Category: Cyber Security Objective Questions

Cyber Security Multiple Choice Questions on “Ethics of Ethical Hacking”.

1. What is the ethics behind training how to hack a system?
a) To think like hackers and know how to defend such attacks
b) To hack a system without the permission
c) To hack a network that is vulnerable
d) To corrupt software or service using malware

Answer: a
Clarification: It is important for ethical hackers and security professional to know how the cyber-criminals think and proceed to target any system or network. This is why ethical hackers and penetration testers are trained with proper ethics to simulate such a scenario as how the real cyber-attack takes place.

2. Performing a shoulder surfing in order to check other’s password is ____________ ethical practice.
a) a good
b) not so good
c) very good social engineering practice
d) a bad

Answer: d
Clarification: Overlooking or peeping into someone’s system when he/she is entering his/her password is a bad practice and is against the ethics of conduct for every individual. Shoulder surfing is a social engineering attack approach used by some cyber-criminals to know your password and gain access to your system later.

3. ___________ has now evolved to be one of the most popular automated tools for unethical hacking.
a) Automated apps
b) Database software
c) Malware
d) Worms

Answer: c
Clarification: Malware is one of the biggest culprits that harm companies because they are programmed to do the malicious task automatically and help hackers do illicit activities with sophistication.

4. Leaking your company data to the outside network without prior permission of senior authority is a crime.
a) True
b) False

Answer: a
Clarification: Without prior permission of the senior authority or any senior member, if you’re leaking or taking our your company’s data outside (and which is confidential), then it’s against the code of corporate ethics.

5. _____________ is the technique used in business organizations and firms to protect IT assets.
a) Ethical hacking
b) Unethical hacking
c) Fixing bugs
d) Internal data-breach

Answer: a
Clarification: Ethical hacking is that used by business organizations and firms for exploiting vulnerabilities to secure the firm. Ethical hackers help in increasing the capabilities of any organization or firm in protecting their IT and information assets.

6. The legal risks of ethical hacking include lawsuits due to __________ of personal data.
a) stealing
b) disclosure
c) deleting
d) hacking

Answer: b
Clarification: The legal risks of ethical hacking contains lawsuits due to disclosure of personal data during the penetration testing phase. Such disclosure of confidential data may lead to a legal fight between the ethical hacker and the organization.

7. Before performing any penetration test, through legal procedure, which key points listed below is not mandatory?
a) Know the nature of the organization
b) Characteristics of work done in the firm
c) System and network
d) Type of broadband company used by the firm

Answer: d
Clarification: Before performing any penetration test, through the legal procedure the key points that the penetration tester must keep in mind are –
i) Know the nature of the organization
ii) what type of work the organization do and
iii) the system and networks used in various departments and their confidential data that are sent and received over the network.

8. An ethical hacker must ensure that proprietary information of the firm does not get leaked.
a) True
b) False

Answer: a
Clarification: Yes, it is very important for an ethical hacker to make sure that while doing penetration tests, the confidential data and proprietary information are preserved properly and not get leaked to the external network.

9. After performing ____________ the ethical hacker should never disclose client information to other parties.
a) hacking
b) cracking
c) penetration testing
d) exploiting

Answer: c
Clarification: It is against the laws and ethics of ethical hackers that after doing penetration tests, the ethical hacker should never disclose client information to other parties. The protection of client data is in the hands of the ethical hacker who performed the tests.

10. __________ is the branch of cyber security that deals with morality and provides different theories and a principle regarding the view-points about what is right and wrong.
a) Social ethics
b) Ethics in cyber-security
c) Corporate ethics
d) Ethics in black hat hacking

Answer: d
Clarification: Ethics in cyber-security is the branch of cyber security that deals with morality and provides different theories and principles’ regarding the view-points about what is right and what need not to be done.

11. ________ helps to classify arguments and situations, better understand a cyber-crime and helps to determine appropriate actions.
a) Cyber-ethics
b) Social ethics
c) Cyber-bullying
d) Corporate behaviour

Answer: a
Clarification: Cyber-ethics and knowledge of proper ethical aspects while doing penetration tests helps to classify arguments and situations, better understand a cyber crime and helps to determine appropriate actions.

