Unit – 5
1. _______ is the practice and precautions taken to protect valuable information from unauthorised access, recording, disclosure or destruction.
a) Network Security
b) Database Security
c) Information Security
d) Physical Security
Answer: c
Explanation: Information Security (abbreviated as InfoSec) is a process or set of processes used for protecting valuable information for alteration, destruction, deletion or disclosure by unauthorised users.
2. From the options below, which of them is not a threat to information security? a) Disaster
b) Eavesdropping
c) Information leakage
d) Unchanged default password
Answer: d
Explanation: Disaster, eavesdropping and information leakage come under information security threats whereas not changing the default password of any system, hardware or any software comes under the category of vulnerabilities that the user may pose to its system.
3. From the options below, which of them is not a vulnerability to information security? a) flood
b) without deleting data, disposal of storage media
c) unchanged default password
d) latest patches and updates not done
Answer: a
Explanation: Flood comes under natural disaster which is a threat to any information and not acts as a vulnerability to any system.
4. _____ platforms are used for safety and protection of information in the cloud. a) Cloud workload protection platforms
b) Cloud security protocols
c) AWS
d) One Drive
Answer: a
Explanation: Nowadays data centres support workloads from different geographic locations across the globe through physical systems, virtual machines, servers, and clouds. Their security can be managed using Cloud workload protection platforms which manage policies regarding security of information irrespective of its location.
5. Which of the following information security technology is used for avoiding browser-based hacking?
a) Anti-malware in browsers
b) Remote browser access
c) Adware remover in browsers
d) Incognito mode in a browser
Answer: b
Explanation: Cyber-criminals target browsers for breaching information security. If a user establishes a remote browsing by isolating the browsing session of end user, cyber-criminals will not be able to infect the system along with browser with malware, ultimately reducing the attack surface area.
6. The full form of EDR is _______
a) Endpoint Detection and recovery
b) Early detection and response
c) Endpoint Detection and response
d) Endless Detection and Recovery
Answer: c
Explanation: It is a collective name for tools that monitor networks & endpoints of systems and record all the activities for further reporting, analysis & detection in a central database. Analyzing the reports generated through such EDR tools, loopholes in a system or any internal, as well as external breaching attempts can be detected.
7. _______ technology is used for analyzing and monitoring traffic in network and information flow.
a) Cloud access security brokers (CASBs)
b) Managed detection and response (MDR)
c) Network Security Firewall
d) Network traffic analysis (NTA)
Answer: d
Explanation: Network traffic analysis (NTA) is an approach of information security for supervising the traffic in any network, a flow of data over the network as well as malicious threats that are trying to breach the network. This technological solution also helps in triage the events detected by Network Traffic Analysing tools.
8. Compromising confidential information comes under _________
a) Bug
b) Threat
c) Vulnerability
d) Attack
Answer: b
Explanation: Threats are anything that may cause damage or harm to a computer system, individual or any information. Compromising of confidential information means extracting out sensitive data from a system by illegal manner.
9. Lack of access control policy is a _____________
a) Bug
b) Threat
c) Vulnerability
d) Attack
Answer: c
Explanation: Access control policies are incorporated to a security system for restricting of unauthorised access to any logical or physical system. Every security compliance program must need this as a fundamental component. Those systems which lack this feature is vulnerable.
10. Possible threat to any information cannot be ________________
a) reduced
b) transferred
c) protected
d) ignored
Answer: d
Explanation: When there lies a threat to any system, safeguards can be implemented, outsourced, distributed or transferred to some other system, protected using security tools and techniques but cannot be ignored.
11. Backup and recovery procedures are primarily implemented to
a) Handle the contingency when a file gets corrupted
b) To provide data redundancy
c) To show different versions of data and programs
d) All of the above
Answer: Option A
12) In which of the following, a person is constantly followed/chased by another person or group of several peoples?
a) Phishing
b) Bulling
c) Stalking
d) Identity theft
Answer: c
Explanation: In general, Stalking refers to continuous surveillance on the target (or person) done by a group of people or by the individual person. Cyber Stalking is a type of cybercrime in which a person (or victim) is being followed continuously by another person or group of several people through electronic means to harass the victim. We can also say that the primary goal of Stalking is to observe or monitor each victim's actions to get the essential information that can be further used for threatening, harassing, etc.
