Cyber Security Solved MCQs

Cyber Security Solved MCQs

This section contains more frequently asked Multiple Choice Questions and Answers on Cyber Security/Internet Security in the various competitive exams.

1.Which of the following is an anti-virus program

Norton
K7
Quick heal
All of these

D. All of these

2.All of the following are examples of real security and privacy threats except:

Hackers
Virus
Spam
Worm

C. Spam Explanation :

Spamming, unsolicited or undesired electronic messages
Email spam, unsolicited, undesired, or illegal email messages
Messaging spam, spam targeting users of instant messaging (IM) services, sms or private messages within websites

3.Trojan horses are very similar to virus in the matter that they are computer programs that replicate copies of themselves

True
False

B. False

4._____________ monitors user activity on internet and transmit that information in the background to someone else.

Malware
Spyware
Adware
None of these

B. Spyware

5.Viruses are __________.

Man made
Naturally occur
Machine made
All of the above

A. Man made

6.Firewall is a type of ____________.

Virus
Security threat
Worm
None of the above

D. None of the above Explanation :

7.Unsolicited commercial email is known as ____________.

Spam
Malware
Virus
Spyware

A. Spam

8.Which of the following is not an external threat to a computer or a computer network

Ignorance
Trojan horses
Adware
Crackers

A. Ignorance

9.When a person is harrassed repeatedly by being followed, called or be written to he / she is a target of

Bullying
Stalking
Identity theft
Phishing

B. Stalking Explanation :

10.Which of the following is a class of computer threat

Phishing
Soliciting
DoS attacks
Stalking

C. DoS attacks Explanation :

1.A lincense allows a user to use copyrighted material.

True
False

A. True

2. It is a program or hardware device that filters the information coming through an internet connection to a network or computer system.

Anti virus
Cookies
Firewall
Cyber safety

C. Firewall

3. It allow a visited website to store its own information about a user on the user’s computer.

Spam
Cookies
Malware
Adware

B. Cookies

4. It is stealing ideas or creations of others.

Plagiarism
Intellectual Property Rights
Piracy
All of the above

D. All of the above

5.Hacking a computer is always illegal and punishable by law.

True
False

A. True

6. Exploring appropriate and ethical behaviours related to online environments and digital media.

Cyber ethics
Cyber security
Cyber safety
Cyber law

A. Cyber ethics

7.Which of the following is digital certificate standard?

X.508
X.509
D.509
None of the Above

B. X.509

8.Which of the following technique is used to verify the integrity of the message?

Message digest
Digital signature
Decryption algorithm
Protocol

A. Message digest

9.Which of the following principle is violated if computer system is not accessible?

Confidentiality
Availability
Access Control
Authentication

B. Availability

10.The certificate Authority signs the digital certificate with

User's public key
User's Private Key
It's own public key
It's own Private key

D. It's own Private key

1.Transit time and response time measure the _______ of a network

Performance
Reliability
Security
Longevity

A. Performance

2.The number of users on a network has the greatest impact on the network's _______

Performance
Reliability
Security
none of the above

A. Performance

3.Network failure is primarily a _______ issue.

Performance
Reliability
Security
none of the above

B. Reliability

4._______ is a network reliability issue.

The number of users
The type of transmission medium
The frequency of failure
Unauthorized access

C. The frequency of failure

5._______ is a network reliability issue.

Catastrophe
The number of users
The type of transmission medium
Unauthorized access

A. Catastrophe

6.Unauthorized access is a network _______ issue.

Performance
Reliability
Security
none of the above

C. Security

7.A virus is a network _______ issue.

Performance
Reliability
Security
none of the above

C. Security

8.Encryption techniques improve a network's _______

Performance
Reliability
Security
Longevity

C. Security

9.A _______ is illicitly introduced code that damages a network device

Protocol
Virus
Catastrophe
Medium

B. Virus

10.Passwords are used to improve the _______ of a network.

Performance
Reliability
Security
Longevity

C. Security

1.Unauthorized access and viruses are issues dealing with network _______

Performance
Reliability
Security
none of the above

C. Security

2.Which of the following are network reliability issues?

frequency of failure
recovery time after a failure
catastrophe
all of the above

D. all of the above

3.When a hacker penetrates a network, this is a network _______ issue

Performance
Reliability
Security
none of the above

C. Security

4.When a server goes down, this is a network _______ issue.

Performance
reliability
Security
none of the above

B. reliability

5.When an earthquake severs a fiber-optic cable, this is a network _______ issue

Performance
Reliability
Security
none of the above

A. Performance

6.When a network upgrades to a transmission medium with a data rate that is 100 times faster, this improves the _______ of the network.

Performance
Reliability
Security
none of the above

A. Performance

7.A company doubles the number of nodes on its network. The greatest impact will be on the _______ of the network

Performance
Reliability
Security
none of the above

A. Performance

8.A company changes its network configuration so that only one router instead of two can access the Internet. The greatest impact will be on the _______ of the network

Performance
Reliability
Security
None of the above

C. Security

9.A company requires its users to change passwords every month. This improves the _______ of the network

Performance
Reliability
Security
none of the above

C. Security

10.A company buys a computer to serve as a backup to its main server. This will mainly affect the _______ of the network.

Performance
Reliability
Security
none of the above

B. Reliability

1.A company requires each employee to power off his computer at the end of the day. This rule was implemented to make the network _______

perform better
more reliable
more secure
more error-free

C. more secure

2.What Security tradeoff occurs while using IDS (Intrusion Detection System)?

Change in permission
Login Failures
Change in privilege
Performance degradation

D. Performance degradation Explanation :

3.EDI (Electronic Data Interchange) use

requires an extranet
requires value added network
can be done on internet
requires a corporate intranet

C. can be done on internet Explanation :

4.EDI (Electronic Data Interchange) over internet uses

MIME to attach EDI forms to e-mail messages
FTP to send business forms
HTTP to send business forms
SGML to send business forms

A. MIME to attach EDI forms to e-mail messages

5.For secure EDI (Electronic Data Interchange) transmission on internet

MIME is used
S/MIME is used
PGP is used
TCP/IP is used

B. S/MIME is used

6.EDI (Electronic Data Interchange) standard

is not easily available
defines several hundred transaction sets for various business forms
is not popular
defines only a transmission protocol

B. defines several hundred transaction sets for various business forms

7.By security in e-Commerce we mean
(i) Protecting an organization’s data resource from unauthorized access
(ii)Preventing disasters from happening
(iii) Authenticating messages received by an organization
(iv) Protecting messages sent on the internet from being read and understood by unauthorized persons/organizations

i, ii
ii, iii
iii, iv
i, iii, iv

D. i, iii, iv

8.A firewall is a

wall built to prevent fires from damaging a corporate intranet
security device deployed at the boundary of a company to prevent unauthorized physical access
security device deployed at the boundary of a corporate intranet to protect it from unauthorized access
device to prevent all accesses from the internet to the corporate intranet

C. security device deployed at the boundary of a corporate intranet to protect it from unauthorized access

9.A firewall may be implemented in

routers which connect intranet to internet
bridges used in an intranet
expensive modem
user’s application programs

A. routers which connect intranet to internet

10.Firewall as part of a router program

filters only packets coming from internet
filters only packets going to internet
filters packets travelling from and to the intranet from the internet
ensures rapid traffic of packets for speedy e-Commerce

C. filters packets travelling from and to the intranet from the internet

1.Main function of proxy application gateway firewall is

to allow corporate users to use efficiently all internet services
to allow intranet users to securely use specified internet services
to allow corporate users to use all internet services
to prevent corporate users from using internet services

