Module 1 Cyber Security - Introduction PDF
Document Details
Uploaded by UnabashedRelativity
University of Delhi
Tags
Summary
Multiple choice questions cover cybersecurity use cases in different industries, along with insider threats, necessary security measures, and the importance of compliance in business. The document provides basic knowledge of cybersecurity concepts.
Full Transcript
Module 1: Information/Cyber Security-An Introduction (MCQ) 1) What is one of the use-cases of cybersecurity in the industry? A) Detecting employee or insider threats B) Only protecting against external attacks C) Ensuring compliance with regulations D) Protecting physical assets only Answer: A 2...
Module 1: Information/Cyber Security-An Introduction (MCQ) 1) What is one of the use-cases of cybersecurity in the industry? A) Detecting employee or insider threats B) Only protecting against external attacks C) Ensuring compliance with regulations D) Protecting physical assets only Answer: A 2) What are insider threats? A) External threats to a company's cybersecurity B) Threats that come from employees, contractors, or vendors C) Threats related to data privacy regulations D) Threats that target intellectual property Answer: B 3) What are some cybersecurity measures that can be used to protect against external attacks? A) Access controls and data encryption B) Employee training and awareness programs C) Firewalls and intrusion detection systems D) Due diligence assessments and contract provisions Answer: C 4) Why is compliance with regulations important for businesses? A) To protect physical assets B) To avoid legal action and fines C) To prevent insider threats D) To manage third-party risk Answer: B 5) Why is protecting intellectual property important for businesses? A) To avoid insider threats B) To comply with regulations C) To protect against external attacks D) To protect valuable assets Answer: D 6) Which of the following is a use case of cyber security in the industry? A. Managing employee benefits B. Sales forecasting C. Monitoring privileged account access D. None of the above Answer: C. Monitoring privileged account access 7) Which of the following is a use case of cyber security in the industry? A. Conducting market research. B. Managing a customer loyalty program. C. Hunting for threats D. All the above Answer: C. Hunting for threats 8) Which of the following is a use case of cyber security in the industry? A. Tracking inventory levels B. Managing payroll C. Watching for man-in-the-cloud (MITC) attacks. D. None of the above Answer: C. Watching for man-in-the-cloud (MITC) attacks 9) Which of the following is a use case of cyber security in the industry? A. Designing marketing campaigns B. Developing new products. C. Investigating attacks/incidents. D. All the above Answer: C. Investigating attacks/incidents 10) Which of the following is NOT a use case of cyber security in the industry? A. Monitoring privileged account access B. Detecting fraudulent financial transactions. C. Managing a social media campaign. D. Watching for man-in-the-middle (MITM) attacks. Answer: C. Managing a social media campaign 11) Which of the following is a cyber threat associated with networks? A. Software vulnerabilities B. Password sharing C. Personal devices D. None of the above Answer: A. Software vulnerabilities 12) Which of the following is a cyber threat associated with devices? A. Phishing attacks B. Lack of information C. Vulnerable backups D. All the above Answer: C. Vulnerable backups 13) Which of the following is a cyber threat associated with remote access technologies? A. Device hygiene B. Password sharing C. Patching D. None of the above Answer: B. Password sharing 14) Which of the following is a way to prevent cyber threats? A. Software vulnerabilities B. Lack of information C. User visibility D. All the above Answer: C. User visibility 15) Which of the following is a technical control to prevent cyber threats? A. Security training B. Patching C. Communicating with users. D. None of the above Answer: B. Patching 16) What is the responsibility of an Access Controls role in cybersecurity? A. Watch out for security-related problems and occurrences in network traffic. B. Investigate incidents and respond quickly in response to events. C. Configure and utilise firewalls, encryption programmes, and other security measures. D. Ensure that only authorised personnel can access information systems and data. Answer: D. Ensure that only authorised personnel can access information systems and data 17) What is the responsibility of a Patch Management role in cybersecurity? A. Watch out for security-related problems and occurrences in network traffic. B. Investigate incidents and respond quickly in response to events. C. Fix security problems D. Ensure that all software and systems are up to date with the latest security patches. Answer: D. Ensure that all software and systems are up to date with the latest security patches 18) What is the responsibility of an Analyst Security Operations Centre (SOC) role in cybersecurity? A. Watch out for security-related problems and occurrences in network traffic. B. Investigate incidents and respond quickly in response to events. C. Make detailed incident reaction reports. D. All the above Answer: D. All the above 19) What is the responsibility of a Cybersecurity Training role in cybersecurity? A. Watch out for security-related problems and occurrences in network traffic. B. Investigate incidents and respond quickly in response to events.g C. Make the greatest information security practices available. D. Ensure that all employees receive regular cybersecurity training. Answer: D. Ensure that all employees receive regular cybersecurity training 20) What is the responsibility of a Business Continuity Planning (BCP) role in cybersecurity? A. Conduct regular tests and risk assessments B. Ensure that all software and systems are up to date with the latest security patches. C. Develop and implement plans to ensure that essential business functions can continue during and after a disaster or other disruptive event. D. Fix security problems Answer: C. Develop and implement plans to ensure that essential business functions