13) Which one of the following can be considered as the class of computer threats?
a) Dos Attack
b) Phishing
c) Soliciting
d) Both A and C
Answer: a
Explanation: A dos attack refers to the denial of service attack. It is a kind of cyber attack in which one tries to make a machine (or targeted application, website etc.) unavailable for its intended users. It is usually accomplished by disturbing the service temporarily or indefinitely of the target connected to the internet.
14) Which of the following is considered as the unsolicited commercial email?
a) Virus
b) Malware
c) Spam
d) All of the above
Answer: c
Explanation: It is a type of unsolicited email which is generally sent in bulk to an indiscriminate recipient list for commercial purpose. Generally, these types of mail are considered unwanted because most users don't want these emails at all.
15) Which of the following usually observe each activity on the internet of the victim, gather all information in the background, and send it to someone else?
a) Malware
b) Spyware
c) Adware
d) All of the above
Answer: b
Explanation: It is generally defined as the software designed to enter the target's device or computer system, gather all information, observe all user activities, and send this information to a third party. Another important thing about the spyware is that it works in the background sends all information without your permission.
16) _______ is a type of software designed to help the user's computer detect viruses and avoid them.
a) Malware
b) Adware
c) Antivirus
d) Both B and C
Answer: c
Explanation: An antivirus is a kind of software that is specially designed to help the user's computer to detect the virus as well as to avoid the harmful effect of them. In some cases where the virus already resides in the user's computer, it can be easily removed by scanning the entire system with antivirus help.
17) Which one of the following is a type of antivirus program?
a) Quick heal
b) Mcafee
c) Kaspersky
d) All of the above
Answer: d
Explanation: Antivirus is a kind of software program that helps to detect and remove viruses form the user's computer and provides a safe environment for users to work on. There are several kinds of antivirus software are available in the market, such as Kaspersky, Mcafee, Quick Heal, Norton etc., so the correct answer is D.
18) It can be a software program or a hardware device that filters all data packets coming through the internet, a network, etc. it is known as the_______:
a) Antivirus
b) Firewall
c) Cookies
d) Malware
Answer: b
Explanation: There are two types of firewalls -software programs and hardware-based firewalls. These types of firewalls filter each and every data packet coming from the outside environment such as network; internet so that any kind of virus would not be able to enter in the user's system. In some cases where the firewall detects any suspicious data packet, it immediately burns or terminates that data packet. In short, we can also say that it is the first line of defense of the system to avoid several kinds of viruses.
19) Which of the following refers to stealing one's idea or invention of others and use it for their own benefits?
a) Piracy
b) Plagiarism
c) Intellectual property rights
d) All of the above
Answer: d
Explanation: The stealing ideas or the invention of others and using them for their own profits can also be defined in several different ways, such as piracy, intellectual property rights, and plagiarism.
20) Read the following statement carefully and find out whether it is correct about the hacking or not?
It can be possible that in some cases, hacking a computer or network can be legal.
a) No, in any situation, hacking cannot be legal
b) It may be possible that in some cases, it can be referred to as a legal task Answer: b
Explanation: Nowadays, hacking is not just referred to as an illegal task because there are some good types of hackers are also available, known as an ethical hacker. These types of hackers do not hack
the system for their own purposes, but the organization hires them to hack their system to find security falls, loop wholes. Once they find the loop whole or venerability in the system, they get paid, and the organization removes that weak points.
21) Which of the following refers to exploring the appropriate, ethical behaviors related to the online environment and digital media platform?
a) Cyber low
b) Cyberethics
c) Cybersecurity
d) Cybersafety
Answer: b
Explanation: Cyber Ethics refers to exploring the appropriate, ethical behaviors related to online environments and digital media.
22) Which of the following refers to the violation of the principle if a computer is no more accessible?
a) Access control
b) Confidentiality
c) Availability
d) All of the above
Answer: c
Explanation: Availability refers to the violation of principle, if the system is no more accessible.
23) Which one of the following refers to the technique used for verifying the integrity of the message?
a) Digital signature
b) Decryption algorithm
c) Protocol
d) Message Digest
Answer: d
Explanation: Message Digest is a type of cryptographic hash function that contains a string of digits that are created by the one-way hashing formula. It is also known as a type of technique used for
verifying the integrity of the message, data or media, and to detect if any manipulations are made. Therefore the correct answer is D.
