Category: Cyber Security Objective Questions

Cyber Security Multiple Choice Questions & Answers on “Network Models – OSI Model Security”.

1. Which of the following is not a transport layer vulnerability?
a) Mishandling of undefined, poorly defined
b) The Vulnerability that allows “fingerprinting” & other enumeration of host information
c) Overloading of transport-layer mechanisms
d) Unauthorized network access

Answer: d
Clarification: The different vulnerabilities of the Transport layer are mishandling of undefined, poorly defined, Vulnerability that allow “fingerprinting” & other enumeration of host information, Overloading of transport-layer mechanisms etc. Unauthorized network access is an example of physical layer vulnerability.

2. Which of the following is not session layer vulnerability?
a) Mishandling of undefined, poorly defined
b) Spoofing and hijacking of data based on failed authentication attempts
c) Passing of session-credentials allowing intercept and unauthorized use
d) Weak or non-existent authentication mechanisms

Answer: a
Clarification: Vulnerabilities of session layer of the OSI model are spoofing and hijacking of data based on failed authentication attempts, weak or non-existent authentication mechanisms, and the passing of session-credentials allowing intercept and unauthorized use.

3. Failed sessions allow brute-force attacks on access credentials. This type of attacks are done in which layer of the OSI model?
a) Physical layer
b) Data-link Layer
c) Session layer
d) Presentation layer

Answer: c
Clarification: Session identification may be subject to spoofing may lead to data leakage which depends on failed authentication attempts and allow hackers to allow brute-force attacks on access credentials.

4. Transmission mechanisms can be subject to spoofing & attacks based on skilled modified packets.
a) True
b) False

Answer: a
Clarification: Transmission mechanisms can be subject to spoofing & attacks based on skilled modified packets. This type of attacks is done in the transport layer of the OSI model.

5. Which of the following is not an example of presentation layer issues?
a) Poor handling of unexpected input can lead to the execution of arbitrary instructions
b) Unintentional or ill-directed use of superficially supplied input
c) Cryptographic flaws in the system may get exploited to evade privacy
d) Weak or non-existent authentication mechanisms

Answer: d
Clarification: Cryptographic flaws may be exploited to circumvent privacy, unintentional or ill-directed use of superficially supplied input, and poor handling of unexpected input are examples of presentation layer flaws.

6. Which of the following is not a vulnerability of the application layer?
a) Application design bugs may bypass security controls
b) Inadequate security controls force “all-or-nothing” approach
c) Logical bugs in programs may be by chance or on purpose be used for crashing programs
d) Overloading of transport-layer mechanisms

Answer: d
Clarification: Application design flaws may bypass security controls, inadequate security controls as well as logical bugs in programs may be by chance or on purpose be used for crashing programs. These all are part of application layer vulnerability.

7. Which of the following is an example of Transport layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) poor handling of unexpected input
d) highly complex application security controls

Answer: b
Clarification: Overloading of transport-layer mechanisms is an example of transport layer vulnerability. Other examples of Transport layer vulnerability are mishandling of undefined, poorly defined, Vulnerability that allows “fingerprinting” & other enumeration of host information.

8. Which of the following is an example of session layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) poor handling of unexpected input
d) highly complex application security controls

Answer: a
Clarification: Weak or non-existent mechanisms for authentication is an example of session layer vulnerability. Other examples are spoofing and the hijacking of data based on failed-authentication attempts & passing of session-credentials allowing intercept and unauthorized use.

9. Which of the following is an example of presentation layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) highly complex application security controls
d) poor handling of unexpected input

Answer: d
Clarification: Poor handling of unexpected input is an example of presentation layer vulnerability. Cryptographic flaws may be exploited to circumvent privacy, unintentional use of superficially supplied input are some other examples of presentation layer vulnerability.

10. Which of the following is an example of application layer vulnerability?
a) Cryptographic flaws lead to the privacy issue
b) Very complex application security controls
c) MAC Address Spoofing
d) Weak or non-existent authentication

Answer: b
Clarification: Very complex application security controls can be an example of application layer vulnerability. Inadequate security controls, as well as logical bugs in programs, are some other examples of such type.

Cyber Security Multiple Choice Questions on “Attack Vectors – Trojans and Backdoors”.