can continue during and after a disaster or other disruptive event 21) What is an SLA in an organisation? A. A service level agreement between two different organisations B. A service level agreement between an organisation and its customers or users C. A service level agreement between employees in an organisation D. A service level agreement between a business and its suppliers Answer: B. A service level agreement between an organisation and its customers or users 22) What is data integrity and confidentiality in an organisation? A. Ensuring that data is complete, accurate and consistent. B. Ensuring that data is kept secret and not disclosed to unauthorised parties. C. Ensuring that data is backed up regularly. D. Ensuring that data is stored in the cloud. Answer: B. Ensuring that data is kept secret and not disclosed to unauthorised parties 23) What is the principle of least privilege in an organisation? A. Giving employees access to all systems and data in the organisation. B. Giving employees access to only the systems and data they need to do their job. C. Giving employees access to systems and data based on their seniority. D. Giving employees access to systems and data based on their job title. Answer: B. Giving employees access to only the systems and data they need to do their job 24) What is the principle of separation of duties in an organisation? A. Giving employees access to only the systems and data they need to do their job. B. Separating the responsibilities of different employees to prevent fraud and errors. C. Giving employees access to all systems and data in the organisation. D. Separating employees based on their seniority. Answer: B. Separating the responsibilities of different employees to prevent fraud and errors 25) What are compliance requirements in an organisation? A. Standards and regulations that organisations must follow to ensure legal and ethical conduct. B. Requirements for employees to comply with all company policies and procedures. C. Requirements for employees to complete regular cybersecurity training. D. Requirements for employees to use only company-approved devices and tools. Answer: A. Standards and regulations that organisations must follow to ensure legal and ethical conduct 26) Which of the following types of malwares is designed to spread from one computer to another by attaching itself to files? A. Virus B. Ransomware C. Logic bomb D. Spyware Answer: A. Virus 27) Which of the following types of malwares is designed to damage or disrupt computer systems? A. Virus B. Trojan C. Phishing D. Spyware Answer: B. Trojan 28) Which of the following types of malwares is designed to activate at a specific time or date? A. Virus B. Malware C. Logic bomb D. Ransomware Answer: C. Logic bomb 29) Which of the following types of malwares is designed to encrypt files and demand a ransom for their release? A. Virus B. Malware C. Logic bomb D. Ransomware Answer: D. Ransomware 30) Which of the following types of malwares is designed to record keystrokes and steal sensitive information? A. Virus B. Trojan C. Spyware D. Phishing Answer: C. Spyware 31) Which of the following types of attack involves tricking people into giving away sensitive information? A. Virus B. Malware C. Spyware D. Phishing Answer: D. Phishing 32) Which of the following types of malwares disguises itself as legitimate software to trick users into installing it? A. Virus B. Trojan C. Spyware D. Ransomware Answer: B. Trojan 33) Which of the following is the use case of cyber security. a. Detecting employee or insider threats b. Hunting for threats c. Watching for man-in-the-cloud (MITC) attacks d. All the above Answer: d 34) Which of the following malware do not replicate or reproduce through infection? a. Worms b. Trojan c. Virus d. Rootkit Answer: b 35) What is the primary purpose of implementing cyber security in the financial industry? a. To prevent fraud b. To increase profits c. To attract more customers d. To reduce operational costs Answer: a 36) What is a rootkit? a. A type of malware that spreads by replicating itself on a network b. A type of malware that disguises itself as a legitimate program to trick users into downloading and installing it c. A type of malware that gives an attacker privileged access to a victim's device d. A type of cyber attack that floods a network or website with traffic, making it unavailable to users Answer: c 37) What is the role of a Security Operations Centre (SOC) Analyst? a. To manage and maintain firewalls and other security devices b. To investigate potential security breaches and respond to security incidents c. To develop cybersecurity policies and procedures d. To conduct vulnerability assessments and penetration testing Answer: c 38) What is a ransomware attack? a. A type of cyber attack that exploits vulnerabilities in web applications to steal data from a database b. A type of malware that encrypts a victim's files and demands payment for the decryption key c. A type of cyber attack that floods a network or website with traffic, making it unavailable to users d. A type of social engineering attack that tricks users into revealing sensitive information Answer: b 39) What is the role of a Network Administrator? a. To monitor network traffic and investigate potential security breaches b. To manage and maintain firewalls and other security devices c. To develop cybersecurity policies and procedures d. To conduct vulnerability assessments and penetration testing Answer: b 40) What is the primary purpose of implementing firewall systems in the industry? a. To control network traffic b. To improve network performance c. To reduce power consumption d. To improve network scalability Answer: a 41) Which of the following is NOT a common remote access threat? a. Phishing attacks b. Brute-force attacks c. VPN tunnelling attacks d. Physical theft of devices Answer: d 42) What are the typical duties of a SOC analyst? a. Monitoring security alerts and incidents b. Investigating security incidents and determining their root cause c. Responding to security incidents and taking appropriate action d. All of the above Answer: d 43) What is the purpose of compliance requirements? a. To ensure