Which attack involves injecting malicious code into a website to steal user data?XSS (Cross-Site Scripting)PhishingBrute ForceSniffingA) XSS (Cross-Site Scripting)XSS attacks insert malicious scripts into web pages viewed by other users.
What is the main purpose of a VPN?Increase device speedProvide secure and private internet connectionDelete virusesStore dataB) Provide secure and private internet connectionA VPN encrypts internet traffic and hides user identity for secure browsing.
Which concept ensures only authorized users can access specific data or systems?AvailabilityConfidentialityAccessibilityRedundancyB) ConfidentialityConfidentiality protects sensitive information from unauthorized access.
Which attack involves tricking a system into accepting false data as legitimate?SpoofingSniffingPhishingHashingA) SpoofingSpoofing disguises data or identity to gain unauthorized access.
Which type of authentication uses something the user physically possesses?Password-basedBiometricToken-basedKnowledge-basedC) Token-basedToken-based authentication uses items like smart cards or security tokens for verification.
Which security measure helps detect unauthorized access attempts in real-time?AntivirusIntrusion Detection System (IDS)Backup systemFile compressionB) Intrusion Detection System (IDS)IDS monitors systems and networks to detect suspicious or malicious activities.
Which attack involves sending deceptive messages to manipulate individuals into revealing information?PhishingSniffingHashingEncryptionA) PhishingPhishing uses fake messages to trick users into sharing sensitive data.
Which tool is used to analyze network traffic and detect suspicious activity?WiresharkMS ExcelNotepadPaintA) WiresharkWireshark captures and analyzes network packets for security monitoring.
Which concept ensures that data remains unchanged during transmission?AvailabilityConfidentialityIntegrityScalabilityC) IntegrityIntegrity ensures that data is not altered or tampered with during transfer.
Which attack involves altering communication between two parties without their knowledge?PhishingMan-in-the-Middle AttackBrute ForceSniffingB) Man-in-the-Middle AttackThis attack intercepts and possibly alters communication between two parties secretly.
What is the purpose of authentication in cybersecurity?Encrypt dataVerify user identitySpeed up systemsStore filesB) Verify user identityAuthentication ensures that only authorized users can access a system.
Which term refers to software designed to damage or disrupt systems?FirmwareMalwareSharewareFreewareB) MalwareMalware includes viruses, worms, and other harmful software designed to exploit systems.
Which technique is used to test passwords by trying all possible combinations automatically?PhishingBrute Force AttackSpoofingSniffingB) Brute Force AttackBrute force attacks use automated tools to guess passwords by trying all possible combinations.
What is the main function of encryption in cybersecurity?Increase processing speedConvert data into unreadable formDelete unnecessary filesStore data permanentlyB) Convert data into unreadable formEncryption protects data by converting it into a secure format that only authorized users can read.
Which type of software is designed to detect and prevent unauthorized access to a network?Text editorFirewallMedia playerCompilerB) FirewallA firewall monitors and controls network traffic to prevent unauthorized access.
Which type of cyberattack involves flooding a network with fake requests from multiple sources?PhishingSQL InjectionDDoS AttackKeyloggingC) DDoS AttackA Distributed Denial-of-Service attack overwhelms systems with traffic from many sources.
What is the main purpose of vulnerability assessment?Delete system filesIdentify security weaknessesIncrease storageImprove graphicsB) Identify security weaknessesVulnerability assessment scans systems to find potential security flaws.
Which term refers to a secret code used to unlock encrypted data?HashKeyTokenPatchB) KeyA key is used in cryptography to encrypt and decrypt data securely.
Which attack involves sending excessive login attempts to gain unauthorized access?PhishingBrute Force AttackSniffingSpoofingB) Brute Force AttackA brute force attack tries many password combinations until the correct one is found.
What is the function of a network firewall in cybersecurity?Store user dataMonitor and filter network trafficIncrease bandwidthDesign applicationsB) Monitor and filter network trafficA firewall protects systems by allowing or blocking traffic based on security rules.
Which security method uses a physical characteristic like fingerprints for access?Password authenticationBiometric authenticationToken authenticationTwo-step verificationB) Biometric authenticationBiometric authentication uses unique physical traits such as fingerprints or facial recognition for identity verification.
Which type of attack tricks users into clicking malicious links through fake messages?SniffingPhishingHashingEncryptionB) PhishingPhishing uses fake emails or messages to deceive users into revealing sensitive information.
What is the purpose of a firewall rule?Increase file sizeControl network traffic based on conditionsDelete user accountsSpeed up CPUB) Control network traffic based on conditionsFirewall rules define which traffic is allowed or blocked based on security policies.
Which concept ensures that systems continue to function even during failures or attacks?Confidentiality) IntegrityAvailabilityEncryptionC) AvailabilityAvailability ensures that systems and data remain accessible even in adverse conditions.
