Category: Cyber Security Objective Questions

Cyber Security Interview Questions and Answers for freshers on “Hacking Terminologies”.

1. _________ are a specific section of any virus or malware that performs illicit activities in a system.
a) Malicious programs
b) Worms
c) Spyware
d) Payload

Answer: d
Clarification: Payloads are parts of a virus that helps in performing malicious activities such as destroying information, blocking network traffic, compromising data, steal and spy for sensitive information.

2. ____________ is a scenario when information is accessed without authorization.
a) Data infiltration
b) Data Hack
c) Information compromise
d) Data Breach

Answer: d
Clarification: Data breach is the term used when the cyber-security incident takes place where sensitive information is accessed without authority.

3. ____________ is an attempt to steal, spy, damage or destroy computer systems, networks or their associated information.
a) Cyber-security
b) Cyber attack
c) Digital hacking
d) Computer security

Answer: b
Clarification: Cyber attack can be defined as an attempt to steal, spy, damage or destroy different components of cyberspace such as computer systems, associated peripherals, network systems, and information.

4. ___________ is a device which secretly collects data from credit / debit cards.
a) Card Skimmer
b) Data Stealer
c) Card Copier
d) Card cloner

Answer: a
Clarification: Card skimmer is hardware that is installed and setup in ATMs secretly so that when any user will swipe or insert their card in the ATM, the skimmer will fetch all information from the magnetic strip.

5. _____________ is a technique used when artificial clicks are made which increases revenue because of pay-per-click.
a) Clickjacking
b) Clickfraud
c) Keylogging
d) Click-hacking

Answer: b
Clarification: Clickfraud is an attack technique used when artificial clicks get generated to increase the revenue in ad-campaigns online.

6. __________ is the practice implemented to spy someone using technology for gathering sensitive information.
a) Cyber espionage
b) Cyber-spy
c) Digital Spying
d) Spyware

Answer: a
Clarification: Cyber espionage is a practice done by both ethical and non-ethical hackers to spy on others for gathering confidential information.

7. ____________ is the way or technique through which majority of the malware gets installed in our system.
a) Drive-by click
b) Drive-by redirection
c) Drive-by download
d) Drive-by injecting USB devices

Answer: c
Clarification: An accidental yet dangerous action that takes place in the cyberspace which helps attackers place their malware into the victim’s system. This technique is called Drive-by download.

8. ______ is the term used for toolkits that are purchased and used for targeting different exploits.
a) Exploit bag
b) Exploit set
c) Exploit Toolkit
d) Exploit pack

Answer: d
Clarification: Exploit pack or Exploit kit is the term used for toolkits that are purchased and used for targeting different exploits.

9. Identity theft is the term used when a cyber-thief uses anybody’s personal information to impersonate the victim for their benefit.
a) True
b) False

Answer: a
Clarification: Identity theft is the term used when a cyber-thief uses anybody’s personal information to impersonate the victim for their benefit. In this type of cyber-crime, information like social security number, personal details, and images, hobbies and passion details, driving license number and address details are compromised.

10. _________ is the hacking approach where cyber-criminals design fake websites or pages for tricking or gaining additional traffic.
a) Cyber-replication
b) Mimicking
c) Website-Duplication
d) Pharming

Answer: a
Clarification: The technique and approach through which cyber-crooks develop fake web pages and sites to trick people for gaining personal details such as login ID and password as well as personal information, is known as pharming.

11. RAM-Scraping is a special kind of malware that looks (scrape) for sensitive data in the hard drive.
a) True
b) False

Answer: a
Clarification: It is a special kind of malware that looks for sensitive data that you’ve stored in your hard drive. RAM-scraping is one of those kinds.

12. When you book online tickets by swiping your card, the details of the card gets stored in ______
a) database system
b) point-of-sale system
c) servers
d) hard drives

Answer: b
Clarification: The point-of-sale system is a system where the retailer or company stores financial records and card details of the e-commerce system or online business transactions.

