250+ TOP MCQs on Attack Vectors – Phishing and its Types and Answers

Tricky Cyber Security Questions and Answers on “Attack Vectors – Phishing and its Types”.

1. ______________ is an internet scam done by cyber-criminals where the user is convinced digitally to provide confidential information.
a) Phishing attack
b) DoS attack
c) Website attack
d) MiTM attack

Answer: a
Clarification: Phishing is an internet scam done by cyber-criminals where the user is convinced digitally to provide confidential information. There are different types of phishing. Some of them redirect the user to different sites via emails & spyware.

2. In _______________ some cyber-criminals redirect the legitimate users to different phishing sites and web pages via emails, IMs, ads and spyware.
a) URL Redirection
b) DoS
c) Phishing
d) MiTM attack

Answer: c
Clarification: Phishing is an internet scam done by hackers to provide classified information. In some of them, cyber-criminals redirect the users to different sites via emails, IMs, and ads.

3. Phishers often develop ______________ websites for tricking users & filling their personal data.
a) legitimate
b) illegitimate
c) genuine
d) official

Answer: b
Clarification: Phishing is a category of social engineering attack that is used to steal user data. Phishers often develop illegitimate websites for tricking users & filling their personal data.

4. Which of the following type of data, phishers cannot steal from its target victims?
a) bank details
b) phone number
c) passwords
d) apps installed in the mobile

Answer: d
Clarification: Phishers often develop illegitimate websites for tricking users & filling their personal data such as bank account details, phone number, address, username, and passwords etc.

5. Algorithm-Based Phishing was developed in the year __________
a) 1988
b) 1989
c) 1990
d) 1991

Answer: c
Clarification: Algorithm-Based Phishing was developed in the year 1990 where the first team of phishers developed an algorithm for generating random credit card numbers for getting an original card’s match.

6. ______________ was the first type of phishing where the phishers developed an algorithm for generating random credit card numbers.
a) Algo-based phishing
b) Email-based phishing
c) Domain Phishing
d) Vishing

Answer: a
Clarification: Phishing is a category of social engineering attack. In Algorithm-Based Phishing, an algorithm for generating random credit card numbers for getting an original card’s match.

7. Email Phishing came into origin in the year __________
a) 1990
b) 2000
c) 2005
d) 2015

Answer: b
Clarification: Email Phishing came into origin in the year 2000 which is more tech-savvy. Here the email is created as if it has been sent from a legitimate source with a legitimate link to its official website.

8. _________________ type of phishing became very popular as if it has been sent from a legitimate source with a legitimate link to its official website.
a) Algo-based phishing
b) Email-based phishing
c) Domain Phishing
d) Vishing

Answer: b
Clarification: In email phishing, the email is fashioned as if it has been sent from a legitimate source with a legitimate link to its official website. It came into origin in the year 2000.

9. _____________ refers to phishing performed over smart-phone by calling.
a) Algo-based phishing
b) Email-based phishing
c) Domain Phishing
d) Vishing

Answer: d
Clarification: Phishers often develop illegitimate websites for tricking users & filling their personal data. Vishing refers to phishing performed over smart-phone by calling. As the phishing is done through voice so it is called vishing = voice + phishing.

10. _____________ = voice + phishing.
a) Algo-based phishing
b) Vishing
c) Domain Phishing
d) Email-based phishing

Answer: b
Clarification: Phishing occurs when a cyber-criminal masquerade as a trusted entity. Vishing refers to phishing performed where the phishing is done through voice hence called vishing = voice + phishing.

11. Victims of phishing are mostly ___________________
a) Tech enthusiast
b) Professional computer engineers
c) Lack of computer knowledge
d) Lack of management skill

Answer: c
Clarification: Phishers often develop illegitimate websites for tricking users & filling their personal data. Victims of such type of attacks are those users with lack of computer knowledge.

12. ___________________ is usually targeted by nature where the emails are exclusively designed to target any exact user.
a) Algo-based phishing
b) Vishing
c) Domain Phishing
d) Spear phishing

Answer: d
Clarification: In spear phishing, hackers usually targeted specifically where the emails are exclusively designed to target any particular user. It occurs when an attacker masquerades the victim a trusted party.

