Cyber Security Solved MCQs
This section contains more frequently asked Multiple Choice Questions and Answers on Cyber Security/Internet Security in the various competitive exams.
1.Which of the following is an anti-virus program
- Norton
- K7
- Quick heal
- All of these
D. All of these
2.All of the following are examples of real security and privacy threats except:
- Hackers
- Virus
- Spam
- Worm
C. Spam Explanation :
- Spamming, unsolicited or undesired electronic messages
- Email spam, unsolicited, undesired, or illegal email messages
- Messaging spam, spam targeting users of instant messaging (IM) services, sms or private messages within websites
3.Trojan horses are very similar to virus in the matter that they are computer programs that replicate copies of themselves
- True
- False
B. False
4._____________ monitors user activity on internet and transmit that information in the background to someone else.
- Malware
- Spyware
- Adware
- None of these
B. Spyware
5.Viruses are __________.
- Man made
- Naturally occur
- Machine made
- All of the above
A. Man made
6.Firewall is a type of ____________.
- Virus
- Security threat
- Worm
- None of the above
D. None of the above Explanation :
7.Unsolicited commercial email is known as ____________.
- Spam
- Malware
- Virus
- Spyware
A. Spam
8.Which of the following is not an external threat to a computer or a computer network
- Ignorance
- Trojan horses
- Adware
- Crackers
A. Ignorance
9.When a person is harrassed repeatedly by being followed, called or be written to he / she is a target of
- Bullying
- Stalking
- Identity theft
- Phishing
B. Stalking Explanation :
10.Which of the following is a class of computer threat
- Phishing
- Soliciting
- DoS attacks
- Stalking
C. DoS attacks Explanation :
1.A lincense allows a user to use copyrighted material.
- True
- False
A. True
2. It is a program or hardware device that filters the information coming through an internet connection to a network or computer system.
- Anti virus
- Cookies
- Firewall
- Cyber safety
C. Firewall
3. It allow a visited website to store its own information about a user on the user’s computer.
- Spam
- Cookies
- Malware
- Adware
B. Cookies
4. It is stealing ideas or creations of others.
- Plagiarism
- Intellectual Property Rights
- Piracy
- All of the above
D. All of the above
5.Hacking a computer is always illegal and punishable by law.
- True
- False
A. True
6. Exploring appropriate and ethical behaviours related to online environments and digital media.
- Cyber ethics
- Cyber security
- Cyber safety
- Cyber law
A. Cyber ethics
7.Which of the following is digital certificate standard?
- X.508
- X.509
- D.509
- None of the Above
B. X.509
8.Which of the following technique is used to verify the integrity of the message?
- Message digest
- Digital signature
- Decryption algorithm
- Protocol
A. Message digest
9.Which of the following principle is violated if computer system is not accessible?
- Confidentiality
- Availability
- Access Control
- Authentication
B. Availability
10.The certificate Authority signs the digital certificate with
- User's public key
- User's Private Key
- It's own public key
- It's own Private key
D. It's own Private key
1.Transit time and response time measure the _______ of a network
- Performance
- Reliability
- Security
- Longevity
A. Performance
2.The number of users on a network has the greatest impact on the network's _______
- Performance
- Reliability
- Security
- none of the above
A. Performance
3.Network failure is primarily a _______ issue.
- Performance
- Reliability
- Security
- none of the above
B. Reliability
4._______ is a network reliability issue.
- The number of users
- The type of transmission medium
- The frequency of failure
- Unauthorized access
C. The frequency of failure
5._______ is a network reliability issue.
- Catastrophe
- The number of users
- The type of transmission medium
- Unauthorized access
A. Catastrophe
6.Unauthorized access is a network _______ issue.
- Performance
- Reliability
- Security
- none of the above
C. Security
7.A virus is a network _______ issue.
- Performance
- Reliability
- Security
- none of the above
C. Security
8.Encryption techniques improve a network's _______
- Performance
- Reliability
- Security
- Longevity
C. Security
9.A _______ is illicitly introduced code that damages a network device
- Protocol
- Virus
- Catastrophe
- Medium
B. Virus
10.Passwords are used to improve the _______ of a network.
- Performance
- Reliability
- Security
- Longevity
C. Security
1.Unauthorized access and viruses are issues dealing with network _______
- Performance
- Reliability
- Security
- none of the above
C. Security
2.Which of the following are network reliability issues?
- frequency of failure
- recovery time after a failure
- catastrophe
- all of the above
D. all of the above
3.When a hacker penetrates a network, this is a network _______ issue
- Performance
- Reliability
- Security
- none of the above
C. Security
4.When a server goes down, this is a network _______ issue.
- Performance
- reliability
- Security
- none of the above
B. reliability
5.When an earthquake severs a fiber-optic cable, this is a network _______ issue
- Performance
- Reliability
- Security
- none of the above
A. Performance
6.When a network upgrades to a transmission medium with a data rate that is 100 times faster, this improves the _______ of the network.
- Performance
- Reliability
- Security
- none of the above
A. Performance
7.A company doubles the number of nodes on its network. The greatest impact will be on the _______ of the network
- Performance
- Reliability
- Security
- none of the above
A. Performance
8.A company changes its network configuration so that only one router instead of two can access the Internet. The greatest impact will be on the _______ of the network
- Performance
- Reliability
- Security
- None of the above
C. Security
9.A company requires its users to change passwords every month. This improves the _______ of the network
- Performance
- Reliability
- Security
- none of the above
C. Security
10.A company buys a computer to serve as a backup to its main server. This will mainly affect the _______ of the network.
- Performance
- Reliability
- Security
- none of the above
B. Reliability
1.A company requires each employee to power off his computer at the end of the day. This rule was implemented to make the network _______
- perform better
- more reliable
- more secure
- more error-free
C. more secure
2.What Security tradeoff occurs while using IDS (Intrusion Detection System)?
- Change in permission
- Login Failures
- Change in privilege
- Performance degradation
D. Performance degradation Explanation :
3.EDI (Electronic Data Interchange) use
- requires an extranet
- requires value added network
- can be done on internet
- requires a corporate intranet
C. can be done on internet Explanation :
4.EDI (Electronic Data Interchange) over internet uses
- MIME to attach EDI forms to e-mail messages
- FTP to send business forms
- HTTP to send business forms
- SGML to send business forms
A. MIME to attach EDI forms to e-mail messages
5.For secure EDI (Electronic Data Interchange) transmission on internet
- MIME is used
- S/MIME is used
- PGP is used
- TCP/IP is used
B. S/MIME is used
6.EDI (Electronic Data Interchange) standard
- is not easily available
- defines several hundred transaction sets for various business forms
- is not popular
- defines only a transmission protocol
B. defines several hundred transaction sets for various business forms
7.By security in e-Commerce we mean
(i) Protecting an organization’s data resource from unauthorized access
(ii)Preventing disasters from happening
(iii) Authenticating messages received by an organization
(iv) Protecting messages sent on the internet from being read and understood by unauthorized persons/organizations
(i) Protecting an organization’s data resource from unauthorized access
(ii)Preventing disasters from happening
(iii) Authenticating messages received by an organization
(iv) Protecting messages sent on the internet from being read and understood by unauthorized persons/organizations
- i, ii
- ii, iii
- iii, iv
- i, iii, iv
D. i, iii, iv
8.A firewall is a
- wall built to prevent fires from damaging a corporate intranet
- security device deployed at the boundary of a company to prevent unauthorized physical access
- security device deployed at the boundary of a corporate intranet to protect it from unauthorized access
- device to prevent all accesses from the internet to the corporate intranet
C. security device deployed at the boundary of a corporate intranet to protect it from unauthorized access
9.A firewall may be implemented in
- routers which connect intranet to internet
- bridges used in an intranet
- expensive modem
- user’s application programs
A. routers which connect intranet to internet
10.Firewall as part of a router program
- filters only packets coming from internet
- filters only packets going to internet
- filters packets travelling from and to the intranet from the internet
- ensures rapid traffic of packets for speedy e-Commerce
C. filters packets travelling from and to the intranet from the internet
1.Main function of proxy application gateway firewall is
- to allow corporate users to use efficiently all internet services
- to allow intranet users to securely use specified internet services
- to allow corporate users to use all internet services
- to prevent corporate users from using internet services
B. to allow intranet users to securely use specified internet services
2.Proxy application gateway
(i) acts on behalf of all intranet users wanting to access internet securely
(ii)monitors all accesses to internet and allows access to only specified IP addresses
(iii) disallows use of certain protocols with security problems
(iv) disallows all internet users from accessing intranet
(i) acts on behalf of all intranet users wanting to access internet securely