24) Which one of the following usually used in the process of Wi-Fi-hacking?
a) Aircrack-ng
b) Wireshark
c) Norton
d) All of the above
Answer: a
Explanation: The Aircrack-ng is a kind of software program available in the Linux-based operating systems such as Parrot, kali etc. it is usually used by users while hacking the Wi-Fi-networks or finding vulnerabilities in the network to capture or monitor the data packets traveling in the network.
25) Which of the following port and IP address scanner famous among the users?
a) Cain and Abel
b) Angry IP Scanner
c) Snort
d) Ettercap
Answer: b
Explanation: Angry IP Scanner is a type of hacking tool that is usually used by both white hat and black hat types of hackers. It is very famous among the users because it helps to find the weaknesses in the network devices.
26) In ethical hacking and cyber security, there are _______ types of scanning:
a) 1
b) 2
c) 3
d) 4
Answer: c
Explanation: There are usually three types of scanning in ethical hacking and cyber security. Therefore the correct answer is C.
27) Which of the following is not a type of scanning?
a) Xmas Tree Scan
b) Cloud scan
c) Null Scan
d) SYN Stealth
Answer: b
Explanation: Among the following-given options, the Cloud Scan is one, and only that is not a type of scanning.
28) In system hacking, which of the following is the most crucial activity?
a) Information gathering
b) Covering tracks
c) Cracking passwords
d) None of the above
Answer: c
Explanation: While trying to hack a system, the most important thing is cracking the passwords.
29) Which of the following are the types of scanning?
a) Network, vulnerability, and port scanning
b) Port, network, and services
c) Client, Server, and network
d) None of the above
Answer: a
Explanation: The vulnerability, port, and network scanning are three types of scanning.
30) Which one of the following is actually considered as the first computer virus?
a) Sasser
b) Blaster
c) Creeper
d) Both A and C
Answer: c
Explanation: The Creeper is called the first computer virus as it replicates itself (or clones itself) and spread from one system to another. It is created by Bob Thomas at BBN in early 1971 as an experimental computer program.
31) To protect the computer system against the hacker and different kind of viruses, one must always keep _________ on in the computer system.
a) Antivirus
b) Firewall
c) Vlc player
d) Script
Answer: b
Explanation: It is essential to always keep the firewall on in our computer system. It saves the computer system against hackers, viruses, and installing software form unknown sources. We can also consider it the first line of defense of the computer system.
32) Code Red is a type of ________
a) An Antivirus Program
b) A photo editing software
c) A computer virus
d) A video editing software
Answer: c
Explanation: Cod Red is a type of Computer virus that was first discovered on 15 July in 2001 as it attacks the servers of Microsoft. In a couple of next days, it infects almost 300,000 servers.
33) Which of the following can be considered as the elements of cyber security?
a) Application Security
b) Operational Security
c) Network Security
d) All of the above
Answer: d
Explanation: Application security, operational security, network security all are the main and unforgettable elements of Cyber Security. Therefore the correct answer is D.
34) Which of the following are famous and common cyber-attacks used by hackers to infiltrate the user's system?
a) DDos and Derive-by Downloads
b) Malware & Malvertising
c) Phishing and Password attacks
d) All of the above
Answer: d
Explanation: DDoS (or denial of service), malware, drive-by downloads, phishing and password attacks are all some common and famous types of cyber-attacks used by hackers.
35) Which one of the following is also referred to as malicious software?
a) Maliciousware
b) Badware
c) Ilegalware
d) Malware
Answer: d
Explanation: Malware is a kind of short program used by the hacker to gain access to sensitive data/ information. It is used to denote many kinds of viruses, worms, Trojans, and several other harmful programs. Sometimes malware is also known as malicious software.
36) Hackers usually used the computer virus for ______ purpose.
a) To log, monitor each and every user's stroke
b) To gain access the sensitive information like user's Id and Passwords
c) To corrupt the user's data stored in the computer system
d) All of the above
Answer: d
Explanation: In general, hackers use computer viruses to perform several different tasks such as to corrupt the user's data stored in his system, to gain access the important information, to monitor or log each user's strokes. Therefore the correct answer is D.
37) In Wi-Fi Security, which of the following protocol is more used?
a) WPA
b) WPA2
c) WPS
d) Both A and C
Answer: b
Explanation: Nowadays, in Wi-Fi Security, the WPA2 is one of the most widely used protocols because it offers a more secure connection rather than the WPA. It is also known as the upgraded version of the WPA protocol.
