1. _____________ is a malicious method used by cyber-criminals to trick a user into clicking on something different from what the user wants.
a) Click-hacking
b) Click-fraud
c) Clickjacking
d) Using torrent links
Answer: c
Explanation: Clickjacking is a malicious method used by cyber-criminals to trick a user into clicking on something else which is illicit from what the user wants. The single click usually redirects the employee to a strange site from where infected files get downloaded into the system of the employee.
2. Through the clickjacking attack, the employee’s confidential ______________ may get leaked or stolen.
a) information
b) papers
c) hardcopy files
d) media files
Answer: a
Explanation: Through clickjacking, the employee’s system may get compromised by an infected program, trojans or spyware which got downloaded in the background automatically as the user fell into the trick of an attacker.
3. Which of the following is not a proper aspect of user integration?
a) Employee’s authentication
b) Physical authorization
c) Access control
d) Representing users in the database
Answer: b
Explanation: There are 3 main aspects that need to keep in mind when putting together new employees or users into an application. These are: Representing users in the database, Access control, and Employee’s authentication.
4. It is very important to block unknown, strange and ______________ within the corporate network.
a) infected sites
b) programs
c) unwanted files
d) important folders
Answer: a
Explanation: It is very important to block unknown, strange and infected sites within the corporate network, by the network administrator so that any employee may not accidentally access those sites or open infected sites by means of clickjacking or URL-redirection techniques.
5. Every employee of the firm must need to have some basic knowledge of cyber-security and types of hacking and how they are done.
a) True
b) False
Answer: a
Explanation: Every employee of the firm must need to have some basic knowledge of cyber-security and types of hacking and how they are done. This will make each employee aware of the various malicious activities and can report to their seniors in this regard.
6. Use of _______________ can bring external files and worms and virus along with it to the internal systems.
a) smart-watch
b) pen drive
c) laptop
d) iPod
Answer: b
Explanation: Use of pen drive to bring your work from home tasks to office systems may bring worms and virus along with it (if your home system is infected with any malware or infected programs) and may cause harm to your office systems.
7. A ____________ takes over your system’s browser settings and the attack will redirect the websites you visit some other websites of its preference.
a) MiTM
b) Browser hacking
c) Browser Hijacker
d) Cookie-stealing
Answer: c
Explanation: Browser hijacking is a technique that takes over your system’s browser settings and the attack will redirect the websites you visit some other websites of its preference.
8. ________________ has become a popular attack since last few years, and the attacker target board members, high-ranked officials and managing committee members of an organization.
a) Spyware
b) Ransomware
c) Adware
d) Shareware
Answer: b
Explanation: Ransomware has become a popular attack since last few years, and the attacker target board members, high-ranked officials and managing committee members of an organization; where the ransomware compromise the system by encrypting all files and ask for some ransom in order to unlock or decrypt all files.
9. ________________ important and precious file is a solution to prevent your files from ransomware.
a) Deleting all
b) Keeping backup of
c) Not saving
d) Keeping in pen drive
Answer: b
Explanation: Keeping a secured backup of the important and precious file is a solution to prevent your files from ransomware. The backup should have to be made in some secured cloud storage of any other location (server) in an encrypted form.
10. ___________ is the technique to obtain permission from a company for using, manufacturing & selling one or more products within a definite market area.
a) algorithm-licensing
b) code-licensing
c) item licensing
d) product licensing
Answer: d
Explanation: Product licensing is the technique to obtain permission from a firm or organization for using, manufacturing & selling one or more products within a definite market area. This is done by the company for security reasons and usually takes a royal fee/amount from its users.
11. Which of the following do not comes under security measures for cloud in firms?
a) Firewall
b) Antivirus
c) Load Balancer
d) Encryption
Answer: b
Explanation: For keeping cloud service secure and fully working, firewalls, encryption mechanisms and load-balancers are used but antivirus is not used it could for any security purpose.
12. It is important to limit ____________ to all data and information as well as limit the authority for installing software.
a) work-load
b) employee access
c) admin permission
d) installing unwanted apps
Answer: b
Explanation: It is important to limit employee access to all data and information as well as limit the authority for installing software. Otherwise, any employee with illicit intention may install programs that are either pirated version or may cause damage to the internal corporate network.
13. One must isolate payment systems and payment processes from those computers that you think are used by ____________ or may contain ____________
a) strangers, keyloggers
b) strangers, antivirus
c) unknown, firewalls
d) unknown, antivirus
Answer: a
Explanation: One must isolate payment systems and payment processes from those computers that you think are used by strangers or may contain keyloggers. Otherwise, your card details and PIN may get compromised.
14. If you’re working in your company’s system/laptop and suddenly a pop-up window arise asking you to update your security application, you must ignore it.
a) True
b) False
Answer: b
Explanation: If you’re working in your company’s system/laptop and suddenly a pop-up window arise asking you to update your security application, you must verify it once with the senior member, or tech-department if you feel it is for the first time, otherwise you must not skip updating your system security applications.
