Cyber Security MCQ Set 1-5

1.
Set-I
1. What was the percentage increase in Zero Day Answer: (d)
d. All of the above
Vulnerabilities in the year 2015?
6. Which of the following is considered legal?
a. 4%
a. Hacking a social media account and
b. 50%
sending a private message
c. 100%
b. Hacking a bank account and siphoning
d. 125%
funds
Answer: (d)
c. Hacking a company’s security system
2. What hacking attacks were mentioned in the
with permission from the management
lesson?
d. All of the above
a. Hacking in French Election
Answer: (c)
b. ATM Hacking in India
c. Denial of Service attack in Turkish Bank
7. What is the cost of launching Denial of Service
d. All of the above
attack on a website?
Answer: (d)
3. Identify the software whose vulnerability is
a. $20/hr
exploited the most? b. $100/day
a. Android c. $300/mont
b. Browser d. Both A and B
c. Adobe Flash Player Answer: (d)
d. Microsoft Office 8. Which of the following is not an advantage of
Answer: (b) Browser studying Cyber Security?

a. It gives you the ability to hack a
4. The computer vulnerabilities and exploits computer system
databases are maintained by . b. It allows you to know the ways through
a. Kaspersky Lab which cyberspace can be breached
b. Symantec Corporation c. Both A and B
c. MITRE Corporation d. None of the above
d. None of the above Answer: (d)
Answer: (c)
5. Which of the following is/are correct with 9. Which of the following is correct for silent
respect to Ransomware? banker?
a. It is a form of Malware a. It is a trojan horse

b. It records keystrokes, captures screens
b. It encrypts the whole hard drive of the
and steals confidential banking
computer, essentially locking the user credentials and sends them to a remote
out of the entire system. attacker
c. Both A and B
c. It locks the system’s screen or locks the
d. None of the above
users’ files unless a ransom is paid.
Answer: (c) Both A and B
1 Dr. Abhay Shukla | Cyber Security | MCQ

10. Which of the following is not a part of Security 14. Which of the following is to be done to avoid
System Centric Design? limitations in threat models?
a. Policy a. Making more explicit and formalized
b. Agreement threat models to understand possible
c. Mechanisms weaknesses
d. Threat Models b. Making simpler and more general threat
Answer: (b) models
c. Making less assumptions to design a
11. Which of the following is not a goal in the better threat model
security system design? d. All of the above
a. Vulnerability Answer: (d)
b. Confidentiality 15. The storm botnet was used for .
c. Integrity a. Phishing
d. Availability b. Spamming
Answer: (a)
c. Hacking
12. Which of the following is most important in
Answer(b)
design of secure system?
16. What is a typical cost of launching Denial
a. Assessing vulnerability
b. Changing or Updating System of Service attack on a website?
according to vulnerability a. $20/hr
c. Both A and B b. $100/day
d. None of the above c. $300/month
Answer: (c) d. Both A and B
Answer (d)
13. Which of the following is correct with respect
17. Which of the following is correct for silent
to Penetration testing?
banker?
a. It is an internal inspection of
a. It is a trojan horse
Applications and Operating systems
b. It records keystrokes, captures
for security flaws.
b. It is an authorized simulated cyber- screens and steals confidential
attack on a computer system, banking credentials and sends them
performed to evaluate the security of to a remote attacker
the system c. Both A and B
c. It is hacking a security system of an d. None of the above
organization. Answer(c)
d. All of the above
18. What is Stuxnet?
Answer: (b)
a. A trojan horse

b. A malicious computer worm 23. What is a price for selling windows OS
c. A botnet vulnerability in the black market?
d. A ransomware a. $60K – $100K
Answer (b) b. $60k – $120K
19. Which of the following it was incorrect for c. $6000 – $12000
Target company attack? d. None of the above
a. It is an example of server-side attack Answer (b)
b. More than 140 million credit card 24. are attempts by individuals to
information was stolen in the attack obtain confidential information from you
c. The attack happened in 2011 by falsifying their identity.
d. None of the above a. Computer viruses
Answer (c) b. Phishing scams
20. What is meant by marketplace for c. Phishing trips
vulnerability? d. Spyware scams
a. A market vulnerable to attacks Answer (b)
b. A market consisting of vulnerable 25. Which of the following is correct for
consumers MITM?
c. A market to sell and purchase a. It stands for Man-In-The-Middle
vulnerabilities attack
d. All of the above b. It happens when a communication
Answer (c) between the two systems is intercepted
21. Identify the correct bug bounty program by an outside entity
name. c. It can happen in any form of online
a. Google Vulnerability Program communication, such as email, social
b. Microsoft Bug Bounty Program media, web surfing, etc
c. Mozilla Bounty Program d. All of the above
d. Pwn2Own competition Answer (d)
Answer (d) 26. Which of the following describes
22. What is a typical reward amount for monitoring software installed without your
Pwn2Own competition? consent?
a. $15000 a. Malware
b. $1500 b. Adware
c. $150 c. Spyware
d. $15 d. Ransomware
Answer (a) Answer (c)

27. Which type of cyber-attack is commonly a. Network Mapper
performed through emails? b. New Mappping
a. Trojans c. Network Manager
b. Worms d. Network Mac Address
c. Ransomware Answer: (a)
d. Phishing 32. is a popular tool used for
Answer (d) discovering networks as well as in security
auditing.
28. What is the price for selling Firefox or
Safari browser vulnerability in the black a. Ettercap
market? b. Metasploit
a. $60K – $100K c. Nmap
b. $60k – $120K d. Burp Suit
c. $60K – $150K Answer: (c)
d. $60000 – $15000 33. Which of this Nmap do not check?
Answer (c)
29. If you share too much information on social a. services different hosts are offering
media, what may you by at risk of? b. on what OS they are running
a. Identity Theft c. what kind of firewall is in use
b. Ransomware d. what type of antivirus is in use
c. Malware
d. Adware Answer: (d)
Answer (a) 34. Wireshark is a tool.
30. framework made cracking of a. network protocol analysis

vulnerabilities easy like point and click. b. network connection security
c. connection analysis
a. .Net d. defending malicious packet-filtering
b. Metasploit Answer: (a)
c. Zeus
d. Ettercap 35. is the world’s most popular
Answer: (b) vulnerability scanner used in companies for
checking vulnerabilities in the network.
31. Nmap is abbreviated as a. Wireshark
b. Nessus

c. Snort a. Vulnerabilities without risk
d. WebInspect b. Vulnerabilities without attacker
Answer: (b) c. Vulnerabilities without action
36. is a debugger and exploration d. Vulnerabilities no one knows
tool. Answer: Option (a)
a. Netdog 41. is a piece of software or a
b. Netcat segment of command that usually take
c. Tcpdump advantage of a bug to cause unintended
d. BackTrack actions and behaviors.
Answer: (b) a. Malware
37. is a popular command-line packet b. Trojan
analyser. c. Worms
a. Wireshark d. Exploit
b. Snort Answer: (d)
c. Metasploit 42. What is Probe?
d. Tcpdump a. A probe is an attempt to gain access
Answer: (d) to a computer and its files through a
38. is a weakness that can be known or probable weak point in
exploited by attackers. the computer system.
a. System with Virus b. It is a method of checking if the
b. System with vulnerabilities computer is connected to a network.
c. System without firewall c. A technique used to gain information
d. System with a strong password about a computer system on a network
Answer: (b) and the services running on its open
ports.
39. is the cyclic practice for d. A which is used to scan network.
identifying & classifying and then solving
the vulnerabilities in a system. Answer: (a)
a. Bug protection 43. A security device which installed between
b. Bug bounty two networks (internal network to outside
c. Vulnerability measurement network) for controlling the flow of traffic
d. Vulnerability management into and out-of network
Answer: (d) a. Proxy Server
40. is a special type of b. Hub
vulnerability that doesn’t possess risk. c. Firewall

d. Network Switch a. Network Intrusion Deletion System
(NIDS) mode
Answer: (c) b. Network Illusion Detection System
(NIDS) mode
44. Firewall remembers the information about c. Network Intrusion Destination System
the prevously passed packets (NIDS) mode
a. Stateful Firewalls d. Network Intrusion Detection System
b. StateDown FireWire (NIDS) mode
c. Stateless Firewall
d. Stateful FireWire Answer: (d)
Answer: (a) 49. What is IPS in network security?
45. is method of connecting a. Illusion Prevention System (IPS)
multiple computers to the Internet using b. Intrusion Prevention System (IPS)
one IP address c. Intrusion Private System (IPS)
a. DNS d. Illusion Prevention Service (IPS)
b. FTP Answer: (b)
c. NAT 50. Network layer firewall works as a
d. DHCP a. Frame filter
Answer: (c) b. Packet filter
46. Full Form of NAT c. Content filter
a. Netwrok Access Transmision d. Virus filter
b. Network Address Translation Answer: (b)
c. Netwrok Access Translation
d. Network Address Translation 51. Network layer firewall has two sub-
Answer: (b) categories as
a. State full firewall and stateless
47. Snort can be configured to run in firewall
modes b. Bit oriented firewall and byte
a. Three oriented firewall
b. Four c. Frame firewall and packet firewall
c. Five d. Network layer firewall and session
d. Two layer firewall
Answer: (a) Answer: (a)
48. One of the Snort mode is 52. A DoS attack coming from a large number
of IP addresses, making it hard to manually

filter or crash the traffic from such sources 56. Which among the following is the least
is known as a strong security encryption standard?
a. GoS attack a. WEP

b. PDoS attack b. WPA
c. DoS attack c. WPA2
d. DDoS attack d. WPA2
Answer: (d) Answer: (a)
53. is hiding of data within 57. will encrypt all your
data, where we can hide images, text, and system files and will ask you to pay a
other messages within images, videos, ransom in order to decrypt all the files and
music or recording files. unlock the system.
a. Cryptography a. Scareware
b. Tomography b. Ransomware
c. Steganography c. Adware
d. Chorography d. Spyware
Answer: (c) Answer: (b)
54. In Steganography People will normally
think it as a normal/regular file and your 58. are special malware
secret message will pass on without any programs written to spy your mobile
phones and systems.
a. Suspicion a. Scareware
b. decryption b. Ransomware
c. encryption c. Adware
d. cracking d. Spyware
Answer: (a) Answer: (d)
55. Attacks always need 59. An attacker may use automatic brute
physical access to the system that is having forcing tool to compromise your
password file or the hacker needs to crack
the system by other means. a. username
a. online b. employee ID
b. offline c. system / PC name
c. password d. password
d. non-electronic Answer: (d)
Answer: (b)

