Cyber Security Questions and Answers – Ethical Hacking – History

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Ethical Hacking –
History”. MCQ ON ETHICAL HACKING
1. In which year the term hacking was coined?
a) 1965-67
b) 1955-60
c) 1970-80
d) 1980-82
View Answer
Answer: b
Explanation: The term came to origin in the year 1960s when very highly skilled professionals and
individuals practice complex programming approaches to solve different problems.
2. From where the term ‘hacker’ first came to existence?
a) MIT
b) Stanford University
c) California
d) Bell’s Lab
View Answer
Answer: a
Explanation: At MIT (Massachusetts Institute of Technology), the term ‘hacker’ first came into origin
because individuals and high skilled professionals solve different problems using programming
languages. Some similar terms were also coined in this regard such as – geeks & nerds.
3. What is the one thing that old hackers were fond of or find interests in?
a) Breaking Other’s system
b) Voracious thirst for knowledge
c) Cracking Phone calls
d) Learning new languages
View Answer
Answer: b
Explanation: Hackers of the old era were considered the most influential individuals of society with
intellectual learning inclination and thirst for knowledge.
4. In which year the first popular hacker conference took place?
a) 1994
b) 1995
c) 1993
d) 1992
View Answer
Answer: c
Explanation: The first ever internationally recognized hacker’s conference took place in the year 1993 at
Las Vegas, Nevada.
5. What is the name of the first hacker’s conference?
a) DEFCON
b) OSCON
c) DEVCON
d) SECCON
View Answer
Answer: a
Explanation: DEFCON is one of the most popular and largest hacker’s as well as a security consultant’s
conference that takes place every year in Las Vegas, Nevada, where government agents, security
professionals, black and white hat hackers from all over the world attend that conference.
6. _______ is the oldest phone hacking techniques used by hackers to make free calls
a) Phishing
b) Spamming
c) Phreaking
d) Cracking
View Answer MCQ ON ETHICAL HACKING
Answer: c
Explanation: Phreaking which is abbreviated as phone-hacking is a slang term and old hacking technique
where skilled professionals study, explore & experiment telephone networks in order to acquire the free
calling facility.
7. In which year, first practical technology hacking came into origin?
a) 1878
b) 1890
c) 1895
d) 1876
View Answer
Answer: a
Explanation: The first hacking (related to telephone technology) was done when the phone company –
named Bell Telephone started in the year 1878.
8. In which year, hacking became a practical crime and a matter of concern in the field of technology?
a) 1971
b) 1973
c) 1970
d) 1974
View Answer
Answer: c
Explanation: For hackers 1970 was that era when hackers and cyber criminals figured out how wired
technologies work and how these technologies can be exploited in order to gain additional advantage or
misuse the technology.
9. Who was the first individual who performed a major hacking in the year 1971?
a) Steve Wozniak
b) Steve Jobs
c) Kevin Mitnick
d) John Draper
View Answer
Answer: d
Explanation: In the year 1971, a Vietnam guy name John Draper figured it out as how to make phone
calls free of cost. This type of phone hacking is termed Phreaking.
10. Name the hacker who breaks the ARPANET systems?
a) Jon von Neumann
b) Kevin Poulsen
c) Kevin Mitnick
d) John Draper
View Answer
Answer: b
Explanation: The ARPANET (Advanced Research Project Agency Network) got hacked by Kevin
Poulsen as he breaks into the Pentagon network and their associated system but got caught immediately in
the year 1983.
11. Who coined the term “cyberspace”?
a) Andrew Tannenbaum
b) Scott Fahlman
c) William Gibson
d) Richard Stallman
View Answer
Answer: c
Explanation: In the year 1821, an American – Canadian fiction pioneer cum writer, William Gibson
explored the different streams of technologies and coined the term “cyberspace”. The term defines
interconnected technologies that help in sharing information, interact with digital devices, storage and
MCQ ONsecurity
digital entertainment, computer and network ETHICAL HACKING
and stuff related to information technology.
12. In which year computer scientists try to integrate encryption techniques in TCP/IP protocol?
a) 1978
b) 1980
c) 1982
d) 1984
View Answer
Answer: a
Explanation: TCP/IP suite needs prior security as it is one of the most popularly used protocol suites and
hence some computer scientists in the year 1978, attempts to integrate the security algorithms though they
face many impediments in this regard.
advertisement
13. In which year the Computer Fraud & Abuse Act was adopted in the United States?
a) 1983
b) 1984
c) 1987
d) 1988
View Answer
Answer: b
Explanation: This Cyber security bill got passed in the US in the year 1984 keeping this in concern that
any computer related crimes do not go unpunished. This law also restricts users from unauthorized access
of computer or data associated with it.
14. Who was the first individual to distribute computer worms through internet?
a) Vladimir Levin
b) Bill Landreth
c) Richard Stallman
d) Robert T. Morris
View Answer
Answer: d
Explanation: Robert Tappan Morris, a Cornell University graduate student developed Morris Worm in
1988 and was accused of the crime (under US Computer Fraud and Abuse Act.) for spreading computer
worms through Internet.
15. _____ is a powerful encryption tool released by Philip Zimmerman in the year 1991.
a) PGP (Protected Good Privacy)
b) AES (Advanced Encryption Standard)
c) PGP (Pretty Good Privacy)
d) DES (Data Encryption Standard)
View Answer
Answer: c
Explanation: This encryption program package name PGP (Pretty Good Privacy) became popular across
the globe because it helps in providing authentication in data communication as well as help in
maintaining privacy through cryptographic algorithms by encryption & decryption of plain texts (in
emails and files) to cipher texts and vice versa
Cyber Security Questions and Answers – Ethical Hacking – Types of Hackers & Security Professionals
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Ethical Hacking –
Types of Hackers & Security Professionals”.
1. Hackers who help in finding bugs and vulnerabilities in a system & don’t intend to crack a system are
termed as ________
a) Black Hat hackers
b) White Hat Hackers
c) Grey Hat Hackers
d) Red Hat Hackers
View Answer
Answer: b MCQ ON ETHICAL HACKING
Explanation: White Hat Hackers are cyber security analysts and consultants who have the intent to help
firms and Governments in the identification of loopholes as well as help to perform penetration tests for
securing a system.
2. Which is the legal form of hacking based on which jobs are provided in IT industries and firms?
a) Cracking
b) Non ethical Hacking
c) Ethical hacking
d) Hactivism
View Answer
Answer: c
Explanation: Ethical Hacking is an ethical form of hacking done by white-hat hackers for performing
penetration tests and identifying potential threats in any organizations and firms.
3. They are nefarious hackers, and their main motive is to gain financial profit by doing cyber crimes.
Who are “they” referred to here?
a) Gray Hat Hackers
b) White Hat Hackers
c) Hactivists
d) Black Hat Hackers
View Answer
Answer: d
Explanation: Black Hat hackers also termed as ‘crackers’ and are a major type of cyber criminals who
take unauthorized access in user’s account or system and steal sensitive data or inject malware into the
system for their profit or to harm the organization.
4. ________ are the combination of both white as well as black hat hackers.
a) Grey Hat hackers
b) Green Hat hackers
c) Blue Hat Hackers
d) Red Hat Hackers
View Answer
Answer: a
Explanation: Grey Hat Hackers have a blending character of both ethical as well as un-ethical hacker.
They hack other’s systems for fun but do not harm the system, exploits bugs and vulnerabilities in
network without the knowledge of the admin or the owner.
5. The amateur or newbie in the field of hacking who don’t have many skills about coding and in-depth
working of security and hacking tools are called ________
a) Sponsored Hackers
b) Hactivists
c) Script Kiddies
d) Whistle Blowers
View Answer
Answer: c
Explanation: Script Kiddies are new to hacking and at the same time do not have many interests in
developing coding skills or find bugs of their own in systems; rather they prefer downloading of available
tools (developed by elite hackers) and use them to break any system or network. They just try to gain
attention of their friend circles.
6. Suicide Hackers are those _________
a) who break a system for some specific purpose with or without keeping in mind that they may suffer
long term imprisonment due to their malicious activity
b) individuals with no knowledge of codes but an expert in using hacking tools
c) who know the consequences of their hacking activities and hence try to prevent them by erasing their
digital footprints
d) who are employed in an organization to do malicious activities on other firms
View Answer MCQ ON ETHICAL HACKING
Answer: a
Explanation: Suicide hackers are those who break into any network or system with or without knowing
the consequences of the cyber crime and its penalty. There are some suicide hackers who intentionally do
crimes and get caught to bring their names in the headlines.
7. Criminal minded individuals who work for terrorist organizations and steal information of nations and
other secret intelligence are _________
a) State sponsored hackers
b) Blue Hat Hackers
c) Cyber Terrorists
d) Red Hat Hackers
View Answer
Answer: c
Explanation: Cyber Terrorists are very expert programmers and cyber criminals who hide themselves
while doing malicious activities over the internet and they are smart enough to hide themselves or their
tracks of action. They are hired for gaining unauthorised access to nation’s data centres or break into the
network of intelligence agencies.
8. One who disclose information to public of a company, organization, firm, government and private
agency and he/she is the member or employee of that organization; such individuals are termed as
___________
a) Sponsored hackers
b) Crackers
c) Hactivist
d) Whistleblowers
View Answer
Answer: d
Explanation: Whistleblowers are those individuals who is a member or an employee of any specific
organization and is responsible for disclosing private information of those organizations, firms, either
government or private.
9. These types of hackers are the most skilled hackers in the hackers’ community. Who are “they”
referred to?
a) White hat Hackers
b) Elite Hackers
c) Licensed Penetration Testers
d) Red Hat Hackers
View Answer
Answer: b
Explanation: The tag “Elite hackers” are considered amongst the most reputed hackers who possess most
of the hacking and security skills. They are treated with utmost respect in the hackers’ community. Zero
day vulnerabilities, serious hacking tools and newly introduced bugs are found and developed by them.
10. _________ are those individuals who maintain and handles IT security in any firm or organization.
a) IT Security Engineer
b) Cyber Security Interns
c) Software Security Specialist
d) Security Auditor
View Answer
Answer: a
Explanation: This is an intermediary level of position of an individual in an organization or firm who
builds and preserves different systems and its associated security tools of the firm of organization to
which he/she belongs.
11. Role of security auditor is to ____________
a) secure the network
MCQ ON ETHICAL
b) probe for safety and security of organization’s HACKING
security components and systems
c) detects and prevents cyber attacks and threats to organization
d) does penetration testing on different web applications
View Answer
Answer: b
Explanation: Security auditors are those who conduct auditing of various computer and network systems
on an organization or company and reports the safety and security issues as well as helps in suggesting
improvements or enhancements in any particular system that is threat prone.
12. ________ are senior level corporate employees who have the role and responsibilities of creating and
designing secured network or security structures.
a) Ethical Hackers
b) Chief Technical Officer
c) IT Security Engineers
d) Security Architect
View Answer
Answer: d
Explanation: Security architect are those senior grade employees of an organization who are in charge of
building, designing, implementing and testing of secured network topologies, protocols as well as secured
computers in an organization.
advertisement
13. __________ security consultants uses database security monitoring & scanning tools to maintain
security to different data residing in the database / servers / cloud.
a) Database
b) Network
c) System
d) Hardware
View Answer
Answer: a
Explanation: Database Security consultants are specific individuals hired in order to monitor and scan the
database systems and keep them secured from unwanted threats and attacks by giving access to restricted
users, blocking unwanted files, multi-factor access control etc.
14. Governments hired some highly skilled hackers. These types of hackers are termed as _______
a) Special Hackers
b) Government Hackers
c) Cyber Intelligence Agents
d) Nation / State sponsored hackers
View Answer
Answer: d
Explanation: Nation / State sponsored hackers are specific individuals who are employed or hired by the
government of that nation or state and protect the nation from cyber terrorists and other groups or
individuals and to reveal their plans, communications and actions.
15. Someone (from outside) who tests security issues for bugs before launching a system or application,
and who is not a part of that organization or company are ______
a) Black Hat hacker
b) External penetration tester
c) Blue Hat hacker
d) White Hat Hacker
View Answer
Answer: c
Explanation: Blue Hat Hackers are outsiders yet security testers who are temporarily hired for performing
outsourced security test for bugs and vulnerabilities in any system before launching it to the market or
making the application live.
yber Security Questions and AnswersMCQ ON ETHICAL
– Cyber HACKING
Attacks Types
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Cyber Attacks
Types”.
1. The full form of Malware is ________
a) Malfunctioned Software
b) Multipurpose Software
c) Malicious Software
d) Malfunctioning of Security
View Answer
Answer: c
Explanation: Different types of harmful software and programs that can pose threats to a system, network
or anything related to cyberspace are termed as Malware. Examples of some common malware are Virus,
Trojans, Ransomware, spyware, worms, rootkits etc.
2. Who deploy Malwares to a system or network?
a) Criminal organizations, Black hat hackers, malware developers, cyber-terrorists
b) Criminal organizations, White hat hackers, malware developers, cyber-terrorists
c) Criminal organizations, Black hat hackers, software developers, cyber-terrorists
d) Criminal organizations, gray hat hackers, Malware developers, Penetration testers
View Answer
Answer: a
Explanation: Criminal-minded organizations, groups and individuals cyber-terrorist groups, Black hat
hackers, malware developers etc are those who can deploy malwares to any target system or network in
order to deface that system.
3. _____________ is a code injecting method used for attacking the database of a system / website.
a) HTML injection
b) SQL Injection
c) Malicious code injection
d) XML Injection
View Answer
Answer: b
Explanation: SQLi (Structured Query Language Injection) is a popular attack where SQL code is targeted
or injected; for breaking the web application having SQL vulnerabilities. This allows the attacker to run
malicious code and take access to the database of that server.
4. XSS is abbreviated as __________
a) Extreme Secure Scripting
b) Cross Site Security
c) X Site Scripting
d) Cross Site Scripting
View Answer
Answer: d
Explanation: Cross Site Scripting is another popular web application attack type that can hamper the
reputation of any site.
5. This attack can be deployed by infusing a malicious code in a website’s comment section. What is
“this” attack referred to here?
a) SQL injection
b) HTML Injection
c) Cross Site Scripting (XSS)
d) Cross Site Request Forgery (XSRF)
View Answer
Answer: c
Explanation: XSS attack can be infused by putting the malicious code (which gets automatically run) in
any comment section or feedback section of any webpage (usually a blogging page). This can hamper the
reputation of a site and the attacker may place any private data or personal credentials.
6. When there is an excessive amountMCQ ONflow,
of data ETHICAL HACKING
which the system cannot handle, _____ attack takes
place.
a) Database crash attack
b) DoS (Denial of Service) attack
c) Data overflow Attack
d) Buffer Overflow attack
View Answer
Answer: d
Explanation: The Buffer overflow attack takes place when an excessive amount of data occurs in the
buffer, which it cannot handle and lead to data being over-flow into its adjoined storage. This attack can
cause a system or application crash and can lead to malicious entry-point.
7. Compromising a user’s session for exploiting the user’s data and do malicious activities or misuse
user’s credentials is called ___________
a) Session Hijacking
b) Session Fixation
c) Cookie stuffing
d) Session Spying
View Answer
Answer: a
Explanation: Using session hijacking, which is popularly known as cookie hijacking is an exploitation
method for compromising the user’s session for gaining unauthorized access to user’s information.
8. Which of this is an example of physical hacking?
a) Remote Unauthorised access
b) Inserting malware loaded USB to a system
c) SQL Injection on SQL vulnerable site
d) DDoS (Distributed Denial of Service) attack
View Answer
Answer: b
Explanation: If a suspicious gain access to server room or into any confidential area with a malicious pen-
drive loaded with malware which will get triggered automatically once inserted to USB port of any
employee’s PC; such attacks come under physical hacking, because that person in gaining unauthorized
physical access to any room or organization first, then managed to get an employee’s PC also, all done
physically – hence breaching physical security.
9. Which of them is not a wireless attack?
a) Eavesdropping
b) MAC Spoofing
c) Wireless Hijacking
d) Phishing
View Answer
Answer: d
Explanation: Wireless attacks are malicious attacks done in wireless systems, networks or devices.
Attacks on Wi-Fi network is one common example that general people know. Other such sub-types of
wireless attacks are wireless authentication attack, Encryption cracking etc.
10. An attempt to harm, damage or cause threat to a system or network is broadly termed as ______
a) Cyber-crime
b) Cyber Attack
c) System hijacking
d) Digital crime
View Answer
Answer: b
Explanation: Cyber attack is an umbrella term used to classify different computer & network attacks or
activities such as extortion, identity theft, email hacking, digital spying, stealing hardware, mobile
hacking and physical security breaching.
11. Which method of hacking will record MCQall ONyour
ETHICAL HACKING
keystrokes?
a) Keyhijacking
b) Keyjacking
c) Keylogging
d) Keyboard monitoring
View Answer
Answer: c
Explanation: Keylogging is the method or procedure of recording all the key strokes/keyboard button
pressed by the user of that system.
12. _________ are the special type of programs used for recording and tracking user’s keystroke.
a) Keylogger
b) Trojans
c) Virus
d) Worms
View Answer
Answer: a
Explanation: Keyloggers are surveillance programs developed for both security purpose as well as done
for hacking passwords and other personal credentials and information. This type of programs actually
saves the keystrokes done using a keyboard and then sends the recorded keystroke file to the creator of
such programs.
advertisement
13. These are a collective term for malicious spying programs used for secretly monitoring someone’s
activity and actions over a digital medium.
a) Malware
b) Remote Access Trojans
c) Keyloggers
d) Spyware
View Answer
Answer: d
Explanation: Spyware is professional malicious spying software that is hard to detect by anti-malware or
anti-virus programs because they are programmed in such a skillful way. These types of software keep on
collecting personal information, surfing habits, surfing history as well as credit card details.
14. Stuxnet is a _________
a) Worm
b) Virus
c) Trojan
d) Antivirus
View Answer
Answer: a
Explanation: Stuxnet is a popular and powerful worm that came into existence in mid 2010, which was
very powerful as it was accountable for the cause of huge damage to Iran’s Nuclear program. It mainly
targets the PLCs (Programmable Logic Controllers) in a system.
15. ___________ is a violent act done using the Internet, which either threatens any technology user or
leads to loss of life or otherwise harms anyone in order to accomplish political gain.
a) Cyber-warfare
b) Cyber campaign
c) Cyber-terrorism
d) Cyber attack
View Answer
Answer: c
Explanation: Cyber- terrorism is the term used to describe internet terrorism, where individuals and
groups are anonymously misusing ethnicities, religions as well as threaten any technology user, which
may lead to even loss of life.
Cyber Security Questions and Answers MCQ ON ETHICAL
– Elements HACKING
of Security
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Elements of
Security”.
1. In general how many key elements constitute the entire security structure?
a) 1
b) 2
c) 3
d) 4
View Answer
Answer: d
Explanation: The 4 key elements that constitute the security are: confidentiality, integrity, authenticity &
availability. Authenticity is not considered as one of the key elements in some other security models, but
the popular CIA Triad eliminates this as authenticity at times comes under confidentiality & availability.
2. According to the CIA Triad, which of the below-mentioned element is not considered in the triad?
a) Confidentiality
b) Integrity
c) Authenticity
d) Availability
View Answer
Answer: c
Explanation: According to the CIA triad the three components that a security need is the Confidentiality,