13. ____________ or smishing is one of the simplest types of phishing where the target victims may get a fake order detail with a cancellation link.
a) Algo-based phishing
b) SMS phishing
c) Domain Phishing
d) Spear phishing

Answer: b
Clarification: SMS phishing or Smishing is one of the simplest types of phishing where the target victims may get a fake order detail with a cancellation link or any other link that leads you to a malicious link.

14. ________________ phishing is that type of phishing where the construction of a fake webpage is done for targeting definite keywords & waiting for the searcher to land on the fake webpage.
a) Voice
b) SMS
c) Search engine
d) Email

Answer: c
Clarification: Search engine phishing is that type of phishing where the construction of a fake webpage is done for targeting definite keywords & waiting for the searcher to land on the fake webpage.

15. Which of the following is not an example or type of phishing?
a) Spear phishing
b) Deceptive phishing
c) Whaling
d) Monkey in the Middle

Answer: d
Clarification: Phishing is an internet scam done by cyber-criminals where the user is convinced digitally to provide confidential information. There are different types of phishing. Some of them are Spear phishing, deceptive phishing, whaling, pharming, vishing.

16. Which of the following is not an example or type of phishing?
a) Tracking
b) Vishing
c) Smishing
d) Pharming

Answer: a
Clarification: A popular internet scam done by black hat hackers and crackers to grab confidential information by masquerading is the phishing technique. Smishing, email phishing, whaling, pharming, vishing are some popular types of phishing.

250+ TOP MCQs on Cryptography – Steganography for Security and Answers

Basic Cyber Security Questions and Answers on “Cryptography – Steganography for Security”.

1. _____________ is another data hiding technique which can be used in conjunction with cryptography for the extra-secure method of protecting data.
a) Cryptography
b) Steganography
c) Tomography
d) Chorography

Answer: b
Clarification: Steganography is the technique of hiding data in another raw data. Steganography is another data hiding technique which can be used in conjunction with cryptography for an extra-secure method of protecting data.

2. _____________ is hiding of data within data, where we can hide images, text, and other messages within images, videos, music or recording files.
a) Cryptography
b) Tomography
c) Steganography
d) Chorography

Answer: c
Clarification: Steganography helps in hiding any form of data within data, where we can hide images, text, and other messages within images, videos, music or recording files.

3. Steganography follows the concept of security through obscurity.
a) True
b) False

Answer: a
Clarification: Hiding of data within another data through obscurity is called steganography. It is another data hiding technique which can be used in conjunction with cryptography for an extra-secure method of protecting data.

4. The word ________________is a combination of the Greek words ‘steganos’ which means “covered or concealed”, and ‘graphein’ which means “writing”.
a) Cryptography
b) Tomography
c) Steganography
d) Chorography

Answer: c
Clarification: The word steganography is a combination of the Greek words ‘steganos’ which means “covered or concealed”, and ‘graphein’ which means “writing”. Steganography is hiding of data within data, where we can hide images, text, and other messages within images, videos, music or recording files.

5. A ________________ tool permits security professional or a hacker to embed hidden data within a carrier file like an image or video which can later be extracted from them.
a) Cryptography
b) Tomography
c) Chorography
d) Steganography

Answer: d
Clarification: A steganography tool is a software tool that permits a security professional or a hacker to embed hidden data within a carrier file like an image or video which can later be extracted from them.

6. Which of the following is not a steganography tool?
a) Xaio steganography
b) Image steganography
c) ReaperExploit
d) Steghide

Answer: c
Clarification: ReaperExploit is not a steganography tool that permits security through obscurity. Xaio steganography, image steganography, Steghide etc are examples of such tools.

7. Which of the following is not a steganography tool?
a) Crypture
b) SteganographX Plus
c) rSteg
d) Burp Suite

Answer: d
Clarification: There are some software tools that helps hackers to embed hidden data within a which can later be extracted from them. SSuite Picsel, rSteg, SteganographX Plus, and crypture are examples of such tools.

8. The main motive for using steganography is that hackers or other users can hide a secret message behind a ______________
a) special file
b) ordinary file
c) program file
d) encrypted file

Answer: b
Clarification: The main motive for using steganography is that hackers or other users can hide a secret message behind ordinary files. Some steganography tools are SSuite Picsel, rSteg etc.

