Category: Cyber Security Objective Questions

Cyber Security Multiple Choice Questions on “Popular Tools used in Security”.

1. Which of the following attach is not used by LC4 to recover Windows password?
a) Brute-force attack
b) Dictionary attack
c) MiTM attack
d) Hybrid attacks

Answer: c
Clarification: LC4 is a password auditing and recovery tool; used for testing strength of a password and also helps in recovering lost Microsoft Windows passwords using a hybrid attack, brute-force attack as well as using a dictionary attack.

2. ____________ is the world’s most popular vulnerability scanner used in companies for checking vulnerabilities in the network.
a) Wireshark
b) Nessus
c) Snort
d) WebInspect

Answer: b
Clarification: Nessus is a popular and proprietary network vulnerability scanning tool developed by Tenable Network Security. It helps in easily identifying vulnerabilities and fix them, which includes missing patches and software flaws.

3. _____________ is a tool which can detect registry issues in an operating system.
a) Network Stumbler
b) Ettercap
c) Maltego
d) LANguard Network Security Scanner

Answer: d
Clarification: LANguard Network Security Scanner helps in monitoring networks by scanning connected machines to provide information for every node. It can also be used for identifying registry issues.

4. Network Stumbler is a Windows Wi-Fi monitoring tool.
a) True
b) False

Answer: a
Clarification: Network Stumbler is a popular tool that helps in detecting WLANs and helps hackers in finding non-broadcasting wireless networks. It is popularly used as Wi-Fi scanning and monitoring tool for Windows.

5. ToneLoc is abbreviated as __________
a) Tone Locking
b) Tone Locator
c) Tone Locker
d) Tune Locator

Answer: c
Clarification: ToneLoc is a popular and primitive tool written for MS-DOS users. It is basically used by malicious attackers to guess user accounts, finding entry points in modems and locating modems connected in the network.

6. __________ is a debugger and exploration tool.
a) Netdog
b) Netcat
c) Tcpdump
d) BackTrack

Answer: b
Clarification: Netcat is an easy Unix utility that helps in reading and writing data across network connections, using TCP or UDP protocol. It is popularly used as a debugger and exploration tool that is found free for Windows and Mac OS also.

7. __________ is a popular command-line packet analyser.
a) Wireshark
b) Snort
c) Metasploit
d) Tcpdump

Answer: d
Clarification: Tcpdump is a popular command-line network packet analyzer. It allows its user in displaying TCP / IP as well as other data packets being transmitted or received over the computer network.

8. ________________ is a platform that essentially keeps the log of data from networks, devices as well as applications in a single location.
a) EventLog Analyser
b) NordVPN
c) Wireshark
d) PacketFilter Analyzer

Answer: a
Clarification: EventLog Analyser is a tool that basically keeps the log of data from networks, devices as well as applications in a single location. Latest encryption techniques are used for securing its stored data.

9. ______________ is competent to restore corrupted Exchange Server Database files as well as recovering unapproachable mails in mailboxes.
a) Outlook
b) Nessus
c) Mailbox Exchange Recovery
d) Mail Exchange Recovery toolkit

Answer: c
Clarification: Mailbox Exchange Recovery is competent to restore corrupted Exchange Server Database files as well as recovering unapproachable mails in mailboxes. This tool is popularly used by ethical hackers and cyber-forensics investigators in recovering emails, calendars, attachments, contacts from inaccessible mail-servers.

10. ________________ helps in protecting businesses against data breaches that may make threats to cloud.
a) Centrify
b) Mailbox Exchange Recovery
c) Nessus
d) Dashline

Answer: a
Clarification: Centrify helps in protecting businesses against data breaches that may make threats to the cloud. This is done by securing Centrify users by providing internal, external and privileged users.

11. __________ is a popular corporate security tool that is used to detect the attack on email with cloud only services.
a) Cain and Abel
b) Proofpoint
c) Angry IP Scanner
d) Ettercap

Answer: b
Clarification: Proofpoint is a popular corporate security tool that is used to detect an attack on email with cloud-only services. It helps firms detect attack vectors and loopholes in different security systems through which attackers may gain access.

12. _____________ helps in protecting corporate data, communications and other assets.
a) Snort
b) CipherCloud
c) Burp Suit
d) Wireshark

Answer: b
Clarification: CipherCloud helps in protecting corporate data, different communications as well as other assets. This includes anti-virus scanning facility, encryption & traffic monitoring. In addition, it provides mobile security support also.

