250+ TOP MCQs on Network Models – OSI Model Security and Answers

Cyber Security Multiple Choice Questions on “Network Models – OSI Model Security”.

1. The ____________ model is 7-layer architecture where each layer is having some specific functionality to perform.
a) TCP/IP
b) Cloud
c) OSI
d) OIS

Answer: c
Clarification: The OSI model is 7-layer architecture where each layer is having some specific functionality to perform. All these layers work in collaboration for transmitting the data from 1 person to another worldwide.

2. The full form of OSI is OSI model is ______________
a) Open Systems Interconnection
b) Open Software Interconnection
c) Open Systems Internet
d) Open Software Internet

Answer: a
Clarification: The OSI model is 7-layer architecture where each layer is having some specific functionality to perform. All these layers work in collaboration for transmitting the data from 1 person to another worldwide.

3. Which of the following is not physical layer vulnerability?
a) Physical theft of data & hardware
b) Physical damage or destruction of data & hardware
c) Unauthorized network access
d) Keystroke & Other Input Logging

Answer: c
Clarification: Unauthorized network access is not an example of physical layer vulnerability. The rest three – Physical theft of data & hardware, damage or destruction of data & hardware and keystroke & Other Input Logging are physical layer vulnerabilities.

4. In __________________ layer, vulnerabilities are directly associated with physical access to networks and hardware.
a) physical
b) data-link
c) network
d) application

Answer: a
Clarification: In the physical layer, vulnerabilities are directly associated with physical access to networks and hardware such as unauthorised network access, damage or destruction of data & hardware and keystroke & Other Input Logging.

5. Loss of power and unauthorized change in the functional unit of hardware comes under problems and issues of the physical layer.
a) True
b) False

Answer: a
Clarification: Loss of power and unauthorized change in the functional unit of hardware comes under problems and issues of the physical layer. Other such issues are unauthorised network access, damage or destruction of data & hardware and keystroke & Other Input Logging.

6. Which of the following is not a vulnerability of the data-link layer?
a) MAC Address Spoofing
b) VLAN circumvention
c) Switches may be forced for flooding traffic to all VLAN ports
d) Overloading of transport-layer mechanisms

Answer: d
Clarification: MAC Address Spoofing, VLAN circumvention and switches may be forced for flooding traffic to all VLAN ports are examples of data-link layer vulnerability.

7. ____________ is data-link layer vulnerability where stations are forced to make direct communication with another station by evading logical controls.
a) VLAN attack
b) VLAN Circumvention
c) VLAN compromisation method
d) Data-link evading

Answer: b
Clarification: VLAN Circumvention is data-link layer vulnerability where stations are forced to make direct communication with another station by evading logical controls implemented using subnets and firewalls.

8. ________________may be forced for flooding traffic to all VLAN ports allowing interception of data through any device that is connected to a VLAN.
a) Switches
b) Routers
c) Hubs
d) Repeaters

Answer: a
Clarification: Switches may be forced for flooding traffic to all VLAN ports allowing interception of data through any device that are connected to a VLAN. It is a vulnerability of data link layer.

9. Which of the following is not a vulnerability of the network layer?
a) Route spoofing
b) Identity & Resource ID Vulnerability
c) IP Address Spoofing
d) Weak or non-existent authentication

Answer: d
Clarification: Weak or non-existent authentication is a vulnerability of the session layer. Route spoofing, identity & resource ID vulnerability & IP Address Spoofing are examples of network layer vulnerability.

10. Which of the following is an example of physical layer vulnerability?
a) MAC Address Spoofing
b) Physical Theft of Data
c) Route spoofing
d) Weak or non-existent authentication

Answer: b
Clarification: Physical theft of data is an example of physical layer vulnerability. Other such issues are unauthorized network access, damage or destruction of data & hardware and keystroke & Other Input Logging.

11. Which of the following is an example of data-link layer vulnerability?
a) MAC Address Spoofing
b) Physical Theft of Data
c) Route spoofing
d) Weak or non-existent authentication

Answer: a
Clarification: MAC Address spoofing is an example of data-link layer vulnerability. VLAN circumvention, as well as switches, may be forced for flooding traffic to all VLAN ports are some other examples of data-link layer vulnerability.