60. is a code injecting method a. Trojan
used for attacking the database of a system b. Virus
/ website c. Worm
d. mail Bomb
a. HTML injection Answer: (b)
b. SQL Injection 65. is a harmful code embedded
c. Malicious code injection inside a seemingly harmless program
d. XML Injection a. Trojan Horse
Answer: (b) b. Virus
61. When there is an excessive amount of data c. Worm
flow, which the system cannot handle, d. Email Bomb
takes place. Answer: (a)
a. Database crash attack 66. Programmers add for
b. DoS (Denial of Service) attack maintenance hooks and troubleshooting
c. Data overflow Attack a. Spyware
d. Buffer Overflow attack b. Virus
Answer: (d) c. Malware
62. Which of this is an example of physical d. Backdoors
hacking? Answer: (d)
a. Remote Unauthorised access 67. In which of the following, a person is
b. Inserting malware loaded USB to a constantly followed/chased by another
system person or group of several peoples?
c. SQL Injection on SQL vulnerable site
d. DDoS (Distributed Denial of Service) a. Phishing
attack b. Bulling
Answer: (b) c. Stalking
63. Which method of hacking will record all d. Identity theft
your keystrokes? Answer: c
a. Keyhijacking 68. Which one of the following can be

b. Keyjacking considered as the class of computer threats?
c. Keylogging
d. Keyboard monitoring a. Dos Attack
Answer: (c) b. Phishing
64. is Self-replicating in nature. c. Soliciting

d. Both A and C 73. It can be a software program or a hardware
Answer: a device that filters all data packets coming
through the internet, a network, etc. it is
69. Which of the following is considered as the known as the :
unsolicited commercial email? a. Antivirus
a. Virus b. Firewall
b. Malware c. Cookies
c. Spam d. Malware
d. All of the above Answer: b
Answer: c 74. Which of the following refers to stealing
70. Which of the following usually observe one's idea or invention of others and use it
each activity on the internet of the victim, for their own benefits?
gather all information in the background, a. Piracy
and send it to someone else? b. Plagiarism
a. Malware c. Intellectual property rights
b. Spyware d. All of the above
c. Adware Answer: d
d. All of the above
Answer: b 75. Read the following statement carefully and
71. is a type of software designed to find out whether it is correct about the
help the user's computer detect viruses and hacking or not?
avoid them. It can be possible that in some cases, hacking a
a. Malware computer or network can be legal.
b. Adware
c. Antivirus a. No, in any situation, hacking cannot
d. Both B and C be legal
Answer: c b. It may be possible that in some
72. Which one of the following is a type of cases, it can be referred to as a legal
antivirus program? task
a. Quick heal Answer: b
b. Mcafee 76. Which of the following refers to exploring
c. Kaspersky the appropriate, ethical behaviors related to
d. All of the above the online environment and digital media
Answer: d platform?
a. Cyber low

b. Cyberethics Answer: b
c. Cybersecurity 81. In ethical hacking and cyber security, there
d. Cybersafety are types of scanning:
Answer: b
77. Which of the following refers to the a. 1

violation of the principle if a computer is b. 2
no more accessible? c. 3
a. Access control d. 4
b. Confidentiality Answer: c
c. Availability 82. Which of the following is not a type of
d. All of the above scanning?
Answer: c a. Xmas Tree Scan
78. Which one of the following refers to the b. Cloud scan
technique used for verifying the integrity of c. Null Scan
the message? d. SYN Stealth
a. Digital signature Answer: b
b. Decryption algorithm 83. In system hacking, which of the following
c. Protocol is the most crucial activity?
d. Message Digest a. Information gathering
Answer: d b. Covering tracks
c. Cracking passwords
79. Which one of the following usually used in d. None of the above
the process of Wi-Fi-hacking? Answer: c
a. Aircrack-ng
b. Wireshark 84. Which of the following are the types of
c. Norton scanning?
d. All of the above a. Network, vulnerability, and port
Answer: a scanning
80. Which of the following port and IP address b. Port, network, and services
scanner famous among the users? c. Client, Server, and network
a. Cain and Abel d. None of the above
b. Angry IP Scanner Answer: a
c. Snort 85. Which one of the following is actually
d. Ettercap considered as the first computer virus?

a. Sasser d. All of the above
b. Blaster Answer: d
c. Creeper 90. Which one of the following is also referred
d. Both A and C to as malicious software?
Answer: c a. Maliciousware
86. To protect the computer system against the b. Badware
hacker and different kind of viruses, one c. Ilegalware
must always keep on in the d. Malware
computer system. Answer: d
a. Antivirus 91. Hackers usually used the computer virus
b. Firewall for purpose.
c. Vlc player a. To log, monitor each and every user's
d. Script stroke
Answer: b b. To gain access the sensitive
87. Code Red is a type of information like user's Id and
a. An Antivirus Program Passwords
b. A photo editing software c. To corrupt the user's data stored in the
c. A computer virus computer system
d. A video editing software d. All of the above
Answer: c Answer: d
92. In Wi-Fi Security, which of the following
88. Which of the following can be considered protocol is more used?
as the elements of cyber security? a. WPA
a. Application Security b. WPA2
b. Operational Security c. WPS
c. Network Security d. Both A and C
d. All of the above Answer: b
Answer: d 93. The term "TCP/IP" stands for
a. Transmission Contribution protocol/
89. Which of the following are famous and internet protocol
common cyber-attacks used by hackers to b. Transmission Control Protocol/
infiltrate the user's system? internet protocol
a. DDos and Derive-by Downloads c. Transaction Control protocol/ internet
b. Malware & Malvertising protocol
c. Phishing and Password attacks

d. Transmission Control Protocol/ b. It is a device installed at the
internet protocol boundary of an incorporate to
Answer: b protect it against the unauthorized
94. The response time and transit time is used access.
to measure the of a c. It is a kind of wall built to prevent
network. files form damaging the corporate.
a. Security d. None of the above.
b. Longevity 98. When was the first computer virus created?
c. Reliability a. 1970
d. Performance b. 1971
Answer: d c. 1972
95. Which of the following factor of the d. 1969
network gets hugely impacted when the Answer: b
number of users exceeds the network's 99. Which of the following is considered as the
limit? world's first antivirus program?
a. Reliability a. Creeper
b. Performance b. Reaper
c. Security c. Tinkered
d. Longevity d. Ray Tomlinson
Answer: d Answer: b
96. In the computer networks, the encryption 100. Which one of the following principles
techniques are primarily used for of cyber security refers that the security
improving the mechanism must be as small and simple as
a. Security possible?
b. Performance a. Open-Design
c. Reliability b. Economy of the Mechanism
d. Longevity c. Least privilege
Answer: a d. Fail-safe Defaults
Answer: b
97. Which of the following statements is 101. Which of the following principle of
correct about the firewall? cyber security restricts how privileges are
a. It is a device installed at the boundary initiated whenever any object or subject is
of a company to prevent unauthorized created?
physical access. a. Least privilege
b. Open-Design

c. Fail-safe Defaults a. Trojan Horse
d. None of the above b. Worm
Answer: c c. Trap Door
102. Which of the following can also d. Virus
consider as the instances of Open Design? Answer: b
a. CSS 106. Which of the following usually
b. DVD Player considered as the default port number of
c. Only A apache and several other web servers?
d. Both A and B a. 20
103. Which one of the following principles b. 40
states that sometimes it is become more c. 80
desirable to rescored the details of intrusion d. 87
that to adopt more efficient measure to Answer: c
avoid it? 107. DNS translates a Domain name into
a. Least common mechanism
b. Compromise recording a. Hex
c. Psychological acceptability b. Binary
d. Work factor c. IP
Answer: b d. URL
Answer: d
104. Which of the following statements is 108. Which one of the following systems
true about the VPN in Network security? cannot be considered as an example of the
a. It is a type of device that helps to operating systems?
ensure that communication between a a. Windows 8
device and a network is secure. b. Red Hat Linux
b. It is usually based on the IPsec( IP c. BSD Linux
Security) or SSL (Secure Sockets d. Microsoft Office
Layer) Answer: d
c. It typically creates a secure, encrypted 109. In the CIA Triad, which one of the
virtual "tunnel" over the open internet following is not involved?
d. All of the above a. Availability
Answer: d b. Confidentiality
105. Which of the following is a type of c. Authenticity
independent malicious program that never d. Integrity
required any host program? Answer: c