1. A ___________ is a small malicious program that runs hidden on infected system.
a) Virus
b) Trojan
c) Shareware
d) Adware

Answer: b
Clarification: A Trojan is a small malicious program that runs hidden on the infected system. They are created with the intent and they infected the system by misleading the user. It works in the background and steals sensitive data.

2. ____________ works in background and steals sensitive data.
a) Virus
b) Shareware
c) Trojan
d) Adware

Answer: c
Clarification: Trojans are malicious files designed to work hidden on the infected system. They are intended to infect the system by misleading the user. It works in the background and steals sensitive information about the target user.

3. By gaining access to the Trojaned system the attacker can stage different types of attack using that ____________ program running in the background.
a) Trojan
b) Virus
c) Antivirus
d) Anti-malware

Answer: a
Clarification: By gaining access to the Trojaned system the attacker can stage different types of attack using that Trojan program running in the background when the infected user’s system goes online.

4. Trojan creators do not look for _______________
a) Credit card information
b) Confidential data
c) Important documents
d) Securing systems with such programs

Answer: d
Clarification: Trojan creators do not look for securing victim’s system with their programs, rather they create such trojans for stealing credit card and financial details as well as important documents and files.

5. Which of them is not a proper way of getting into the system?
a) IM
b) Attachments
c) Official product sites
d) Un-trusted sites, freeware and pirated software

Answer: c
Clarification: Official product sites such as Microsoft’s site giving the option for downloading their updates and OS won’t contain any Trojans. Other than that Trojans can access your system by email attachments, Instant Messaging apps, un-trusted sites & links.

6. Which of the following port is not used by Trojans?
a) UDP
b) TCP
c) SMTP
d) MP

Answer: d
Clarification: MP is not a valid port name and does not have any port number also. But usually, Trojans likeBack Orifice, Deep Throat use UDP port; Trojans like Netbus, Master Paradise uses TCP & SMTP port to gain access to a system.

7. Trojans do not do one of the following. What is that?
a) Deleting Data
b) Protecting Data
c) Modifying Data
d) Copying Data

Answer: b
Clarification: Trojans perform malicious actions and operations. These are to modify data, copy data to its creator, delete data from the infected system or blocking data by carrying ransomware or other malicious programs along with it.

8. Some Trojans carry ransomware with them to encrypt the data and ask for ransom.
a) True
b) False

Answer: a
Clarification: Trojans are usually created to carry out the following actions like: modify data, copy data to its creator, delete data from the infected system or blocking data by carrying ransomware embedded in it.

9. Once activated __________ can enable ____________to spy on the victim, steal their sensitive information & gain backdoor access to the system.
a) virus, cyber-criminals
b) malware, penetration testers
c) trojans, cyber-criminals
d) virus, penetration testers

Answer: c
Clarification: Once activated, trojans can enable cyber-criminals to spy on the victim, steal their sensitive information & gain backdoor access to the system.

10. Trojans can not ______________
a) steal data
b) self-replicate
c) steal financial information
d) steal login credentials

Answer: b
Clarification: A Trojan is a malicious program that runs hidden on the infected system. They are developed with the intent and they infected the system by misleading the user. It works behind the system and steals sensitive data but cannot self-replicate.

11. A _______________ provides malicious users remote control over the targeted computer.
a) DDoS-Trojan
b) Backdoor Trojan
c) Trojan-Banker
d) Trojan-Downloader

Answer: b
Clarification: A Backdoor Trojan provides malicious users remote control over the targeted computer. These trojans enable the author to perform anything they desire on the infected system which includes sending, receiving, launching & deleting files.

12. _______________ programs are specially designed for stealing your account data for online banking systems, e-payment services & credit/debit cards.
a) DDoS-Trojan
b) Backdoor Trojan
c) Trojan-Banker
d) Trojan-Downloader

Answer: c
Clarification: Trojan-Banker is programs are specially designed for stealing your account data for online banking systems, e-payment services & credit/debit cards. They work silently in the back of the system process to steal such data.

13. ______________ perform automated DoS (Denial of Service) attacks on a targeted web address.
a) DDoS-Trojan
b) Backdoor Trojan
c) Trojan-Banker
d) Trojan-Downloader

Answer: a
Clarification: DDoS Trojan performs automated DoS (Denial of Service) attacks on a targeted web address. By sending multiple requests from your system, it can target different websites which can lead to a Denial of Service attack.

