What does the term “sniffing” mean in cybersecurity?Deleting data from serversMonitoring and capturing network trafficEncrypting communicationBlocking internet accessB) Monitoring and capturing network trafficSniffing involves intercepting and analyzing data packets traveling across a network.
Which type of attack tries many password combinations using a predefined list of common passwords?Dictionary AttackSQL InjectionSpoofing AttackDoS AttackA) Dictionary Attack A dictionary attack uses a list of common words or passwords to guess login credentials.
Which security principle ensures that data is accessible only to authorized users?ConfidentialityAvailabilityScalabilityRedundancyA) ConfidentialityConfidentiality ensures that sensitive information is protected from unauthorized access.
What is the primary purpose of a password salt?Shorten passwordsStrengthen password hashingStore passwords in plain textShare passwords securelyB) Strengthen password hashingA salt adds random data to passwords before hashing, making them harder to crack.
Which attack exploits vulnerabilities in outdated software?Patch ManagementZero-Day AttackZero-Day AttackExploit AttackBackup AttackC) Exploit AttackAn exploit attack uses known vulnerabilities in software to gain unauthorized access.
What does IDS stand for in cybersecurity?Internet Data ServiceIntrusion Detection SystemInternal Defense SoftwareIntegrated Data SecurityB) Intrusion Detection SystemAn IDS monitors network or system activities to detect suspicious behavior or security breaches.
What is the main purpose of encryption?Speed up internetHide data from unauthorized usersDelete files permanentlyIncrease storage capacityB) Hide data from unauthorized usersEncryption converts data into a coded form to prevent unauthorized access.
Which attack sends fake ARP messages on a local network?ARP SpoofingPhishingSQL InjectionBrute ForceA) ARP SpoofingARP spoofing links the attacker’s MAC address with a legitimate IP address to intercept data.
What is the role of a security patch?Create new vulnerabilitiesIncrease system bugsFix security weaknesses in softwareSlow down the systemC) Fix security weaknesses in softwareSecurity patches update software to fix vulnerabilities and improve protection.
What does the term “spoofing” mean in cybersecurity?Encrypting filesPretending to be a trusted sourceScanning open portsUpdating software: B) Pretending to be a trusted sourceSpoofing involves disguising communication from an unknown source as being from a trusted one.
Which port does HTTPS typically use by default?212580443D) 443HTTPS uses port 443 to provide secure communication over a network.
What is the purpose of a keylogger?Speed up typingRecord keystrokes secretlyEncrypt passwordsBlock malwareB) Record keystrokes secretlyA keylogger records keyboard inputs, often used maliciously to steal sensitive information.
What is the purpose of a vulnerability scanner?Create malwareDetect system weaknessesIncrease storage spaceBlock advertisementsB) Detect system weaknessesA vulnerability scanner identifies security flaws in systems and networks.
Which attack involves injecting malicious scripts into trusted websites?Cross-Site Scripting (XSS)Brute ForceDoSSniffingA) Cross-Site Scripting (XSS)XSS attacks inject malicious scripts into web pages viewed by other users.
What is two-factor authentication (2FA)?Using two usernamesUsing two passwordsVerifying identity with two different methodsLogging in twiceC) Verifying identity with two different methods2FA enhances security by requiring two separate forms of identification.
Which tool is widely used for exploiting vulnerabilities in penetration testing?MetasploitMS WordPaintFile ExplorerA) MetasploitMetasploit is a popular framework used by ethical hackers to develop and execute exploit code.
What is the purpose of hashing in cybersecurity?Encrypt data for sharingCompress filesConvert data into a fixed-length string for integrity verificationSpeed up internet connectionC) Convert data into a fixed-length string for integrity verificationHashing creates a fixed-length output that helps verify data integrity and detect tampering.
Which attack attempts to crack passwords using a precomputed table of hash values?PhishingRainbow Table AttackDoS AttackSpoofingB) Rainbow Table AttackA rainbow table attack uses precomputed hash tables to quickly crack password hashes.
Which type of malware can replicate itself without user interaction?TrojanWormAdwareRansomwareB) WormA worm spreads automatically across networks without requiring user action.
What is the main function of penetration testing?Create new softwareTest system performanceSimulate cyberattacks to find vulnerabilitiesIncrease internet speedC) Simulate cyberattacks to find vulnerabilitiesPenetration testing involves simulating real-world attacks to identify security weaknesses.