110. In an any organization, company or 113. Which one of the following is
firm the policies of information security considered as the most secure Linux
come under operating system that also provides
a. CIA Triad anonymity and the incognito option for
b. Confidentiality securing the user's information?
c. Authenticity a. Ubuntu
d. None of the above b. Tails
Answer: a c. Fedora
111. Why are the factors like d. All of the above
Confidentiality, Integrity, Availability, and Answer: b
Authenticity considered as the 114. Which type following UNIX account
fundamentals? provides all types of privileges and rights
a. They help in understanding the which one can perform administrative
hacking process functions?
b. These are the main elements for any a. Client
security breach b. Guest
c. They help to understand the c. Root
security and its components in a better d. Administrative
manner Answer: d
d. All of the above
Answer: c 115. Which of the following is considered
112. In order to ensure the security of the as the first hacker's conference?
data/ information, we need to a. OSCON
the data: b. DEVON
a. Encrypt c. DEFCON
b. Decrypt d. SECTION
c. Delete Answer: c
Answer: a

Set-II
1. According to the CIA Triad, which of the d. Non-repudiation

below-mentioned element is not considered Answer: b
in the triad? 5. When you use the word it means you
a. Confidentiality are protecting your
b. Integrity data from getting disclosed.
c. Authenticity a. Confidentiality
d. Availability b. Integrity
Answer: c c. Authentication
d. Availability
2. CIA triad is also known as Answer: a
a. NIC (Non-repudiation, Integrity, 6. When integrity is lacking in a security
Confidentiality) system,
b. AIC (Availability, Integrity, occurs.
Confidentiality) a. Database hacking
c. AIN (Availability, Integrity, Non- b. Data deletion
repudiation) c. Data tampering
d. AIC (Authenticity, Integrity, d. Data leakage
Confidentiality) Answer: c
Answer: b 7. Why these 4 elements (confidentiality,
3. of information means, only integrity, authenticity & availability) are
authorised users are considered fundamental?
capable of accessing the information. a. They help understanding hacking
a. Confidentiality better
b. Integrity b. They are key elements to a security
c. Non-repudiation breach
d. Availability c. They help understands security and
Answer: a its components better
4. means the protection of data from d. They help to understand the cyber-
modification by crime better
unknown users. Answer: c
a. Confidentiality 8. This helps in identifying the origin of
b. Integrity information and authentic
c. Authentication user. This referred to here as

a. Confidentiality
b. Integrity 13. Compromising confidential information
c. Authenticity comes under
d. Availability a. Bug
Answer: c b. Threat
9. Data is used to ensure c. Vulnerability
confidentiality. d. Attack
a. Encryption Answer: b
b. Locking 14. Which of the following are not security
c. Deleting policies?
d. Backup a. Regulatory
Answer: a b. Advisory
10. Data integrity gets compromised when c. Availability
and are taken control off. d. User Policies
a. Access control, file deletion Answer: c
b. Network, file permission 15. Examples of User Policies is/are:
c. Access control, file permission a. Password Policies
d. Network, system b. Internet Usage
Answer: c c. System Use
11. is the practice and precautions d. All of the above
taken to protect valuable information from
unauthorised access, recording, disclosure 16. Policy ensures that the organization
or destruction. is maintaining
a. Network Security standards set by specific industry regulation.
b. Database Security a. Regulatory
c. Information Security b. Advisory
d. Physical Security c. Availability
Answer: c d. User Policies
12. From the options below, which of them is Answer: a
not a threat to information security? 17. Policy is like standards rules and
a. Disaster regulations set by the management to
b. Eavesdropping advise their employees on their activity or
c. Information leakage behavior
d. Unchanged default password a. Regulatory
Answer: d b. Advisory

c. Availability 22. If communication between 2 people is
d. User Policies overheard by a third person without
Answer: b extraction of any data, it is called as:
18. What defines the restrictions on employees a. Release of Message Content-Passive
such as usage? Attack
a. Regulatory b. Traffic analysis -Passive Attacks
b. Advisory c. Release of Message Content- Active
c. Availability Attacks
d. User Policies d. Traffic analysis -Active Attacks
Answer: d Answer: d
19. Which of the following attack can actively
modify communications or data? 23. No modification of data is a characteristic
a. Both Active and Passive Attacks of
b. Neither Active and Passive Attacks a. Active Attack
c. Active Attacks b. Passive Attack
d. Passive Attacks Answer: a
Answer: c
20. Release of Message Content and Traffic 24. means when an attacker pretends
analysis are type of : to be authentic user
a. Both Active and Passive Attacks a. Masquerade
b. Neither Active and Passive Attacks b. Replay
c. Active Attacks c. Modification
d. Passive Attacks d. Traffic analysis
Answer: d Answer: a
21. If communication between 2 people is 25. attack is when original data
overheard by a third person without is modified and malicious data is inserted
manipulation of any data, it is called as: a. Masquerade
a. Release of Message Content-Passive b. Replay(Rewrite)
Attack c. Modification
b. Traffic analysis -Passive Attacks d. Traffic analysis
c. Release of Message Content- Active Answer: b
Attacks 26. When original data is changed to make it
d. Traffic analysis -Active Attacks non-meaningful by attacker it is known as
Answer: a a. Masquerade
b. Replay

c. Modification of Messages c. Network Security
d. Traffic analysis d. Information Hiding
Answer: c Answer: a
27. Which is the type of attack when Network 32. A unique piece of information that is used
is made unavailable for user in encryption.
a. Masquerade a. Cipher
b. Replay b. Plain Text
c. Modification c. Key
d. Denial of Service d. Cipher
Answer: d Answer: c
28. Modification of Data is done in: 33. Assurance that authentic user is taking part
a. Both Active and Passive Attacks in communication is:
b. Neither Active and Passive Attacks a. Authentication
c. Active Attacks b. Authorization
d. Passive Attacks c. Access Control
Answer: a d. Auditing
29. The information that gets transformed in Answer: a
encryption is 34. AT M pin while withdrawing money is an
a. Plain text example of using:
b. Parallel text a. Authentication
c. Encrypted text b. Authorization
d. Decrypted text c. Access Control
Answer: a d. Auditing
Answer: b
30. The process of transforming plain text into 35. Study of creating a d using encryption and
unreadable text. decryption
a. Decryption techniques.
b. Encryption a. Cipher
c. Network Security b. Cryptography
d. Information Hiding c. Encryption
Answer: b d. Decryption
31. A process of making the encrypted text Answer: b
readable again. 36. An attack in which the user receives
a. Decryption unwanted amount of emails.
b. Encryption a. Smurfing

b. Denial of service d. all the connected devices to the
c. E-mail bombing network
d. Ping storm Answer: b
Answer: c 41. Cryptanalysis is used
37. The process of disguising plaintext in such a. to find some insecurity in a
a way that itssubstance gets hidden (into cryptographic scheme
what is known as cipher-text) iscalled b. to increase the speed
c. to encrypt the data
d. to make new ciphers
a. cryptanalysis Answer: a
b. decryption 42. Conventional cryptography is also known
c. reverse engineering as or symmetric-key
d. encryption encryption.
Answer: d a. secret-key
38. In same keys are b. public key
implemented for encrypting as well as c. protected key
decrypting the information. d. primary key
a. Symmetric Key Encryption Answer: a
b. Asymmetric Key Encryption 43. is the art &
c. Asymmetric Key Decryption science of cracking the
d. Hash-based Key Encryption cipher-text without knowing the key.
Answer: a a. Cracking
39. The procedure to add bits to the last block b. Cryptanalysis
is termed as c. Cryptography
a. decryption d. Crypto-hacking
b. hashing Answer: b
c. tuning
d. padding 44. In a sequence of actions is
Answer: d carried out on this block after a block of
40. In asymmetric key cryptography, the plain-text bits is chosen for generating a
private key is kept by block of cipher-text bits.
a. sender a. Block Cipher
b. receiver b. One-time pad
c. sender and receiver c. Hash functions
d. Vigenere Cipher

Answer: a b. Integer overflow can compromise a
program's reliability and security
45. Which of the following programming c. Both A and B
languages have common buffer overflow d. None of the above
problem in the development of Answer :- c
applications? 49. A string which contains
parameter/s, is called string.
a. C, Ruby a. Format, text
b. C, C++ b. Text, format
c. Python, Ruby c. text and format, format
d. C, Python d. None of the above
Answer: - b Answer- b
50. If we talk about control hijacking, which of
46. Which type of buffer overflows are the following is true ?
common among attackers?
a. Memory-based a. In Buffer overflow attacks, stack
b. Queue-based based attacks are more common than
c. Stack-based heap based attack.
d. Heap-based b. Integer overflow attacks is not a
Answer: - c type of control hijacking.
c. Format string vulnerabilities are used
47. In attack, malicious code is to prevent control hijacking.
pushed into . d. All of the above
Answer :- b
a. buffer-overflow, stack
b. buffer-overflow, queue 51. If we mark the stack and heap segement as
c. buffer-overflow,memory-card non executable,
d. buffer-overflow,external drive a. No code will execute.
Answer:- a b. return-oriented programming will also
48. In case of integer overflow, Which of the not be able to exploit it.
following option/s is/are true? c. we can prevent overflow code
a. It is a result of an attempt to store a execution.
value greater than the maximum value d. All of the above.
an integer can store
Answer :- c