9. People will normally think it as a normal/regular file and your secret message will pass on without any _______________
a) suspicion
b) decryption
c) encryption
d) cracking

Answer: a
Clarification: Steganography techniques help hackers or other users to conceal covert message behind regular files. People will normally think it as a normal/regular file and your secret message will pass on without any suspicion.

10. By using ______________ you can diminish the chance of data leakage.
a) Cryptography
b) Tomography
c) Chorography
d) Steganography

Answer: d
Clarification: Hackers or other cyber criminals target ordinary files to hide different data or information within another data file. By using steganography, you can diminish the chance of data leakage.

250+ TOP MCQs on Social Engineering and Physical Hacking

Cyber Security Multiple Choice Questions on “Social Engineering and Physical Hacking”.

1. ___________ is a special form of attack using which hackers’ exploit – human psychology.
a) Cross Site Scripting
b) Insecure network
c) Social Engineering
d) Reverse Engineering

Answer: c
Clarification: Using social engineering techniques, hackers try to exploit the victim’s mind to gain valuable information about that person such as his/her phone number, date of birth, pet name etc.

2. Which of the following do not comes under Social Engineering?
a) Tailgating
b) Phishing
c) Pretexting
d) Spamming

Answer: d
Clarification: Spamming is the attack technique where the same message is sent indiscriminately repeatedly in order to overload the inbox or harm the user.

3. _________ involves scams where an individual (usually an attacker) lie to a person (the target victim) to acquire privilege data.
a) Phishing
b) Pretexting
c) Spamming
d) Vishing

Answer: b
Clarification: In the pretexting technique of social engineering, the attacker pretends in need of legitimate information from the victim for confirming his/her identity.

4. Which of the following is the technique used to look for information in trash or around dustbin container?
a) Pretexting
b) Baiting
c) Quid Pro Quo
d) Dumpster diving

Answer: d
Clarification: In the technology world, where information about a person seems everywhere; dumpster diving is the name of the technique where the attacker looks for information in dustbins and trashes. For example, after withdrawing money from ATM, the user usually throw the receipt in which the total amount and account details are mentioned. These type of information becomes helpful to a hacker, for which they use dumpster diving.

5. Which of the following is not an example of social engineering?
a) Dumpster diving
b) Shoulder surfing
c) Carding
d) Spear phishing

Answer: c
Clarification: Carding is the method of trafficking of bank details, credit cards or other financial information over the internet. Hence it’s a fraudulent technique used by hackers and does not comes under social engineering.

6. In a phishing, attackers target the ________ technology to so social engineering.
a) Emails
b) WI-FI network
c) Operating systems
d) Surveillance camera

Answer: a
Clarification: In a phishing attack, the attacker fraudulently attempts to obtain sensitive data (such as username & passwords) of the target user and use emails to send fake links which redirect them to a fake webpage which looks legitimate.

7. Tailgating is also termed as ___________
a) Piggybacking
b) Pretexting
c) Phishing
d) Baiting

Answer: a
Clarification: Piggybacking is the technique used for social engineering, as the attacker or unauthorized person/individual follows behind an authorized person/employee & gets into an authorized area to observe the system, gain confidential data or for a fraudulent purpose.

8. Physical hacking is not at all possible in hospitals, banks, private firms, and non-profit organizations.
a) True
b) False

Answer: b
Clarification: Physical hacking, like other types of hacking, is possible in any institutions, organizations, clinics, private firms, banks or any other financial institutions. Hence, the above statement is false.

9. Stealing pen drives and DVDs after tailgating is an example of lack of _______ security.
a) network security
b) physical security
c) database security
d) wireless security

Answer: b
Clarification: When cyber-criminal gain access to an authorized area and steal pen drives and DVDs which contain sensitive information about an employee or about the organization, then it can be said that the physical security of the organization is weak.

10. ________ is the ability of an individual to gain physical access to an authorized area.
a) Network accessing
b) Database accessing
c) Remote accessing
d) Physical accessing

Answer: d
Clarification: Physical accessing without prior security checking is the ability of a person to gain access to any authorized area. Physical accessing is done using piggybacking or any other suspicious means.

