modern
b) Classic
c) Traditional
d) Primitive

Answer: a
Clarification: Cryptography can be divided into two types. These are classic cryptography & modern cryptography. Modern cryptography operates on binary-bit series and strings.

13. __________ cryptography has always been focussing on the concept of ‘security through obscurity’.
a) Modern
b) Asymmetric
c) Classic
d) Latest

Answer: c
Clarification: Cryptography can be divided into two types. These are classic cryptography & modern cryptography. Classic cryptography deals with traditional characters, i.e., letters & digits directly. It is based on the concept of ‘security through obscurity’.

14. ________________ cryptography is based on publicly known mathematically designed algorithms to encrypt the information.
a) Modern
b) Classic
c) Traditional
d) Primitive

Answer: a
Clarification: There are 2 types of cryptography – classic cryptography & modern cryptography. Modern cryptography operates on binary-bit series and strings. It is based on publicly known mathematically designed algorithms to encrypt the information.

Cyber Security Multiple Choice Questions on “Information Security Technologies”.

1. _______ is the practice and precautions taken to protect valuable information from unauthorised access, recording, disclosure or destruction.
a) Network Security
b) Database Security
c) Information Security
d) Physical Security

Answer: c
Clarification: Information Security (abbreviated as InfoSec) is a process or set of processes used for protecting valuable information for alteration, destruction, deletion or disclosure by unauthorised users.

2. From the options below, which of them is not a threat to information security?
a) Disaster
b) Eavesdropping
c) Information leakage
d) Unchanged default password

Answer: d
Clarification: Disaster, eavesdropping and information leakage come under information security threats whereas not changing the default password of any system, hardware or any software comes under the category of vulnerabilities that the user may pose to its system.

3. From the options below, which of them is not a vulnerability to information security?
a) flood
b) without deleting data, disposal of storage media
c) unchanged default password
d) latest patches and updates not done

Answer: a
Clarification: Flood comes under natural disaster which is a threat to any information and not acts as a vulnerability to any system.

4. _____ platforms are used for safety and protection of information in the cloud.
a) Cloud workload protection platforms
b) Cloud security protocols
c) AWS
d) One Drive

Answer: a
Clarification: Nowadays data centres support workloads from different geographic locations across the globe through physical systems, virtual machines, servers, and clouds. Their security can be managed using Cloud workload protection platforms which manage policies regarding security of information irrespective of its location.

5. Which of the following information security technology is used for avoiding browser-based hacking?
a) Anti-malware in browsers
b) Remote browser access
c) Adware remover in browsers
d) Incognito mode in a browser

Answer: b
Clarification: Cyber-criminals target browsers for breaching information security. If a user establishes a remote browsing by isolating the browsing session of end user, cyber-criminals will not be able to infect the system along with browser with malware, ultimately reducing the attack surface area.

6. The full form of EDR is _______
a) Endpoint Detection and recovery
b) Early detection and response
c) Endpoint Detection and response
d) Endless Detection and Recovery

Answer: c
Clarification: It is a collective name for tools that monitor networks & endpoints of systems and record all the activities for further reporting, analysis & detection in a central database. Analyzing the reports generated through such EDR tools, loopholes in a system or any internal, as well as external breaching attempts can be detected.

7. _______ technology is used for analyzing and monitoring traffic in network and information flow.
a) Cloud access security brokers (CASBs)
b) Managed detection and response (MDR)
c) Network Security Firewall
d) Network traffic analysis (NTA)

Answer: d
Clarification: Network traffic analysis (NTA) is an approach of information security for supervising the traffic in any network, a flow of data over the network as well as malicious threats that are trying to breach the network. This technological solution also helps in triage the events detected by Network Traffic Analysing tools.

8. Compromising confidential information comes under _________
a) Bug
b) Threat
c) Vulnerability
d) Attack

Answer: b
Clarification: Threats are anything that may cause damage or harm to a computer system, individual or any information. Compromising of confidential information means extracting out sensitive data from a system by illegal manner.

9. Lack of access control policy is a _____________
a) Bug
b) Threat
c) Vulnerability
d) Attack

Answer: c
Clarification: Access control policies are incorporated to a security system for restricting of unauthorised access to any logical or physical system. Every security compliance program must need this as a fundamental component. Those systems which lack this feature is vulnerable.

10. Possible threat to any information cannot be ________________
a) reduced
b) transferred
c) protected
d) ignored

Answer: d
Clarification: When there lies a threat to any system, safeguards can be implemented, outsourced, distributed or transferred to some other system, protected using security tools and techniques but cannot be ignored.