Which attack involves inserting malicious code into a command or query input field?PhishingSQL InjectionSniffingSpoofingB) SQL InjectionSQL Injection allows attackers to manipulate database queries and gain unauthorized access.
What is the main role of a penetration testing report?Delete vulnerabilitiesDocument findings and recommend fixesIncrease system speedInstall antivirusB) Document findings and recommend fixesA penetration testing report outlines discovered vulnerabilities and suggests mitigation strategies.
Which protocol secures web communication using encryption?HTTPFTPHTTPSSMTPC) HTTPSHTTPS uses encryption (SSL/TLS) to secure communication between users and websites.
Which technique involves redirecting website traffic to a fake server without the user’s knowledge?PhishingPharmingSniffingHashingB) PharmingPharming redirects users to fraudulent websites to steal sensitive information.
What is the primary purpose of access control in cybersecurity?Increase internet speedRestrict unauthorized access to systemsStore data permanentlyCompress filesB) Restrict unauthorized access to systemsAccess control ensures only authorized users can access specific resources.
Which type of attack exploits human trust rather than technical vulnerabilities?SQL InjectionSocial EngineeringBrute ForceDDoSB) Social EngineeringSocial engineering manipulates people into revealing confidential information.
Which technique involves sending fraudulent emails to trick users into revealing sensitive information?SpoofingPhishingSniffingBrute forceB) PhishingPhishing attacks use deceptive emails or messages to steal login credentials or financial information.
Which cybersecurity term refers to verifying a user’s identity before granting access to a system?AuthenticationEncryptionVirtualizationCompressionA) AuthenticationAuthentication confirms the identity of a user through passwords, biometrics, or security tokens.
Which network device filters traffic based on security rules?RouterSwitchFirewall HubC) Firewall: A firewall monitors and filters incoming and outgoing network traffic to block unauthorized access.
Which cybersecurity practice involves regularly updating software to fix vulnerabilities?Patch managementData miningPacket switchingFile compressionA) Patch managementPatch management ensures systems are updated with fixes that address security vulnerabilities.
Which type of hacker may access systems without permission but does not intend to cause harm?Black Hat HackerGrey Hat HackerWhite Hat Hacker Script KiddieB) Grey Hat HackerGrey hat hackers sometimes break into systems without permission but typically do not have malicious intent.
What is the main function of an antivirus program?Design softwareDetect and remove malicious softwareIncrease internet speedStore backup filesB) Detect and remove malicious softwareAntivirus programs identify, block, and remove malware from computer systems.
Which attack involves secretly taking control of a user’s active web session?Session HijackingSQL InjectionDictionary AttackSpoofingA) Session HijackingSession hijacking occurs when an attacker takes over a valid user session to gain unauthorized access.
Which cybersecurity method hides data within other files like images or audio?EncryptionHashingSteganographyCompressionC) SteganographySteganography conceals information within other media files so that the presence of the data is hidden.
What is the main purpose of security auditing in cybersecurity?Speed up softwareEvaluate system security policies and controlsIncrease storage capacityDesign websitesB) Evaluate system security policies and controlsSecurity auditing reviews and assesses security measures to ensure systems are protected from threats.
What is the purpose of port scanning in cybersecurity?Delete system filesIdentify open ports and servicesEncrypt network trafficIncrease internet speedB) Identify open ports and servicesPort scanning helps ethical hackers discover open ports and potential vulnerabilities in a network.
Which type of malware locks a victim’s files and demands payment to restore access?SpywareRansomwareWormAdwareB) RansomwareRansomware encrypts files and demands a ransom for the decryption key.
What does the principle of “availability” mean in cybersecurity?Data must remain secretData must be accurateSystems and data must be accessible when neededData must be compressedC) Systems and data must be accessible when neededAvailability ensures that authorized users can access systems and information whenever required.
Which cybersecurity concept ensures that information is not altered without authorization?ConfidentialityIntegrityAvailabilityAuthenticationB) IntegrityIntegrity ensures that data remains accurate and unchanged unless modified by authorized users.
Which attack method tricks users into visiting a fake website that looks like a legitimate one?PharmingSniffingBrute ForceKeyloggingA) PharmingPharming redirects users from legitimate websites to fraudulent ones to steal sensitive information.
Which term refers to the process of converting encrypted data back into readable form?HashingEncodingDecryptionCompressionC) DecryptionDecryption converts encrypted data back into its original readable format using a key.
What is the main purpose of a digital signature?Speed up internetVerify the authenticity of a messageDelete malwareIncrease storage spaceB) Verify the authenticity of a messageDigital signatures confirm the sender’s identity and ensure that the message has not been altered.
Which attack occurs when an attacker repeatedly sends authentication requests to guess login credentials?Session HijackingBrute Force AttackPhishingSpoofingB) Brute Force AttackA brute force attack attempts many username and password combinations until the correct one is found.
