1.

What is the attack technique used to exploit websites by altering

backend database queries through inputting manipulated queries?
A. LDAP Injection
B. XML Injection
C. SQL Injection
D. OS Commanding
2. What happens when an application takes user-inputted data and
sends it to a web browser without proper validation and escaping?
A.Security Misconfiguration
B.Cross Site Scripting
C.Insecure Direct Object References
D.Broken Authentication and Session Management
3. What flaw arises from session tokens having poor randomness
across a range of values?
A.Insecure Direct Object References
B.Session Replay
C.Session Fixation
D.Session Hijacking
4.An attack technique that forces a user’s session credential or
session ID to an explicit value.
A.Brute Force Attack
B.Session Hijacking
C.Session Fixation
D.Dictionary Attack
5. An attack technique that forces a user’s session credential or
session ID to an explicit value.
A.Brute Force Attack
B.Session Hijacking
C.Dictionary Attack
D.Session Fixation
6.What threat arises from not flagging HTTP cookies with tokens as
secure?
A.Session Hijacking
B.Insecure Cryptographic Storage
C.Access Control Violation
D.Session Replay
7. Which attack can execute scripts in the user’s browser and is
capable of hijacking user sessions, defacing websites, or redirecting
the user to malicious sites?
A.SQL Injection
B.Cross site scripting
C.Malware Uploading
D.Man in the middle
8. What flaw can lead to exposure of resources or functionality to
unintended actors?
A.Session Fixation
B.Improper Authentication
C.Insecure Cryptographic Storage
D.Unvalidated Redirects and Forwards
9. Which threat can be prevented by having unique usernames
generated with a high degree of entropy?
A.Crypt-analysis of hash values
B.Spamming
C.Authorization Bypass
D.Authentication bypass
10. What threat are you vulnerable to if you do not validate the
authorization of the user for direct references to restricted
resources?
A.SQL Injection
B.Cross Site Scripting
C.Cross Site Request Forgery
D.Insecure Direct Object References
11. Role-Based Access control helps prevent this OWASP Top 10
weakness.
A.Failure to restrict URL Access
B.Unvalidated Redirect or Forward
C.Security Misconfiguration
D.Insufficient Transport Layer Protection
12. What is the type of flaw that occurs when untrusted user-entered
data is sent to the interpreter as part of a query or command?
A.Insecure Direct Object References
B.Injection
C.Cross Site Request Forgery
D.Insufficient Transport Layer Protection
13. For every link or form which invokes state-changing functions
with an unpredictable token for each user what attack can be
prevented?
A.OS Commanding
B.Cross Site Scripting
C.Cross Site Request Forgery
D.Cross Site Tracing
14. For a connection that changes from HTTP to HTTPS, what flaw
arises if you do not change the session identifier?
A.Session Replay
B.Cross Site Scripting
C.Cross Site Request Forgery
D.Session Hijacking
15. The attack exploits the trust that a site has in a user's browser.
A.Session Hijacking
B.Cross Site Request Forgery
C.SQL Injection
D.Cross Site Scripting
16. For an indirect reference, what happens if there’s no list of
limited values authorized for a user in the direct reference?
A.SQL Injection
B.Brute Forcing of stored encrypted credentials
C.XML Injection
D.Access to sensitive data possible
17. We can allow client-side scripts to execute in the browsers for
needed operations.
A.True
B.False
18. Session related vulnerabilities.
A.Session Fixation
B.Session Hijacking
C.Session Tracing
D.Session Spotting
E.Session Spoofing
19. What is phishing?
A.Data transfer protocol
B.Email Scam
C.Network scandal
D.Cross domain scandal
20. What is a cookie?
A.A computer virus
B.A file that makes it easier to access a Web site and browse.
C.A file that hackers use to steal your identity.
D.Web application file
21. You receive an e-mail from Desjardins saying that you have won
a contest. What should you do?
A.Hurry to provide all the information so you can claim your prize as quickly
as possible.
B.Contact Caisse to confirm the information.
C.Answer the e-mail and ask them to call you with more information.
D.Forward the mail to others for their opinion.
22. An IP Address is the Internet equivalent of:
A.Your mailing address
B.Your Birth Date
C.Your modem configuration number
D.Your social security number
23. Statistics show that many companies connected to the Internet
are not sufficiently secure. Why not?
A.Many companies do not have a written security policy in place.
B.Many companies do not have physical security for the company networks
C.Many companies have insufficient protection between the Internet and
company networks.
D.Many companies have insufficient information about the traffic over the
company networks.
24. The use of proper security techniques can:
A.Minimize the threat of attackers
B.Allow access to unauthorized users
C.Prevent most hackers from accessing your system.
D.Provide 100 percent security
25. Network permissions should be established so that users can
accomplish their tasks, but cannot access any system resources that
are not necessary so that:
A.A hacker cannot steal a legitimate user's identity.
B.Users will not have access to and misuse system resources.
C.Only the resources authorized for that user will be at risk.
D.Hackers will not pose as legitimate users.
26. The characteristics of an effective security system are that the
system is:
A.Difficult to use, so that prevents access
B.Highly secure, easy to use, flexible, and scalable
C.One that provides comprehensive alarming and reporting
D.Capable of ensuring that there is no hacker activity