Cyber Security Questions and Answers for Entrance exams on “Email Security”.

1. Which of the following is a micro-virus that can bring down the confidentiality of an email (specifically)?
a) Zeus
b) Stuxnet
c) Reaper Exploit
d) Friday the 13

Answer: c
Clarification: Reaper exploit is a micro-virus that can compromise the email security as it works in the background and sends a copy of reply or forwarded the email to its creator or sender.

2. Email users who use IE as their _________________ are vulnerable to Reaper Exploit.
a) Web engine
b) Rendering engine
c) Game engine
d) HTML engine

Answer: d
Clarification: Email users who use Internet Explorer as their HTML engine are vulnerable to Reaper Exploit. It works in the background and sends a copy of a reply or forwarded the email to its creator or sender.

3. _______________ needs to be turned off in order to prevent from this attack.
a) Email scripting
b) Email attachments
c) Email services
d) Third party email programs

Answer: a
Clarification: Email users who use Internet Explorer as their HTML engine are vulnerable to Reaper Exploit. It works in the background and sends a copy of a reply or forwarded the email to its creator or sender. Email scripting needs to be turned off in order to prevent from this attack.

4. Which of the following is a tool to monitor outgoing traffic of target PC’s email and intercept all the emails sent from it?
a) Wireshark
b) Advanced Stealth Email Redirector
c) MS Outlook
d) Cisco Jabber

Answer: b
Clarification: Advanced Stealth Email Redirector is a tool to monitor outgoing traffic of target PC’s email and intercept all the emails send from it. Intercepted emails are then forwarded to a pre-specified email ID.

5. Advanced SER is abbreviated as ___________
a) Advanced Stealth Electronic Redirector
b) Advanced Security Email Redirector
c) Advanced Stealth Email Redirector
d) Advanced Stealth Email Recorder

Answer: c
Clarification: Advanced Stealth Email Redirector (Advanced SER) is a tool to monitor outgoing traffic of target PC’s email and intercept all the emails send from it. Intercepted emails are then forwarded to a pre-specified email ID.

6. Which of the following will not help in preserving email security?
a) Create a strong password
b) Connect your email to a phone number
c) Use two-factor authentication for password verification and login
d) Click on unknown links and sites

Answer: d
Clarification: Some of the following measures to preserve your email security is via creating a strong password, connecting your emails to your personal phone number and set up 2-factor authentication for login.

7. Once the email is compromised, all other sites and services online associated with this email can be compromised.
a) True
b) False

Answer: a
Clarification: Email security is very much necessary because once the email is compromised, all other sites and services online associated with this email can be compromised and the hacker will be able to access all other accounts linked to this email.

8. _____________ is an encryption program or add-ons which provides cryptographic privacy & authentication for email communication.
a) Powerful Good Privacy
b) Pretty Good Privacy
c) Pretty Good Encryption
d) Pretty Strong Encryption

Answer: b
Clarification: Pretty Good Privacy is an encryption program which provides cryptographic privacy & authentication for email communication. Basically, it is used for securing user’s texts, emails, attachments etc.

9. PGP is abbreviated as _______________
a) Pretty Good Privacy
b) Powerful Good Privacy
c) Protocol Giving Privacy
d) Pretty Good Protocol

Answer: a
Clarification: Pretty Good Privacy (PGP) is an encryption program which provides cryptographic privacy & authentication for email communication. Basically, it is used for securing user’s texts, emails, attachments etc.

10. Which of them is not an example of business email security tool?
a) Microsoft Office Trust Center
b) Sendinc
c) Hushmail Business
d) Cisco Jabber

Answer: d
Clarification: Cisco Jabber is a unified communications application that lets users access, send instant messaging, voice, voice messaging, desktop sharing, & conferencing. The rest three are a business email security tools.

11. Which of them is not an example of business email security tool?
a) Enlocked
b) RPost Office
c) MS Outlook
d) Sendinc

Answer: c
Clarification: MS Outlook is a web-based desktop app as well as an online suite of webmail, tasks, contacts & calendaring services developed by Microsoft. The rest three are a business email security tools.