14. Trojan-Downloader is a special type of trojans which can download & install new versions of malicious programs.
a) True
b) False

Answer: a
Clarification: Trojan-Downloader is another type of trojans that can download & install new versions of malicious programs. They work secretly & keep on downloading other malicious programs when the system is online.

15. ____________ work in background & keeps on downloading other malicious programs when the system is online.
a) DDoS-Trojan
b) Backdoor Trojan
c) Trojan-Banker
d) Trojan-Downloader

Answer: d
Clarification: Trojan-Downloader is a special type of trojans that work secretly & keep on downloading other malicious programs when the system is online. They can also download & install new versions of malicious programs.

Cyber Security Multiple Choice Questions on “Attack Vectors – Social Networking Security”.

1. Which of the following is the most viral section of the internet?
a) Chat Messenger
b) Social networking sites
c) Tutorial sites
d) Chat-rooms

Answer: b
Clarification: Social networking sites are the most used sites and the most viral section of the internet. So users must keep their accounts secure and safe from getting into wrong hands.

2. ____________ type of sites are known as friend-of-a-friend site.
a) Chat Messenger
b) Social networking sites
c) Tutorial sites
d) Chat-rooms

Answer: b
Clarification: Social networking sites are the most used site which acts to connect people for social interaction. So users must keep their accounts secure & safe from getting into wrong hands.

3. Which of the following is not an appropriate measure for securing social networking accounts?
a) Strong passwords
b) Link your account with a phone number
c) Never write your password anywhere
d) Always maintain a soft copy of all your passwords in your PC

Answer: d
Clarification: ‘Always maintain a soft copy of all your passwords in your PC’ is not an appropriate measure for securing your online accounts because, if your system got accessed by anyone or anybody put spyware or screen-recording malware, then all your passwords will get revealed.

4. Which of them is a proper measure of securing social networking account?
a) Never keep your password with any relevant names
b) Keep written records of your passwords
c) Keep records of your password in audio format in your personal cell-phone
d) Passwords are kept smaller in size to remember

Answer: a
Clarification: Never keep your password with any relevant names because there are different types of hackers who either use password guessing techniques or some of them are hard-working and they do social engineering and research on different data associated to the victim.

5. If hackers gain access to your social media accounts, they can do some illicit or shameless act to degrade your reputation.
a) True
b) False

Answer: a
Clarification: Yes, there are script-kiddies or young-hackers who start their hacking career by cracking simple & weak passwords to enlighten their skills to others. These hackers may gain access to your social media accounts & can do some illicit or shameless act on behalf of your name to degrade your reputation.

6. ________________ is a popular tool to block social-media websites to track your browsing activities.
a) Fader
b) Blur
c) Social-Media Blocker
d) Ad-blocker

Answer: b
Clarification: Blur is a free browser extension and a popular tool used to block social-media websites to track your browsing activities & prevent users from these surfing pattern stealers.

7. Try to keep your passwords without meaning so that _____________ attack becomes almost impossible to perform successfully.
a) social engineering
b) phishing
c) password guessing
d) brute force

Answer: c
Clarification: Try to keep your passwords without meaning so that password guessing attack becomes almost impossible to perform successfully. This will reduce the potential to do both passwords guessing as well as dictionary attacks.

8. Keeping the password by the name of your pet is a good choice.
a) True
b) False

Answer: b
Clarification: Keeping the password by the name of your pet is not at all a good choice. Because they do social engineering & research on different data associated with you as a victim and will perform password guessing techniques.

9. Increase your security for social media account by always ____________ as you step away from the system.
a) signing in
b) logging out
c) signing up
d) logging in

Answer: b
Clarification: Increase your security for social media account by always logging out as you step away from the system. This will reduce both remote hacking as well as physical hacking.

10. Clicking on enticing Ads can cause trouble.
a) True
b) False

Answer: a
Clarification: Clicking on enticing Ads can cause trouble. Viruses & malware frequently find their mode of entering onto the victim computer through these annoying & enticing ads.