Integrity, Availability (as in short read as CIA).

3. This is the model designed for guiding the policies of Information security within a company, firm or
organization. What is “this” referred to here?
a) Confidentiality
b) Non-repudiation
c) CIA Triad
d) Authenticity
View Answer
Answer: c
Explanation: Various security models were being developed till date. This is by far the most popular and
widely used model which focuses on the information’s confidentiality, integrity as well as availability and
how these key elements can be preserved for a better security in any organization.
4. CIA triad is also known as ________
a) NIC (Non-repudiation, Integrity, Confidentiality)
b) AIC (Availability, Integrity, Confidentiality)
c) AIN (Availability, Integrity, Non-repudiation)
d) AIC (Authenticity, Integrity, Confidentiality)
View Answer
Answer: b
Explanation: This approach of naming it CIA Triad as AIC (Availability, Integrity, Confidentiality) Triad
because people get confused about this acronym with the abbreviation and the secret agency name Central
Intelligence Agency.
5. When you use the word _____ it means you are protecting your data from getting disclosed.
a) Confidentiality
b) Integrity MCQ ON ETHICAL HACKING
c) Authentication
d) Availability
View Answer
Answer: a
Explanation: Confidentiality is what every individual prefer in terms of physical privacy as well as digital
privacy. This term means our information needs to be protected from getting disclose to unauthorised
parties, for which we use different security mechanisms like password protection, biometric security,
OTPs (One Time Passwords) etc.
6. ______ means the protection of data from modification by unknown users.
a) Confidentiality
b) Integrity
c) Authentication
d) Non-repudiation
View Answer
Answer: b
Explanation: A information only seems valuable if it is correct and do not get modified during its journey
in the course of arrival. The element integrity makes sure that the data sent or generated from other end is
correct and is not modified by any unauthorised party in between.
7. When integrity is lacking in a security system, _________ occurs.
a) Database hacking
b) Data deletion
c) Data tampering
d) Data leakage
View Answer
Answer: c
Explanation: The term data tampering is used when integrity is compromised in any security model and
checking its integrity later becomes costlier. Example: let suppose you sent $50 to an authorised person
and in between a Man in the Middle (MiTM) attack takes place and the value has tampered to $500. This
is how integrity is compromised.
8. _______ of information means, only authorised users are capable of accessing the information.
a) Confidentiality
b) Integrity
c) Non-repudiation
d) Availability
View Answer
Answer: d
Explanation: Information seems useful only when right people (authorised users) access it after going
through proper authenticity check. The key element availability ensures that only authorised users are
able to access the information.
9. Why these 4 elements (confidentiality, integrity, authenticity & availability) are considered
fundamental?
a) They help understanding hacking better
b) They are key elements to a security breach
c) They help understands security and its components better
d) They help to understand the cyber-crime better
View Answer
Answer: c
Explanation: The four elements of security viz. confidentiality, integrity, authenticity & availability helps
in better understanding the pillars of security and its different components.
10. This helps in identifying the origin of information and authentic user. This referred to here as
__________
a) Confidentiality MCQ ON ETHICAL HACKING
b) Integrity
c) Authenticity
d) Availability
View Answer
Answer: c
Explanation: The key element, authenticity helps in assuring the fact that the information is from the
original source.
11. Data ___________ is used to ensure confidentiality.
a) Encryption
b) Locking
c) Deleting
d) Backup
View Answer
Answer: a
Explanation: Data encryption is the method of converting plain text to cipher-text and only authorised
users can decrypt the message back to plain text. This preserves the confidentiality of data.
12. Which of these is not a proper method of maintaining confidentiality?
a) Biometric verification
b) ID and password based verification
c) 2-factor authentication
d) switching off the phone
View Answer
Answer: d
Explanation: Switching off the phone in the fear of preserving the confidentiality of data is not a proper
solution for data confidentiality. Fingerprint detection, face recognition, password-based authentication,
two-step verifications are some of these.
advertisement
13. Data integrity gets compromised when _____ and _____ are taken control off.
a) Access control, file deletion
b) Network, file permission
c) Access control, file permission
d) Network, system
View Answer
Answer: c
Explanation: The two key ingredients that need to be kept safe are: access control & file permission in
order to preserve data integrity.
14. ______ is the latest technology that faces an extra challenge because of CIA paradigm.
a) Big data
b) Database systems
c) Cloud storages
d) Smart dust
View Answer
Answer: a
Explanation: Big data has additional challenges that it has to face because of the tremendous volume of
data that needs protection as well as other key elements of the CIA triad, which makes the entire process
costly and time-consuming.
15. One common way to maintain data availability is __________
a) Data clustering
b) Data backup
c) Data recovery
d) Data Altering
View Answer
Answer: b MCQ ON ETHICAL HACKING
Explanation: For preventing data from data-loss, or damage data backup can be done and stored in a
different geographical location so that it can sustain its data from natural disasters & unpredictable events.
Cyber Security Questions and Answers – Information Security Technologies
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Information
Security Technologies”.
1. _______ is the practice and precautions taken to protect valuable information from unauthorised
access, recording, disclosure or destruction.
a) Network Security
b) Database Security
c) Information Security
d) Physical Security
View Answer
Answer: c
Explanation: Information Security (abbreviated as InfoSec) is a process or set of processes used for
protecting valuable information for alteration, destruction, deletion or disclosure by unauthorised users.
2. From the options below, which of them is not a threat to information security?
a) Disaster
b) Eavesdropping
c) Information leakage
d) Unchanged default password
View Answer
Answer: d
Explanation: Disaster, eavesdropping and information leakage come under information security threats
whereas not changing the default password of any system, hardware or any software comes under the
category of vulnerabilities that the user may pose to its system.
3. From the options below, which of them is not a vulnerability to information security?
a) flood
b) without deleting data, disposal of storage media
c) unchanged default password
d) latest patches and updates not done
View Answer
Answer: a
Explanation: Flood comes under natural disaster which is a threat to any information and not acts as a
vulnerability to any system.
4. _____ platforms are used for safety and protection of information in the cloud.
a) Cloud workload protection platforms
b) Cloud security protocols
c) AWS
d) One Drive
View Answer
Answer: a
Explanation: Nowadays data centres support workloads from different geographic locations across the
globe through physical systems, virtual machines, servers, and clouds. Their security can be managed
using Cloud workload protection platforms which manage policies regarding security of information
irrespective of its location.
5. Which of the following information security technology is used for avoiding browser-based hacking?
a) Anti-malware in browsers
b) Remote browser access
c) Adware remover in browsers
d) Incognito mode in a browser
View Answer
Answer: b MCQ ON ETHICAL HACKING
Explanation: Cyber-criminals target browsers for breaching information security. If a user establishes a
remote browsing by isolating the browsing session of end user, cyber-criminals will not be able to infect
the system along with browser with malware, ultimately reducing the attack surface area.
6. The full form of EDR is _______
a) Endpoint Detection and recovery
b) Early detection and response
c) Endpoint Detection and response
d) Endless Detection and Recovery
View Answer
Answer: c
Explanation: It is a collective name for tools that monitor networks & endpoints of systems and record all
the activities for further reporting, analysis & detection in a central database. Analyzing the reports
generated through such EDR tools, loopholes in a system or any internal, as well as external breaching
attempts can be detected.
7. _______ technology is used for analyzing and monitoring traffic in network and information flow.
a) Cloud access security brokers (CASBs)
b) Managed detection and response (MDR)
c) Network Security Firewall
d) Network traffic analysis (NTA)
View Answer
Answer: d
Explanation: Network traffic analysis (NTA) is an approach of information security for supervising the
traffic in any network, a flow of data over the network as well as malicious threats that are trying to
breach the network. This technological solution also helps in triage the events detected by Network
Traffic Analysing tools.
8. Compromising confidential information comes under _________
a) Bug
b) Threat
c) Vulnerability
d) Attack
View Answer
Answer: b
Explanation: Threats are anything that may cause damage or harm to a computer system, individual or
any information. Compromising of confidential information means extracting out sensitive data from a
system by illegal manner.
9. Lack of access control policy is a _____________
a) Bug
b) Threat
c) Vulnerability
d) Attack
View Answer
Answer: c
Explanation: Access control policies are incorporated to a security system for restricting of unauthorised
access to any logical or physical system. Every security compliance program must need this as a
fundamental component. Those systems which lack this feature is vulnerable.
10. Possible threat to any information cannot be ________________
a) reduced
b) transferred
c) protected
d) ignored
View Answer
Answer: d MCQ ON ETHICAL HACKING
Explanation: When there lies a threat to any system, safeguards can be implemented, outsourced,
distributed or transferred to some other system, protected using security tools and techniques but cannot
be ignored.
Cyber Security Questions and Answers – Generic Steps for Security – 1
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Generic Steps for
Security – 1”.
1. How many basic processes or steps are there in ethical hacking?
a) 4
b) 5
c) 6
d) 7
View Answer
Answer: c
Explanation: According to the standard ethical hacking standards, the entire process of hacking can be
divided into 6 steps or phases. These are: Reconnaissance, Scanning, Gaining Access, Maintaining
Access, Tracks clearing, reporting.
2. ____________ is the information gathering phase in ethical hacking from the target user.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Answer: a
Explanation: Reconnaissance is the phase where the ethical hacker tries to gather different kinds of
information about the target user or the victim’s system.
3. Which of the following is not a reconnaissance tool or technique for information gathering?
a) Hping
b) NMAP
c) Google Dorks
d) Nexpose
View Answer
Answer: d
Explanation: Hping, NMAP & Google Dorks are tools and techniques for reconnaissance. Nexpose is a
tool for scanning the network for vulnerabilities.
4. There are ______ subtypes of reconnaissance.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: a
Explanation: Reconnaissance can be done in two different ways. 1st, Active Reconnaissance which
involves interacting with the target user or system directly in order to gain information; 2 nd, Passive
Reconnaissance, where information gathering from target user is done indirectly without interacting with
the target user or system.
5. Which of the following is an example of active reconnaissance?
a) Searching public records
b) Telephone calls as a help desk or fake customer care person
c) Looking for the target’s details in the database
d) Searching the target’s details in paper files
View Answer
Answer: b MCQ ON ETHICAL HACKING
Explanation: As active reconnaissance is all about interacting with target victim directly, hence telephonic
calls as a legitimate customer care person or help desk person, the attacker can get more information
about the target user.
6. Which of the following is an example of passive reconnaissance?
a) Telephonic calls to target victim
b) Attacker as a fake person for Help Desk support
c) Talk to the target user in person
d) Search about target records in online people database
View Answer
Answer: d
Explanation: Passive reconnaissance is all about acquiring of information about the target indirectly,
hence searching any information about the target on online people database is an example of passive
reconnaissance.
7. ________ phase in ethical hacking is known as the pre-attack phase.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Answer: b
Explanation: In the scanning phase, the hacker actively scans for the vulnerabilities or specific
information in the network which can be exploited.
8. While looking for a single entry point where penetration testers can test the vulnerability, they use
______ phase of ethical hacking.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Answer: b
Explanation: Scanning is done to look for entry points in a network or system in order to launch an attack
and check whether the system is penetrable or not.
9. Which of them does not comes under scanning methodologies?
a) Vulnerability scanning
b) Sweeping
c) Port Scanning
d) Google Dorks
View Answer
Answer: d
Explanation: Google dork is used for reconnaissance, which uses special search queries for narrowing
down the search results. The rest three scanning methodologies are used for scanning ports (logical), and
network vulnerabilities.
10. Which of them is not a scanning tool?
a) NMAP
b) Nexpose
c) Maltego
d) Nessus
View Answer
Answer: c
Explanation: NMAP is used for both reconnaissance and scanning purposes. Nepose and Nessus are fully
scanning tool. Maltego is an example of a reconnaissance tool used for acquiring information about target
user.
11. Which of the following comes after MCQ ON ETHICAL
scanning HACKING
phase in ethical hacking?
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
View Answer
Answer: d
Explanation: Gaining access is the next step after scanning. Once the scanning tools are used to look for
flaws in a system, it is the next phase where the ethical hackers or penetration testers have to technically
gain access to a network or system.
12. In __________ phase the hacker exploits the network or system vulnerabilities.
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
View Answer
Answer: d
Explanation: Penetration testers after scanning the system or network tries to exploit the flaw of the
system or network in “gaining access” phase.
advertisement
13. Which of the following is not done in gaining access phase?
a) Tunnelling
b) Buffer overflow
c) Session hijacking
d) Password cracking
View Answer
Answer: a
Explanation: Tunnelling is a method that is followed to cover tracks created by attackers and erasing
digital footprints. Buffer overflow, session hijacking and password cracking are examples of gaining
access to test the flaw in system or network.
14. Which of the below-mentioned penetration testing tool is popularly used in gaining access phase?
a) Maltego
b) NMAP
c) Metasploit
d) Nessus
View Answer
Answer: c
Explanation: Metasploit is a framework and the most widely used penetration testing tool used by ethical
hackers for testing the vulnerabilities in a system or network.

