Cybersecurity Basics and Threats MCQ for Professionals

Questions (30)

1. What is the primary goal of cybersecurity?

   • a) To ensure that systems and data are protected from unauthorized access and attacks
   • b) To make systems faster and more efficient
   • c) To improve the performance of websites
   • d) To protect only sensitive financial data
   View Answer

   Correct To ensure that systems and data are protected from unauthorized access and attacks

2. Which of the following is an example of a social engineering attack?

   • a) Phishing
   • b) Man-in-the-middle attack
   • c) Denial-of-Service (DoS) attack
   • d) SQL injection
   View Answer

   Correct Phishing

3. What does the term "malware" refer to?

   • a) Software designed to protect against cyberattacks
   • b) Software used for data backup
   • c) Malicious software intended to cause harm or unauthorized access
   • d) Software used for network optimization
   View Answer

   Correct Malicious software intended to cause harm or unauthorized access

4. Which of the following is a common type of malware that encrypts files and demands payment for decryption?

   • a) Trojan horse
   • b) Worm
   • c) Ransomware
   • d) Spyware
   View Answer

   Correct Ransomware

5. What does the term "phishing" refer to in cybersecurity?

   • a) A technique used to track online activities
   • b) A form of attack where fraudulent emails or websites deceive users into providing sensitive information
   • c) A type of virus that replicates itself
   • d) An encrypted communication method used for secure transactions
   View Answer

   Correct A form of attack where fraudulent emails or websites deceive users into providing sensitive information

6. Which of the following is an example of a brute-force attack?

   • a) Guessing passwords through automated software until the correct one is found
   • b) Exploiting a vulnerability in a website
   • c) Using social engineering to gather personal information
   • d) Intercepting network traffic to steal data
   View Answer

   Correct Guessing passwords through automated software until the correct one is found

7. What is a firewall primarily used for?

   • a) To enhance the user interface of a website
   • b) To protect a computer network by controlling incoming and outgoing traffic
   • c) To make websites load faster
   • d) To clean up viruses from infected files
   View Answer

   Correct To protect a computer network by controlling incoming and outgoing traffic

8. Which of the following best describes a Denial-of-Service (DoS) attack?

   • a) A threat to steal financial information
   • b) An attempt to make a service unavailable by overwhelming it with excessive traffic
   • c) A method of exploiting system vulnerabilities
   • d) A technique for bypassing authentication mechanisms
   View Answer

   Correct An attempt to make a service unavailable by overwhelming it with excessive traffic

9. What is the purpose of encryption in cybersecurity?

   • a) To prevent unauthorized access to data by transforming it into unreadable content
   • b) To speed up the transmission of sensitive data
   • c) To prevent users from accessing certain files
   • d) To improve the aesthetic appeal of data
   View Answer

   Correct To prevent unauthorized access to data by transforming it into unreadable content

10. Which of the following is a vulnerability in a system that can be exploited by attackers?

    • a) Patch
    • b) Software bug or flaw
    • c) Encryption key
    • d) Secure password
    View Answer

    Correct Software bug or flaw

11. What is the purpose of a VPN (Virtual Private Network)?

    • a) To increase the speed of internet browsing
    • b) To allow secure communication over a public network by encrypting data
    • c) To block access to specific websites
    • d) To improve Wi-Fi signal strength
    View Answer

    Correct To allow secure communication over a public network by encrypting data

12. Which of the following is an example of a passive cybersecurity defense?

    • a) Encryption
    • b) Firewall
    • c) Intrusion detection system (IDS)
    • d) Security awareness training
    View Answer

    Correct Intrusion detection system (IDS)

13. What does the term "data breach" refer to?

    • a) The practice of backing up data to external storage
    • b) Unauthorized access or disclosure of sensitive data
    • c) The act of hacking into a system without leaving traces
    • d) A type of encrypted communication
    View Answer

    Correct Unauthorized access or disclosure of sensitive data

14. Which of the following is a common method of securing communication on the internet?

    • a) Using a VPN to encrypt traffic
    • b) Installing anti-virus software
    • c) Disabling firewalls
    • d) Using weak passwords
    View Answer

    Correct Using a VPN to encrypt traffic

15. What is "cross-site scripting" (XSS)?

    • a) An attack that injects malicious scripts into web pages viewed by users
    • b) A method for bypassing authentication systems
    • c) An attack to steal sensitive data from databases
    • d) A denial-of-service attack
    View Answer

    Correct An attack that injects malicious scripts into web pages viewed by users

16. Which of the following is a feature of an effective incident response plan?

    • a) Regular updates to address new threats
    • b) Ignoring low-level threats
    • c) Relying solely on external support
    • d) Focusing on prevention only
    View Answer