(ii)monitors all accesses to internet and allows access to only specified IP addresses
(iii) disallows use of certain protocols with security problems
(iv) disallows all internet users from accessing intranet
- i, ii
- i, ii, iii
- i, ii, iii, iv
- ii, iii, iv
B. i, ii, iii
3.A hardened firewall host on an intranet
(i) has a proxy application gateway program running on it
(ii)Allows specified internet users to access specified services in the intranet
(iii) Initiates all internet activities requested by clients and monitors them
(iv) prevents outsiders from accessing IP addresses within the intranet
(i) has a proxy application gateway program running on it
(ii)Allows specified internet users to access specified services in the intranet
(iii) Initiates all internet activities requested by clients and monitors them
(iv) prevents outsiders from accessing IP addresses within the intranet
- i, ii
- i, ii, iii
- i, ii, iii, iv
- ii, iii, iv
C. i, ii, iii, iv
4.A hardened firewall host on an Intranet is
- a software which runs in any of the computers in the intranet
- a software which runs on a special reserved computer on the intranet
- a stripped down computer connected to the intranet
- a mainframe connected to the intranet to ensure security
B. a software which runs on a special reserved computer on the intranet
5.By encryption of a text we mean
- compressing it
- expanding it
- scrambling it to preserve its security
- hashing it
C. scrambling it to preserve its security
6.Encryption is required to
(i) protect business information from eavesdropping when it is transmitted on internet
(ii) efficiently use the bandwidth available in PSTN
(iii) to protect information stored in companies’ databases from retrieval
(iv) to preserve secrecy of information stored in databases if an unauthorized person retrieves it
(i) protect business information from eavesdropping when it is transmitted on internet
(ii) efficiently use the bandwidth available in PSTN
(iii) to protect information stored in companies’ databases from retrieval
(iv) to preserve secrecy of information stored in databases if an unauthorized person retrieves it
- i and ii
- ii and iii
- iii and iv
- i and iv
D. i and iv
7.Encryption can be done
- only on textual data
- only on ASCII coded data
- on any bit string
- only on mnemonic data
C. on any bit string
8.By applying permutation (31254) and substitution by 5 characters away from current character (A Æ F , B Æ G etc..) the following string ABRACADABRA becomes
- FGWCAAADRBF
- RABCAAADRBF
- WFGHFFFIWGF
- None of the above
C. WFGHFFFIWGF
9.The following ciphertext was received. The plaintext was permuted using permutation (34152) and substitution. Substitute character by character +3 (A Æ D, etc). The plain text after decryption is: Cipher text :PDLJDLXHVQC
- MAIGAIUESNZ
- IAMAGENIUSZ
- LDPDJHPLXVZ
- IAMAGENIUSC
B. IAMAGENIUSZ
10.By symmetric key encryption we mean
- one private key is used for both encryption and decryption
- private and public key used are symmetric
- only public keys are used for encryption
- only symmetric key is used for encryption
A. one private key is used for both encryption and decryption
1.The Acronym DES stands for
- Digital Evaluation System
- Digital Encryption Standard
- Digital Encryption System
- Double Encryption Standard
B. Digital Encryption Standard
2.DES works by using
- permutation and substitution on 64 bit blocks of plain text
- only permutations on blocks of 128 bits
- exclusive ORing key bits with 64 bit blocks
- 4 rounds of substitution on 64 bit blocks with 56 bit keys
A. permutation and substitution on 64 bit blocks of plain text
3.DES
(i) is a symmetric key encryption method
(ii) guarantees absolute security
(iii) is implementable as hardware VLSI chip
(iv) is a public key encryption method
(i) is a symmetric key encryption method
(ii) guarantees absolute security
(iii) is implementable as hardware VLSI chip
(iv) is a public key encryption method
- i and ii
- ii and iii
- i and iii
- iii and iv
C. i and iii
4.DES using 56 bit keys
- Cannot be broken in reasonable time using presently available computers
- Can be broken only if the algorithm is known using even slow computers.
- Can be broken with presently available high performance computers.
- It is impossible to break ever.
C. Can be broken with presently available high performance computers.
5.Triple DES uses
- 168 bit keys on 64-bit blocks of plain text
- Working on 64-bit blocks of plain text and 56 bit keys by applying DES algorithm for three rounds.
- Works with 144 bit blocks of plain text and applies DES algorithm once.
- Uses 128 bit blocks of plain text and 112 bit keys and apply DES algorithm thrice.
B. Working on 64-bit blocks of plain text and 56 bit keys by applying DES algorithm for three rounds.
6.ripple DES
- Cannot be broken in reasonable time using presently available computers.
- Can be broken only if the algorithm is known using even slow computer.
- Can be broken with presently available high performance computers.
- It is impossible to break ever.
A. Cannot be broken in reasonable time using presently available computers.
7.Triple DES
- is a symmetric key encryption method
- guarantees excellent security
- is implementable as a hardware VLSI chip
- is public key encryption method with three keys.
B. guarantees excellent security
8.Public key encryption method is a system
- which uses a set of public keys one for each participant in e-Commerce
- in which each person who wants to communicate has two keys; a private key known to him only and a public key which is publicized to enable others to send message to him.
- which uses the RSA coding system.
- which is a standard for use in e-Commerce.
B. in which each person who wants to communicate has two keys; a private key known to him only and a public key which is publicized to enable others to send message to him.
9.Public key system is useful because
- it uses two keys.
- there is no key distribution problem as public key can be kept in a commonly accessible database.
- private key can be kept secret.
- it is a symmetric key system.
B. there is no key distribution problem as public key can be kept in a commonly accessible database.
10.In public key encryption if A wants to send an encrypted message
- A encrypts message using his private key
- A encrypts message using B’s private key
- A encrypts message using B’s public key
- A encrypts message using his public key
C. A encrypts message using B’s public key
1.In public key encryption system if A encrypts a message using his private key and sends it to B
- if B knows it is from A he can decrypt it using A’s public key
- Even if B knows who sent the message it cannot be decrypted
- It cannot be decrypted at all as no one knows A’s private key
- A should send his public key with the message
A. if B knows it is from A he can decrypt it using A’s public key
2.Message can be sent more securely using DES by
- encrypting plain text by a different randomly selected key for each transmission
- encrypting plain text by a different random key for each message transmission and sending the key to the receiver using a public key system
- using an algorithm to implement DES instead of using hardware
- designing DES with high security and not publicizing algorithm used by it
B. encrypting plain text by a different random key for each message transmission and sending the key to the receiver using a public key system
3.DES and public key algorithm are combined
(i) to speed up encrypted message transmission
(ii)to ensure higher security by using different key for each transmission
(iii) as a combination is always better than individual system
(iv) as it is required in e-Commerce
(i) to speed up encrypted message transmission
(ii)to ensure higher security by using different key for each transmission
(iii) as a combination is always better than individual system
(iv) as it is required in e-Commerce
- i and ii
- ii and iii
- iii and iv
- i and iv
A. i and ii
4.A digital signature is
- a bit string giving identity of a correspondent
- a unique identification of a sender
- an authentication of an electronic record by tying it uniquely to a key only a sender knows
- an encrypted signature of a sender
C. an authentication of an electronic record by tying it uniquely to a key only a sender knows
5.A digital signature is required
(i) to tie an electronic message to the sender’s identity
(ii)for non repudiation of communication by a sender
(iii) to prove that a message was sent by the sender in a court of law
(iv) in all e-mail transactions
(i) to tie an electronic message to the sender’s identity
(ii)for non repudiation of communication by a sender
(iii) to prove that a message was sent by the sender in a court of law
(iv) in all e-mail transactions
- i and ii
- i, ii, iii
- i, ii, iii, iv
- ii, iii, iv
B. i, ii, iii
6.A hashing function for digital signature
(i) must give a hashed message which is shorter than the original message
(ii)must be hardware implementable
(iii) two different messages should not give the same hashed message
(iv) is not essential for implementing digital signature
(i) must give a hashed message which is shorter than the original message
(ii)must be hardware implementable
(iii) two different messages should not give the same hashed message
(iv) is not essential for implementing digital signature
- i and ii
- ii and iii
- i and iii
- iii and iv
C. i and iii
7.Hashed message is signed by a sender using
- his public key
- his private key
- receiver’s public key
- receiver’s private key
B. his private key
8.While sending a signed message, a sender
- sends message key using public key encryption using DES and hashed message using public key encryption
- sends message using public key encryption and hashed message using DES
- sends both message and hashed message using DES
- sends both message and hashed message using public key encryption
