-
web.groovymark@gmail.com
- December 4, 2024
Question 01
What type of attack attempts to use all possible combinations of letters, numbers, and symbols to guess a password?
A. Dictionary attack
B. Password spraying
C. Brute-force attack
D. Phishing
Correct Answer: C. Brute-force attack
Explanation: A brute-force attack tries all possible combinations of passwords until it finds the correct one. Other attack types use different methods to access systems.
Question 02
Which of the following ensures that only authorized users can access sensitive information?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
Correct Answer: A. Confidentiality
Explanation: Confidentiality ensures that sensitive data is only accessible to authorized users. It is one of the main principles of information security, alongside integrity and availability.
Question 03
Which security protocol uses port 443 to encrypt web traffic?
A. FTP
B. HTTPS
C. SMTP
D. DNS
Correct Answer: B. HTTPS
Explanation: HTTPS uses port 443 to secure web traffic through encryption, providing confidentiality and integrity over the internet. HTTP, FTP, and SMTP use different ports and functions
Question 04
Which of the following prevents users from installing unauthorized software on their devices?
A. Blacklisting
B. Application whitelisting
C. Sandboxing
D. Anti-virus
Correct Answer: B. Application whitelisting
Explanation: Application whitelisting restricts users to a pre-approved list of applications, preventing unauthorized software from being installed. Blacklisting, sandboxing, and anti-virus serve different purposes.
Question 05
Which of the following is designed to identify and remove malicious software from an infected system?
A. Anti-virus
B. IDS
C. VPN
D. Firewall
Correct Answer: A. Anti-virus
Explanation: Anti-virus software detects, quarantines, and removes malicious software from a system. It scans files and processes to protect against malware like viruses, trojans, and worms.
Question 06
What type of attack involves capturing data packets and using them to gain unauthorized access to a network?
A. Spoofing
B. Phishing
C. Replay attack
D. SQL injection
Correct Answer: C. Replay attack
Explanation: A replay attack involves capturing data packets and re-sending them to gain unauthorized access to a network. Spoofing, phishing, and man-in-the-middle attacks involve different tactics.
Question 07
Which of the following ensures that a system or service is available for use when needed?
A. Integrity
B. Confidentiality
C. Non-repudiation
D. Availability
Correct Answer: D. Availability
Explanation: Availability ensures that systems and data are accessible when required, often by implementing redundancy and fault tolerance measures. Integrity, confidentiality, and non-repudiation serve different purposes.
Question 08
Which of the following refers to an attack where the attacker manipulates legitimate DNS queries to redirect traffic to a malicious site?
A. SQL injection
B. DNS poisoning
C. Packet sniffing
D. Man-in-the-middle attack
Correct Answer: B. DNS poisoning
Explanation: DNS poisoning manipulates DNS queries to redirect users to malicious websites by corrupting DNS records. SQL injection, packet sniffing, and man-in-the-middle attacks are unrelated.
Question 09
Which of the following best describes two-factor authentication?
A. Authentication that uses a password and PIN
B. Authentication that uses a password and username
C. Authentication that uses biometric factors only
D. Authentication that uses two different methods, such as a password and a smart card
Correct Answer: D. Authentication that uses two different methods, such as a password and a smart card
Explanation: Two-factor authentication enhances security by requiring two different types of credentials, such as a password and a smart card. Using a password and PIN, or username and password, involves only one factor.
Question 10
Which of the following encrypts files on a system and demands payment to decrypt them?
A. Spyware
B. Ransomware
C. Trojan
D. Worm
Correct Answer: B. Ransomware
Explanation: Ransomware encrypts files on a victim's system and demands a ransom for decryption. Spyware, trojans, and worms have different functionalities.
Question 11
What is the purpose of hashing in information security?
A. To encrypt data
B. To control access to data
C. To verify data integrity
D. To provide non-repudiation
Correct Answer: C. To verify data integrity
Explanation: Hashing verifies data integrity by producing a fixed-length hash value from input data. It is used to ensure that data has not been altered during transmission or storage.
Question 12
Which of the following attacks involves exploiting software vulnerabilities to execute arbitrary code?
A. Buffer overflow
B. Phishing
C. SQL injection
D. Spoofing
Correct Answer: A. Buffer overflow
Explanation: A buffer overflow occurs when an attacker exploits a software vulnerability to execute arbitrary code, often leading to system crashes or unauthorized access.
Question 13
Which of the following is a technique used to manipulate search engine results to drive traffic to malicious sites?
A. Phishing
B. Spoofing
C. SQL injection
D. SEO poisoning
Correct Answer: D. SEO poisoning
Explanation: SEO poisoning manipulates search engine results to drive traffic to malicious sites. Phishing, spoofing, and SQL injection have different attack mechanisms.
Question 14
Which of the following is the MOST effective method to prevent unauthorized access to sensitive data on a mobile device?
A. Full disk encryption
B. Password protection
C. Screen lock
D. VPN
Correct Answer: A. Full disk encryption
Explanation: Full disk encryption protects sensitive data on a mobile device by encrypting all data stored on the device. Passwords, screen locks, and VPNs provide different levels of security.
Question 15
Which of the following controls access to network resources by verifying the user’s credentials?
A. Encryption
B. Authentication
C. Authorization
D. Logging
Correct Answer: B. Authentication
Explanation: Authentication verifies a user's credentials to control access to network resources. Authorization, encryption, and logging have different security functions.
Question 16
Which of the following allows a user to establish a secure connection to a remote network over the internet?
A. Firewall
B. VPN
C. Proxy
D. MAC filtering
Correct Answer: B. VPN
Explanation: A VPN allows users to establish a secure, encrypted connection to a remote network over the internet. Firewalls, proxies, and MAC filtering serve different network security purposes.
Question 17
Which of the following is a weakness or flaw that can be exploited by an attacker?
A. Vulnerability
B. Threat
C. Risk
D. Exploit
Correct Answer: A. Vulnerability
Explanation: A vulnerability is a weakness in a system that can be exploited by an attacker. It differs from threats, risks, and exploits, which are components of an attack scenario.
Question 18
Which of the following uses a public and private key pair to encrypt and decrypt data?
A. Symmetric encryption
B. Hashing
C. Asymmetric encryption
D. Salting
Correct Answer: C. Asymmetric encryption
Explanation: Asymmetric encryption uses a public and private key pair for encryption and decryption. Symmetric encryption, hashing, and salting use different methods.
Question 19
What type of attack takes advantage of software flaws to install malware on a victim’s machine without their knowledge?
A. Phishing
B. Denial of Service (DoS)
C. Drive-by download
D. Spoofing
Correct Answer: C. Drive-by download
Explanation: A drive-by download occurs when malicious code is automatically downloaded to a user's system by exploiting vulnerabilities in software. Phishing, DoS, and spoofing attacks work differently.
Question 20
Which of the following tools is used to capture and analyze network traffic?
A. Firewall
B. Protocol analyzer
C. Proxy
D. VPN
Correct Answer: B. Protocol analyzer
Explanation: A protocol analyzer captures and analyzes network traffic to identify potential security issues. Firewalls, proxies, and VPNs serve different security functions.