B. to allow intranet users to securely use specified internet services

2.Proxy application gateway
(i) acts on behalf of all intranet users wanting to access internet securely
(ii)monitors all accesses to internet and allows access to only specified IP addresses
(iii) disallows use of certain protocols with security problems
(iv) disallows all internet users from accessing intranet

i, ii
i, ii, iii
i, ii, iii, iv
ii, iii, iv

B. i, ii, iii

3.A hardened firewall host on an intranet
(i) has a proxy application gateway program running on it
(ii)Allows specified internet users to access specified services in the intranet
(iii) Initiates all internet activities requested by clients and monitors them
(iv) prevents outsiders from accessing IP addresses within the intranet

i, ii
i, ii, iii
i, ii, iii, iv
ii, iii, iv

C. i, ii, iii, iv

4.A hardened firewall host on an Intranet is

a software which runs in any of the computers in the intranet
a software which runs on a special reserved computer on the intranet
a stripped down computer connected to the intranet
a mainframe connected to the intranet to ensure security

B. a software which runs on a special reserved computer on the intranet

5.By encryption of a text we mean

compressing it
expanding it
scrambling it to preserve its security
hashing it

C. scrambling it to preserve its security

6.Encryption is required to
(i) protect business information from eavesdropping when it is transmitted on internet
(ii) efficiently use the bandwidth available in PSTN
(iii) to protect information stored in companies’ databases from retrieval
(iv) to preserve secrecy of information stored in databases if an unauthorized person retrieves it

i and ii
ii and iii
iii and iv
i and iv

D. i and iv

7.Encryption can be done

only on textual data
only on ASCII coded data
on any bit string
only on mnemonic data

C. on any bit string

8.By applying permutation (31254) and substitution by 5 characters away from current character (A Æ F , B Æ G etc..) the following string ABRACADABRA becomes

FGWCAAADRBF
RABCAAADRBF
WFGHFFFIWGF
None of the above

C. WFGHFFFIWGF

9.The following ciphertext was received. The plaintext was permuted using permutation (34152) and substitution. Substitute character by character +3 (A Æ D, etc). The plain text after decryption is: Cipher text :PDLJDLXHVQC

MAIGAIUESNZ
IAMAGENIUSZ
LDPDJHPLXVZ
IAMAGENIUSC

B. IAMAGENIUSZ

10.By symmetric key encryption we mean

one private key is used for both encryption and decryption
private and public key used are symmetric
only public keys are used for encryption
only symmetric key is used for encryption

A. one private key is used for both encryption and decryption

1.The Acronym DES stands for

Digital Evaluation System
Digital Encryption Standard
Digital Encryption System
Double Encryption Standard

B. Digital Encryption Standard

2.DES works by using

permutation and substitution on 64 bit blocks of plain text
only permutations on blocks of 128 bits
exclusive ORing key bits with 64 bit blocks
4 rounds of substitution on 64 bit blocks with 56 bit keys

A. permutation and substitution on 64 bit blocks of plain text

3.DES
(i) is a symmetric key encryption method
(ii) guarantees absolute security
(iii) is implementable as hardware VLSI chip
(iv) is a public key encryption method

i and ii
ii and iii
i and iii
iii and iv

C. i and iii

4.DES using 56 bit keys

Cannot be broken in reasonable time using presently available computers
Can be broken only if the algorithm is known using even slow computers.
Can be broken with presently available high performance computers.
It is impossible to break ever.

C. Can be broken with presently available high performance computers.

5.Triple DES uses

168 bit keys on 64-bit blocks of plain text
Working on 64-bit blocks of plain text and 56 bit keys by applying DES algorithm for three rounds.
Works with 144 bit blocks of plain text and applies DES algorithm once.
Uses 128 bit blocks of plain text and 112 bit keys and apply DES algorithm thrice.

B. Working on 64-bit blocks of plain text and 56 bit keys by applying DES algorithm for three rounds.

6.ripple DES

Cannot be broken in reasonable time using presently available computers.
Can be broken only if the algorithm is known using even slow computer.
Can be broken with presently available high performance computers.
It is impossible to break ever.

A. Cannot be broken in reasonable time using presently available computers.

7.Triple DES

is a symmetric key encryption method
guarantees excellent security
is implementable as a hardware VLSI chip
is public key encryption method with three keys.

B. guarantees excellent security

8.Public key encryption method is a system

which uses a set of public keys one for each participant in e-Commerce
in which each person who wants to communicate has two keys; a private key known to him only and a public key which is publicized to enable others to send message to him.
which uses the RSA coding system.
which is a standard for use in e-Commerce.

B. in which each person who wants to communicate has two keys; a private key known to him only and a public key which is publicized to enable others to send message to him.

9.Public key system is useful because

it uses two keys.
there is no key distribution problem as public key can be kept in a commonly accessible database.
private key can be kept secret.
it is a symmetric key system.

B. there is no key distribution problem as public key can be kept in a commonly accessible database.

10.In public key encryption if A wants to send an encrypted message

A encrypts message using his private key
A encrypts message using B’s private key
A encrypts message using B’s public key
A encrypts message using his public key

C. A encrypts message using B’s public key

1.In public key encryption system if A encrypts a message using his private key and sends it to B

if B knows it is from A he can decrypt it using A’s public key
Even if B knows who sent the message it cannot be decrypted
It cannot be decrypted at all as no one knows A’s private key
A should send his public key with the message

A. if B knows it is from A he can decrypt it using A’s public key

2.Message can be sent more securely using DES by

encrypting plain text by a different randomly selected key for each transmission
encrypting plain text by a different random key for each message transmission and sending the key to the receiver using a public key system
using an algorithm to implement DES instead of using hardware
designing DES with high security and not publicizing algorithm used by it

B. encrypting plain text by a different random key for each message transmission and sending the key to the receiver using a public key system

3.DES and public key algorithm are combined
(i) to speed up encrypted message transmission
(ii)to ensure higher security by using different key for each transmission
(iii) as a combination is always better than individual system
(iv) as it is required in e-Commerce

i and ii
ii and iii
iii and iv
i and iv

A. i and ii

4.A digital signature is

a bit string giving identity of a correspondent
a unique identification of a sender
an authentication of an electronic record by tying it uniquely to a key only a sender knows
an encrypted signature of a sender

C. an authentication of an electronic record by tying it uniquely to a key only a sender knows

5.A digital signature is required
(i) to tie an electronic message to the sender’s identity
(ii)for non repudiation of communication by a sender
(iii) to prove that a message was sent by the sender in a court of law
(iv) in all e-mail transactions

i and ii
i, ii, iii
i, ii, iii, iv
ii, iii, iv

B. i, ii, iii

6.A hashing function for digital signature
(i) must give a hashed message which is shorter than the original message
(ii)must be hardware implementable
(iii) two different messages should not give the same hashed message
(iv) is not essential for implementing digital signature

i and ii
ii and iii
i and iii
iii and iv

C. i and iii

7.Hashed message is signed by a sender using

his public key
his private key
receiver’s public key
receiver’s private key

B. his private key

8.While sending a signed message, a sender

sends message key using public key encryption using DES and hashed message using public key encryption
sends message using public key encryption and hashed message using DES
sends both message and hashed message using DES
sends both message and hashed message using public key encryption

A. sends message key using public key encryption using DES and hashed message using public key encryption

9.The responsibility of a certification authority for digital signature is to authenticate the

hash function used
private keys of subscribers
public keys of subscribers
key used in DES

C. public keys of subscribers

10.Certification of Digital signature by an independent authority is needed because

it is safe
it gives confidence to a business
the authority checks and assures customers that the public key indeed belongs to the business which claims its ownership
private key claimed by a sender may not be actually his

C. the authority checks and assures customers that the public key indeed belongs to the business which claims its ownership

1.The Secure Electronic Transaction protocol is used for

credit card payment
cheque payment
electronic cash payments
payment of small amounts for internet services