Cyber Security Questions and Answers – Generic Steps for Security – 2

This set of Cyber Security Interview Questions and Answers focuses on “Generic Steps for Security – 2”.

1. A _________ can gain access illegally to a system if the system is not properly tested in scanning and
gaining access phase.
a) security officer
b) malicious hacker
c) security auditor
d) network analyst
View Answer MCQ ON ETHICAL HACKING

Answer: b
Explanation: Malicious hackers can gain illegal access at OS level, application level or network level if
the penetration testers or ethical hackers lack in testing and reporting the vulnerabilities in a system.
2. In which phase, the hackers install backdoors so that his/her ownership with the victim’s system can be
retained later?
a) Scanning
b) Maintaining access
c) Maintaining Access
d) Gaining access
View Answer

Answer: c
Explanation: After gaining access to a system, the hacker needs to keep a path open so that he/she in
future can access the system. Therefore, backdoors are set which will later allow the attacker to gain
access through it easily.
3. _______ is the tool used for this purpose.
a) Powersploit
b) Aircrack – ng
c) Snort
d) Nmap
View Answer

Answer: a
Explanation: The Powersploit is an access maintaining tool used for Windows systems. This tool is used
for gaining re-access to the victim’s system using PowerShell.
4. Which of the following hacking tools and techniques hackers’ do not use for maintaining access in a
system?
a) Rootkits
b) Backdoors
c) Trojans
d) Wireshark
View Answer
Answer: d
Explanation: Wireshark is not a tool for maintaining access because it is used for analysing network
protocols at a microscopic level (very minutely). It is an interactive tool for data traffic analysing on any
computer.
5. In _______ phase, the hackers try to hide their footprints.
a) Scanning
b) Tracks clearing
c) Reconnaissance
d) Gaining access
View Answer

Answer: b
Explanation: Tracks clearing or covering tracks is the name of the phase where the hackers delete logs of
their existence & other activity records they do during the hacking process. This step is actually an
unethical one.
6. Which of them is not a track clearing technique?
a) Altering log files
b) Tunnelling
c) Port Scanning
d) Footprint removing
View Answer MCQ ON ETHICAL HACKING

Answer: c
Explanation: Port scanning is a method used in the scanning phase. Altering or changing log files,
tunnelling for hiding your identity and removing footprints from different sites are examples of clearing
tracks.
7. __________ is the last phase of ethical hacking process.
a) Scanning
b) Tracks clearing
c) Reconnaissance
d) Reporting
View Answer

Answer: d
Explanation: In the reporting phase, the penetration tester or ethical hacker has to assemble all the flaws
along with the tools and processes used for detecting then and report it to the firm or organization.
advertisement

8. Which of the following is not a footprint-scanning tool?

a) SuperScan
b) TcpView
c) Maltego
d) OWASP Zed
View Answer
Answer: c
Explanation: SuperScan, TcpView and OWASP Zed are tools used for scanning footprints. Maltego is not
a footprint-scanning tool. It is used for reconnaissance purpose only.

Cyber Security Questions and Answers – Social Engineering and Physical Hacking

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Social
Engineering and Physical Hacking”.
1. ___________ is a special form of attack using which hackers’ exploit – human psychology.
a) Cross Site Scripting
b) Insecure network
c) Social Engineering
d) Reverse Engineering
View Answer

Answer: c
Explanation: Using social engineering techniques, hackers try to exploit the victim’s mind to gain
valuable information about that person such as his/her phone number, date of birth, pet name etc.
2. Which of the following do not comes under Social Engineering?
a) Tailgating
b) Phishing
c) Pretexting
d) Spamming
View Answer

Answer: d
Explanation: Spamming is the attack technique where the same message is sent indiscriminately
repeatedly in order to overload the inbox or harm the user.
3. _________ involves scams where an individual (usually an attacker) lie to a person (the target victim)
to acquire privilege data.
a) Phishing MCQ ON ETHICAL HACKING
b) Pretexting
c) Spamming
d) Vishing
View Answer

Answer: b
Explanation: In the pretexting technique of social engineering, the attacker pretends in need of legitimate
information from the victim for confirming his/her identity.
4. Which of the following is the technique used to look for information in trash or around dustbin
container?
a) Pretexting
b) Baiting
c) Quid Pro Quo
d) Dumpster diving
View Answer

Answer: d
Explanation: In the technology world, where information about a person seems everywhere; dumpster
diving is the name of the technique where the attacker looks for information in dustbins and trashes. For
example, after withdrawing money from ATM, the user usually throw the receipt in which the total
amount and account details are mentioned. These type of information becomes helpful to a hacker, for
which they use dumpster diving.
5. Which of the following is not an example of social engineering?
a) Dumpster diving
b) Shoulder surfing
c) Carding
d) Spear phishing
View Answer

Answer: c
Explanation: Carding is the method of trafficking of bank details, credit cards or other financial
information over the internet. Hence it’s a fraudulent technique used by hackers and does not comes
under social engineering.
6. In a phishing, attackers target the ________ technology to so social engineering.
a) Emails
b) WI-FI network
c) Operating systems
d) Surveillance camera
View Answer
Answer: a
Explanation: In a phishing attack, the attacker fraudulently attempts to obtain sensitive data (such as
username & passwords) of the target user and use emails to send fake links which redirect them to a fake
webpage which looks legitimate.
7. Tailgating is also termed as ___________
a) Piggybacking
b) Pretexting
c) Phishing
d) Baiting
View Answer
Answer: a
Explanation: Piggybacking is the technique used for social engineering, as the attacker or unauthorized
MCQ ON ETHICAL
person/individual follows behind an authorized HACKING & gets into an authorized area to
person/employee
observe the system, gain confidential data or for a fraudulent purpose.
8. Physical hacking is not at all possible in hospitals, banks, private firms, and non-profit organizations.
a) True
b) False
View Answer
Answer: b
Explanation: Physical hacking, like other types of hacking, is possible in any institutions, organizations,
clinics, private firms, banks or any other financial institutions. Hence, the above statement is false.
9. Stealing pen drives and DVDs after tailgating is an example of lack of _______ security.
a) network security
b) physical security
c) database security
d) wireless security
View Answer

Answer: b
Explanation: When cyber-criminal gain access to an authorized area and steal pen drives and DVDs
which contain sensitive information about an employee or about the organization, then it can be said that
the physical security of the organization is weak.
10. ________ is the ability of an individual to gain physical access to an authorized area.
a) Network accessing
b) Database accessing
c) Remote accessing
d) Physical accessing
View Answer
Answer: d
Explanation: Physical accessing without prior security checking is the ability of a person to gain access to
any authorized area. Physical accessing is done using piggybacking or any other suspicious means.
11. Which of the following is not considering the adequate measure for physical security?
a) Lock the drawers
b) Keep strong passwords for corporate laptops and mobile phones
c) Keep confidential organization’s document file open in the desk
d) Hide your hand against camera while inserting the PIN code
View Answer

Answer: c
Explanation: Keeping confidential files left open in the desk is not an adequate way of maintaining
physical security; as anyone can pick these up and perform physical hacking.
12. Which of the following is not a physical security measure to protect against physical hacking?
a) Add front desk & restrict unknown access to the back room
b) Create a phishing policy
c) Analyze how employees maintain their physical data and data storage peripheral devices
d) Updating the patches in the software you’re working at your office laptop.
View Answer

Answer: d
Explanation: Updating the patches in your working software does not come under security measures for
physical hacking. Updating the patches will help your software get free from bugs and flaws in an
application as they get a fix when patches are updated.
advertisement
13. IT security department must periodically check for security logs and entries made during office hours.
a) True
b) False MCQ ON ETHICAL HACKING
View Answer

Answer: a
Explanation: Checking for security logs and entries made by employees and other outsiders who entered
the office can help in identifying whether any suspicious person is getting in and out of the building or
not.
14. Which of them is not an example of physical hacking?
a) Walk-in using piggybacking
b) Sneak-in
c) Break-in and steal
d) Phishing
View Answer
Answer: d
Explanation: Phishing does not come under physical security. Walk-in without proper authorization,
sneaking in through glass windows or other means and breaking in and stealing sensitive documents are
examples of physical hacking.
15. Physical _________ is important to check & test for possible physical breaches.
a) penetration test
b) security check
c) hacking
d) access
View Answer

Answer: a
Explanation: Physical penetration test is important in order to check for the possible physical security
breaches. Usually corporate firms and organizations stay busy in securing the networks and data and
penetration testers are hired for data and network pentesting, but physical security breach can also equally
hamper.

Cyber Security Questions and Answers – Security Protocols – 1

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Security Protocols
– 1”.