that an organisation meets legal and regulatory obligations b. To monitor all IT system activities c. To allow unauthorised personnel to access sensitive information d. None of the above Answer: a 44) What is data integrity? a. The process of keeping data confidential b. The process of ensuring that data is accurate and consistent c. The process of archiving data d. None of the above Answer: b 45) Which of the following is an entry-level role in Information/Cyber Security? a. Chief Information Security Officer (CISO) b. Security Analyst c. Security Architect d. None of the above Answer: b 46) Which of the following is a mid-level role in Information/Cyber Security? a. Security Engineer b. Security Administrator c. Security Manager d. All of the above Answer: d 47) What is the primary purpose of a logic bomb? a. To destroy data on a computer system b. To steal sensitive information from a computer system c. To execute a malicious action at a specific time or under specific conditions d. None of the above Answer: c 48) What is the primary difference between a virus and malware? a. Viruses can replicate themselves, while malware cannot b. Malware is designed to cause harm, while viruses are not c. Malware is a broader term that encompasses different types of malicious software, while viruses are a specific type of malware d. None of the above Answer: c 49) What is the primary purpose of spyware? a. To steal sensitive information from a computer system b. To damage or disrupt a computer system c. To replicate itself and spread to other computer systems d. None of the above Answer: a 50) What is the role of a security operations centre (SOC) in managing cyber threats? a. To prevent all cyber attacks from occurring b. To detect and respond to cyber threats in real-time c. To conduct cyber attacks on other organisations d. None of the above Answer: b 51) Which of the following is NOT a common network threat? a. Denial of service (DoS) attacks b. Distributed denial of service (DDoS) attacks c. Ransomware attacks d. Man-in-the-middle (MITM) attacks Answer: c 52) What is the role of a Penetration Tester? a. To hack into an organisation's IT systems b. To test an organisation's IT systems for vulnerabilities c. To develop marketing campaigns d. None of the above Answer: b 53) What is the purpose of a Service Level Agreement (SLA)? a. To ensure that IT services are always available b. To establish a mutual understanding between an organisation and its service provider c. To establish data privacy regulations d. None of the above Answer: b 54) How can Cyber Security help to promote innovation in society? a. By providing a safe and secure environment for businesses and individuals to develop new technologies and ideas b. By preventing intellectual property theft and protecting the rights of innovators c. By promoting trust and confidence in the digital economy d. All of the above Answer: d 55) What is the typical working mechanism of phishing attacks? a. They use social engineering techniques to trick victims into revealing sensitive information or clicking on malicious links b. They use software vulnerabilities to gain unauthorised access to a computer system c. They encrypt the victim's files and demand payment in exchange for the decryption key d. None of the above Answer: a 56) What is the typical responsibility of a Security Consultant? a. To develop and implement cybersecurity policies b. To provide advice and guidance on information/cybersecurity issues c. To monitor an organisation's IT systems for security threats d. None of the above Answer: b 57) Who are the stakeholders in an organisation's cybersecurity strategy? a. IT personnel only b. Customers only c. IT personnel, management, and customers d. None of the above Answer: c 58) What is a phishing attack? A. An attack where a hacker physically steals information from a computer B. An attack where a hacker sends an email with a link to a fake website in order to steal information C. An attack where a hacker tries to overload a computer system with traffic D. An attack where a hacker gains unauthorised access to a computer system Answer: B 59) What is a DDoS attack? A. An attack where a hacker physically steals information from a computer B. An attack where a hacker sends an email with a link to a fake website in order to steal information C. An attack where a hacker tries to overload a computer system with traffic D. An attack where a hacker gains unauthorised access to a computer system Answer: C 60) What is a ransomware attack? A. An attack where a hacker physically steals information from a computer B. An attack where a hacker sends an email with a link to a fake website in order to steal information C. An attack where a hacker tries to overload a computer system with traffic D. An attack where a hacker encrypts a victim's files and demands payment to decrypt them Answer: D 61) What is a brute force attack? A. An attack where a hacker physically steals information from a computer B. An attack where a hacker sends an email with a link to a fake website in order to steal information C. An attack where a hacker tries to overload a computer system with traffic D. An attack where a hacker tries every possible password combination to gain access to a system Answer: D 59) 5. What is a man-in-the-middle attack? A. An attack where a hacker physically steals information from a computer B. An attack where a hacker sends an email with a link to a fake website in order to steal information C. An attack where a hacker intercepts communication between two parties in order to steal information D. An attack where a hacker gains unauthorised access to a computer system Answer: C 60) 6. What is a SQL injection attack? A. An attack where a hacker physically steals information from a computer B. An attack where a hacker sends an email with a link to a fake website in order to steal information C. An attack where a hacker tries to overload a computer system with traffic D. An attack where a hacker injects malicious code into a database in order to steal or modify data Answer: D 61. What is a social engineering attack? An attack where a hacker physically steals information from a computer