12. A penetration tester must identify and keep in mind the ___________ & ___________ requirements of a firm while evaluating the security postures.
a) privacy and security
b) rules and regulations
c) hacking techniques
d) ethics to talk to seniors

Answer: a
Clarification: A penetration tester must keep in mind the privacy & security requirements as well as policies of a firm while evaluating the security postures of the target, which is called as “industry and business ethics policies”.

Cyber Security Multiple Choice Questions on “Cyber Security Types – Windows Security”.

1. __________ passwords are next level of security.
a) BIOS
b) CMOS
c) SMOS
d) BOIS

Answer: a
Clarification: BIOS passwords are next level of security where the password is set in the CMOS (which is a tiny battery) chip on the motherboard, which keeps on running even after the PC is turned off.

2. BIOS is abbreviated as _______________
a) Basic Input Output Server
b) Basic Internet Output Systems
c) Basic Input Output System
d) Battery-based Input Output System

Answer: c
Clarification: BIOS (Basic Input Output System) passwords are next level of security. BIOS is an essential part of your system & comes with it as you bring the computer home where the password gets stored in CMOS which keeps on running even after the PC gets shut down.

3. Most computers have BIOS which can be configured so that it can ask for a password once the system starts.
a) True
b) False

Answer: a
Clarification: Most computers have BIOS which can be configured so that it can ask for a password once the system starts. It is the next level of security where the password is set in the CMOS.

4. Find out, select & uninstall all ________________ programs from your computer.
a) useful
b) pre-installed
c) unwanted
d) utility

Answer: c
Clarification: Find out, select & uninstall all unwanted programs from your computer to maintain security. At times, there are some programs that get installed with useful applications as separate programs or as complementary programs. If you’re not using those programs or don’t know about their usage and from where they came, it can be a malware also.

5. As a backup for securing your device, it is necessary to create a _____________
a) backup point
b) copy of files in separate drives
c) copy of files in the same drives
d) restore point

Answer: d
Clarification: As a backup for securing your device, it is necessary to create a restore point so that you can roll-back all the changes and programs installed by restoring the system to the state before those changes.

6. The _______________ is a security app by Microsoft which is a built-in one into Windows OS that is designed to filter network data from your Windows system & block harmful communications or the programs which are initiating them.
a) Windows Security Essentials
b) Windows Firewall
c) Windows app blocker
d) Windows 10

Answer: b
Clarification: The Windows Firewall is a security app by Microsoft which is a built-in one into Windows OS that is designed to filter network data from your Windows system & block harmful communications or the programs which are initiating them.

7. _____________ are essential because they frequently comprises of critical patches to security holes.
a) System software
b) Utility Software
c) Software executables
d) Software updates

Answer: d
Clarification: Software updates are essential because they frequently comprise critical patches to security holes. In fact, a lot of harmful malware attacks can be stopped with official updates from vendors.

8. The ______________ account and the __________ account have the same file privileges, but their working and functionalities have difference.
a) system, administrator
b) system, user
c) group, user
d) user, administrator

Answer: a
Clarification: The system account and the administrator account have the same file privileges, but their working and functionalities have a difference. Actually, the system account is used by the OS & by services which run under Windows. And, administrator account gives the user full control to their files, directories, services.

9. ________________ is an anti-malware tool found in newer OS which is designed for protecting computers from viruses, spyware & other malware.
a) Norton Antivirus
b) Windows Defender
c) Anti-malware
d) Microsoft Security Essentials

Answer: b
Clarification: Windows Defender is an anti-malware tool found in newer OS which is designed for protecting computers from viruses, spyware & other malware. It comes built-in with Windows 8 & Windows 10.

10. ____________ is an application which now comes built-in Windows OS & it allows Windows users to encrypt all drive for security purpose.
a) MS Windows Defender
b) MSE
c) BitLocker
d) MS Office

Answer: c
Clarification: BitLocker is an application which now comes as built-in Windows OS and it allows Windows users to encrypt all drives for |security purpose. It checks for TPM status whether activated or not.

11. A __________ is a dedicatedly designed chip on an endpoint device which stores RSA encryption keys particular to the host system for the purpose of hardware authentication.
a) Trusted Platform Mode
b) Trusted Protocol Module
c) Trusted Privacy Module
d) Trusted Platform Module

Answer: d
Clarification: A Trusted Platform Module is a dedicatedly designed chip on an endpoint device which stores RSA encryption keys particular to the host system for the purpose of hardware authentication.

