Category: Cyber Security Objective Questions

Cyber Security Multiple Choice Questions on “Cyber Attacks Types”.

1. The full form of Malware is ________
a) Malfunctioned Software
b) Multipurpose Software
c) Malicious Software
d) Malfunctioning of Security

Answer: c
Clarification: Different types of harmful software and programs that can pose threats to a system, network or anything related to cyberspace are termed as Malware. Examples of some common malware are Virus, Trojans, Ransomware, spyware, worms, rootkits etc.

2. Who deploy Malwares to a system or network?
a) Criminal organizations, Black hat hackers, malware developers, cyber-terrorists
b) Criminal organizations, White hat hackers, malware developers, cyber-terrorists
c) Criminal organizations, Black hat hackers, software developers, cyber-terrorists
d) Criminal organizations, gray hat hackers, Malware developers, Penetration testers

Answer: a
Clarification: Criminal-minded organizations, groups and individuals cyber-terrorist groups, Black hat hackers, malware developers etc are those who can deploy malwares to any target system or network in order to deface that system.

3. _____________ is a code injecting method used for attacking the database of a system / website.
a) HTML injection
b) SQL Injection
c) Malicious code injection
d) XML Injection

Answer: b
Clarification: SQLi (Structured Query Language Injection) is a popular attack where SQL code is targeted or injected; for breaking the web application having SQL vulnerabilities. This allows the attacker to run malicious code and take access to the database of that server.

4. XSS is abbreviated as __________
a) Extreme Secure Scripting
b) Cross Site Security
c) X Site Scripting
d) Cross Site Scripting

Answer: d
Clarification: Cross Site Scripting is another popular web application attack type that can hamper the reputation of any site.

5. This attack can be deployed by infusing a malicious code in a website’s comment section. What is “this” attack referred to here?
a) SQL injection
b) HTML Injection
c) Cross Site Scripting (XSS)
d) Cross Site Request Forgery (XSRF)

Answer: c
Clarification: XSS attack can be infused by putting the malicious code (which gets automatically run) in any comment section or feedback section of any webpage (usually a blogging page). This can hamper the reputation of a site and the attacker may place any private data or personal credentials.

6. When there is an excessive amount of data flow, which the system cannot handle, _____ attack takes place.
a) Database crash attack
b) DoS (Denial of Service) attack
c) Data overflow Attack
d) Buffer Overflow attack

Answer: d
Clarification: The Buffer overflow attack takes place when an excessive amount of data occurs in the buffer, which it cannot handle and lead to data being over-flow into its adjoined storage. This attack can cause a system or application crash and can lead to malicious entry-point.

7. Compromising a user’s session for exploiting the user’s data and do malicious activities or misuse user’s credentials is called ___________
a) Session Hijacking
b) Session Fixation
c) Cookie stuffing
d) Session Spying

Answer: a
Clarification: Using session hijacking, which is popularly known as cookie hijacking is an exploitation method for compromising the user’s session for gaining unauthorized access to user’s information.

8. Which of this is an example of physical hacking?
a) Remote Unauthorised access
b) Inserting malware loaded USB to a system
c) SQL Injection on SQL vulnerable site
d) DDoS (Distributed Denial of Service) attack

Answer: b
Clarification: If a suspicious gain access to server room or into any confidential area with a malicious pen-drive loaded with malware which will get triggered automatically once inserted to USB port of any employee’s PC; such attacks come under physical hacking, because that person in gaining unauthorized physical access to any room or organization first, then managed to get an employee’s PC also, all done physically – hence breaching physical security.

9. Which of them is not a wireless attack?
a) Eavesdropping
b) MAC Spoofing
c) Wireless Hijacking
d) Phishing

Answer: d
Clarification: Wireless attacks are malicious attacks done in wireless systems, networks or devices. Attacks on Wi-Fi network is one common example that general people know. Other such sub-types of wireless attacks are wireless authentication attack, Encryption cracking etc.

10. An attempt to harm, damage or cause threat to a system or network is broadly termed as ______
a) Cyber-crime
b) Cyber Attack
c) System hijacking
d) Digital crime

Answer: b
Clarification: Cyber attack is an umbrella term used to classify different computer & network attacks or activities such as extortion, identity theft, email hacking, digital spying, stealing hardware, mobile hacking and physical security breaching.