38) The term "TCP/IP" stands for_____
a) Transmission Contribution protocol/ internet protocol
b) Transmission Control Protocol/ internet protocol
c) Transaction Control protocol/ internet protocol
d) Transmission Control Protocol/ internet protocol
Answer: b
Explanation: The term "TCP/IP" stood for Transmission Control Protocol/ internet protocol and was developed by the US government in the early days of the internet.
39) The response time and transit time is used to measure the ____________ of a network.
a) Security
b) Longevity
c) Reliability
d) Performance
Answer: d
Explanation: On the basis of response time and transit time, the performance of a network is measured.
40) Which of the following factor of the network gets hugely impacted when the number of users exceeds the network's limit?
a) Reliability
b) Performance
c) Security
d) Longevity
Answer: d
Explanation: When the numbers of users on a network get increased and exceed the network's limit, therefore the performance is one of the factors of the network that is hugely impacted by it.
41) In the computer networks, the encryption techniques are primarily used for improving the ________
a) Security
b) Performance
c) Reliability
d) Longevity
Answer: a
Explanation: Encryption techniques are usually used to improve the security of the network. So the correct answer will be A.
42) Which of the following statements is correct about the firewall?
a) It is a device installed at the boundary of a company to prevent unauthorized physical access.
b) It is a device installed at the boundary of an incorporate to protect it against the unauthorized access.
c) It is a kind of wall built to prevent files form damaging the corporate.
d) None of the above.
Answer: b
Explanation: A firewall can be the type of either a software or the hardware device that filters each and every data packet coming from the network, internet. It can also be considered as a device installed at the boundary of an incorporate to protect form unauthorized access. Sometimes firewall also refers to the first line of defense against viruses, unauthorized access, malicious software etc.
43) When was the first computer virus created?
a) 1970
b) 1971
c) 1972
d) 1969
Answer: b
Explanation: In 1970, the world's first computer virus was created by Robert (Bob) Thomas. This virus was designed as it creates copies of itself or clones itself and spreads one computer to another. So the correct answer will be 1970.
44) Which of the following is considered as the world's first antivirus program?
a) Creeper
b) Reaper
c) Tinkered
d) Ray Tomlinson
Answer: b
Explanation: Reaper is considered as the world's first antivirus program or software as it can detect the copies of a Creeper (the world's first man-made computer virus) and could delete it as well.
45) Which one of the following principles of cyber security refers that the security mechanism must be as small and simple as possible?
a) Open-Design
b) Economy of the Mechanism
c) Least privilege
d) Fail-safe Defaults
Answer: b
Explanation: Economy of the mechanism states that the security mechanism must need to be simple and small as possible.
46) Which of the following principle of cyber security restricts how privileges are initiated whenever any object or subject is created?
a) Least privilege
b) Open-Design
c) Fail-safe Defaults
d) None of the above
Answer: c
Explanation: The fail-safe Defaults principle of cyber security restricts how privileges are initiated whenever a subject or object is created. In cases where the privileges, rights, access or some other security-related attribute is not granted explicitly, it should also not granted access to the object.
47) Suppose an employee demands the root access to a UNIX system, where you are the administrator; that right or access should not be given to the employee unless that employee has work that requires certain rights, privileges. It can be considered as a perfect example of which principle of cyber security?
a) Least privileges
b) Open Design
c) Separation of Privileges
d) Both A & C
Answer: a
Explanation: The example given in the above question refers to the least privileges principle of cyber security. The least privileges principle of cyber security states that no rights, access to the system should be given to any of the employees of the organization unless he/she needs those particular rights, access in order to complete the given task. In short, we can say that its primary work is to restrict or control the assignment of rights to the employees.
48) Which of the following can also consider as the instances of Open Design?
a) CSS
b) DVD Player
c) Only A
d) Both A and B
Answer: d
Explanation: The Open Design is a kind of open design artifact whose documentation is publically available, which means anyone can use it, study, modify, distribute, and make the prototypes. However, the CSS (or Content Scrambling System) and DVD Player are both examples of open design.