15. ___________ is an activity that takes place when cyber-criminals infiltrates any data source and takes away or alters sensitive information.
a) Data-hack
b) Data-stealing
c) Database altering
d) Data breach
Answer: d
Explanation: Data breach an activity that takes place when cyber-criminals infiltrates any data source and takes away or alters sensitive information. This is either done using a network to steal all local files or get access physically to a system.
16. Which of these is not a step followed by cyber-criminals in data breaching?
a) Research and info-gathering
b) Attack the system
c) Fixing the bugs
d) Exfiltration
Answer: c
Explanation: During a hack, the cyber-criminals first do a research on the victim gathers information on the victim’s system as well as network. Then perform the attack. Once the attacker gains access it steals away confidential data.
17. What types of data are stolen by cyber-criminals in most of the cases?
a) Data that will pay once sold
b) Data that has no value
c) Data like username and passwords only
d) Data that is old
Answer: a
Explanation: Usually, cyber-criminals steal those data that are confidential and adds value once they are sold to the dark-market or in different deep web sites. Even these days, different companies buy customer data at large for analyzing data and gain profit out of it.
18. Which of the companies and organizations do not become the major targets of attackers for data stealing?
a) Business firms
b) Medical and Healthcare
c) Government and secret agencies
d) NGOs
Answer: d
Explanation: Attackers target large organizations and firms that consists of business firms, financial corporations, medical and healthcare firms, government and secret agencies, banking sectors. They’ve valuable information which can cost them huge so major targets for hackers focuses such firms only.
19. ___________ will give you an USB which will contain ___________ that will take control of your system in the background.
a) Attackers, Trojans
b) White hat hackers, antivirus
c) White hat hackers, Trojans
d) Attackers, antivirus
Answer: a
Explanation: To do a security breaching in your system, your friend or anyone whom you deal with may come up with a USB drive and will give you to take from you some data. But that USB drive may contain Trojan that will get to your computer once triggered. So try using updated antivirus in your system.
20. An attacker, who is an employee of your firm may ___________ to know your system password.
a) do peeping
b) perform network jamming
c) do shoulder surfing
d) steal your laptop
Answer: c
Explanation: An attacker, who is an employee of your firm may do shoulder surfing to know your system password. Shoulder surfing is a social engineering technique used to secretly peep to gain knowledge of your confidential information.
21. You may throw some confidential file in a dustbin which contains some of your personal data. Hackers can take your data from that thrown-away file also, using the technique _________
a) Dumpster diving
b) Shoulder surfing
c) Phishing
d) Spamming
Answer: a
Explanation: Dumpster diving is a social engineering technique used by hackers to grab your personal and confidential data from that thrown-away file also. Using these data attackers may use password guessing or fraud calls (if they find your personal phone number).
22. ATM Skimmers are used to take your confidential data from your ATM cards.
a) True
b) False
Answer: a
Explanation: ATM card skimmers are set up by attackers in ATM machines which look exactly same but that secretly inserted machine will take information from the magnetic strip of your card and store it in its memory card or storage chip.
23. _____________ will encrypt all your system files and will ask you to pay a ransom in order to decrypt all the files and unlock the system.
a) Scareware
b) Ransomware
c) Adware
d) Spyware
Answer: b
Explanation: Ransomware is special types of malware that will infect your system, compromise all data by encrypting them and will pop up asking you for a ransom which will be in the form of Bitcoins (so that the attacker do not get tracked) and once the ransom is paid, it will release all files.
24. ______________ are special malware programs written by elite hackers and black hat hackers to spy your mobile phones and systems.
a) Scareware
b) Ransomware
c) Adware
d) Spyware
Answer: d
Explanation: Spywares are special malware programs written by elite hackers and black hat hackers to spies your mobile phones and systems. This program secretly spy on the target system or user and takes their browsing activities, app details and keeps track of their physical locations.
25. The antivirus or PC defender software in a system helps in detecting virus and Trojans.
a) True
b) False
Answer: a
Explanation: The antivirus or PC defender software in a system helps in detecting virus and Trojans provided the antivirus or the defender application needs to be up-to-date.
26. Clicking a link which is there in your email which came from an unknown source can redirect you to ____________ that automatically installs malware in your system.
a) that vendor’s site
b) security solution site
c) malicious site
d) software downloading site
Answer: c
Explanation: Clicking a link which is there in your email which came from an unknown source can redirect you to a malicious site that will automatically install malware in your system. The mail will be sent by the attacker.
27. An attacker may use automatic brute forcing tool to compromise your ____________
a) username
b) employee ID
c) system / PC name
d) password
Answer: d
Explanation: In most of the cases, the attacker uses automated brute force tools for compromising your PIN or password. This makes fetching of your password easier by a combination of different letters as a trial-and-error approach.