Which of the following consequences is most likely to occur due to an injection

attack?
Spoofing
Cross-site request forgery
Denial of service
Insecure direct object references

Your application is created using a language that does not support a clear
distinction between code and data. Which vulnerability is most likely to occur
in your application?
Injection
Insecure direct object references
Failure to restrict URL access
Insufficient transport layer protection

Which of the following scenarios is most likely to cause an injection attack?

Unvalidated input is embedded in an instruction stream.
Unvalidated input can be distinguished from valid instructions.
A Web application does not validate a client’s access to a resource.
A Web action performs an operation on behalf of the user without checking a
shared secret.

A user is able to pass malicious input that invokes control codes in your Web
application. Which vulnerability is most likely to occur in your Web
application?
Injection
Insecure direct object references
Failure to restrict URL access
Insufficient transport layer protection

Which of the following is the best way to protect against injection attacks?
SQL queries based on user input
Input validation using an allow list
Memory size checks
Validate integer values before referencing arrays

Which of the following is most vulnerable to injection attacks?

Session IDs
Registry keys
Regular expressions
Server configuration files

Which character is most likely to be used for an SQL injection attack?

Single quote (')
Null
Less than sign(<)
Greater than sign(>)

Which mitigation technique can help you strictly define valid input?
Allow list
Memory size checks
Table indirection
Escaping

Which of the following architecture-level techniques are the best approaches to

prevent attacks based on malicious input?
Allow list
Table indirection
Escaping
Memory size checks

Which mitigation technique helps you tell the parser that a specific character is
a literal and not a control character?
Table indirection
Allow list
Escaping
Block list

True or false: You should use a blacklist wherever possible; use whitelists only
as a secondary defense.
True
False

Which of the following is the best way to define disallowed inputs?

Allow list
Block list
Table indirection
Escaping

Which of the following is an injection attack?

Cross-site scripting
Cross-site request forgery
Insecure direct object references
Broken authentication and session management

Which of the following languages are the primary targets of cross-site

scripting?
HTML
SQL
XSLT
XPath

Which of the following attacks occurs when a malicious user convinces a

victim to send a request to a server with malicious input and the server echoes
the input back to client?
Reflected XSS
Persistent XSS
Insecure direct object references
Failure to restrict URL access
Which of the following is the best way to prevent a DOM-based XSS attack?
Set the HttpOnly flag in cookies
Ensure that session IDs are not exposed in a URL
Ensure that a different nonce is created for each request
Validate any input that comes from another Web site

How does malicious input flow in a DOM-based XSS?

From server to client
From client to itself
From attacker to server
From victim to server

Which of the following is the best way to prevent malicious input exploiting
your application?
Input validation using an allow List
Using encryption
Using table indirection
Using GET/POST parameters

You should set the HttpOnly flag in a cookie to ensure that:

The cookie is not available to client scripts.
The cookie is deleted when the user closes the browser.
The cookie is sent over an encrypted channel.
The cookie is a persistent cookie.

You should set a secure flag in a cookie to ensure that:

The cookie is a persistent cookie.
The cookie is not available to client script.
The cookie is sent over an encrypted channel.
The cookie is deleted when the user closes the browser.

An attacker submits data to the server and the data is stored on the server.
Which type of vulnerability is most likely to occur in your application?
DOM-based XSS
Reflected XSS
Persistent XSS
Cross-site request forgery
Which of the following input sources can be directly controlled by a malicious
user?
GET/POST parameters
Server configuration files
Ports
Server code

Which of the following scenarios is most likely to result in broken

authentication and session management vulnerabilities?
Poorly implemented custom code is used.
Session-based indirection is used.
Unused and unnecessary services code and DLLs are disabled.
The HttpOnly flag is set in cookies.