What is the role of penetration testers in cybersecurity?Design websitesTest systems for security weaknessesIncrease network speedManage social mediaB) Test systems for security weaknessesPenetration testers simulate cyberattacks to identify vulnerabilities in systems and networks.
What is the main purpose of a honeypot in cybersecurity?Increase internet speedTrap and study hackersStore backup dataEncrypt filesB) Trap and study hackersA honeypot is a decoy system used to attract attackers and analyze their methods.
Which attack technique involves sending massive traffic from multiple computers to overwhelm a server?Brute Force AttackPhishing AttackDistributed Denial-of-Service (DDoS)SQL InjectionC) Distributed Denial-of-Service (DDoS)A DDoS attack floods a target server with traffic from multiple sources, making it unavailable.
Which tool is commonly used to crack password hashes?WiresharkJohn the RipperNmapNetcatB) John the RipperJohn the Ripper is a well-known password-cracking tool used by security professionals.
What does the term “sniffing” mean in cybersecurity?Deleting data from serversMonitoring and capturing network trafficEncrypting communicationBlocking internet accessB) Monitoring and capturing network trafficSniffing involves intercepting and analyzing data packets traveling across a network.
Which type of attack tries many password combinations using a predefined list of common passwords?Dictionary AttackSQL InjectionSpoofing AttackDoS AttackA) Dictionary Attack A dictionary attack uses a list of common words or passwords to guess login credentials.
Which security principle ensures that data is accessible only to authorized users?ConfidentialityAvailabilityScalabilityRedundancyA) ConfidentialityConfidentiality ensures that sensitive information is protected from unauthorized access.
What is the primary purpose of a password salt?Shorten passwordsStrengthen password hashingStore passwords in plain textShare passwords securelyB) Strengthen password hashingA salt adds random data to passwords before hashing, making them harder to crack.
Which attack exploits vulnerabilities in outdated software?Patch ManagementZero-Day AttackZero-Day AttackExploit AttackBackup AttackC) Exploit AttackAn exploit attack uses known vulnerabilities in software to gain unauthorized access.
What does IDS stand for in cybersecurity?Internet Data ServiceIntrusion Detection SystemInternal Defense SoftwareIntegrated Data SecurityB) Intrusion Detection SystemAn IDS monitors network or system activities to detect suspicious behavior or security breaches.
What is the main purpose of encryption?Speed up internetHide data from unauthorized usersDelete files permanentlyIncrease storage capacityB) Hide data from unauthorized usersEncryption converts data into a coded form to prevent unauthorized access.
Which attack sends fake ARP messages on a local network?ARP SpoofingPhishingSQL InjectionBrute ForceA) ARP SpoofingARP spoofing links the attacker’s MAC address with a legitimate IP address to intercept data.
What is the role of a security patch?Create new vulnerabilitiesIncrease system bugsFix security weaknesses in softwareSlow down the systemC) Fix security weaknesses in softwareSecurity patches update software to fix vulnerabilities and improve protection.
What does the term “spoofing” mean in cybersecurity?Encrypting filesPretending to be a trusted sourceScanning open portsUpdating software: B) Pretending to be a trusted sourceSpoofing involves disguising communication from an unknown source as being from a trusted one.
Which port does HTTPS typically use by default?212580443D) 443HTTPS uses port 443 to provide secure communication over a network.
What is the purpose of a keylogger?Speed up typingRecord keystrokes secretlyEncrypt passwordsBlock malwareB) Record keystrokes secretlyA keylogger records keyboard inputs, often used maliciously to steal sensitive information.
What is the purpose of a vulnerability scanner?Create malwareDetect system weaknessesIncrease storage spaceBlock advertisementsB) Detect system weaknessesA vulnerability scanner identifies security flaws in systems and networks.
Which attack involves injecting malicious scripts into trusted websites?Cross-Site Scripting (XSS)Brute ForceDoSSniffingA) Cross-Site Scripting (XSS)XSS attacks inject malicious scripts into web pages viewed by other users.
What is two-factor authentication (2FA)?Using two usernamesUsing two passwordsVerifying identity with two different methodsLogging in twiceC) Verifying identity with two different methods2FA enhances security by requiring two separate forms of identification.
Which tool is widely used for exploiting vulnerabilities in penetration testing?MetasploitMS WordPaintFile ExplorerA) MetasploitMetasploit is a popular framework used by ethical hackers to develop and execute exploit code.
What is the purpose of hashing in cybersecurity?Encrypt data for sharingCompress filesConvert data into a fixed-length string for integrity verificationSpeed up internet connectionC) Convert data into a fixed-length string for integrity verificationHashing creates a fixed-length output that helps verify data integrity and detect tampering.