12. TPM is abbreviated as ____________
a) Trusted Platform Mode
b) Trusted Platform Module
c) Trusted Privacy Module
d) True Platform Module

Answer: b
Clarification: Port knocking is quite an esoteric process for preventing session creation through a particular port. Port knocking is not presently used by default in any stack, but soon patches will come to allow the use of knocking protocols.

Cyber Security Multiple Choice Questions on “Attack Vectors – Reverse Engineering”.

1. ______________ can be defined as the duplication of another creator’s or developer’s product trailing a thorough examination of its production or development.
a) Reverse hacking
b) Cracking
c) Social engineering
d) Reverse engineering

Answer: d
Clarification: Reverse engineering can be defined as the duplication of another creator’s or developer’s product trailing a thorough examination of its production or development. This process involves how the system or the application works and what needs to be done in order to crack it.

2. _____________ can be made functional to diverse aspects of software development & hardware improvement activities.
a) Reverse hacking
b) Cracking
c) Reverse engineering
d) Social engineering

Answer: c
Clarification: Reverse engineering can be made functional to diverse aspects of software development & hardware improvement activities. This practice absorbs how the system or the application works & what concepts have to implement in order to crack or duplicate it.

3. RE is often defined as the crafting technique of ____________ who uses his skills to remove copy protection or trial versions from software or media.
a) crackers
b) risk assessment team
c) auditors
d) surveillance monitoring team

Answer: a
Clarification: Reverse Engineering is often defined as the crafting technique of crackers who uses his skills to remove copy protection or trial versions from software or media. Reverse engineering can be made functional to diverse aspects of software development & hardware improvement activities.

4. Which of the following activity is a good aspect of reverse engineering in ethical hacking?
a) Cracking the trial version of the product to make it full-version
b) Removing the product key insertion step
c) Jumping the code for premium facilities
d) Determining the vulnerabilities in the product.

Answer: d
Clarification: Reverse engineering (RE) can be defined as the duplication of another creator’s or developer’s product trailing a thorough examination of its production or development. Determining the vulnerabilities in the product is one good aspect of RE.

5. Which of the following activity is a good aspect of reverse engineering in ethical hacking?
a) Cracking the trial version of the product to make it full-version
b) Removing the product key insertion step
c) Jumping the code for premium facilities
d) Determine whether the app contains any undocumented functionality

Answer: d
Clarification: The duplication of another creation or developed product trailing thorough examination of its production or development is termed as Reverse Engineering. Determine whether the app contains any undocumented functionality is one good aspect of RE.

6. Which of the following is not a proper use of RE for ethical hackers?
a) Check for poorly designed protocols
b) Check for error conditions
c) Cracking for making paid apps free for use
d) Testing for boundary conditions

Answer: c
Clarification: Cracking for making paid apps free for use is not an acceptable reverse engineering work for ethical hackers. This process involves how the system or the application works internally and how to change the logic to crack the system or app.

7. ________________ is the opposite of assembler.
a) Reassembler
b) Disassembler
c) Compiler
d) Interpreter

Answer: b
Clarification: An assembler converts code written in assembly language to binary/machine code, disassembler does the reverse for cracking purpose. The disassembler is the opposite of assembler.

8. ______________ comes under tools for reverse engineering (RE).
a) Reassembler
b) Compiler
c) Disassembler
d) Interpreter

Answer: c
Clarification: Disassembler is the opposite of assembler. As assemblers are used to convert code written in assembly language to binary/machine code, disassembler does the reverse for cracking purpose & it comes under reverse engineering tool.

9. De-compilation is not done for _______________
a) Recovery of lost source code
b) Migration of assembly language
c) Determining the existence of malicious code in any app
d) Targeting users with stealing code

Answer: d
Clarification: De-compilation is a technique of reverse engineering which is used for recovery of lost source code, migration of assembly language or determining the existence of malicious code in any app.

10. Which of the following is not a disassembler tool?
a) IDA Pro
b) PE Explorer
c) Turbo C
d) W32DASM

Answer: c
Clarification: As assembler converts code written in assembly language to binary/machine code, disassembler does the reverse for cracking purpose & it comes under reverse engineering tool. Turbo C is not a disassembler tool.