49) Which one of the following principles states that sometimes it is become more desirable to rescored the details of intrusion that to adopt more efficient measure to avoid it?
a) Least common mechanism
b) Compromise recording
c) Psychological acceptability
d) Work factor
Answer: b
Explanation: The principle called compromise factor states that in some cases, it is more beneficial to records or document the details of the intrusion that to adopt more efficient measures to avoid it.
50) The web application like banking websites should ask its users to log-in again after some specific period of time, let say 30 min. It can be considered as an example of which cybersecurity principle?
a) Compromise recording
b) Psychological acceptability
c) Complete mediation
d) None of the above
Answer: c
Explanation: The complete mediation principle of cybersecurity requires that all the access must be checked to ensure that they are genuinely allowed. However, the example given in the above question can be considered as an example of Complete Mediation.
51) Which one of the following statements is correct about Email security in the network security methods?
a) One has to deploy hardware, software, and security procedures to lock those apps down. b) One should know about what the normal behavior of a network look likes so that he/she can spot any changes, breaches in the behavior of the network.
c) Phishing is one of the most commonly used methods that are used by hackers to gain access to the network
d) All of the above
Answer: c
Explanation: In terms of Email Security, phishing is one of the standard methods that are used by Hackers to gain access to a network. The Email Security Tools can handle several types of attacks, such as the incoming attacks, and protect the outbound messages containing sensitive data/information as well.
52) Which of the following statements is true about the VPN in Network security?
a) It is a type of device that helps to ensure that communication between a device and a network is secure.
b) It is usually based on the IPsec( IP Security) or SSL (Secure Sockets Layer) c) It typically creates a secure, encrypted virtual "tunnel" over the open internet
d) All of the above
Answer: d
Explanation: The term VPN stands for Virtual Private Network. It is a type of network security enhancing tool that can be either a software program or a hardware device. It usually authenticates the communication between a device and a network by creating a secure encrypted virtual "tunnel". In general, the software VPNs are considered as the most cost-effective, user friendly over the hardware VPNs.
53) Which of the following type of text is transformed with the help of a cipher algorithm?
a) Transformed text
b) Complex text
c) Scalar text
d) Plain text
Answer: d
Explanation: The cipher algorithm is used to create an encrypted message by taking the input as understandable text or "plain text" and obtains unreadable or "cipher text" as output. It is usually used to protect the information while transferring one place to another place.
54) Which type of the following malware does not replicate or clone them self's through infection?
a) Rootkits
b) Trojans
c) Worms
d) Viruses
Answer: b
Explanation: The Trojans type of malware does not generate copies of them self's or clone them. The main reason why these types of viruses are referred to as the Trojans is the mythological story of the Greeks. In which some top-level accessions were hidden in the big wooden horse-like structure and given to the enemy as a gift. So that they can enter to the enemy's palace without come in any sight.
55) Which of the following malware's type allows the attacker to access the administrative controls and enables his/or her to do almost anything he wants to do with the infected computers.
a) RATs
b) Worms
c) Rootkits
d) Botnets
Answer: a
Explanation: The RAT is an abbreviation of Remote Access Trojans or Remote Administration Tools, which gives the total control of a Device, which means it, can control anything or do anything in the target device remotely. It allows the attacker administrative control just as if they have physical access to your device.
56) Which of the following statements is true about the Trojans?
a) Trojans perform tasks for which they are designed or programmed
b) Trojans replicates them self's or clone them self's through an infections c) Trojans do nothing harmful to the user's computer systems
d) None of the above
Answer: a
Explanation: Trojans are a type of malware that will perform any types of actions for those they are design or programmed. Another important thing about Trojans is that the user may not know that the malware enters their system until the Trojan starts doing its job for which they are programmed.
57) Which of the following is just opposite to the Open Design principle?
a) Security through obscurity
b) Least common mechanism
c) Least privileges
d) Work factor
Answer: a
Explanation: The "Security through obscurity" is an approach which just opposite to the Open Design principle. So the correct option is A.
58) Which of the following is a type of independent malicious program that never required any host program?
a) Trojan Horse
b) Worm
c) Trap Door
d) Virus
Answer: b
Explanation: Warm is a type of independent malicious program that does not require any host programs(or attached with some programs). They typically cause damages to the systems by consuming the bandwidths and overloading the servers. Warms are quite different from the virus as they are stand-alone programs, whereas viruses need some type of triggers to activate by their host or required human interaction.