13. Point-of-sale intrusion does not deal with financial details and credit card information.
a) True
b) False

Answer: b
Clarification: Point-of-sale intrusion is an attack that deals with financial details and credit card information, where the payment system of the company or retailer is compromised and left with customer’s financial information at risk.

14. _______ are deadly exploits where the vulnerability is known and found by cyber-criminals but not known and fixed by the owner of that application or company.
a) Unknown attacks
b) Secret attacks
c) Elite exploits
d) Zero-day exploits

Answer: d
Clarification: Zero-day exploits are used to attack a system as soon as cyber-criminals came to know about the weakness or the day the weaknesses are discovered in a system. Hackers exploit these types of vulnerabilities before the creator releases the patch or fix the issue.

15. Zero-day exploits are also called __________
a) zero-day attacks
b) hidden attacks
c) un-patched attacks
d) un-fixed exploits

Answer: a
Clarification: Zero-day exploits are also called zero-day attacks where the vulnerability is known and found by cyber-criminals or ethical hackers but not known and fixed by the creator/owner of that application or company.

Cyber Security MCQs on “Popular Tools used in Security”.

1. _________ framework made cracking of vulnerabilities easy like point and click.
a) .Net
b) Metasploit
c) Zeus
d) Ettercap

Answer: b
Clarification: In the year 2003, the Metasploit framework was released which made finding and cracking of vulnerabilities easy and is used by both white as well as black hat hackers.

2. Nmap is abbreviated as Network Mapper.
a) True
b) False

Answer: a
Clarification: Network Mapper (Nmap) is a popular open-source tool used for discovering network as well as security auditing. It can be used for either a single host network or large networks.

3. __________ is a popular tool used for discovering networks as well as in security auditing.
a) Ettercap
b) Metasploit
c) Nmap
d) Burp Suit

Answer: c
Clarification: Network Mapper (Nmap) is a popular open-source tool used for discovering network as well as security auditing. It can be used for either a single host network or large networks.

4. Which of this Nmap do not check?
a) services different hosts are offering
b) on what OS they are running
c) what kind of firewall is in use
d) what type of antivirus is in use

Answer: d
Clarification: Network Mapper (Nmap) is a popular open-source tool used for discovering network as well as security auditing. It usually checks for different services used by the host, what operating system it is running and the type of firewall it is using.

5. Which of the following deals with network intrusion detection and real-time traffic analysis?
a) John the Ripper
b) L0phtCrack
c) Snort
d) Nessus

Answer: c
Clarification: Snort is a network intrusion detecting application that deals with real-time traffic analysis. As the rules are set and kept updated, they help in matching patterns against known patterns and protect your network.

6. Wireshark is a ____________ tool.
a) network protocol analysis
b) network connection security
c) connection analysis
d) defending malicious packet-filtering

Answer: a
Clarification: Wireshark is popular standardized network protocol analysis tools that allow in-depth check and analysis of packets from different protocols used by the system.

7. Which of the below-mentioned tool is used for Wi-Fi hacking?
a) Wireshark
b) Nessus
c) Aircrack-ng
d) Snort

Answer: c
Clarification: Weak wireless encryption protocols get easily cracked using Aircrack WPA and Aircrack WEP attacks that comes with Aircrack-ng tool. Its packet sniffing feature keeps track of all its traffic without making any attack.

8. Aircrack-ng is used for ____________
a) Firewall bypassing
b) Wi-Fi attacks
c) Packet filtering
d) System password cracking

Answer: b
Clarification: Weak wireless encryption protocols get easily cracked using Aircrack WPA and Aircrack WEP. Its packet sniffing feature keeps track of all its traffic without making any attack.

9. _____________ is a popular IP address and port scanner.
a) Cain and Abel
b) Snort
c) Angry IP Scanner
d) Ettercap

Answer: c
Clarification: Angry IP scanner is a light-weight, cross-platform IP and port scanning tool that scans a range of IP. It uses the concept of multithreading for making fast efficient scanning.