12. ________________ is a free extension of browser that enables you in decrypting as well as encrypting emails.
a) Enlocked
b) MS Outlook
c) Cisco Jabber
d) Mailvelope

Answer: d
Clarification: Mailvelope is a free extension of the browser (which is available for both Google Chrome as well as Mozilla Firefox) that enables users in decrypting as well as encrypting emails using an openPGP standard of encryption.

13. Which of the following is not an email related hacking tool?
a) Email Finder Pro
b) Sendinc
c) Mail PassView
d) Mail Password

Answer: b
Clarification: Sendinc is not an email data compromising tool. It is used for securing business email accounts and offers a quick web-based way to jump into offering secure emails for firms. The rest three are email compromising tools.

14. _______________ is targeted bulk email marketing software.
a) Email Spider Toolkit
b) Email Spider Easy
c) Email Crawler Easy
d) Email Spider Toolkit

Answer: b
Clarification: Email Spider Easy is targeted bulk email marketing software. It rapidly & automatically searches & spider from the search engine for finding email addresses. This tool is integrated with top search engines.

15. ______________ is a tool that is integrated with top 90 search engines to grab quick search for email addresses and other details.
a) Email Spider Toolkit
b) Email Spider Easy
c) Email Crawler Easy
d) Email Spider Toolkit

Answer: b
Clarification: Email Spider Easy is targeted bulk email marketing software. It rapidly & automatically searches & spider from the search engine for finding email addresses. This tool is integrated with top search engines & its speed allows up to 500 email extraction threads simultaneously.

16. MegaHackerZ helps crackers to crack email passwords.
a) True
b) False

Answer: a
Clarification: MegaHackerZ helps crackers to crack email passwords. Though it is not used very much as the versions are deprecated. But it is still useful for weak passwords to crack easily.

Tough Cyber Security Questions and Answers on “Attack Vectors – Web Application Vulnerabilities”.

1. A _______________ is a program application which is stored on a remote-server & distributed over the Internet when a user uses a browser interface to request for such applications.
a) Android application
b) Web application
c) PC application
d) Cloud application

Answer: b
Clarification: A Web application is a program application that is stored on a remote-server & distributed over the Internet when a user uses a browser interface to request for such applications.

2. Which of the following is not an example of web application hacking?
a) Defacing websites
b) Stealing credit card information
c) Reverse engineering PC apps
d) Exploiting server-side scripting

Answer: c
Clarification: Reverse engineering PC apps is not an example of web application hacking. Stealing credit card information, reverse engineering PC apps, and exploiting server-side scripting are examples of web application hacking.

3. _______________ hacking refers to mistreatment of applications through HTTP or HTTPS that can be done by manipulating the web application through its graphical web interface or by tampering the Uniform Resource Identifier (URI).
a) Android application
b) Web application
c) PC application
d) Cloud application

Answer: b
Clarification: Web application hacking can be defined as the mistreatment of applications through HTTP or HTTPS that can be done by manipulating the web application through its graphical web interface or by tampering the Uniform Resource Identifier (URI).

4. Which of the following is not an appropriate method of web application hacking?
a) XSS
b) CSRF
c) SQLi
d) Brute-force

Answer: d
Clarification: The mistreatment of online services and applications that uses HTTP or HTTPS can be done by manipulating the web application through its graphical web interface. Popular hacking methods are XSS, CSRF, SQLi.

5. XSS stands for _________________
a) Crack Site Scripting
b) Cross Site Server
c) Cross Site Scripting
d) Crack Server Scripting

Answer: c
Clarification: Cross-site scripting (XSS) is a kind of external injection attack on web-app security where an attacker injects some abnormal data, such as a malicious code/script to harm or lower down the reputation of trusted websites.

6. Which of the following is not an example of web application hacking?
a) DNS Attack
b) Dumpster diving
c) Injecting Malicious code
d) Using the shell to destroy web application data

Answer: b
Clarification: Domain Name Server (DNS) Attack, injecting Malicious code, using the shell to destroy web application data, exploiting server-side scripting are examples of web application hacking.

7. Which of the following is not a threat of web application?
a) Reverse engineering
b) Command injection
c) DMZ protocol attack
d) Buffer Overflow

Answer: a
Clarification: Web applications are mistreated via HTTP or HTTPS for manipulating the web application through its graphical web interface and this technique is called Web application hacking. Web application threats are command injection, DMZ protocol attack, buffer overflow attack etc.