    Correct Regular updates to address new threats

17. What is the purpose of a "zero-day" exploit?

    • a) To exploit vulnerabilities in a system before the vendor has released a patch
    • b) To encrypt sensitive files
    • c) To block access to websites
    • d) To prevent unauthorized users from accessing a network
    View Answer

    Correct To exploit vulnerabilities in a system before the vendor has released a patch

18. Which of the following types of malware attempts to exploit a security flaw in a program to execute arbitrary code?

    • a) Worm
    • b) Trojan horse
    • c) Buffer overflow
    • d) Rootkit
    View Answer

    Correct Buffer overflow

19. What does the term "social engineering" refer to in cybersecurity?

    • a) Using technical skills to hack systems
    • b) Manipulating individuals into divulging confidential information or performing actions that compromise security
    • c) Using firewalls to block attacks
    • d) Testing the security of a network
    View Answer

    Correct Manipulating individuals into divulging confidential information or performing actions that compromise security

20. What does an "IDS" (Intrusion Detection System) do?

    • a) Prevents unauthorized access to a network
    • b) Detects potential security breaches or attacks in real-time
    • c) Manages network traffic
    • d) Encrypts sensitive data
    View Answer

    Correct Detects potential security breaches or attacks in real-time

21. What does the acronym "APT" stand for in cybersecurity?

    • a) Advanced Persistent Threat
    • b) Advanced Protected Technique
    • c) Automated Phishing Tool
    • d) Authorized Penetration Test
    View Answer

    Correct Advanced Persistent Threat

22. Which of the following is NOT a good practice for safeguarding sensitive data?

    • a) Using encryption to protect data in transit and at rest
    • b) Regularly updating security patches
    • c) Storing passwords in plain text
    • d) Restricting access to sensitive data based on roles
    View Answer

    Correct Storing passwords in plain text

23. What is the function of an "antivirus" program?

    • a) To prevent hackers from accessing your device
    • b) To detect and remove malicious software
    • c) To optimize the performance of a computer
    • d) To block unauthorized network traffic
    View Answer

    Correct To detect and remove malicious software

24. Which of the following is considered an insider threat?

    • a) An attacker who gains unauthorized access from outside the organization
    • b) A system glitch that causes a security breach
    • c) An employee who intentionally or unintentionally compromises security
    • d) A malicious script targeting a website
    View Answer

    Correct An employee who intentionally or unintentionally compromises security

25. What does a "Man-in-the-Middle" (MitM) attack involve?

    • a) Intercepting communication between two parties to alter or steal information
    • b) Injecting malicious code into a website to steal data
    • c) Overloading a network with traffic to cause a denial of service
    • d) Phishing for login credentials through email
    View Answer

    Correct Intercepting communication between two parties to alter or steal information

26. What does the term "patch management" refer to in cybersecurity?

    • a) The process of updating software to fix vulnerabilities and improve security
    • b) The practice of using firewalls to block incoming traffic
    • c) Monitoring networks for any signs of unauthorized access
    • d) Encrypting sensitive data during transmission
    View Answer

    Correct The process of updating software to fix vulnerabilities and improve security

27. Which of the following is an example of a physical security measure in cybersecurity?

    • a) Using multi-factor authentication
    • b) Installing biometric authentication systems
    • c) Using encryption to protect stored data
    • d) Implementing access control lists (ACLs)
    View Answer

    Correct Installing biometric authentication systems

28. Which of the following describes a "backdoor" in cybersecurity?

    • a) A hidden method of bypassing normal authentication to access a system
    • b) A vulnerability that is intentionally left open by the software vendor
    • c) A technique used to encrypt data for safe transmission
    • d) A tool used for managing firewalls
    View Answer

    Correct A hidden method of bypassing normal authentication to access a system

29. What is the purpose of a "honeypot" in cybersecurity?

    • a) To monitor network traffic for suspicious activity by simulating a vulnerable system
    • b) To encrypt sensitive data in storage
    • c) To limit access to specific users only
    • d) To block spam and phishing attempts
    View Answer

    Correct To monitor network traffic for suspicious activity by simulating a vulnerable system

30. What is the main function of a "sandbox" in cybersecurity testing?

    • a) To provide a controlled environment for running and analyzing potentially malicious code
    • b) To block unauthorized access to a network
    • c) To create secure passwords for all users
    • d) To encrypt traffic between systems
    View Answer

    Correct To provide a controlled environment for running and analyzing potentially malicious code