1. ___________ ensures the integrity and security of data that are passing over a network.
a) Firewall
b) Antivirus
c) Pentesting Tools
d) Network-security protocols
View Answer

Answer: d
Explanation: The methods and processes in securing network data from unauthorized content extraction
are controlled by network-security protocols.
2. Which of the following is not a strong security protocol?
a) HTTPS
b) SSL
c) SMTP
d) SFTP
View Answer
Answer: c
Explanation: SMTP (is abbreviated as Simple Mail Transfer Protocol) is a standard protocol to transmit
MCQtransmitting
electronic mail and is a widely used mail ON ETHICALprotocol.
HACKING
3. Which of the following is not a secured mail transferring methodology?
a) POP3
b) SSMTP
c) Mail using PGP
d) S/MIME
View Answer

Answer: a
Explanation: POP (Post Office Protocol) is a simple protocol which fetches the updated mail stored for
you by the server. S/MIME (Secure/Multipurpose Internet Mail Extensions), SSMTP (Secure-Simple
Mail Transfer Protocol), and PGP (Pretty Good Privacy) are examples of protocols and methods for
secure mailing.
4. __________ is a set of conventions & rules set for communicating two or more devices residing in the
same network?
a) Security policies
b) Protocols
c) Wireless network
d) Network algorithms
View Answer
Answer: b
Explanation: Network protocols are designed with mechanisms for identifying devices and make
connections between them. In addition, some proper rules are defined as to how data packets will be sent
and received.
5. TSL (Transport Layer Security) is a cryptographic protocol used for securing HTTP/HTTPS based
connection.
a) True
b) False
View Answer

Answer: a
Explanation: TLS which has now become SSL (Secure Socket Layer) is one of the popular cryptographic
protocols developed to provide security to computer network while communication.
6. HTTPS is abbreviated as _________
a) Hypertexts Transfer Protocol Secured
b) Secured Hyper Text Transfer Protocol
c) Hyperlinked Text Transfer Protocol Secured
d) Hyper Text Transfer Protocol Secure
View Answer
Answer: d
Explanation: Hyper Text Transfer Protocol Secure (HTTPS) is a security protocol which maintains
security when data is sent from browser to server and vice versa. It denotes that all communication setup
between the browser and the server is encrypted.
7. SSL primarily focuses on _______
a) integrity and authenticity
b) integrity and non-repudiation
c) authenticity and privacy
d) confidentiality and integrity
View Answer
Answer: a
Explanation: SSL primarily focuses on maintaining the integrity of the data. Also, it maintains
authenticity which helps the customersMCQ
feelON ETHICAL
secure HACKING over the internet.
to communicate
8. In SSL, what is used for authenticating a message?
a) MAC (Message Access Code)
b) MAC (Message Authentication Code)
c) MAC (Machine Authentication Code)
d) MAC (Machine Access Code)
View Answer

Answer: b
Explanation: For authenticating in SSL, a short message known as MAC (Message Authentication Code)
is used for authenticating a message; where both the sender & the receiver need to implement the same
key in order to start communicating.
9. __________ is used for encrypting data at network level.
a) IPSec
b) HTTPS
c) SMTP
d) S/MIME
View Answer

Answer: a
Explanation: IPSec (Secure Internet Protocol) is used for securing data at the network level by using 3
different protocols. These are Encapsulating Secure Payload (ESP), Authentication Header, and Internet
Key Exchange (IKE).
10. S/MIME is abbreviated as __________________
a) Secure/Multimedia Internet Mailing Extensions
b) Secure/Multipurpose Internet Mailing Extensions
c) Secure/Multimedia Internet Mail Extensions
d) Secure/Multipurpose Internet Mail Extensions
View Answer

Answer: d
Explanation: Secure/Multipurpose Internet Mail Extensions is the most popular protocol used to send
encrypted messages that are digitally signed. In this protocol, the encryption is done with a digital sign in
them.
11. Users are able to see a pad-lock icon in the address bar of the browser when there is _______
connection.
a) HTTP
b) HTTPS
c) SMTP
d) SFTP
View Answer

Answer: b
Explanation: It is when HTTPS (Hyper Text Transfer Protocol Secure) connection is built an extended
validation certificate is installed in the website for security reasons.
12. Why did SSL certificate require in HTTP?
a) For making security weak
b) For making information move faster
c) For encrypted data sent over HTTP protocol
d) For sending and receiving emails unencrypted
View Answer
Answer: c
Explanation: In the case of HTTP connection, data are sent as plain-text, which is easily readable by
MCQ
hackers, especially when it is credit card ON ETHICAL
details HACKING
and personal information. But with the incorporation of
SSL certificate, communication becomes secure and data sent and received are encrypted.
advertisement

13. SFTP is abbreviated as ________

a) Secure File Transfer Protocol
b) Secured File Transfer Protocol
c) Secure Folder Transfer Protocol
d) Secure File Transferring Protocol
View Answer
Answer: a
Explanation: It is a secured FTP, where communication is made secured using SSH (Secure Shell) which
helps in secure transferring of files in both local as well as remote systems.
14. PCT is abbreviated as ________
a) Private Connecting Technology
b) Personal Communication Technology
c) Private Communication Technique
d) Private Communication Technology
View Answer

Answer: d
Explanation: Private Communication Technology (PCT) is similar to SSL except that the size of the
message is smaller in the case of PCT. It supports different encryption algorithms like DES, RSA, Diffie-
Hellman etc.

Cyber Security Questions and Answers – Security Protocols – 2

This set of Cyber Security Questions and Answers for Freshers focuses on “Security Protocols – 2”.

1. Authentication in PCT requires _____ keys.

a) 1
b) 2
c) 3
d) 4
View Answer

Answer: b
Explanation: For message encryption using PCT it requires two separate keys. Moreover, PCT has more
options for data formats and security algorithms.
2. The latest version of TLS is _____
a) version 1.1
b) version 1.2
c) version 2.1
d) version 1.3
View Answer

Answer: b
Explanation: The latest standard version of TLS is version 1.2. Version 1.3 is still in the development
stage.
3. SIP is abbreviated as __________
a) Session Initiation Protocol
b) Secured Initiation Protocol
c) Secure Initiation Protocol
d) Session Integration Protocol
View Answer
MCQ ON ETHICAL HACKING
Answer: a
Explanation: Session Initiation Protocol is an important protocol used for starting, preserving and
terminating any real time sessions over the internet.
4. In which of the following cases Session Initiation Protocol is not used?
a) Instant Messaging
b) Voice over LTE (VoLTE)
c) Internet telephony
d) Data Transferring
View Answer
Answer: d
Explanation: Session Initiation Protocol is used as real-time session maintaining and is used voice, video
as well as messaging applications for controlling multimedia communication sessions.
5. SRTP is abbreviated as ________
a) Secure Relay Transport Protocol
b) Secure Real-time Transferring Protocol
c) Secure Real-time Transport Protocol
d) Secure Real-time Transportation Protocol
View Answer
Answer: c
Explanation: Secure Real-time Transport Protocol is a real-time multimedia delivery protocol with
encryption for message integrity and authentication. It is used mostly in entertainment systems and
streaming media and sites.
6. ESP is abbreviated as ____________
a) Encapsulating Security Payload
b) Encapsulating Secure Protocol
c) Encrypted Secure Payload
d) Encapsulating Secure Payload
View Answer

Answer: d
Explanation: Encapsulating Secure Payload is a special type of protocol used for offering integrity,
authentication, and confidentiality to network packets’ data in IPSec (Secure Internet Protocol).
7. ________ is the entity for issuing digital certificates.
a) Certificate Authority (CA)
b) Cert Authority (CA)
c) Cert Authorization (CA)
d) Certificate Authorization (CA)
View Answer

Answer: a
Explanation: Digital certificates are used for certifying the ownership of a public key and the entity who
issue those certificates is the Certificate Authority.
advertisement

8. IKE is abbreviated as Internet Key Exchange.

a) True
b) False
View Answer
Answer: a
Explanation: Internet Key Exchange is a security protocol used for setting up a security association in the
MCQ ONProtocol
Secure IP protocol. IKE = Key Management ETHICAL(KMP)
HACKING
+ Security Association (SA).

Cyber Security Questions and Answers – Hacking Terminologies – 1

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Hacking
Terminologies – 1”.

1. ________ is any action that might compromise cyber-security.

a) Threat
b) Vulnerability
c) Exploit
d) Attack
View Answer

Answer: a
Explanation: Threat can be termed as a possible danger that may lead to breach the cyber security and
may cause possible harm to the system or the network.
2. Existence of weakness in a system or network is called _______
a) Threat
b) Vulnerability
c) Exploit
d) Attack
View Answer

Answer: b
Explanation: Vulnerability is the term used to define weakness in any network or system that can get
exploited by an attacker. Exploiting the weakness can lead to the unexpected & undesirable event in cyber
security.
3. When any IT product, system or network is in need for testing for security reasons, then the term used
is called _________
a) Threat
b) Vulnerability
c) Target of Evaluation
d) Attack
View Answer

Answer: c
Explanation: Target of Evaluation is the term used when any IT infrastructure, system, network require
evaluation for security reasons or for fixing any bugs after being tested by penetration testers.
4. An/A ________ is an act that violates cyber-security.
a) Threat
b) Vulnerability
c) Exploit
d) Attack
View Answer
Answer: d
Explanation: An “attack” or “cyber-attack” is an attempt taken by attackers to alter, delete, steal or expose
any specific data by gaining unauthorized access.
5. ________ is a way to breach the security by using the vulnerability of that system.
a) Threat
b) Vulnerability
c) Exploit
d) Attack
View Answer
MCQ ON ETHICAL HACKING
Answer: c
Explanation: An exploit can be any data, piece of code, a program, sequence of commands or any
software that uses the vulnerability or flaw of a system and helps attackers or cyber-criminals cause
unanticipated behaviour.
6. _________ is an act of hacking by the means of which a political or social message is conveyed.
a) Hacktivism
b) Whistle-blowing
c) Surveillance
d) Pseudonymization
View Answer

Answer: a
Explanation: Hacktivism is an act of defacing a website, or any network or system. Systems and networks
are compromised with a political or social agenda.
7. _______ is the method of developing or creating a structurally similar yet unauthentic and illegitimate
data of any firm or company.
a) Data copying
b) Data masking
c) Data breaching
d) Data duplicating
View Answer
Answer: b
Explanation: Data masking is the method used for developing or creating a structurally similar version of
data of any organization that is not authentic. These types of unauthentic data are purposefully created for
protecting the actual data.
8. Data masking is also known as _________
a) Data obfuscation
b) Data copying
c) Data breaching
d) Data duplicating
View Answer
Answer: a
Explanation: Data obfuscation is the alternate term used for data masking, that is used for developing or
creating a structurally similar version of data of any organization that is not authentic. These types of
unauthentic data are purposefully created for protecting the actual data.
9. ________ automates an action or attack so that repetitive tasks are done at a faster rate.
a) Auto-bots
b) Cookie-bots
c) Robots
d) Bots
View Answer

Answer: d
Explanation: Bots are a set of codes written which helps to perform repetitive tasks at a much faster rate
than humans.
10. Backdoors are also known as ____________
a) Trap doors
b) Front doors
c) Cover doors
d) Back entry
View Answer
MCQ ON ETHICAL HACKING
Answer: a
Explanation: Trap-doors are hidden entry points in any already hacked system that is set to bypass
security measures.
11. Adware are pre-chosen _______ developed to display ads.
a) banner
b) software
c) malware
d) shareware
View Answer
Answer: b
Explanation: Adware is software that is displayed on system or web pages for showing pre-chosen ads.
12. ________ is an attack technique occurs when excess data gets written to a memory block.
a) Over buffering
b) Buffering
c) Buffer overflow
d) Memory full
View Answer
Answer: c
Explanation: Buffer overflow is a flaw that occurs in memory when excessive data is written which
makes the buffer allocated to seize.
advertisement

13. Finding & publishing any user’s identity with the help of different personal details is called ________
a) Doxing
b) Data breaching
c) Personal data copying
d) Secure File Transferring Protocol
View Answer
Answer: a
Explanation: When an identity of internet user is discovered and published by following his/her details
over the internet is called doxing.
14. In IP address, IP is abbreviated as __________
a) Internet Program
b) Internet Protocol
c) Intuition Programs
d) Internet Pathway
View Answer
Answer: b
Explanation: In IP Address, IP is abbreviated as Internet Protocol. It acts as a unique address or identifier
of any computer or device in the internet.
15. Whaling is the technique used to take deep and _________ information about any individual.
a) sensitive
b) powerful
c) useless
d) casual
View Answer

Answer: a
Explanation: Whaling uses phishing technique which helps hackers in stealing deep and sensitive
information about any member of an organization. The information can be private addresses, phone
number, future plans and projects, salary and bonuses.
MCQ ON ETHICAL HACKING
Cyber Security Questions and Answers – Hacking Terminologies – 2

This set of Cyber Security Interview Questions and Answers for freshers focuses on “Hacking
Terminologies – 2”.