Which attack attempts to crack passwords using a precomputed table of hash values?PhishingRainbow Table AttackDoS AttackSpoofingB) Rainbow Table AttackA rainbow table attack uses precomputed hash tables to quickly crack password hashes.
Which type of malware can replicate itself without user interaction?TrojanWormAdwareRansomwareB) WormA worm spreads automatically across networks without requiring user action.
What is the main function of penetration testing?Create new softwareTest system performanceSimulate cyberattacks to find vulnerabilitiesIncrease internet speedC) Simulate cyberattacks to find vulnerabilitiesPenetration testing involves simulating real-world attacks to identify security weaknesses.
Which encryption method uses the same key for encryption and decryption?Asymmetric encryptionPublic key encryptionSymmetric encryptionHashingC) Symmetric encryptionSymmetric encryption uses a single shared key for both encrypting and decrypting data.
Which of the following is an example of multi-factor authentication (MFA)?Username onlyPassword onlyPassword and OTP codeSecurity question onlyC) Password and OTP codeMulti-factor authentication requires two or more verification methods, such as a password and a one-time password (OTP).
What is a zero-day vulnerability?A vulnerability fixed immediatelyA publicly known security patchA newly discovered flaw with no available patch A virus removed within a dayC) A newly discovered flaw with no available patchA zero-day vulnerability is a security flaw that is unknown to the vendor and has no fix available yet.
Which command-line tool is commonly used to capture and analyze network packets?NmapWiresharkJohn the RipperMetasploitB) WiresharkWireshark is a popular network protocol analyzer used to capture and inspect data packets.
Which type of malware is designed to appear legitimate but performs malicious activities?WormTrojan HorseAdwareSpywareB) Trojan HorseTrojan Horses disguise themselves as legitimate software while performing harmful actions in the background.
What is social engineering in cybersecurity?Hacking using software tools onlyTricking people into revealing confidential informationEncrypting sensitive dataInstalling antivirus programsB) Tricking people into revealing confidential informationSocial engineering exploits human psychology to bypass security measures and gain unauthorized access.
Which protocol is used to securely transfer files over the internet?FTPHTTPHTTPSSFTPD) SFTPSecure File Transfer Protocol (SFTP) encrypts both commands and data to ensure secure file transfers over a network.
What is a firewall primarily used for?Speeding up internet connectionBlocking unauthorized accessStoring passwordsDesigning websitesB) Blocking unauthorized accessA firewall monitors and controls incoming and outgoing network traffic to prevent unauthorized access.
Which type of attack intercepts communication between two parties without their knowledge?PhishingMan-in-the-MiddleBrute ForceTrojan HorseB) Man-in-the-Middle: In a Man-in-the-Middle attack, the attacker secretly intercepts and possibly alters communication.
What is the first phase of ethical hacking?ExploitationMaintaining accessReconnaissanceReportingC) ReconnaissanceReconnaissance involves gathering information about the target system before attempting an attack.
What is a brute force attack?Installing antivirus softwareGuessing passwords repeatedly until correctEncrypting files securelyMonitoring network trafficB) Guessing passwords repeatedly until correctA brute force attack attempts many password combinations until the correct one is found.
Which tool is commonly used for penetration testing of web applications?WiresharkBurp SuiteNotepadVLC Media PlayerB) Burp SuiteBurp Suite is widely used by ethical hackers to test web application security.
What does VPN stand for?Virtual Private NetworkVerified Public NetworkVariable Protection NodeVirtual Protocol NumberA) Virtual Private NetworkA VPN creates a secure, encrypted connection over a public network.
What is phishing primarily designed to do?Improve website speedEncrypt dataTrick users into revealing sensitive informationStrengthen passwordsC) Trick users into revealing sensitive informationPhishing attacks deceive users into providing confidential data such as passwords or credit card details.
Which attack involves overwhelming a system with traffic to make it unavailable?SQL InjectionBrute ForceDenial-of-Service (DoS)Man-in-the-MiddleC) Denial-of-Service (DoS)A DoS attack floods a system with excessive traffic, causing disruption of services.
What does SQL Injection target?Email serversDatabase queriesFirewallsAntivirus softwareB) Database queriesSQL Injection attacks exploit vulnerabilities in database queries to access or manipulate data.
What is the primary goal of ethical hacking?Steal confidential dataDamage systemsIdentify security vulnerabilitiesSpread malwareC) Identify security vulnerabilitiesEthical hackers test systems to find weaknesses before malicious hackers can exploit them.
Which tool is commonly used for network scanning?PhotoshopNmapExcelAutoCADB) NmapNmap is a popular tool used by ethical hackers to discover hosts and services on a network.
What type of hacker is authorized to test security systems?Black HatGrey HatWhite HatScript KiddieC) White HatWhite Hat hackers are ethical professionals who legally test and secure systems.