A. sends message key using public key encryption using DES and hashed message using public key encryption
9.The responsibility of a certification authority for digital signature is to authenticate the
- hash function used
- private keys of subscribers
- public keys of subscribers
- key used in DES
C. public keys of subscribers
10.Certification of Digital signature by an independent authority is needed because
- it is safe
- it gives confidence to a business
- the authority checks and assures customers that the public key indeed belongs to the business which claims its ownership
- private key claimed by a sender may not be actually his
C. the authority checks and assures customers that the public key indeed belongs to the business which claims its ownership
1.The Secure Electronic Transaction protocol is used for
- credit card payment
- cheque payment
- electronic cash payments
- payment of small amounts for internet services
A. credit card payment
2.In SET protocol a customer encrypts credit card number using
- his private key
- bank’s public key
- bank’s private key
- merchant’s public key
B. bank’s public key
3.In SET protocol a customer sends a purchase order
- encrypted with his public key
- in plain text form
- encrypted using Bank’s public key
- using digital Signature system
D. using digital Signature system
4.One of the problems with using SET protocol is
- the merchant’s risk is high as he accepts encrypted credit card
- the credit card company should check digital signature
- the bank has to keep a database of the public keys of all customers
- the bank has to keep a database of digital signatures of all customers
C. the bank has to keep a database of the public keys of all customers
5.The bank has to have the public keys of all customers in SET protocol as it has to
- check the digital signature of customers
- communicate with merchants
- communicate with merchants credit card company
- certify their keys
A. check the digital signature of customers
6.In electronic cheque payments developed, it is assumed that most of the transactions will be
- customers to customers
- customers to business
- business to business
- banks to banks
C. business to business
7.In cheque payment protocol, the purchase order form is signed by purchaser using
- his public key
- his private key
- his private key using his signature hardware
- various public keys
C. his private key using his signature hardware
8.In the NetBill’s protocol for small payments for services available in the internet
(i) the customer is charged only when the information is delivered
(ii)the vendor is guaranteed payment when information is delivered
(iii) the customer must have a certified credit card
(iv) the customer must have a valid public key
(i) the customer is charged only when the information is delivered
(ii)the vendor is guaranteed payment when information is delivered
(iii) the customer must have a certified credit card
(iv) the customer must have a valid public key
- i, ii
- i, ii, iii
- i, ii, iii, iv
- i, ii, iv
D. i, ii, iv
9.In NetBill’s protocol for small payments for internet services
(i) Key to decrypt information is sent to customer by NetBill only when there is enough amount in debit account
(ii) The vendor supplies the key to NetBill server when he receives payment
(iii) Checksum of encrypted information received by customer is attached to his payment order
(iv) Vendor does not encrypt information purchased by customer
(i) Key to decrypt information is sent to customer by NetBill only when there is enough amount in debit account
(ii) The vendor supplies the key to NetBill server when he receives payment
(iii) Checksum of encrypted information received by customer is attached to his payment order
(iv) Vendor does not encrypt information purchased by customer
- i, ii
- i, ii, iii
- i, ii, iii, iv
- i, ii, iv
B. i, ii, iii
10.In Electronic cash payment
- a debit card payment system is used
- a customer buys several electronic coins which are digitally signed by coin issuing bank
- a credit card payment system is used
- RSA cryptography is used in the transactions
B. a customer buys several electronic coins which are digitally signed by coin issuing bank
1.What does IP mean?
- Instance Principle
- Internet Protocol
- Instant Protocol
- Intellectual Property
B. Internet Protocol
2.What happens to your data when it is encrypted?
- It is transferred to a third party, encoded, then sent back.
- It is compressed, renamed, and archived.
- It is sent through a series of supercomputers to be compressed multiple times.
- It is recorded to retain privacy from third-parties.
D. It is recorded to retain privacy from third-parties.
3.What is a computer virus?
- A virus is the same as a cookie in that it is stored on your computer against your permission.
- A virus is friendly software that is simply mislabeled.
- Malicious software that merely stays dormant on your computer.
- Malicious software that inserts itself into other programs.
D. Malicious software that inserts itself into other programs.
4.Which of the following is valid difference between a Virus and a Spyware ?
- Spyware damages data and also steals sensitive private information
- Virus damages data, Spyware steals sensitive private information
- Spyware damages data, Virus steals sensitive private information
- Virus damages data and also steals sensitive private information
B. Virus damages data, Spyware steals sensitive private information
5.How to avoid Man-in-the-middle attacks?
- Accept every SSL certificate, even the broken ones
- Use connections without SSL
- Use HTTPS connections and verify the SSL certificate
- None of the above
C. Use HTTPS connections and verify the SSL certificate
6.What happens during the TCP attack; Denial of Service?
- A virus is sent to disable their dos prompt.
- Viruses are sent to their ISP to deny them tech support.
- A worm is loaded onto the victim’s computer to disable their keyboard.
- Information is repeatedly sent to the victim to consume their system resources, causing them to shut down.
D. Information is repeatedly sent to the victim to consume their system resources, causing them to shut down.
7.What is Internet Protocol Security?
- Methods to secure Internet Protocol (IP) communication.
- Ways to disconnect your router in an emergency
- Methods to secure a disconnected computer.
- Methods to secure your documents from physical breaches.
A. Methods to secure Internet Protocol (IP) communication.
8.Which of the following is a valid Cyber / Internet Security requirement?
- Authentication
- Integrity
- Confidentiality
- All of the given options are correct
D. All of the given options are correct
9.Digital signatures provide which of the following ?
- Authentication
- Non-repudiation
- Integrity protection
- All of the given options are correct
D. All of the given options are correct
10.In which of the following protocols does a website (if accessed using the protocol) encrypt the session with a Digital Certificate?
- TCP
- SHTTP
- HTTPS
- XHTTP
C. HTTPS
1.Which of the following are possible security threats?
- Illegitimate use
- Backdoors
- Masquerading
- All of the given options are correct
D. All of the given options are correct
2.What is a firewall?
- Firewalls are network-based security measures that control the flow of incoming and outgoing traffic
- A firewall is a program that encrypts all the programs that access the Internet.
- A firewall is a program that keeps other programs from using the network.
- Firewalls are interrupts that automatically disconnect from the internet when a threat appears
A. Firewalls are network-based security measures that control the flow of incoming and outgoing traffic
3.Which of the following involves submitting as many requests as possible to a single Internet computer or service, overloading it and preventing it from servicing legitimate requests?
- Distributed denial-of-service attacks
- Backdoor
- Masquerading
- Phishing
A. Distributed denial-of-service attacks
4.Which of the following symmetric keys can be derived from Symmetric master key?
- Authentication keys
- Key wrapping keys
- Data encryption keys
- All of the given options are correct
D. All of the given options are correct
5.Which of the following are valid Cryptographic key types?
- Public authentication key
- Public signature verification key
- Private signature key
- All of the given options are correct
D. All of the given options are correct
6.Is true that HTTP is an insecure protocol?
- True
- False
A. True
7.Which is the best way a system can be hardened?
- Total disk encryption coupled with strong network security protocols.
- White-list ad filtering only.
- Installing a commercial security suite.
- Virus scanning only.
A. Total disk encryption coupled with strong network security protocols.
8.Why is it crucial to encrypt data in transit?
- To assure that all of your information cannot be decrypted.
- To decrease your resources.
- So you can increase your chances of testing your encryption capabilities.
- To prevent unauthorized access to private networks and sensitive information during its most vulnerable state.
D. To prevent unauthorized access to private networks and sensitive information during its most vulnerable state.
9.Which of the following are the basic functionalities of the IPsec Protocol ?
- Security association for policy management and traffic processing
- Security protocols for AH and ESP
- Manual and automatic key management for the internet key exchange
- All of the given options are correct
D. All of the given options are correct
10.Can a proxy be used as a firewall? If so, how?
- No. Proxies are data encryption stations whose sole purpose is to encrypt and re-rout data.
- No. Proxies are firewalls that are maintained at locations other than that of the user.
- No. All a proxy does is re-rout Internet traffic, and thus all the malicious signals that go with it.