1. _________ are a specific section of any virus or malware that performs illicit activities in a system.
a) Malicious programs
b) Worms
c) Spyware
d) Payload
View Answer
Answer: d
Explanation: Payloads are parts of a virus that helps in performing malicious activities such as destroying
information, blocking network traffic, compromising data, steal and spy for sensitive information.
2. ____________ is a scenario when information is accessed without authorization.
a) Data infiltration
b) Data Hack
c) Information compromise
d) Data Breach
View Answer
Answer: d
Explanation: Data breach is the term used when the cyber-security incident takes place where sensitive
information is accessed without authority.
3. ____________ is an attempt to steal, spy, damage or destroy computer systems, networks or their
associated information.
a) Cyber-security
b) Cyber attack
c) Digital hacking
d) Computer security
View Answer

Answer: b
Explanation: Cyber attack can be defined as an attempt to steal, spy, damage or destroy different
components of cyberspace such as computer systems, associated peripherals, network systems, and
information.
4. ___________ is a device which secretly collects data from credit / debit cards.
a) Card Skimmer
b) Data Stealer
c) Card Copier
d) Card cloner
View Answer

Answer: a
Explanation: Card skimmer is hardware that is installed and setup in ATMs secretly so that when any user
will swipe or insert their card in the ATM, the skimmer will fetch all information from the magnetic strip.
5. _____________ is a technique used when artificial clicks are made which increases revenue because of
pay-per-click.
a) Clickjacking
b) Clickfraud
c) Keylogging
d) Click-hacking
View Answer
MCQ ON ETHICAL HACKING
Answer: b
Explanation: Clickfraud is an attack technique used when artificial clicks get generated to increase the
revenue in ad-campaigns online.
6. __________ is the practice implemented to spy someone using technology for gathering sensitive
information.
a) Cyber espionage
b) Cyber-spy
c) Digital Spying
d) Spyware
View Answer

Answer: a
Explanation: Cyber espionage is a practice done by both ethical and non-ethical hackers to spy on others
for gathering confidential information.
7. ____________ is the way or technique through which majority of the malware gets installed in our
system.
a) Drive-by click
b) Drive-by redirection
c) Drive-by download
d) Drive-by injecting USB devices
View Answer
Answer: c
Explanation: An accidental yet dangerous action that takes place in the cyberspace which helps attackers
place their malware into the victim’s system. This technique is called Drive-by download.
8. ______ is the term used for toolkits that are purchased and used for targeting different exploits.
a) Exploit bag
b) Exploit set
c) Exploit Toolkit
d) Exploit pack
View Answer
Answer: d
Explanation: Exploit pack or Exploit kit is the term used for toolkits that are purchased and used for
targeting different exploits.
9. Identity theft is the term used when a cyber-thief uses anybody’s personal information to impersonate
the victim for their benefit.
a) True
b) False
View Answer

Answer: a
Explanation: Identity theft is the term used when a cyber-thief uses anybody’s personal information to
impersonate the victim for their benefit. In this type of cyber-crime, information like social security
number, personal details, and images, hobbies and passion details, driving license number and address
details are compromised.
10. _________ is the hacking approach where cyber-criminals design fake websites or pages for tricking
or gaining additional traffic.
a) Cyber-replication
b) Mimicking
c) Website-Duplication
d) Pharming
View Answer
MCQ ON ETHICAL HACKING
Answer: a
Explanation: The technique and approach through which cyber-crooks develop fake web pages and sites
to trick people for gaining personal details such as login ID and password as well as personal information,
is known as pharming.
11. RAM-Scraping is a special kind of malware that looks (scrape) for sensitive data in the hard drive.
a) True
b) False
View Answer
Answer: a
Explanation: It is a special kind of malware that looks for sensitive data that you’ve stored in your hard
drive. RAM-scraping is one of those kinds.
12. When you book online tickets by swiping your card, the details of the card gets stored in ______
a) database system
b) point-of-sale system
c) servers
d) hard drives
View Answer
Answer: b
Explanation: The point-of-sale system is a system where the retailer or company stores financial records
and card details of the e-commerce system or online business transactions.
advertisement

13. Point-of-sale intrusion does not deal with financial details and credit card information.
a) True
b) False
View Answer

Answer: b
Explanation: Point-of-sale intrusion is an attack that deals with financial details and credit card
information, where the payment system of the company or retailer is compromised and left with
customer’s financial information at risk.
14. _______ are deadly exploits where the vulnerability is known and found by cyber-criminals but not
known and fixed by the owner of that application or company.
a) Unknown attacks
b) Secret attacks
c) Elite exploits
d) Zero-day exploits
View Answer
Answer: d
Explanation: Zero-day exploits are used to attack a system as soon as cyber-criminals came to know about
the weakness or the day the weaknesses are discovered in a system. Hackers exploit these types of
vulnerabilities before the creator releases the patch or fix the issue.
15. Zero-day exploits are also called __________
a) zero-day attacks
b) hidden attacks
c) un-patched attacks
d) un-fixed exploits
View Answer
Answer: a
Explanation: Zero-day exploits are also called zero-day attacks where the vulnerability is known and
MCQ ON
found by cyber-criminals or ethical hackers butETHICAL HACKING
not known and fixed by the creator/owner of that
application or company.

Cyber Security Questions and Answers – Ports and Its Types – 1

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Ports and Its
Types – 1”.

1. There are ______ major types of ports in computers.

a) 1
b) 2
c) 3
d) 4
View Answer
Answer: b
Explanation: There are 2 major types of ports in computer systems. These are physical ports and logical
ports.
2. PS2 and DVI are examples of Logical ports.
a) True
b) False
View Answer
Answer: b
Explanation: PS2 and DVI are examples of physical ports. Physical ports can be touched and seen with
our naked eyes.
3. Physical ports are usually referred to as ___________
a) jacks
b) cables
c) interfaces
d) hardware plugs
View Answer

Answer: c
Explanation: Physical ports are connections that connect two systems for their interactions. LAN, PS2
and DVI are examples of physical ports.
4. ____________ are logical numbers assigned for logical connections.
a) Logical ports
b) Physical ports
c) Networking cables
d) IP address
View Answer

Answer: a
Explanation: Logical ports are end-point to a logical connection. The numbers are pre-assigned by IANA
(Internet Assigned Numbers Authority) which ranges from 0 – 65536.
5. Number of logical ports ranges from _____ to _____
a) 0, 255
b) 1, 65535
c) 1, 65536
d) 0, 65536
View Answer
Answer: d
Explanation: The numbers are pre-assigned by IANA (Internet Assigned Numbers Authority) which
MCQ ON are
ranges from 0 – 65536. All the used protocols ETHICAL HACKING
assigned with a unique port number.
6. Logical ports are also known as ________________
a) numbered ports
b) virtual numbering
c) virtual ports
d) network protocol ports
View Answer

Answer: c
Explanation: Logical ports are also known as virtual ports which are part of TCP/IP networking. The
numbers of ports are pre-assigned by IANA (Internet Assigned Numbers Authority) which ranges from 0
– 65536.
7. Virtual ports help software in sharing without interference all hardware resources.
a) True
b) False
View Answer

Answer: a
Explanation: Virtual ports also known as logical ports helps different applications in sharing without the
interference of all hardware resources. The network traffic is automatically managed by routers using
these ports.
8. ________ needs some control for data flow on each and every logical port.
a) Antivirus
b) Network firewall
c) Intrusion Detection Systems (IDS)
d) Anti-malware
View Answer
Answer: b
Explanation: For security reason, there is some additional control provided by the network firewall over
data traffic going through each logical ports.
9. The logical port is associated with the type of protocol used along with the IP address of the host.
a) True
b) False
View Answer

Answer: a
Explanation: During a communication, the logical port is ass associated with the type of protocol used
along with the IP address of the host. The numbers logical ports are pre-assigned by IANA (Internet
Assigned Numbers Authority) which ranges from 0 – 65536.
10. Which of the following is the port number for FTP data?
a) 20
b) 21
c) 22
d) 23
View Answer

Answer: a
Explanation: Port number 20 is the logical port number for FTP data service. FTP protocol is a standard
protocol used for transmitting and receiving files from client to server through a network.
advertisement

11. Which of the following is the port number for FTP control?
a) 20
b) 21
c) 22
d) 23 MCQ ON ETHICAL HACKING
View Answer

Answer: b
Explanation: Port number 21 is the logical port number for FTP control service. FTP protocol is a
standard protocol used for transmitting and receiving files from client to server through a network.
12. Which of the following is the port number for SSH (Secure Shell)?
a) 20
b) 21
c) 22
d) 23
View Answer

Answer: c
Explanation: Port number 22 is the logical port number for Secure Shell service. SSH gives users
(specifically system administrators), a way to securely access computers on unsecured network
connectivity.
13. Which of the following is the port number for Telnet?
a) 20
b) 21
c) 22
d) 23
View Answer

Answer: d
Explanation: Port number 23 is the logical port number for Telnet. Telnet is used for bi-directional
communication over the internet in text-oriented format. It also gives virtual terminal connectivity.

Cyber Security Questions and Answers – Ports and Its Types – 2

This set of Cyber Security Questions and Answers for Experienced people focuses on “Ports and Its
Types – 2”.

1. Which of the following is the port number for SMTP service?

a) 29
b) 27
c) 25
d) 23
View Answer
Answer: c
Explanation: Port number 25 is the logical port number for Simple Mail Transfer Protocol (SMTP)
service. SMTP is an Internet standard protocol for email transmission.
2. Which of the following are the port numbers for IPSec service?
a) 50, 51
b) 49, 50
c) 51, 52
d) 23, 24
View Answer

Answer: a
Explanation: Port numbers 50 and 51 are the logical port numbers for IPSec service. IPSec is a standard
protocols suite used among 2 communication points that help in providing data authentication,
confidentiality, and integrity.
3. Which of the following are the port numbers for DHCP?
a) 66, 67
b) 67, 68 MCQ ON ETHICAL HACKING
c) 65, 66
d) 68, 69
View Answer

Answer: c
Explanation: Port numbers 67 and 68 are the logical port numbers for Dynamic Host Configuration
Protocol (DHCP) service. It helps in providing Internet Protocol (IP) host automatically along with
related configuration information like subnet mask and default gateway.
4. Which of the following is the port number for TFTP service?
a) 69
b) 70
c) 71
d) 72
View Answer

Answer: a
Explanation: Port number 69 is the logical port number for Trivial File Transfer Protocol (TFTP) service.
It is an internet software utility protocol used for transferring files.
5. Port 80 handles unencrypted web traffic.
a) True
b) False
View Answer

Answer: a
Explanation: Ports are assigned to different services for identification of which port is sending traffic over
the network. Port 80 is used by the popular HTTP (Hyper Text Transfer Protocol) that handles
unencrypted web traffic.
6. Why it is important to know which service is using which port number?
a) For database security
b) For reporting data security to the auditor
c) For understanding which data is going through secured traffic and which is not
d) For checking unused data traffic
View Answer
Answer: c
Explanation: If a security analyst or ethical hacker knows which port is open and through which port data
is going, he/she will be able to know which data is going in encrypted form and which one is not. Also, it
helps in securing a system by closing the logical ports so that hackers cannot gain access through them.
7. Which of the following is the port number for SFTP service?
a) 21
b) 22
c) 23
d) 69
View Answer

Answer: b
Explanation: Port number 22 is both used as the logical port for Secure File Transfer Protocol (SFTP) as
well as Secure Shell (SSH) service. This is because SFTP also uses SSH for encryption.
8. Which of the following is the port number for HTTP?
a) 79
b) 80
c) 81
d) 82
View Answer
MCQ ON ETHICAL HACKING
Answer: b
Explanation: Port number 80 is the logical port number for the popular Hyper-Text Transfer Protocol
(HTTP) service. This protocol defines how messages are formatted and transmitted over unencrypted
traffic.
9. TACACS+ uses TCP port 49.
a) True
b) False
View Answer
Answer: a
Explanation: Terminal Access Controller Access-Control System (TACACS) is used for handling remote
authentication and associated services. TACACS+ was developed by Cisco Systems in the year 1993.
10. Which of the following is the port number for Kerberos?
a) 87
b) 88
c) 89
d) 86
View Answer
Answer: b
Explanation: Port number 88 is the logical port number for Kerberos service. It is a computer network
authentication protocol that works on a non-secure network to prove the identity.
advertisement

11. Which of the following is the port number for POP3?

a) 110
b) 111
c) 112
d) 113
View Answer
Answer: a
Explanation: Port number 110 is the logical port number for Post Office Protocol-3 service. This protocol
periodically checks our mail-box for synchronizing our latest emails with that of the server.
12. Which of the following is the port number for SNMP?
a) 160
b) 161
c) 162
d) 163
View Answer
Answer: b
Explanation: Port number 161 is the logical port number for Simple Network Management Protocol
(SNMP) service. It’s an application layer protocol that helps in managing and monitoring our network
devices.
13. Which of the following is the port number for SNMP – Trap?
a) 160
b) 161
c) 162
d) 163
View Answer
Answer: c
Explanation: Port number 161 is the logical port number for Simple Network Management Protocol
(SNMP) – Trap service, where Trap isMCQ
usedONforETHICAL
services HACKING
like prompting with alerts if the device that is
using SNMP-trap is overheated.

Cyber Security Questions and Answers – Firewalls – 1

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Firewalls – 1”.