11. Which method of hacking will record all your keystrokes?
a) Keyhijacking
b) Keyjacking
c) Keylogging
d) Keyboard monitoring

Answer: c
Clarification: Keylogging is the method or procedure of recording all the key strokes/keyboard button pressed by the user of that system.

12. _________ are the special type of programs used for recording and tracking user’s keystroke.
a) Keylogger
b) Trojans
c) Virus
d) Worms

Answer: a
Clarification: Keyloggers are surveillance programs developed for both security purpose as well as done for hacking passwords and other personal credentials and information. This type of programs actually saves the keystrokes done using a keyboard and then sends the recorded keystroke file to the creator of such programs.

13. These are a collective term for malicious spying programs used for secretly monitoring someone’s activity and actions over a digital medium.
a) Malware
b) Remote Access Trojans
c) Keyloggers
d) Spyware

Answer: d
Clarification: Spyware is professional malicious spying software that is hard to detect by anti-malware or anti-virus programs because they are programmed in such a skillful way. These types of software keep on collecting personal information, surfing habits, surfing history as well as credit card details.

14. Stuxnet is a _________
a) Worm
b) Virus
c) Trojan
d) Antivirus

Answer: a
Clarification: Stuxnet is a popular and powerful worm that came into existence in mid 2010, which was very powerful as it was accountable for the cause of huge damage to Iran’s Nuclear program. It mainly targets the PLCs (Programmable Logic Controllers) in a system.

15. ___________ is a violent act done using the Internet, which either threatens any technology user or leads to loss of life or otherwise harms anyone in order to accomplish political gain.
a) Cyber-warfare
b) Cyber campaign
c) Cyber-terrorism
d) Cyber attack

Answer: c
Clarification: Cyber- terrorism is the term used to describe internet terrorism, where individuals and groups are anonymously misusing ethnicities, religions as well as threaten any technology user, which may lead to even loss of life.

Cyber Security Multiple Choice Questions on “Buffer Overflow”.

1. A __________ is a sequential segment of the memory location that is allocated for containing some data such as a character string or an array of integers.
a) stack
b) queue
c) external storage
d) buffer

Answer: d
Clarification: A buffer is a sequential segment of the memory location that is allocated for containing some data such as a character string or an array of integers. The buffer can handle data only if limited data is inserted.

2. In a _____________ attack, the extra data that holds some specific instructions in the memory for actions is projected by a cyber-criminal or penetration tester to crack the system.
a) Phishing
b) MiTM
c) Buffer-overflow
d) Clickjacking

Answer: c
Clarification: In a buffer-overflow attack, the extra data that holds some specific instructions in the memory for actions is projected by a cyber-criminal or penetration tester to crack the system.

3. How many types of buffer-overflow attack are there?
a) 4
b) 2
c) 5
d) 3

Answer: b
Clarification: There are two different types of buffer-overflow attack. These are stack-based and heap-based buffer overflow. In both the cases, this type of exploit takes advantage of an application that waits for user’s input.

4. Let suppose a search box of an application can take at most 200 words, and you’ve inserted more than that and pressed the search button; the system crashes. Usually this is because of limited __________
a) buffer
b) external storage
c) processing power
d) local storage

Answer: a
Clarification: In a scenario, where to suppose a search box of an application can take at most 200 words, and you’ve inserted more than that and pressed the search button; the system crashes. Usually, this is because of the limited buffer.

5. ______________ is a widespread app’s coding mistake made by developers which could be exploited by an attacker for gaining access or malfunctioning your system.
a) Memory leakage
b) Buffer-overrun
c) Less processing power
d) Inefficient programming

Answer: b
Clarification: Buffer-overflow, also known as buffer-overrun is a widespread application’s coding mistake made by developers which could be exploited by an attacker for gaining access or malfunctioning your system.

6. Buffer-overflow is also known as ______________
a) buffer-overrun
b) buffer-leak
c) memory leakage
d) data overflow

Answer: a
Clarification: Buffer-overflow, also known as buffer-overrun is a widespread application’s coding mistake made by app developers which could be exploited by an attacker for gaining access or malfunctioning your system.