12. Which of the following is an example of network layer vulnerability?
a) MAC Address Spoofing
b) Physical Theft of Data
c) Route spoofing
d) Weak or non-existent authentication

Answer: c
Clarification: Route spoofing is an example of network layer vulnerability. Other examples of network layer vulnerabilities are IP Address Spoofing and Identity & Resource ID Vulnerability.

13. Which of the following is an example of physical layer vulnerability?
a) MAC Address Spoofing
b) Route spoofing
c) Weak or non-existent authentication
d) Keystroke & Other Input Logging

Answer: d
Clarification: Keystroke & other input logging is an example of physical layer vulnerability. Other such physical layer vulnerabilities are unauthorized network access, damage or destruction of data & hardware and keystroke & Other Input Logging.

14. Which of the following is an example of data-link layer vulnerability?
a) Physical Theft of Data
b) VLAN circumvention
c) Route spoofing
d) Weak or non-existent authentication

Answer: b
Clarification: VLAN circumvention is an example of data-link layer vulnerability. MAC Address Spoofing, as well as switches, may be forced for flooding traffic to all VLAN ports are some other examples of data-link layer vulnerability.

250+ TOP MCQs on Attack Vectors – Virus and Worms and Answers

Cyber Security Multiple Choice Questions on “Attack Vectors – Virus and Worms”.

1. There are _________ types of computer virus.
a) 5
b) 7
c) 10
d) 12

Answer: c
Clarification: There are a total of 10 types of virus. These are categorized based on their working and characteristics. These are System or Boot Sector Virus, Direct Action Virus, Resident Virus, Multipartite Virus, Polymorphic Virus, Overwrite Virus, Space-filler Virus, File infectors, Macro Virus, Rootkit virus.

2. Which of the following is not a type of virus?
a) Boot sector
b) Polymorphic
c) Multipartite
d) Trojans

Answer: d
Clarification: Types of viruses are System or Boot Sector Virus, Direct Action Virus, Resident Virus, Multipartite Virus, Polymorphic Virus, Overwrite Virus, Space-filler Virus, File infectors, Macro Virus, Rootkit virus. Trojan does not come under types of virus.

3. A computer ________ is a malicious code which self-replicates by copying itself to other programs.
a) program
b) virus
c) application
d) worm

Answer: b
Clarification: A computer virus is a malicious code which self-replicates by copying itself to other programs. The computer virus gets spread by itself into other executable code or documents. The intention of creating a virus is to infect vulnerable systems.

4. Which of them is not an ideal way of spreading the virus?
a) Infected website
b) Emails
c) Official Antivirus CDs
d) USBs

Answer: c
Clarification: The ideal means of spreading computer virus are through emails, USB drives that are used portable and injected and ejected in different systems as well as from infected websites. Antivirus selling vendors do not place a virus in their CDs and DVDs.

5. In which year Apple II virus came into existence?
a) 1979
b) 1980
c) 1981
d) 1982

Answer: c
Clarification: In mid-1981, the 1st virus for Apple computers with the name Apple II came into existence. It was also called Elk Cloner, which resided in the boot sectors of a 3.3 floppy disk.

6. In mid-1981, the 1st virus for Apple computers with the name _________ came into existence.
a) Apple I
b) Apple II
c) Apple III
d) Apple Virus

Answer: b
Clarification: In mid-1981, the 1st virus for Apple computers with the name Apple II came into existence. It was also called Elk Cloner, which resided in the boot sectors of a 3.3 floppy disk.

7. The virus hides itself from getting detected by ______ different ways.
a) 2
b) 3
c) 4
d) 5

Answer: b
Clarification: The virus hides itself from getting detected in three different ways. These are by encrypting itself, by altering the disk directory with additional virus bytes or it uses stealth algorithm to redirect disk data.

8. _______________ infects the master boot record and it is challenging and a complex task to remove this virus.
a) Boot Sector Virus
b) Polymorphic
c) Multipartite
d) Trojans

Answer: a
Clarification: Boot Sector Virus infects the master boot record & it is a challenging & a complex task to remove such virus. Mostly such virus spreads through removable devices.