59) Which of the following usually considered as the default port number of apache and several other web servers?
a) 20
b) 40
c) 80
d) 87
Answer: c
Explanation: The default port number used by the apache and several other web servers is 80. So the correct answer will be C.
60) DNS translates a Domain name into _________
a) Hex
b) Binary
c) IP
d) URL
Answer: d
Explanation: DNS stands for the Domain name system; the main work of a DNS is to translate the Domain name into an IP address that is understandable to the computers.
61) Which one of the following systems cannot be considered as an example of the operating systems?
a) Windows 8
b) Red Hat Linux
c) BSD Linux
d) Microsoft Office
Answer: d
Explanation: Microsoft office is a type of software used for creating and managing documents, which is one of the most famous products of the Microsoft organization. So the correct answer will be the D.
62) In the CIA Triad, which one of the following is not involved?
a) Availability
b) Confidentiality
c) Authenticity
d) Integrity
Answer: c
Explanation: CIA refers to Confidentiality, Integrity, and Availability that are also considered as the CIA triad. However, the CIA triad does not involve Authenticity.
63) In an any organization, company or firm the policies of information security come under__________
a) CIA Triad
b) Confidentiality
c) Authenticity
d) None of the above
Answer: a
Explanation: Confidentiality, Integrity, Availability are the three main principles. In Short, these three principles are also known as the CIA triad and plays a vital role as the cornerstone of the security structure of any organization.
64) Why are the factors like Confidentiality, Integrity, Availability, and Authenticity considered as the fundamentals?
a) They help in understanding the hacking process
b) These are the main elements for any security breach
c) They help to understand the security and its components in a better manner d) All of the above
Answer: c
Explanation: Confidentiality, Integrity, Availability and Authenticity all these four elements helps in understanding security and its components.
65) In order to ensure the security of the data/ information, we need to ____________ the data:
a) Encrypt
b) Decrypt
c) Delete
d) None of the above
Answer: a
Explanation: Data encryption is a type of method in which the plain text is converted into ciphertext, and only the authorized users can decrypt it back to plain text by using the right key. This preserves the Confidentiality of the Data.
66) Which one of the following is considered as the most secure Linux operating system that also provides anonymity and the incognito option for securing the user's information?
a) Ubuntu
b) Tails
c) Fedora
d) All of the above
Answer: b
Explanation: Tails is a type of Linux-based operating system that is considered to be one of the most secure operating systems in the world. It also provides many features such as anonymity and incognito options to insure that user information is always protected. The main reason why the tails operating system is famous among the user is that it is almost untraceable, which keep your privacy secure.
67) Which type following UNIX account provides all types of privileges and rights which one can perform administrative functions?
a) Client
b) Guest
c) Root
d) Administrative
Answer: d
Explanation: If a user uses the Root account of the UNIX operating system, he can carry out all types of administrative functions because it provides all necessary privileges and rights to a user.
68) Which of the following is considered as the first hacker's conference?
a) OSCON
b) DEVON
c) DEFCON
d) SECTION
Answer: c
Explanation: DEFCON is one of the most popular and largest Hacker's as well as the security consultant's conference. It is always held once a year in Las Vegas, Nevada, where hackers of all types (such as black hats, gray hats, and white hat hackers), government agents as well as security professionals from around the world attend the conference attends this meeting.
69) Which of the following known as the oldest phone hacking techniques used by hackers to make free calls?
a) Phreaking
b) Phishing
c) Cracking
d) Spraining
Answer: a
Explanation: Phreaking is considered as one of the oldest phone hacking techniques used by hackers to make free calls.
70) Name of the Hacker who breaks the SIPRNET system?
a) John Draper
b) Kevin Mitnick
c) John von Neumann
d) Kevin Poulsen
Answer: d
Explanation: The SIPRNET (or Advanced Research Project Agency Network) system was first hacked by Kevin Poulsen as he breaks into the Pentagon network.
71) Which of the following is a type of program that either pretends to have, or is described as having, a set of useful or desirable features but actually contains damaging code. a) Trojans
b) Viruses
c) Worm
d) Adware
e) Bots
Answer: a
Explanation: Generally, you receive Trojan horses though emails, infected webpages, instant message, or downloading services like games, movies, and apps. True Trojan horses are not technically viruses, since they do not replicate; however, many viruses and worms use Trojan horse tactics to initially infiltrate a system. The best way to stay away from Trojans is by making sure you install software from trusted sources.