Answer :- d
52. If we talk about Return Oriented 55. The below function is part of a program
Programming, which of the following that is running on a 32-bit x86 system; the
statement is true ? compiler does not change the order of
a. It is a computer security exploit variables on the stack.
technique that allows an attacker to void function(char *input) {
execute code in the presence of int i = 1;
security defences such as DEP and char buffer[8];
code signing int j = 2;
b. These types of attacks arise when an strcpy(buffer,input);
adversary manipulates the call stack printf(“%x %x %s\n”,i,j,buffer);
by taking advantage of a bug in the }
program, often a buffer overflow.
c. Return-oriented programming is an What is the minimum length of a string passed
advanced version of a stack smashing to the function through the input parameter
attack. that can crash the application?
d. All of the above a. 10
b. 11
Answer :- d c. 12
d. 13
53. An hardware device's interrupt request Answer:(c)
invokes , which handles this interrupt. 56. Applications developed by programming
languages like and have this
a. Instruction Set Randomization common buffer-overflow error.
b. Information Storage and Retrieval a. C, Ruby
c. Interrupt Service Routine b. C, C++
d. Intermediate Session Routing c. Python, Ruby
d. C, Python
Answer :- c Answer(b)
54. Which of the following is a method of 57. buffer overflows, which
randomization? are more common among attackers.
a. ASLR a. Memory-based
b. Sys-call randomization b. Queue-based
c. Memory randomization c. Stack-based
d. All of the above. d. Heap-based

Answer(c ) that will exceed the value of 65,535, the
58. Malicious code can be pushed into the result will be:
during attack. a. Buffer Overflow
a. stack, buffer-overflow b. Integer Overflow
b. queue, buffer-overflow c. Stack Overflow
c. memory-card, buffer-overflow d. Heap Overflow
d. external drive, buffer-overflow Answer(b)
Answer( a) 62. Integer overflow bugs in programs are
difficult to track down and may lead to fatal
59. Which of the following string library errors or exploitable vulnerabilities.
functions is unsafe for buffer? a. True
a. gets (char * str) b. False
b. strcat (char * destination, const char * Answer(a)
source) 63. One way of detecting integer overflows is
c. strcpy (char * destination, const char * by using a modified compiler to insert
source) runtime checks.
d. All of the above a. True
Answer(d) b. False
Answer(a)
60. Which of the following statements is 64. A format string is a string that
correct with respect to integer overflow? contains and parameters.
a. Format, text, ASCII
a. It is a result of an attempt to store a b. Text, ASCII, format
value greater than the maximum value c. ASCII, text, format
an integer can store d. None of the above
b. Integer overflow can compromise a Answer(c)
program’s reliability and security 65. Which of the following is not a format
c. Both A and B function in C?
d. None of the above a. fprintf()
Answer(c ) b. vsfprint()
c. vfprintf()
61. If an integer data type allows integers up to d. vsprintf()
two bytes or 16 bits in length (or an Answer(b
unsigned number up to decimal 65,535), 66. What is the purpose of format functions?
and two integers are to be added together

a. They are used to convert simple C data .
types to a string representation
b. They allow to specify the format of the
representation
c. They process the resulting string
(output to stderr, stdout, syslog, …)
d. All of the above
Answer(d)
67. The behaviour of the is controlled
by the
a. format function, format string
b. format string, format function
c. Both A and B
Answer(a)
68. Identify whether the following code has

format string vulnerability or not. char
tmpbuf[512]; snprintf (tmpbuf, sizeof
(tmpbuf), “foo: %s”, user); tmpbuf[sizeof
(tmpbuf) – 1] = ’\0’; syslog
(LOG_NOTICE, tmpbuf);
a. No
b. Yes
Answer(b)
69. Which of the following is an example of
control hijacking?
a. Buffer overflow attacks

b. Integer overflow attacks
c. Format string vulnerabilities

d. All of the above
Answer (d)
70. The overflows exploits can be detected by

74. Which of the following is correct for
a. adding runtime code
Return Oriented Programming?
b. adding vulnerabilities
c. adding buffer a. It is a computer security exploit
d. None of the technique that allows an attacker to
above Answer(a)
71. Which of the following is an

example of automated tool for
software audit in prevention of
control hijacking attacks?
a. Coverity
b. Prefix/Prefast
c. Both A and B
d. None of the
above Answer(c)
72. Overflow code execution

can be prevented by:
a. halting the process

b. fixing bugs
c. adding more memory
d. marking the stack
and heap segments as
non-executable
Answer(d)
73. Arbitrary programs can be best

generated using only the existing
code .
a. return oriented programming

b. object oriented programming
c. functional programming
d. logical
programming
Answer(a)

execute code in the presence of 78. is only applied to images for
security defences such as DEP and which the dynamic-relocation flag is set.
code signing a. ASLR
b. These types of attacks arise when an b. ISR
adversary manipulates the call stack c. Sys-call randomization
by taking advantage of a bug in the d. None of the above
program, often a buffer overflow. Answer(a)
c. Return-oriented programming is an
advanced version of a stack smashing 79. Which of the following mark memory
attack. regions as non-executable, such that an
d. All of the above attempt to execute machine code in these
Answer(d)
regions will cause an exception?
75. In ASLR, an attacker cannot jump a. Return Oriented Programming

directly to execute function. b. Data Execution Prevention
c. Randomization
a. True
b. False
Answer(b)
Answer(a)
80. In the context of cyber security, PTE
76. In the context of cyber security, what
stands for:
does ISR stands for?
a. Process Table Entries
a. Information Storage and Retrieval
b. Public Test Environment
b. Intermediate Session Routing
c. Path Terminating Equipment
c. Instruction Set Randomization
d. Page Table Entry
d. Interrupt Service Routine
Answer(d)
Answer(c)
77. Which of the following is not a method

of randomization?
a. ASLR
b. ISR
c. Sys-call randomization
d. Memory randomization
Answer(d)

Set-III
1. A may at any time be idle, or uid and the saved uid are assigned
to the user ID of the owner of the
have one or more executing on
file
its behalf. c. Both A and B
a. subject, principals
Answer(d)
b. principal, subjects
c. subject, objects
6. Which of the following is a way to escape
d. principal, objects
Answer(b) jail as root?
2. Which of the following is correct with

a. Reboot system
respect to objects? b. Send signals to chrooted process
c. Create devices that lets you
access raw disk
a. An object is anything on which a
d. A and C
subject can perform operations
Answer(d)
(mediated by rights)
b. Objects are usually passive
7. Chroot jail is partitioning and
c. Both A and B
d. Only A FreeBSD jail is partitioning
Answer(c)
a. Weak, Strong
b. Strong, Weak
3. Subjects can also be objects with
c. Weak, Weak
operation(s) d. Strong,Strong
Answer(a)
a. Kill
8. Which of the following is incorrect with
b. Suspend and Resume
c. Resume and Kill respect to FreeBSD jail?
d. Kill, Suspend and Resume
Answer(d)
a. It can only bind to sockets with
specified IP address and
4. The read bit allows one to show file
authorized ports
names in the directory. b. It can communicate with
processes inside and outside of
jail
a. True
c. Root is limited (example: cannot
b. False
load kernel modules)
Answer(a)
Answer(b)
5. When a process is created by fork:
9. Identify the correct statement for
paravirtualization.
a. It inherits three user IDs from its
parent process a. Paravirtualization is where
b. It keeps its three user IDs unless software is used to simulate
the set-user-ID bit of the file is hardware for guest operating
set, in which case the effective system to run in.
b. Paravirtualization is where a type-2 d. None of the above
hypervisor is used to partially allow Answer(a)
access to the hardware and partially
to simulate hardware in order to 13. Which of the following uses a call back
allow you to load full operating
mechanism in the kernel module to
system
c. Both A and B redirect system calls?
d. Paravirtualization is where the
a. systrace
guest operating system runs on
b. ptrace
the hypervisor, allowing for
c. ostia
higher performance and
d. NetBSD
efficiency.
Answer(b) ptrace
Answer(d)
14. NaCl stands for –
10. Which of the following is incorrect for a. Narrow Cluster
b. Native Cluster
System call interposition?
c. Narrow Client
d. Native Client
a. It tracks all the system service Answer(d) Native Client
requests of processes.
b. Each system request can be 15. Which of the following is the best possible
modified or denied.
c. It is impossible to implement name for backdoor virus?
tools to trace, monitor, or a. stealth
virtualize processes.
d. None of the above. b. Hidden key
Answer(c) c. Rootkit
d. Worm
11. ptrace is a system call found in and Answer(c)
several like operating systems. 16. Binary rootkits and library rootkits are the
a. Mac examples of –
b. Unix
c. Windows
d. None of the above a. Kernel mode rootkits
Answer(b) b. User mode rootkits
c. Firmware rootkits
12. Which of the following is a computer d. None of the above
security utility which limits an Answer:- b
application’s access to the system by 17. Which of the following is not an attack
enforcing access policies for system tool?
calls? a. Password cracker
a. systrace b. Network sniffer

b. NetBSD c. Autorooter
c. ptrace
d. Rootkit Revealer

Answer:- d c. Logs are analysed to detect trails of
intrusion
d. All of the mentioned
18. Which of the following is incorrect for Answer:- d
knark? 22. What are strengths of the host-based IDS?
a. It hides/unhides files or directories a. Attack verification
b. It hides TCP or UDP connections b. System specific activity
c. It is a user-mode rootkit c. No additional hardware required
d. None of the above d. All of the mentioned
Answer:- c Answer:-d
19. Which of the following is the best 23. What of the following best characteristics
characteristic of anomaly-based IDS? stack based IDS ?
a. They are integrated closely with the
a. It models the normal usage of TCP/IP stack and watch packets
network as a noise characterization b. The host operating system logs in the
b. It doesn’t detect novel attacks audit information
c. Anything distinct from the noise is not c. It is programmed to interpret a certain
assumed to be intrusion activity series of packets
d. It detects based on signature d. It models the normal usage of network
Answer:- a as a noise characterization
20. What are drawbacks of signature-based Answer:- a
IDS? 24. Which of the following is correct for
a. They are unable to detect novel attacks compartmentalization?
b. They suffer from false alarms a. Break large monolithic over-
c. They have to be programmed again for privileged software into smaller
every new pattern to be detected components.
d. All of the mentioned b. Develop “fault compartments”, that
Answer:- d each fail individually
21. What of the following is a characteristic of c. The goal is that when one
Host based IDS? compartment fails, the others can still
function
a. The host operating system logs in d. All of the above
the audit information Answer:- d
b. Logs includes logins, file opens and 25. Which of the following is correct for
program executions principle of least privilege?