Which encryption method uses the same key for encryption and decryption?Asymmetric encryptionPublic key encryptionSymmetric encryptionHashingC) Symmetric encryptionSymmetric encryption uses a single shared key for both encrypting and decrypting data.
Which of the following is an example of multi-factor authentication (MFA)?Username onlyPassword onlyPassword and OTP codeSecurity question onlyC) Password and OTP codeMulti-factor authentication requires two or more verification methods, such as a password and a one-time password (OTP).
What is a zero-day vulnerability?A vulnerability fixed immediatelyA publicly known security patchA newly discovered flaw with no available patch A virus removed within a dayC) A newly discovered flaw with no available patchA zero-day vulnerability is a security flaw that is unknown to the vendor and has no fix available yet.
Which command-line tool is commonly used to capture and analyze network packets?NmapWiresharkJohn the RipperMetasploitB) WiresharkWireshark is a popular network protocol analyzer used to capture and inspect data packets.
Which type of malware is designed to appear legitimate but performs malicious activities?WormTrojan HorseAdwareSpywareB) Trojan HorseTrojan Horses disguise themselves as legitimate software while performing harmful actions in the background.
What is social engineering in cybersecurity?Hacking using software tools onlyTricking people into revealing confidential informationEncrypting sensitive dataInstalling antivirus programsB) Tricking people into revealing confidential informationSocial engineering exploits human psychology to bypass security measures and gain unauthorized access.
Which protocol is used to securely transfer files over the internet?FTPHTTPHTTPSSFTPD) SFTPSecure File Transfer Protocol (SFTP) encrypts both commands and data to ensure secure file transfers over a network.
What is a firewall primarily used for?Speeding up internet connectionBlocking unauthorized accessStoring passwordsDesigning websitesB) Blocking unauthorized accessA firewall monitors and controls incoming and outgoing network traffic to prevent unauthorized access.
Which type of attack intercepts communication between two parties without their knowledge?PhishingMan-in-the-MiddleBrute ForceTrojan HorseB) Man-in-the-Middle: In a Man-in-the-Middle attack, the attacker secretly intercepts and possibly alters communication.
What is the first phase of ethical hacking?ExploitationMaintaining accessReconnaissanceReportingC) ReconnaissanceReconnaissance involves gathering information about the target system before attempting an attack.
What is a brute force attack?Installing antivirus softwareGuessing passwords repeatedly until correctEncrypting files securelyMonitoring network trafficB) Guessing passwords repeatedly until correctA brute force attack attempts many password combinations until the correct one is found.
Which tool is commonly used for penetration testing of web applications?WiresharkBurp SuiteNotepadVLC Media PlayerB) Burp SuiteBurp Suite is widely used by ethical hackers to test web application security.
What does VPN stand for?Virtual Private NetworkVerified Public NetworkVariable Protection NodeVirtual Protocol NumberA) Virtual Private NetworkA VPN creates a secure, encrypted connection over a public network.
What is phishing primarily designed to do?Improve website speedEncrypt dataTrick users into revealing sensitive informationStrengthen passwordsC) Trick users into revealing sensitive informationPhishing attacks deceive users into providing confidential data such as passwords or credit card details.
Which attack involves overwhelming a system with traffic to make it unavailable?SQL InjectionBrute ForceDenial-of-Service (DoS)Man-in-the-MiddleC) Denial-of-Service (DoS)A DoS attack floods a system with excessive traffic, causing disruption of services.
What does SQL Injection target?Email serversDatabase queriesFirewallsAntivirus softwareB) Database queriesSQL Injection attacks exploit vulnerabilities in database queries to access or manipulate data.
What is the primary goal of ethical hacking?Steal confidential dataDamage systemsIdentify security vulnerabilitiesSpread malwareC) Identify security vulnerabilitiesEthical hackers test systems to find weaknesses before malicious hackers can exploit them.
Which tool is commonly used for network scanning?PhotoshopNmapExcelAutoCADB) NmapNmap is a popular tool used by ethical hackers to discover hosts and services on a network.
What type of hacker is authorized to test security systems?Black HatGrey HatWhite HatScript KiddieC) White HatWhite Hat hackers are ethical professionals who legally test and secure systems.