An attack where a hacker sends an email with a link to a fake website in order to steal information An attack where a hacker uses psychological manipulation to trick a victim into revealing sensitive information An attack where a hacker gains unauthorised access to a computer system Answer: C 62. What is a zero-day exploit? An attack where a hacker physically steals information from a computer An attack where a hacker sends an email with a link to a fake website in order to steal information An attack where a hacker takes advantage of a vulnerability in a software or hardware before it has been discovered or fixed An attack where a hacker gains unauthorised access to a computer system Answer: C 63. What is a malware attack? An attack where a hacker physically steals information from a computer An attack where a hacker sends an email with a link to a fake website in order to steal information An attack where a hacker infects a computer with malicious software in order to steal, modify, or destroy data An attack where a hacker gains unauthorised access to a computer system Answer 64.What is the role of a Chief Information Security Officer (CISO)? To manage an organisation's network and computer infrastructure To oversee an organisation's cybersecurity policies and procedures To analyse and respond to security incidents To provide technical support to an organisation's users Answer: B 65. What is the role of a Security Analyst? To manage an organisation's network and computer infrastructure To oversee an organisation's cybersecurity policies and procedures To analyse and respond to security incidents To provide technical support to an organisation's users Answer: C 66. What is the role of a Penetration Tester? To manage an organisation's network and computer infrastructure To oversee an organisation's cybersecurity policies and procedures To analyse and respond to security incidents To test an organisation's security defences by attempting to hack into their systems Answer: D 67. What is the role of a Security Architect? To manage an organisation's network and computer infrastructure To oversee an organisation's cybersecurity policies and procedures To design and implement an organisation's security infrastructure To provide technical support to an organisation's users Answer: C 68. What is the role of an Incident Response Manager? To manage an organisation's network and computer infrastructure To oversee an organisation's cybersecurity policies and procedures To coordinate an organisation's response to security incidents To provide technical support to an organisation's users Answer: C 69. What is the role of a Cybersecurity Consultant? To manage an organisation's network and computer infrastructure To oversee an organisation's cybersecurity policies and procedures To provide expert advice on an organisation's security needs To provide technical support to an organisation's users Answer: C 70. What is the role of a Cryptographer? To manage an organisation's network and computer infrastructure To oversee an organisation's cybersecurity policies and procedures To design and analyse encryption algorithms and systems To provide technical support to an organisation's users Answer: C 71. What is the role of a Security Operations Center (SOC) Analyst? To manage an organisation's network and computer infrastructure To oversee an organisation's cybersecurity policies and procedures To monitor an organisation's network for security threats and respond to incidents To provide technical support to an organisation's users Answer: C 72. What is the role of a Security Engineer? To manage an organisation's network and computer infrastructure To oversee an organisation's cybersecurity policies and procedures To design and implement security solutions to protect an organisation's systems and data To provide technical support to an organisation's users Answer: C 73. What is the role of a Forensic Analyst? To manage an organisation's network and computer infrastructure To oversee an organisation's cybersecurity policies and procedures To investigate and analyse security incidents and gather evidence To provide technical support to an organisation's users Answer: C 74. What is a Botnet attack? An attack that involves taking over a user's device and stealing personal information An attack that intercepts communication between two parties to steal or modify data An attack that uses multiple compromised devices to carry out a coordinated attack An attack that installs malware on a device through a phishing email Answer: C 75. Which of the following malicious codes is designed to spread from one computer to another through file-sharing or email attachments? Virus Logic Bomb Ransomware Phishing Answer: A 76. Which of the following malicious codes is designed to steal sensitive information from a user's computer or network? Malware Logic Bomb Spyware Trojan Answer: C 77. Which of the following malicious codes is designed to activate at a specific time or event? Virus Malware Logic Bomb Ransomware Answer: C 78. Which of the following malicious codes is designed to encrypt a user's data and demand payment in exchange for the decryption key? Virus Logic Bomb Ransomware Spyware Answer: C 79. Which of the following malicious codes is designed to trick a user into providing sensitive information, such as login credentials or credit card details? Malware Logic Bomb Phishing Trojan Answer: C 80. Which of the following malicious codes is designed to give an attacker remote access to a user's computer or network? Malware Logic Bomb Spyware Trojan Answer: D 81. Which of the following malicious codes is designed to lie dormant until a specific trigger event occurs? Virus Malware Logic Bomb Spyware Answer: C 82. Which of the following malicious codes is designed to masquerade as a legitimate program or file in order to trick a user into downloading or executing it? Virus Malware Phishing Trojan Answer: D 83. Which of the following malicious codes is designed to destroy or modify a user's data or computer system? Virus Logic Bomb Spyware Ransomware Answer: A 84. Which of the following malicious codes is designed to send spam or perform other malicious activities