a. Enforce minimal privileges for 29. Which of the following permission types a
intended purpose. UNIX file can be assigned?
b. Drop privileges when you no longer a. Read
need them. b. Write
c. Both A and B c. Execute
d. None of the above d. All of the above
Answer:- c
Answer: (d)
26. uses a typical Unix approach with 30. Which of the following information is
a large monolithic server and is known for contained in the access tokens?
the high complexity and previous security a. The security identifier (SID) for the
vulnerabilities. user’s account
b. A list of the privileges held by either
a. Sendmail the user or the user’s groups
b. Qmail c. The SID for the primary group
c. Both A and B d. All of the above
d. None of the above Answer(d)
Answer:- a
31. An access token that has been created to
27. In android process isolation, which process capture the security information of a client
only run as root? process, allowing a server to “impersonate”
a. Zygote the client process in security operations.
b. Ping a. Primary Token
c. Both A and B b. Process Token
d. None of the above c. Personalized Token
Answer:- c d. Impersonation Token
28. Which of the following is not a level of Answer (d)
access control on UNIX systems? 32. Which of the following is not a common
a. User password myth?
b. Administrator a. The best length of password is 8
c. Group characters
d. Other b. Replacing characters with numbers is
Answer (b) good (e.g. J0hn_Sm1th)
c. Passwords can include spaces

Answer (c) 37. Which of the following is a vulnerability in
33. Which of the following is one of the web browser?
technically simplest processes of gaining a. Cross Site Scripting
access to any password-protected system? b. Implementation bugs
a. Clickjacking c. Both A and B
b. Brute force attack d. Buffer overflow
c. Eavesdropping
d. Waterhole Answer(c)
Answer (b) 38. The is an object in web browser.
34. A is a process of a. Frames
breaking a password protected system or b. DOM
server by simply & automatically entering c. Cookies
every word in a dictionary as a password. d. All of the above
a. Dictionary attack
b. Phishing attack Answer (d)
c. Social engineering attack 39. Which of the following is not a component
d. MiTM attack of security policy?
a. Frame – Frame relationships
Answer(a) b. Frame – principal relationships
c. Principal – Principal relationships
35. Brute force attack is usually d. None of the above
a. fast
b. inefficient Answer(c)
c. slow 40. Chromium browser has the module
d. complex to understand in separate protection domains
a. Rendering engine
Answer(c) b. Browser kernel
36. Which of the following is not an advantage c. Browser process
of dictionary attack? d. Both A and B
a. Very fast Answer (d)
b. Time-saving 41. Which of the following is not a task
c. Easy to perform assigned to browser kernel?
d. Very tough and inefficient a. HTML parsing
Answer(d) b. Window management

c. Password database c. It is impossible to implement tools to
d. Download manager trace, monitor, or virtualize
42. The percentage of phishing in sampling of processes.
2015 security incidents is . d. None of the above.
a. 8.9% Answer:-(c)
b. 4.9% 46. Which of the following is a computer
c. 2.9% security utility which limits an application's
d. 0.9% access to the system by enforcing access
Answer (c) policies for system calls?
43. Chroot jail is used to process and a. systrace
its children by to the supplied b. NetBSD
directory name. c. ptrace
a. isolate, changing the root directory d. None of the above
b. change, the name Answer:- (a)
c. execute, renaming it 47. One of the name of backdoor virus is
d. All of the above . once access is enabled, it may hide
Answer:- (b) a. Stealth, files
44. Taliking about FreeBSD jail, which of the b. Rootkit,traces of unauthorized
following is true ? access
a. It can only bind to sockets with c. Hidden Key,unauthorized access
specified IP address and authorized d. Worm,unauthorized access
ports Answer:- (b)
b. It can communicate with processes 48. A Password cracker is a attack tool. Which
inside and outside of jail of the following is also a type of attack tool
c. Root is limited (example: cannot load ?
kernel modules) a. Rootkit Revealer
d. None of the above b. Network sniffer
Answer :-(b) c. TDSSKiller
45. Which of the following is incorrect for d. All of the above
System call interposition?
a. It tracks all the system service requests Answer:- (b)
of processes. 49. knark hides or unhides files or directories.
b. Each system request can be modified It ?
or denied.

a. uses system call redirection to hide its d. Chrome
presence. Answer: a
b. hides TCP or UDP connections. 54. As per the lecture, for maximum security,
c. is a loadable kernel module. passwords should be made up of:
d. All of the above a. Lower case letters only
Answer:- (d) b. Memorable names and dates
50. Which of following is true for signature- c. Upper case and lower-case letters,
based IDS? numbers and non letter characters
a. They can esily detect known attacks. d. Upper case and lower-case letters,
b. They can detect new attacks for which numbers and symbols
no pattern is there. Answer: d
c. They have high false positive rates. 55. When accessing a website, which icon can
d. All of the mentioned be seen in the address bar to indicate that
Answer:- (a) the website is secure?
51. If we talk about stack based IDS, Which of a. An arrow
the following is/are correct ? b. A padlock
a. They are integrated with the TCP/IP c. A house
stack. d. A shield
b. They pulls the packet from stack Answer: b
before OS 56. If you share too much information on social
c. Both (a). and (b). media, what may you be at most risk of?
d. None of the above a. Phishing
Answer:- (c ) b. Malware
52. Which of the following browsers is the c. Identity theft
least capable of detecting mixed content? d. Ransomware
a. IE Answer: c
b. Firefox 57. Cookies were originally designed for
c. Safari a. Client-side programming
d. Chrome b. Server-side programming
Answer: Safari c. Both Client-side programming and
53. Which of the following browsers displays Server-side programming
mixed-content dialog to user? d. None of the mentioned
a. IE Answer: b
b. Firefox
c. Safari

58. What is the constraint on the data per 62. SQL injection is an attack in which
cookie? code is inserted into strings that
a. 16 KB are later passed to an instance of SQL
b. 8 KB Server.
c. 4 KB a. malicious
d. 2 KB b. redundant
Answer: c c. clean
59. Which of the following is the maximum d. non malicious
number of cookies that a browser can Answer: a
store? 63. Point out the wrong statement:
a. 10 Cookies / Site a. SQL injection vulnerabilities occur
b. 20 Cookies / Site whenever input is used in the
c. 30 Cookies / Site construction of an SQL query without
d. None of the above being adequately constrained or
Answer: b sanitized
60. Which of the following is a use of cookies? b. SQL injection allows an attacker to
access the SQL servers and execute
a. User Authentication SQL code under the privileges of the
b. Personalization user used to connect to the database
c. User Tracking c. The use of PL-SQL opens the door
d. All of the above to SQL injection vulnerabilities
Answer: d d. None of the mentioned statements is
61. If we set the secure attribute of the cookie wrong
equals to true, then which of the following Answer: c
is correct?
a. The browser will only send cookie 64. A Web site that allows users to enter text,
back over HTTPS such as a comment or a name, and then
b. The browser will only send cookie stores it and later display it to other users, is
back over HTTP potentially vulnerable to a kind of attack
c. The browser will send cookie back called a attack.
over both HTTPS & HTTP a. Two-factor authentication
d. None of the above b. Cross-site request forgery
Answer: d c. Cross-site scripting
d. Cross-site scoring scripting
Answer: b

65. Many applications use where 69. Attack which forces a user(end user)to
two independent factors are used to identify execute unwanted actions on a web
a user. application in which he/she
a. Two-factor authentication is currently authenticated…
b. Cross-site request forgery a. Cross-site scoring scripting
c. Cross-site scripting b. Cross-site request forgery
d. Cross-site scoring scripting c. Cross-site scripting
Answer: a d. Two-factor authentication
66. Which of the following is a good way to Answer: b
prevent SQL injection? 70. Even with two-factor authentication, users
a. Use parameterized / prepared SQL are vulnerable to which attacks.
b. Use ORM framework a. Man-in-the-middle
c. Both A and B b. Cross attack
d. None of the above c. scripting
Answer: c d. Radiant
67. which attacks, the attacker manage’s to Answer: a
take control of the application to execute an 71. which factor uses in many applications,
SQL query created by the attacker… where two independent factors are used to
a. SQL injection identify a user…
b. Direct a. Cross-site scripting
c. SQL b. Cross-site request forgery
d. Application c. Two-factor authentication
Answer: a d. Cross-site scoring scripting
68. A Web site that allows users to enter text, Answer: c
such as a comment or a name, and then 72. The system that allows the user to be
stores it and laterdisplays it to other users, authenticated once and multiple
is potentially vulnerable to a kind of attack applications can then verify the user’s
what attack is it… identity through an authentication service
a. Cross-site scoring scripting without requiring reauthentication…
b. Cross-site request forgery a. OpenID
c. Cross-site scripting b. Sign-on system
d. Two-factor authentication c. Security Assertion Markup Language
Answer: c d. Virtual Private Database
Answer: b