8. Which of the following is not a threat of web application?
a) Session poisoning
b) Phishing
c) Cryptographic interception
d) Cookie snooping

Answer: b
Clarification: Web application hacking is the mistreatment of online applications and services. Some web application threats are session poisoning, cryptographic interception, cookie snooping etc.

9. ________ Injection attack is a special attack done through character elements “Carriage Return” or “Line Feed.” Exploitation can be done when an attacker is capable to inject a CRLF series in an HTTP stream.
a) XSS
b) CSRF
c) CRLF
d) SQL

Answer: c
Clarification: CRLF Injection attack is a special attack done through character elements “Carriage Return” or “Line Feed.” Exploitation can be done when an attacker is capable to inject a CRLF series in an HTTP stream.

10. Which of the following scripting language is used for injecting executable malicious code for web-app hacking?
a) C++
b) Tcl
c) Frame-Script
d) JavaScript

Answer: d
Clarification: Web application hacking can be defined as the mistreatment of applications through HTTP or HTTPS that can be done by manipulating the web application through its graphical web interface. JavaScript is used for injecting code for web-app hacking.

11. ______________ takes advantage if hidden fields that work as the only security measure in some applications.
a) Parameter tampering
b) Data tampering
c) Tampering of network topology
d) Protocol tampering

Answer: a
Clarification: Parameter tampering takes advantage if hidden fields that work as the only security measure in some applications. Modifying this hidden field value will cause the web application to change according to new data incorporated.

12. _____________ is the attack method for decoding user credentials. Using this technique an attacker can log on as a user & gain access to unauthorized data.
a) Cache Snooping
b) Cookie-jacking
c) Cookie Snooping
d) Cache-compromising

Answer: c
Clarification: Cookie Snooping is the attack method for decoding user credentials. Using this technique an attacker can log on as a user & gain access to unauthorized data.

13. Which of the following is not an example of web application hacking technique?
a) LDAP injection
b) Cryptanalysis
c) Race condition attack
d) OS command injection.

Answer: b
Clarification: Cryptanalysis is the study of cipher-text & cryptosystems keeping in mind to improvise the crypto-algorithm by understanding how they work & finding alternate techniques. The rest three are examples of web application hacking techniques.

Cyber Security Interview Questions and Answers for freshers on “Hacking Terminologies”.

1. _________ are a specific section of any virus or malware that performs illicit activities in a system.
a) Malicious programs
b) Worms
c) Spyware
d) Payload

Answer: d
Clarification: Payloads are parts of a virus that helps in performing malicious activities such as destroying information, blocking network traffic, compromising data, steal and spy for sensitive information.

2. ____________ is a scenario when information is accessed without authorization.
a) Data infiltration
b) Data Hack
c) Information compromise
d) Data Breach

Answer: d
Clarification: Data breach is the term used when the cyber-security incident takes place where sensitive information is accessed without authority.

3. ____________ is an attempt to steal, spy, damage or destroy computer systems, networks or their associated information.
a) Cyber-security
b) Cyber attack
c) Digital hacking
d) Computer security

Answer: b
Clarification: Cyber attack can be defined as an attempt to steal, spy, damage or destroy different components of cyberspace such as computer systems, associated peripherals, network systems, and information.

4. ___________ is a device which secretly collects data from credit / debit cards.
a) Card Skimmer
b) Data Stealer
c) Card Copier
d) Card cloner

Answer: a
Clarification: Card skimmer is hardware that is installed and setup in ATMs secretly so that when any user will swipe or insert their card in the ATM, the skimmer will fetch all information from the magnetic strip.

5. _____________ is a technique used when artificial clicks are made which increases revenue because of pay-per-click.
a) Clickjacking
b) Clickfraud
c) Keylogging
d) Click-hacking

Answer: b
Clarification: Clickfraud is an attack technique used when artificial clicks get generated to increase the revenue in ad-campaigns online.

6. __________ is the practice implemented to spy someone using technology for gathering sensitive information.
a) Cyber espionage
b) Cyber-spy
c) Digital Spying
d) Spyware

Answer: a
Clarification: Cyber espionage is a practice done by both ethical and non-ethical hackers to spy on others for gathering confidential information.