using a user's computer or network without their knowledge? Malware Logic Bomb Spyware Botnet Answer: D 85.What is the primary goal of a virus? To steal sensitive information To damage files or applications To take control of the system All of the above Answer: b) To damage files or applications 86.Which of the following is not a type of malware? A) Virus B) Worm c) Trojan d) Hash Answer: d) HASH 87. What is the primary goal of ransomware? To steal sensitive information To damage files or applications To encrypt or lock down victim's files To monitor user activity Answer: c) To encrypt or lock down victim's files 88. What is the main function of spyware? To steal sensitive information To damage files or applications To encrypt or lock down victim's files To monitor user activity Answer: d) To monitor user activity 89.What is the main purpose of a trojan? To replicate itself and spread to other systems To steal sensitive information To damage files or applications To provide unauthorised access to the system Answer: d) To provide unauthorised access to the system 90.What is the most common method of delivering ransomware to victims? Malicious email attachments Social engineering Exploit kits All of the above Answer: a) Malicious email attachments 91.Which type of malicious code is triggered by a specific event or condition? Virus Malware Logic bomb Ransomware Answer: c) Logic bomb 92.What is the main goal of phishing attacks? To steal sensitive information To damage files or applications To encrypt or lock down victim's files To provide unauthorised access to the system Answer: a) To steal sensitive information 93.What is the most common way of delivering malware to victims? Malicious email attachments Social engineering Exploit kits All of the above Answer: d) All of the above 94.Which type of malicious code is designed to appear as a legitimate program but actually performs malicious actions? Virus Malware Logic bomb Trojan Answer: d) Trojan 95. What is an SLA? Service Level Agreement Security Level Agreement Service Level Assessment Security Level Assessment Answer: a) Service Level Agreement 96. What is the main goal of data integrity and confidentiality? To ensure the accuracy and consistency of data To protect sensitive data from unauthorised access or disclosure To provide access to data for all stakeholders None of the above Answer: b) To protect sensitive data from unauthorised access or disclosure 97. Why is information recording important in organisations? To track progress and performance To identify areas for improvement To ensure compliance with regulations All of the above Answer: d) All of the above 98. What is the primary goal of reporting in organisations? To provide transparency and accountability To identify areas for improvement To communicate important information to stakeholders All of the above Answer: d) All of the above 99. What are compliance requirements in organisations? Regulations, standards, and policies that must be followed Guidelines for best practices Optional recommendations None of the above Answer: a) Regulations, standards, and policies that must be followed 100. What is the scope of devices/tools used in organisations? All devices and tools used by employees Only devices and tools provided by the organisation Only devices and tools approved by the organisation None of the above Answer: c) Only devices and tools approved by the organisation 101. Who are stakeholders in organisations? Customers, employees, shareholders, and suppliers Employees, managers, and executives Government agencies and regulators All of the above Answer: a) Customers, employees, shareholders, and suppliers 102. Who is responsible for authorising personnel in organisations? The CEO Human Resources The IT department Managers and supervisors Answer: d) Managers and supervisors 103.What is the purpose of information security policies in organisations? To establish guidelines for the use of information technology resources To provide standards for employee behaviour To ensure compliance with regulations All of the above Answer: d) All of the above 104. What is the role of IT departments in organisations? To manage and maintain IT infrastructure To develop and implement IT policies and procedures To provide technical support to employees All of the above Answer: d) All of the ab 105. The purpose of backup is: a) To restore a computer to an operational state following a disaster b) To restore small numbers of files after they have been accidentally deleted c) To restore one among many version of the same file for multiple backup environment d) All of the mentioned Answer: d 106. Backup of the source data can be created a) On the same device b) On another device c) At some other location d) All of the mentioned Answer: d Explanation: None. 107. Which of the following backup technique is most space efficient? a) Full backup b) Incremental backup c) Differential backup d) All of the mentioned Answer: b 108. Which of the following statements are true? a) Data can be recovered fastest in online backup b) Tape library is an example of nearline storage c) Data recovery can take hours for offline backup d) All of the mentioned Answer: d Explanation: None. 109. Which of the following qualifies as best DR (Disaster Recovery) site? a) DR site in the same campus b) DR site in the same city c) DR site in the same country d) DR site in a different country Answer: d 110. Which of the following techniques can be used for optimizing backed up data space? a) Encryption and Deduplication b) Compression and Deduplication c) Authentication and Deduplication d) Deduplication only Answer: b 111. To decide on a backup strategy for your organization, which of the following should you consider? a) RPO (Recovery Point Objective) b) RTO (Recovery Time Objective) c) Both RPO & RTO d) None of the mentio Answer: c 112. Which of the following can be used for reducing recovery time? a) Automatic failover b) By taking backup on a faster device c) Taking multiple backups – one in same location, another at different location d) All of the mentioned Answer: d 113. Which of the following is false? a) The more important the data, the greater the need