A. credit card payment

2.In SET protocol a customer encrypts credit card number using

his private key
bank’s public key
bank’s private key
merchant’s public key

B. bank’s public key

3.In SET protocol a customer sends a purchase order

encrypted with his public key
in plain text form
encrypted using Bank’s public key
using digital Signature system

D. using digital Signature system

4.One of the problems with using SET protocol is

the merchant’s risk is high as he accepts encrypted credit card
the credit card company should check digital signature
the bank has to keep a database of the public keys of all customers
the bank has to keep a database of digital signatures of all customers

C. the bank has to keep a database of the public keys of all customers

5.The bank has to have the public keys of all customers in SET protocol as it has to

check the digital signature of customers
communicate with merchants
communicate with merchants credit card company
certify their keys

A. check the digital signature of customers

6.In electronic cheque payments developed, it is assumed that most of the transactions will be

customers to customers
customers to business
business to business
banks to banks

C. business to business

7.In cheque payment protocol, the purchase order form is signed by purchaser using

his public key
his private key
his private key using his signature hardware
various public keys

C. his private key using his signature hardware

8.In the NetBill’s protocol for small payments for services available in the internet
(i) the customer is charged only when the information is delivered
(ii)the vendor is guaranteed payment when information is delivered
(iii) the customer must have a certified credit card
(iv) the customer must have a valid public key

i, ii
i, ii, iii
i, ii, iii, iv
i, ii, iv

D. i, ii, iv

9.In NetBill’s protocol for small payments for internet services
(i) Key to decrypt information is sent to customer by NetBill only when there is enough amount in debit account
(ii) The vendor supplies the key to NetBill server when he receives payment
(iii) Checksum of encrypted information received by customer is attached to his payment order
(iv) Vendor does not encrypt information purchased by customer

i, ii
i, ii, iii
i, ii, iii, iv
i, ii, iv

B. i, ii, iii

10.In Electronic cash payment

a debit card payment system is used
a customer buys several electronic coins which are digitally signed by coin issuing bank
a credit card payment system is used
RSA cryptography is used in the transactions

B. a customer buys several electronic coins which are digitally signed by coin issuing bank

1.What does IP mean?

Instance Principle
Internet Protocol
Instant Protocol
Intellectual Property

B. Internet Protocol

2.What happens to your data when it is encrypted?

It is transferred to a third party, encoded, then sent back.
It is compressed, renamed, and archived.
It is sent through a series of supercomputers to be compressed multiple times.
It is recorded to retain privacy from third-parties.

D. It is recorded to retain privacy from third-parties.

3.What is a computer virus?

A virus is the same as a cookie in that it is stored on your computer against your permission.
A virus is friendly software that is simply mislabeled.
Malicious software that merely stays dormant on your computer.
Malicious software that inserts itself into other programs.

D. Malicious software that inserts itself into other programs.

4.Which of the following is valid difference between a Virus and a Spyware ?

Spyware damages data and also steals sensitive private information
Virus damages data, Spyware steals sensitive private information
Spyware damages data, Virus steals sensitive private information
Virus damages data and also steals sensitive private information

B. Virus damages data, Spyware steals sensitive private information

5.How to avoid Man-in-the-middle attacks?

Accept every SSL certificate, even the broken ones
Use connections without SSL
Use HTTPS connections and verify the SSL certificate
None of the above

C. Use HTTPS connections and verify the SSL certificate

6.What happens during the TCP attack; Denial of Service?

A virus is sent to disable their dos prompt.
Viruses are sent to their ISP to deny them tech support.
A worm is loaded onto the victim’s computer to disable their keyboard.
Information is repeatedly sent to the victim to consume their system resources, causing them to shut down.

D. Information is repeatedly sent to the victim to consume their system resources, causing them to shut down.

7.What is Internet Protocol Security?

Methods to secure Internet Protocol (IP) communication.
Ways to disconnect your router in an emergency
Methods to secure a disconnected computer.
Methods to secure your documents from physical breaches.

A. Methods to secure Internet Protocol (IP) communication.

8.Which of the following is a valid Cyber / Internet Security requirement?

Authentication
Integrity
Confidentiality
All of the given options are correct

D. All of the given options are correct

9.Digital signatures provide which of the following ?

Authentication
Non-repudiation
Integrity protection
All of the given options are correct

D. All of the given options are correct

10.In which of the following protocols does a website (if accessed using the protocol) encrypt the session with a Digital Certificate?

TCP
SHTTP
HTTPS
XHTTP

C. HTTPS

1.Which of the following are possible security threats?

Illegitimate use
Backdoors
Masquerading
All of the given options are correct

D. All of the given options are correct

2.What is a firewall?

Firewalls are network-based security measures that control the flow of incoming and outgoing traffic
A firewall is a program that encrypts all the programs that access the Internet.
A firewall is a program that keeps other programs from using the network.
Firewalls are interrupts that automatically disconnect from the internet when a threat appears

A. Firewalls are network-based security measures that control the flow of incoming and outgoing traffic

3.Which of the following involves submitting as many requests as possible to a single Internet computer or service, overloading it and preventing it from servicing legitimate requests?

Distributed denial-of-service attacks
Backdoor
Masquerading
Phishing

A. Distributed denial-of-service attacks

4.Which of the following symmetric keys can be derived from Symmetric master key?

Authentication keys
Key wrapping keys
Data encryption keys
All of the given options are correct

D. All of the given options are correct

5.Which of the following are valid Cryptographic key types?

Public authentication key
Public signature verification key
Private signature key
All of the given options are correct

D. All of the given options are correct

6.Is true that HTTP is an insecure protocol?

True
False

A. True

7.Which is the best way a system can be hardened?

Total disk encryption coupled with strong network security protocols.
White-list ad filtering only.
Installing a commercial security suite.
Virus scanning only.

A. Total disk encryption coupled with strong network security protocols.

8.Why is it crucial to encrypt data in transit?

To assure that all of your information cannot be decrypted.
To decrease your resources.
So you can increase your chances of testing your encryption capabilities.
To prevent unauthorized access to private networks and sensitive information during its most vulnerable state.

D. To prevent unauthorized access to private networks and sensitive information during its most vulnerable state.

9.Which of the following are the basic functionalities of the IPsec Protocol ?

Security association for policy management and traffic processing
Security protocols for AH and ESP
Manual and automatic key management for the internet key exchange
All of the given options are correct

D. All of the given options are correct

10.Can a proxy be used as a firewall? If so, how?

No. Proxies are data encryption stations whose sole purpose is to encrypt and re-rout data.
No. Proxies are firewalls that are maintained at locations other than that of the user.
No. All a proxy does is re-rout Internet traffic, and thus all the malicious signals that go with it.
Yes. A proxy acts as a network intermediary for the user that serves to control the flow of incoming and outgoing traffic.

D. Yes. A proxy acts as a network intermediary for the user that serves to control the flow of incoming and outgoing traffic.

1.In which of the following fraud methods is a legitimate/legal-looking email sent in an attempt to gather personal and financial information from recipients?

Virus
Masquerading
Phishing
Malware

C. Phishing

2.Which of the following is TRUE about TLS?

The HMAC construction used by most TLS cipher suites is specified in RFC 2104
Provides protection against a downgrade of the protocol to a previous (less secure) version or a weaker cipher suite
The message that ends the handshake sends a hash of all the exchanged handshake messages seen by both parties
All of the given options are correct

D. All of the given options are correct

3.Which of the following is a VALID type of Key Management System?

Third-Party Key Management System
Dynamic Key Management System
Integrated Key Management System
Both Integrated Key Management System and Third-Party Key Management System

D. Both Integrated Key Management System and Third-Party Key Management System

4.What is one way that a web browser is vulnerable to breaching?

A browser can be infected by closing it.
A virus can be sent through the monitor.
A browser plugin can be exploited.
Web browsers are impervious to exploitation.