7. Buffer-overflow may remain as a bug in apps if __________ are not done fully.
a) boundary hacks
b) memory checks
c) boundary checks
d) buffer checks

Answer: c
Clarification: Buffer-overflow may remain as a bug in apps if boundary checks are not done fully by developers or are skipped by the QA (Quality Assurance) testers of the software development team.

8. Applications developed by programming languages like ____ and ______ have this common buffer-overflow error.
a) C, Ruby
b) Python, Ruby
c) C, C++
d) Tcl, C#

Answer: c
Clarification: Applications developed by programming languages like C and C++ have this common buffer-overflow error. The strcat(), strcpy(), sprintf(), gets() etc when called in C and C++ can be exploited because these functions don’t check whether the stack is large enough for storing the data.

9. Why apps developed in languages like C, C++ is prone to Buffer-overflow?
a) No string boundary checks in predefined functions
b) No storage check in the external memory
c) No processing power check
d) No database check

Answer: a
Clarification: The strcat(), strcpy(), sprintf(), gets() etc when called in C and C++ can be exploited because these functions don’t check whether the stack is large enough for storing the data fetched from some other variable holding larger data.

10. Old operating systems like _______ and NT-based systems have buffer-overflow attack a common vulnerability.
a) Windows 7
b) Chrome
c) IOS12
d) UNIX

Answer: d
Clarification: Old operating systems like UNIX and NT-based systems have buffer-overflow attack a common vulnerability. This is because they were developed in old programming languages.

Cyber Security Multiple Choice Questions on “Network Models – TCP-IP Model Security”.

1. TCP/IP is extensively used model for the World Wide Web for providing network communications which are composed of 4 layers that work together.
a) True
b) False

Answer: a
Clarification: TCP/IP is extensively used model for the World Wide Web for providing network communications which are composed of 4 layers that work together. Each layer is composed of header and payload.

2. TCP/IP is composed of _______ number of layers.
a) 2
b) 3
c) 4
d) 5

Answer: c
Clarification: TCP/IP is extensively used model for the World Wide Web for providing network communications which are composed of 4 layers that work together. Each layer is composed of header and payload.

3. Trusted TCP/IP commands have the same needs & go through the identical verification process. Which of them is not a TCP/IP command?
a) ftp
b) rexec
c) tcpexec
d) telnet

Answer: c
Clarification: Trusted TCP/IP commands such as ftp, rexec and telnet have the same needs & go through the identical verification process. Internet & TCP/IP are often implemented synonymously.

4. Connection authentication is offered for ensuring that the remote host has the likely Internet Protocol (IP) ___________ & _________
a) address, name
b) address, location
c) network, name
d) network, location

Answer: a
Clarification: Connection authentication is offered for ensuring that the remote host has the likely Internet Protocol (IP)’s address & name. This avoids a remote host to masquerade as an added remote host.

5. Application layer sends & receives data for particular applications using Hyper Text Transfer Protocol (HTTP), and Simple Mail Transfer Protocol (SMTP).
a) True
b) False

Answer: a
Clarification: Application layer sends & receives data for particular applications using HyperText Transfer Protocol (HTTP), and Simple Mail Transfer Protocol (SMTP). Hence, data encryption for HTTP and SMTP is important.

6. TLS vulnerability is also known as Return of Bleichenbacher’s Oracle Threat.
a) True
b) False

Answer: a
Clarification: Return of Bleichenbacher’s Oracle Threat is a transport layer vulnerability that allows an attacker to get hold of the RSA key essential to decrypt TLS traffic below certain conditions.

7. RoBOT is abbreviated as ___________
a) Return of Bleichenbacher’s Oracle Team
b) Rise of Bleichenbacher’s Oracle Threat
c) Return of Bleichenbacher’s Operational Threat
d) Return of Bleichenbacher’s Oracle Threat

Answer: d
Clarification: Return of Bleichenbacher’s Oracle Threat is a transport layer vulnerability that allows an attacker to get hold of the RSA key essential to decrypt TLS traffic below certain conditions.

8. There are __________ different versions of IP popularly used.
a) 2
b) 3
c) 4
d) 5

Answer: a
Clarification: There are two different versions of IPs used popularly over the internet. These are IPv4 and IPv6. IPv4 is a 32-bits numeric address written in decimal with 4 numbers separated by dots whereas IPv6 addresses are 128-bits written in hexadecimal & separated by colons.