11. There are ______ types of reverse engineering methodologies.
a) 6
b) 2
c) 5
d) 3

Answer: b
Clarification: There are two types of reverse engineering methodologies. One is where the source-code is obtainable, but the high-level aspects of the program are not. For the other type, the software’s source code is not obtainable.

12. Which of the following is not an actual Reverse Engineering tool?
a) Debugger
b) Disassembler
c) Text Editor
d) Hex Editor

Answer: c
Clarification: Reverse engineering is the art of finding out & duplication of another creator’s or developer’s product by examination of any product or development methodologies. A text editor is not a Reverse Engineering tool.

13. Hex editors permit programmers to inspect & alter binaries based on some software requirements.
a) True
b) False

Answer: a
Clarification: Hex editors are reverse engineering tools that permit programmers to inspect & alter binaries based on some software requirements. They help in manipulating fundamental binary data in an app.

14. PE & Resource Viewer permits programmers to inspect & alter resources which are entrenched in the EXE file of any software.
a) PE & Resource Viewer
b) Debugger
c) Disassembler
d) Hex Editor

Answer: a
Clarification: There are various categories of reverse engineering tools. PE & Resource Viewer permits programmers to inspect & alter resources which are entrenched in the EXE file of any software.

15. IDAPro is used as a _________________ in manual binary code analysis and also used a debugger.
a) PE & Resource Viewer
b) Debugger
c) Disassembler
d) Hex Editor

Answer: c
Clarification: Disassembler in Reverse Engineering used to slice up binary codes into assembly codes. IDAPro is used as a disassembler in manual binary code analysis and also used as a debugger.

Cyber Security Multiple Choice Questions on “Firewalls”.

1. Firewalls can be of _______ kinds.
a) 1
b) 2
c) 3
d) 4

Answer: c
Clarification: Firewalls are of three kinds – one is the hardware firewalls, another is software firewalls and the other is a combination of both hardware and software.

2. _________________ is the kind of firewall is connected between the device and the network connecting to internet.
a) Hardware Firewall
b) Software Firewall
c) Stateful Inspection Firewall
d) Microsoft Firewall

Answer: a
Clarification: Hardware firewalls are those firewalls that need to be connected as additional hardware between the device through which the internet is coming to the system and the network used for connecting to the internet.

3. _________ is software that is installed using an internet connection or they come by-default with operating systems.
a) Hardware Firewall
b) Software Firewall
c) Stateful Inspection Firewall
d) Microsoft Firewall

Answer: b
Clarification: Software firewalls are those kinds of firewalls that are installed in the system using internet connection as we install normal applications and update them. Some operating system vendors provide default firewalls with their operating systems.

4. Which of the following is not a software firewall?
a) Windows Firewall
b) Outpost Firewall Pro
c) Endian Firewall
d) Linksys Firewall

Answer: d
Clarification: Windows Firewall, Outpost Firewall Pro and Endian Firewall are software firewalls that are installed in the system. Linksys firewall is not an example of a software firewall.

5. Firewall examines each ____________ that are entering or leaving the internal network.
a) emails users
b) updates
c) connections
d) data packets

Answer: d
Clarification: Firewalls examines each data packets that are entering or leaving the internal network which ultimately prevents unauthorized access.

6. A firewall protects which of the following attacks?
a) Phishing
b) Dumpster diving
c) Denial of Service (DoS)
d) Shoulder surfing

Answer: c
Clarification: Firewalls are used to protect the computer network and restricts illicit traffic. Denial of Service (DoS) attack is one such automated attack which a firewall with proper settings and the updated version can resist and stop from getting executed.

7. There are ______ types of firewall.
a) 5
b) 4
c) 3
d) 2

Answer: b
Clarification: There are four types of firewall based on their working and characteristics. These are Packet Filtering Firewalls, Circuit Level Gateway Firewalls, Application level Gateway Firewalls, and Stateful Multilayer Inspection Firewalls.

8. Packet filtering firewalls are deployed on ________
a) routers
b) switches
c) hubs
d) repeaters

Answer: a
Clarification: Packet filtering firewalls are deployed on routers that help in connecting internal network worldwide via the internet.

9. In the ______________ layer of OSI model, packet filtering firewalls are implemented.
a) Application layer
b) Session layer
c) Presentation layer
d) Network layer

Answer: d
Clarification: In the network layer, which is the third layer of the OSI (Open Systems Interconnection) model, packet filtering firewalls are implemented.