10. _______________ is a popular tool used for network analysis in multiprotocol diverse network.
a) Snort
b) SuperScan
c) Burp Suit
d) EtterPeak

Answer: d
Clarification: EtterPeak is a network analysis tool that can be used for multiprotocol heterogeneous networking architecture. It can help in sniffing packets of network traffic.

11. ____________ scans TCP ports and resolves different hostnames.
a) SuperScan
b) Snort
c) Ettercap
d) QualysGuard

Answer: a
Clarification: SuperScan has a very nice user-friendly interface and it is used for scanning TCP ports as well as resolve hostnames. It is popularly used for scanning ports from a given range of IP.

12. ___________ is a web application assessment security tool.
a) LC4
b) WebInspect
c) Ettercap
d) QualysGuard

Answer: b
Clarification: WebInspect is a popular web application security tool used for identifying known vulnerabilities residing in web-application layer. It also helps in penetration testing of web servers.

13. Which of the following attack-based checks WebInspect cannot do?
a) cross-site scripting
b) directory traversal
c) parameter injection
d) injecting shell code

Answer: d
Clarification: WebInspect can check whether a web server is properly configured or not by attempting for common attacks such as Cross-site scripting, directory traversal, and parameter injection. But it cannot inject malicious shell code in the server.

14. ________ is a password recovery and auditing tool.
a) LC3
b) LC4
c) Network Stumbler
d) Maltego

Answer: b
Clarification: LC4 which was previously known as L0phtCrack is a password auditing and recovery tool; used for testing strength of a password and also helps in recovering lost Microsoft Windows passwords.

15. L0phtCrack is formerly known as LC3.
a) True
b) False

Answer: b
Clarification: L0phtCrack is now commonly known as LC4 is a password auditing and recovery tool; used for testing strength of a password and also helps in recovering lost Microsoft Windows passwords.

Cyber Security Multiple Choice Questions on “Password Cracking and Security Measures”.

1. System hacking involves password hacking as one of the major hacking methodologies.
a) True
b) False

Answer: a
Clarification: System hacking, which is of four types involves password hacking as one of the major hacking methodologies. It is used to crack the security of a system and gain access for stealing data.

2. Password cracking in system hacking is of ________ types.
a) 2
b) 3
c) 4
d) 5

Answer: c
Clarification: System hacking involves password hacking as one of the major hacking methodologies. It is of 4 types. These are passive online attack, active online attack, offline attack, and non-electronic attack.

3. There are ________ major types of passwords.
a) 4
b) 5
c) 6
d) 7

Answer: d
Clarification: There are seven major types of passwords. These are a password containing only letters, a password containing only number, a password containing only special characters, a password containing only alpha-numeric characters, a password containing letters, numbers as well as special symbols or password containing any two combinations of the three.

4. In _______________ attacks an attacker do not contact with authorizing party for stealing password.
a) passive online
b) active online
c) offline
d) non-electronic

Answer: a
Clarification: In passive online attacks, the attacker do not contact with an authorized party to steal the password, rather the attacker attempts to grab password hacking without communicating with the victim or his/her victim account.

5. Which of the following is an example of passive online attack?
a) Phishing
b) Social Engineering
c) Spamming
d) Wire sniffing

Answer: d
Clarification: Attacker do not contact with an authorized party to steal the password in the passive online attack, rather the attacker attempts to grab password hacking without communicating with the victim or his/her victim account. Examples of passive online attacks include wire sniffing, Man in the middle attack and reply attack.

6. Which of the following is not an example of a passive online attack?
a) MiTM
b) Reply Attack
c) Phishing
d) Wire sniffing

Answer: c
Clarification: Phishing is not an example of a passive online attack. In passive online attacks, the attacker does not contact with an authorized party to steal the password. Types of passive online attacks include wire sniffing, Man in the middle attack and reply attack.

7. Which of the following do not comes under hurdles of passive online attack for hackers?
a) Hard to perpetrate
b) Computationally complex
c) Time taking, so patience has to be there
d) Tools not available

Answer: d
Clarification: Tools for doing a passive offline attack on passwords is widely available so it doesn’t come under disadvantage or hurdles of passive offline attack. But passive offline attacks are computationally complex, hard to perpetrate and may take time.