7. ____________ is the way or technique through which majority of the malware gets installed in our system.
a) Drive-by click
b) Drive-by redirection
c) Drive-by download
d) Drive-by injecting USB devices

Answer: c
Clarification: An accidental yet dangerous action that takes place in the cyberspace which helps attackers place their malware into the victim’s system. This technique is called Drive-by download.

8. ______ is the term used for toolkits that are purchased and used for targeting different exploits.
a) Exploit bag
b) Exploit set
c) Exploit Toolkit
d) Exploit pack

Answer: d
Clarification: Exploit pack or Exploit kit is the term used for toolkits that are purchased and used for targeting different exploits.

9. Identity theft is the term used when a cyber-thief uses anybody’s personal information to impersonate the victim for their benefit.
a) True
b) False

Answer: a
Clarification: Identity theft is the term used when a cyber-thief uses anybody’s personal information to impersonate the victim for their benefit. In this type of cyber-crime, information like social security number, personal details, and images, hobbies and passion details, driving license number and address details are compromised.

10. _________ is the hacking approach where cyber-criminals design fake websites or pages for tricking or gaining additional traffic.
a) Cyber-replication
b) Mimicking
c) Website-Duplication
d) Pharming

Answer: a
Clarification: The technique and approach through which cyber-crooks develop fake web pages and sites to trick people for gaining personal details such as login ID and password as well as personal information, is known as pharming.

11. RAM-Scraping is a special kind of malware that looks (scrape) for sensitive data in the hard drive.
a) True
b) False

Answer: a
Clarification: It is a special kind of malware that looks for sensitive data that you’ve stored in your hard drive. RAM-scraping is one of those kinds.

12. When you book online tickets by swiping your card, the details of the card gets stored in ______
a) database system
b) point-of-sale system
c) servers
d) hard drives

Answer: b
Clarification: The point-of-sale system is a system where the retailer or company stores financial records and card details of the e-commerce system or online business transactions.

13. Point-of-sale intrusion does not deal with financial details and credit card information.
a) True
b) False

Answer: b
Clarification: Point-of-sale intrusion is an attack that deals with financial details and credit card information, where the payment system of the company or retailer is compromised and left with customer’s financial information at risk.

14. _______ are deadly exploits where the vulnerability is known and found by cyber-criminals but not known and fixed by the owner of that application or company.
a) Unknown attacks
b) Secret attacks
c) Elite exploits
d) Zero-day exploits

Answer: d
Clarification: Zero-day exploits are used to attack a system as soon as cyber-criminals came to know about the weakness or the day the weaknesses are discovered in a system. Hackers exploit these types of vulnerabilities before the creator releases the patch or fix the issue.

15. Zero-day exploits are also called __________
a) zero-day attacks
b) hidden attacks
c) un-patched attacks
d) un-fixed exploits

Answer: a
Clarification: Zero-day exploits are also called zero-day attacks where the vulnerability is known and found by cyber-criminals or ethical hackers but not known and fixed by the creator/owner of that application or company.

Cyber Security MCQs on “Popular Tools used in Security”.

1. _________ framework made cracking of vulnerabilities easy like point and click.
a) .Net
b) Metasploit
c) Zeus
d) Ettercap

Answer: b
Clarification: In the year 2003, the Metasploit framework was released which made finding and cracking of vulnerabilities easy and is used by both white as well as black hat hackers.

2. Nmap is abbreviated as Network Mapper.
a) True
b) False

Answer: a
Clarification: Network Mapper (Nmap) is a popular open-source tool used for discovering network as well as security auditing. It can be used for either a single host network or large networks.

3. __________ is a popular tool used for discovering networks as well as in security auditing.
a) Ettercap
b) Metasploit
c) Nmap
d) Burp Suit

Answer: c
Clarification: Network Mapper (Nmap) is a popular open-source tool used for discovering network as well as security auditing. It can be used for either a single host network or large networks.

4. Which of this Nmap do not check?
a) services different hosts are offering
b) on what OS they are running
c) what kind of firewall is in use
d) what type of antivirus is in use

Answer: d
Clarification: Network Mapper (Nmap) is a popular open-source tool used for discovering network as well as security auditing. It usually checks for different services used by the host, what operating system it is running and the type of firewall it is using.