9. ________________ gets installed & stays hidden in your computer’s memory. It stays involved to the specific type of files which it infects.
a) Boot Sector Virus
b) Direct Action Virus
c) Polymorphic Virus
d) Multipartite Virus

Answer: b
Clarification: Direct Action Virus gets installed & stays hidden in your computer’s memory. Such type of virus stays involved to the specific type of files which it infects.

10. Direct Action Virus is also known as ___________
a) Non-resident virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus

Answer: a
Clarification: Direct Action Virus is also known as a non-resident virus which gets installed & stays hidden in your computer’s memory. Such type of virus stays involved to the specific type of files which it infects.

11. ______________ infects the executables as well as the boot sectors.
a) Non-resident virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus

Answer: d
Clarification: Multipartite Virus infects the executables as well as the boot sectors. It infects the computer or get into any system through multiple mediums and are hard to remove.

12. ______________ are difficult to identify as they keep on changing their type and signature.
a) Non-resident virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus

Answer: c
Clarification: Polymorphic Virus is difficult to identify as they keep on changing their type and signature. They’re not easily detectable by traditional antivirus. It usually changes the signature pattern whenever it replicates itself.

13. ____________ deletes all the files that it infects.
a) Non-resident virus
b) Overwrite Virus
c) Polymorphic Virus
d) Multipartite Virus

Answer: b
Clarification: Overwrite virus deletes all files that it infects. It can be removed by only deleting those infected files. Mostly, it gets spread via emails.

14. _____________ is also known as cavity virus.
a) Non-resident virus
b) Overwrite Virus
c) Polymorphic Virus
d) Space-filler Virus

Answer: d
Clarification: Space-fillers are a special type of virus which usually does not cause any serious harm to the system except it fills up the empty space in memory and codes leading to wastage of memory.

15. Which of the below-mentioned reasons do not satisfy the reason why people create a computer virus?
a) Research purpose
b) Pranks
c) Identity theft
d) Protection

Answer: d
Clarification: Computer virus is not created for protection. Virus writers may have other reasons like for research purpose, pranks, vandalism, financial gain, identity theft, and some other malicious purposes.

250+ TOP MCQs on Attack Vectors – Caches and Cookies and Answers

Cyber Security Multiple Choice Questions on “Attack Vectors – Caches and Cookies”.

1. Which of the following data is not appropriate here, if you delete cache, cookies, and browser history?
a) Address bar predictions
b) Saved passwords
c) Browser plug-ins
d) Shopping cart content

Answer: c
Clarification: Clearing the browser’s cookies, cache & history may eradicate data such as address bar predictions, saved passwords and shopping cart contents. In this way, hackers won’t be able to take your data through browser hacking or cookie stealing.

2. ____________ are tiny files which get downloaded to your system when you visit a website.
a) Cookies
b) Caches
c) Bots
d) Crawlers

Answer: a
Clarification: Cookies are tiny files which get downloaded to your system when you visit a website. They are a very important part of hacking and so clearing the browser’s cookies, cache & history may eradicate data such as address bar predictions, saved passwords and shopping cart contents so that hackers don’t steal them.

3. Browser ___________ are impermanent internet files which helps the browsers download web images, data & documents for rapid performance & viewing in the future.
a) plug-ins
b) cache
c) ad-on
d) history

Answer: b
Clarification: Browser caches are impermanent internet files that helps the browsers download web images, data & documents for rapid performance & viewing in the future.

4. ___________ is just a group of data downloaded for helping in displaying a web page faster.
a) plug-ins
b) cache
c) ad-ons
d) history

Answer: b
Clarification: A cache is just a group of data downloaded for helping in displaying a web page faster. These files help the browsers download web images, data & documents for rapid performance & viewing in the future.

5. Attackers could steal ___________ to achieve illegitimate accessing to online accounts & disturbs the personal information.
a) plug-ins
b) cache
c) cookies
d) history

Answer: c
Clarification: Attackers could steal cookies to achieve illegitimate accessing online accounts & disturbs the personal information. Hence, clearing the browser’s cookies may eradicate data such as saved passwords and IDs as well as shopping cart contents.