Which of the following actions should you take before implementing a custom
authentication and session management system?
Find out if the HttpOnly flag is set in cookies.
Find out if you can use a small extension to an existing component to
implement the system.
Find out if form variables are available to store data.
Find out if you need to use session-based indirection.

True or false: When implementing an authentication or session system you

should ensure that new session IDs are not created at login.
True
False

Which of the following functionalities should you include in an authentication

and session management system?
Logout functionality
Regular expressions
Escaping functionality
Forwarding system functionality

Why should you use CAPTCHA?

To create cryptographically random session IDs
To protect credentials by using encryption or cryptographic salt and hash
To protect authentication systems from automated or brute-force attacks
To ensure that authentication systems implement inactivity timeout
functionality

What should you do before passing credentials over the network?

Replace the credentials with a cryptographic salt and hash.
Accept session IDs from URLs.
Share the credentials with the client.
Use persistent cookies to manage session IDs.

Which location should you ideally use to store a session ID?

URLs
Form variables
Persistent cookies
Non-persistent cookies

Which of the following is the best way to ensure that JavaScript cannot be used
to access a cookie?
Set the secure flag in the cookie
Set the HttpOnly flag in the cookie
Use the CAPTCHA system
Use non-persistent cookies

Which of the following is an authentication system mandatory requirement?

Form variables are used for managing session IDs.
Use a GOTCHA to prevent automated attacks.
User logout and session inactivity controls.
Session IDs are only accepted from cookies and parameter variables.

A session-based system authenticates a user to a Web site to provide access to

restricted resources. To increase security in this scenario an authentication
token should meet which of the following requirements?
It should identify returning users to the site.
It should be public information.
It should always use a persistent cookie.
It should always use a non-persistent cookie.

True or false: An identification token is a replacement for a user’s credentials

and should allow access to restricted resources of a Web site.
True
False

Which of the following tasks is performed by a session-based system?

Identifying returning users
Using form variables for managing session IDs
Using the HTTP protocol
Sending successful logins to a well-known location

Which threat is most likely to occur when a Web application fails to validate a
client's access to a resource?
Injection
Cross-site scripting
Insecure direct object reference
Cross-site request forgery

Which of the following objects is most susceptible to an insecure direct object

reference attack?
Nonpersistent cookies
Registry keys
Conditional constructs
GET/POST parameters

Which of the following vulnerabilities is most likely to occur due to an

insecure direct object reference attack?
Executing commands on the server.
Impersonating any user on the system.
Modifying SQL data pointed to by the query.
Accessing a resource without authorization.

Which of the following is the best way to mitigate the threat of an insecure
direct object reference attack?
Use session-based indirection.
Use POST parameters instead of GET parameters.
Use a regular expression.
Send successful logins to a well-known location instead of automatic
redirection.
True or false: Time of Check Time of Use (TOCTOUoccurs if the
authorization check is performed on one page of a Web site and the resource is
used on a different page.
True
False

Your Web application stores information about many accounts. Which threat is
your Web application susceptible to if you can manipulate the URL of an
account page to access all accounts?
Cross-site request forgery
Insecure direct object reference
Cross-site scripting
Injection

Which of the following threats is most likely to be caused by poor input

validation?
Enabling of IPSec
Insecure direct object reference
Insecure cryptographic storage
Insufficient transport layer protection

Which threat is most likely to occur when a POST parameter performs an

operation on behalf of a user without checking a shared secret?
Cross-site request forgery
Insecure direct object reference
Cross-site scripting
Injection

Which of the following is the most common result of a cross-site request

forgery?
Elevation of privilege
Disabled security features
Enabling of IPSec
Misconfigured security features

An attacker lures a victim to malicious content on a Web site. A request is

automatically sent to the vulnerable site which includes victim’s credentials.
Which attack is most likely to occur in this scenario?
Injection
Cross-site scripting
Insecure direct object reference
Cross-site request forgery

True or false: The downside of a nonce is that it needs to be stored on the

client.
True
False

What should you add to an hash-based message authentication code (HMAC)

to ensure that the secret value is unique for each request?
Salt
Nonce
Session ID
Timestamp

Which of the following practices should you observe in order to implement

defense-in-depth techniques against CSRF attacks?
Use GET parameters
Use automatic redirection.
Don’t include secrets in the URL.
Resubmit POST parameters during redirection.