11. Which of the following is not considering the adequate measure for physical security?
a) Lock the drawers
b) Keep strong passwords for corporate laptops and mobile phones
c) Keep confidential organization’s document file open in the desk
d) Hide your hand against camera while inserting the PIN code

Answer: c
Clarification: Keeping confidential files left open in the desk is not an adequate way of maintaining physical security; as anyone can pick these up and perform physical hacking.

12. Which of the following is not a physical security measure to protect against physical hacking?
a) Add front desk & restrict unknown access to the back room
b) Create a phishing policy
c) Analyze how employees maintain their physical data and data storage peripheral devices
d) Updating the patches in the software you’re working at your office laptop.

Answer: d
Clarification: Updating the patches in your working software does not come under security measures for physical hacking. Updating the patches will help your software get free from bugs and flaws in an application as they get a fix when patches are updated.

13. IT security department must periodically check for security logs and entries made during office hours.
a) True
b) False

Answer: a
Clarification: Checking for security logs and entries made by employees and other outsiders who entered the office can help in identifying whether any suspicious person is getting in and out of the building or not.

14. Which of them is not an example of physical hacking?
a) Walk-in using piggybacking
b) Sneak-in
c) Break-in and steal
d) Phishing

Answer: d
Clarification: Phishing does not come under physical security. Walk-in without proper authorization, sneaking in through glass windows or other means and breaking in and stealing sensitive documents are examples of physical hacking.

15. Physical _________ is important to check & test for possible physical breaches.
a) penetration test
b) security check
c) hacking
d) access

Answer: a
Clarification: Physical penetration test is important in order to check for the possible physical security breaches. Usually corporate firms and organizations stay busy in securing the networks and data and penetration testers are hired for data and network pentesting, but physical security breach can also equally hamper.

250+ TOP MCQs on Exploits and Exploitation and Answers

Cyber Security Multiple Choice Questions on “Exploits and Exploitation”.

1. ________________ are piece of programs or scripts that allow hackers to take control over any system.
a) Exploits
b) Antivirus
c) Firewall by-passers
d) Worms

Answer: a
Clarification: Exploits are the piece of programs or scripts that allow hackers to take control over any system. Vulnerability scanners such as Nexpose and Nessus are used for finding such vulnerabilities.

2. The process of finding vulnerabilities and exploiting them using exploitable scripts or programs are known as _____________
a) infiltrating
b) exploitation
c) cracking
d) hacking

Answer: b
Clarification: The process of finding vulnerabilities and exploiting them using exploitable scripts or programs are known as exploitation. Vulnerability scanners such as Nexpose and Nessus are used for finding such vulnerabilities and then they are exploited using such programs and scripts.

3. Which of them is not a powerful vulnerability detecting tool?
a) Nessus
b) Nexpose
c) Metasploit
d) Nmap

Answer: d
Clarification: Some of the most widely used tools for detecting vulnerabilities in a system are Nessus, Nexpose, Metasploit and OpenVAS. Hackers use these tools for detecting vulnerabilities and then write exploits to exploit the systems.

4. __________ is the specific search engine for exploits where anyone can find all the exploits associated to vulnerability.
a) Google
b) Bing
c) Exploit-db
d) Exploit-engine

Answer: c
Clarification: Since based on vulnerabilities, we can find exploits, Exploit-db is the specific search engine for exploits where anyone can find all the exploits associated with vulnerability. You can find this from https://www.exploit-db.com.

5. Which of the following are not a vulnerability-listed site/database?
a) Exploit-db
b) Common Vulnerabilities and Exposures (CVE)
c) National Vulnerability Database (NVD)
d) Bing Vulnerability database (BVD)

Answer: d
Clarification: Exploit-db (https://www.exploit-db.com/), Common Vulnerabilities and Exposures (CVE) (https://cve.mitre.org/), and National Vulnerability Database (NVD) (https://nvd.nist.gov/) are three vulnerability listing site.

6. There are __________ types of exploits based on their working.
a) two
b) three
c) four
d) five

Answer: a
Clarification: There are two different types of exploits. These are remote exploits – where hackers can gain access to the system or network remotely, and local exploits – where the hacker need to access the system physically and overpass the rights.