9. ____________ is an attack where the attacker is able to guess together with the sequence number of an in progress communication session & the port number.
a) TCP Spoofing
b) TCP Blind Spoofing
c) IP Spoofing
d) IP Blind Spoofing

Answer: b
Clarification: TCP Blind Spoofing is an attack where the attacker is able to guess together with the sequence number of an in progress communication session & the port number.

10. ___________ is an attack technique where numerous SYN packets are spoofed with a bogus source address which is then sent to an inundated server.
a) SYN flooding attack
b) ACK flooding attack
c) SYN & ACK flooding attack
d) Packet flooding attack

Answer: a
Clarification: SYN flooding attack is an attack technique where numerous SYN packets are spoofed with a bogus source address which is then sent to an inundated server. The SYN & ACK segments need to begin in a TCP connection.

11. Which of them is not an attack done in the network layer of the TCP/IP model?
a) MITM attack
b) DoS attack
c) Spoofing attack
d) Shoulder surfing

Answer: d
Clarification: MITM, Denial of Service (DoS), and spoofing attacks are possible in the network layer of the TCP/IP model. It is important to secure the network layer as it is the only means to make certain that your application is not getting flooded with attacks.

12. Which of them is not an appropriate method of router security?
a) Unused ports should be blocked
b) Unused interfaces and services should be disabled
c) Routing protocol needs to be programmed by security experts
d) Packet filtering needs to be enabled

Answer: c
Clarification: Unused ports should be blocked, Unused interfaces and services should be disabled, and Packet filtering needs to be enabled are some of the security measures that need to be taken for the routers.

13. Which 2 protocols are used in the Transport layer of the TCP/IP model?
a) UDP and HTTP
b) TCP and UDP
c) HTTP and TCP
d) ICMP and HTTP

Answer: b
Clarification: The transport layer can voluntarily declare the consistency of communications. Transmission Control Protocol (TCP) & User Datagram Protocol (UDP) are the most common transport layer protocols.

14. Which of the protocol is not used in the network layer of the TCP/IP model?
a) ICMP
b) IP
c) IGMP
d) HTTP

Answer: d
Clarification: Internet Control Message Protocol (ICMP), Internet Protocol (IP) and Internet Group Management Protocol (IGMP) are used in the network layer. HTTP is used in application layer of TCP/IP model.

15. ____________ protocol attack is done in the data-link layer.
a) HTTP
b) DNS
c) TCP/IP
d) POP

Answer: b
Clarification: DNS protocol attack is done in the application layer of the TCP/IP model which allows attackers to modify DNS records in order to misdirect user traffic and land them in some malicious or spoofed address.

Cyber Security Questions and Answers for Aptitude test on “Attack Vectors – Trojans and Backdoors”.

1. A/an ___________ is a program that steals your logins & passwords for instant messaging applications.
a) IM – Trojans
b) Backdoor Trojans
c) Trojan-Downloader
d) Ransom Trojan

Answer: a
Clarification: An IM Trojan is a program that steals your logins & passwords for instant messaging applications. It popularly attacked apps like AOL, Yahoo Pager, and Skype with vulnerabilities.

2. _____________ can modify data on your system – so that your system doesn’t run correctly or you can no longer access specific data, or it may even ask for ransom in order to give your access.
a) IM – Trojans
b) Backdoor Trojans
c) Trojan-Downloader
d) Ransom Trojan

Answer: d
Clarification: Ransom Trojan can modify data on your system – so that your system doesn’t run correctly or you can no longer access specific data, or it may even ask for ransom in order to give your access.

3. The ______________ can cost you money, by sending text messages from your mobile phone numbers.
a) IM – Trojans
b) Backdoor Trojans
c) SMS Trojan
d) Ransom Trojan

Answer: c
Clarification: The SMS Trojans can cost you money, by sending text messages from your mobile phone numbers. These generally target the smart-phones & some of them are designed to send their own composed SMS also, to embarrass the receiver as well as the sender of the SMS.

4. Trojan-Spy programs can keep an eye on how you are using your system.
a) True
b) False

Answer: a
Clarification: Trojan-Spy programs can keep an eye on how you are using your system. These are one of the most notorious silent observers which even track your browsing data and record your behaviour. Also, it keeps track of all the programs you use.