True or false: HTTP GET parameters limit the types of manipulation a

malicious user can perform on the victim to forge a request.
True
False

Which of the following mistakes is most often associated with a security

misconfiguration threat?
Cross-site request forgery
Failure to disable default accounts
Bad cryptography
Unsafe key storage

You have not yet applied some recent service packs and updates to your Web
application. Which of the following threats is your Web server susceptible to?
Injection
Security misconfiguration
Insecure cryptographic storage
Cross-site request forgery
Which of the following is the best way to reevaluate your environment and
address new threats?
Add or remove network segments.
Use the white-list validation of allowed input technique.
Use custom cryptographic algorithms.
Use your browser to forge unauthorized requests.

Which of the following procedures are involved in the hardening process?

Disable unnecessary features.
Resubmit POST parameters during redirection.
Repeat the process at random intervals.
Update the environment with changes only when needed.

Which of the following consequence is most likely to result if your production

environment does not match your development, testing and staging
environments?
Your application may not work as expected.
Testing your application may take a long time.
Your application may be expensive to administer.
Your application may have too many configuration files.

Which of the following can result in insecure cryptography?

Unsalted hash
Unused services
Default accounts
Rotating keys frequently

Which of the following is most likely to result in insecure cryptography?

Unused services
Unsalted hash
New products
Missing patches

Which of the following may result in cryptographic weakness?

Failure to restrict URL access
Insufficient cryptographic protocols
Missing patches
Unnecessary/unused services or features

Which of the following protocols is a network layer encryption protocol?

HTTP
EFS
IPSec
Kerberos

Which of the following factors helps you secure keys?

Complexity
Session-based indirection
Escaping
Encryption

Which of the following combines public-key cryptography with a

cryptographic hash?
Nonce
Digital signature
SSL
Salt

Which of the following depicts the typical impact of failure to restrict URL
access?
Attackers perform man-in-the-middle attacks.
Attackers impersonate any user on the system.
Attackers invoke functions and services they have no authorization for.
Attackers perform all actions that the victims themselves have permission to
perform.

Which of the following actions should you take to test the security of your Web
application?
Use policy mechanisms.
Use a simple and positive model at every layer.
Set the secure flag on session ID cookies.
Use your browser to forge unauthorized requests.

Which of the following should you use to protect the connections between the
physical tiers of your application?
EFS
SSL
HTTP
Kerberos
Which of the following is the best way to implement transport layer protection?
Install IDS
Enable SSL
Set the HttpOnly flag on session ID cookies
Perform client-side validation.

Which of the following is most likely to result from unvalidated redirects and
forwards?
Brute force attack
Network sniffing
Man-in-the-middle attack
Bypassed authorization checks

Which of the following is the best way to protect a Web application from
unvalidated redirects and forwards?
Validate the referrer header.
Use extended validation certificates.
Use the escaping technique.
Disallow requests to unauthorized file types.

Which of the following is the best way to detect unvalidated redirects and
forwards?
Use internal transfers without authorizing the user for target URL
Use your browser to forge unauthorized requests
Use weblogs to identify redirects and forwards
Use policy mechanisms

True or false: Most security issues are related to input and a user’s ability to
interact with and control input.
True
False

True or false: If user input can be confused for instructions in the language or
the way the language is applied then the language is vulnerable to an injection
attack.
True
False

In which of the following scenarios should you use the escaping technique?
When user input is echoed back to the user in HTML
When you need to validate any input as valid input
When you are trying to protect against regular expression injection
When you need to tell the interpreter that input is code

Which of the following is the best way to prevent unvalidated redirect and
forwards vulnerabilities?
Use an allow list such as table indirection.
Use client-side validation.
Allow only absolute redirects.
Use session-based indirection.

(1) Which of the category added newly in OWASP Top 10 2021?

