Cybersecurity MCQ Quiz

Questions and Answers

Which component in the CIA triad would be most compromised in a Denial of Service (DoS) attack?

• Authentication
• Integrity
• Availability (correct)
• Confidentiality

What is the purpose of a Security Information and Event Management (SIEM) system in cybersecurity?

• To encrypt sensitive data
• To centralize logging and provide threat detection through correlation (correct)
• To block malware in real time
• To create a honeypot for threat analysis

What is the primary advantage of using Public Key Infrastructure (PKI) for digital communication?

• Faster data transmission
• Decentralized trust management
• Secure key exchange in an untrusted environment (correct)
• Eliminates the need for encryption algorithms

In SQL injection attacks, what does the payload '; DROP TABLE users;' typically exploit?

Poor input sanitization

What is the primary role of a firewall in network security?

Block unauthorized access while allowing authorized communication (B)

Which hashing algorithm is no longer considered secure and is deprecated?

MD5 (C)

What type of attack involves an attacker injecting malicious scripts into a website, which then executes on the victim's browser?

Cross-Site Scripting (XSS) (B)

Which cybersecurity principle involves providing access to users only for the data and systems they need to perform their jobs?

Least Privilege (D)

What is a common symptom of a ransomware attack?

Encrypted files with demands for payment (D)

In cryptographic systems, what is a "nonce"?

A random number used once for security purposes (A)

Which term describes an attack where an unauthorized individual masquerades as a legitimate user?

Spoofing (B)

Which authentication method is considered the most secure for web applications?

Multi-Factor Authentication (MFA) (D)

In Transport Layer Security (TLS), what is the primary purpose of the handshake process?

Verify server identity and exchange encryption keys (A)

What does the tool "Wireshark" primarily analyze?

Packet data on a network

Which of the following is not a property of a cryptographic hash function?

Encryption resistance (C)

In RSA cryptosystem, the security relies primarily on which mathematical problem?

Factoring large integers (A)

Which of the following algorithms is a symmetric key encryption algorithm?

AES (B)

In Diffie-Hellman key exchange, the private key of a user is:

A randomly chosen secret integer (A)

The primary weakness of the One-Time Pad is:

It requires a truly random key as long as the message (B)

What is the size of the RSA modulus for a key considered secure as of 2023?

2048 bits (C)

The purpose of a digital signature is to:

Provide non-repudiation and data integrity (A)

What is the key difference between symmetric and asymmetric encryption?

Symmetric encryption uses the same key for encryption and decryption, while asymmetric uses different keys (A)

In public key infrastructure (PKI), the Certificate Authority (CA):

Issues and manages digital certificates (A)

A monoalphabetic cipher operates by:

Substituting each plaintext character with a fixed corresponding character (B)

A major vulnerability of monoalphabetic ciphers is:

Their susceptibility to frequency analysis (B)

The Caesar cipher is an example of:

A monoalphabetic substitution cipher (A)

Which of the following is a polyalphabetic cipher?

Vigenère cipher (A)

In a polyalphabetic cipher, each letter of plaintext:

Maps to multiple ciphertext letters depending on the key (C)

Which component makes polyalphabetic ciphers resistant to frequency analysis?

Use of multiple substitution alphabets (B)

Which of the following best describes the Vigenère cipher?

It uses multiple Caesar ciphers with a repeating key. (C)

In a monoalphabetic cipher, if the key is 26 characters long, how many possible keys exist?

26! (A)

The key length of a Vigenère cipher determines:

The strength against frequency analysis (B)

A key challenge in using the Vigenère cipher is:

Sharing and securing the key (B)

Flashcards

Least Privilege

A security principle that emphasizes restricting access to information and resources only to those who absolutely need it, based on their role and responsibilities.

Phishing

A type of attack where an attacker tricks a user into revealing sensitive information (like passwords or credit card details) by impersonating a trustworthy entity.

Digital Signature

A security mechanism used to ensure the authenticity and integrity of digital information. It's like a digital signature that verifies the origin and content of a document.

Denial of Service (DoS)

A type of security attack where an attacker floods a target system with excessive traffic, making it inaccessible to legitimate users. It's like clogging up the entrance to a building with a crowd.

Symmetric Encryption

A cryptographic method that uses the same key for both encryption and decryption, like a shared secret key.

Authentication

The process of verifying the identity of a user or device before granting access to a system or resource.

SQL Injection

A type of attack that leverages weaknesses in website input forms to execute malicious code on a web server or gain unauthorized access to a database.

Transport Layer Security (TLS)

A security mechanism used to protect sensitive information while it's being transmitted over a network, like a secure tunnel that encrypts data.

TLS Handshake

A standard procedure used to establish a secure connection between two parties, like a handshake that verifies identities and negotiates encryption keys.

Exploit

A type of attack where an attacker tries to exploit weaknesses in a software application or system to gain unauthorized access or elevate their privileges. It's like finding a backdoor into a building.

Zero Trust

A security principle that assumes all network traffic, including internal traffic, is untrusted until explicitly allowed and thoroughly verified.

Virus

A computer program designed to replicate itself and spread to other computers, often causing harm or disrupting system operations.

Ransomware

A type of malware that encrypts a victim's files and demands payment for decryption, like holding data hostage.

Academic Network

A computer network used for research and education, offering access to various online resources and services.