6. Which of the following is not an example of browsing data?
a) Forms and Search-bar data
b) Cache data
c) Downloading history
d) Start bar search data

Answer: d
Clarification: Attackers may target data such as forms and Search-bar data, cache & cookies data, browsing and download history records, active logins and site preferences to steal user’s sensitive data.

7. There are cookies that are designed to track your browsing habits & aim ads to you.
a) True
b) False

Answer: a
Clarification: Cookies are tiny files which get downloaded to your system when you visit a website. There are cookies that are designed to track your browsing habits & aim ads that are relevant to the user.

8. Keeping browsing habits & aiming specific ads to you is harmless but it might reduce your online privacy.
a) True
b) False

Answer: a
Clarification: There are cookies that are designed to track your browsing habits & aim ads that are relevant to the user. Keeping browsing habits & aiming specific ads to users is harmless but it might reduce your online privacy.

9. There are ____________ that are designed to track your browsing habits & aim ads that are relevant to the user.
a) plug-ins
b) cache
c) cookies
d) history

Answer: c
Clarification: Cookies are tiny files which get downloaded to your system when you visit a website. There are cookies that are designed to track your browsing habits & aim ads that are relevant to the user.

250+ TOP MCQs on Ethical Hacking – Types of Hackers & Security Professionals

Cyber Security Multiple Choice Questions on “Ethical Hacking – Types of Hackers & Security Professionals”.

1. Hackers who help in finding bugs and vulnerabilities in a system & don’t intend to crack a system are termed as ________
a) Black Hat hackers
b) White Hat Hackers
c) Grey Hat Hackers
d) Red Hat Hackers

Answer: b
Clarification: White Hat Hackers are cyber security analysts and consultants who have the intent to help firms and Governments in the identification of loopholes as well as help to perform penetration tests for securing a system.

2. Which is the legal form of hacking based on which jobs are provided in IT industries and firms?
a) Cracking
b) Non ethical Hacking
c) Ethical hacking
d) Hactivism

Answer: c
Clarification: Ethical Hacking is an ethical form of hacking done by white-hat hackers for performing penetration tests and identifying potential threats in any organizations and firms.

3. They are nefarious hackers, and their main motive is to gain financial profit by doing cyber crimes. Who are “they” referred to here?
a) Gray Hat Hackers
b) White Hat Hackers
c) Hactivists
d) Black Hat Hackers

Answer: d
Clarification: Black Hat hackers also termed as ‘crackers’ and are a major type of cyber criminals who take unauthorized access in user’s account or system and steal sensitive data or inject malware into the system for their profit or to harm the organization.

4. ________ are the combination of both white as well as black hat hackers.
a) Grey Hat hackers
b) Green Hat hackers
c) Blue Hat Hackers
d) Red Hat Hackers

Answer: a
Clarification: Grey Hat Hackers have a blending character of both ethical as well as un-ethical hacker. They hack other’s systems for fun but do not harm the system, exploits bugs and vulnerabilities in network without the knowledge of the admin or the owner.

5. The amateur or newbie in the field of hacking who don’t have many skills about coding and in-depth working of security and hacking tools are called ________
a) Sponsored Hackers
b) Hactivists
c) Script Kiddies
d) Whistle Blowers

Answer: c
Clarification: Script Kiddies are new to hacking and at the same time do not have many interests in developing coding skills or find bugs of their own in systems; rather they prefer downloading of available tools (developed by elite hackers) and use them to break any system or network. They just try to gain attention of their friend circles.

6. Suicide Hackers are those _________
a) who break a system for some specific purpose with or without keeping in mind that they may suffer long term imprisonment due to their malicious activity
b) individuals with no knowledge of codes but an expert in using hacking tools
c) who know the consequences of their hacking activities and hence try to prevent them by erasing their digital footprints
d) who are employed in an organization to do malicious activities on other firms

Answer: a
Clarification: Suicide hackers are those who break into any network or system with or without knowing the consequences of the cyber crime and its penalty. There are some suicide hackers who intentionally do crimes and get caught to bring their names in the headlines.