28. The attacker will use different bots (zombie PCs) to ping your system and the name of the attack is _________________
a) Distributed Denial-of-Service (DDoS)
b) Permanent Denial-of-Service (PDoS)
c) Denial-of-Service (DoS)
d) Controlled Denial-of-Service (CDoS)
Answer: a
Explanation: Here the attacker uses multiple PCs and floods the bandwidth/resources of the victim’s system, (usually 1 or many web-servers). The attack uses zombie PCs and each of the PC’s are remotely controlled by the attacker.
29. Illicit hackers may enter your personal area or room or cabin to steal your laptop, pen drive, documents or other components to make their hands dirty on your confidential information.
a) True
b) False
Answer: a
Explanation: Illicit hackers may enter your personal area or room or cabin to steal your laptop, pen drive, documents or other components to make their hands dirty on your confidential information. This type of hacking comes under physical hacking.
30. _____________ is the illicit transmission of data from inside an organization or personal system to an external location or recipient.
a) Database hacking
b) Data leakage
c) Data cracking
d) Data revealing
Answer: b
Explanation: Data leakage is the illicit transmission of data from inside an organization or personal system to an external location or recipient. The phrase is used for describing data that is transferred electronically or even physically.
31. Data leakage threats do not usually occur from which of the following?
a) Web and email
b) Mobile data storage
c) USB drives and laptops
d) Television
Answer: d
Explanation: Data leakage threats are common from web and emails, mobile data storage devices such as internal or external storage and memory cards, from USB drives and laptops.
32. Data leakage is popularly known as ___________
a) data theft
b) data crack
c) low and slow data theft
d) slow data theft
Answer: c
Explanation: Data leakage is also known as ‘low and slow data theft’, which is a massive issue for data security & the damage caused to any firm is enormous. Every day there is at least one report of data theft that occurs worldwide.
33. There are __________ major types of data leakage.
a) 2
b) 3
c) 4
d) 5
Answer: b
Explanation: There are three major types of data leakage. These are – data breach by accident, data leak done by ill-intentioned employees and electronic communication with malicious intent.
34. “Unauthorized” data leakage doesn’t essentially mean intended or malicious.
a) True
b) False
Answer: a
Explanation: “Unauthorized” data leakage doesn’t essentially mean intended or malicious. It has been found that the majority of data leakage incidents are accidental but the loss occurred are severe.
35. Unintentional data leakage can still result in the same penalties and reputational damage.
a) True
b) False
Answer: a
Explanation: “Unintentional” data leakage doesn’t essentially mean intended or malicious. It has been found that the majority of data leakage incidents are accidental but it can still result in the same penalties and reputational damage.
36. When leakage of data is done purposely or because of the lack of employee’s concern toward confidential data is called ___________ done by employees of an organization.
a) Ill-intentional data leakage
b) Malfunctioned in database
c) A malfunction in online data
d) ill-intension of an outsider
Answer: a
Explanation: When leakage of data is done purposely or because of the lack of employee’s concern toward confidential data is called Ill-intentional data leakage done by employees of an organization.
37. Which of them is not an example of physical data leakage?
a) dumpster diving
b) shoulder surfing
c) printers and photocopiers
d) phishing
Answer: d
Explanation: Physical data leakage can be done intentionally by criminal-minded people who can fetch data from dumpster diving, shoulder surfing, data mentioned in printed papers or taken out of photocopiers.
38. _________ are a specific section of any virus or malware that performs illicit activities in a system.
a) Malicious programs
b) Worms
c) Spyware
d) Payload
Answer: d
Explanation: Payloads are parts of a virus that helps in performing malicious activities such as destroying information, blocking network traffic, compromising data, steal and spy for sensitive information.
39. ____________ is a scenario when information is accessed without authorization.
a) Data infiltration
b) Data Hack
c) Information compromise
d) Data Breach
Answer: d
Explanation: Data breach is the term used when the cyber-security incident takes place where sensitive information is accessed without authority.
40. ____________ is an attempt to steal, spy, damage or destroy computer systems, networks or their associated information.
a) Cyber-security
b) Cyber attack
c) Digital hacking
d) Computer security
Answer: b
Explanation: Cyber attack can be defined as an attempt to steal, spy, damage or destroy different components of cyberspace such as computer systems, associated peripherals, network systems, and information.
41. ___________ is a device which secretly collects data from credit / debit cards.
a) Card Skimmer
b) Data Stealer
c) Card Copier
d) Card cloner
Answer: a
Explanation: Card skimmer is hardware that is installed and setup in ATMs secretly so that when any user will swipe or insert their card in the ATM, the skimmer will fetch all information from the magnetic strip.