8. Which of the following case comes under victims’ list of an active online attack?
a) Strong password based accounts
b) Unsecured HTTP users
c) Open authentication points
d) Logged in systems and services

Answer: c
Clarification: Systems with bad or weak passwords & with open authentication points often becomes the victim of an active online attack where the attacker directly tries different passwords 1-by-1 against victim’s system/account.

9. In _______________ password grabbing attack the attacker directly tries different passwords 1-by-1 against victim’s system/account.
a) passive online
b) active online
c) offline attack
d) non-electronic

Answer: b
Clarification: Users with open authentication points and bad or weak passwords often becomes the victim of an active online attack where the attacker directly tries different passwords 1-by-1 against victim’s system/account.

10. Which of them is not a disadvantage of active online attack?
a) Takes a long time
b) Easily and automatically detected
c) Need high network bandwidth
d) Need the patience to crack

Answer: b
Clarification: In an active online attack, the attacker directly tries different passwords 1-by-1 against victim’s system/account. It has some disadvantages as it takes a long time, hence a lot of patience & high network bandwidth also.

11. _________________ can be alternatively termed as password guessing attack.
a) passive online
b) active online
c) offline attack
d) non-electronic

Answer: b
Clarification: Users with open authentication points and bad or weak passwords often becomes the victim of the active online attack. It is alternatively termed as password guessing attack where the attacker directly tries different passwords 1-by-1 against victim’s system/account.

12. ________________ attacks are carried out from a location other than the real computer where the password reside or was used.
a) passive online
b) active online
c) offline password
d) non-electronic

Answer: c
Clarification: For this cyber-criminal needs to have physical access to the system and so offline password attacks are carried out from a location other than the real computer where the password reside or was used. They are common examples of physical data breaching & hacking.

13. _______________ attacks always need physical access to the system that is having password file or the hacker needs to crack the system by other means.
a) online
b) offline
c) password
d) non-electronic

Answer: b
Clarification: Offline password attacks are carried out from a location other than the real computer where the password resides or was used. They need physical access to the system that is having a password file or the hacker needs to crack the system by other means.

14. Which of the following is not an example of offline password attack?
a) Dictionary attack
b) Rainbow attacks
c) Brute force attack
d) Spamming attack

Answer: d
Clarification: The offline attack needs physical access to the system that is having a password file or the hacker needs to crack the system by other means. A dictionary attack, rainbow, and brute force come under offline attack.

15. Passwords need to be kept encrypted to protect from such offline attacks.
a) True
b) False

Answer: a
Clarification: Physical access is needed in offline attack to the system that is having a password file or the hacker needs to crack the system by other means. Hence, even if hackers gain physical access to the system, if the passwords are in the encrypted mode, it will be almost impossible to steal passwords.

Cyber Security Multiple Choice Questions on “Attack Vectors – Adwares”.

1. _____________ are unwanted software intended to pitch advertisements upon the user’s screen, most often within a web browser.
a) Shareware
b) Adware
c) Bloatware
d) Ransomware

Answer: b
Clarification: Adwares are unwanted software intended to pitch advertisements upon the user’s screen, most often within a web browser. Sometimes, hackers embed malware along with it to compromise systems. So, security professionals treat it as modern-day PUP (potentially unwanted programs).

2. PUP is abbreviated as ____________
a) Potentially Useless Programs
b) Potentially Unwanted Protocols
c) Potentially Unwanted Programs
d) Partial Unwanted Programs

Answer: c
Clarification: Adwares are designed to pitch advertisements upon user’s screen, most often within a web browser. So, security professionals treat it as modern-day PUP (potentially unwanted programs).

3. Users might invite some bogus virus in his/her system by clicking the ____________
a) Shareware
b) Spyware
c) URL
d) Adware

Answer: d
Clarification: The unwanted software used to pitch ads on the user’s screen is the adware, displayed most often within a web browser. Users might invite some bogus virus in his/her system by clicking the adware.