7. Criminal minded individuals who work for terrorist organizations and steal information of nations and other secret intelligence are _________
a) State sponsored hackers
b) Blue Hat Hackers
c) Cyber Terrorists
d) Red Hat Hackers

Answer: c
Clarification: Cyber Terrorists are very expert programmers and cyber criminals who hide themselves while doing malicious activities over the internet and they are smart enough to hide themselves or their tracks of action. They are hired for gaining unauthorised access to nation’s data centres or break into the network of intelligence agencies.

8. One who disclose information to public of a company, organization, firm, government and private agency and he/she is the member or employee of that organization; such individuals are termed as ___________
a) Sponsored hackers
b) Crackers
c) Hactivist
d) Whistleblowers

Answer: d
Clarification: Whistleblowers are those individuals who is a member or an employee of any specific organization and is responsible for disclosing private information of those organizations, firms, either government or private.

9. These types of hackers are the most skilled hackers in the hackers’ community. Who are “they” referred to?
a) White hat Hackers
b) Elite Hackers
c) Licensed Penetration Testers
d) Red Hat Hackers

Answer: b
Clarification: The tag “Elite hackers” are considered amongst the most reputed hackers who possess most of the hacking and security skills. They are treated with utmost respect in the hackers’ community. Zero day vulnerabilities, serious hacking tools and newly introduced bugs are found and developed by them.

10. _________ are those individuals who maintain and handles IT security in any firm or organization.
a) IT Security Engineer
b) Cyber Security Interns
c) Software Security Specialist
d) Security Auditor

Answer: a
Clarification: This is an intermediary level of position of an individual in an organization or firm who builds and preserves different systems and its associated security tools of the firm of organization to which he/she belongs.

11. Role of security auditor is to ____________
a) secure the network
b) probe for safety and security of organization’s security components and systems
c) detects and prevents cyber attacks and threats to organization
d) does penetration testing on different web applications

Answer: b
Clarification: Security auditors are those who conduct auditing of various computer and network systems on an organization or company and reports the safety and security issues as well as helps in suggesting improvements or enhancements in any particular system that is threat prone.

12. ________ are senior level corporate employees who have the role and responsibilities of creating and designing secured network or security structures.
a) Ethical Hackers
b) Chief Technical Officer
c) IT Security Engineers
d) Security Architect

Answer: d
Clarification: Security architect are those senior grade employees of an organization who are in charge of building, designing, implementing and testing of secured network topologies, protocols as well as secured computers in an organization.

13. __________ security consultants uses database security monitoring & scanning tools to maintain security to different data residing in the database / servers / cloud.
a) Database
b) Network
c) System
d) Hardware

Answer: a
Clarification: Database Security consultants are specific individuals hired in order to monitor and scan the database systems and keep them secured from unwanted threats and attacks by giving access to restricted users, blocking unwanted files, multi-factor access control etc.

14. Governments hired some highly skilled hackers. These types of hackers are termed as _______
a) Special Hackers
b) Government Hackers
c) Cyber Intelligence Agents
d) Nation / State sponsored hackers

Answer: d
Clarification: Nation / State sponsored hackers are specific individuals who are employed or hired by the government of that nation or state and protect the nation from cyber terrorists and other groups or individuals and to reveal their plans, communications and actions.

15. Someone (from outside) who tests security issues for bugs before launching a system or application, and who is not a part of that organization or company are ______
a) Black Hat hacker
b) External penetration tester
c) Blue Hat hacker
d) White Hat Hacker

Answer: c
Clarification: Blue Hat Hackers are outsiders yet security testers who are temporarily hired for performing outsourced security test for bugs and vulnerabilities in any system before launching it to the market or making the application live.

250+ TOP MCQs on Linux OS and its Security and Answers

Cyber Security Multiple Choice Questions on “Linux OS and its Security”.

1. _________ is one of the most secured Linux OS that provides anonymity and an incognito option for securing its user data.
a) Fedora
b) Tails
c) Ubuntu
d) OpenSUSE

Answer: b
Clarification: If any user is looking for Linux based security solutions, Tails is one of the most popular Linux-based operating systems that provides anonymity and an incognito option for securing its user data.