1. Firewalls can be of _______ kinds.

a) 1
b) 2
c) 3
d) 4
View Answer

Answer: c
Explanation: Firewalls are of three kinds – one is the hardware firewalls, another is software firewalls and
the other is a combination of both hardware and software.
2. _________________ is the kind of firewall is connected between the device and the network
connecting to internet.
a) Hardware Firewall
b) Software Firewall
c) Stateful Inspection Firewall
d) Microsoft Firewall
View Answer
Answer: a
Explanation: Hardware firewalls are those firewalls that need to be connected as additional hardware
between the device through which the internet is coming to the system and the network used for
connecting to the internet.
3. _________ is software that is installed using an internet connection or they come by-default with
operating systems.
a) Hardware Firewall
b) Software Firewall
c) Stateful Inspection Firewall
d) Microsoft Firewall
View Answer
Answer: b
Explanation: Software firewalls are those kinds of firewalls that are installed in the system using internet
connection as we install normal applications and update them. Some operating system vendors provide
default firewalls with their operating systems.
4. Which of the following is not a software firewall?
a) Windows Firewall
b) Outpost Firewall Pro
c) Endian Firewall
d) Linksys Firewall
View Answer

Answer: d
Explanation: Windows Firewall, Outpost Firewall Pro and Endian Firewall are software firewalls that are
installed in the system. Linksys firewall is not an example of a software firewall.
5. Firewall examines each ____________ that are entering or leaving the internal network.
a) emails users
b) updates
c) connections
d) data packets MCQ ON ETHICAL HACKING
View Answer

Answer: d
Explanation: Firewalls examines each data packets that are entering or leaving the internal network which
ultimately prevents unauthorized access.
6. A firewall protects which of the following attacks?
a) Phishing
b) Dumpster diving
c) Denial of Service (DoS)
d) Shoulder surfing
View Answer

Answer: c
Explanation: Firewalls are used to protect the computer network and restricts illicit traffic. Denial of
Service (DoS) attack is one such automated attack which a firewall with proper settings and the updated
version can resist and stop from getting executed.
7. There are ______ types of firewall.
a) 5
b) 4
c) 3
d) 2
View Answer

Answer: b
Explanation: There are four types of firewall based on their working and characteristics. These are Packet
Filtering Firewalls, Circuit Level Gateway Firewalls, Application level Gateway Firewalls, and Stateful
Multilayer Inspection Firewalls.
8. Packet filtering firewalls are deployed on ________
a) routers
b) switches
c) hubs
d) repeaters
View Answer
Answer: a
Explanation: Packet filtering firewalls are deployed on routers that help in connecting internal network
worldwide via the internet.
9. In the ______________ layer of OSI model, packet filtering firewalls are implemented.
a) Application layer
b) Session layer
c) Presentation layer
d) Network layer
View Answer

Answer: d
Explanation: In the network layer, which is the third layer of the OSI (Open Systems Interconnection)
model, packet filtering firewalls are implemented.
10. The __________ defines the packet filtering firewall rules.
a) Access Control List
b) Protocols
c) Policies
d) Ports
View Answer
MCQ ON ETHICAL HACKING
Answer: a
Explanation: The Access Control List is a table containing rules that instruct the firewall system to
provide the right access. It checks all the packets and scans them against the defined rule set by Network
administrator in the packet filtering firewall.
11. ACL stands for _____________
a) Access Condition List
b) Anti-Control List
c) Access Control Logs
d) Access Control List
View Answer

Answer: d
Explanation: The Access Control List is a table containing to check all the packets and scans them against
the defined rule set by Network administrator in any particular system or firewall.
12. When a packet does not fulfil the ACL criteria, the packet is _________
a) resend
b) dropped
c) destroyed
d) acknowledged as received
View Answer
Answer: b
Explanation: In the packet filtering firewall, when the rules defined by the Access Control List is not meet
by any data packet, the packet is dropped & logs are updated in the firewall.
advertisement

13. Network administrators can create their own ACL rules based on _______ ________ and _______
a) Address, Protocols and Packet attributes
b) Address, Protocols and security policies
c) Address, policies and Packet attributes
d) Network topology, Protocols and data packets
View Answer
Answer: a
Explanation: Network administrators can create their own ACL rules based on Address, Protocols and
Packet attributes. This is generally done where the specific customised type of data packets need to pass
through firewall screening.
14. One advantage of Packet Filtering firewall is __________
a) more efficient
b) less complex
c) less costly
d) very fast
View Answer

Answer: c
Explanation: Packet filtering firewalls are more advantageous because they are less costly and they use
fewer resources and are used effectively in small networks.
15. Packet filtering firewalls work effectively in _________ networks.
a) very simple
b) smaller
c) large
d) very large complex
View Answer
Answer: b
Explanation: Packet Filtering Firewalls are applied within routers which connect the internal Network
system with the outside network usingMCQ ON ETHICAL
the internet. HACKING
It works effectively if the internal network is smaller
in size.

Cyber Security Questions and Answers – Firewalls – 2

This set of Cyber Security Interview Questions and Answers for Experienced people focuses on
“Firewalls – 2”.

1. Packet filtering firewalls are vulnerable to __________

a) hardware vulnerabilities
b) MiTM
c) phishing
d) spoofing
View Answer
Answer: d
Explanation: One popular disadvantage of the packet filtering technique is that it cannot support the
complex models of rules and is spoofing attack-prone in some cases as well.
2. Circuit-level gateway firewalls are installed in _______ layer of OSI model.
a) Application layer
b) Session layer
c) Presentation layer
d) Network layer
View Answer
Answer: b
Explanation: In the session layer (which is the fifth layer) of the OSI model, circuit-level gateway
firewalls are deployed for monitoring TCP sessions for 3-way handshakes.
3. Which of these comes under the advantage of Circuit-level gateway firewalls?
a) They maintain anonymity and also inexpensive
b) They are light-weight
c) They’re expensive yet efficient
d) They preserve IP address privacy yet expensive
View Answer

Answer: a
Explanation: For a private network, or for organizations, circuit-level gateway firewalls maintain
anonymity. They’re also inexpensive as compared to other firewall types.
4. Which of the following is a disadvantage of Circuit-level gateway firewalls?
a) They’re expensive
b) They’re complex in architecture
c) They do not filter individual packets
d) They’re complex to setup
View Answer

Answer: c
Explanation: Circuit-level gateway firewalls don’t filter packets individually which gives the attacker a
chance to take access in the network.
5. _____________ gateway firewalls are deployed in application-layer of OSI model.
a) Packet Filtering Firewalls
b) Circuit Level Gateway Firewalls
c) Application-level Gateway Firewalls
d) Stateful Multilayer Inspection Firewalls
View Answer
MCQ ON ETHICAL HACKING
Answer: c
Explanation: Application level Gateway Firewalls are deployed in the application-layer of OSI model for
protecting the network for different protocols of the application layer.
6. Application level gateway firewalls protect the network for specific _____________
a) application layer protocol
b) session layer protocol
c) botnet attacks
d) network layer protocol
View Answer
Answer: a
Explanation: Some specific application layer protocols need protection from attacks which is done by the
application level gateway firewall in the application layer of the OSI model.
7. Application level gateway firewalls are also used for configuring cache-servers.
a) True
b) False
View Answer

Answer: a
Explanation: As caching servers, the application level gateway firewalls are configured that helps in
increasing the network performance making it smooth for logging traffic.
8. ___________ firewalls are a combination of other three types of firewalls.
a) Packet Filtering
b) Circuit Level Gateway
c) Application-level Gateway
d) Stateful Multilayer Inspection
View Answer

Answer: d
Explanation: Stateful Multilayer Inspection firewalls are a combination of other three types of firewalls.
These combinations are Packet filtering, circuit level and application-level gateway firewalls.
9. Stateful Multilayer Inspection firewall cannot perform which of the following?
a) Filter network layer packets
b) Check for legitimate session
c) Scans for illicit data packets at the presentation layer
d) Evaluate packets at application lager
View Answer
Answer: c
Explanation: Stateful Multilayer Inspection firewalls are designed to perform filtering packets in the
network layer, check for legitimate sessions in the session layer as well as evaluate all packets at the
application layer of OSI model. But it cannot scan for illicit data packets at the presentation layer.
10. We can also implement ____________ in Stateful Multilayer Inspection firewall.
a) external programs
b) algorithms
c) policies
d) algorithms and external programs
View Answer

Answer: b
Explanation: Stateful Multilayer Inspection firewall can also allow us to implement algorithms as well as
complex security modes making data transfer more secure.
11. One advantage of Stateful Multilayer Inspection firewall is __________
a) costlier but easy to understand
b) large to manage MCQ ON ETHICAL HACKING
c) complex internal architecture
d) large to manage but efficient
View Answer

Answer: c
Explanation: Stateful Multilayer Inspection firewalls are complex internally due to multiple
characteristics of different firewalls incorporated together which makes it powerful and more secure.
12. Packet filtering firewalls are also called ____________
a) first generation firewalls
b) second generation firewalls
c) third generation firewalls
d) fourth generation firewalls
View Answer

Answer: a
Explanation: Packet filtering firewalls are also called the first generation firewalls. It came into the picture
around the 1980s. Packet filtering technique cannot support the complex models of rules and is spoofing
attack-prone in some cases as well.
advertisement

13. Stateful Multilayer firewalls are also called ____________

a) first generation firewalls
b) second generation firewalls
c) third generation firewalls
d) fourth generation firewalls
View Answer
Answer: b
Explanation: Stateful multilayer firewalls are also called second generation firewalls. They came into the
picture in around 1989-1990. Due to multiple characteristics of different firewalls in Multilayer
Inspection firewalls, it makes such type of firewalls powerful and more secure.
14. Application layer firewalls are also called ____________
a) first generation firewalls
b) second generation firewalls
c) third generation firewalls
d) fourth generation firewalls
View Answer
Answer: c
Explanation: Application layer firewalls are also called third generation firewalls. They came into the
picture in around 1995-1998. Application level gateway firewalls are helped in making the network
performance smooth for logging traffic.

Cyber Security Questions and Answers – VPNs

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “VPNs”.
1. VPN is abbreviated as __________
a) Visual Private Network
b) Virtual Protocol Network
c) Virtual Private Network
d) Virtual Protocol Networking
View Answer
Answer: c
Explanation: A Virtual Private Network i.e. VPN is a technique used in networking or other intermediate
networks for connecting computers and MCQ ON ETHICAL
making HACKING
them isolated remote computer networks, maintaining a
tunnel of security and privacy.
2. __________ provides an isolated tunnel across a public network for sending and receiving data
privately as if the computing devices were directly connected to the private network.
a) Visual Private Network
b) Virtual Protocol Network
c) Virtual Protocol Networking
d) Virtual Private Network
View Answer

Answer: d
Explanation: A Virtual Private Network i.e. VPN is a technique used in networking or other intermediate
networks for connecting computers and making them isolated remote computer networks, maintaining a
tunnel of security and privacy.
3. Which of the statements are not true to classify VPN systems?
a) Protocols used for tunnelling the traffic
b) Whether VPNs are providing site-to-site or remote access connection
c) Securing the network from bots and malwares
d) Levels of security provided for sending and receiving data privately
View Answer
Answer: c
Explanation: VPN systems have specific protocols for tunnelling the traffic, secure remote access
connectivity as well as make sure how many levels of security it is providing for private data
communication.
4. What types of protocols are used in VPNs?
a) Application level protocols
b) Tunnelling protocols
c) Network protocols
d) Mailing protocols
View Answer
Answer: a
Explanation: All VPNs are formed with a combination of tunnelling protocols as well as encryption
techniques for maintaining privacy and security.
5. VPNs uses encryption techniques to maintain security and privacy which communicating remotely via
public network.
a) True
b) False
View Answer
Answer: a
Explanation: All VPNs are formed with a combination of tunnelling protocols as well as encryption
techniques for maintaining privacy and security.
6. There are _________ types of VPNs.
a) 3
b) 2
c) 5
d) 4
View Answer

Answer: b
Explanation: VPNs are of two types. These are remote access VPNs & Site-to-site VPNs. Remote Access
VPNs are used for business & home users. Site-to-site VPNs are mainly used in companies and firms
with different geographical locations.
7. Site-to-site VPNs are also known asMCQ ON ETHICAL HACKING
________
a) Switch-to-switch VPNs
b) Peer-to-Peer VPNs
c) Point-to-point VPNs
d) Router-to-router VPNs
View Answer
Answer: d
Explanation: Site-to-site VPNs are also known as Router-to-router VPNs. They are mainly used in
companies and firms with different geographical locations.
8. _________ type of VPNs are used for home private and secure connectivity.
a) Remote access VPNs
b) Site-to-site VPNs
c) Peer-to-Peer VPNs
d) Router-to-router VPNs
View Answer

Answer: a
Explanation: Remote access VPN allows individual users to connect to private networks at home and
access resources remotely.
9. Which types of VPNs are used for corporate connectivity across companies residing in different
geographical location?
a) Remote access VPNs
b) Site-to-site VPNs
c) Peer-to-Peer VPNs
d) Country-to-country VPNs
View Answer
Answer: b
Explanation: Site-to-site VPNs are also known as Router-to-router VPNs which are typically used in
companies and firms for connecting remotely different branches with different geographical locations.
10. Site-to-Site VPN architecture is also known as _________
a) Remote connection based VPNs
b) Peer-to-Peer VPNs
c) Extranet based VPN
d) Country-to-country VPNs
View Answer

Answer: c
Explanation: Site-to-site VPN architecture is also known as extranet based VPNs because these type of
VPNs are typically used to connect firms externally between different branches of the same company.
11. There are ________ types of VPN protocols.
a) 3
b) 4
c) 5
d) 6
View Answer

Answer: d
Explanation: There are six types of protocols used in VPN. These are Internet Protocol Security or IPSec,
Layer 2 Tunnelling Protocol (L2TP), Point – to – Point Tunnelling Protocol (PPTP), Secure Sockets
Layer (SSL), OpenVPN and Secure Shell (SSH).
12. For secure connection, Remote access VPNs rely on ___________ and ____________
a) IPSec, SSL
b) L2TP, SSL MCQ ON ETHICAL HACKING
c) IPSec, SSH
d) SSH, SSL
View Answer

Answer: a
Explanation: A remote-access VPN typically depends on either Secure Sockets Layer (SSL) or IP
Security (IPsec) for a secure connection over public network.
advertisement

13. A ______ can hide a user’s browsing activity.

a) Firewall
b) Antivirus
c) Incognito mode
d) VPN
View Answer
Answer: d
Explanation: VPNs are used for hiding user’s browsing activities and maintain anonymity. This also helps
in preventing user’s personal browsing data leakage and protects the leakage of browsing habits.
14. __________ masks your IP address.
a) Firewall
b) Antivirus
c) VPN
d) Incognito mode
View Answer
Answer: c
Explanation: VPNs are used for masking user’s IP address and maintain anonymity. This protects leakage
of IP address that almost every website grabs when a user opens a website.
15. _________ are also used for hides user’s physical location.
a) Firewall
b) Antivirus
c) Incognito mode
d) VPN
View Answer

Answer: d
Explanation: VPNs are used for hiding your physical location which helps in maintaining anonymity.
Using IP address and browsing habits, link search, your physical location can be traced.
16. Using VPN, we can access _______________
a) Access sites that are blocked geographically
b) Compromise other’s system remotely
c) Hide our personal data in the cloud
d) Encrypts our local drive files while transferring
View Answer

Answer: a
Explanation: With the help of VPN, users can access and connect to sites that are kept blocked by the
ISPs based on a specific geographic location.