4. Which among the following is not an abnormal symptom found once you click any malicious adware?
a) Automatic opening of new tabs in the browser
b) Automatic updates of antivirus
c) Changes in home page
d) Popping up of new Search engines on your browser

Answer: b
Clarification: Some abnormal symptom found once you click any malicious adware are the automatic opening of new tabs in the browser, changes in a home page, popping up of new Search engines on your browser etc.

5. Once _____________ hijacks your system, it might perform different sorts of unwanted tasks.
a) Server hacking
b) Banner grabbing
c) Cracking
d) Hijacking

Answer: d
Clarification: Once adware hijacks your system, it might perform different kinds of superfluous tasks. The adware’s functions may be intended to analyze a victim’s location & what different Internet sites he/she is visiting.

6. Creators of _____________ also sell your browsing behaviour & information to 3^rd parties.
a) Shareware
b) Spyware
c) URL
d) Adware

Answer: d
Clarification: The adware’s functions may be intended to analyze a victim’s location & what different Internet sites he/she is visiting. Creators of adware also sell your browsing behaviour & information to 3^rd parties.

7. Modern ____________ can even use it to target users with additional advertisements that are customized to the browsing habits.
a) smart shareware
b) smart adware
c) smart bloatware
d) smart spyware

Answer: b
Clarification: Creators of adware also sell your browsing behaviour & information to 3^rd parties. Modern smart adware can even use it to target users with additional advertisements that are customized to browsing habits.

8. Creators of adware also sell your browsing behaviour & information to 3^rd parties.
a) True
b) False

Answer: a
Clarification: The adware’s functions may be intended to analyze the victim’s location & what different Internet sites he/she is visiting. Creators of adware also sell your browsing behaviour & information to 3^rd parties.

9. Which among the following is not a symptom of your system compromised with adware?
a) Website links redirect to sites unlike from what user is intended
b) Web browser acts slows to a crawl
c) System takes restarts frequently
d) The browser might crash frequently

Answer: c
Clarification: When adware hijacks your system, various kinds of unessential tasks keep on happening. Website links redirect to sites unlike from what user is intended, web browser acts slows to a crawl, the browser might crash frequently etc are some of the symptoms of adware infected system.

10. Malicious adware may sneak into your system by __________ different ways.
a) five
b) four
c) three
d) two

Answer: d
Clarification: Malicious adware may sneak into your system in 2 different ways. 1^st, if you download and install a program that is freeware or shareware, it might install some other programs and ads –popping applications. 2^nd, through insidious – websites containing adware.

11. Which of the following term is not a valid terminology and type of adware?
a) Mobile adware
b) Mac Adware
c) Smart-home adware
d) Windows adware

Answer: c
Clarification: Website links redirect to sites unlike from what the user is intended, web browser acts slows to a crawl, the browser might crash frequently etc are some of the symptoms of adware infected system. These are mobile/android adware, Mac and Windows adware etc.

12. Adware will not come to your system if you are using Chrome.
a) True
b) False

Answer: b
Clarification: As adware hijacks your system, various kinds of unessential tasks keep occurring. Adware may come and junk up your system through any browser, whether it is Firefox, Chrome, Opera or Edge.

Cyber Security Multiple Choice Questions on “Ports and Its Types”.

1. There are ______ major types of ports in computers.
a) 1
b) 2
c) 3
d) 4

Answer: b
Clarification: There are 2 major types of ports in computer systems. These are physical ports and logical ports.

2. PS2 and DVI are examples of Logical ports.
a) True
b) False

Answer: b
Clarification: PS2 and DVI are examples of physical ports. Physical ports can be touched and seen with our naked eyes.

3. Physical ports are usually referred to as ___________
a) jacks
b) cables
c) interfaces
d) hardware plugs

Answer: c
Clarification: Physical ports are connections that connect two systems for their interactions. LAN, PS2 and DVI are examples of physical ports.