72) Which of the following is the type of software that has self-replicating software that causes damage to files and system?
a) Viruses
b) Trojan horses
c) Bots
d) Worms
e) Backdoors
Answer: d
Explanation: A worm is a type of virus that spreads through your computer by creating duplicates of itself on other drives, systems and networks.
73) Which of the following is a program capable of continually replicating with little or no user intervention?
a) Virus
b) Trojan horses
c) Rootkit
d) Worms
e) Bots
Answer: a
Explanation: Typically, a piece of code causes damage to your computer either by deleting or corrupting files. A virus can also interfere with computer operations by multiplying itself to fill up disk space or randomly access memory space, secretly infecting your computer. They caneven your master boot records thereby making your computer start slow or not boot at all. Often viruses are disguised as games, images, email attachments, website URLs, shared files or links or files in instant messages.
74) Which of the following is a software that, once installed on your computer, tracks your internet browsing habits and sends you popups containing advertisements related to the sites and topics you’ve visited?
a) Backdoors
b) Adware
c) Malware
d) Bots
e) Spyware
Answer: b
Explanation: Some adware has keyloggers and spyware built into the program, leading to greater damage to your computer and possible invasion of your private data.
75) What is the software called that’s designed to exploit a computer user and is a broad term covering computer viruses, worms, Trojan, adware, etc.?
a) Backdoors
b) Key-logger
c) Malware
d) Bots
e) Spyware
Answer: c
Explanation: Malware is short for malicious software. Malware is a broad term that encompasses computer viruses, worms, Trojan horses, spyware, adware, and others. Malware is designed to interfere with normal computer operation, usually giving hackers a chance to gain access to your computer and collect sensitive personal information.
76) What is the software called which when get downloaded on computer scans your hard drive for personal information and your internet browsing habits?
a) Backdoors
b) Key-logger
c) Malware
d) Antiware
e) Spyware
Answer: e
Explanation: Spyware is malicious computer program that does exactly what its name implies-i.e., spies on you. After downloading itself onto your computer either through an email you opened, website you visited or a program you downloaded, spyware scans your hard drive for personal information and your internet browsing habits. Some spyware programs contain keyloggers that will record personal data you enter in to websites, such as your login usernames and passwords, email addresses, browsing history, online buying habits, etc.
77) _________ are computer programs that are designed by attackers to gain root or administrative access to your computer.
a) Backdoors
b) Rootkits
c) Malware
d) Antiware
e) Spyware
Answer: b
Explanation: Rootkits are computer programs that are designed by attackers to gain root or administrative access to your computer. Once an attacker gains admin privilege, it becomes a cakewalk for him to exploit your system. Unlike most viruses, it is not directly destructive and unlike worms, its objective is not to spread infection as wide as possible.
78) The attack that focuses on capturing small packets from the network transmitted by other computers and reading the data content in search of any type of information is ____ a) Phishing
b) Eavesdropping
c) Scams
d) Exploits
e) Denial of service
Answer: b
Explanation: Network eavesdropping is a network layer attack that focuses on capturing small packets from the network transmitted by other computers and reading the data content in search of any type of information. This type of network attack is generally one of the most effective as a lack of encryption services are used. It is also linked to the collection of metadata.
79) _________ is the action of recording the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. a) Denial of service
b) Exploits
c) Scams
d) Keylogging
e) Spamming
Answer: d
Explanation: Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored.
80) _______ is the part of malware such as worms or viruses which performs the malicious action; deleting data, sending spam or encrypting data.
a) Denial of service
b) Exploits
c) Scams
d) Payload
e) Spamming
Answer: d
Explanation: In computer security, the payload is the part of malware such as worms or viruses which performs the malicious action; deleting data, sending spam or encrypting data. In addition to the payload, such malware also typically has overhead code aimed at simply spreading itself, or avoiding detection.