(A) Broken Access Control
(B) Insecure Design
(C) Software and Data Integrity Failure
(D) Server-Side Request Forgery (SSRF)
(2) What are the weaknesses included in Cryptographic Failures?
(A) Use of Hard-coded Password
(B) Broken or Risky Crypto Algorithm
(C) SQL Injection
(D) Insufficient Entropy
(3) What are the weaknesses included in Software and Data Integrity Failures?
(A) Download of Code Without Integrity Check
(B) Insufficient Entropy
(C) Deserialization of Untrusted Data
(D) Broken or Risky Crypto Algorithm
(4) Which category of OWASP Top 10 broadly cover SolarWinds malicious
update-related issue?
(A) Identification and Authentication Failures
(B) Software and Data Integrity Failures
(C) Server-Side Request Forgery
(D) Security Logging and Monitoring Failures
(5) How to prevent Injection vulnerability in a web application?
(A) Use Security Headers
(B) Use of safe API
(C) Use HTTPS/TLS protocol
(D) Input validation
(6) What are the example attacks of Identification and Authentication Failures?
(A) CSRF
(B) Use of Credential Stuffing
(C) Exploiting third party component
(D) Retrieve credit card numbers by exploiting SQL Injection flaw
(7) What are the weaknesses included in Security logging and monitoring?
(A) Omission of Security-relevant Information
(B) SQL Injection
(C) Insufficient Entropy
(D) Insertion of Sensitive Information into Log File
(8) Which category includes XSS in OWASP Top 10 2021?
(A) Broken Access Control
(B) Insecure Design
(C) Software and Data Integrity Failure
(D) Injection
(9) Which category includes Insecure Deserialization in OWASP Top 10 2021?
(A) Broken Access Control
(B) Insecure Design
(C) Software and Data Integrity Failure
(D) Injection
(10) Reusing a Nonce, Key Pair in Encryption cover in which category of
OWASP Top 10 2021?
(A) Broken Access Control
(B) Insecure Design
(C) Software and Data Integrity Failure
(D) Cryptographic Failure

1. "|/bin/ls -al" is a payload for which injection attack?

a) All of the above b) HTML Injection
c) OS Command Injection d) SQL Injection
2. Can an attacker get access to victim machine using Injection attack.
a) No b) Yes
3. LDAP stands for
a) Lightweight Directory Access Protocol b) Lightweight Directory Access
Port
c) Lightweight Dictionary Access Port d) Lightweight Dictionary Access
Protocol
4. Which of the following input sources can be directly controlled by a
malicious user? (Choose two.)
a) Server configuration files b) Window.location
c) GET/POST parameters d) Ports and network resources
5. Which of the following is most common intercepting tool?
a) Burp Suite b) Commix
c) BeEF d) SQL Map
6. Which of the following automated tools are used for SQLi attack
a) sqlmap b) commix
c) BeEF d) Wireshark
7. Which of the following is safe from SQLi (JAVA)
a) String custname =
request.getParameter("customerName");
String query = "SELECT balance FROM user
WHERE uname = ? ";
PreparedStatement pstmt =
connection.prepareStatement( query );
pstmt.setString( 1, custname);
b) String custname =
request.getParameter("customerName");
String query = "SELECT balance FROM data
WHERE uname = "
+ custname;
8. Which of the following are SMTP Header:-
a) All of the above b) FROM
c) TO d) CC
9. when user input is placed into EMAlL headers without adequate sanitization,
allowing an attacker to
inject additional headers with arbitrary values. This results in:
a) SQL Injection b) SMTP header injection
c) OS Command Injectio d) XSS
10. SMTP Header Injection may lead to: (More than one correct option)
a) attach viruses b) send copies of emails to third parties
c) deliver phishing attacks d) alter the content of emails

1. What does `nonrepudiation` mean?

a) Who created this data? b) Has the data changed?
c) Who did what? d) What can you do?
2. What are the cryptographic hash function properties?
a) Reversible function change b) One-way function change
c) Fixed-length hash values d) Deterministic behavior
e) Unfixed hash values
3. What hash functions are safe from the `hashlib` package?
a) BLAKE2 b) SHA-3
c) SHA-1 d) SHA-2
e) MD5
4. Who is the winner of the 2015 Password Hashing Competition?
a) SHA-3 b) BLAKE2
c) scrypt d) Argon2
5. Which hash function you should use if you need to hash large amounts of
data?
a) SHA-2 b) Argon2
c) bcrypt d) BLAKE2
6. Which package you shouldn’t use for a key generation?
a) secrets b) random
c) os
7. It is safe to use `==` to compare 2 hash values.
a) False b) True
8. What block cipher encryptions are safe to use?
a) Advanced Encryption Standard (AES) b) Rijndael
c) Triple DES (3DES) d) Blowfish
e) Twofish
9. Which terms are correct for the peppering?
a) The pepper should be unique like a salt. b) The pepper should be stored in
the secrets vault.
c) The pepper should be shared between stored passwords.
d) The pepper should be stored in the database.
10. What package you should use to parse xml?
a) xml b) defusedxml
11. What linter is used to find packages with known vulnerabilities?
a) safety b) dodgy
c) prospector d) bandit
e) pylint
12. What type of OWASP is the use of default values?
a) Broken Access Control b) Cross Site Scripting
c) Using components with known vulnerabilities d) Security Misconfiguration
13. It is safe to use pickle for the serialization.
a) True b) False
14. For which OWASP type we can use the principle of Least Privilege
prevention techniques?
a) Broken Authentication b) XML external entities
c) Injection d) Broken Access control

