Security and Privacy Quiz PDF

Summary

This document is a security and privacy quiz. It covers various security and privacy concepts and poses multiple-choice questions related to those ideas.

Full Transcript

**Security and Privacy Quiz** 1. **What does the CIA triad stand for?** - A\) Confidentiality, Identity, Authorization - B\) Confidentiality, Integrity, Availability - C\) Cryptography, Integrity, Accountability - D\) Control, Integrity, Authenticity\ **Answer:*...

**Security and Privacy Quiz** 1. **What does the CIA triad stand for?** - A\) Confidentiality, Identity, Authorization - B\) Confidentiality, Integrity, Availability - C\) Cryptography, Integrity, Accountability - D\) Control, Integrity, Authenticity\ **Answer:** B) Confidentiality, Integrity, Availability 2. **What is the primary goal of confidentiality?** - A\) To ensure data is unaltered - B\) To prevent unauthorized access - C\) To trace system intrusions - D\) To maintain service availability\ **Answer:** B) To prevent unauthorized access 3. **What kind of attack involves monitoring traffic for information?** - A\) Active attack - B\) Passive attack - C\) Masquerade attack - D\) Denial-of-service attack\ **Answer:** B) Passive attack 4. **Which attack modifies transmitted data to gain unauthorized access?** - A\) Traffic analysis - B\) Replay attack - C\) Denial-of-service - D\) Data modification\ **Answer:** D) Data modification 5. **What property ensures that messages can be traced back to the sender?** - A\) Integrity - B\) Availability - C\) Authenticity - D\) Accountability\ **Answer:** D) Accountability 6. **What is a denial-of-service attack designed to do?** - A\) Modify system configurations - B\) Prevent service from being accessed - C\) Steal sensitive information - D\) Masquerade as another user\ **Answer:** B) Prevent service from being accessed 7. **Which mechanism ensures that a sender cannot deny sending a message?** - A\) Authentication - B\) Non-repudiation - C\) Encryption - D\) Traffic analysis\ **Answer:** B) Non-repudiation 8. **What is the best way to prevent passive attacks?** - A\) Use unencrypted networks - B\) Rely on traffic patterns - C\) Implement strong encryption - D\) Modify communication protocols\ **Answer:** C) Implement strong encryption 9. **Which of the following is an example of an active attack?** - A\) Traffic analysis - B\) Eavesdropping - C\) Data modification - D\) Monitoring communication\ **Answer:** C) Data modification 10. **What does OSI in security architecture stand for?** - A\) Open Secure Interconnection - B\) Open Systems Interconnection - C\) Operational Security Interface - D\) Organized Systems Integrity\ **Answer:** B) Open Systems Interconnection 11. **Which term describes falsifying data to impersonate another entity?** - A\) Replay - B\) Masquerade - C\) Data modification - D\) Denial of service\ **Answer:** B) Masquerade 12. **What security goal ensures that systems remain available to authorized users?** - A\) Integrity - B\) Confidentiality - C\) Availability - D\) Authenticity\ **Answer:** C) Availability 13. **Which is NOT part of the CIA triad?** - A\) Integrity - B\) Availability - C\) Authentication - D\) Confidentiality\ **Answer:** C) Authentication 14. **What is an example of a passive attack?** - A\) Masquerade - B\) Replay - C\) Traffic analysis - D\) Denial of service\ **Answer:** C) Traffic analysis 15. **What describes the act of intercepting unencrypted communication?** - A\) Replay attack - B\) Eavesdropping - C\) Traffic analysis - D\) Masquerade\ **Answer:** B) Eavesdropping 16. **Which attack replays valid authentication sequences?** - A\) Masquerade - B\) Replay - C\) Denial of service - D\) Data modification\ **Answer:** B) Replay 17. **What type of service counters security attacks?** - A\) Security Mechanisms - B\) Availability Services - C\) Security Services - D\) Encryption Standards\ **Answer:** C) Security Services 18. **Which term ensures the data received is exactly as transmitted?** - A\) Availability - B\) Authenticity - C\) Integrity - D\) Confidentiality\ **Answer:** C) Integrity 19. **What does authentication ensure?** - A\) Data is encrypted - B\) Communication is from a legitimate source - C\) Only administrators can access the system - D\) Data remains available at all times\ **Answer:** B) Communication is from a legitimate source 20. **What is the goal of traffic analysis?** - A\) Modify transmitted data - B\) Identify communication channels and patterns - C\) Encrypt all messages - D\) Prevent unauthorized access\ **Answer:** B) Identify communication channels and patterns 21. **What does the term \'authenticity\' mean in security?** - A\) Ensuring data is unchanged - B\) Verifying that users are who they say they are - C\) Preventing unauthorized users from accessing data - D\) Ensuring data is available upon demand\ **Answer:** B) Verifying that users are who they say they are 22. **Which service ensures that data is protected from passive attacks?** - A\) Authentication - B\) Data Integrity - C\) Data Confidentiality - D\) Availability\ **Answer:** C) Data Confidentiality 23. **Which attack prevents legitimate users from accessing services?** - A\) Traffic Analysis - B\) Replay Attack - C\) Denial-of-Service (DoS) - D\) Eavesdropping\ **Answer:** C) Denial-of-Service (DoS) 24. **Which attack impersonates a legitimate user to gain access?