81) What are the different ways to intrude?
a) Buffer overflows
b) Unexpected combinations and unhandled input
c) Race conditions
d) All of the mentioned
Answer: d
82) What are the major components of the intrusion detection system? a) Analysis Engine
b) Event provider
c) Alert Database
d) All of the mentioned
Answer: d
83) What are the different ways to classify an IDS?
a) anomaly detection
b) signature based misuse
c) stack based
d) all of the mentioned
Answer: d
84) What are the different ways to classify an IDS?
a) Zone based
b) Host & Network based
c) Network & Zone based
d) Level based
Answer: b
85) What are the characteristics of anomaly based IDS?
a) It models the normal usage of network as a noise characterization b) It doesn’t detect novel attacks
c) Anything distinct from the noise is not assumed to be intrusion activity d) It detects based on signature
Answer: a
86) What is the major drawback of anomaly detection IDS? a) These are very slow at detection
b) It generates many false alarms
c) It doesn’t detect novel attacks
d) None of the mentioned
Answer: b
87) What are the characteristics of signature based IDS?
a) Most are based on simple pattern matching algorithms b) It is programmed to interpret a certain series of packets c) It models the normal usage of network as a noise characterization d) Anything distinct from the noise is assumed to be intrusion activity Answer: a
88) What are the drawbacks of signature based IDS?
a) They are unable to detect novel attacks
b) They suffer from false alarms
c) They have to be programmed again for every new pattern to be detected d) All of the mentioned
Answer: d
89) What are the characteristics of Host based IDS?
a) The host operating system logs in the audit information b) Logs includes logins,file opens and program executions c) Logs are analysed to detect tails of intrusion
d) All of the mentioned
Answer: d
90) What are the drawbacks of the host based IDS?
a) Unselective logging of messages may increase the audit burdens b) Selective logging runs the risk of missed attacks
c) They are very fast to detect
d) They have to be programmed for new patterns
Answer: a
91) What are the strengths of the host based IDS?
a) Attack verification
b) System specific activity
c) No additional hardware required
d) All of the mentioned
Answer: d
92) What are characteristics of stack based IDS?
a) They are integrated closely with the TCP/IP stack and watch packets b) The host operating system logs in the audit information c) It is programmed to interpret a certain series of packets d) It models the normal usage of network as a noise characterization Answer: a
93) What are characteristics of Network based IDS?
a) They look for attack signatures in network traffic
b) Filter decides which traffic will not be discarded or passed
c) It is programmed to interpret a certain series of packet
d) It models the normal usage of network as a noise characterization
Answer: a
94) What are strengths of Network based IDS?
a) Cost of ownership reduced
b) Malicious intent detection
c) Real time detection and response
d) All of the mentioned
Answer: d
95) Risk management is one of the most important jobs for a
a) Client
b) Investor
c) Production team
d) Project manager
Answer: d
Explanation: Risk management involves anticipating risks that might affect the project schedule or the quality of the software being developed, and then taking action to avoid these risks.
96) Which of the following risk is the failure of a purchased component to perform as expected? a) Product risk
b) Project risk
c) Business risk
d) Programming risk
Answer: a
Explanation: Risks that affect the quality or performance of the software being developed.
97) Which of the following term is best defined by the statement: “There will be a change of organizational management with different priorities.”?
a) Staff turnover
b) Technology change
c) Management change
d) Product competition
Answer: c
98) Which of the following term is best defined by the statement: “The underlying technology on which the system is built is superseded by new technology.”?
a) Technology change
b) Product competition
c) Requirements change
d) None of the mentioned
Answer: a
Explanation: Technology changes are common in the competitive environment of software engineering.
99) What assess the risk and your plans for risk mitigation and revise these when you learn more about the risk?
a) Risk monitoring
b) Risk planning
c) Risk analysis
d) Risk identification
Answer: a
100) Which of the following risks are derived from the organizational environment where the software is being developed?
a) People risks
b) Technology risks
c) Estimation risks
d) Organizational risks
Answer: d
Explanation: These risks are at management level.
101) Which of the following risks are derived from the software or hardware technologies that are used to develop the system?
a) Managerial risks
b) Technology risks
c) Estimation risks
d) Organizational risks
Answer: b
Explanation: The risks associated with technology might affect the product development.
102) Which of the following term is best defined by the statement: “Derive traceability information to maximize information hiding in the design.”?
a) Underestimated development time
b) Organizational restructuring
c) Requirements changes
d) None of the mentioned
Answer: c
Explanation: Tracing the requirements can help us understand the risk.
103) Which of the following strategies means that the impact of the risk will be reduced? a) Avoidance strategies
b) Minimization strategies
c) Contingency plans
d) All of the mentioned
Answer: b
104) Risk management is now recognized as one of the most important project management tasks.
a) True
b) False
Answer: a
No comments:
Post a Comment