7. How many types of exploits are there based on their nature from hacking’s perspective?
a) 4
b) 3
c) 2
d) 5

Answer: c
Clarification: There are basically 2 types of exploits based on the nature of their existence and knowledge. These are known and unknown (i.e. Zero Day). Known exploits are those that are released publicly and people know about them. Unknown exploits are such type of exploits that are not known or the bugs are not fixed by vendors or owners.

8. Known exploits have a confirmation of and measures can be taken against it to resolve them.
a) True
b) False

Answer: a
Clarification: Known exploits have a confirmation of and measures can be taken against it to resolve them. These types of vulnerabilities and exploit details are available online in blogs and sites.

9. Unknown exploits are those exploits that have not yet been reported openly and hence present a straightforward attack at firms and the government agencies.
a) True
b) False

Answer: a
Clarification: Unknown exploits are those exploits that have not yet been reported openly and hence present a straightforward attack at firms and the government agencies. They’re also called Zero-day exploits.

10. A ____________ is a set of changes done to any program or its associated data designed for updating, fixing, or improving it.
a) scratch
b) patch
c) fixer
d) resolver

Answer: b
Clarification: The term ‘patch’ in the applied computer science is a set of changes done to any program or its associated data designed for updating, fixing, or improving it. Patch releases are done by vendors to solve any bug in a system.

11. Fixing of security vulnerabilities in a system by additional programs is known as __________ patches.
a) hacking
b) database
c) server
d) security

Answer: d
Clarification: Fixing of security vulnerabilities in a system by additional programs is known as security patches. These type of patches helps in fixing security bugs and improving the overall security of the system.

12. Known bugs can be solved or removed by __________________ develop by the vendors of the application.
a) removing the application
b) changing the software
c) installing security patches
d) installing database patches

Answer: c
Clarification: Known bugs and vulnerabilities of a system can be solved or installing or updating the security patches developed by the vendor or owner of that particular application.

13. ___________________ are some very frequent updates that come for every anti-virus.
a) Patch update
b) Data update
c) Code update
d) Definition update

Answer: d
Clarification: Definition updates are some very frequent updates that come for every anti-virus. These updates are frequently rolled out in order to update your antivirus software with the latest releases of attack vectors and bugs.

14. National Vulnerability Database (NVD) is _________________ repository of data regarding vulnerability standards.
a) U.S. government
b) India government
c) Russian government
d) China Government

Answer: a
Clarification: National Vulnerability Database (NVD) is the US government repository of data regarding vulnerability standards. It is available from the link https://nvd.nist.gov.

15. CVE is a directory of lists of publicly recognized information security vulnerabilities as well as exposures.
a) True
b) False

Answer: a
Clarification: CVE is a directory of lists of publicly recognized information security vulnerabilities as well as exposures. It is available from the link https://cve.mitre.org.

250+ TOP MCQs on Scanning Phase for Security and Answers

Cyber Security Multiple Choice Questions on “Scanning Phase for Security”.

1. There are _______ types of scanning.
a) 2
b) 3
c) 4
d) 5

Answer: b
Clarification: There are a total of three types of scanning in ethical hacking and cyber-security. These are vulnerability scanning, network scanning & port scanning.

2. Which of the following is not an objective of scanning?
a) Detection of the live system running on network
b) Discovering the IP address of the target system
c) Discovering the services running on target system
d) Detection of spyware in a system

Answer: d
Clarification: Detection of the live system running on the network, discovering the IP address of the target system, & discovering the services running on the target system are some of the objectives of scanning.

3. For discovering the OS running on the target system, the scanning has a specific term. What is it?
a) Footprinting
b) 3D Printing
c) Fingerprinting
d) screen-printing

Answer: c
Clarification: Fingerprinting is the name of that specific type of scanning For discovering the OS running on the target system in a network which comes under OS scanning technique.

4. Which of them is not a scanning methodology?
a) Check for live systems
b) Check for open ports
c) Identifying the malware in the system
d) Identifying of services

Answer: c
Clarification: Check for live systems, open ports and identification of services running on the systems are some of the steps and methodologies used in scanning.