5. Which of the following deals with network intrusion detection and real-time traffic analysis?
a) John the Ripper
b) L0phtCrack
c) Snort
d) Nessus

Answer: c
Clarification: Snort is a network intrusion detecting application that deals with real-time traffic analysis. As the rules are set and kept updated, they help in matching patterns against known patterns and protect your network.

6. Wireshark is a ____________ tool.
a) network protocol analysis
b) network connection security
c) connection analysis
d) defending malicious packet-filtering

Answer: a
Clarification: Wireshark is popular standardized network protocol analysis tools that allow in-depth check and analysis of packets from different protocols used by the system.

7. Which of the below-mentioned tool is used for Wi-Fi hacking?
a) Wireshark
b) Nessus
c) Aircrack-ng
d) Snort

Answer: c
Clarification: Weak wireless encryption protocols get easily cracked using Aircrack WPA and Aircrack WEP attacks that comes with Aircrack-ng tool. Its packet sniffing feature keeps track of all its traffic without making any attack.

8. Aircrack-ng is used for ____________
a) Firewall bypassing
b) Wi-Fi attacks
c) Packet filtering
d) System password cracking

Answer: b
Clarification: Weak wireless encryption protocols get easily cracked using Aircrack WPA and Aircrack WEP. Its packet sniffing feature keeps track of all its traffic without making any attack.

9. _____________ is a popular IP address and port scanner.
a) Cain and Abel
b) Snort
c) Angry IP Scanner
d) Ettercap

Answer: c
Clarification: Angry IP scanner is a light-weight, cross-platform IP and port scanning tool that scans a range of IP. It uses the concept of multithreading for making fast efficient scanning.

10. _______________ is a popular tool used for network analysis in multiprotocol diverse network.
a) Snort
b) SuperScan
c) Burp Suit
d) EtterPeak

Answer: d
Clarification: EtterPeak is a network analysis tool that can be used for multiprotocol heterogeneous networking architecture. It can help in sniffing packets of network traffic.

11. ____________ scans TCP ports and resolves different hostnames.
a) SuperScan
b) Snort
c) Ettercap
d) QualysGuard

Answer: a
Clarification: SuperScan has a very nice user-friendly interface and it is used for scanning TCP ports as well as resolve hostnames. It is popularly used for scanning ports from a given range of IP.

12. ___________ is a web application assessment security tool.
a) LC4
b) WebInspect
c) Ettercap
d) QualysGuard

Answer: b
Clarification: WebInspect is a popular web application security tool used for identifying known vulnerabilities residing in web-application layer. It also helps in penetration testing of web servers.

13. Which of the following attack-based checks WebInspect cannot do?
a) cross-site scripting
b) directory traversal
c) parameter injection
d) injecting shell code

Answer: d
Clarification: WebInspect can check whether a web server is properly configured or not by attempting for common attacks such as Cross-site scripting, directory traversal, and parameter injection. But it cannot inject malicious shell code in the server.

14. ________ is a password recovery and auditing tool.
a) LC3
b) LC4
c) Network Stumbler
d) Maltego

Answer: b
Clarification: LC4 which was previously known as L0phtCrack is a password auditing and recovery tool; used for testing strength of a password and also helps in recovering lost Microsoft Windows passwords.

15. L0phtCrack is formerly known as LC3.
a) True
b) False

Answer: b
Clarification: L0phtCrack is now commonly known as LC4 is a password auditing and recovery tool; used for testing strength of a password and also helps in recovering lost Microsoft Windows passwords.

Cyber Security Multiple Choice Questions on “Password Cracking and Security Measures”.

1. System hacking involves password hacking as one of the major hacking methodologies.
a) True
b) False

Answer: a
Clarification: System hacking, which is of four types involves password hacking as one of the major hacking methodologies. It is used to crack the security of a system and gain access for stealing data.

2. Password cracking in system hacking is of ________ types.
a) 2
b) 3
c) 4
d) 5

Answer: c
Clarification: System hacking involves password hacking as one of the major hacking methodologies. It is of 4 types. These are passive online attack, active online attack, offline attack, and non-electronic attack.

3. There are ________ major types of passwords.
a) 4
b) 5
c) 6
d) 7

Answer: d
Clarification: There are seven major types of passwords. These are a password containing only letters, a password containing only number, a password containing only special characters, a password containing only alpha-numeric characters, a password containing letters, numbers as well as special symbols or password containing any two combinations of the three.