2. Which of the following OS does not comes under a secured Linux OS list?
a) Qubes OS
b) Tails
c) Tin Hat
d) Ubuntu

Answer: d
Clarification: Qubes OS, Tails OS, and Tin Hat are amongst the most secured Linux Operating Systems (OS) that provide fast and secure Linux experience along with maintaining anonymity for the users.

3. ____________ is a Debian-Linux based OS that has 2 VMs (Virtual Machines) that help in preserving users’ data private.
a) Fedora
b) Ubuntu
c) Whonix
d) Kubuntu

Answer: c
Clarification: Whonix is a Debian-Linux based OS that has 2 VMs (Virtual Machines) that help in preserving users’ data private. One VM is a Tor Gateway that runs Debian while the other is Workstation.

4. Subgraph OS is a Debian based Linux distro which provides hardcore anonymity and is approved by Edward Snowden.
a) True
b) False

Answer: a
Clarification: Subgraph OS is a secured Debian-based Linux distro which provides hardcore anonymity and is approved by Edward Snowden. It helps the users give anonymous digital experience along with data hardening feature.

5. Which of the following comes under secured Linux based OS?
a) Ubuntu
b) Fedora
c) Kubuntu
d) Tails

Answer: d
Clarification: If any user is looking for Linux based security solutions, Tails is one of the most popular Linux-based operating systems that provide anonymity and incognito option for securing its user data.

6. Using the ______ account of a UNIX system, one can carry out administrative functions.
a) root
b) administrative
c) user
d) client

Answer: a
Clarification: Using the root account of a UNIX system, one can carry out administrative functions in the system. Rest of the accounts in the system are unprivileged, i.e. other accounts have no rights beyond accessing of files having proper permission.

7. In your Linux-based system, you have to log-in with your root account for managing any feature of your system.
a) True
b) False

Answer: b
Clarification: Try to avoid logging in as a root user. In your Linux-based system, you don’t have to log-in with your root account for managing any feature of your system. For the administrative task, you can use the tool or command ‘sudo’ or ‘su’ that gives root privileges.

8. In a Linux-based system, the accounts may be members of 1 or more than one group.
a) True
b) False

Answer: a
Clarification: In a Linux-based system, the accounts may be members of 1 or more groups. If any group has been assigned to access resources, then from the security perspective, one needs to keep in mind that every member of that group gets access to it automatically.

9. MAC is abbreviated as _______________
a) Machine Access Control
b) Mandatory Accounts Control
c) Mandatory Access Controlling
d) Mandatory Access Control

Answer: d
Clarification: Mandatory Access Control systems provides separation of a computer and its OS into several small discrete sections. This is because the user of a system can only utilize those pieces of a system for which they’ve been given permission to.

10. _______________ in a system is given so that users can use dedicated parts of the system for which they’ve been given access to.
a) Machine Access Control
b) Mandatory Accounts Control
c) Mandatory Access Control
d) Mandatory Access Controlling

Answer: c
Clarification: Mandatory Access Control is a technique that provides separation of a computer with its OS into several small discrete sections so that the user of a system can only utilize those pieces of a system for which they’ve been given permission to.

11. DTE is abbreviated as ___________________
a) Domain and Type Enforcing
b) Domain and Type Enforcement
c) DNS and Type Enforcement
d) DNS and Type Enforcing

Answer: b
Clarification: Domain and Type Enforcement is a technique for access-control in technology and in OS like Linux which helps in limiting the access of programs that are running, to limited users, or only to those who have permission to access.

12. RBAC is abbreviated as ______________
a) Rule-Based Accessing Control
b) Role-Based Access Control
c) Rule-Based Access Control
d) Role-Based Accessing Control

Answer: b
Clarification: RBAC which is abbreviated as Role-Based Access Control defines a set of functions for users in a Linux system and is often built on top of DTE systems. Here users can log for certain roles and run particular programs that are apposite for the role.