42. _____________ is a technique used when artificial clicks are made which increases revenue because of pay-per-click.
a) Clickjacking
b) Clickfraud
c) Keylogging
d) Click-hacking
Answer: b
Explanation: Clickfraud is an attack technique used when artificial clicks get generated to increase the revenue in ad-campaigns online.
43. __________ is the practice implemented to spy someone using technology for gathering sensitive information.
a) Cyber espionage
b) Cyber-spy
c) Digital Spying
d) Spyware
Answer: a
Explanation: Cyber espionage is a practice done by both ethical and non-ethical hackers to spy on others for gathering confidential information.
44. ____________ is the way or technique through which majority of the malware gets installed in our system.
a) Drive-by click
b) Drive-by redirection
c) Drive-by download
d) Drive-by injecting USB devices
Answer: c
Explanation: An accidental yet dangerous action that takes place in the cyberspace which helps attackers place their malware into the victim’s system. This technique is called Drive-by download.
45. ______ is the term used for toolkits that are purchased and used for targeting different exploits.
a) Exploit bag
b) Exploit set
c) Exploit Toolkit
d) Exploit pack
Answer: d
Explanation: Exploit pack or Exploit kit is the term used for toolkits that are purchased and used for targeting different exploits.
46. Identity theft is the term used when a cyber-thief uses anybody’s personal information to impersonate the victim for their benefit.
a) True
b) False
Answer: a
Explanation: Identity theft is the term used when a cyber-thief uses anybody’s personal information to impersonate the victim for their benefit. In this type of cyber-crime, information like social security number, personal details, and images, hobbies and passion details, driving license number and address details are compromised.
47. _________ is the hacking approach where cyber-criminals design fake websites or pages for tricking or gaining additional traffic.
a) Cyber-replication
b) Mimicking
c) Website-Duplication
d) Pharming
Answer: a
Explanation: The technique and approach through which cyber-crooks develop fake web pages and sites to trick people for gaining personal details such as login ID and password as well as personal information, is known as pharming.
48. RAM-Scraping is a special kind of malware that looks (scrape) for sensitive data in the hard drive.
a) True
b) False
Answer: a
Explanation: It is a special kind of malware that looks for sensitive data that you’ve stored in your hard drive. RAM-scraping is one of those kinds.
49. When you book online tickets by swiping your card, the details of the card gets stored in ______
a) database system
b) point-of-sale system
c) servers
d) hard drives
Answer: b
Explanation: The point-of-sale system is a system where the retailer or company stores financial records and card details of the e-commerce system or online business transactions.
50. Point-of-sale intrusion does not deal with financial details and credit card information.
a) True
b) False
Answer: b
Explanation: Point-of-sale intrusion is an attack that deals with financial details and credit card information, where the payment system of the company or retailer is compromised and left with customer’s financial information at risk.
51. _______ are deadly exploits where the vulnerability is known and found by cyber-criminals but not known and fixed by the owner of that application or company.
a) Unknown attacks
b) Secret attacks
c) Elite exploits
d) Zero-day exploits
Answer: d
Explanation: Zero-day exploits are used to attack a system as soon as cyber-criminals came to know about the weakness or the day the weaknesses are discovered in a system. Hackers exploit these types of vulnerabilities before the creator releases the patch or fix the issue.
52. Zero-day exploits are also called __________
a) zero-day attacks
b) hidden attacks
c) un-patched attacks
d) un-fixed exploits
Answer: a
Explanation: Zero-day exploits are also called zero-day attacks where the vulnerability is known and found by cyber-criminals or ethical hackers but not known and fixed by the creator/owner of that application or company.
53. Hackers who help in finding bugs and vulnerabilities in a system & don’t intend to crack a system are termed as ________
a) Black Hat hackers
b) White Hat Hackers
c) Grey Hat Hackers
d) Red Hat Hackers
Answer: b
Explanation: White Hat Hackers are cyber security analysts and consultants who have the intent to help firms and Governments in the identification of loopholes as well as help to perform penetration tests for securing a system.
54. Which is the legal form of hacking based on which jobs are provided in IT industries and firms?
a) Cracking
b) Non ethical Hacking
c) Ethical hacking
d) Hactivism
Answer: c
Explanation: Ethical Hacking is an ethical form of hacking done by white-hat hackers for performing penetration tests and identifying potential threats in any organizations and firms.
55. They are nefarious hackers, and their main motive is to gain financial profit by doing cyber crimes. Who are “they” referred to here?
a) Gray Hat Hackers
b) White Hat Hackers
c) Hactivists
d) Black Hat Hackers
Answer: d
Explanation: Black Hat hackers also termed as ‘crackers’ and are a major type of cyber criminals who take unauthorized access in user’s account or system and steal sensitive data or inject malware into the system for their profit or to harm the organization.
0 Comments