C. A browser plugin can be exploited.

5.What two main categories of network topologies are there?

Digital and Topological
Direct and Indirect
Close and Distant
Physical and logical.

D. Physical and logical.

6.What is another name for an insecure plugin?

Hardware
Software
Firmware
Malware

D. Malware

7.A digital signature scheme consists of which of the following typical algorithms?

Key generation, Signing and Signature verifying algorithm
Signature verifying algorithm
Key generation algorithm
Signing algorithm

A. Key generation, Signing and Signature verifying algorithm

8.Which of the following is TRUE about SSL 3.0?

It has a weak MAC construction that uses the MD5 hash function with a secret prefix
Identical cryptographic keys are used for message authentication and encryption
SSL 3.0 improved upon SSL 2.0 by adding SHA-1 based ciphers and support for certificate authentication
It assumes a single service and a fixed domain certificate, which clashes with the standard feature of virtual hosting in Web servers

C. SSL 3.0 improved upon SSL 2.0 by adding SHA-1 based ciphers and support for certificate authentication

9.There are two types of firewall. What are they?

Internet-based and home-based.
Hardware and software.
Remote and local
Digital and electronic.

B. Hardware and software.

10.True of False? Malware exists which affects both Windows and Linux systems.

True
False

A. True

1.Which of the following refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user's consent?

Malware
Botnet
Trojan horse
Spyware

D. Spyware

2.What is a computer worm?

It is software designed to exploit networks.
It is software designed to analyze and search for open ports.
It is a software utilized to scan packets on open networks.
It is malware designed to infect other computers.

D. It is malware designed to infect other computers.

3.Is a Unix-based system vulnerable to viruses?

Yes. The split is approximately 50/50 when it comes to attacks on Windows vs. Unix based systems.
Yes, the majority of viruses attack Unix-based systems.
No. Linux systems are totally impervious to attacks.
Yes, however the majority are coded to attack Windows-based systems.

D. Yes, however the majority are coded to attack Windows-based systems.

4.Which of the following protocol used Port 443 and Port 80 respectively

HTTPS and HTTP
XHTML
HTTP and HTTPS
DHTML

A. HTTPS and HTTP

5.Which of the following is a means to access a computer program or entire computer system bypassing all security mechanisms?

Backdoor
Masquerading
Phishing
Trojan Horse

A. Backdoor

6.What does TCP mean?

Total Content Positioning
Transmission Control Protocol
Transmittable Constant Protocol
Technical Control Panel

B. Transmission Control Protocol

7.What does cross-site scripting allow for attackers?

Direct introduction of viruses into a victims computer.
The introduction of worm viruses into the victims website.
A phishing attack that automatically downloads the victims personal information.
Injection of client-side scripts into web pages.

D. Injection of client-side scripts into web pages.

8.Which of the following is collection of Internet-connected programs communicating with other similar programs in order to perform tasks?

Botnet
Spyware
Trojan horse
Malware

A. Botnet

9.What are TLS and SSL?

Internet protocols.
Network layers.
Internet layers
Cryptographic protocols.

D. Cryptographic protocols.

10.Who was TLS defined by?

The DEA
OSHA
Internet Engineering Task Force
NSA

C. Internet Engineering Task Force

1.Modern secure password storage should implement:

Salted plain-text values of the password
Hashed values of the password
Plain-text passwords stored in an encrypted database
Salted and hashed values of the password

D. Salted and hashed values of the password

2.What is network topology?

It is the inner networkings of a single computer.
It is the top layer of a computer network.
It is the framework of the components of a computer network.
It is the entirety of the data of a computer network.

C. It is the framework of the components of a computer network.

3.Which of the following is a general term for malicious software that pretends to be harmless so that a user willingly allows it to be downloaded onto the computer?

Spware
Virus
Trojan Horse
Botnets

C. Trojan Horse

4.What is another name for Internet Layer?

TCP layer
Interwebs
IP layer
SSL layer

C. IP layer

5.Which of the following is the collective name for Trojan horses, spyware, and worms?

Spware
Botnets
Virus
Malware

D. Malware

6.When cookies are used as session identifiers, how are they then used as a potential security hazard?

They emulate user's by downloading all the victims information onto a virtual machine.
User's cookies are altered to a virus-like state.
They emulate user's by stealing their personal identity.
Attackers emulate users by stealing their cookies.

D. Attackers emulate users by stealing their cookies.

7.Which of the following is a valid flaw of SSL 2.0 ?

It does not have any protection for the handshake
Identical cryptographic keys are used for message authentication and encryption
It has a weak MAC construction that uses the MD5 hash function with a secret prefix
All of the given options are correct

D. All of the given options are correct

8.Which of the following is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI)?

X.507
X.519
X.508
X.509

D. X.509

9.Trojan Horse programs operate with what intent?

To slowly but surely infect and become your operating system until the system crashes.
To openly exploit a systems weaknesses until the user discovers it.
To masquerade as non-malicious software while exploiting a system's weaknesses.
To do a series of brute force attacks within the system itself and a series of external attacks from other servers

C. To masquerade as non-malicious software while exploiting a system's weaknesses.

10.Why is a virtual machine considered a sandboxing method?

Virtual machines all have firewalls, virus scanners, and proxy connetions.
Virtual machines all have sandbox features installed on them.
Virtual machines take the brunt of the attack, so the user is always safe.
All host resources are channeled through the emulator.

D. All host resources are channeled through the emulator.

1.When is encrypted data the safest?

When it is being transferred via usb stick.
When it is in transit.
When it is being written. When it is at rest.
When it is being written.

C. When it is being written. When it is at rest.

2.Which of the following keys are used to generate random numbers?

Symmetric random number generation keys
Symmetric and asymmetric random number generation keys
Public signature verification key
Asymmetric random number generation keys

B. Symmetric and asymmetric random number generation keys

3.Which of the following is true about Public Key Encryption?

Anyone can encrypt with the public key and anyone can decrypt with the private key
Anyone can encrypt with the public key, only one person can decrypt with the private key
Anyone can encrypt with the private key, only one person can decrypt with the public key
Only one person can encrypt with the public key and anyone can decrypt with the private key

B. Anyone can encrypt with the public key, only one person can decrypt with the private key

4.If you set up a BUS network, what is the major disadvantage?

It is entirely wireless and open to wifi-based attacks.
It is daisy-chained together with several cables
It is linked with a single cable which can be a major vulnerability.
It is connected in a star pattern and can be disabled by disrupting one data center.

C. It is linked with a single cable which can be a major vulnerability.

5.What does the acronym BEAST mean in Beast Attack?

Breaking and Entering Against SSL/TLS
Browser Extension And SSL/TLS
Browser Exploit Against SSL/TLS
Breach Entering Against SSL/TLS

C. Browser Exploit Against SSL/TLS

6.TCP is used for what three main functions?

Connect to the Web, deliver email, and transfer files.
Connect to the Web, compress data, encrypt mail.
Connect to the web, conceal data, transfer files.
Connect to the Web, encrypt data, transmit information.

A. Connect to the Web, deliver email, and transfer files.

7.Secure cookies have which feature?

They are not encrypted, just sent via secure server.
They are encrypted.
Secure cookies are passed along via encrypted programs.
Cookies are always traded between trusted users.

B. They are encrypted.

8.How are port numbers categorized?

Static, dynamic, enigmatic
Known, well-known, unknown
Well-known, registered, and static/dynamic.
Unknown, unregistered, invalid

C. Well-known, registered, and static/dynamic.

9.Which of the following type of attack can actively modify communications or data?

Both Active and Passive attack
Neither Active nor Passive attack
Active attack
Passive attack

C. Active attack

10.What is the top method an attacker might infect a target?

Social engineering, or psychological manipulation.
SQL injection.
Buffer overflow.
Hacking via the Internet.