- Yes. A proxy acts as a network intermediary for the user that serves to control the flow of incoming and outgoing traffic.
D. Yes. A proxy acts as a network intermediary for the user that serves to control the flow of incoming and outgoing traffic.
1.In which of the following fraud methods is a legitimate/legal-looking email sent in an attempt to gather personal and financial information from recipients?
- Virus
- Masquerading
- Phishing
- Malware
C. Phishing
2.Which of the following is TRUE about TLS?
- The HMAC construction used by most TLS cipher suites is specified in RFC 2104
- Provides protection against a downgrade of the protocol to a previous (less secure) version or a weaker cipher suite
- The message that ends the handshake sends a hash of all the exchanged handshake messages seen by both parties
- All of the given options are correct
D. All of the given options are correct
3.Which of the following is a VALID type of Key Management System?
- Third-Party Key Management System
- Dynamic Key Management System
- Integrated Key Management System
- Both Integrated Key Management System and Third-Party Key Management System
D. Both Integrated Key Management System and Third-Party Key Management System
4.What is one way that a web browser is vulnerable to breaching?
- A browser can be infected by closing it.
- A virus can be sent through the monitor.
- A browser plugin can be exploited.
- Web browsers are impervious to exploitation.
C. A browser plugin can be exploited.
5.What two main categories of network topologies are there?
- Digital and Topological
- Direct and Indirect
- Close and Distant
- Physical and logical.
D. Physical and logical.
6.What is another name for an insecure plugin?
- Hardware
- Software
- Firmware
- Malware
D. Malware
7.A digital signature scheme consists of which of the following typical algorithms?
- Key generation, Signing and Signature verifying algorithm
- Signature verifying algorithm
- Key generation algorithm
- Signing algorithm
A. Key generation, Signing and Signature verifying algorithm
8.Which of the following is TRUE about SSL 3.0?
- It has a weak MAC construction that uses the MD5 hash function with a secret prefix
- Identical cryptographic keys are used for message authentication and encryption
- SSL 3.0 improved upon SSL 2.0 by adding SHA-1 based ciphers and support for certificate authentication
- It assumes a single service and a fixed domain certificate, which clashes with the standard feature of virtual hosting in Web servers
C. SSL 3.0 improved upon SSL 2.0 by adding SHA-1 based ciphers and support for certificate authentication
9.There are two types of firewall. What are they?
- Internet-based and home-based.
- Hardware and software.
- Remote and local
- Digital and electronic.
B. Hardware and software.
10.True of False? Malware exists which affects both Windows and Linux systems.
- True
- False
A. True
1.Which of the following refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user's consent?
- Malware
- Botnet
- Trojan horse
- Spyware
D. Spyware
2.What is a computer worm?
- It is software designed to exploit networks.
- It is software designed to analyze and search for open ports.
- It is a software utilized to scan packets on open networks.
- It is malware designed to infect other computers.
D. It is malware designed to infect other computers.
3.Is a Unix-based system vulnerable to viruses?
- Yes. The split is approximately 50/50 when it comes to attacks on Windows vs. Unix based systems.
- Yes, the majority of viruses attack Unix-based systems.
- No. Linux systems are totally impervious to attacks.
- Yes, however the majority are coded to attack Windows-based systems.
D. Yes, however the majority are coded to attack Windows-based systems.
4.Which of the following protocol used Port 443 and Port 80 respectively
- HTTPS and HTTP
- XHTML
- HTTP and HTTPS
- DHTML
A. HTTPS and HTTP
5.Which of the following is a means to access a computer program or entire computer system bypassing all security mechanisms?
- Backdoor
- Masquerading
- Phishing
- Trojan Horse
A. Backdoor
6.What does TCP mean?
- Total Content Positioning
- Transmission Control Protocol
- Transmittable Constant Protocol
- Technical Control Panel
B. Transmission Control Protocol
7.What does cross-site scripting allow for attackers?
- Direct introduction of viruses into a victims computer.
- The introduction of worm viruses into the victims website.
- A phishing attack that automatically downloads the victims personal information.
- Injection of client-side scripts into web pages.
D. Injection of client-side scripts into web pages.
8.Which of the following is collection of Internet-connected programs communicating with other similar programs in order to perform tasks?
- Botnet
- Spyware
- Trojan horse
- Malware
A. Botnet
9.What are TLS and SSL?
- Internet protocols.
- Network layers.
- Internet layers
- Cryptographic protocols.
D. Cryptographic protocols.
10.Who was TLS defined by?
- The DEA
- OSHA
- Internet Engineering Task Force
- NSA
C. Internet Engineering Task Force
1.Modern secure password storage should implement:
- Salted plain-text values of the password
- Hashed values of the password
- Plain-text passwords stored in an encrypted database
- Salted and hashed values of the password
D. Salted and hashed values of the password
2.What is network topology?
- It is the inner networkings of a single computer.
- It is the top layer of a computer network.
- It is the framework of the components of a computer network.
- It is the entirety of the data of a computer network.
C. It is the framework of the components of a computer network.
3.Which of the following is a general term for malicious software that pretends to be harmless so that a user willingly allows it to be downloaded onto the computer?
- Spware
- Virus
- Trojan Horse
- Botnets
C. Trojan Horse
4.What is another name for Internet Layer?
- TCP layer
- Interwebs
- IP layer
- SSL layer
C. IP layer
5.Which of the following is the collective name for Trojan horses, spyware, and worms?
- Spware
- Botnets
- Virus
- Malware
D. Malware
6.When cookies are used as session identifiers, how are they then used as a potential security hazard?
- They emulate user's by downloading all the victims information onto a virtual machine.
- User's cookies are altered to a virus-like state.
- They emulate user's by stealing their personal identity.
- Attackers emulate users by stealing their cookies.
D. Attackers emulate users by stealing their cookies.
7.Which of the following is a valid flaw of SSL 2.0 ?
- It does not have any protection for the handshake
- Identical cryptographic keys are used for message authentication and encryption
- It has a weak MAC construction that uses the MD5 hash function with a secret prefix
- All of the given options are correct
D. All of the given options are correct
8.Which of the following is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI)?
- X.507
- X.519
- X.508
- X.509
D. X.509
9.Trojan Horse programs operate with what intent?
- To slowly but surely infect and become your operating system until the system crashes.
- To openly exploit a systems weaknesses until the user discovers it.
- To masquerade as non-malicious software while exploiting a system's weaknesses.
- To do a series of brute force attacks within the system itself and a series of external attacks from other servers
C. To masquerade as non-malicious software while exploiting a system's weaknesses.
10.Why is a virtual machine considered a sandboxing method?
- Virtual machines all have firewalls, virus scanners, and proxy connetions.
- Virtual machines all have sandbox features installed on them.
- Virtual machines take the brunt of the attack, so the user is always safe.
- All host resources are channeled through the emulator.
D. All host resources are channeled through the emulator.
1.When is encrypted data the safest?
- When it is being transferred via usb stick.
- When it is in transit.
- When it is being written. When it is at rest.
- When it is being written.
C. When it is being written. When it is at rest.
2.Which of the following keys are used to generate random numbers?
- Symmetric random number generation keys
- Symmetric and asymmetric random number generation keys
- Public signature verification key
- Asymmetric random number generation keys
B. Symmetric and asymmetric random number generation keys
3.Which of the following is true about Public Key Encryption?
- Anyone can encrypt with the public key and anyone can decrypt with the private key
- Anyone can encrypt with the public key, only one person can decrypt with the private key
- Anyone can encrypt with the private key, only one person can decrypt with the public key
- Only one person can encrypt with the public key and anyone can decrypt with the private key
B. Anyone can encrypt with the public key, only one person can decrypt with the private key
4.If you set up a BUS network, what is the major disadvantage?
- It is entirely wireless and open to wifi-based attacks.
- It is daisy-chained together with several cables
- It is linked with a single cable which can be a major vulnerability.
- It is connected in a star pattern and can be disabled by disrupting one data center.
C. It is linked with a single cable which can be a major vulnerability.
5.What does the acronym BEAST mean in Beast Attack?
- Breaking and Entering Against SSL/TLS
- Browser Extension And SSL/TLS
- Browser Exploit Against SSL/TLS
- Breach Entering Against SSL/TLS
C. Browser Exploit Against SSL/TLS
6.TCP is used for what three main functions?
- Connect to the Web, deliver email, and transfer files.
- Connect to the Web, compress data, encrypt mail.
