Cybersecurity MCQ Quiz

Questions and Answers

Which component in the CIA triad would be most compromised in a Denial of Service (DoS) attack?

Authentication

Integrity

Availability (correct)

Confidentiality

What is the purpose of a Security Information and Event Management (SIEM) system in cybersecurity?

To encrypt sensitive data

To centralize logging and provide threat detection through correlation (correct)

To block malware in real time

To create a honeypot for threat analysis

What is the primary advantage of using Public Key Infrastructure (PKI) for digital communication?

Faster data transmission

Decentralized trust management

Secure key exchange in an untrusted environment (correct)

Eliminates the need for encryption algorithms

In SQL injection attacks, what does the payload '; DROP TABLE users;' typically exploit?

Poor input sanitization

What is the primary role of a firewall in network security?

Block unauthorized access while allowing authorized communication

Which hashing algorithm is no longer considered secure and is deprecated?

MD5

What type of attack involves an attacker injecting malicious scripts into a website, which then executes on the victim's browser?

Cross-Site Scripting (XSS)

Which cybersecurity principle involves providing access to users only for the data and systems they need to perform their jobs?

Least Privilege

What is a common symptom of a ransomware attack?

Encrypted files with demands for payment

In cryptographic systems, what is a "nonce"?

A random number used once for security purposes

Which term describes an attack where an unauthorized individual masquerades as a legitimate user?

Spoofing

Which authentication method is considered the most secure for web applications?

Multi-Factor Authentication (MFA)

In Transport Layer Security (TLS), what is the primary purpose of the handshake process?

Verify server identity and exchange encryption keys

What does the tool "Wireshark" primarily analyze?

Packet data on a network

Which of the following is not a property of a cryptographic hash function?

Encryption resistance

In RSA cryptosystem, the security relies primarily on which mathematical problem?

Factoring large integers

Which of the following algorithms is a symmetric key encryption algorithm?

AES

In Diffie-Hellman key exchange, the private key of a user is:

A randomly chosen secret integer

The primary weakness of the One-Time Pad is:

It requires a truly random key as long as the message

What is the size of the RSA modulus for a key considered secure as of 2023?

2048 bits

The purpose of a digital signature is to:

Provide non-repudiation and data integrity

What is the key difference between symmetric and asymmetric encryption?

Symmetric encryption uses the same key for encryption and decryption, while asymmetric uses different keys

In public key infrastructure (PKI), the Certificate Authority (CA):

Issues and manages digital certificates

A monoalphabetic cipher operates by:

Substituting each plaintext character with a fixed corresponding character

A major vulnerability of monoalphabetic ciphers is:

Their susceptibility to frequency analysis

The Caesar cipher is an example of:

A monoalphabetic substitution cipher

Which of the following is a polyalphabetic cipher?

Vigenère cipher

In a polyalphabetic cipher, each letter of plaintext:

Maps to multiple ciphertext letters depending on the key

Which component makes polyalphabetic ciphers resistant to frequency analysis?

Use of multiple substitution alphabets

Which of the following best describes the Vigenère cipher?

It uses multiple Caesar ciphers with a repeating key.

In a monoalphabetic cipher, if the key is 26 characters long, how many possible keys exist?

26!

The key length of a Vigenère cipher determines:

The strength against frequency analysis

A key challenge in using the Vigenère cipher is:

Sharing and securing the key

Study Notes

Cybersecurity MCQ Quiz

• Denial-of-Service (DoS) Attacks: The availability component of the CIA triad (Confidentiality, Integrity, Availability) is most vulnerable in a DoS attack.

• Security Information and Event Management (SIEM) Systems: Centralizing logs and correlating events is the purpose of a SIEM system, enabling threat detection.

• Public Key Infrastructure (PKI): A primary advantage of PKI is secure key exchange in untrusted environments.

• SQL Injection: The ; DROP TABLE users; payload in SQL injection attacks typically exploits poor input sanitization to cause privilege escalation and database configuration issues.

• Firewalls: Firewalls block unauthorized access while permitting authorized communication, performing network packet inspection.

• Deprecated Hashing Algorithm: MD5 is a hashing algorithm that is no longer considered secure and is deprecated.

• Cross-Site Scripting (XSS): Attackers inject malicious scripts into websites, which execute in the victim's browser, causing harm through directory traversal, SQL injection, or command injection.

• Least Privilege: This principle grants users only the necessary data and system access for their roles.

• Ransomware Attacks: Common symptoms include data deletion and encrypted files with payment demands.

• Cryptographic Systems (Nonce): A "nonce" is a random number used only once for security purposes in cryptographic systems.

• Impersonation Attacks: Unauthorized individuals masquerade as legitimate users.

• Multi-Factor Authentication (MFA): MFA is the most secure web application authentication method.

• Transport Layer Security (TLS): The TLS handshake process verifies server identity and exchanges encryption keys.

• Network Troubleshooting (Wireshark): Wireshark analyzes packet data on a network to troubleshoot and diagnose issues.

• Cryptographic Hash Functions: Important properties include encryption resistance, collision resistance, and pre-image resistance.

• RSA Cryptosystem: Security in RSA relies heavily on the difficulty of factoring large integers.

• Symmetric Key Encryption: Symmetric key encryption uses the same key for both encryption and decryption.

• Certificate Authority (CA): In public key infrastructure (PKI), the CA issues and manages digital certificates and validates encrypted data.

• Monoalphabetic Ciphers: Monoalphabetic ciphers substitute each plaintext character with a fixed corresponding character.

• Vigenère Cipher: A polyalphabetic cipher that uses multiple Caesar ciphers with a repeating key.

• Polyalphabetic Ciphers: In polyalphabetic ciphers, each letter of plaintext maps to multiple ciphertext letters.

• Caesar Cipher: A simple monoalphabetic substitution cipher.

• Frequency Analysis: This type of analysis is often used to break monoalphabetic ciphers.

• Key Length: The key length of a Vigenère cipher impacts strength against frequency analysis.

• Key Management: Key sharing and securing is a critical concern for effective encryption.

Description

Test your knowledge on various aspects of cybersecurity, including Denial-of-Service attacks, SQL injection, and security protocols like Public Key Infrastructure. This quiz covers key concepts and best practices in the field of cybersecurity, helping you understand common vulnerabilities and protection methods.