for backing it up b) A backup is as useful as its associated restore strategy c) Storing the backup copy near to its original site is best strategy d) Automated backup and scheduling is preferred over manual operations Answer: c 114. Which of the following is Backup software? a) Amanda b) Bacula c) IBM Tivoli Storage Manager d) All of the mentioned Answer: d 115.What is a phishing attack? a. An attack that involves physical theft b. An attack that involves stealing personal information through deception c. An attack that involves hacking into a computer system d. An attack that involves spreading a computer virus Answer: b. An attack that involves stealing personal information through deception 116. How do phishing attacks typically work? a. By exploiting vulnerabilities in computer software b. By using brute force attacks to crack passwords c. By tricking people into revealing their personal information d. By spreading malware through email attachments Answer: c. By tricking people into revealing their personal information 117. What is a common type of phishing attack? a. Spear phishing b. Whale phishing c. Smishing d. All of the above Answer: a. Spear phishing 118. What is spear phishing? a. A phishing attack that targets a specific individual or organization b. A phishing attack that targets a wide range of people c. A phishing attack that targets mobile devices d. A phishing attack that uses social engineering to trick people Answer: a. A phishing attack that targets a specific individual or organisation 119. What is whale phishing? a. A phishing attack that targets a specific individual or organisation b. A phishing attack that targets a wide range of people c. A phishing attack that targets mobile devices d. A phishing attack that uses social engineering to trick people Answer: a. A phishing attack that targets a specific individual or organisation 120. What is smishing? a. A phishing attack that targets a specific individual or organisation b. A phishing attack that targets a wide range of people c. A phishing attack that targets mobile devices through SMS messages d. A phishing attack that uses social engineering to trick people Answer: c. A phishing attack that targets mobile devices through SMS messages 121. How can you protect yourself from phishing attacks? a. By not clicking on links or downloading attachments from unknown sources b. By keeping your software up to date with the latest security patches c. By using two-factor authentication d. All of the above Answer: d. All of the above 122. What should you do if you suspect you have been the victim of a phishing attack? a. Change your passwords and notify your bank or credit card company b. Contact law enforcement and report the attack c. Delete the suspicious email or text message and move on d. None of the above Answer: a. Change your passwords and notify your bank or credit card company 123. What are some common tactics used in phishing attacks? a. Spoofed emails that appear to be from a trusted source b. Fake websites that mimic legitimate ones c. Urgent or threatening language to prompt immediate action d. All of the above Answer: d. All of the above 124. What is the goal of a phishing attack? a. To steal personal information such as passwords, credit card numbers, or Social Security numbers b. To infect a computer with malware c. To extort money from the victim d. All of the above Answer: a. To steal personal information such as passwords, credit card numbers, or Social Security numbers 125. How can you verify if an email or website is legitimate? a. Check the sender’s email address for typos or inconsistencies b. Hover over links to check if they lead to the intended destination c. Look for security indicators such as the padlock icon or “https” in the website URL d. All of the above Answer: d. All of the above 126. What is the difference between phishing and spear phishing? a. Phishing is a broad attack that targets many people, while spear phishing is a targeted attack on a specific individual or organisation b. Phishing is an attack that uses malware, while spear phishing uses social engineering tactics c. Phishing is a physical theft, while spear phishing is a digital theft d. Phishing and spear phishing are the same thing Answer: a. Phishing is a broad attack that targets many people, while spear phishing is a targeted attack on a specific individual or organisation 127. What is the purpose of two-factor authentication? a. To provide an extra layer of security to prevent unauthorised access to an account b. To protect against phishing attacks c. To make it more difficult for hackers to crack passwords d. All of the above Answer: a. To provide an extra layer of security to prevent unauthorised access to an account 128. What is a common type of smishing attack? a. A text message that appears to be from a legitimate source, such as a bank or credit card company, asking the recipient to click on a link or provide personal information b. A phone call that claims to be from a government agency, such as the IRS, and demands immediate payment or personal information c. An email that appears to be from a friend or family member asking for money or personal information d. All of the above Answer: a. A text message that appears to be from a legitimate source, such as a bank or credit card company, asking the recipient to click on a link or provide personal information. 