10. The __________ defines the packet filtering firewall rules.
a) Access Control List
b) Protocols
c) Policies
d) Ports

Answer: a
Clarification: The Access Control List is a table containing rules that instruct the firewall system to provide the right access. It checks all the packets and scans them against the defined rule set by Network administrator in the packet filtering firewall.

11. ACL stands for _____________
a) Access Condition List
b) Anti-Control List
c) Access Control Logs
d) Access Control List

Answer: d
Clarification: The Access Control List is a table containing to check all the packets and scans them against the defined rule set by Network administrator in any particular system or firewall.

12. When a packet does not fulfil the ACL criteria, the packet is _________
a) resend
b) dropped
c) destroyed
d) acknowledged as received

Answer: b
Clarification: In the packet filtering firewall, when the rules defined by the Access Control List is not meet by any data packet, the packet is dropped & logs are updated in the firewall.

13. Network administrators can create their own ACL rules based on _______ ________ and _______
a) Address, Protocols and Packet attributes
b) Address, Protocols and security policies
c) Address, policies and Packet attributes
d) Network topology, Protocols and data packets

Answer: a
Clarification: Network administrators can create their own ACL rules based on Address, Protocols and Packet attributes. This is generally done where the specific customised type of data packets need to pass through firewall screening.

14. One advantage of Packet Filtering firewall is __________
a) more efficient
b) less complex
c) less costly
d) very fast

Answer: c
Clarification: Packet filtering firewalls are more advantageous because they are less costly and they use fewer resources and are used effectively in small networks.

15. Packet filtering firewalls work effectively in _________ networks.
a) very simple
b) smaller
c) large
d) very large complex

Answer: b
Clarification: Packet Filtering Firewalls are applied within routers which connect the internal Network system with the outside network using the internet. It works effectively if the internal network is smaller in size.

Advanced Cyber Security Questions and Answers on “How Security Breach Takes Place”.

1. ___________ is an activity that takes place when cyber-criminals infiltrates any data source and takes away or alters sensitive information.
a) Data-hack
b) Data-stealing
c) Database altering
d) Data breach

Answer: d
Clarification: Data breach an activity that takes place when cyber-criminals infiltrates any data source and takes away or alters sensitive information. This is either done using a network to steal all local files or get access physically to a system.

2. Which of these is not a step followed by cyber-criminals in data breaching?
a) Research and info-gathering
b) Attack the system
c) Fixing the bugs
d) Exfiltration

Answer: c
Clarification: During a hack, the cyber-criminals first do a research on the victim gathers information on the victim’s system as well as network. Then perform the attack. Once the attacker gains access it steals away confidential data.

3. What types of data are stolen by cyber-criminals in most of the cases?
a) Data that will pay once sold
b) Data that has no value
c) Data like username and passwords only
d) Data that is old

Answer: a
Clarification: Usually, cyber-criminals steal those data that are confidential and adds value once they are sold to the dark-market or in different deep web sites. Even these days, different companies buy customer data at large for analyzing data and gain profit out of it.

4. Which of the companies and organizations do not become the major targets of attackers for data stealing?
a) Business firms
b) Medical and Healthcare
c) Government and secret agencies
d) NGOs

Answer: d
Clarification: Attackers target large organizations and firms that consists of business firms, financial corporations, medical and healthcare firms, government and secret agencies, banking sectors. They’ve valuable information which can cost them huge so major targets for hackers such firms only.

5. ___________ will give you an USB which will contain ___________ that will take control of your system in the background.
a) Attackers, Trojans
b) White hat hackers, antivirus
c) White hat hackers, Trojans
d) Attackers, antivirus

Answer: a
Clarification: To do a security breaching in your system, your friend or anyone whom you deal with may come up with a USB drive and will give you to take from you some data. But that USB drive may contain Trojan that will get to your computer once triggered. So try using updated antivirus in your system.

6. An attacker, who is an employee of your firm may ___________ to know your system password.
a) do peeping
b) perform network jamming
c) do shoulder surfing
d) steal your laptop

Answer: c
Clarification: An attacker, who is an employee of your firm may do shoulder surfing to know your system password. Shoulder surfing is a social engineering technique used to secretly peep to gain knowledge of your confidential information.