A. Social engineering, or psychological manipulation.

1.Secure Sockets Layer is a predecessor of which cryptographic protocol?

IPSec
Transport Layer Security
SSL 3.0
HTTPS

B. Transport Layer Security

2.An SQL injection is often used to attack what?

Small scale machines such as diebold ATMs
Large-scale sequel databases such as those containing credit card information.
Servers running SQL databases similar to Hadoop or Hive.
Servers built on NoSQL

B. Large-scale sequel databases such as those containing credit card information.

3.Which version of TLS is vulnerable to BEAST exploit?

TLS 1.1
TLS 3.0
TLS 0.5
TLS 2.0
TLS 1.0

E. TLS 1.0

4.According to OWASP what is the most dangerous web vulnerability?

Injections (SQL, LDAP, etc)
Cross-site-scripting (XSS)
Security Misconfiguration
Cross-Site Request Forgery (CSRF)
Sensitive Data Exposure

A. Injections (SQL, LDAP, etc)

5.Sandboxing does what to computer programs?

Sandboxing protects your system by trapping all the viruses.
It separates and isolates them.
Sandboxing doesn't protect your system.
Sandboxes protect your programs by isolating all the other programs except the one you are using at the time.

B. It separates and isolates them.

6.What is largely considered the most advanced computer virus?

Conficker Virus
Zeus
Stuxnet.
agent.biz

C. Stuxnet.

7.What is necessary for a cross-site script attack with cookies to be thwarted?

CAPTCHAs
Virtual machines
Proxies
Firewalls

A. CAPTCHAs

8.What are the two primary classifications of cross-site scripting?

DOM-based and persistent
traditional and DOM-based
traditional and non-persistent
non-persistent and persistent.

D. non-persistent and persistent.

9.Which of the following is a VALID authorization key?

Public authorization key
Public ephemeral key authorization key
Asymmetric authorization keys
Symmetric authorization keys

A. Public authorization key

10.Which of the following is a VALID digital signature key?

Public signature authentication key
Private signature authentication key
Symmetric signature authentication key
Private signature key

D. Private signature key

1.How can cookies be used to mitigate cross-site scripting?

Cookies can be coded like a program to intercept script attacks.
Cookies store an exact mirror copy of all a users web activity.
Cookies allow for cookie-based user authentication.
They can't. Cookies only store user information.

C. Cookies allow for cookie-based user authentication.

2.Which of the following uses asymmetric cryptography ?

VoIP
SSL
Both VoIP and SSL
None of these

C. Both VoIP and SSL

3.Which of the following is not a VALID type of firewall?

Application-level gateways
Circuit-level gateways
Proxy Server Gateways
Packet filters

C. Proxy Server Gateways

4.What is the less secure AES encryption mode?

E. CBC

5.What is a method to fend off a Sockstress attack?

Do nothing. It will pass on its own.
Prepare a retaliatory DDOS attack
Black-listing access to TCP services on critical systems
White-listing access to TCP services on critical systems.

D. White-listing access to TCP services on critical systems.

6.Which of the following HTTP method is considered insecure ?

POST
DELETE
TRACE
GET

C. TRACE

7.Which of the following represents a cryptographic key that is generated for each execution of a key establishment process ?

Private key transport key
Public signature verification key
Private ephemeral key agreement key
Public authentication key

C. Private ephemeral key agreement key

8.What does the Linux kernal use to sandbox running programs?

Linux doesn't sandbox because it is impervious to any and all cyber attacks
Linux uses a layered system of user authentication to perform sandbox-like functions.
seccomp, or Secure Computing Mode
Linux drives are fully encrypted, thus they don't need sandboxing.

C. seccomp, or Secure Computing Mode

9.Which of the following keys are the private keys of asymmetric (public) key pairs that are used only once to establish one or more keys ?

Public ephemeral key agreement key
Asymmetric random number generation keys
Symmetric random number generation keys
Private ephemeral key agreement key

D. Private ephemeral key agreement key

10.What does a cryptographic key do within the Internet Layer?

It specifies how encrypted data is transferred and to whom.
It specifies how transferred information is converted into cyphertext.
It converts it into encrypted language.
It is the specialized dataset that is able to decrypt cyphertext.

B. It specifies how transferred information is converted into cyphertext.

1.What is the difference between a worm and virus?

A worm does not replicate itself like a virus does, but rather moves from computer to computer
A virus infects files, while a worm eats them
A worm is a virus created for a very specific purpose
Unlike a virus, a worm does not need to attach itself to a program to spread.

D. Unlike a virus, a worm does not need to attach itself to a program to spread.

2.Which of the following represents a cryptographic key that is intended to be used for a long period of time?

Private key transport key
Public authentication key
Public signature verification key
Private static key agreement key

D. Private static key agreement key

3.Which of the following is a VALID ephemeral key?

Asymmetric ephemeral random number generation keys
Public ephemeral verification key
Symmetric ephemeral random number generation keys
Public ephemeral key agreement key

D. Public ephemeral key agreement key

4.Which of the following enables secure and private data exchange/transfer on an unsecure public network ?

Public Key Infrastructure
Virtual Key Infrastructure
Private Key Infrastructure
All of the given options are correct

A. Public Key Infrastructure

5.Which of the following keys are used to encrypt other keys using symmetric key algorithms ?

Symmetric random number generation keys
Asymmetric random number generation keys
Symmetric key wrapping key
Public signature verification key

C. Symmetric key wrapping key

6.Which of the following keys are used to encrypt other keys using symmetric key algorithms ?

Symmetric random number generation keys
Asymmetric random number generation keys
Symmetric key wrapping key
Public signature verification key

C. Symmetric key wrapping key

7.Which of the following is a standalone computer program that pretends to be a well-known program in order to steal confidential data ?

Virus
Spyware
Fraudtool
Malware

C. Fraudtool

8.In the sublayer of which of the following does TLS and SSL performs the data encryption of network connections?

presentation layer
Both session and presentation layer
session layer
application layer

D. application layer

9.Which of the following are the public keys of asymmetric (public) key pairs that are used to encrypt keys using a public key algorithm?

Public signature verification key
Private signature key
Public key transport key
Private key transport key

C. Public key transport key

10.Which of the following are the public keys of asymmetric key pairs that are used to encrypt keys using a public key algorithm ?

Private signature key
Private key transport key
Public signature verification key
Public authentication key

B. Private key transport key

1.Which of the following actions can be taken while filtering SMTP spam traffic?

Delete the spam mail
Redirect it to the spam mail box
Return it to the sender.
Tag the spam mail

1, 2, 3
1,2
1,2,4
3

C. 1,2,4

2.Which of the following files are mostly infected?

.DOT
.EXE
.COM
.TXT

1,2,3
3,4
2,3
4

A. 1,2,3

3.What is the function of MTA(Mail Transfer Agent)?

It helps in reading the emails
It receives and delivers the messages
It resolves the names
It detects emails carrying virus

B. It receives and delivers the messages

4.What is DHA?

Directory Harvest Attack
DNS Harvest Attack
Direct Harvest Attack
Dictionary Harvest Attack

A. Directory Harvest Attack

5.How many keys are required if two parties communicate using Symmetric Cryptography?

One
Two
Three
Four

A. One

6.What is S/MIME?

Secure Multipurpose Intranet Mail Extensions
Secure Multipurpose Internet Mail Extensions
Secure Multipurpose Internet Message Extensions
Secure Multipurpose Intranet Message Extensions

B. Secure Multipurpose Internet Mail Extensions

7.Which of the following anti-spam measures are taken to reduce spam?

Legislative measures
Organizational measures
Behavioral measures
Technological measures.
All of the above

E. All of the above

8.Which of the following are famous worm attacks?

MyDoom Worm
Bagle Worm
Netsky Worm
Sasser Worm
All of the above

E. All of the above

9.Which of the following techniques are used by spammers to find valid/existent email addresses?