250+ TOP MCQs on Network Models – OSI Model Security and Answers

Cyber Security Multiple Choice Questions & Answers on “Network Models – OSI Model Security”.

1. Which of the following is not a transport layer vulnerability?
a) Mishandling of undefined, poorly defined
b) The Vulnerability that allows “fingerprinting” & other enumeration of host information
c) Overloading of transport-layer mechanisms
d) Unauthorized network access

Answer: d
Clarification: The different vulnerabilities of the Transport layer are mishandling of undefined, poorly defined, Vulnerability that allow “fingerprinting” & other enumeration of host information, Overloading of transport-layer mechanisms etc. Unauthorized network access is an example of physical layer vulnerability.

2. Which of the following is not session layer vulnerability?
a) Mishandling of undefined, poorly defined
b) Spoofing and hijacking of data based on failed authentication attempts
c) Passing of session-credentials allowing intercept and unauthorized use
d) Weak or non-existent authentication mechanisms

Answer: a
Clarification: Vulnerabilities of session layer of the OSI model are spoofing and hijacking of data based on failed authentication attempts, weak or non-existent authentication mechanisms, and the passing of session-credentials allowing intercept and unauthorized use.

3. Failed sessions allow brute-force attacks on access credentials. This type of attacks are done in which layer of the OSI model?
a) Physical layer
b) Data-link Layer
c) Session layer
d) Presentation layer

Answer: c
Clarification: Session identification may be subject to spoofing may lead to data leakage which depends on failed authentication attempts and allow hackers to allow brute-force attacks on access credentials.

4. Transmission mechanisms can be subject to spoofing & attacks based on skilled modified packets.
a) True
b) False

Answer: a
Clarification: Transmission mechanisms can be subject to spoofing & attacks based on skilled modified packets. This type of attacks is done in the transport layer of the OSI model.

5. Which of the following is not an example of presentation layer issues?
a) Poor handling of unexpected input can lead to the execution of arbitrary instructions
b) Unintentional or ill-directed use of superficially supplied input
c) Cryptographic flaws in the system may get exploited to evade privacy
d) Weak or non-existent authentication mechanisms

Answer: d
Clarification: Cryptographic flaws may be exploited to circumvent privacy, unintentional or ill-directed use of superficially supplied input, and poor handling of unexpected input are examples of presentation layer flaws.

6. Which of the following is not a vulnerability of the application layer?
a) Application design bugs may bypass security controls
b) Inadequate security controls force “all-or-nothing” approach
c) Logical bugs in programs may be by chance or on purpose be used for crashing programs
d) Overloading of transport-layer mechanisms

Answer: d
Clarification: Application design flaws may bypass security controls, inadequate security controls as well as logical bugs in programs may be by chance or on purpose be used for crashing programs. These all are part of application layer vulnerability.

7. Which of the following is an example of Transport layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) poor handling of unexpected input
d) highly complex application security controls

Answer: b
Clarification: Overloading of transport-layer mechanisms is an example of transport layer vulnerability. Other examples of Transport layer vulnerability are mishandling of undefined, poorly defined, Vulnerability that allows “fingerprinting” & other enumeration of host information.

8. Which of the following is an example of session layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) poor handling of unexpected input
d) highly complex application security controls

Answer: a
Clarification: Weak or non-existent mechanisms for authentication is an example of session layer vulnerability. Other examples are spoofing and the hijacking of data based on failed-authentication attempts & passing of session-credentials allowing intercept and unauthorized use.

9. Which of the following is an example of presentation layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) highly complex application security controls
d) poor handling of unexpected input

Answer: d
Clarification: Poor handling of unexpected input is an example of presentation layer vulnerability. Cryptographic flaws may be exploited to circumvent privacy, unintentional use of superficially supplied input are some other examples of presentation layer vulnerability.

10. Which of the following is an example of application layer vulnerability?
a) Cryptographic flaws lead to the privacy issue
b) Very complex application security controls
c) MAC Address Spoofing
d) Weak or non-existent authentication

Answer: b
Clarification: Very complex application security controls can be an example of application layer vulnerability. Inadequate security controls, as well as logical bugs in programs, are some other examples of such type.