11. Strangers cannot cause much trouble if we connect to them over social media.
a) True
b) False

Answer: b
Clarification: Strangers can cause huge trouble if we connect to them or chat with them without knowing exact details or whether the account is genuine or not. The stranger may send infected links which you might click and will redirect you to infected sites.

12. Part of the social media sites are the various games & 3^rd party applications which helps ______________ to get access to your data.
a) ethical hackers
b) penetration testers
c) security auditors
d) cyber-criminals

Answer: d
Clarification: Part of the social media sites are the various games & 3^rd party applications which help cyber criminals to get access to your data. In this way, they can compromise your account or grab your valuable & confidential data.

13. Many social media sites and services provide _______________ for legitimate account verification.
a) Retina scanning
b) Fingerprint scanning
c) CAPTCHA
d) 2-step verification

Answer: d
Clarification: With 2-Step Verification (which is also known as 2-factor authentication), users can add an extra layer of security to your account. After login, it asks for your existing phone number to send an OTP for layer-2 verification.

14. Scanning your system and destroying suspicious files can reduce risks of data compromise or leakage of compromised data over social media.
a) True
b) False

Answer: a
Clarification: Scanning your system and destroying suspicious files can reduce risks of data compromise or leakage of compromised data over social media. There are different website caches and bots that gets automatically downloaded to your system when you open different social-media sites and they store your sensitive data related to your social media account.

15. Different social media services offer tips as of how to use their services and site, still maintaining a high altitude of security.
a) True
b) False

Answer: a
Clarification: Different social media services offer tips as of how to use their services and site, still maintaining a high altitude of security. Every user must use those links to educate themselves and learn various features towards social-media security.

Cyber Security Multiple Choice Questions on “Cyber Attacks Types”.

1. The full form of Malware is ________
a) Malfunctioned Software
b) Multipurpose Software
c) Malicious Software
d) Malfunctioning of Security

Answer: c
Clarification: Different types of harmful software and programs that can pose threats to a system, network or anything related to cyberspace are termed as Malware. Examples of some common malware are Virus, Trojans, Ransomware, spyware, worms, rootkits etc.

2. Who deploy Malwares to a system or network?
a) Criminal organizations, Black hat hackers, malware developers, cyber-terrorists
b) Criminal organizations, White hat hackers, malware developers, cyber-terrorists
c) Criminal organizations, Black hat hackers, software developers, cyber-terrorists
d) Criminal organizations, gray hat hackers, Malware developers, Penetration testers

Answer: a
Clarification: Criminal-minded organizations, groups and individuals cyber-terrorist groups, Black hat hackers, malware developers etc are those who can deploy malwares to any target system or network in order to deface that system.

3. _____________ is a code injecting method used for attacking the database of a system / website.
a) HTML injection
b) SQL Injection
c) Malicious code injection
d) XML Injection

Answer: b
Clarification: SQLi (Structured Query Language Injection) is a popular attack where SQL code is targeted or injected; for breaking the web application having SQL vulnerabilities. This allows the attacker to run malicious code and take access to the database of that server.

4. XSS is abbreviated as __________
a) Extreme Secure Scripting
b) Cross Site Security
c) X Site Scripting
d) Cross Site Scripting

Answer: d
Clarification: Cross Site Scripting is another popular web application attack type that can hamper the reputation of any site.

5. This attack can be deployed by infusing a malicious code in a website’s comment section. What is “this” attack referred to here?
a) SQL injection
b) HTML Injection
c) Cross Site Scripting (XSS)
d) Cross Site Request Forgery (XSRF)

Answer: c
Clarification: XSS attack can be infused by putting the malicious code (which gets automatically run) in any comment section or feedback section of any webpage (usually a blogging page). This can hamper the reputation of a site and the attacker may place any private data or personal credentials.

6. When there is an excessive amount of data flow, which the system cannot handle, _____ attack takes place.
a) Database crash attack
b) DoS (Denial of Service) attack
c) Data overflow Attack
d) Buffer Overflow attack

Answer: d
Clarification: The Buffer overflow attack takes place when an excessive amount of data occurs in the buffer, which it cannot handle and lead to data being over-flow into its adjoined storage. This attack can cause a system or application crash and can lead to malicious entry-point.