Cyber Security Questions and Answers – Linux OS and its Security

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Linux OS and its
Security”.
MCQ ON ETHICAL HACKING
1. _________ is one of the most secured Linux OS that provides anonymity and an incognito option for
securing its user data.
a) Fedora
b) Tails
c) Ubuntu
d) OpenSUSE
View Answer

Answer: b
Explanation: If any user is looking for Linux based security solutions, Tails is one of the most popular
Linux-based operating systems that provides anonymity and an incognito option for securing its user data.
2. Which of the following OS does not comes under a secured Linux OS list?
a) Qubes OS
b) Tails
c) Tin Hat
d) Ubuntu
View Answer

Answer: d
Explanation: Qubes OS, Tails OS, and Tin Hat are amongst the most secured Linux Operating Systems
(OS) that provide fast and secure Linux experience along with maintaining anonymity for the users.
3. ____________ is a Debian-Linux based OS that has 2 VMs (Virtual Machines) that help in preserving
users’ data private.
a) Fedora
b) Ubuntu
c) Whonix
d) Kubuntu
View Answer

Answer: c
Explanation: Whonix is a Debian-Linux based OS that has 2 VMs (Virtual Machines) that help in
preserving users’ data private. One VM is a Tor Gateway that runs Debian while the other is Workstation.
4. Subgraph OS is a Debian based Linux distro which provides hardcore anonymity and is approved by
Edward Snowden.
a) True
b) False
View Answer
Answer: a
Explanation: Subgraph OS is a secured Debian-based Linux distro which provides hardcore anonymity
and is approved by Edward Snowden. It helps the users give anonymous digital experience along with
data hardening feature.
5. Which of the following comes under secured Linux based OS?
a) Ubuntu
b) Fedora
c) Kubuntu
d) Tails
View Answer

Answer: d
Explanation: If any user is looking for Linux based security solutions, Tails is one of the most popular
Linux-based operating systems that provide anonymity and incognito option for securing its user data.
6. Using the ______ account of a UNIX system, one can carry out administrative functions.
a) root
b) administrative MCQ ON ETHICAL HACKING
c) user
d) client
View Answer

Answer: a
Explanation: Using the root account of a UNIX system, one can carry out administrative functions in the
system. Rest of the accounts in the system are unprivileged, i.e. other accounts have no rights beyond
accessing of files having proper permission.
7. In your Linux-based system, you have to log-in with your root account for managing any feature of
your system.
a) True
b) False
View Answer

Answer: b
Explanation: Try to avoid logging in as a root user. In your Linux-based system, you don’t have to log-in
with your root account for managing any feature of your system. For the administrative task, you can use
the tool or command ‘sudo’ or ‘su’ that gives root privileges.
8. In a Linux-based system, the accounts may be members of 1 or more than one group.
a) True
b) False
View Answer

Answer: a
Explanation: In a Linux-based system, the accounts may be members of 1 or more groups. If any group
has been assigned to access resources, then from the security perspective, one needs to keep in mind that
every member of that group gets access to it automatically.
9. MAC is abbreviated as _______________
a) Machine Access Control
b) Mandatory Accounts Control
c) Mandatory Access Controlling
d) Mandatory Access Control
View Answer
Answer: d
Explanation: Mandatory Access Control systems provides separation of a computer and its OS into
several small discrete sections. This is because the user of a system can only utilize those pieces of a
system for which they’ve been given permission to.
10. _______________ in a system is given so that users can use dedicated parts of the system for which
they’ve been given access to.
a) Machine Access Control
b) Mandatory Accounts Control
c) Mandatory Access Control
d) Mandatory Access Controlling
View Answer

Answer: c
Explanation: Mandatory Access Control is a technique that provides separation of a computer with its OS
into several small discrete sections so that the user of a system can only utilize those pieces of a system
for which they’ve been given permission to.
advertisement
11. DTE is abbreviated as ___________________
a) Domain and Type Enforcing
b) Domain and Type Enforcement MCQ ON ETHICAL HACKING
c) DNS and Type Enforcement
d) DNS and Type Enforcing
View Answer

Answer: b
Explanation: Domain and Type Enforcement is a technique for access-control in technology and in OS
like Linux which helps in limiting the access of programs that are running, to limited users, or only to
those who have permission to access.
12. RBAC is abbreviated as ______________
a) Rule-Based Accessing Control
b) Role-Based Access Control
c) Rule-Based Access Control
d) Role-Based Accessing Control
View Answer

Answer: b
Explanation: RBAC which is abbreviated as Role-Based Access Control defines a set of functions for
users in a Linux system and is often built on top of DTE systems. Here users can log for certain roles and
run particular programs that are apposite for the role.

Cyber Security Questions and Answers – Buffer Overflow – 1

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Buffer Overflow –
1”.
1. A __________ is a sequential segment of the memory location that is allocated for containing some
data such as a character string or an array of integers.
a) stack
b) queue
c) external storage
d) buffer
View Answer

Answer: d
Explanation: A buffer is a sequential segment of the memory location that is allocated for containing
some data such as a character string or an array of integers. The buffer can handle data only if limited data
is inserted.
2. In a _____________ attack, the extra data that holds some specific instructions in the memory for
actions is projected by a cyber-criminal or penetration tester to crack the system.
a) Phishing
b) MiTM
c) Buffer-overflow
d) Clickjacking
View Answer
Answer: c
Explanation: In a buffer-overflow attack, the extra data that holds some specific instructions in the
memory for actions is projected by a cyber-criminal or penetration tester to crack the system.
3. How many types of buffer-overflow attack are there?
a) 4
b) 2
c) 5
d) 3
View Answer
MCQ ON ETHICAL HACKING
Answer: b
Explanation: There are two different types of buffer-overflow attack. These are stack-based and heap-
based buffer overflow. In both the cases, this type of exploit takes advantage of an application that waits
for user’s input.
4. Let suppose a search box of an application can take at most 200 words, and you’ve inserted more than
that and pressed the search button; the system crashes. Usually this is because of limited __________
a) buffer
b) external storage
c) processing power
d) local storage
View Answer

Answer: a
Explanation: In a scenario, where to suppose a search box of an application can take at most 200 words,
and you’ve inserted more than that and pressed the search button; the system crashes. Usually, this is
because of the limited buffer.
5. ______________ is a widespread app’s coding mistake made by developers which could be exploited
by an attacker for gaining access or malfunctioning your system.
a) Memory leakage
b) Buffer-overrun
c) Less processing power
d) Inefficient programming
View Answer

Answer: b
Explanation: Buffer-overflow, also known as buffer-overrun is a widespread application’s coding mistake
made by developers which could be exploited by an attacker for gaining access or malfunctioning your
system.
6. Buffer-overflow is also known as ______________
a) buffer-overrun
b) buffer-leak
c) memory leakage
d) data overflow
View Answer

Answer: a
Explanation: Buffer-overflow, also known as buffer-overrun is a widespread application’s coding mistake
made by app developers which could be exploited by an attacker for gaining access or malfunctioning
your system.
7. Buffer-overflow may remain as a bug in apps if __________ are not done fully.
a) boundary hacks
b) memory checks
c) boundary checks
d) buffer checks
View Answer

Answer: c
Explanation: Buffer-overflow may remain as a bug in apps if boundary checks are not done fully by
developers or are skipped by the QA (Quality Assurance) testers of the software development team.
8. Applications developed by programming languages like ____ and ______ have this common buffer-
overflow error.
a) C, Ruby
b) Python, Ruby
c) C, C++
d) Tcl, C# MCQ ON ETHICAL HACKING
View Answer

Answer: c
Explanation: Applications developed by programming languages like C and C++ have this common
buffer-overflow error. The strcat(), strcpy(), sprintf(), gets() etc when called in C and C++ can be
exploited because these functions don’t check whether the stack is large enough for storing the data.
9. Why apps developed in languages like C, C++ is prone to Buffer-overflow?
a) No string boundary checks in predefined functions
b) No storage check in the external memory
c) No processing power check
d) No database check
View Answer
Answer: a
Explanation: The strcat(), strcpy(), sprintf(), gets() etc when called in C and C++ can be exploited because
these functions don’t check whether the stack is large enough for storing the data fetched from some other
variable holding larger data.
10. Old operating systems like _______ and NT-based systems have buffer-overflow attack a common
vulnerability.
a) Windows 7
b) Chrome
c) IOS12
d) UNIX
View Answer
Answer: d
Explanation: Old operating systems like UNIX and NT-based systems have buffer-overflow attack a
common vulnerability. This is because they were developed in old programming languages.

Cyber Security Questions and Answers – Buffer Overflow – 2

This set of Cyber Security test focuses on “Buffer Overflow – 2”.

1. Buffer-overflow attack can take place if a machine can execute a code that resides in the data/stack
segment.
a) True
b) False
View Answer
Answer: a
Explanation: Buffer-overflow attack can take place either the programmer lack boundary testing or if a
machine can execute a code that resides in the data/stack segment.
2. Among the two types ____________buffer-overflow is complex to execute and the least common
attack that may take place.
a) memory-based
b) queue-based
c) stack-based
d) heap-based
View Answer

Answer: d
Explanation: Among the two types of buffer-overflow, heap-based buffer-overflow attacks are hard to
execute and the least common of the 2 types. It attacks the application by flooding the space of memory
that is reserved for a program.
3. _____________ buffer overflows, MCQ
whichONareETHICAL HACKING
more common among attackers.
a) Memory-based
b) Queue-based
c) Stack-based
d) Heap-based
View Answer
Answer: c
Explanation: In the case of stack-based buffer overflows, which is very common among the two types of
buffer-overflow; it exploits applications by flooding the stack: memory-space where users externally
input the data.
4. With the lack of boundary check, the program ends abnormally and leads to ___________ error.
a) logical
b) segmentation
c) compile-time
d) syntax
View Answer

Answer: b
Explanation: In buffer-overflow, with the lack of boundary check, the program ends abnormally and leads
to segmentation error or bus error. Sometimes the application on which the attack was done get stuck or
hang and suddenly the app closes.
5. In an application that uses heap, the memory for data is allocated ____________
a) logical
b) dynamically
c) statically
d) at the beginning of the program
View Answer

Answer: b
Explanation: In an application that uses the heap, memory utilized by the application is allocated
dynamically at runtime. Access to such memories is comparatively slower than memories that use the
stack.
6. In an application that uses stack, the memory for data is allocated ____________
a) logical
b) dynamically
c) statically
d) at the end of the program
View Answer
Answer: c
Explanation: In application that uses heap, memory utilized by the application is allocated at the
beginning of the function call and the memory get released at the end of a program. Accessing of values
in the stack is very fast.
7. Malicious code can be pushed into the _________ during ______________ attack.
a) stack, buffer-overflow
b) queue, buffer-overflow
c) memory-card, buffer-overflow
d) external drive, buffer-overflow
View Answer
Answer: a
Explanation: Malicious code can be pushed into the stack during the buffer-overflow attack. The overflow
MCQ so
can be used to overwrite the return pointer ONthat
ETHICAL HACKING switches to the malicious code.
the control-flow
8. Variables that gets created dynamically when a function (such as malloc()) is called is created in the
form of _______ data-structure.
a) array
b) queue
c) stack
d) heap
View Answer

Answer: d
Explanation: Variables that gets created dynamically when a function (such as malloc()) is called is
created in the form of heap data-structure. In heap-based overflow, the buffer is placed on the lower part
of the heap, overwriting all dynamically generated variables.
9. How many primary ways are there for detecting buffer-overflow?
a) 6
b) 3
c) 2
d) 5
View Answer
Answer: c
Explanation: There are two ways to detect buffer-overflow in an application. One way is to look into the
code and check whether the boundary check has been properly incorporated or not. The other way is to
make the executable build of the product, feed the application with a huge amount of data and check for
abnormal behaviour.
10. Testing for buffer-overflow in a system can be done manually and has two possible ways.
a) True
b) False
View Answer

Answer: a
Explanation: Testing for buffer-overflow in a system can be done manually, and has two possible ways.
One way is to look into the code and check whether the boundary check has been properly incorporated or
not. The other way is to make the executable build of the product, feed the application with a huge
amount of data and check for abnormal behaviour.

Cyber Security Questions and Answers – Enumerating in Cyber Security

This set of Cyber Security Question Paper focuses on “Enumerating in Cyber Security”.