5. A ___________ is a method in which a computer security mechanism is bypassed untraceable for accessing the computer or its information.
a) front-door
b) backdoor
c) clickjacking
d) key-logging

Answer: b
Clarification: Using backdoors hackers can breach computer security mechanism for accessing the computer or its information. This type of code usually comes attached with Trojans.

6. A _________________ may be a hidden part of a program, a separate infected program a Trojan in disguise of an executable or code in the firmware of any system’s hardware.
a) crypter
b) virus
c) backdoor
d) key-logger

Answer: c
Clarification: A backdoor may be a hidden part of a program, a separate infected program a Trojan in disguise of an executable or code in the firmware of any system’s hardware.

7. Backdoors cannot be designed as ______________
a) the hidden part of a program
b) as a part of Trojans
c) embedded code of the firmware
d) embedded with anti-malware

Answer: d
Clarification: Cyber-criminals use backdoors as a means through which they can bypassed security postures untraceable. They may be a hidden part of a program, a separate infected program a Trojan in disguise of an executable or code in the firmware of any system’s hardware.

8. Trojans having backdoors are harmless.
a) True
b) False

Answer: b
Clarification: Backdoor trojans can cause huge damage as this is a method used by hackers to breach computer security mechanism. These types of code usually come attached with Trojans programs and can steal your personal data.

9. The threat of backdoors started when ____________ & ____________ OSs became widely accepted.
a) single-user, Windows
b) multiuser, networked
c) single-user, UNIX
d) multiuser, UNIX

Answer: b
Clarification: Hackers take the help of backdoor to breach security mechanism & bypassed for stealing different types of information from the target system. The threat of backdoors started when multiuser & networked OS became widely accepted.

10. Backdoors are also known as ______________
a) Malware-doors
b) Trojan-backups
c) Front-doors
d) Trapdoors

Answer: d
Clarification: Trapdoors popularly known as backdoors are used my cyber-criminals as a method in which a system’s security methods can be bypassed untraceable.

11. __________ is a powerful RAT build using the language Delphi 7.
a) Stuxnet
b) T-Bomb
c) Beast
d) Zeus

Answer: c
Clarification: Beast is a powerful RAT build using the language Delphi 7. One special feature of Beast is that it can help attackers to create all types of Trojans & it has capabilities of multiple Trojan types.

12. Which of the following is a remote Trojan?
a) Troya
b) DaCryptic
c) BankerA
d) Game-Troj

Answer: a
Clarification: Trojan is a small malicious program that runs hidden on the infected system. They are created with the intent and they infected the system by misleading the user. Troya is a remote Trojan that works remotely for its creator.

Cyber Security Multiple Choice Questions on “Attack Vectors – Spamming”.

1. ______________ is populating the inbox of any target victim with unsolicited or junk emails.
a) Phishing
b) Spamming
c) Hooking
d) DoS

Answer: b
Clarification: Spamming is populating the inbox of any target victim with unsolicited or junk emails. These junk emails may contain malicious computer programs that may harm the recipient.

2. _________________ technique is also used in product advertisement.
a) Phishing
b) Cookies
c) e-Banners
d) Spamming

Answer: c
Clarification: Spamming attack over-fills the mail box of the target victim with unwanted spontaneous emails. The technique is also used in product advertisement through mass mailing.

3. Which of the following is not a technique used by spanners?
a) Spoofing the domain
b) Sending attached virus in spams
c) Junk tags associated with spam-emails
d) Making important deals through such emails

Answer: d
Clarification: Spoofing the domain, sending attached virus & junk tags associated with spam-emails are some of the techniques used by spammers. Spam is one of the popular attack techniques.

4. ___________ are used which crawl web pages looking for email Ids and copies them to the database.
a) Caches
b) Cookies
c) Bots
d) Spiders

Answer: d
Clarification: Spiders also known as crawlers are used which crawl different web pages looking for email Ids and copies them to the database. These emails are collected together and used for the purpose of spamming.

5. Which of the following is not a proper way of how spammers get the email Ids?
a) When a user registers to online services, blogs, and sites
b) Databases formed by spiders fetching email Ids from different sources
c) From offline form fill-up documents
d) Online ad-tracking tools

Answer: c
Clarification: Spammers can get email IDs from sources such as data when a user registers to online services, blogs, and sites, databases formed by spiders fetching email Ids from different sources, online ad-tracking tools, email-ID extraction tools, spyware and cookies etc.