4. ____________ are logical numbers assigned for logical connections.
a) Logical ports
b) Physical ports
c) Networking cables
d) IP address

Answer: a
Clarification: Logical ports are end-point to a logical connection. The numbers are pre-assigned by IANA (Internet Assigned Numbers Authority) which ranges from 0 – 65536.

5. Number of logical ports ranges from _____ to _____
a) 0, 255
b) 1, 65535
c) 1, 65536
d) 0, 65536

Answer: d
Clarification: The numbers are pre-assigned by IANA (Internet Assigned Numbers Authority) which ranges from 0 – 65536. All the used protocols are assigned with a unique port number.

6. Logical ports are also known as ________________
a) numbered ports
b) virtual numbering
c) virtual ports
d) network protocol ports

Answer: c
Clarification: Logical ports are also known as virtual ports which are part of TCP/IP networking. The numbers of ports are pre-assigned by IANA (Internet Assigned Numbers Authority) which ranges from 0 – 65536.

7. Virtual ports help software in sharing without interference all hardware resources.
a) True
b) False

Answer: a
Clarification: Virtual ports also known as logical ports helps different applications in sharing without the interference of all hardware resources. The network traffic is automatically managed by routers using these ports.

8. ________ needs some control for data flow on each and every logical port.
a) Antivirus
b) Network firewall
c) Intrusion Detection Systems (IDS)
d) Anti-malware

Answer: b
Clarification: For security reason, there is some additional control provided by the network firewall over data traffic going through each logical ports.

9. The logical port is associated with the type of protocol used along with the IP address of the host.
a) True
b) False

Answer: a
Clarification: During a communication, the logical port is ass associated with the type of protocol used along with the IP address of the host. The numbers logical ports are pre-assigned by IANA (Internet Assigned Numbers Authority) which ranges from 0 – 65536.

10. Which of the following is the port number for FTP data?
a) 20
b) 21
c) 22
d) 23

Answer: a
Clarification: Port number 20 is the logical port number for FTP data service. FTP protocol is a standard protocol used for transmitting and receiving files from client to server through a network.

11. Which of the following is the port number for FTP control?
a) 20
b) 21
c) 22
d) 23

Answer: b
Clarification: Port number 21 is the logical port number for FTP control service. FTP protocol is a standard protocol used for transmitting and receiving files from client to server through a network.

12. Which of the following is the port number for SSH (Secure Shell)?
a) 20
b) 21
c) 22
d) 23

Answer: c
Clarification: Port number 22 is the logical port number for Secure Shell service. SSH gives users (specifically system administrators), a way to securely access computers on unsecured network connectivity.

13. Which of the following is the port number for Telnet?
a) 20
b) 21
c) 22
d) 23

Answer: d
Clarification: Port number 23 is the logical port number for Telnet. Telnet is used for bi-directional communication over the internet in text-oriented format. It also gives virtual terminal connectivity.

Cyber Security Multiple Choice Questions on “Bugs and Vulnerabilities”.

1. ___________ is a weakness that can be exploited by attackers.
a) System with Virus
b) System without firewall
c) System with vulnerabilities
d) System with a strong password

Answer: c
Clarification: In cyber-security, a system having vulnerabilities is defined as the weakness in a system that can be exploited by cyber-criminals and attackers for their own benefit. For this, they use special tools and techniques in order to crack into the system through the vulnerabilities.

2. _________ is the sum of all the possible points in software or system where unauthorized users can enter as well as extract data from the system.
a) Attack vector
b) Attack surface
c) Attack point
d) Attack arena

Answer: b
Clarification: Attack surface can be defined as the sum of all the possible points in software or system where unauthorized users can enter as well as extract data from the system. More the security, lesser is the attack surface.

3. ____________ is the cyclic practice for identifying & classifying and then solving the vulnerabilities in a system.
a) Bug protection
b) Bug bounty
c) Vulnerability measurement
d) Vulnerability management

Answer: d
Clarification: Vulnerability management is a cyclic process for identifying & classifying and then solving the vulnerabilities in a system. This term is generally used in software vulnerability detection and resolving process.