- Connect to the web, conceal data, transfer files.
- Connect to the Web, encrypt data, transmit information.
A. Connect to the Web, deliver email, and transfer files.
7.Secure cookies have which feature?
- They are not encrypted, just sent via secure server.
- They are encrypted.
- Secure cookies are passed along via encrypted programs.
- Cookies are always traded between trusted users.
B. They are encrypted.
8.How are port numbers categorized?
- Static, dynamic, enigmatic
- Known, well-known, unknown
- Well-known, registered, and static/dynamic.
- Unknown, unregistered, invalid
C. Well-known, registered, and static/dynamic.
9.Which of the following type of attack can actively modify communications or data?
- Both Active and Passive attack
- Neither Active nor Passive attack
- Active attack
- Passive attack
C. Active attack
10.What is the top method an attacker might infect a target?
- Social engineering, or psychological manipulation.
- SQL injection.
- Buffer overflow.
- Hacking via the Internet.
A. Social engineering, or psychological manipulation.
1.Secure Sockets Layer is a predecessor of which cryptographic protocol?
- IPSec
- Transport Layer Security
- SSL 3.0
- HTTPS
B. Transport Layer Security
2.An SQL injection is often used to attack what?
- Small scale machines such as diebold ATMs
- Large-scale sequel databases such as those containing credit card information.
- Servers running SQL databases similar to Hadoop or Hive.
- Servers built on NoSQL
B. Large-scale sequel databases such as those containing credit card information.
3.Which version of TLS is vulnerable to BEAST exploit?
- TLS 1.1
- TLS 3.0
- TLS 0.5
- TLS 2.0
- TLS 1.0
E. TLS 1.0
4.According to OWASP what is the most dangerous web vulnerability?
- Injections (SQL, LDAP, etc)
- Cross-site-scripting (XSS)
- Security Misconfiguration
- Cross-Site Request Forgery (CSRF)
- Sensitive Data Exposure
A. Injections (SQL, LDAP, etc)
5.Sandboxing does what to computer programs?
- Sandboxing protects your system by trapping all the viruses.
- It separates and isolates them.
- Sandboxing doesn't protect your system.
- Sandboxes protect your programs by isolating all the other programs except the one you are using at the time.
B. It separates and isolates them.
6.What is largely considered the most advanced computer virus?
- Conficker Virus
- Zeus
- Stuxnet.
- agent.biz
C. Stuxnet.
7.What is necessary for a cross-site script attack with cookies to be thwarted?
- CAPTCHAs
- Virtual machines
- Proxies
- Firewalls
A. CAPTCHAs
8.What are the two primary classifications of cross-site scripting?
- DOM-based and persistent
- traditional and DOM-based
- traditional and non-persistent
- non-persistent and persistent.
D. non-persistent and persistent.
9.Which of the following is a VALID authorization key?
- Public authorization key
- Public ephemeral key authorization key
- Asymmetric authorization keys
- Symmetric authorization keys
A. Public authorization key
10.Which of the following is a VALID digital signature key?
- Public signature authentication key
- Private signature authentication key
- Symmetric signature authentication key
- Private signature key
D. Private signature key
1.How can cookies be used to mitigate cross-site scripting?
- Cookies can be coded like a program to intercept script attacks.
- Cookies store an exact mirror copy of all a users web activity.
- Cookies allow for cookie-based user authentication.
- They can't. Cookies only store user information.
C. Cookies allow for cookie-based user authentication.
2.Which of the following uses asymmetric cryptography ?
- VoIP
- SSL
- Both VoIP and SSL
- None of these
C. Both VoIP and SSL
3.Which of the following is not a VALID type of firewall?
- Application-level gateways
- Circuit-level gateways
- Proxy Server Gateways
- Packet filters
C. Proxy Server Gateways
4.What is the less secure AES encryption mode?
- CFB
- OCB
- ECB
- CTR
- CBC
E. CBC
5.What is a method to fend off a Sockstress attack?
- Do nothing. It will pass on its own.
- Prepare a retaliatory DDOS attack
- Black-listing access to TCP services on critical systems
- White-listing access to TCP services on critical systems.
D. White-listing access to TCP services on critical systems.
6.Which of the following HTTP method is considered insecure ?
- POST
- DELETE
- TRACE
- GET
C. TRACE
7.Which of the following represents a cryptographic key that is generated for each execution of a key establishment process ?
- Private key transport key
- Public signature verification key
- Private ephemeral key agreement key
- Public authentication key
C. Private ephemeral key agreement key
8.What does the Linux kernal use to sandbox running programs?
- Linux doesn't sandbox because it is impervious to any and all cyber attacks
- Linux uses a layered system of user authentication to perform sandbox-like functions.
- seccomp, or Secure Computing Mode
- Linux drives are fully encrypted, thus they don't need sandboxing.
C. seccomp, or Secure Computing Mode
9.Which of the following keys are the private keys of asymmetric (public) key pairs that are used only once to establish one or more keys ?
- Public ephemeral key agreement key
- Asymmetric random number generation keys
- Symmetric random number generation keys
- Private ephemeral key agreement key
D. Private ephemeral key agreement key
10.What does a cryptographic key do within the Internet Layer?
- It specifies how encrypted data is transferred and to whom.
- It specifies how transferred information is converted into cyphertext.
- It converts it into encrypted language.
- It is the specialized dataset that is able to decrypt cyphertext.
B. It specifies how transferred information is converted into cyphertext.
1.What is the difference between a worm and virus?
- A worm does not replicate itself like a virus does, but rather moves from computer to computer
- A virus infects files, while a worm eats them
- A worm is a virus created for a very specific purpose
- Unlike a virus, a worm does not need to attach itself to a program to spread.
D. Unlike a virus, a worm does not need to attach itself to a program to spread.
2.Which of the following represents a cryptographic key that is intended to be used for a long period of time?
- Private key transport key
- Public authentication key
- Public signature verification key
- Private static key agreement key
D. Private static key agreement key
3.Which of the following is a VALID ephemeral key?
- Asymmetric ephemeral random number generation keys
- Public ephemeral verification key
- Symmetric ephemeral random number generation keys
- Public ephemeral key agreement key
D. Public ephemeral key agreement key
4.Which of the following enables secure and private data exchange/transfer on an unsecure public network ?
- Public Key Infrastructure
- Virtual Key Infrastructure
- Private Key Infrastructure
- All of the given options are correct
A. Public Key Infrastructure
5.Which of the following keys are used to encrypt other keys using symmetric key algorithms ?
- Symmetric random number generation keys
- Asymmetric random number generation keys
- Symmetric key wrapping key
- Public signature verification key
C. Symmetric key wrapping key
6.Which of the following keys are used to encrypt other keys using symmetric key algorithms ?
- Symmetric random number generation keys
- Asymmetric random number generation keys
- Symmetric key wrapping key
- Public signature verification key
C. Symmetric key wrapping key
7.Which of the following is a standalone computer program that pretends to be a well-known program in order to steal confidential data ?
- Virus
- Spyware
- Fraudtool
- Malware
C. Fraudtool
8.In the sublayer of which of the following does TLS and SSL performs the data encryption of network connections?
- presentation layer
- Both session and presentation layer
- session layer
- application layer
D. application layer
9.Which of the following are the public keys of asymmetric (public) key pairs that are used to encrypt keys using a public key algorithm?
- Public signature verification key
- Private signature key
- Public key transport key
- Private key transport key
C. Public key transport key
10.Which of the following are the public keys of asymmetric key pairs that are used to encrypt keys using a public key algorithm ?
- Private signature key
- Private key transport key
- Public signature verification key
- Public authentication key
B. Private key transport key
1.Which of the following actions can be taken while filtering SMTP spam traffic?
- Delete the spam mail
- Redirect it to the spam mail box
- Return it to the sender.
- Tag the spam mail
- 1, 2, 3
- 1,2
- 1,2,4
- 3
C. 1,2,4
2.Which of the following files are mostly infected?
- .DOT
- .EXE
- .COM
- .TXT
- 1,2,3
- 3,4
- 2,3
- 4
A. 1,2,3
3.What is the function of MTA(Mail Transfer Agent)?
- It helps in reading the emails
- It receives and delivers the messages
- It resolves the names
- It detects emails carrying virus
B. It receives and delivers the messages
4.What is DHA?