7. Compromising a user’s session for exploiting the user’s data and do malicious activities or misuse user’s credentials is called ___________
a) Session Hijacking
b) Session Fixation
c) Cookie stuffing
d) Session Spying

Answer: a
Clarification: Using session hijacking, which is popularly known as cookie hijacking is an exploitation method for compromising the user’s session for gaining unauthorized access to user’s information.

8. Which of this is an example of physical hacking?
a) Remote Unauthorised access
b) Inserting malware loaded USB to a system
c) SQL Injection on SQL vulnerable site
d) DDoS (Distributed Denial of Service) attack

Answer: b
Clarification: If a suspicious gain access to server room or into any confidential area with a malicious pen-drive loaded with malware which will get triggered automatically once inserted to USB port of any employee’s PC; such attacks come under physical hacking, because that person in gaining unauthorized physical access to any room or organization first, then managed to get an employee’s PC also, all done physically – hence breaching physical security.

9. Which of them is not a wireless attack?
a) Eavesdropping
b) MAC Spoofing
c) Wireless Hijacking
d) Phishing

Answer: d
Clarification: Wireless attacks are malicious attacks done in wireless systems, networks or devices. Attacks on Wi-Fi network is one common example that general people know. Other such sub-types of wireless attacks are wireless authentication attack, Encryption cracking etc.

10. An attempt to harm, damage or cause threat to a system or network is broadly termed as ______
a) Cyber-crime
b) Cyber Attack
c) System hijacking
d) Digital crime

Answer: b
Clarification: Cyber attack is an umbrella term used to classify different computer & network attacks or activities such as extortion, identity theft, email hacking, digital spying, stealing hardware, mobile hacking and physical security breaching.

11. Which method of hacking will record all your keystrokes?
a) Keyhijacking
b) Keyjacking
c) Keylogging
d) Keyboard monitoring

Answer: c
Clarification: Keylogging is the method or procedure of recording all the key strokes/keyboard button pressed by the user of that system.

12. _________ are the special type of programs used for recording and tracking user’s keystroke.
a) Keylogger
b) Trojans
c) Virus
d) Worms

Answer: a
Clarification: Keyloggers are surveillance programs developed for both security purpose as well as done for hacking passwords and other personal credentials and information. This type of programs actually saves the keystrokes done using a keyboard and then sends the recorded keystroke file to the creator of such programs.

13. These are a collective term for malicious spying programs used for secretly monitoring someone’s activity and actions over a digital medium.
a) Malware
b) Remote Access Trojans
c) Keyloggers
d) Spyware

Answer: d
Clarification: Spyware is professional malicious spying software that is hard to detect by anti-malware or anti-virus programs because they are programmed in such a skillful way. These types of software keep on collecting personal information, surfing habits, surfing history as well as credit card details.

14. Stuxnet is a _________
a) Worm
b) Virus
c) Trojan
d) Antivirus

Answer: a
Clarification: Stuxnet is a popular and powerful worm that came into existence in mid 2010, which was very powerful as it was accountable for the cause of huge damage to Iran’s Nuclear program. It mainly targets the PLCs (Programmable Logic Controllers) in a system.

15. ___________ is a violent act done using the Internet, which either threatens any technology user or leads to loss of life or otherwise harms anyone in order to accomplish political gain.
a) Cyber-warfare
b) Cyber campaign
c) Cyber-terrorism
d) Cyber attack

Answer: c
Clarification: Cyber- terrorism is the term used to describe internet terrorism, where individuals and groups are anonymously misusing ethnicities, religions as well as threaten any technology user, which may lead to even loss of life.

Cyber Security Multiple Choice Questions on “Buffer Overflow”.

1. A __________ is a sequential segment of the memory location that is allocated for containing some data such as a character string or an array of integers.
a) stack
b) queue
c) external storage
d) buffer

Answer: d
Clarification: A buffer is a sequential segment of the memory location that is allocated for containing some data such as a character string or an array of integers. The buffer can handle data only if limited data is inserted.

2. In a _____________ attack, the extra data that holds some specific instructions in the memory for actions is projected by a cyber-criminal or penetration tester to crack the system.
a) Phishing
b) MiTM
c) Buffer-overflow
d) Clickjacking

Answer: c
Clarification: In a buffer-overflow attack, the extra data that holds some specific instructions in the memory for actions is projected by a cyber-criminal or penetration tester to crack the system.