1. Can an attacker get access to victim machine using Injection attack.

a) No b) Yes
2. "iloveindia" is strong password
a) true b) flase
3. Broken Authentication is caused due to
a) application includes untrusted data in a new
web page without proper validation or escaping
b) Exposure of sensitive application/user details to
unauthorized users
c) older or poorly configured XML processors
evaluate external entity references within XML
documents
d) improper implementation of authentication and
session management
4. Implementation of password strength check at client side only is enough to
prevent broken
authentication
a) false b) true
5. Which threat can be prevented by having unique usernames generated with a
high degree of entropy?
a) Crypt-analysis of hash values b) Spamming
c) Authorization Bypass d) Authentication bypass
6. Taking control of Admin functionality and Misusing sensitive data that they
are unauthorized to access is:
a) Cross site scripting b) Xml Enternal Entities Injection
c) Broken Access Control d) SQL Injection
7. XSS stands for _________.
a) Cross-Session Scripting b) Cross-System Scriptng
c) Cross-Software Scripting d) Cross-Site Scripting
8. What is Phishing?
a) Fishing while talking on the phone. b) Fake emails or websites that look like
real
emails and websites and try to steal your data.
9. When do you need to use AntiVirus software?
a) As soon as you start to feel sick. b) All the time, on ALL digital devices -and
make
sure it is updated!
c) When you first get your computer. d) All the time, on your laptop only -and
make sure
it is updated!
10. What should you do if you think you have been hacked?
a) Tell your parents or a trusted adult. b) Change your password.
c) All of the above. d) Report the problem to the company.
11. Which one of the following is NOT a type of CyberSecurity Attack?
a) Spyware b) Worms
c) Password Management d) Randsomware
12. It is required by law for social media websites to post their privacy policies
for users.
a) True b) False
13. How long can your digital footprint last online?
a) Five years b) A year
c) Forever d) A month
14. Term for bad people who read your information online for the purpose of
causing you harm.
a) online predator b) Social networker
c) Online gamer d) Online networker
15. Thomas never discloses personal information when using the internet, what
is he practicing?
a) Cyber bullying b) Cyber-Security
c) Online Shopping d) Online gaming
16. An individual who uses scripts or software written by someone else to
exploit or break into a computer
system.
a) Man in the middle b) Cracker
c) Ethical Hacker d) Script Kiddie
17. A network security device that monitors incoming and outgoing network
traffic and decides whether to
allow or block specific traffic based on a defined set of security rules.
a) Anti-virus b) Malware
c) Firewall d) Encryption
18. Which of the following passwords meet password requirements?
a) p455w0rd1 b) akHGksmLN
c) !@#$%^&* d) uP1b@!Si7p
19. The mouse on your computer screen starts to move around on its own and
click on things on your
desktop. What do you do?
a) Run anti-virus b) Disconnect your computer from the network
c) Unplug your mouse d) All of the above
e) Turn your computer off
20. A cyber crime in which a target or targets are contacted by email, telephone
or text message by
someone posing as a legitimate institution to lure individuals into providing
sensitive data such as
personally identifiable information, banking and credit card details, and
passwords.
a) Attack password b) Online predator
c) Cyber criminal d) Phishing
21. What are the motives behind cyber crime?
a) Propagating religious or political beliefs b) All of the above
c) Financial loss to the target d) Demanding ransom
e) Information thefts and manipulating data
22. Individuals with wide range of skills motivated by religious or political
beliefs to create fear by largescale disruption of computer networks
a) State sponsored hacker b) Cyber terrorist
c) Black hat hacker d) Hactivist
23. What are the signs of stolen identity?
a) Email from online activity you did not do b) Sharing of social media content
you did not
share
c) All of the above d) Unable to receive regular bills
e) None of the above
24. How do we tighten our security?
a) Use firewall b) Log-off personal account when not in use
c) All of the above d) Use strong password
e) Do not skip up