5. ICMP scanning is used to scan _______________
a) open systems
b) live systems
c) malfunctioned systems
d) broken systems

Answer: b
Clarification: Check for live systems, open ports and identification of services running on the systems are some of the steps and methodologies used in scanning. ICMP scanning is used for checking live systems.

6. In live system scanning, it is checked which hosts are up in the network by pinging the systems in the network.
a) True
b) False

Answer: a
Clarification: Check for live systems, open ports and identification of services running on the systems are some of the steps and methodologies used in scanning. In live system scanning, it is checked which hosts are up in the network by pinging the systems in the network.

7. ________ attribute is used to tweak the ping timeout value.
a) -time
b) -t
c) -p
d) -tout

Answer: b
Clarification: -t attribute is used while pinging any system to tweak the ping timeout value. It is an example of live system scanning, to check which hosts are up in the network by pinging the systems in the network.

8. Which of them do not comes under NETBIOS information?
a) Name of the system / PC
b) Workgroup name
c) MAC address
d) RAM space

Answer: d
Clarification: Scanning using IP address simply pings each IP address for checking if it is live or not. This helps in providing NETBIOS information such as the name of the system, workgroup and MAC address.

9. A ______________ is a simple network scanning technique used for determining which range of IP address map to live hosts.
a) scan sweep
b) ping sweep
c) scan ping
d) host ping

Answer: b
Clarification: A ping sweep is a simple network scanning technique used for determining which range of IP address map to live hosts. The ping sweep consists of ICMP ECHO requests.

10. Ping sweep is also known as ________________
a) ICMP Sweep
b) ICMP Call
c) IGMP Sweep
d) ICMP pinging

Answer: a
Clarification: Ping sweep is also known as ICMP sweep is a simple network scanning technique used for determining which range of IP address map to live hosts. The ping sweep consists of ICMP ECHO requests.

11. If any given address is running live, it will return an ICMP ECHO reply.
a) True
b) False

Answer: a
Clarification: ICMP sweep is a simple network scanning technique used for determining which range of IP address map to live hosts. The ping sweep consists of ICMP ECHO requests. If any given address is running live, it will return an ICMP ECHO reply.

12. __________ scanning is done when a series of messages are sent by someone keeping in mind to break into a computer.
a) Network
b) Port
c) Vulnerability
d) System

Answer: b
Clarification: Scanning is done when a series of messages are sent by someone keeping in mind to break into a computer to learn about computer network services.

13. ____________ scanning is a procedure to identify active hosts on your network.
a) Network
b) Port
c) Vulnerability
d) System

Answer: a
Clarification: Network scanning is a procedure to identify active hosts on your network. It is done with the intention to either attack your system or for security purposes by ethical hackers.

14. _____________ scanning is an automatic process for identifying vulnerabilities of the system within a network.
a) Network
b) Port
c) Vulnerability
d) System

Answer: c
Clarification: Vulnerability scanning is an automatic process for identifying vulnerabilities of a computing system within a network. It is one of the popular scanning methodologies.

15. Which of them is not a standard scanning type or terminology?
a) Network
b) Port
c) Vulnerability
d) System

Answer: d
Clarification: There are a total of three types of scanning in ethical hacking and cyber-security. These are vulnerability scanning, network scanning & port scanning. System scanning is not a standard terminology or type of scanning.

250+ TOP MCQs on Attack Vectors – Sniffing and Answers

Cyber Security Multiple Choice Questions on “Attack Vectors – Sniffing”.

1. _____________ is data interception method used by hackers.
a) Phishing
b) DoS
c) Sniffing
d) MiTM

Answer: c
Clarification: Sniffing is data interception method used by hackers. Sniffing is the method used to monitor & capture all data packets passing through any target network using sniffing tools.

2. Sniffing is also known as ___________________
a) network-tapping
b) wiretapping
c) net-tapping
d) wireless-tapping

Answer: b
Clarification: Sniffing which is also known as wiretapping is data interception method used by hackers. It is a technique used for monitoring & capturing all data packets passing through any target network.

3. _____________ are programs or devices that capture the vital information from the target network or particular network.
a) Routers
b) Trappers
c) Wireless-crackers
d) Sniffers

Answer: d
Clarification: Sniffing is data interception method used by cyber-criminals. Sniffers are programs or devices that capture vital information from the target network or particular network.