3. How many types of buffer-overflow attack are there?
a) 4
b) 2
c) 5
d) 3

Answer: b
Clarification: There are two different types of buffer-overflow attack. These are stack-based and heap-based buffer overflow. In both the cases, this type of exploit takes advantage of an application that waits for user’s input.

4. Let suppose a search box of an application can take at most 200 words, and you’ve inserted more than that and pressed the search button; the system crashes. Usually this is because of limited __________
a) buffer
b) external storage
c) processing power
d) local storage

Answer: a
Clarification: In a scenario, where to suppose a search box of an application can take at most 200 words, and you’ve inserted more than that and pressed the search button; the system crashes. Usually, this is because of the limited buffer.

5. ______________ is a widespread app’s coding mistake made by developers which could be exploited by an attacker for gaining access or malfunctioning your system.
a) Memory leakage
b) Buffer-overrun
c) Less processing power
d) Inefficient programming

Answer: b
Clarification: Buffer-overflow, also known as buffer-overrun is a widespread application’s coding mistake made by developers which could be exploited by an attacker for gaining access or malfunctioning your system.

6. Buffer-overflow is also known as ______________
a) buffer-overrun
b) buffer-leak
c) memory leakage
d) data overflow

Answer: a
Clarification: Buffer-overflow, also known as buffer-overrun is a widespread application’s coding mistake made by app developers which could be exploited by an attacker for gaining access or malfunctioning your system.

7. Buffer-overflow may remain as a bug in apps if __________ are not done fully.
a) boundary hacks
b) memory checks
c) boundary checks
d) buffer checks

Answer: c
Clarification: Buffer-overflow may remain as a bug in apps if boundary checks are not done fully by developers or are skipped by the QA (Quality Assurance) testers of the software development team.

8. Applications developed by programming languages like ____ and ______ have this common buffer-overflow error.
a) C, Ruby
b) Python, Ruby
c) C, C++
d) Tcl, C#

Answer: c
Clarification: Applications developed by programming languages like C and C++ have this common buffer-overflow error. The strcat(), strcpy(), sprintf(), gets() etc when called in C and C++ can be exploited because these functions don’t check whether the stack is large enough for storing the data.

9. Why apps developed in languages like C, C++ is prone to Buffer-overflow?
a) No string boundary checks in predefined functions
b) No storage check in the external memory
c) No processing power check
d) No database check

Answer: a
Clarification: The strcat(), strcpy(), sprintf(), gets() etc when called in C and C++ can be exploited because these functions don’t check whether the stack is large enough for storing the data fetched from some other variable holding larger data.

10. Old operating systems like _______ and NT-based systems have buffer-overflow attack a common vulnerability.
a) Windows 7
b) Chrome
c) IOS12
d) UNIX

Answer: d
Clarification: Old operating systems like UNIX and NT-based systems have buffer-overflow attack a common vulnerability. This is because they were developed in old programming languages.

Cyber Security Multiple Choice Questions on “Network Models – TCP-IP Model Security”.

1. TCP/IP is extensively used model for the World Wide Web for providing network communications which are composed of 4 layers that work together.
a) True
b) False

Answer: a
Clarification: TCP/IP is extensively used model for the World Wide Web for providing network communications which are composed of 4 layers that work together. Each layer is composed of header and payload.

2. TCP/IP is composed of _______ number of layers.
a) 2
b) 3
c) 4
d) 5

Answer: c
Clarification: TCP/IP is extensively used model for the World Wide Web for providing network communications which are composed of 4 layers that work together. Each layer is composed of header and payload.

3. Trusted TCP/IP commands have the same needs & go through the identical verification process. Which of them is not a TCP/IP command?
a) ftp
b) rexec
c) tcpexec
d) telnet

Answer: c
Clarification: Trusted TCP/IP commands such as ftp, rexec and telnet have the same needs & go through the identical verification process. Internet & TCP/IP are often implemented synonymously.

4. Connection authentication is offered for ensuring that the remote host has the likely Internet Protocol (IP) ___________ & _________
a) address, name
b) address, location
c) network, name
d) network, location

Answer: a
Clarification: Connection authentication is offered for ensuring that the remote host has the likely Internet Protocol (IP)’s address & name. This avoids a remote host to masquerade as an added remote host.

