Cyber Security Multiple Choice Questions on “Exploits and Exploitation”.
1. ________________ are piece of programs or scripts that allow hackers to take control over any system.
a) Exploits
b) Antivirus
c) Firewall by-passers
d) Worms
Answer: a
Clarification: Exploits are the piece of programs or scripts that allow hackers to take control over any system. Vulnerability scanners such as Nexpose and Nessus are used for finding such vulnerabilities.
2. The process of finding vulnerabilities and exploiting them using exploitable scripts or programs are known as _____________
a) infiltrating
b) exploitation
c) cracking
d) hacking
Answer: b
Clarification: The process of finding vulnerabilities and exploiting them using exploitable scripts or programs are known as exploitation. Vulnerability scanners such as Nexpose and Nessus are used for finding such vulnerabilities and then they are exploited using such programs and scripts.
3. Which of them is not a powerful vulnerability detecting tool?
a) Nessus
b) Nexpose
c) Metasploit
d) Nmap
Answer: d
Clarification: Some of the most widely used tools for detecting vulnerabilities in a system are Nessus, Nexpose, Metasploit and OpenVAS. Hackers use these tools for detecting vulnerabilities and then write exploits to exploit the systems.
4. __________ is the specific search engine for exploits where anyone can find all the exploits associated to vulnerability.
a) Google
b) Bing
c) Exploit-db
d) Exploit-engine
Answer: c
Clarification: Since based on vulnerabilities, we can find exploits, Exploit-db is the specific search engine for exploits where anyone can find all the exploits associated with vulnerability. You can find this from https://www.exploit-db.com.
5. Which of the following are not a vulnerability-listed site/database?
a) Exploit-db
b) Common Vulnerabilities and Exposures (CVE)
c) National Vulnerability Database (NVD)
d) Bing Vulnerability database (BVD)
Answer: d
Clarification: Exploit-db (https://www.exploit-db.com/), Common Vulnerabilities and Exposures (CVE) (https://cve.mitre.org/), and National Vulnerability Database (NVD) (https://nvd.nist.gov/) are three vulnerability listing site.
6. There are __________ types of exploits based on their working.
a) two
b) three
c) four
d) five
Answer: a
Clarification: There are two different types of exploits. These are remote exploits – where hackers can gain access to the system or network remotely, and local exploits – where the hacker need to access the system physically and overpass the rights.
7. How many types of exploits are there based on their nature from hacking’s perspective?
a) 4
b) 3
c) 2
d) 5
Answer: c
Clarification: There are basically 2 types of exploits based on the nature of their existence and knowledge. These are known and unknown (i.e. Zero Day). Known exploits are those that are released publicly and people know about them. Unknown exploits are such type of exploits that are not known or the bugs are not fixed by vendors or owners.
8. Known exploits have a confirmation of and measures can be taken against it to resolve them.
a) True
b) False
Answer: a
Clarification: Known exploits have a confirmation of and measures can be taken against it to resolve them. These types of vulnerabilities and exploit details are available online in blogs and sites.
9. Unknown exploits are those exploits that have not yet been reported openly and hence present a straightforward attack at firms and the government agencies.
a) True
b) False
Answer: a
Clarification: Unknown exploits are those exploits that have not yet been reported openly and hence present a straightforward attack at firms and the government agencies. They’re also called Zero-day exploits.
10. A ____________ is a set of changes done to any program or its associated data designed for updating, fixing, or improving it.
a) scratch
b) patch
c) fixer
d) resolver
Answer: b
Clarification: The term ‘patch’ in the applied computer science is a set of changes done to any program or its associated data designed for updating, fixing, or improving it. Patch releases are done by vendors to solve any bug in a system.
11. Fixing of security vulnerabilities in a system by additional programs is known as __________ patches.
a) hacking
b) database
c) server
d) security
Answer: d
Clarification: Fixing of security vulnerabilities in a system by additional programs is known as security patches. These type of patches helps in fixing security bugs and improving the overall security of the system.
12. Known bugs can be solved or removed by __________________ develop by the vendors of the application.
a) removing the application
b) changing the software
c) installing security patches
d) installing database patches
Answer: c
Clarification: Known bugs and vulnerabilities of a system can be solved or installing or updating the security patches developed by the vendor or owner of that particular application.
13. ___________________ are some very frequent updates that come for every anti-virus.
a) Patch update
b) Data update
c) Code update
d) Definition update
Answer: d
Clarification: Definition updates are some very frequent updates that come for every anti-virus. These updates are frequently rolled out in order to update your antivirus software with the latest releases of attack vectors and bugs.
14. National Vulnerability Database (NVD) is _________________ repository of data regarding vulnerability standards.
a) U.S. government
b) India government
c) Russian government
d) China Government
Answer: a
Clarification: National Vulnerability Database (NVD) is the US government repository of data regarding vulnerability standards. It is available from the link https://nvd.nist.gov.
15. CVE is a directory of lists of publicly recognized information security vulnerabilities as well as exposures.
a) True
b) False
Answer: a
Clarification: CVE is a directory of lists of publicly recognized information security vulnerabilities as well as exposures. It is available from the link https://cve.mitre.org.