73. which database is a standard for c. authentication
exchanging authentication and d. Authorization security
authorization information between different Answer: a
security domains, to provide cross- 77. If a DNS server accepts and uses the wrong
organization … details from a host that has no authority
a. OpenID giving that information, then this technique
b. Security Assertion Markup Language is called …?
c. Sign-on system a. DNS hijacking
d. Virtual Private Database b. DNS lookup
Answer: c c. DNS spoofing
74. which id standard is an alternative for d. All of the above
single sign-on across organizations, and has Answer: c
seen increasing acceptance in recent 78. block cypher used by PGP to encrypts
years… data…
a. OpenID a. international data encryption
b. Single-site system algorithm
c. Security Assertion Markup Language b. internet data encryption algorithm
d. Virtual Private Database c. private data encryption algorithm
Answer: a d. All of the above
75. which database allows a system Answer: c
administrator to associate a function with a 79. Pretty good privacy PGP(Pretty Good
relation the function returns a predicate that Privacy) is used in…
must be added to any query that uses the a. browser security
relation… b. email security
a. OpenID c. FTP security
b. Security Assertion Markup Language d. none of the mentioned
c. Single-site system Answer: b
d. Virtual Private Database 80. The extensible authentication protocol is an
Answer: d authentication framework used in…
76. VPD(virtual private database) provides a. wired local area network
authorization at the level of specific tuples, b. wireless networks
or rows, of a relation, and is therefore said c. wired personal area network
to be a mechanism… d. all of the above
a. row-level authorization Answer: b
b. Column-level authentication

81. What is used to carry traffic of one protocol b. Password-method authentication
over the network that does not support that c. Two-method authentication
protocol directly… d. Two-factor authentication
a. Tunnelling Answer: d
b. Trafficking 86. Where the security enforcement is needed
c. Transferring firstly…
d. Switching a. Scripting
Answer: a b. Application
82. In which Mode the authentication header is c. Assigning Roles
inserted immediately after the IP header… d. Administration
a. Tunnel Answer: b
b. Transport 87. Which database allows a system
c. Authentication administrator to associate a function with a
d. Both A and B relation…
Answer: a a. Virtual database
83. Which of the following is an extension of b. Private database
an enterprise private intranet across a c. Custom database
public Network that creates a secure private d. Virtual Private Database(VPD)
connection… Answer: d
a. VNP 88. Applications create queries dynamically,
b. VSPN can be considered as a risk source of …
c. VSN a. Active attacks
d. VPN b. Passive attacks
Answer: d c. Forgery
84. What term is considered as a basis for most d. Injection
robust authentication schemes… Answer: d
a. Registration 89. Which of the following should be stored in
b. Identification the cookie?
c. Encryption a. Session ID
d. Refine information b. Account Privileges
Answer: c c. UserName
85. A method that uses two independent d. Password
pieces/processes of information to identify Answer: a
a user is known as… 90. In which of the following exploits does an
a. Authentication through encryption attacker insert malicious code into a link

that appears to be from a trustworthy b. Cookie
source? c. Referrer Header
a. Cross-Site Scripting d. None of the above
b. Buffer over flows Answer: d
c. Command injection 95. The main risk to a web application in a
d. Path traversal attack cross site scripting attack is …
Answer: a
91. Failing to properly validate uploaded files a. Compromise of users
could result in: b. Loss of data integrity
a. Arbitrary code execution c. Destruction of data
b. Inadequate caching headers d. None of the above
c. Distributed Denial of Service Attack Answer: a
against clients
d. None of the above 96. Which cookie flag, when set, will prevent
Answer: a their transmission over non secure channel?
92. What does “White List” data validation a. Secure
means? b. Domain
a. Data is validated against a list of c. Expires
values that are known to be valid d. Static
b. Data is validated against a list of Answer: a
values that are known to be invalid 97. Cross Site Scripting is an attack against
c. Both of the above a. Client (Browser)
d. None of the above b. Database
Answer: a c. Web Application
93. Which languages are vulnerable to Cross d. Web Server
Site Scripting attacks ? Answer: a
a. Java 98. Which of the following is appropriate for
b. ASP.Net customer emails regarding a limited time
c. Perl promotional offer?
d. All of the above a. Request that the user authenticate
Answer: d him/herself by replying to the email
94. Out of the following which can be with their account credentials.
considered as user input for which b. Personalized greeting line
validation is not required
a. Host Header

c. Providing easy access to the b. Can be placed anywhere in the web
customer's account via a “Click Here” root as long as there are no links to
style link them
d. Sending the email from a domain set c. Should be completely removed from
up specifically for the special offer the server
Answer: b d. Can be placed anywhere after
99. Out of the following which one can be changing the extension
considered as a possible solutions for SQL Answer: c
injection vulnerability? 103. Implementing Access Control based
a. Data Validation on a hard coded IP address
b. Secure Cookies a. Can be done as it as an internal IP
c. Encryption b. Can be done for internet facing servers
d. Comprehensive exception handling as there are no chances of IP conflicts
Answer: a c. Is a good security practice
100. What is the common cause of buffer d. Is a bad security practice
over flows, cross-site scripting, SQL Answer: d
injection and format string attacks?
a. Unvalidated input 104. How can we prevent dictionary attacks
b. Lack of authentication on password hashes ?
c. Improper error handing a. Hashing the password twice
d. Insecure configuration management b. Encrypting the password using the
Answer: a private key
101. What is the preferred medium for c. Use an encryption algorithm you
backing up log files ? wrote your self so no one knows how
a. Print the logs to a paper it works
b. Create a copy of data in your d. Salting the hash
laptop/desktop Answer: b
c. Copy the files to CD-R's 105. Web server will log which part of a
d. None of the above GET request?
Answer: c a. Hidden tags
102. Temporary files b. Query Strings
a. Should be placed securely in a folder c. Header
called “temp” in the web root d. Cookies
Answer: b

106. is an attack which forces Answer:- d
an end user to execute unwanted actions on 110. To prevent CSRF, validation
a web application in which he/she is should be used.
currently authenticated. a. Referrer
a. Two-factor authentication b. Origin
b. Cross-site request forgery c. Either A or B
c. Cross-site scripting d. None of the above
d. Cross-site scoring scripting
Answer:- b Answer:- c
111. What of the following is a website
107. of home users that have vulnerability?
broadband router with a default or no a. SQL Injection
password (according to the lecture) b. CSRF
c. Cross Side Scripting
a. 85% d. All of the above
b. 64% Answer: - d
c. 50% 112. What happens when an application
d. 45% takes user inputted data and sends it to a
Answer:- c web browser without proper validation and
108. Which of the following is a common escaping?
source blocking? a. Security Misconfiguration
a. Buggy User agents b. Cross Site Scripting
b. User preference in browser c. Insecure Direct Object References
c. Network stripping by local machine d. Broken Authentication and Session
d. All of the above Management
Answer:- d Answer:- b
109. Which of the following is a reason for 113. A Web site that allows users to enter
mounting CSRF attack? text, such as a comment or a name, and
a. Network Connectivity then stores it and later display it to other
b. Read Browser State users, is potentially vulnerable to a kind of
c. Write Browser State attack called a
d. All of the above attack.

a. Two-factor authentication c. Using table indirection
b. Cross-site request forgery d. Using GET/POST parameters
c. Cross-site scripting Answer:- a
d. Cross-site scoring scripting 118. Which of the following is an advanced
Answer:- c anti – XSS tool?
114. is a method of injecting a. Dynamic Data Tainting
malicious code. b. Static Analysis
a. Stored XSS c. Both A and B
b. Reflected XSS d. None of the above
c. DOM based attack Answer:- c
d. All of the above 119. Which of the following is a part of
Answer:- d output filtering / encoding?
115. In cross-site scripting where does the a. Remove / encode (X) HTML special
malicious script execute? chars
a. On the web server b. Allow only safe commands
b. In the user’s browser c. Both A and B
c. On the attacker’s system d. None of the above
d. In the web app model code Answer:- c
Answer:- b 120. Identify the correct statement with
116. Which of the following is the best way respect to ASP.NET output filtering?
to prevent a DOM-based XSS attack? a. Validate request
a. Set the HttpOnly flag in cookies b. Javascript as scheme in URI
b. Ensure that session IDs are not c. Javascript On{event} attributes
exposed in a URL (handlers)
c. Ensure that a different nonce is d. All of the above
created for each request Answer:- d
d. Validate any input that comes
from another Web site
Answer:- d
117. Which of the following is the best way
to prevent malicious input exploiting your
application?
a. Input validation using an allow List
b. Using encryption