129. What is the process of protecting computer systems and networks from unauthorised access or attacks called? a. Cyberbullying b. Cybersecurity c. Cyberterrorism d. Cybercrime Answer: b. Cybersecurity 130 Which of the following is a common cybersecurity threat? a. Cyberwarfare b. DDoS attacks c. SQL injection attacks d. All of the above Answer: d. All of the above 131 What type of attack involves sending a large number of requests to a website or server in order to overwhelm it and cause it to crash? a. DDoS attack b. SQL injection attack c. Phishing attack d. Man-in-the-middle attack Answer: a. DDoS attack 132 What type of attack involves exploiting vulnerabilities in a website or application to gain access to sensitive data or inject malicious code? a. DDoS attack b. SQL injection attack c. Phishing attack d. Man-in-the-middle attack Answer: b. SQL injection attack 133 What type of attack involves intercepting communications between two parties in order to eavesdrop or modify the communication? a. DDoS attack b. SQL injection attack c. Phishing attack d. Man-in-the-middle attack Answer: d. Man-in-the-middle attack 134 What type of attack involves tricking users into providing sensitive information, such as passwords or credit card numbers? a. DDoS attack b. SQL injection attack c. Phishing attack d. Man-in-the-middle attack Answer: c. Phishing attack 135 What is the term used to describe a type of software that is designed to harm or exploit computer systems? a. Virus b. Trojan horse c. Worm d. All of the above Answer: d. All of the above 136 What is the term used to describe the process of converting plaintext into ciphertext to protect the confidentiality of data? a. Encryption b. Decryption c. Compression d. Backup Answer: a. Encryption 137. What is the term used to describe the process of converting ciphertext back into plaintext? a. Encryption b. Decryption c. Compression d. Backup Answer: b. Decryption 138 What is the term used to describe a program or device that monitors incoming and outgoing network traffic to block malicious activity? a. Firewall b. Antivirus c. Intrusion Detection System (IDS) d. Virtual Private Network (VPN) Answer: a. Firewall 139 What is the term used to describe a program or device that detects and removes malware from a computer system? a. Firewall b. Antivirus c. Intrusion Detection System (IDS) d. Virtual Private Network (VPN) Answer: b. Antivirus 140 What is the term used to describe a network that is used to securely connect remote users to a private network, such as a corporate network? a. Firewall b. Antivirus c. Intrusion Detection System (IDS) d. Virtual Private Network (VPN) Answer: d. Virtual Private Network (VPN) 141. Which of the following is a common cybersecurity best practice? a. Using the same password for multiple accounts b. Downloading and installing software from unknown sources c. Keeping software and operating systems up to date d. Disabling firewalls and antivirus software Answer: c. Keeping software and operating systems up to date 142. What is the relevance of Cyber Security to society? A. To prevent unauthorised access to data and ensure privacy protection B. To increase the speed of network connectivity C. To increase social media engagement D. To generate more revenue for businesses Answer: A. To prevent unauthorised access to data and ensure privacy protection 143. What are some of the industries that benefit from Cyber Security? A. Healthcare, Finance, and Energy B. Food and Beverage, Agriculture, and Tourism C. Textile, Furniture, and Sports D. None of the above Answer: A. Healthcare, Finance, and Energy 144. What is the meaning of the term 'Phishing'? A. Attempt to obtain sensitive information by disguising as a trustworthy entity B. A type of malware C. Unauthorized access to a network D. All of the above Answer: A. Attempt to obtain sensitive information by disguising as a trustworthy entity 145. What is the most common type of cyber attack? A. Distributed Denial of Service (DDoS) B. Ransomware C. Malware D. Phishing Answer: D. Phishing 146. What is a vulnerability in a network? A. A security feature that prevents unauthorized access B. A weakness in the system that can be exploited by a cyber attacker C. A network connection that is slow D. A firewall Answer: B. A weakness in the system that can be exploited by a cyber attacker 147. What is the meaning of the term 'Black Hat'? A. A hacker who uses their skills for malicious purposes B. A security analyst who tests systems for vulnerabilities C. A type of malware D. All of the above Answer: A. A hacker who uses their skills for malicious purposes 148. What is a Denial of Service (DoS) attack? A. A type of malware that steals sensitive information B. An attempt to overload a network or server with traffic to make it inaccessible C. An attempt to gain unauthorized access to a network D. None of the above Answer: B. An attempt to overload a network or server with traffic to make it inaccessible 149. What is a Firewall? A. A security feature that prevents unauthorized access to a network B. A type of malware C. A device that connects networks and filters traffic D. All of the above Answer: A. A security feature that prevents unauthorized access to a network 150. What is the difference between a virus and a worm? A. A virus requires human interaction to spread, while a worm can spread on its own B. A virus can spread on its own, while a worm requires human interaction to spread C. A virus is not harmful, while a worm is harmful D. None of the above Answer: A. A virus requires human interaction to spread, while a worm can spread on its own 151. What is the role of an Analyst in the Security Operations Center (SOC)? A. To manage network security policies B. To monitor network traffic and detect security incidents C. To develop cybersecurity strategies for an organization D. None of the above Answer: B. To monitor network traffic and detect security incidents 152. What is the purpose of a Service Level Agreement (SLA)? A. To ensure data confidentiality B. To outline the scope of a project C. To define the level of service provided by a vendor to a customer D. To generate revenue for a business Answer: C. To define the level of service provided by a vendor to a customer 153. What is a Remote Access Trojan (RAT)? A. A type of malware that allows a remote attacker to control a victim's computer B. A security feature that prevents unauthorised access to a network C. A type of phishing attack D. None of the above Answer: A. A type of malware that allows a remote attacker to control a victim's computer 154. What is a Man-in-the-Middle (MitM) attack? A. An attack where an attacker intercepts communication between two parties B. An attack where an attacker uses social engineering to gain unauthorized access to a network C. An attack where an attacker gains access to a network by brute force D. None of the above Answer: A. An attack where an attacker intercepts communication between two parties 