5. Application layer sends & receives data for particular applications using Hyper Text Transfer Protocol (HTTP), and Simple Mail Transfer Protocol (SMTP).
a) True
b) False

Answer: a
Clarification: Application layer sends & receives data for particular applications using HyperText Transfer Protocol (HTTP), and Simple Mail Transfer Protocol (SMTP). Hence, data encryption for HTTP and SMTP is important.

6. TLS vulnerability is also known as Return of Bleichenbacher’s Oracle Threat.
a) True
b) False

Answer: a
Clarification: Return of Bleichenbacher’s Oracle Threat is a transport layer vulnerability that allows an attacker to get hold of the RSA key essential to decrypt TLS traffic below certain conditions.

7. RoBOT is abbreviated as ___________
a) Return of Bleichenbacher’s Oracle Team
b) Rise of Bleichenbacher’s Oracle Threat
c) Return of Bleichenbacher’s Operational Threat
d) Return of Bleichenbacher’s Oracle Threat

Answer: d
Clarification: Return of Bleichenbacher’s Oracle Threat is a transport layer vulnerability that allows an attacker to get hold of the RSA key essential to decrypt TLS traffic below certain conditions.

8. There are __________ different versions of IP popularly used.
a) 2
b) 3
c) 4
d) 5

Answer: a
Clarification: There are two different versions of IPs used popularly over the internet. These are IPv4 and IPv6. IPv4 is a 32-bits numeric address written in decimal with 4 numbers separated by dots whereas IPv6 addresses are 128-bits written in hexadecimal & separated by colons.

9. ____________ is an attack where the attacker is able to guess together with the sequence number of an in progress communication session & the port number.
a) TCP Spoofing
b) TCP Blind Spoofing
c) IP Spoofing
d) IP Blind Spoofing

Answer: b
Clarification: TCP Blind Spoofing is an attack where the attacker is able to guess together with the sequence number of an in progress communication session & the port number.

10. ___________ is an attack technique where numerous SYN packets are spoofed with a bogus source address which is then sent to an inundated server.
a) SYN flooding attack
b) ACK flooding attack
c) SYN & ACK flooding attack
d) Packet flooding attack

Answer: a
Clarification: SYN flooding attack is an attack technique where numerous SYN packets are spoofed with a bogus source address which is then sent to an inundated server. The SYN & ACK segments need to begin in a TCP connection.

11. Which of them is not an attack done in the network layer of the TCP/IP model?
a) MITM attack
b) DoS attack
c) Spoofing attack
d) Shoulder surfing

Answer: d
Clarification: MITM, Denial of Service (DoS), and spoofing attacks are possible in the network layer of the TCP/IP model. It is important to secure the network layer as it is the only means to make certain that your application is not getting flooded with attacks.

12. Which of them is not an appropriate method of router security?
a) Unused ports should be blocked
b) Unused interfaces and services should be disabled
c) Routing protocol needs to be programmed by security experts
d) Packet filtering needs to be enabled

Answer: c
Clarification: Unused ports should be blocked, Unused interfaces and services should be disabled, and Packet filtering needs to be enabled are some of the security measures that need to be taken for the routers.

13. Which 2 protocols are used in the Transport layer of the TCP/IP model?
a) UDP and HTTP
b) TCP and UDP
c) HTTP and TCP
d) ICMP and HTTP

Answer: b
Clarification: The transport layer can voluntarily declare the consistency of communications. Transmission Control Protocol (TCP) & User Datagram Protocol (UDP) are the most common transport layer protocols.

14. Which of the protocol is not used in the network layer of the TCP/IP model?
a) ICMP
b) IP
c) IGMP
d) HTTP

Answer: d
Clarification: Internet Control Message Protocol (ICMP), Internet Protocol (IP) and Internet Group Management Protocol (IGMP) are used in the network layer. HTTP is used in application layer of TCP/IP model.

15. ____________ protocol attack is done in the data-link layer.
a) HTTP
b) DNS
c) TCP/IP
d) POP

Answer: b
Clarification: DNS protocol attack is done in the application layer of the TCP/IP model which allows attackers to modify DNS records in order to misdirect user traffic and land them in some malicious or spoofed address.