Set-IV
1. Which of the following is false for RSA Answer:- d
algorithm :- 5. Some of cryptography protocols are :-
a. Security of RSA depends on problem of a. SSL
factoring large number b. SET
b. In software, RSA is 100 times slower c. IPSec
than DES d. All of the above
c. In hardware, RSA is 10 times slower Answer:- d
than DES 6. Which of the following is true of
d. RSA can be faster than the symmetric SSL(Secured Socket Layer) :-
algorithm a. Client authentication is compulsary
Answer:-c b. It is developed by Netscape
2. Which of the follwoing is true :- c. Connection is need not be encrypted
a. The receiver can verify signature d. All of the above
using public key Answer:- b
b. Public key is used to encrypt the 7. The OSI model has :-
message a. 8 Layers
c. Message is send without any key b. IP Sec protocol in network layer
d. public key cryptography is symmetric c. SSL protocol in application layer
cryptography d. All of the above
Answer:-a Answer:- b
3. A cryptographic hash functions are : 8. In OSI Model :-
a. Easy to compute a. routing takes place in network layer
b. Used in creating digital fingerprint b. Physical layer transmits and
c. Both 1 and 2 receives unstructured raw data
d. None of the above c. HTTP is application level protocol
Answer:- c d. All of the above
4. In public key distribution :- Answer:- d
a. Public keys are published in a database 9. A public key certificate contains :-
b. Receiver decrypts the message using a. Private and public key of the entity
their private key being certified
c. Sender gets receiver’s public key from b. Digital signature algorithm id
databse c. Identity of the receiver
d. All of the above d. Both 1 and 2

Answer:- d c. Public key is needed for DNSSEC
Answer:- c
10. In HTTP model, content being sent might 16. Which one is DES?
be changed by a third person a. Block cipher
a. True b. Bit cipher
b. False c. Stream clipher
Answer:- a d. None of the above
11. The TLS is developed by Microsoft Answer a
a. True
b. False 17. Encryption system is?
Answer:- b a. Symmetric key encryption
12. Which of the following is false :- algorithm
a. There are 13 root servers in the world b. not an encryption algorithm
b. DoS attack was performed on them in c. Asymmetric key encryption
2007 algorithm
c. Both 1 and 2 d. None of the above
d. None of the above Answer a
Answer:- c
13. DNS cache poisoning is 18. Which one is not a RC5 operation?
a. Entering false information into DNS a. RC5-CipherText Stealing
cache b. RC5-Cipher Block Chaining
b. Also known as DNS spoofing c. RC5-Cipher Padding
c. where raffic goes to wrong website d. RC5 block cipher
d. All of the above Answer : c
Answer:- d 19. An asymmetric-key cipher uses
14. DNS servers generally use UDP protocol a. 1 Key
a. True b. 2 Key
b. False c. 3 Key
Answer:- a d. 4 Key
15. Which of the following is wrong :- Answer - b
a. DNSSEC provides mechanism to 20. Which one of the following protocol is
authenticate servers and requests used to secure HTTP connection?
b. DNSSEC protects from data a. Resource reservation protocol
spoofing b. Transport layer security (TSL)

c. Xplicit congestion notification 25. Encryption algorithm is used to
(ECN) transforms plaintext
d. Stream control transmission into……………………….
protocol (SCTP) a. Simple Text
Answer - b b. Cipher Text
c. Empty Text
21. Cryptography term is used to d. None of the above
transforming messages to make them Answer : d
secure and to prevent from
a. Change 26. What is cipher in Cryptography ?
b. Defend a. Algorithm for performing
c. Idle encryption
d. Attacks b. Algorithm for performing
Answer : d decryption
c. Encrpted Messages
22. Shift cipher is also referred to as the d. Both algorithm for
a. Caesar cipher performing encryption and
b. cipher text Decryption and encrypted
c. Shift cipher message
d. None of the above Answer - d
Answer: a 27. Which clipher is used for providing voice
23. Which one is the Heart of Data privacy in GSM cellular telephone
Encryption Standard (DES)? protocol
a. DES function a. b5/4 cipher
b. Encryption b. A5/2 cipher
c. Rounds c. b5/6 cipher
d. Cipher d. b5/8 cipher
Answer - a Answer - b
28. The message before being transformed, is
24. DES stands for………………… a. Simple Text
a. Data Encryption Slots b. Cipher Text
b. Data Encryption Subscription c. Empty Text
c. Data Encryption Standard d. plain text
d. Data Encryption Solutions Answer :d
Answer – c

29. Data Encryption Standard (DES), was 33. In symmetric-key cryptography both
designed by party used
a. intel a. same keys
b. IBM b. multi keys
c. HP c. different keys
d. Sony d. two keys
Answer :b Answer a
34. In symmetric-key cryptography, the key
30. In Asymmetric-key Cryptography, locks and unlocks the box is
although Rivest, Shamir, and Adelman a. same
(RSA) can be used to encrypt and decrypt b. shared
actual messages, it is very slow if the c. private
message is d. public
a. short Answer a
b. long 35. The keys used in cryptography are
c. flat a. secret key
d. thin b. private key
Answer b c. public key
d. different key
31. In symmetric-key cryptography, the key Answer d
used by the sender and the receiver is 36. Data Encryption Standard (DES) is an
a. shared example of
b. different a. complex block cipher
c. two keys are used b. cryptography
d. same keys are used c. Electronic Cipher Book
Answer a d. Electronic Code Book
32. In Rotation Cipher, keyless rotation the Answer a
number of rotations is 37. The relationship between a character in
a. jammed the plaintext to a character is
b. idle a. many-to-one relationship
c. rotating b. one-to-many relationship
d. fixed c. many-to-many relationship
Answer d d. one-to-one relationship
Answer b

38. Cryptography, a word with Greek origins, d. Intel
means Answer a
a. corrupting data
b. secret writing 43. ECB stands for
c. open writing a. Electronic Control Book
d. closed writing b. Electronic Code Book
Answer b c. Electronic Cipher Book
39. A transposition cipher reorders d. Electronic Cryptography Book
(permutes) symbols in a Answer b
a. block of packets 44. The cipher which uses the exclusive-or
b. block of slots operation as defined in computer science
c. block of signals is called
d. block of symbols a. caesar cipher
Answer d b. xor cipher
40. The Cipher Feedback (CFB) mode was c. cipher
created for those situations in which we d. cipher text
need to send or receive R bits of Answer b
a. frames
b. pixels 45. The cryptography can provide
c. data a. entity authentication
d. encryption b. nonrepudiation of messages
Answer c c. confidentiality
41. In Cryptography, when text is treated at d. authentication
the bit level, each character is replaced by Answer d
a. 4 bits 46. The shift ciphers sometimes referred to as
b. 6 bits the
c. 8 bits a. caesar cipher
d. 10 b its b. julia cipher
Answer c c. plain cipher
42. The Advanced Encryption Standard d. XOR cipher
(AES) was designed by Answer a
a. National Institute of Standards and 47. RSA stands for
Technology a. Rivest, Shamir, and Adleman
b. IBM b. Roger, Shamir, and Adrian
c. HP c. Robert, Shamir, and Anthoney

d. Rivest, Shaw, and Adleman
Answer a
48. The Data Encryption Standard (DES) was
designed by
a. Microsoft
b. Apple
c. IBM

Set-V
c. Network
1. In TCP, sending and receiving data is d. Presentation
done as Answer:- d
a. Stream of bytes 6. is a library for formatting raw
b. Sequence of characters packets with arbitrary IP headers.
c. Lines of data a. Libnet
d. Packets b. HeadLib
Answer:- b c. IPLib
2. TCP groups a number of bytes together d. None of the above
into a packet called Answer:- a
a. Packet 7. Which of the following is correct for
b. Buffer Transmission Control Protocol?
c. Segment a. Connection Oriented
d. Stack b. Preserves order
Answer:- c c. Both A and B
3. Which of these is not applicable for IP Answer:- c
protocol?
a. Is connectionless 8. Which of the following is a basic security
b. Offer reliable service problem?
c. Offer unreliable service a. Network packets pass by
d. None of the mentioned untrusted hosts
Answer:- b b. TCP state easily obtained by
4. Which of the following is a function of IP eavesdropping
Protocol? c. Denial of service vulnerabilities
a. Error reporting d. All of the above
b. Fragmentation and Reassembly Answer:- d
c. Routing 9. Which protocol ensures reliable delivery?
d. All of the above a. TCP
Answer:- d b. UDP
5. Which of the following is not a layer of c. Both A and B
TCP protocol stack? d. None of the above
a. Application Answer:- a
b. Transport

d. Non-distance vector
10. Which protocol uses window flow
system? Answer:- b
a. UDP 15. In OSPF, a ……… link is a network with
b. TCP several routers attached to it.
c. FTP a. Point-to-point
d. None of the above b. Transient
Answer:- b c. Stub
11. Which of the following is not a routing d. Multipoint
protocol? Answer:- b
a. OSPF 16. Which of the following are the solutions
b. BGP to network security?
c. ARP i) Encryption ii) Authentication
d. MGP iii) Authorization iv) Non-repudiation
Answer:- d a. i, ii and iii only
12. What is full form of ARP? b. ii, iii and iv only
a. Address Resolution Protocol c. i, iii and iv only
b. Allied Resolution Protocol d. All i, ii, iii and iv
c. Address Resolution Process Answer:- d
d. Address Rectification Protocol 17.is to protect data and
Answer:- a passwords.
13. ROA stands for – a. Encryption
a. Route Organization b. Authentication
Administration c. Authorization
b. Route Organization d. Non-repudiation
Authorization Answer:- a
c. Rules of Authorization 18. The following protocols and systems are
d. Rules of Administration commonly used to provide various
Answer:- b degrees of security services in a computer
14. The Open Shortest Path First (OSPF) network.
protocol is an intra domain routing i) IP filtering
protocol based on routing. ii) Reverse Address Translation
a. Distance vector iii) IP Security Architecture (IPsec)
b. Link state iv) Firewalls
c. Path vector v) Socks