- Directory Harvest Attack
- DNS Harvest Attack
- Direct Harvest Attack
- Dictionary Harvest Attack
A. Directory Harvest Attack
5.How many keys are required if two parties communicate using Symmetric Cryptography?
- One
- Two
- Three
- Four
A. One
6.What is S/MIME?
- Secure Multipurpose Intranet Mail Extensions
- Secure Multipurpose Internet Mail Extensions
- Secure Multipurpose Internet Message Extensions
- Secure Multipurpose Intranet Message Extensions
B. Secure Multipurpose Internet Mail Extensions
7.Which of the following anti-spam measures are taken to reduce spam?
- Legislative measures
- Organizational measures
- Behavioral measures
- Technological measures.
- All of the above
E. All of the above
8.Which of the following are famous worm attacks?
- MyDoom Worm
- Bagle Worm
- Netsky Worm
- Sasser Worm
- All of the above
E. All of the above
9.Which of the following techniques are used by spammers to find valid/existent email addresses?
- SMTP spoofing
- SMTP poisioning
- DNS poisioning
- Directory Harvest Attack
D. Directory Harvest Attack
10.Daniel has deployed an antispam solution in his network. Positive detection of non-spam SMTP is called:
- Negative detection
- False positive detection
- False negative detection
- Untrue detection
B. False positive detection
1.Which of the following techniques helps in cases of address forgery?
- SMTP extensions
- Cryptographic authentication
- Path authentication
- Hybrid authentication
C. Path authentication
2.Which of the following types of virus lives in the boot sector?
- Sector virus
- Parasitic virus
- boot sector virus
- Bootable virus
C. boot sector virus
3.Which of the following is the Symmetric Algorithm used in cryptography?
- MD4
- El Gamal
- IDEA
- RSA
B. El Gamal
4.Suppose you got a mail from someone saying that you have won a $1 billion and asking you to give him/her $4000 to claim your prize. Under which category does this type of spam mail lie?
- Phishing and Fraud
- Spoofing mails
- Hoaxes
- Chain mails
A. Phishing and Fraud
5.What is botnet?
- A software that runs automatically and autonomously.
- A software used for antispam
- A software used to manage MTA
- A software used to manage MDA
A. A software that runs automatically and autonomously.
6.Which of the following goals cannot be achieved with the help of Symmetric Cryptography?
- Nonrepudiation
- Confidentiality
- Integrity
- Availability.
D. Availability.
7.To which of the following components does the MUA(Mail User Agent) forward the mail while sending it to another host in the e-mail flow?
- Mail User Agent
- Firewall
- Router
- Mail Transfer Agent
D. Mail Transfer Agent
8.What is the maximum key length of AES?
- 56
- 156
- Variable
- 256
D. 256
9.Which of the following are disadvantages of the Symmetric Key Cryptography?
- Nonrepudiation
- Scalability
- Key distribution
- Security.
C. Key distribution
10.What are the Measures to be Adopt for Best Virus Protection?
- Use of Antivirus.
- Use of Firewall.
- Keeping Software updated.
- Download only trusted programs.
- Avoid pirated software.
- Be cautious about Phishing and Social Engineering.
- Be wise with Passwords.
- All Of the Above
F. All Of the Above
1.Which of the following are the ways through which virus spreads?
- Floppy Disk
- CD
- Email attachments
- Network connection
- All of the above
E. All of the above
2.Which of the following are categories of spam mails?
- Phishing and Fraud
- Spoofing mails
- Hoaxes
- Chain mails
- All of the above
E. All of the above
3.Daniel has deployed an antispam solution in his network. If a spam SMTP is accepted, it is called:
- Negative detection
- False positive
- False negative
- Untrue detection
C. False negative
4.Which of the following are preventive antivirus measures?
- Do not open attachments from suspicious sources.
- Delete chain and junk mails.
- Exercise caution while downloading from the internet
- Backup your files.
- All of the above
E. All of the above
5.Which of the following ports is used by IMAP?
- 139
- 143
- 142
- 25
B. 143
6.What are zombies?
- Antispam solutions.
- Remotely controlled hosts.
- Antivirus solutions
- Hackers
B. Remotely controlled hosts.
7.How many keys are required if two parties communicate using Asymmetric Cryptography?
- One
- Two
- Three
- Four
B. Two
8.Which of the following programs establishes modem connection with pay-per-visit resources?
- Trojans
- Automatic dialers
- Worms
- Antivirus
B. Automatic dialers
9.Suppose you got a mail from the HSBC bank asking you to give your online bank account details. Under which of the spam mail categories does this mail?
- Phishing and fraud.
- Chain Mails.
- Hoaxes
- Brand spoofing.
A. Phishing and fraud.
10.What is Phishing?
- Fraudulently acquiring sensitive information.
- An encryption technique
- An anti-spam technique
- A password building technique
A. Fraudulently acquiring sensitive information.
1.Which of the following are direct harms caused by spam?
- Loss of productivity
- Increased staff costs
- Increased infrastructure costs
- Increased downloading costs
- All of the above
E. All of the above
2.Which of the following is the Hashing Algorithm?
- AES
- 3-DES
- DES
- MD5
D. MD5
3.Which key is used to decrypt the message in PKI?
- Public Key.
- Private Key.
- Pre-shared Secret Key.
- Hybrid Key.
B. Private Key.
4.What is Joe Job?
- A virus
- An antivirus
- A spam attack
- An antispam
C. A spam attack
5.Which of the following are Email Security Protocols?
- S/MIME
- PEM
- STE
- PME
A. S/MIME
6.Which of the following symmetric algorithms have variable key length?
- AES
- Triple DES
- IDEA
- Rivest Cipher 4
D. Rivest Cipher 4
7.What is Mail Exchanger(MX) Record?
- Router route.
- Record in router.
- Record in DNS specifying the internet email route.
- Record in DHCP specifying the email route
C. Record in DNS specifying the internet email route.
8.Which of the following measures should be taken to tackle spam mails?
- Blocking and accepting on the basis of MTA IP address
- Limiting the number of outgoing e-mails per account
- Authentication mechanisms
- Spam filtering.
- All of the above
E. All of the above
9.Which of the following are different categories of viruses?
- Parasitic
- Bootstrap sector
- Companion
- All of the above
D. All of the above
10.What is the function of the Reverse DNS Look up Technique in identifying spam mails?
- To check the sender's email server attempting for spoofing
- To check the receiver's email server attempting for spoofing
- To check the DNS server validity
- None of these
C. To check the DNS server validity
1.What is IMAP?
- Internet Messaging Application
- Interanet Messaging Application
- Interanet Message Access Protocol
- Internet Message Access Protocol
D. Internet Message Access Protocol
2.Which of the following are threats to Email Security?
- Viruses
- Trojans
- Spams
- Phishing
- All of the above
E. All of the above
3.Which of the following symmetric encryption algorithms is/are supported by S/MIME?
- RSA
- DES
- 3DES
- SHA-1
A. RSA
4.Which of the following are the disadvantages of verification?
- More complications
- Increased internet traffic
- Problems in sending valid bulk mails
- Insecurity against social engineering.
- All of the above
E. All of the above
5.How many antivirus programs should be installed on a single system?
- 1
- 2
- 3
- 4
A. 1
6.Which of the following are indirect harms caused by spam?
- Malicious payload
- Fraud
- Loss of reputation
- Increased communication costs
- All of the above
C. Loss of reputation
7.Which of the following are the benefits reaped from spam by those associated with antispam measures?
- Antispam software sales
- Antivirus software sales
- Increased revenue from advertising
- Bandwidth sales
- All of the above
A. Antispam software sales
8.What does "RBL" stands for in Email Security?
- Realtime Blacking List
- Realtime Blocking List
- Realtime Blockhole List
- Realtime Blackhole List
D. Realtime Blackhole List
9.Dave is fetching mails from a server lying at a remote location. Which protocol is he using to fetch the mails?
- SMTP
- HTTP
- SSL
- S/MIME
- POP3
E. POP3
10.Which of the following programs is used by a user to send and receive emails?
- Mail Transfer Agent
- Mail Delivery Agent
- Mail User Agent
- Mail Reading Agent
C. Mail User Agent
1.Which of the following are different types of spam filtering methods?
- Blacklisting
- Rule based filtering
- Signature based filtering
- Bayesian filtering
- All of the above
E. All of the above
2.Which of the following is used in a Directory Harvest Attack?
- Worms
- Brute Force
- Trojans
- Viruses
B. Brute Force
3.Which of the following resembles the Joe Job attack?