7. You may throw some confidential file in a dustbin which contains some of your personal data. Hackers can take your data from that thrown-away file also, using the technique _________
a) Dumpster diving
b) Shoulder surfing
c) Phishing
d) Spamming

Answer: a
Clarification: Dumpster diving is a social engineering technique used by hackers to grab your personal and confidential data from that thrown-away file also. Using these data attackers may use password guessing or fraud calls (if they find your personal phone number).

8. ATM Skimmers are used to take your confidential data from your ATM cards.
a) True
b) False

Answer: a
Clarification: ATM card skimmers are set up by attackers in ATM machines which look exactly same but that secretly inserted machine will take information from the magnetic strip of your card and store it in its memory card or storage chip.

9. _____________ will encrypt all your system files and will ask you to pay a ransom in order to decrypt all the files and unlock the system.
a) Scareware
b) Ransomware
c) Adware
d) Spyware

Answer: b
Clarification: Ransomware is special types of malware that will infect your system, compromise all data by encrypting them and will pop up asking you for a ransom which will be in the form of Bitcoins (so that the attacker do not get tracked) and once the ransom is paid, it will release all files.

10. ______________ are special malware programs written by elite hackers and black hat hackers to spy your mobile phones and systems.
a) Scareware
b) Ransomware
c) Adware
d) Spyware

Answer: d
Clarification: Spywares are special malware programs written by elite hackers and black hat hackers to spies your mobile phones and systems. This program secretly spy on the target system or user and takes their browsing activities, app details and keeps track of their physical locations.

11. The antivirus or PC defender software in a system helps in detecting virus and Trojans.
a) True
b) False

Answer: a
Clarification: The antivirus or PC defender software in a system helps in detecting virus and Trojans provided the antivirus or the defender application needs to be up-to-date.

12. Clicking a link which is there in your email which came from an unknown source can redirect you to ____________ that automatically installs malware in your system.
a) that vendor’s site
b) security solution site
c) malicious site
d) software downloading site

Answer: c
Clarification: Clicking a link which is there in your email which came from an unknown source can redirect you to a malicious site that will automatically install malware in your system. The mail will be sent by the attacker.

13. An attacker may use automatic brute forcing tool to compromise your ____________
a) username
b) employee ID
c) system / PC name
d) password

Answer: d
Clarification: In most of the cases, the attacker uses automated brute force tools for compromising your PIN or password. This makes fetching of your password easier by a combination of different letters as a trial-and-error approach.

14. The attacker will use different bots (zombie PCs) to ping your system and the name of the attack is _________________
a) Distributed Denial-of-Service (DDoS)
b) Permanent Denial-of-Service (PDoS)
c) Denial-of-Service (DoS)
d) Controlled Denial-of-Service (CDoS)

Answer: a
Clarification: Here the attacker uses multiple PCs and floods the bandwidth/resources of the victim’s system, (usually 1 or many web-servers). The attack uses zombie PCs and each of the PC’s are remotely controlled by the attacker.

15. Illicit hackers may enter your personal area or room or cabin to steal your laptop, pen drive, documents or other components to make their hands dirty on your confidential information.
a) True
b) False

Answer: a
Clarification: Illicit hackers may enter your personal area or room or cabin to steal your laptop, pen drive, documents or other components to make their hands dirty on your confidential information. This type of hacking comes under physical hacking.

Cyber Security Multiple Choice Questions on “Cyber Security Types – Mobile Phone Security”.

1. Which of the following is not an appropriate way of targeting a mobile phone for hacking?
a) Target mobile hardware vulnerabilities
b) Target apps’ vulnerabilities
c) Setup Keyloggers and spyware in smart-phones
d) Snatch the phone

Answer: d
Clarification: Snatching is not a type of hacking any smart-phone. Targeting the hardware and application level vulnerabilities and setting some keylogger or spyware in the target mobile can help get valuable info about the victim.

2. Which of the following is not an OS for mobile?
a) Palm
b) Windows
c) Mango
d) Android

Answer: c
Clarification: A mobile/smart-phone operating system is software which allows smart-phones, tablets, phablets & other devices to run apps & programs within it. Palm OS, Windows OS, and Android OS are some of the examples of Mobile OS.