SMTP spoofing
SMTP poisioning
DNS poisioning
Directory Harvest Attack

D. Directory Harvest Attack

10.Daniel has deployed an antispam solution in his network. Positive detection of non-spam SMTP is called:

Negative detection
False positive detection
False negative detection
Untrue detection

B. False positive detection

1.Which of the following techniques helps in cases of address forgery?

SMTP extensions
Cryptographic authentication
Path authentication
Hybrid authentication

C. Path authentication

2.Which of the following types of virus lives in the boot sector?

Sector virus
Parasitic virus
boot sector virus
Bootable virus

C. boot sector virus

3.Which of the following is the Symmetric Algorithm used in cryptography?

MD4
El Gamal
IDEA
RSA

B. El Gamal

4.Suppose you got a mail from someone saying that you have won a $1 billion and asking you to give him/her $4000 to claim your prize. Under which category does this type of spam mail lie?

Phishing and Fraud
Spoofing mails
Hoaxes
Chain mails

A. Phishing and Fraud

5.What is botnet?

A software that runs automatically and autonomously.
A software used for antispam
A software used to manage MTA
A software used to manage MDA

A. A software that runs automatically and autonomously.

6.Which of the following goals cannot be achieved with the help of Symmetric Cryptography?

Nonrepudiation
Confidentiality
Integrity
Availability.

D. Availability.

7.To which of the following components does the MUA(Mail User Agent) forward the mail while sending it to another host in the e-mail flow?

Mail User Agent
Firewall
Router
Mail Transfer Agent

D. Mail Transfer Agent

8.What is the maximum key length of AES?

56
156
Variable
256

D. 256

9.Which of the following are disadvantages of the Symmetric Key Cryptography?

Nonrepudiation
Scalability
Key distribution
Security.

C. Key distribution

10.What are the Measures to be Adopt for Best Virus Protection?

Use of Antivirus.
Use of Firewall.
Keeping Software updated.
Download only trusted programs.
Avoid pirated software.
Be cautious about Phishing and Social Engineering.
Be wise with Passwords.
All Of the Above

F. All Of the Above

1.Which of the following are the ways through which virus spreads?

Floppy Disk
CD
Email attachments
Network connection
All of the above

E. All of the above

2.Which of the following are categories of spam mails?

Phishing and Fraud
Spoofing mails
Hoaxes
Chain mails
All of the above

E. All of the above

3.Daniel has deployed an antispam solution in his network. If a spam SMTP is accepted, it is called:

Negative detection
False positive
False negative
Untrue detection

C. False negative

4.Which of the following are preventive antivirus measures?

Do not open attachments from suspicious sources.
Delete chain and junk mails.
Exercise caution while downloading from the internet
Backup your files.
All of the above

E. All of the above

5.Which of the following ports is used by IMAP?

B. 143

6.What are zombies?

Antispam solutions.
Remotely controlled hosts.
Antivirus solutions
Hackers

B. Remotely controlled hosts.

7.How many keys are required if two parties communicate using Asymmetric Cryptography?

One
Two
Three
Four

B. Two

8.Which of the following programs establishes modem connection with pay-per-visit resources?

Trojans
Automatic dialers
Worms
Antivirus

B. Automatic dialers

9.Suppose you got a mail from the HSBC bank asking you to give your online bank account details. Under which of the spam mail categories does this mail?

Phishing and fraud.
Chain Mails.
Hoaxes
Brand spoofing.

A. Phishing and fraud.

10.What is Phishing?

Fraudulently acquiring sensitive information.
An encryption technique
An anti-spam technique
A password building technique

A. Fraudulently acquiring sensitive information.

1.Which of the following are direct harms caused by spam?

Loss of productivity
Increased staff costs
Increased infrastructure costs
Increased downloading costs
All of the above

E. All of the above

2.Which of the following is the Hashing Algorithm?

AES
3-DES
DES
MD5

D. MD5

3.Which key is used to decrypt the message in PKI?

Public Key.
Private Key.
Pre-shared Secret Key.
Hybrid Key.

B. Private Key.

4.What is Joe Job?

A virus
An antivirus
A spam attack
An antispam

C. A spam attack

5.Which of the following are Email Security Protocols?

S/MIME
PEM
STE
PME

A. S/MIME

6.Which of the following symmetric algorithms have variable key length?

AES
Triple DES
IDEA
Rivest Cipher 4

D. Rivest Cipher 4

7.What is Mail Exchanger(MX) Record?

Router route.
Record in router.
Record in DNS specifying the internet email route.
Record in DHCP specifying the email route

C. Record in DNS specifying the internet email route.

8.Which of the following measures should be taken to tackle spam mails?

Blocking and accepting on the basis of MTA IP address
Limiting the number of outgoing e-mails per account
Authentication mechanisms
Spam filtering.
All of the above

E. All of the above

9.Which of the following are different categories of viruses?

Parasitic
Bootstrap sector
Companion
All of the above

D. All of the above

10.What is the function of the Reverse DNS Look up Technique in identifying spam mails?

To check the sender's email server attempting for spoofing
To check the receiver's email server attempting for spoofing
To check the DNS server validity
None of these

C. To check the DNS server validity

1.What is IMAP?

Internet Messaging Application
Interanet Messaging Application
Interanet Message Access Protocol
Internet Message Access Protocol

D. Internet Message Access Protocol

2.Which of the following are threats to Email Security?

Viruses
Trojans
Spams
Phishing
All of the above

E. All of the above

3.Which of the following symmetric encryption algorithms is/are supported by S/MIME?

RSA
DES
3DES
SHA-1

A. RSA

4.Which of the following are the disadvantages of verification?

More complications
Increased internet traffic
Problems in sending valid bulk mails
Insecurity against social engineering.
All of the above

E. All of the above

5.How many antivirus programs should be installed on a single system?

A. 1

6.Which of the following are indirect harms caused by spam?

Malicious payload
Fraud
Loss of reputation
Increased communication costs
All of the above

C. Loss of reputation

7.Which of the following are the benefits reaped from spam by those associated with antispam measures?

Antispam software sales
Antivirus software sales
Increased revenue from advertising
Bandwidth sales
All of the above

A. Antispam software sales

8.What does "RBL" stands for in Email Security?

Realtime Blacking List
Realtime Blocking List
Realtime Blockhole List
Realtime Blackhole List

D. Realtime Blackhole List

9.Dave is fetching mails from a server lying at a remote location. Which protocol is he using to fetch the mails?

SMTP
HTTP
SSL
S/MIME
POP3

E. POP3

10.Which of the following programs is used by a user to send and receive emails?

Mail Transfer Agent
Mail Delivery Agent
Mail User Agent
Mail Reading Agent

C. Mail User Agent

1.Which of the following are different types of spam filtering methods?

Blacklisting
Rule based filtering
Signature based filtering
Bayesian filtering
All of the above

E. All of the above

2.Which of the following is used in a Directory Harvest Attack?

Worms
Brute Force
Trojans
Viruses

B. Brute Force

3.Which of the following resembles the Joe Job attack?

A virus outbreak on the mail server
Finding valid/existent email addresses
Crashing of the mail server
A spam attack that uses spoofed sender data and tarnishes the apparent sender's reputation

D. A spam attack that uses spoofed sender data and tarnishes the apparent sender's reputation

4.Which of the following is an asymmetric algorithm?

MD5
El Gamal
IDEA
SHA-1

B. El Gamal

5.Which of the following is used to entangle spammers?

MDA
Spam mails
Trojans
Honey pots

D. Honey pots

6.Which of the following protocols is used on the sender side when an electronic mail is sent from one host to another?

SMTP
POP3
HTTP
TLS
SSL

A. SMTP

7.Which of the following techniques are used to identify spam mails?