4. Which of them is not an objective of sniffing for hackers?
a) Fetching passwords
b) Email texts
c) Types of files transferred
d) Geographic location of a user

Answer: d
Clarification: The method used to capture data packets through any target network is called sniffing. The various objectives of sniffing for hackers are fetching passwords, email texts and the type of files transferred.

5. Which of the following tech-concepts cannot be sniffed?
a) Router configuration
b) ISP details
c) Email Traffic
d) Web Traffic

Answer: b
Clarification: Sniffing is data interception method and is not used for sniffing ISP details. It is particularly used for capturing router configuration, email traffic & web traffic.

6. Which of the following tech-concepts cannot be sniffed?
a) Cloud sessions
b) FTP passwords
c) Telnet passwords
d) Chat sessions

Answer: a
Clarification: Sniffing technique is used to monitor packets of target network using sniffer programs. It cannot sniff cloud sessions. It is used to capture and monitor router configuration, Telnet passwords, chat sessions etc.

7. Which of the below-mentioned protocol is not susceptible to sniffing?
a) HTTP
b) SMTP
c) POP
d) TCP

Answer: d
Clarification: The technique used to supervise & confine all data packets through any target network is called sniffing. HTTP, SMTP, POP are some protocols that are susceptible to sniffing.

8. Which of the below-mentioned protocol is not susceptible to sniffing?
a) NNTP
b) UDP
c) FTP
d) IMAP

Answer: b
Clarification: NNTP, FTP, POP and IMAP are some protocols that are susceptible to sniffing. UDP protocol is not susceptible to sniffing attack. Sniffing is mainly used for capturing email traffic, router’s configuration, & web traffic.

9. There are __________ types of sniffing.
a) 2
b) 3
c) 4
d) 5

Answer: a
Clarification: Sniffing is data surveillance technique used by hackers and is used to keep an eye on as well as detain all data packets with the help of sniffing tools. There are two types of sniffing attacks. These are passive sniffing and active sniffing.

10. Active sniffing is difficult to detect.
a) True
b) False

Answer: b
Clarification: Sniffing is like “tapping phone calls” and try to know about any conversation. There are two types of sniffing. These are passive sniffing and active sniffing. Passive sniffing is difficult to detect.

11. Which of the following is not a sniffing tool?
a) Wireshark
b) Dude Sniffer
c) Maltego
d) Look@LAN

Answer: c
Clarification: Packet sniffers are utility tools which are used since the release of Ethernet. List of some of these sniffing tools are Wireshark, Dude Sniffer, Look@LAN etc.

12. A sniffer, on the whole turns your system’s NIC to the licentious mode so that it can listen to all your data transmitted on its division.
a) True
b) False

Answer: a
Clarification: A sniffer on the whole turns your system’s NIC to the licentious mode so that it can listen to all your data transmitted on its division. This is how it works to sniff all data packets.

13. A ______________ on the whole turns your system’s NIC to the licentious mode so that it can listen to all your data transmitted on its division.
a) Phishing site
b) Sniffer tool
c) Password cracker
d) NIC cracker

Answer: b
Clarification: A sniffer tool turns your machine’s NIC to the dissolute mode so that hackers can listen to & observe all your data packets. Hence they can know what type of data is being transmitted and received.

14. In _____________ sniffing, the network traffic is not only supervised & locked but also be can be altered in different ways to accomplish the attack.
a) passive
b) signal
c) network
d) active

Answer: d
Clarification: Sniffing is like tapping the phone calls & over-heard about any discussion. In active sniffing, the network traffic is not only supervised & locked but also be can be altered in different ways to accomplish the attack.

15. __________________ are those devices which can be plugged into your network at the hardware level & it can monitor traffic.
a) Hardware sniffers & analyzers
b) Hardware protocol analyzers
c) Hardware protocol sniffers
d) Hardware traffic sniffers and observers

Answer: b
Clarification: Sniffing is data interception method which can be done using hardware also. Hardware protocol analyzers are those devices which can be plugged into your network at the hardware level & it can monitor traffic without manipulating it.