a. i, ii, iii and iv only 23. In ........................ Mode, the
b. i, iii, iv and v only authentication header is inserted
c. ii, iii, iv and v only immediately after the IP header.
d. All i, ii, iii, iv and v a. Tunnel
Answer:- b b. Transport
19. A firewall is installed at the point where c. Authentication
the secure internal network and untrusted d. Both A and B
external network meet which is also Answer:- a
known as ……………… 24. State true or false.
a. Chock point i) Socks are a standard for circuit-level
b. meeting point gateways.
c. firewall point ii) NAT is used for the small number of hosts
d. secure point in a private network.
Answer:- a a. True, False
20. Which of the following is/are the types of b. False, True
firewalls? c. True, True
a. Packet Filtering Firewall d. False, False
b. Dual Homed Gateway Firewall Answer:- c
c. Screen Host Firewall 25. A ......................... is an extension of an
d. All of the above enterprise’s private intranet across a
Answer:- d public Network such as the Internet,
21. The components of IP security includes creating a secure private connection.
a. Authentication Header (AH) a. VNP
b. Encapsulating Security Payload (ESP) b. VPN
c. Internet Key Exchange (IKE) c. VSN
d. All of the above d. VSPN
Answer:- d Answer:- b
22.is used to carry traffic 26. The primary goal of the
of one protocol over the network that does ………………….. protocol is to provide
not support that protocol directly. a private channel between communicating
a. Tunneling application, which ensures privacy of data
b. Transferring authentication of the partners, and
c. Trafficking integrity.
d. Switching a. SSL
Answer:- a b. ESP

c. TSL b. SSL authentication protocol
d. PSL c. SSL record protocol
Answer:- a d. SSL cipher protocol
27. The ..................... is used to provide Answer:- c
integrity check, authentication and 31. While initiating SSL session, the client
encryption to IP datagram. code recognizes the SSL request and
a. SSL establishes a connection through TCP
b. ESP Part ......................to the SSL code on the
c. TSL server.
d. PSL a. 420
Answer:- b b. 1032
28. In .................................mode, a common c. 443
technique in packet-switched networks d. 322
consists of wrapping a packet in a new Answer:- c
one. 32. On the upper layer of SSL, a protocol for
a. Tunneling initial authentication and transfer of
b. Encapsulation encryption keys, called the
c. Both A and B …………………
d. None of the above a. SSL handshake protocol
Answer:- c b. SSL authentication protocol
29. The ........................................ Is a c. SSL record protocol
collection of protocols designed by d. SSL cipher protocol
Internet Engineering Task Force(IETF) to Answer:- a
provide security for a packet at the 33. State whether the following statement are
Network level. true.
a. IPsec i) An application-level gateway is often
b. Netsec referred to as a proxy.
c. Packetsec ii) In proxy, a direct connection is established
d. Protocolsec between the client and destination server.
Answer:- a a. True, False
30. At the lower layer of SSL, a protocol for b. False, True
transferring data using a variety of c. True, True
predefined cipher and authentication d. False, False
combinations called the ………………. Answer:- a
a. SSL handshake protocol

34. In packet-filtering router, the following 38. Network layer firewall works as a
information can be external from the
packet header. a. frame filter
i) Source IP address b. packet filter
ii) Destination IP address c. signal filter
iii) TCP/UDP source port d. content filter
iv) ICMP message type Answer: b
v) TCP/UDP destination port 39. Network layer firewall has two sub-
a. i, ii, iii and iv only categories called
b. i, iii, iv and v only a. stateful firewall and stateless firewall
c. ii, iii, iv and v only b. bit oriented firewall and byte oriented
d. All i, ii, iii, iv and v firewall
Answer:- d c. frame firewall and packet firewall
35.mode is used whenever d. network firewall and data firewall
either end of a security association is Answer: a
gateway. 40. WPA2 is used for security in
a. Tunnel a. ethernet
b. Encapsulating b. bluetooth
c. Transport c. wi-fi
d. Gateway d. e-mail
Answer:- a
36. IPSec is designed to provide security at Answer: c
the 41. An attempt to make a computer resource
a. transport layer unavailable to its intended users is called
b. network layer
c. application layer a. denial-of-service attack
d. session layer b. virus attack
Answer: b c. worms attack
37. In tunnel mode, IPSec protects the d. botnet process
Answer: a
a. Entire IP packet 42. Extensible authentication protocol is
b. IP header authentication framework frequently used
c. IP payload in
d. IP trailer a. wired personal area network
Answer: a b. wireless networks

c. wired local area network
d. wired metropolitan area network Answer: b
43. Pretty good privacy (PGP) is used in
a. browser security
b. email security
c. FTP security
d. wifi security Answer: b
44. PGP encrypts data by using a block cipher called

a. international data encryption algorithm
b. private data encryption algorithm
c. internet data encryption algorithm
d. local data encryption algorithm Answer: a
45. When a DNS server accepts and uses incorrect information from a host that has no authority giving
that information, then it is called
a. DNS lookup
b. DNS hijacking
c. DNS spoofing
d. DNS authorizing Answer: c
46. Network layer firewall works as a
a. Frame filter
b. Packet filter
c. Content filter
d. Virus filter
Answer: b
47. Network layer firewall has two sub- categories as
a. State full firewall and stateless firewall
b. Bit oriented firewall and byte oriented firewall
c. Frame firewall and packet firewall
d. Network layer firewall and session layer firewall
Answer: a
48. A firewall is installed at the point where the secure internal network and untrusted external
network meet which is also known as
a. Chock point
b. Meeting point
c. Firewall point
d. Secure point Answer: a
49. Which of the following is / are the types of firewall?

a. Packet Filtering Firewall
b. Dual Homed Gateway Firewall
c. Screen Host Firewall
d. Dual Host Firewall Answer: a
50. A proxy firewall filters at
a. Physical layer
b. Data link layer
c. Network layer
d. Application layer
Answer: d

Cyber Security MCQ Set 1-5

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Security MCQ Set 1-5

Uploaded by

Copyright:

Available Formats

1.

exploited the most? b. $100/day

b. Browser d. Both A and B

c. Adobe Flash Player Answer: (d)

d. Microsoft Office 8. Which of the following is not an advantage of

Answer: (b) Browser studying Cyber Security?

4. The computer vulnerabilities and exploits computer system

databases are maintained by . b. It allows you to know the ways through

a. Kaspersky Lab which cyberspace can be breached

b. Symantec Corporation c. Both A and B

c. MITRE Corporation d. None of the above

d. None of the above Answer: (d)

respect to Ransomware? banker?

a. It is a form of Malware a. It is a trojan horse

1 Dr. Abhay Shukla | Cyber Security | MCQ

2 Dr. Abhay Shukla | Cyber Security | MCQ

3 Dr. Abhay Shukla | Cyber Security | MCQ

30. framework made cracking of a. network protocol analysis

4 Dr. Abhay Shukla | Cyber Security | MCQ

5 Dr. Abhay Shukla | Cyber Security | MCQ

6 Dr. Abhay Shukla | Cyber Security | MCQ

a. GoS attack a. WEP

7 Dr. Abhay Shukla | Cyber Security | MCQ

a. Keyhijacking 68. Which one of the following can be

8 Dr. Abhay Shukla | Cyber Security | MCQ

9 Dr. Abhay Shukla | Cyber Security | MCQ

77. Which of the following refers to the a. 1

10 Dr. Abhay Shukla | Cyber Security | MCQ

11 Dr. Abhay Shukla | Cyber Security | MCQ

12 Dr. Abhay Shukla | Cyber Security | MCQ

13 Dr. Abhay Shukla | Cyber Security | MCQ

14 Dr. Abhay Shukla | Cyber Security | MCQ

1. According to the CIA Triad, which of the d. Non-repudiation

15 Dr. Abhay Shukla | Cyber Security | MCQ

16 Dr. Abhay Shukla | Cyber Security | MCQ

17 Dr. Abhay Shukla | Cyber Security | MCQ

18 Dr. Abhay Shukla | Cyber Security | MCQ

19 Dr. Abhay Shukla | Cyber Security | MCQ

20 Dr. Abhay Shukla | Cyber Security | MCQ

21 Dr. Abhay Shukla | Cyber Security | MCQ

22 Dr. Abhay Shukla | Cyber Security | MCQ

68. Identify whether the following code has

a. Buffer overflow attacks

c. Format string vulnerabilities

70. The overflows exploits can be detected by

23 Dr. Abhay Shukla | Cyber Security | MCQ

71. Which of the following is an

72. Overflow code execution

a. halting the process

73. Arbitrary programs can be best

a. return oriented programming

24 Dr. Abhay Shukla | Cyber Security | MCQ

75. In ASLR, an attacker cannot jump a. Return Oriented Programming

77. Which of the following is not a method

25 Dr. Abhay Shukla | Cyber Security | MCQ

2. Which of the following is correct with

a. systrace b. Network sniffer

28 Dr. Abhay Shukla | Cyber Security | MCQ

29 Dr. Abhay Shukla | Cyber Security | MCQ

30 Dr. Abhay Shukla | Cyber Security | MCQ

31 Dr. Abhay Shukla | Cyber Security | MCQ

32 Dr. Abhay Shukla | Cyber Security | MCQ

33 Dr. Abhay Shukla | Cyber Security | MCQ

34 Dr. Abhay Shukla | Cyber Security | MCQ