- A virus outbreak on the mail server
- Finding valid/existent email addresses
- Crashing of the mail server
- A spam attack that uses spoofed sender data and tarnishes the apparent sender's reputation
D. A spam attack that uses spoofed sender data and tarnishes the apparent sender's reputation
4.Which of the following is an asymmetric algorithm?
- MD5
- El Gamal
- IDEA
- SHA-1
B. El Gamal
5.Which of the following is used to entangle spammers?
- MDA
- Spam mails
- Trojans
- Honey pots
D. Honey pots
6.Which of the following protocols is used on the sender side when an electronic mail is sent from one host to another?
- SMTP
- POP3
- HTTP
- TLS
- SSL
A. SMTP
7.Which of the following techniques are used to identify spam mails?
- Blacklists/Whitelists
- Integrity Check
- Heuristics
- Content Filtering
- Reverse DNS lookup
- All of the above
F. All of the above
8.Which of the following actions can be taken while filtering POP3 spam traffic?
- Delete the spam mail
- Redirect it to the spam mail box
- Return it to the sender.
- Tag the spam mail
B. Redirect it to the spam mail box
9.Which of the following is used to control zombies?
- Viruses
- Worms
- Trojan horses
- Spam mails
C. Trojan horses
10.Which of the following are malicious code attacks?
- Brute force
- Trojan horses
- DDoS
- Viruses
- Malware
E. Malware
1.Where might a spammer get your personal information from?
- MySpace
- All of these
D. All of these
2.Which of the following spam filtering techniques has the highest potential for generating false positives?
- Community Filtering
- Bayesian Filtering
- Challenge-Response Filtering
- Keyword Filtering
D. Keyword Filtering
3.Why shouldn't a user click unsubscribe links from spam messages?
- clicking the link will prevent
- unsubscribing makes finding the sender difficult
- the click may validate the email address
- None of the above
C. the click may validate the email address
4.What is an example of a Phishing scam?
- An application that looks useful, but actually Contains spyware to slow down your computer
- An email that appears to be legitimate, but is really being used to obtain personal or important information
- Hacking into a computer and leaving false trails on who did it
- Installing a virus and then asking you to pay to remove it
B. An email that appears to be legitimate, but is really being used to obtain personal or important information
5.Malware is short for
- Malicious Software
- Malicious Systems
- Maliant Software
- Maliant Systems
A. Malicious Software
6.What is a good method for a website owner to confirm a user is not using an account for a spamming purposes?
- Users must associate a phone to their account and confirm a number sent to them via text
- Requiring users provide valid personal information during sign up
- Users that register must click on a confirmation link to the email they specify in their profile
- All of these
D. All of these
7.A virus is a program that attaches itself to (or replaces the contents of) which of the following file types?
- Text files
- Executables
- Header files
- Source files
B. Executables
8.In order for antivirus programs to be most effective, it is necessary to keep which of the following up to date?
- Web browsers
- File hashes
- Antivirus encryption keys
- Virus definition files
D. Virus definition files
9.Which of the following is not a well known anti-virus program?
- AVAST
- SMAG
- AVG
- McAFee
B. SMAG
10.What is a captcha?
- A spam email that attempts to "capture" information and then use that information to cause damage; the second phase is often referred to as the "gotcha" phase.
- An SPAM email written in all caps
- It is a tool websites often use to prevent automated spammer bots from posting or registering on a website by forcing the user to do a task, often entering in letters or numbers based on a picture or audio, which verifies that they are human.
- A group of characters in hidden in an email that often includes code used in malware
C. It is a tool websites often use to prevent automated spammer bots from posting or registering on a website by forcing the user to do a task, often entering in letters or numbers based on a picture or audio, which verifies that they are human.
1.What are types of malware?
- Viruses
- Spyware
- Worms
- All of these
D. All of these
2.What could be a good indicator of a Spam email?
- Something that sounds too good to be true
- An email that contains plenty of grammar mistakes
- An email sent to a bunch of random people
- All of these
D. All of these
3.In order to infect a system, clicking an email attachment must cause which of the following conditions to occur?
- the attachment is saved to the disk
- the attachment is decompressed
- the attachment opens in a preview editor
- the attachment executes
D. the attachment executes
4.If you cannot delete malware infected file, what is good method to try first?
- Reformat then attempt to delete the file
- Run Windows Repair
- Run Windows Restore
- Boot in Windows safe mode and attempt to delete the file
D. Boot in Windows safe mode and attempt to delete the file
5.Which of these is an example of a possible victim in a phishing attack?
- The website that was hacked
- The person who had their identity stolen
- The bank of the victim
- All of these
D. All of these
6.What is a keylogger?
- Software that that records keys you set when encrypting files
- Software that records keystrokes made on a keyboard
- Software used to log all attempts to access a certain file
- Software that steals passwords or "keys" that you have saved on your computer
B. Software that records keystrokes made on a keyboard
7.A virus can spread to another computer by
- Sharing an infected file with another computer
- Through touch
- Pinging other computers from the infected computer
- Being on the same network as that computer
A. Sharing an infected file with another computer
8.Automated spamming tools subscribe to mail lists in order to complete which of the following tasks?
- collect email addresses
- deny service to mail list recipients
- introduce security holes into the list
- None of these
A. collect email addresses
9.What is a computer virus?
- Software that steals files from your computer and is used by blackmailers
- Spyware that slows down a computer by sending statistics to an unknown source
- A type of malware that replicates itself and spreads to other files and/or computers.
- A software that hijacks your computer and asks you to pay in order for it to be removed
C. A type of malware that replicates itself and spreads to other files and/or computers.
10.Which of these techniques would be effective in helping to prevent phishing attacks by scammers?
- Use IFRAME's
- Allow XSS
- Scan for and fix XSS issues
- Use Pop-ups
C. Scan for and fix XSS issues
1.What run command can you use to check what programs load on startup?
- cmd
- ipconfig
- msconfig
- startup
C. msconfig
2.A client asks you to fix his computer because it has ransomware on it. He says he sees a message as soon as he loads windows, and cannot do anything else. What is the best way to fix this computer without losing any of his data?
- Reinstall Windows
- Reformat the computer
- Boot from a USB drive and run a program to remove the malware
- Use Windows Restore
C. Boot from a USB drive and run a program to remove the malware
3.What is a botnet?
- Software that automates networks
- A program that sends emails repeatedly infecting other computers who open it
- A collection of malware stored in a network
- A collection of computers working together to perform a single task. These computers are often penetrated by software containing malware.
D. A collection of computers working together to perform a single task. These computers are often penetrated by software containing malware.
4.What is rogue security software?
- Security software that has been compromised to not pick up certain threats
- Security software that is no longer being used for the purpose that was intended due to an exploit or hacker.
- A fraudulent security program that appears to be helpful, but is actually not. It may deceive or mislead users into paying money to remove fake viruses or introduce malware after it is installed
- Security software that considers data files or programs as viruses, when they are not.
C. A fraudulent security program that appears to be helpful, but is actually not. It may deceive or mislead users into paying money to remove fake viruses or introduce malware after it is installed
5.What is an example of a "419" Scam
- Someone who uses social engineering to gain access to your computer or personal information
- Someone who sends you an email in hopes you open an attachment which contains a virus
- When you download a program that appears harmless, but it actually installs spyware on your computer
- A con in which someone asks you for assistance in retrieving a vast sum of money. Often it involves you helping him or her pay off certain fees and in return they promise to share the money with you
D. A con in which someone asks you for assistance in retrieving a vast sum of money. Often it involves you helping him or her pay off certain fees and in return they promise to share the money with you
6.What is the main difference between spyware and other malware?
- There is no difference
- Spyware that slows down a computer by sending statistics to an unknown source, while malware only includes threats from inside your own computer
- Malware monitors data usage, while spyware infects your computer with viruses
- Spyware tends to steal or monitor data and/or personal information while malware encompasses all software that may been made with malicious intent in mind.
D. Spyware tends to steal or monitor data and/or personal information while malware encompasses all software that may been made with malicious intent in mind.
7.What is a backdoor?
- A vulnerability in software that allows someone to bypass the normal authentication process
- It is a known bug or exploit hackers use to cause software to behave in a way that was not intended by the manufacturer
- It is where viruses store their source code and begin to replicate
- It is a way for spyware to leave a system without any trace of it being there
A. A vulnerability in software that allows someone to bypass the normal authentication process
8.Which of the following sites provide services for users to setup disposable emails?