6. There are ___________ major ways of spamming.
a) 4
b) 2
c) 3
d) 5

Answer: b
Clarification: There are two major ways of spamming. First, by Usenet spam, where a single message is sent to more than 50 recipients or more Usenet newsgroup, which has become old form of attack. The second one is by email-spam which target individual users and tools are used to send spams directly to them.

7. There are _______ types of spamming.
a) 3
b) 4
c) 5
d) 6

Answer: d
Clarification: Spam attack populates the mail-box of any victim with unwanted emails. There are 6 types of spamming attack. These are by hidden text and links, double-tags, cloaking, blog & wiki spams, image spamming, and page-jacking.

8. Which of the following is not a type of spamming attack?
a) Page-jacking
b) Image spamming
c) Spear phishing
d) Blog & wiki spamming

Answer: c
Clarification: Spear phishing is not an example of a spamming attack. Hidden text & links, double-tags, cloaking, blog & wiki spams, image spamming, and page-jacking are types of spamming attack.

9. Which of the following is not a bulk emailing tool?
a) Fairlogic Worldcast
b) 123 Hidden sender
c) YL Mail Man
d) NetCut

Answer: d
Clarification: Bulk emailing tools are used for sending spams and emails in an uncountable number to flood the recipient’s inbox with junk emails. Fairlogic Worldcast, 123 Hidden sender, YL Mail Man, Sendblaster are examples of bulk emailing tool.

10. Which of the following is not a bulk emailing tool?
a) Wireshark
b) Sendblaster
c) Direct Sender
d) Hotmailer

Answer: a
Clarification: There are tools and applications used for sending spams and emails in a huge number for flooding the recipient’s inbox with unwanted emails. Sendblaster, direct Sender, hotmailer are examples of bulk emailing tool.

11. Which of the following is not an anti-spam technique?
a) Signature-based content filtering
b) DNS routing
c) Bayesian Content Filtering
d) Collaborative content filtering

Answer: b
Clarification: Anti-spamming techniques help in reducing the spamming of unwanted messages and emails. Signature-based content filtering, Bayesian Content Filtering, and collaborative content filtering are examples of anti-spam technique.

12. Which of the following is not an anti-spam technique?
a) Reputation control
b) Sender policy framework
c) DNS-based block-list
d) Domain-based blocking

Answer: d
Clarification: The techniques used in dropping the spamming of unwanted messages and emails. Reputation control, sender policy framework, DNS-based block-list are some of the anti-spamming techniques.

13. ___________ is a tool used as spam filter in association with email programs and automatically intercepts spam emails.
a) Nessus
b) SpamExpert Desktop
c) Spam-Rescurer
d) Burp-Suite

Answer: b
Clarification: SpamExpert Desktop is a tool used as a spam filter in association with email programs and automatically intercepts spam emails. It is not keyword dependent for detecting spams; rather it checks the email content.

14. Which of the following is not an anti-spamming tool or system?
a) Spam-Eater Pro
b) SpyTech Spam Agent
c) SpamExperts Desktop
d) Anti-spyware Tech

Answer: d
Clarification: Some anti-spamming tools and systems that can be used for preventing your email from spamming are Spam-Eater Pro, SpyTech Spam Agent, SpamExperts Desktop etc.

Cyber Security Multiple Choice Questions on “Elements of Security”.

1. In general how many key elements constitute the entire security structure?
a) 1
b) 2
c) 3
d) 4

Answer: d
Clarification: The 4 key elements that constitute the security are: confidentiality, integrity, authenticity & availability. Authenticity is not considered as one of the key elements in some other security models, but the popular CIA Triad eliminates this as authenticity at times comes under confidentiality & availability.

2. According to the CIA Triad, which of the below-mentioned element is not considered in the triad?
a) Confidentiality
b) Integrity
c) Authenticity
d) Availability
Answer: c

3. This is the model designed for guiding the policies of Information security within a company, firm or organization. What is “this” referred to here?
a) Confidentiality
b) Non-repudiation
c) CIA Triad
d) Authenticity

Answer: c
Clarification: Various security models were being developed till date. This is by far the most popular and widely used model which on the information’s confidentiality, integrity as well as availability and how these key elements can be preserved for a better security in any organization.