3. Mobile Phone OS contains open APIs that may be _____________ attack.
a) useful for
b) vulnerable to
c) easy to
d) meant for

Answer: b
Clarification: Mobile phone operating systems contain open APIs that or may be vulnerable to different attacks. OS has a number of connectivity mechanisms through which attackers can spread malware.

4. ____________ gets propagated through networks and technologies like SMS, Bluetooth, wireless medium, USBs and infrared to affect mobile phones.
a) Worms
b) Antivirus
c) Malware
d) Multimedia files

Answer: c
Clarification: Malware gets propagated through networks and technologies like SMS, Bluetooth, wireless medium, USBs and infrared to affect mobile phones.

5. ____________ is the protection of smart-phones, phablets, tablets, and other portable tech-devices, & the networks to which they connect to, from threats & bugs.
a) OS Security
b) Database security
c) Cloud security
d) Mobile security

Answer: d
Clarification: Mobile security is the protection of smart-phones, phablets, tablets, and other portable tech-devices, & the networks to which they connect to, from threats & bugs.

6. Mobile security is also known as ____________
a) OS Security
b) Wireless security
c) Cloud security
d) Database security

Answer: b
Clarification: Mobile security also known as wireless security is the protection of smart-phones, phablets, tablets, and other portable tech-devices, & the networks to which they connect to, from threats & bugs.

7. DDoS in mobile systems wait for the owner of the _____________ to trigger the attack.
a) worms
b) virus
c) botnets
d) programs

Answer: c
Clarification: Botnets on compromised mobile devices wait for instructions from their owner. After getting the owner’s instruction it launches DDoS flood attack. This result in a failure in connecting calls or transmitting data.

8. Hackers cannot do which of the following after compromising your phone?
a) Steal your information
b) Rob your e-money
c) Shoulder surfing
d) Spying

Answer: c
Clarification: Shoulder surfing is done before compromising the mobile. So, hackers can steal your information; rob your e-money or do spying after compromising your smart-phone.

9. Hackers cannot do which of the following after compromising your phone?
a) Shoulder surfing
b) Accessing your voice mail
c) Steal your information
d) Use your app credentials

Answer: a
Clarification: Shoulder surfing is done before compromising the mobile. So, hackers can steal your information; accessing your voice mail or use your app credentials after compromising your smart-phone.

10. App permissions can cause trouble as some apps may secretly access your memory card or contact data.
a) True
b) False

Answer: a
Clarification: App permissions can cause trouble as some apps may secretly access your memory card or contact data. Almost all applications nowadays ask for such permission, so make sure you do a proper survey on these apps before allowing such access.

11. Activate _____________ when you’re required it to use, otherwise turn it off for security purpose.
a) Flash Light
b) App updates
c) Bluetooth
d) Rotation

Answer: c
Clarification: Activate Bluetooth when you’re required it to use, otherwise turn it off for security purpose. This is because; there are various tools and vulnerabilities that may gain access to your smart-phone using Bluetooth.

12. Try not to keep ________________ passwords, especially fingerprint for your smart-phone, because it can lead to physical hacking if you’re not aware or asleep.
a) Biometric
b) PIN-based
c) Alphanumeric
d) Short

Answer: a
Clarification: Try not to keep biometric passwords, especially fingerprint for your smart-phone containing very confidential data, because anyone can do physical hacking if you’re not aware or asleep.

13. Which of the following tool is used for Blackjacking?
a) BBAttacker
b) BBProxy
c) Blackburried
d) BBJacking

Answer: b
Clarification: BBProxy (installed on blackberry phones) is the name of the tool used to conduct blackjacking. What attackers do is they install BBProxy on user’s blackberry and once the tool is activated it opens a covert channel between the hacker and the compromised host.

14. BBProxy tool is used in which mobile OS?
a) Android
b) Symbian
c) Raspberry
d) Blackberry

Answer: d
Clarification: BBProxy (installed on blackberry phones) is the name of the tool used to conduct blackjacking. What attackers do is they install BBProxy on user’s blackberry and once the tool is activated it opens a covert channel between the hacker and the compromised host.

15. Which of the following is not a security issue for PDAs?
a) Password theft
b) Data theft
c) Reverse engineering
d) Wireless vulnerability

Answer: c
Clarification: Reverse engineering is not an issue of PDA (Personal Digital Assistant). Password theft, data theft, wireless vulnerability exploitation, data corruption using virus are some of them.