4. In _______________ attacks an attacker do not contact with authorizing party for stealing password.
a) passive online
b) active online
c) offline
d) non-electronic

Answer: a
Clarification: In passive online attacks, the attacker do not contact with an authorized party to steal the password, rather the attacker attempts to grab password hacking without communicating with the victim or his/her victim account.

5. Which of the following is an example of passive online attack?
a) Phishing
b) Social Engineering
c) Spamming
d) Wire sniffing

Answer: d
Clarification: Attacker do not contact with an authorized party to steal the password in the passive online attack, rather the attacker attempts to grab password hacking without communicating with the victim or his/her victim account. Examples of passive online attacks include wire sniffing, Man in the middle attack and reply attack.

6. Which of the following is not an example of a passive online attack?
a) MiTM
b) Reply Attack
c) Phishing
d) Wire sniffing

Answer: c
Clarification: Phishing is not an example of a passive online attack. In passive online attacks, the attacker does not contact with an authorized party to steal the password. Types of passive online attacks include wire sniffing, Man in the middle attack and reply attack.

7. Which of the following do not comes under hurdles of passive online attack for hackers?
a) Hard to perpetrate
b) Computationally complex
c) Time taking, so patience has to be there
d) Tools not available

Answer: d
Clarification: Tools for doing a passive offline attack on passwords is widely available so it doesn’t come under disadvantage or hurdles of passive offline attack. But passive offline attacks are computationally complex, hard to perpetrate and may take time.

8. Which of the following case comes under victims’ list of an active online attack?
a) Strong password based accounts
b) Unsecured HTTP users
c) Open authentication points
d) Logged in systems and services

Answer: c
Clarification: Systems with bad or weak passwords & with open authentication points often becomes the victim of an active online attack where the attacker directly tries different passwords 1-by-1 against victim’s system/account.

9. In _______________ password grabbing attack the attacker directly tries different passwords 1-by-1 against victim’s system/account.
a) passive online
b) active online
c) offline attack
d) non-electronic

Answer: b
Clarification: Users with open authentication points and bad or weak passwords often becomes the victim of an active online attack where the attacker directly tries different passwords 1-by-1 against victim’s system/account.

10. Which of them is not a disadvantage of active online attack?
a) Takes a long time
b) Easily and automatically detected
c) Need high network bandwidth
d) Need the patience to crack

Answer: b
Clarification: In an active online attack, the attacker directly tries different passwords 1-by-1 against victim’s system/account. It has some disadvantages as it takes a long time, hence a lot of patience & high network bandwidth also.

11. _________________ can be alternatively termed as password guessing attack.
a) passive online
b) active online
c) offline attack
d) non-electronic

Answer: b
Clarification: Users with open authentication points and bad or weak passwords often becomes the victim of the active online attack. It is alternatively termed as password guessing attack where the attacker directly tries different passwords 1-by-1 against victim’s system/account.

12. ________________ attacks are carried out from a location other than the real computer where the password reside or was used.
a) passive online
b) active online
c) offline password
d) non-electronic

Answer: c
Clarification: For this cyber-criminal needs to have physical access to the system and so offline password attacks are carried out from a location other than the real computer where the password reside or was used. They are common examples of physical data breaching & hacking.

13. _______________ attacks always need physical access to the system that is having password file or the hacker needs to crack the system by other means.
a) online
b) offline
c) password
d) non-electronic

Answer: b
Clarification: Offline password attacks are carried out from a location other than the real computer where the password resides or was used. They need physical access to the system that is having a password file or the hacker needs to crack the system by other means.

14. Which of the following is not an example of offline password attack?
a) Dictionary attack
b) Rainbow attacks
c) Brute force attack
d) Spamming attack

Answer: d
Clarification: The offline attack needs physical access to the system that is having a password file or the hacker needs to crack the system by other means. A dictionary attack, rainbow, and brute force come under offline attack.

15. Passwords need to be kept encrypted to protect from such offline attacks.
a) True
b) False

Answer: a
Clarification: Physical access is needed in offline attack to the system that is having a password file or the hacker needs to crack the system by other means. Hence, even if hackers gain physical access to the system, if the passwords are in the encrypted mode, it will be almost impossible to steal passwords.