One-Time Pad

A cryptographic technique that uses a one-time pad, a random key as long as the message, to ensure perfect secrecy.

Targeted Attack

A type of attack that targets specific user accounts or devices to gain access to sensitive information or systems.

Intrusion Detection System (IDS)

A collection of security tools and techniques used to protect a system's integrity by detecting and responding to intrusions.

Defense in Depth

A security principle that layers security measures across multiple levels of a system to create a more robust defense.

Impersonation

A type of attack where an attacker disguises their identity or actions to deceive a user or system into granting access.

Hash Function

A cryptographic hash function that produces a fixed-size output (hash) based on an input message.

Social Engineering

A type of attack that uses social engineering techniques to manipulate victims into providing sensitive information or granting access.

Public Key Infrastructure (PKI)

A set of protocols and standards that govern the creation, distribution, and management of digital certificates, which are used to verify the identity of individuals and entities online.

Cross-Site Scripting (XSS)

A type of security attack where an attacker injects malicious scripts into a website, which can then execute on the victim's browser and potentially steal data or control their actions.

Asymmetric Encryption

A cryptographic method that uses a pair of keys: a public key for encryption and a private key for decryption. Only the holder of the private key can decrypt data encrypted with the corresponding public key.

Random Number Generator

A method for generating random numbers, often used in cryptography for key generation and other security-related functions.

Security Information and Event Management (SIEM)

A security mechanism that helps prevent data breaches by monitoring and analyzing system activity for unusual patterns or suspicious behavior.

Firewall

A system or device that monitors and controls network traffic, allowing only authorized communication while blocking unauthorized access. Think of it as a digital gatekeeper.

Session Hijacking

A type of attack that attempts to gain unauthorized access to a system by exploiting vulnerabilities in a user's login process, like hijacking a valid session.

Encryption Algorithm

A cryptographic algorithm that uses a sequence of mathematical operations to convert plaintext into ciphertext and vice versa.

Operating System (OS) Attack

A type of attack that involves exploiting vulnerabilities in a system's operating system, software, or hardware to gain unauthorized access.

Command Injection

A type of attack that uses a sequence of instructions to exploit a vulnerability in a system's code, often to gain unauthorized access or control.

Separation of Duties

A security concept that involves separating duties by assigning different tasks to different individuals to mitigate risks associated with conflicts of interest.

Study Notes

Cybersecurity MCQ Quiz

• Denial-of-Service (DoS) Attacks: The availability component of the CIA triad (Confidentiality, Integrity, Availability) is most vulnerable in a DoS attack.

• Security Information and Event Management (SIEM) Systems: Centralizing logs and correlating events is the purpose of a SIEM system, enabling threat detection.

• Public Key Infrastructure (PKI): A primary advantage of PKI is secure key exchange in untrusted environments.

• SQL Injection: The ; DROP TABLE users; payload in SQL injection attacks typically exploits poor input sanitization to cause privilege escalation and database configuration issues.

• Firewalls: Firewalls block unauthorized access while permitting authorized communication, performing network packet inspection.

• Deprecated Hashing Algorithm: MD5 is a hashing algorithm that is no longer considered secure and is deprecated.

• Cross-Site Scripting (XSS): Attackers inject malicious scripts into websites, which execute in the victim's browser, causing harm through directory traversal, SQL injection, or command injection.

• Least Privilege: This principle grants users only the necessary data and system access for their roles.

• Ransomware Attacks: Common symptoms include data deletion and encrypted files with payment demands.

• Cryptographic Systems (Nonce): A "nonce" is a random number used only once for security purposes in cryptographic systems.

• Impersonation Attacks: Unauthorized individuals masquerade as legitimate users.

• Multi-Factor Authentication (MFA): MFA is the most secure web application authentication method.

• Transport Layer Security (TLS): The TLS handshake process verifies server identity and exchanges encryption keys.

• Network Troubleshooting (Wireshark): Wireshark analyzes packet data on a network to troubleshoot and diagnose issues.

• Cryptographic Hash Functions: Important properties include encryption resistance, collision resistance, and pre-image resistance.

• RSA Cryptosystem: Security in RSA relies heavily on the difficulty of factoring large integers.

• Symmetric Key Encryption: Symmetric key encryption uses the same key for both encryption and decryption.

• Certificate Authority (CA): In public key infrastructure (PKI), the CA issues and manages digital certificates and validates encrypted data.

• Monoalphabetic Ciphers: Monoalphabetic ciphers substitute each plaintext character with a fixed corresponding character.

• Vigenère Cipher: A polyalphabetic cipher that uses multiple Caesar ciphers with a repeating key.

• Polyalphabetic Ciphers: In polyalphabetic ciphers, each letter of plaintext maps to multiple ciphertext letters.

• Caesar Cipher: A simple monoalphabetic substitution cipher.

• Frequency Analysis: This type of analysis is often used to break monoalphabetic ciphers.

• Key Length: The key length of a Vigenère cipher impacts strength against frequency analysis.

• Key Management: Key sharing and securing is a critical concern for effective encryption.

Description

Test your knowledge on various aspects of cybersecurity, including Denial-of-Service attacks, SQL injection, and security protocols like Public Key Infrastructure. This quiz covers key concepts and best practices in the field of cybersecurity, helping you understand common vulnerabilities and protection methods.