- jetable.org
- gmail.com
- yahoo.com
- hotmail.com
A. jetable.org
9.Virus infection via email attachments can be minimized using which of the following?
- Opening attachments from external hard drives
- Copying attachments to special directories before opening them
- Right clicking attachments
- Deleting mail containing attachments from unknown senders
D. Deleting mail containing attachments from unknown senders
10.In order to help prevent spam, a tarpit performs which of the following functions?
- traps suspected spam messages
- routes suspected spam to special enclaves in the system
- acts as a desirable mail server in order to lure spammers
- delivers suspected spam messages more slowly
D. delivers suspected spam messages more slowly
1.Why are disposable email addresses useful?
- It is useful for someone who needs to give out their email or sign up to a website, but wants to protect their real email address from SPAM.
- It is useful for spammers to create false email addresses that does not exist in order to spoof the from email in their spam messsages.
- It is useful for spammers who want to send out a one time mass email, but never use that same email address again
- It is useful for people who do not want their emails to be read
A. It is useful for someone who needs to give out their email or sign up to a website, but wants to protect their real email address from SPAM.
2.What is ransomware?
- A nickname for types of spyware that require a password on boot
- Software that steals files from your computer and is used by blackmailers
- A software that hijacks your computer and asks you to pay in order for it to be removed
- Viruses that infect files and won't let you open them unless you know a certain pass code
C. A software that hijacks your computer and asks you to pay in order for it to be removed
3.What is disposable email addressing?
- A practice in which a spammer sends out mass emails from a single email account, but never logs into that account again.
- Email addresses that are not rea, but they appear on the from section of an email. They are often used to help protect spammer's from being traced.
- Someone who creates an email for the sole purpose of sending out spam
- A practice in which you set a unique email address for sender/recipient communication. Disposable email addresses typically forward to one or more real email mailboxes where the owner can receive and read messages without revealing their true email.
D. A practice in which you set a unique email address for sender/recipient communication. Disposable email addresses typically forward to one or more real email mailboxes where the owner can receive and read messages without revealing their true email.
4.When a spammer forges the sender's address and enters an invalid receiver, which of the following settings will cause the receiving mail server to create backscatter?
- Reject messages
- Drop messages
- Bounce messages
- None of these
C. Bounce messages
5.In order to help prevent spam, a honeypot performs which of the following functions?
- acts as a desirable mail server in order to lure spammers
- delivers suspected spam messages more slowly
- traps suspected spam messages
- routes suspected spam to special enclaves in the system
A. acts as a desirable mail server in order to lure spammers
6.What is an example of a captcha?
- An interactive program which have instructions that read: "Move the triangle into the circle"
- 1 + 1 = ?
- What are the characters in this picture?
- All of these
D. All of these
7.You have been told by several of your friends you have recently sent SPAM emails to them, what could be the cause of this and what should you do?
- A spammer may have infiltrated your email provider's host and compromised your account. You should notify your email provider.
- A spammer or bot may have gained access to your email account and sent out SPAM to all of your contacts. You should change your password immediately.
- A spammer has gained access to your email. Unfortunately, the only thing you can do to prevent further SPAM is to close your account and create a new email address.
- A spammer is spoofing your email address. You should tell your friends to block the email address.
B. A spammer or bot may have gained access to your email account and sent out SPAM to all of your contacts. You should change your password immediately.
8.Which is not an example of an anti-spyware tool?
- Ad-Aware
- Windows Defender
- Spybot
- Kazaa
D. Kazaa
9.Which of the following spam filtering issues stops valid messages from being delivered?
- false positives
- false negatives
A. false positives
10.Which is most likely something that could be considered strange account activity and may require further scrutiny on an e-commerce site?
- A user logs in from another computer than the last login
- A user changes their email
- Orders from several user accounts are being sent to the same physical address
- A user changes their more than once password
C. Orders from several user accounts are being sent to the same physical address
1.Which of the following techniques requires posting an email address where only spammers would find it?
- Tarpits
- Spam Traps
- Blacklists
- None of these
B. Spam Traps
2.Antivirus programs hash files on a computer in order to detect which of the following activities?
- File size changes
- File permissions changes
- File content changes
- All of these
C. File content changes
3.Performing outbound spam filtering does which of the following for an organization?
- helps prevent whitelisting
- helps prevent blacklisting
- helps prevent spam trapping
- All of these
B. helps prevent blacklisting
4.What is CryptoLocker?
- A module of the Windows BitLocker encryption system.
- A type of encrypted Linux file system.
- A type of ransomware which encrypts user files and demands payment for the decryption key.
- A malware class which is known for encrypting itself to avoid detection.
C. A type of ransomware which encrypts user files and demands payment for the decryption key.
5.Which type of analysis is an antivirus program performing when it observes a file's activities in a sandbox or decompiles a file and analyzes its instructions?
- Performance Analysis
- Heuristic Analysis
- Signature Analysis
- All of these
B. Heuristic Analysis
6.Which of the following tools would NOT be useful in figuring out what spyware or viruses could be installed on a client's computer?
- WireShark
- Malware Bytes
- HighjackThis
- HitmanPro
A. WireShark
7.How can delivering mail as text instead of html help prevent spam?
- text mail prevents web bugs from alerting spammer that the message was opened
- mail servers won't accept html messages if they are in text mode
- text is easier to analyze for spammer information
- All of these
A. text mail prevents web bugs from alerting spammer that the message was opened
8.What is email spoofing?
- Copying or forwarding emails and then editing their To and From to make it appear that the email was originally sent to or from someone else
- When someone forges or makes it appear that a email being sent is from a particular sender when it really is being sent by someone else.
- When someone sends an email that appears to look like a legitimate, but it is actually not and is being used to obtain personal or important information.
- Sending an email through multiple accounts in order to make it difficult to trace back the original email's sender address or origin
B. When someone forges or makes it appear that a email being sent is from a particular sender when it really is being sent by someone else.
9.Which of the following reduces spam by rejecting mail from a specific ip addresses?
- URL Blacklisting
- DNS Blacklisting
- IMAP Blacklisting
- POP3 Blacklisting
B. DNS Blacklisting
10.Antivirus signatures are constructed using with of the following?
- Encryption Algorithms
- Random Number Generators
- Hashes
- Cyclic Redundancy Checks
C. Hashes
1.How can you help stop spam?
- Block certain email addresses known for sending spam
- Setup email filters based on keywords known to be in spam
- Unsubscribe from listservs
- All of these
D. All of these
2.Which of the following characteristics classify a mail message as spam?
- it is solicited and indiscriminately addressed
- it is unsolicited and indiscriminately addressed
- it is solicited and contains advertising
- it is unsolicited and contains advertising
B. it is unsolicited and indiscriminately addressed
3.Which of the following is true of macro viruses?
- They depend on the operating system to propagate
- They are larger than traditional viruses
- They depend on applications to propagate
- They are written in low-level languages to avoid detection
C. They depend on applications to propagate
4.Which of the following can prevent virus infections?
- Implementing a firewall
- Implementing an intrusion detection system
- Patching programs and the operating system
- All of these
C. Patching programs and the operating system
5.In a compromised system, which of the following provides the safest way to analyze it?
- Live CD/DVD
- Resident Antivirus Program
- Live USB
- All of these
A. Live CD/DVD
6.Is commercial SPAM legal in the United States?
- Yes because it is protected under the first amendment
- Yes, but only if it is an advertisement for a real product.
- Yes, but only if it follows the standards listed in the CAN-SPAM Act of 2003
- No
C. Yes, but only if it follows the standards listed in the CAN-SPAM Act of 2003
7.Which of the following differentiates a virus from a worm?
- a worm requires user interaction to infect a machine
- a worm can infect multiple machines
- a virus requires user interaction to infect a machine
- a virus can only infect a single machine
C. a virus requires user interaction to infect a machine
8.Which of the following spam filtering techniques statistically analyzes mail?
- Keyword Filtering
- Challenge-Response Filtering
- Community Filtering
- Bayesian Filtering
D. Bayesian Filtering
9.Firewalls help to prevent which of the following malware from propagating?
- Encrypted viruses
- Worms
- Polymorphic viruses
- Trojan viruses
B. Worms
10.On a WordPress site, which is the default service/tool to prevent spammers from posting comments?
- Website Inspector
- Akismet
- MailWasher Pro
- SpamAssassin
B. Akismet
Post a Comment