Blacklists/Whitelists
Integrity Check
Heuristics
Content Filtering
Reverse DNS lookup
All of the above

F. All of the above

8.Which of the following actions can be taken while filtering POP3 spam traffic?

Delete the spam mail
Redirect it to the spam mail box
Return it to the sender.
Tag the spam mail

B. Redirect it to the spam mail box

9.Which of the following is used to control zombies?

Viruses
Worms
Trojan horses
Spam mails

C. Trojan horses

10.Which of the following are malicious code attacks?

Brute force
Trojan horses
DDoS
Viruses
Malware

E. Malware

1.Where might a spammer get your personal information from?

Facebook
MySpace
LinkedIn
All of these

D. All of these

2.Which of the following spam filtering techniques has the highest potential for generating false positives?

Community Filtering
Bayesian Filtering
Challenge-Response Filtering
Keyword Filtering

D. Keyword Filtering

3.Why shouldn't a user click unsubscribe links from spam messages?

clicking the link will prevent
unsubscribing makes finding the sender difficult
the click may validate the email address
None of the above

C. the click may validate the email address

4.What is an example of a Phishing scam?

An application that looks useful, but actually Contains spyware to slow down your computer
An email that appears to be legitimate, but is really being used to obtain personal or important information
Hacking into a computer and leaving false trails on who did it
Installing a virus and then asking you to pay to remove it

B. An email that appears to be legitimate, but is really being used to obtain personal or important information

5.Malware is short for

Malicious Software
Malicious Systems
Maliant Software
Maliant Systems

A. Malicious Software

6.What is a good method for a website owner to confirm a user is not using an account for a spamming purposes?

Users must associate a phone to their account and confirm a number sent to them via text
Requiring users provide valid personal information during sign up
Users that register must click on a confirmation link to the email they specify in their profile
All of these

D. All of these

7.A virus is a program that attaches itself to (or replaces the contents of) which of the following file types?

Text files
Executables
Header files
Source files

B. Executables

8.In order for antivirus programs to be most effective, it is necessary to keep which of the following up to date?

Web browsers
File hashes
Antivirus encryption keys
Virus definition files

D. Virus definition files

9.Which of the following is not a well known anti-virus program?

AVAST
SMAG
AVG
McAFee

B. SMAG

10.What is a captcha?

A spam email that attempts to "capture" information and then use that information to cause damage; the second phase is often referred to as the "gotcha" phase.
An SPAM email written in all caps
It is a tool websites often use to prevent automated spammer bots from posting or registering on a website by forcing the user to do a task, often entering in letters or numbers based on a picture or audio, which verifies that they are human.
A group of characters in hidden in an email that often includes code used in malware

C. It is a tool websites often use to prevent automated spammer bots from posting or registering on a website by forcing the user to do a task, often entering in letters or numbers based on a picture or audio, which verifies that they are human.

1.What are types of malware?

Viruses
Spyware
Worms
All of these

D. All of these

2.What could be a good indicator of a Spam email?

Something that sounds too good to be true
An email that contains plenty of grammar mistakes
An email sent to a bunch of random people
All of these

D. All of these

3.In order to infect a system, clicking an email attachment must cause which of the following conditions to occur?

the attachment is saved to the disk
the attachment is decompressed
the attachment opens in a preview editor
the attachment executes

D. the attachment executes

4.If you cannot delete malware infected file, what is good method to try first?

Reformat then attempt to delete the file
Run Windows Repair
Run Windows Restore
Boot in Windows safe mode and attempt to delete the file

D. Boot in Windows safe mode and attempt to delete the file

5.Which of these is an example of a possible victim in a phishing attack?

The website that was hacked
The person who had their identity stolen
The bank of the victim
All of these

D. All of these

6.What is a keylogger?

Software that that records keys you set when encrypting files
Software that records keystrokes made on a keyboard
Software used to log all attempts to access a certain file
Software that steals passwords or "keys" that you have saved on your computer

B. Software that records keystrokes made on a keyboard

7.A virus can spread to another computer by

Sharing an infected file with another computer
Through touch
Pinging other computers from the infected computer
Being on the same network as that computer

A. Sharing an infected file with another computer

8.Automated spamming tools subscribe to mail lists in order to complete which of the following tasks?

collect email addresses
deny service to mail list recipients
introduce security holes into the list
None of these

A. collect email addresses

9.What is a computer virus?

Software that steals files from your computer and is used by blackmailers
Spyware that slows down a computer by sending statistics to an unknown source
A type of malware that replicates itself and spreads to other files and/or computers.
A software that hijacks your computer and asks you to pay in order for it to be removed

C. A type of malware that replicates itself and spreads to other files and/or computers.

10.Which of these techniques would be effective in helping to prevent phishing attacks by scammers?

Use IFRAME's
Allow XSS
Scan for and fix XSS issues
Use Pop-ups

C. Scan for and fix XSS issues

1.What run command can you use to check what programs load on startup?

cmd
ipconfig
msconfig
startup

C. msconfig

2.A client asks you to fix his computer because it has ransomware on it. He says he sees a message as soon as he loads windows, and cannot do anything else. What is the best way to fix this computer without losing any of his data?

Reinstall Windows
Reformat the computer
Boot from a USB drive and run a program to remove the malware
Use Windows Restore

C. Boot from a USB drive and run a program to remove the malware

3.What is a botnet?

Software that automates networks
A program that sends emails repeatedly infecting other computers who open it
A collection of malware stored in a network
A collection of computers working together to perform a single task. These computers are often penetrated by software containing malware.

D. A collection of computers working together to perform a single task. These computers are often penetrated by software containing malware.

4.What is rogue security software?

Security software that has been compromised to not pick up certain threats
Security software that is no longer being used for the purpose that was intended due to an exploit or hacker.
A fraudulent security program that appears to be helpful, but is actually not. It may deceive or mislead users into paying money to remove fake viruses or introduce malware after it is installed
Security software that considers data files or programs as viruses, when they are not.

C. A fraudulent security program that appears to be helpful, but is actually not. It may deceive or mislead users into paying money to remove fake viruses or introduce malware after it is installed

5.What is an example of a "419" Scam

Someone who uses social engineering to gain access to your computer or personal information
Someone who sends you an email in hopes you open an attachment which contains a virus
When you download a program that appears harmless, but it actually installs spyware on your computer
A con in which someone asks you for assistance in retrieving a vast sum of money. Often it involves you helping him or her pay off certain fees and in return they promise to share the money with you

D. A con in which someone asks you for assistance in retrieving a vast sum of money. Often it involves you helping him or her pay off certain fees and in return they promise to share the money with you

6.What is the main difference between spyware and other malware?

There is no difference
Spyware that slows down a computer by sending statistics to an unknown source, while malware only includes threats from inside your own computer
Malware monitors data usage, while spyware infects your computer with viruses
Spyware tends to steal or monitor data and/or personal information while malware encompasses all software that may been made with malicious intent in mind.

D. Spyware tends to steal or monitor data and/or personal information while malware encompasses all software that may been made with malicious intent in mind.

7.What is a backdoor?

A vulnerability in software that allows someone to bypass the normal authentication process
It is a known bug or exploit hackers use to cause software to behave in a way that was not intended by the manufacturer
It is where viruses store their source code and begin to replicate
It is a way for spyware to leave a system without any trace of it being there

A. A vulnerability in software that allows someone to bypass the normal authentication process

8.Which of the following sites provide services for users to setup disposable emails?

jetable.org
gmail.com
yahoo.com
hotmail.com

A. jetable.org

9.Virus infection via email attachments can be minimized using which of the following?