** - A\) Replay Attack - B\) Masquerade Attack - C\) Traffic Analysis - D\) Data Modification\ **Answer:** B) Masquerade Attack 25. **Which mechanism counters security breaches by keeping records for forensic analysis?** - A\) Accountability - B\) Confidentiality - C\) Integrity - D\) Encryption\ **Answer:** A) Accountability 26. **What type of privacy threat involves collecting personal data without consent?** - A\) Eavesdropping - B\) Masquerade - C\) Data Collection without Purpose - D\) Data Leakage\ **Answer:** C) Data Collection without Purpose 27. **What service ensures that communications are authentic?** - A\) Non-repudiation - B\) Authentication - C\) Access Control - D\) Integrity\ **Answer:** B) Authentication 28. **Which is a mobile application privacy risk?** - A\) Outdated data - B\) Secure communication - C\) Session expiration - D\) Web browser vulnerabilities\ **Answer:** D) Web browser vulnerabilities 29. **What service prevents unauthorized modification of transmitted data?** - A\) Data Confidentiality - B\) Data Integrity - C\) Authentication - D\) Accountability\ **Answer:** B) Data Integrity 30. **Which type of attack involves the unauthorized retransmission of captured data?** - A\) Replay Attack - B\) Denial-of-Service - C\) Eavesdropping - D\) Traffic Analysis\ **Answer:** A) Replay Attack 31. **What is the main purpose of access control?** - A\) Encrypting data during transmission - B\) Preventing unauthorized system access - C\) Ensuring data remains available - D\) Detecting security breaches\ **Answer:** B) Preventing unauthorized system access 32. **Which attack targets web servers as a gateway into other systems?** - A\) Denial-of-Service - B\) Eavesdropping - C\) Masquerade - D\) Traffic Analysis\ **Answer:** A) Denial-of-Service 33. **Which of the following is a technical tool to counter security attacks?** - A\) Security Service - B\) Encryption - C\) Accountability - D\) Non-repudiation\ **Answer:** B) Encryption 34. **What term refers to unauthorized interception of unencrypted communication?** - A\) Replay Attack - B\) Eavesdropping - C\) Masquerade - D\) Data Modification\ **Answer:** B) Eavesdropping 35. **What is the primary role of enterprise mobility management (EMM)?** - A\) Prevent network attacks - B\) Manage mobile devices and policies - C\) Ensure app development standards - D\) Provide data encryption\ **Answer:** B) Manage mobile devices and policies 36. **Which describes sharing data with a third party without consent?** - A\) Web Vulnerability - B\) Data Leakage - C\) Unauthorized Data Sharing - D\) Non-repudiation\ **Answer:** C) Unauthorized Data Sharing 37. **What is the main threat addressed by encryption?** - A\) Data Availability - B\) Eavesdropping - C\) Non-repudiation - D\) Authentication\ **Answer:** B) Eavesdropping 38. **What is the primary focus of non-repudiation?** - A\) Preventing unauthorized data access - B\) Ensuring users cannot deny actions - C\) Ensuring data remains unaltered - D\) Providing continuous service\ **Answer:** B) Ensuring users cannot deny actions 39. **What is the risk of third-party app stores?** - A\) Data encryption issues - B\) Outdated applications - C\) Lack of malware protection - D\) Secure app distribution\ **Answer:** C) Lack of malware protection 40. **What is a vulnerability of web-based applications?** - A\) Strong encryption protocols - B\) Secure access control - C\) Browser vulnerabilities - D\) Authentication mechanisms\ **Answer:** C) Browser vulnerabilities 41. **What does app vetting involve?** - A\) App testing for malware and vulnerabilities - B\) Developing in-house software only - C\) Distributing apps directly to users - D\) Preventing app updates\ **Answer:** A) App testing for malware and vulnerabilities 42. **What is a key function of authentication servers in mobile networks?** - A\) Encrypting user data - B\) Preventing web attacks - C\) Storing customer authentication data - D\) Detecting data breaches\ **Answer:** C) Storing customer authentication data 43. **What describes collecting unnecessary data about users?** - A\) Data Leakage - B\) Over-Collection - C\) Data Modification - D\) Secure Storage\ **Answer:** B) Over-Collection 44. **What security principle ensures a system performs as expected without unauthorized interference?** - A\) Integrity - B\) Confidentiality - C\) Availability - D\) Authenticity\ **Answer:** A) Integrity 45. **What ensures session termination after a period of inactivity?** - A\) Non-repudiation - B\) Session Expiration - C\) Access Control - D\) Encryption\ **Answer:** B) Session Expiration 46. **What does EMM stand for in the mobile ecosystem?** - A\) Enterprise Mobility Management - B\) Encryption Management Module - C\) Enterprise Malware Monitoring - D\) External Mobile Mechanism\ **Answer:** A) Enterprise Mobility Management 47. **What is a major threat to privacy in mobile apps?** - A\) Secure communications - B\) Proper app vetting - C\) Insecure network connections - D\) Continuous monitoring\ **Answer:** C) Insecure network connections 48. **Which attack disables the entire network to degrade its performance?