155. What is a Botnet? A. A network of compromised computers controlled by an attacker B. A type of firewall C. A security feature that prevents unauthorised access to a network D. None of the above Answer: A. A network of compromised computers controlled by an attacker 156. What is the difference between a vulnerability assessment and a penetration test? A. A vulnerability assessment is automated, while a penetration test is manual B. A vulnerability assessment is manual, while a penetration test is automated C. A vulnerability assessment identifies vulnerabilities, while a penetration test attempts to exploit them D. None of the above Answer: C. A vulnerability assessment identifies vulnerabilities, while a penetration test attempts to exploit them 157. What is the role of a Chief Information Security Officer (CISO)? A. To manage network security policies B. To develop cybersecurity strategies for an organization C. To monitor network traffic and detect security incidents D. None of the above Answer: B. To develop cybersecurity strategies for an organization 158. What is the difference between authentication and authorization? A. Authentication verifies a user's identity, while authorization grants access to specific resources B. Authentication grants access to specific resources, while authorization verifies a user's identity C. Authentication and authorization are the same thing D. None of the above Answer: A. Authentication verifies a user's identity, while authorization grants access to specific resources 159. What is a Virtual Private Network (VPN)? A. A type of malware B. A network security feature that encrypts internet traffic C. A type of firewall D. None of the above Answer: B. A network security feature that encrypts internet traffic 160 What is the difference between a virus and a Trojan? A. A virus is a type of malware that spreads on its own, while a Trojan requires human interaction to spread B. A virus requires human interaction to spread, while a Trojan can spread on its own C. A virus and a Trojan are the same thing D. None of the above Answer: A. A virus is a type of malware that spreads on its own, while a Trojan requires human interaction to spread 161. What is the role of a Network Administrator in cybersecurity? A. To manage network security policies B. To monitor network traffic and detect security incidents C. To install and maintain security software D. None of the above Answer: C. To install and maintain security software 162. What is the difference between symmetric and asymmetric encryption? A. Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses different keys B. Asymmetric encryption uses the same key for encryption and decryption, while symmetric encryption uses different keys C. Symmetric encryption and asymmetric encryption are the same thing D. None of the above Answer: A 163. What is the purpose of a firewall? A. To prevent unauthorised access to a network B. To detect and remove malware from a network C. To encrypt internet traffic D. None of the above Answer: A. To prevent unauthorised access to a network 164. What is a Denial-of-Service (DoS) attack? A. An attack where an attacker gains unauthorized access to a network B. An attack where an attacker intercepts communication between two parties C. An attack where an attacker floods a network with traffic to disrupt normal operations D. None of the above Answer: C. An attack where an attacker floods a network with traffic to disrupt normal operations 165. What is the role of a Security Analyst in a Security Operations Center (SOC)? A. To manage network security policies B. To monitor network traffic and detect security incidents C. To install and maintain security software D. None of the above Answer: B. To monitor network traffic and detect security incidents 166. What is the difference between a worm and a virus? A. A worm is a type of malware that spreads on its own, while a virus requires human interaction to spread B. A virus is a type of worm that spreads on its own, while a virus requires human interaction to spread C. A worm and a virus are the same thing D. None of the above Answer: B. A virus is a type of malware that spreads on its own, while a worm requires human interaction to spread 167. What is a Public Key Infrastructure (PKI)? A. A type of firewall B. A type of encryption that uses the same key for encryption and decryption C. A framework that manages digital certificates and keys for secure communication D. None of the above Answer: C. A framework that manages digital certificates and keys for secure communication 168. What is the difference between a zero-day vulnerability and a known vulnerability? A. A zero-day vulnerability is known to the public, while a known vulnerability is not B. A zero-day vulnerability is unknown to the public, while a known vulnerability is known to the public C. A zero-day vulnerability and a known vulnerability are the same thing D. None of the above Answer: B. A zero-day vulnerability is unknown to the public, while a known vulnerability is known to the public 169. What is the role of a Data Protection Officer (DPO)? A. To develop cybersecurity strategies for an organisation B. To manage network security policies C. To ensure compliance with data protection laws and regulations D. None of the above Answer: C. To ensure compliance with data protection laws and regulations 170. What is the difference between confidentiality, integrity, and availability (CIA)? A. Confidentiality refers to protecting data from unauthorised access, integrity refers to maintaining the accuracy and completeness of data, and availability refers to ensuring that data is accessible when needed B. Confidentiality refers to ensuring that data is accessible when needed, integrity refers to protecting data from unauthorised access, and availability refers to maintaining the accuracy and completeness of data C. Confidentiality, integrity, and availability are the same thing D. None of the above Answer: A. Confidentiality refers to protecting data from unauthorised access, integrity refers to maintaining the accuracy and completeness of data, and availability refers to ensuring that data is accessible when needed