4. CIA triad is also known as ________
a) NIC (Non-repudiation, Integrity, Confidentiality)
b) AIC (Availability, Integrity, Confidentiality)
c) AIN (Availability, Integrity, Non-repudiation)
d) AIC (Authenticity, Integrity, Confidentiality)

Answer: b
Clarification: This approach of naming it CIA Triad as AIC (Availability, Integrity, Confidentiality) Triad because people get confused about this acronym with the abbreviation and the secret agency name Central Intelligence Agency.

5. When you use the word _____ it means you are protecting your data from getting disclosed.
a) Confidentiality
b) Integrity
c) Authentication
d) Availability

Answer: a
Clarification: Confidentiality is what every individual prefer in terms of physical privacy as well as digital privacy. This term means our information needs to be protected from getting disclose to unauthorised parties, for which we use different security mechanisms like password protection, biometric security, OTPs (One Time Passwords) etc.

6. ______ means the protection of data from modification by unknown users.
a) Confidentiality
b) Integrity
c) Authentication
d) Non-repudiation

Answer: b
Clarification: A information only seems valuable if it is correct and do not get modified during its journey in the course of arrival. The element integrity makes sure that the data sent or generated from other end is correct and is not modified by any unauthorised party in between.

7. When integrity is lacking in a security system, _________ occurs.
a) Database hacking
b) Data deletion
c) Data tampering
d) Data leakage

Answer: c
Clarification: The term data tampering is used when integrity is compromised in any security model and checking its integrity later becomes costlier. Example: let suppose you sent $50 to an authorised person and in between a Man in the Middle (MiTM) attack takes place and the value has tampered to $500. This is how integrity is compromised.

8. _______ of information means, only authorised users are capable of accessing the information.
a) Confidentiality
b) Integrity
c) Non-repudiation
d) Availability

Answer: d
Clarification: Information seems useful only when right people (authorised users) access it after going through proper authenticity check. The key element availability ensures that only authorised users are able to access the information.

9. Why these 4 elements (confidentiality, integrity, authenticity & availability) are considered fundamental?
a) They help understanding hacking better
b) They are key elements to a security breach
c) They help understands security and its components better
d) They help to understand the cyber-crime better

Answer: c
Clarification: The four elements of security viz. confidentiality, integrity, authenticity & availability helps in better understanding the pillars of security and its different components.

10. This helps in identifying the origin of information and authentic user. This referred to here as __________
a) Confidentiality
b) Integrity
c) Authenticity
d) Availability

Answer: c
Clarification: The key element, authenticity helps in assuring the fact that the information is from the original source.

11. Data ___________ is used to ensure confidentiality.
a) Encryption
b) Locking
c) Deleting
d) Backup

Answer: a
Clarification: Data encryption is the method of converting plain text to cipher-text and only authorised users can decrypt the message back to plain text. This preserves the confidentiality of data.

12. Which of these is not a proper method of maintaining confidentiality?
a) Biometric verification
b) ID and password based verification
c) 2-factor authentication
d) switching off the phone

Answer: d
Clarification: Switching off the phone in the fear of preserving the confidentiality of data is not a proper solution for data confidentiality. Fingerprint detection, face recognition, password-based authentication, two-step verifications are some of these.

13. Data integrity gets compromised when _____ and _____ are taken control off.
a) Access control, file deletion
b) Network, file permission
c) Access control, file permission
d) Network, system

Answer: c
Clarification: The two key ingredients that need to be kept safe are: access control & file permission in order to preserve data integrity.

14. ______ is the latest technology that faces an extra challenge because of CIA paradigm.
a) Big data
b) Database systems
c) Cloud storages
d) Smart dust

Answer: a
Clarification: Big data has additional challenges that it has to face because of the tremendous volume of data that needs protection as well as other key elements of the CIA triad, which makes the entire process costly and time-consuming.

15. One common way to maintain data availability is __________
a) Data clustering
b) Data backup
c) Data recovery
d) Data Altering

Answer: b
Clarification: For preventing data from data-loss, or damage data backup can be done and stored in a different geographical location so that it can sustain its data from natural disasters & unpredictable events.