Cyber Security Multiple Choice Questions on “Bugs and Vulnerabilities”.
1. ___________ is a weakness that can be exploited by attackers.
a) System with Virus
b) System without firewall
c) System with vulnerabilities
d) System with a strong password
Answer: c
Clarification: In cyber-security, a system having vulnerabilities is defined as the weakness in a system that can be exploited by cyber-criminals and attackers for their own benefit. For this, they use special tools and techniques in order to crack into the system through the vulnerabilities.
2. _________ is the sum of all the possible points in software or system where unauthorized users can enter as well as extract data from the system.
a) Attack vector
b) Attack surface
c) Attack point
d) Attack arena
Answer: b
Clarification: Attack surface can be defined as the sum of all the possible points in software or system where unauthorized users can enter as well as extract data from the system. More the security, lesser is the attack surface.
3. ____________ is the cyclic practice for identifying & classifying and then solving the vulnerabilities in a system.
a) Bug protection
b) Bug bounty
c) Vulnerability measurement
d) Vulnerability management
Answer: d
Clarification: Vulnerability management is a cyclic process for identifying & classifying and then solving the vulnerabilities in a system. This term is generally used in software vulnerability detection and resolving process.
4. Risk and vulnerabilities are the same things.
a) True
b) False
Answer: b
Clarification: Risk and vulnerability cannot be used interchangeably. Risk can be defined as the potential of an impact that can grow from exploiting the vulnerability. There is some vulnerability that doesn’t possess risk, known as “Vulnerabilities without risk”.
5. _____________ is a special type of vulnerability that doesn’t possess risk.
a) Vulnerabilities without risk
b) Vulnerabilities without attacker
c) Vulnerabilities without action
d) Vulnerabilities no one knows
Answer: a
Clarification: Vulnerabilities is defined as the weakness in a system that can be exploited by cyber-criminals and attackers. Risk can be defined as the potential of an impact that can grow from exploiting the vulnerability. There is some vulnerability that doesn’t possess risk, known as “Vulnerabilities without risk”.
6. A/An __________ is a piece of software or a segment of command that usually take advantage of a bug to cause unintended actions and behaviors.
a) malware
b) trojan
c) worms
d) exploit
Answer: d
Clarification: An exploit is a piece of software or a segment of command that usually take advantage of a bug to cause unintended actions and behaviors. Using exploits, attackers can gain access in a system or allow privilege escalation also.
7. There are ________ types of exploit.
a) 3
b) 2
c) 5
d) 4
Answer: b
Clarification: Exploits can be categorized based on various criteria. But the most prominent categorization is done by how exploits communicate with vulnerable software. These are categorized as local exploits and remote exploits.
8. Remote exploits is that type of exploits acts over any network to exploit on security vulnerability.
a) True
b) False
Answer: a
Clarification: Remote exploits is that type of exploits which uses internet for exploiting on security vulnerability without gaining any prior access to the target system.
9. ________ type of exploit requires accessing to any vulnerable system for enhancing privilege for an attacker to run the exploit.
a) Local exploits
b) Remote exploits
c) System exploits
d) Network exploits
Answer: a
Clarification: Local exploits are those type of exploit requires accessing to any vulnerable system for enhancing privilege for an attacker to run the exploit. They’ve to pass through granted system administration in order to harm the system.
10. ___________ is a technique used by penetration testers to compromise any system within a network for targeting other systems.
a) Exploiting
b) Cracking
c) Hacking
d) Pivoting
Answer: d
Clarification: Pivoting is a technique used by penetration testers to compromise any system within a network for targeting other systems. They test systems within the same network for vulnerabilities using this technique.
11. A _________ is a software bug that attackers can take advantage to gain unauthorized access in a system.
a) System error
b) Bugged system
c) Security bug
d) System virus
Answer: c
Clarification: A security bug is a software bug that attackers can take advantage to gain unauthorized access in a system. They can harm all legitimate users, compromise data confidentiality and integrity.
12. Security bugs are also known as _______
a) security defect
b) security problems
c) system defect
d) software error
Answer: a
Clarification: A security bug also known as security defect is a software bug that attackers can take advantage to gain unauthorized access in a system. They can harm legitimate users, compromise data confidentiality and integrity.
13. __________ is the timeframe from when the loophole in security was introduced till the time when the bug was fixed.
a) Time-frame of vulnerability
b) Window of vulnerability
c) Time-lap of vulnerability
d) Entry-door of vulnerability
Answer: b
Clarification: Window of vulnerability is the timeframe from when the loophole in security was introduced or released till the time when the bug was fixed, or the illicit access was removed or the attacker was disabled.
14. ISMS is abbreviated as __________
a) Information Server Management System
b) Information Security Management Software
c) Internet Server Management System
d) Information Security Management System
Answer: d
Clarification: ISMS (Information Security Management System) is a set of policies concerning various information security management. ISMS (Information Security Management System) was developed for managing risk management principles and countermeasures for ensuring security through rules and regulations.
15. A zero-day vulnerability is a type of vulnerability unknown to the creator or vendor of the system or software.
a) True
b) False
Answer: a
Clarification: Zero-day vulnerability is a type of vulnerability unknown to the creator or vendor of the system or software. Until such bugs get fixed, hackers take advantage of these vulnerabilities to exploit the system.
useful and knowledgeable