4. Risk and vulnerabilities are the same things.
a) True
b) False

Answer: b
Clarification: Risk and vulnerability cannot be used interchangeably. Risk can be defined as the potential of an impact that can grow from exploiting the vulnerability. There is some vulnerability that doesn’t possess risk, known as “Vulnerabilities without risk”.

5. _____________ is a special type of vulnerability that doesn’t possess risk.
a) Vulnerabilities without risk
b) Vulnerabilities without attacker
c) Vulnerabilities without action
d) Vulnerabilities no one knows

Answer: a
Clarification: Vulnerabilities is defined as the weakness in a system that can be exploited by cyber-criminals and attackers. Risk can be defined as the potential of an impact that can grow from exploiting the vulnerability. There is some vulnerability that doesn’t possess risk, known as “Vulnerabilities without risk”.

6. A/An __________ is a piece of software or a segment of command that usually take advantage of a bug to cause unintended actions and behaviors.
a) malware
b) trojan
c) worms
d) exploit

Answer: d
Clarification: An exploit is a piece of software or a segment of command that usually take advantage of a bug to cause unintended actions and behaviors. Using exploits, attackers can gain access in a system or allow privilege escalation also.

7. There are ________ types of exploit.
a) 3
b) 2
c) 5
d) 4

Answer: b
Clarification: Exploits can be categorized based on various criteria. But the most prominent categorization is done by how exploits communicate with vulnerable software. These are categorized as local exploits and remote exploits.

8. Remote exploits is that type of exploits acts over any network to exploit on security vulnerability.
a) True
b) False

Answer: a
Clarification: Remote exploits is that type of exploits which uses internet for exploiting on security vulnerability without gaining any prior access to the target system.

9. ________ type of exploit requires accessing to any vulnerable system for enhancing privilege for an attacker to run the exploit.
a) Local exploits
b) Remote exploits
c) System exploits
d) Network exploits

Answer: a
Clarification: Local exploits are those type of exploit requires accessing to any vulnerable system for enhancing privilege for an attacker to run the exploit. They’ve to pass through granted system administration in order to harm the system.

10. ___________ is a technique used by penetration testers to compromise any system within a network for targeting other systems.
a) Exploiting
b) Cracking
c) Hacking
d) Pivoting

Answer: d
Clarification: Pivoting is a technique used by penetration testers to compromise any system within a network for targeting other systems. They test systems within the same network for vulnerabilities using this technique.

11. A _________ is a software bug that attackers can take advantage to gain unauthorized access in a system.
a) System error
b) Bugged system
c) Security bug
d) System virus

Answer: c
Clarification: A security bug is a software bug that attackers can take advantage to gain unauthorized access in a system. They can harm all legitimate users, compromise data confidentiality and integrity.

12. Security bugs are also known as _______
a) security defect
b) security problems
c) system defect
d) software error

Answer: a
Clarification: A security bug also known as security defect is a software bug that attackers can take advantage to gain unauthorized access in a system. They can harm legitimate users, compromise data confidentiality and integrity.

13. __________ is the timeframe from when the loophole in security was introduced till the time when the bug was fixed.
a) Time-frame of vulnerability
b) Window of vulnerability
c) Time-lap of vulnerability
d) Entry-door of vulnerability

Answer: b
Clarification: Window of vulnerability is the timeframe from when the loophole in security was introduced or released till the time when the bug was fixed, or the illicit access was removed or the attacker was disabled.

14. ISMS is abbreviated as __________
a) Information Server Management System
b) Information Security Management Software
c) Internet Server Management System
d) Information Security Management System

Answer: d
Clarification: ISMS (Information Security Management System) is a set of policies concerning various information security management. ISMS (Information Security Management System) was developed for managing risk management principles and countermeasures for ensuring security through rules and regulations.

15. A zero-day vulnerability is a type of vulnerability unknown to the creator or vendor of the system or software.
a) True
b) False

Answer: a
Clarification: Zero-day vulnerability is a type of vulnerability unknown to the creator or vendor of the system or software. Until such bugs get fixed, hackers take advantage of these vulnerabilities to exploit the system.