** - A\) Masquerade Attack - B\) Traffic Analysis - C\) Denial-of-Service - D\) Replay Attack\ **Answer:** C) Denial-of-Service 49. **What is the function of authentication in online transactions?** - A\) Encrypting messages - B\) Ensuring the identity of parties involved - C\) Limiting system access - D\) Securing network traffic\ **Answer:** B) Ensuring the identity of parties involved 50. **What describes outdated and incorrect user data?** - A\) Data Leakage - B\) Stale Data - C\) Over-Collection - D\) Bogus Data\ **Answer:** D) Bogus Data 51. **Which of the following is an example of a passive attack?** - A\) Traffic analysis - B\) Denial-of-service - C\) Replay attack - D\) Masquerade\ **Answer:** A) Traffic analysis 52. **What does traffic analysis in a passive attack aim to identify?** - A\) Communication channels and encryption methods - B\) User login credentials - C\) Data integrity issues - D\) Unauthorized modifications\ **Answer:** A) Communication channels and encryption methods 53. **What is the primary goal of system integrity?** - A\) Prevent unauthorized access - B\) Ensure a system performs its intended function without interference - C\) Maintain continuous availability of resources - D\) Encrypt stored and transmitted data\ **Answer:** B) Ensure a system performs its intended function without interference 54. **Which property ensures the genuineness of a transmitted message or input?** - A\) Confidentiality - B\) Authenticity - C\) Integrity - D\) Availability\ **Answer:** B) Authenticity 55. **What type of attack involves modifying the content of a message during transmission?** - A\) Replay attack - B\) Denial-of-service - C\) Data modification - D\) Traffic analysis\ **Answer:** C) Data modification 56. **Which of the following refers to preventing future breaches by tracing actions to responsible entities?** - A\) Integrity - B\) Confidentiality - C\) Accountability - D\) Non-repudiation\ **Answer:** C) Accountability 57. **Which attack involves the unauthorized retransmission of intercepted data?** - A\) Masquerade - B\) Replay - C\) Eavesdropping - D\) Denial-of-service\ **Answer:** B) Replay 58. **Which of the following is an example of data authenticity?** - A\) A message being encrypted during transit - B\) A verified email source that confirms the sender's identity - C\) Access to data is limited to authorized users - D\) A system remains operational under high load\ **Answer:** B) A verified email source that confirms the sender's identity 59. **What is the goal of non-repudiation in security?** - A\) Prevent unauthorized access - B\) Ensure the identity of both sender and receiver - C\) Ensure that an entity cannot deny an action - D\) Protect the availability of systems\ **Answer:** C) Ensure that an entity cannot deny an action 60. **Which security service protects transmitted data from passive attacks?** - A\) Data integrity - B\) Authentication - C\) Data confidentiality - D\) Non-repudiation\ **Answer:** C) Data confidentiality 61. **Which mechanism limits and controls access to systems via communication links?** - A\) Availability service - B\) Authentication service - C\) Access control - D\) Encryption\ **Answer:** C) Access control 62. **Which attack aims to prevent the normal use of communication facilities?** - A\) Masquerade - B\) Denial-of-service - C\) Replay - D\) Data modification\ **Answer:** B) Denial-of-service 63. **What is the recommended prevention method against passive attacks?** - A\) Traffic monitoring - B\) Data encryption - C\) User authentication - D\) Session expiration\ **Answer:** B) Data encryption 64. **Which aspect of mobile ecosystems is managed by EMM (Enterprise Mobility Management)?** - A\) Network encryption - B\) App development - C\) Mobile device policies and security - D\) Authentication protocols\ **Answer:** C) Mobile device policies and security 65. **What is a critical threat related to mobile applications?** - A\) Over-collection of data - B\) Denial-of-service - C\) Traffic analysis - D\) Secure authentication\ **Answer:** A) Over-collection of data 66. **What is the key vulnerability associated with third-party app stores?** - A\) They guarantee malware-free applications - B\) They restrict user access - C\) They offer no assurance against malware or poor coding practices - D\) They ensure the latest OS updates\ **Answer:** C) They offer no assurance against malware or poor coding practices 67. **What ensures that sensitive data is not altered during transmission?** - A\) Accountability - B\) Data confidentiality - C\) Data integrity - D\) Authentication\ **Answer:** C) Data integrity 68. **What is the function of mobile app vetting?** - A\) Testing apps for vulnerabilities and compliance - B\) Distributing apps directly to users - C\) Encrypting data stored within mobile apps - D\) Preventing access to enterprise networks\ **Answer:** A) Testing apps for vulnerabilities and compliance 69. **Which web security issue occurs when user data is unintentionally leaked?** - A\) Replay attack - B\) Masquerade - C\) User-side data leakage - D\) Denial-of-service\ **Answer:** C) User-side data leakage 70. **Which security service ensures continuous access to a system or resource?** - A\) Authentication - B\) Access control - C\) Data integrity - D\) Availability\ **Answer:** D) Availability

Use Quizgecko on...
Browser
Browser