Opening attachments from external hard drives
Copying attachments to special directories before opening them
Right clicking attachments
Deleting mail containing attachments from unknown senders

D. Deleting mail containing attachments from unknown senders

10.In order to help prevent spam, a tarpit performs which of the following functions?

traps suspected spam messages
routes suspected spam to special enclaves in the system
acts as a desirable mail server in order to lure spammers
delivers suspected spam messages more slowly

D. delivers suspected spam messages more slowly

1.Why are disposable email addresses useful?

It is useful for someone who needs to give out their email or sign up to a website, but wants to protect their real email address from SPAM.
It is useful for spammers to create false email addresses that does not exist in order to spoof the from email in their spam messsages.
It is useful for spammers who want to send out a one time mass email, but never use that same email address again
It is useful for people who do not want their emails to be read

A. It is useful for someone who needs to give out their email or sign up to a website, but wants to protect their real email address from SPAM.

2.What is ransomware?

A nickname for types of spyware that require a password on boot
Software that steals files from your computer and is used by blackmailers
A software that hijacks your computer and asks you to pay in order for it to be removed
Viruses that infect files and won't let you open them unless you know a certain pass code

C. A software that hijacks your computer and asks you to pay in order for it to be removed

3.What is disposable email addressing?

A practice in which a spammer sends out mass emails from a single email account, but never logs into that account again.
Email addresses that are not rea, but they appear on the from section of an email. They are often used to help protect spammer's from being traced.
Someone who creates an email for the sole purpose of sending out spam
A practice in which you set a unique email address for sender/recipient communication. Disposable email addresses typically forward to one or more real email mailboxes where the owner can receive and read messages without revealing their true email.

D. A practice in which you set a unique email address for sender/recipient communication. Disposable email addresses typically forward to one or more real email mailboxes where the owner can receive and read messages without revealing their true email.

4.When a spammer forges the sender's address and enters an invalid receiver, which of the following settings will cause the receiving mail server to create backscatter?

Reject messages
Drop messages
Bounce messages
None of these

C. Bounce messages

5.In order to help prevent spam, a honeypot performs which of the following functions?

acts as a desirable mail server in order to lure spammers
delivers suspected spam messages more slowly
traps suspected spam messages
routes suspected spam to special enclaves in the system

A. acts as a desirable mail server in order to lure spammers

6.What is an example of a captcha?

An interactive program which have instructions that read: "Move the triangle into the circle"
1 + 1 = ?
What are the characters in this picture?
All of these

D. All of these

7.You have been told by several of your friends you have recently sent SPAM emails to them, what could be the cause of this and what should you do?

A spammer may have infiltrated your email provider's host and compromised your account. You should notify your email provider.
A spammer or bot may have gained access to your email account and sent out SPAM to all of your contacts. You should change your password immediately.
A spammer has gained access to your email. Unfortunately, the only thing you can do to prevent further SPAM is to close your account and create a new email address.
A spammer is spoofing your email address. You should tell your friends to block the email address.

B. A spammer or bot may have gained access to your email account and sent out SPAM to all of your contacts. You should change your password immediately.

8.Which is not an example of an anti-spyware tool?

Ad-Aware
Windows Defender
Spybot
Kazaa

D. Kazaa

9.Which of the following spam filtering issues stops valid messages from being delivered?

false positives
false negatives

A. false positives

10.Which is most likely something that could be considered strange account activity and may require further scrutiny on an e-commerce site?

A user logs in from another computer than the last login
A user changes their email
Orders from several user accounts are being sent to the same physical address
A user changes their more than once password

C. Orders from several user accounts are being sent to the same physical address

1.Which of the following techniques requires posting an email address where only spammers would find it?

Tarpits
Spam Traps
Blacklists
None of these

B. Spam Traps

2.Antivirus programs hash files on a computer in order to detect which of the following activities?

File size changes
File permissions changes
File content changes
All of these

C. File content changes

3.Performing outbound spam filtering does which of the following for an organization?

helps prevent whitelisting
helps prevent blacklisting
helps prevent spam trapping
All of these

B. helps prevent blacklisting

4.What is CryptoLocker?

A module of the Windows BitLocker encryption system.
A type of encrypted Linux file system.
A type of ransomware which encrypts user files and demands payment for the decryption key.
A malware class which is known for encrypting itself to avoid detection.

C. A type of ransomware which encrypts user files and demands payment for the decryption key.

5.Which type of analysis is an antivirus program performing when it observes a file's activities in a sandbox or decompiles a file and analyzes its instructions?

Performance Analysis
Heuristic Analysis
Signature Analysis
All of these

B. Heuristic Analysis

6.Which of the following tools would NOT be useful in figuring out what spyware or viruses could be installed on a client's computer?

WireShark
Malware Bytes
HighjackThis
HitmanPro

A. WireShark

7.How can delivering mail as text instead of html help prevent spam?

text mail prevents web bugs from alerting spammer that the message was opened
mail servers won't accept html messages if they are in text mode
text is easier to analyze for spammer information
All of these

A. text mail prevents web bugs from alerting spammer that the message was opened

8.What is email spoofing?

Copying or forwarding emails and then editing their To and From to make it appear that the email was originally sent to or from someone else
When someone forges or makes it appear that a email being sent is from a particular sender when it really is being sent by someone else.
When someone sends an email that appears to look like a legitimate, but it is actually not and is being used to obtain personal or important information.
Sending an email through multiple accounts in order to make it difficult to trace back the original email's sender address or origin

B. When someone forges or makes it appear that a email being sent is from a particular sender when it really is being sent by someone else.

9.Which of the following reduces spam by rejecting mail from a specific ip addresses?

URL Blacklisting
DNS Blacklisting
IMAP Blacklisting
POP3 Blacklisting

B. DNS Blacklisting

10.Antivirus signatures are constructed using with of the following?

Encryption Algorithms
Random Number Generators
Hashes
Cyclic Redundancy Checks

C. Hashes

1.How can you help stop spam?

Block certain email addresses known for sending spam
Setup email filters based on keywords known to be in spam
Unsubscribe from listservs
All of these

D. All of these

2.Which of the following characteristics classify a mail message as spam?

it is solicited and indiscriminately addressed
it is unsolicited and indiscriminately addressed
it is solicited and contains advertising
it is unsolicited and contains advertising

B. it is unsolicited and indiscriminately addressed

3.Which of the following is true of macro viruses?

They depend on the operating system to propagate
They are larger than traditional viruses
They depend on applications to propagate
They are written in low-level languages to avoid detection

C. They depend on applications to propagate

4.Which of the following can prevent virus infections?

Implementing a firewall
Implementing an intrusion detection system
Patching programs and the operating system
All of these

C. Patching programs and the operating system

5.In a compromised system, which of the following provides the safest way to analyze it?

Live CD/DVD
Resident Antivirus Program
Live USB
All of these

A. Live CD/DVD

6.Is commercial SPAM legal in the United States?

Yes because it is protected under the first amendment
Yes, but only if it is an advertisement for a real product.
Yes, but only if it follows the standards listed in the CAN-SPAM Act of 2003
No

C. Yes, but only if it follows the standards listed in the CAN-SPAM Act of 2003

7.Which of the following differentiates a virus from a worm?

a worm requires user interaction to infect a machine
a worm can infect multiple machines
a virus requires user interaction to infect a machine
a virus can only infect a single machine

C. a virus requires user interaction to infect a machine

8.Which of the following spam filtering techniques statistically analyzes mail?

Keyword Filtering
Challenge-Response Filtering
Community Filtering
Bayesian Filtering

D. Bayesian Filtering

9.Firewalls help to prevent which of the following malware from propagating?

Encrypted viruses
Worms
Polymorphic viruses
Trojan viruses

B. Worms

10.On a WordPress site, which is the default service/tool to prevent spammers from posting comments?

Website Inspector
Akismet
MailWasher Pro
SpamAssassin

B. Akismet

Cyber Security Solved MCQs

Post a Comment

Post a Comment

Contact Form