1. Attackers commonly target ____________ for fetching IP address of a target or victim user.
a) websites
b) web pages
c) ip tracker
d) emails
View Answer

Answer: a
Explanation: Enumeration by cyber-attackers is possible through websites also, as the attackers target
websites for fetching the IP address of the victim or the target user.
2. Developing a fake or less useful website and is meant to just fetch the IP address is very easily done by
attackers.
a) True
b) False
View Answer
MCQ ON ETHICAL HACKING
Answer: a
Explanation: Developing a fake or less useful website and is meant to just fetch the IP address is very
easily done by attackers. Enumeration by cyber-attackers is possible through websites also, as the
attackers target websites for fetching the IP address of the victim or the target user.
3. What common web scripting languages are used by attackers to fetch various details from its surfing
users?
a) Tcl and C#
b) C++ and HTML
c) HTML and Python
d) Perl and JavaScript
View Answer

Answer: d
Explanation: Various scripting languages are used by attackers, such as Perl and JavaScript, that are
programmed to fetch not only the IP address from the site but also other user’s personal information.
4. ______________ is the first phase of ethical hacking.
a) DNS poisoning
b) Footprinting
c) ARP-poisoning
d) Enumeration
View Answer
Answer: d
Explanation: Enumeration is the first phase of Ethical Hacking where a gathering of information is done
for the process of hacking or attacking any victim or system. Here that attacker tries to discover as much
attack vectors as possible.
5. Enumeration is done to gain information. Which of the following cannot be achieved using
enumeration?
a) IP Tables
b) SNMP data, if not secured appropriately
c) Private chats
d) List of username and password policies
View Answer
Answer: c
Explanation: Enumeration is an information gaining technique used in ethical hacking to achieve data
regarding victim’s IP table, SNMP data, lists of username and passwords of different systems etc but not
private chats.
6. Enumeration does not depend on which of the following services?
a) DNS enumeration
b) SNMP enumeration
c) NTP enumeration
d) HTTPS enumeration
View Answer

Answer: d
Explanation: Enumerations depend on the different services that the system offers. These services are –
SMB enumeration, DNS enumeration, SNMP numeration, NTP enumeration, and Linux/Windows
enumeration.
7. __________ suite is used for NTP enumeration.
a) DNS
b) NTP
c) HTTP
d) SNMP
View Answer MCQ ON ETHICAL HACKING

Answer: b
Explanation: NTP Suite is employed for NTP enumeration. This is significant for a network environment;
where anyone can discover other primary servers which assist the hosts to update their time, and the entire
process can be done without authenticating.
8. enum4linux is used to enumerate _______________
a) Linux systems
b) Windows systems
c) Chrome systems
d) Mac systems
View Answer

Answer: a
Explanation: ‘enum4linux’ is implemented for enumerating the Linux systems. Using this, the attacker
can examine and establish the usernames that are present in a target host.
9. ___________ is used that tries for guessing the usernames by using SMTP service.
a) smtp-user-enum
b) smtp-enum
c) snmp-enum
d) snmp-user-enum
View Answer
Answer: a
Explanation: SNMP-user-enum is used that tries to guess the usernames by using SMTP service. Using
this, an attacker can examine and establish the usernames that are present in a target host.
10. To stop your system from getting enumerated, you have to disable all services.
a) True
b) False
View Answer

Answer: a
Explanation: To stop your system from getting enumerated, it is recommended to disable all services that
are not in use. It lessens the potential of OS enumeration of your system.
11. Even our emails contain the IP address of the sender which helps in the enumeration. We can get this
IP from ___________ from within the email.
a) ‘forward’ option
b) ‘show original’ option
c) ‘Show full email’
d) ‘View Original’ option
View Answer

Answer: b
Explanation: It is possible to know the IP address of the sender of your email by opening the email and
going to the ‘more’ button and then selecting the ‘show original’ option. In this way, one can find the IP
address and do enumeration.
12. __________________is a computing action used in which usernames & info about user-groups,
shares as well as services of networked computers can be regained.
 MCQ ON ETHICAL HACKING

a) Hardware enumeration
b) System enumeration
c) Network enumeration
d) Cloud enumeration
View Answer

Answer: c
Explanation: Network enumeration is a computing action used in which usernames & info about user-
groups, shares as well as services of networked computers can be regained.
advertisement

13. Network enumeration is the finding of __________ or devices on a network.

a) hosts
b) servers
c) network connection
d) cloud storage
View Answer
Answer: a
Explanation: Network enumeration is the detection of hosts or devices on a particular network. Network
enumeration is a computing action used in which usernames & info about user-groups, shares as well as
services of networked computers can be regained.
14. A _______________ is a computer program implemented for recovering usernames & info on groups,
shares as well as services of networked computers.
a) hardware enumerator
b) software enumerator
c) network enumerator
d) cloud enumerator
View Answer

Answer: c
Explanation: A network enumerator is a computer program implemented for recovering usernames & info
on groups, shares as well as services of networked computers. These type of programs are used for
network enumeration in order to detect hosts or devices on a particular network.
15. Network enumerator is also known as ________________
a) hardware scanner
b) software enumerator
c) program enumerator
d) network scanner
View Answer
Answer: d
Explanation: Network enumerator is also known as Network scanner which is a computer program
implemented for recovering usernames & info on groups, shares as well as services of networked
computers.
MCQ ON ETHICAL HACKING
Cyber Security Questions and Answers – Hacking and Security Skills

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Hacking and
Security Skills”.

1. An ethical hacker must need to have the skills of understanding the problem, networking knowledge
and to know how the technology works.
a) True
b) False
View Answer

Answer: a
Explanation: An ethical hacker must need to have the skills of understanding the problem, networking
knowledge and to know how the technology works. Password guessing and securing, network traffic
sniffing, exploring for vulnerabilities are some other skills.
2. _________ persistence and up-to-date with the latest technological updates and their flaws are some of
the major qualities; an ethical hacker must need to have.
a) Lack of understanding
b) Weak programming skills
c) High patience
d) Low perseverance
View Answer

Answer: c
Explanation: High patience, persistence, perseverance, and up-to-date with the latest technological
updates and their flaws are some of the major qualities, an ethical hacker must need to have.
3. ________________ enables a hacker to open a piece of program or application and re-build it with
further features & capabilities.
a) Social engineering
b) Reverse engineering
c) Planting malware
d) Injecting code
View Answer

Answer: b
Explanation: Reverse engineering is the technique used to enable a hacker to open a piece of program or
application (usually in a low-level language such as Assembly language) and re-build it with further
features & capabilities.
4. Which of the following do not comes under the intangible skills of hackers?
a) Creative thinking
b) Problem-solving capability
c) Persistence
d) Smart attacking potential
View Answer
Answer: d
Explanation: Every hacker must possess some intangible skill-set such as creative thinking to process out
a new way of penetrating a system, problem-solving skills as to cease down any active attack and
persistence, try in different ways without losing hope.
5. Why programming language is important for ethical hackers and security professionals?
a) Only to write malware
b) For solving problems and building tool and programs
c) To teach programming
d) To develop programs to harm others
View Answer MCQ ON ETHICAL HACKING

Answer: b
Explanation: A programming language is important for hackers and security professionals to understand
so that they can understand the working behaviour of any virus, ransomware, or other malware, or write
their own defense code to solve a problem. Nowadays, security tools and malware are developed by
security professionals with high skills and knowledge.
6. Understanding of ___________ is also important for gaining access to a system through networks.
a) os
b) email-servers
c) networking
d) hardware
View Answer
Answer: c
Explanation: A proper understanding of networking is very important for hackers who are trying to gain
access to a system through networks. How TCP/IP works, how topologies are formed and what protocols
are used for what purposes are some mandatory stuff a hacker or security professional must understand.
7. For hacking a database or accessing and manipulating data which of the following language the hacker
must know?
a) SQL
b) HTML
c) Tcl
d) F#
View Answer
Answer: a
Explanation: For hacking a database or accessing and manipulating data, a hacker must need to have the
knowledge of SQL (Structured Query Language). From a hacker’s perspective, if you’ve accessed any
database for short period of time and want to change some specific data, you must need to write a proper
SQL query to search for or implement your hack faster.
advertisement

8. Information Gathering about the system or the person or about organization or network is not
important.
a) True
b) False
View Answer
Answer: b
Explanation: Information Gathering about the system or the person or about organization or network is
not important so that as a hacker one can get to know well about the target system or victim.

Cyber Security Questions and Answers – Fingerprinting

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Fingerprinting”.

1. ________________ is an ethical hacking technique used for determining what operating system (OS) is
running on a remote computer.
a) Footprinting
b) Cyber-printing
c) OS fingerprinting
d) OS penetration testing
View Answer
Answer: c
Explanation: OS fingerprinting is an ethical hacking technique used for determining what operating
MCQ ON ETHICAL HACKING
system (OS) is running on a remote computer.
2. How many types of fingerprinting are there in ethical hacking?
a) 5
b) 4
c) 3
d) 2
View Answer

Answer: d
Explanation: There are two types of fingerprinting in ethical hacking. These are active fingerprinting and
passive fingerprinting. Active fingerprinting is gained if you send especially skilled packets to a target
machine whereas passive fingerprinting is dependent on sniffer traces from the remote computer.
3. _______________________ is gained if you send especially skilled packets to a target machine.
a) Active fingerprinting
b) Passive fingerprinting
c) OS fingerprinting
d) Network fingerprinting
View Answer

Answer: a
Explanation: Active fingerprinting is gained if you send especially skilled packets to a target machine and
then listing down its replies and analyzing the information gathered for determining the target OS.
4. _______________________ is based on sniffer traces from the remote system.
a) Active fingerprinting
b) Passive fingerprinting
c) OS fingerprinting
d) Network fingerprinting
View Answer

Answer: b
Explanation: Passive fingerprinting is dependent on the sniffing traces from any remote system.
Depending on the sniffing traces done by tools like Wireshark, attackers can establish and verify the OS
of the remote host.
5. How many basic elements are there for OS fingerprinting?
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: c
Explanation: There are four basic elements that an ethical hacker should look at to determine the
operating system. These are TTL, Don’t fragment bit, Window Size, and Type of Service (TOS).
6. Which of the following do not comes under the important element of OS fingerprinting?
a) TTL
b) TOS
c) DF bits
d) Firewall
View Answer

Answer: d
Explanation: There are four basic elements that an ethical hacker should look at to determine the
operating system. These are TTL (time to Live), Don’t fragment bit, Window Size, and Type of Service
(TOS).
7. By analyzing the factors like TTL, MCQ ON Window
DF bits, ETHICAL Size
HACKING
and TOS of a packet, an ethical hacker may
verify the operating system remotely.
a) True
b) False
View Answer

Answer: a
Explanation: There are four basic elements that an ethical hacker should look at to determine the
operating system. By analyzing these elements TTL, DF bits, Window Size and TOS of a packet, an
ethical hacker may verify the operating system remotely.
8. ______________ is a common tool used for doing OS fingerprinting.
a) Hping
b) Wireshark
c) Nmap
d) Nessus
View Answer

Answer: c
Explanation: Nmap is a common tool that is used for performing OS fingerprinting. Before targeting any
system for the attack, it is necessary to know what OS the website is hosting, which can be found out
using some simple command of this tool.
9. To secure your system from such type of attack, you have to hide your system behind any VPN or
proxy server.
a) True
b) False
View Answer

Answer: a
Explanation: It is recommended to hide your system from such fingerprinting attack, performed by
hackers, with a secure proxy server by using VPN tools. This technique will completely preserve your
identity and hence your system.
10. A _____________ is a network scanning practice through which hackers can use to conclude to a
point which IP address from a list of IP addresses is mapping to live hosts.
a) ping-based hacking
b) ping sweep
c) ping-range
d) pinging
View Answer
Answer: b
Explanation: A ping sweep is a network scanning practice through which hackers can use to conclude to a
point which IP address from a list of IP addresses is mapping to live hosts.
11. Ping sweep is also known as ________________
a) ICMP sweep
b) SNMP sweep
c) SGNP sweep
d) SICMP sweep
View Answer

Answer: a
Explanation: A ping sweep which is also known as ICMP sweep is a network scanning practice through
which hackers can use to conclude to a point which IP address from a list of IP addresses is mapping to
live hosts.
12. The _____________ command is used on Linux for getting the DNS and host-related information.
a) dnslookup
b) lookup MCQ ON ETHICAL HACKING
c) nslookup
d) infolookup
View Answer

Answer: c
Explanation: The ‘nslookup’ command is used on Linux for getting the DNS and host-related
information. DNS enumeration is the method used to locate all the DNS-servers and their associated
records.
advertisement

13. ___________________ is the method used to locate all the DNS-servers and their associated records
for an organization.
a) DNS enumeration
b) DNS hacking
c) DNS cracking
d) DNS server hacking
View Answer

Answer: a
Explanation: DNS enumeration is the method used to locate all the DNS-servers and their associated
records for an organization. ‘nslookup’ command can be used on Linux for getting the DNS and host-
related information.
14. Which of the following operations DNSenum cannot perform?
a) Perform reverse lookups
b) Get the host’s addresses
c) Get extra names and sub-domains through Google scraping
d) Get the admin password
View Answer
Answer: d
Explanation: DNSenum is a popular Perl script that can fetch information such as – fetching host address,
perform a reverse lookup, get additional name and sub-domain through Google scraping etc.
15. The configuration of DNS needs to be done in a secure way.
a) True
b) False
View Answer

Answer: a
Explanation: Configuration of DNS needs to be done in a secure way, otherwise it is possible that cyber-
criminals and hackers may take away lots of sensitive information from the organization.

Cyber Security Questions and Answers – Exploits and Exploitation

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Exploits and
Exploitation”.

1. ________________ are piece of programs or scripts that allow hackers to take control over any system.
a) Exploits
b) Antivirus
c) Firewall by-passers
d) Worms
View Answer
Answer: a
Explanation: Exploits are the piece of programs or scripts that allow hackers to take control over any
system. Vulnerability scanners such asMCQ ON ETHICAL
Nexpose HACKING
and Nessus are used for finding such vulnerabilities.
2. The process of finding vulnerabilities and exploiting them using exploitable scripts or programs are
known as _____________
a) infiltrating
b) exploitation
c) cracking
d) hacking
View Answer

Answer: b
Explanation: The process of finding vulnerabilities and exploiting them using exploitable scripts or
programs are known as exploitation. Vulnerability scanners such as Nexpose and Nessus are used for
finding such vulnerabilities and then they are exploited using such programs and scripts.
3. Which of them is not a powerful vulnerability detecting tool?
a) Nessus
b) Nexpose
c) Metasploit
d) Nmap
View Answer
Answer: d
Explanation: Some of the most widely used tools for detecting vulnerabilities in a system are Nessus,
Nexpose, Metasploit and OpenVAS. Hackers use these tools for detecting vulnerabilities and then write
exploits to exploit the systems.
4. __________ is the specific search engine for exploits where anyone can find all the exploits associated
to vulnerability.
a) Google
b) Bing
c) Exploit-db
d) Exploit-engine
View Answer
Answer: c
Explanation: Since based on vulnerabilities, we can find exploits, Exploit-db is the specific search engine
for exploits where anyone can find all the exploits associated with vulnerability. You can find this from
https://www.exploit-db.com.
5. Which of the following are not a vulnerability-listed site/database?
a) Exploit-db
b) Common Vulnerabilities and Exposures (CVE)
c) National Vulnerability Database (NVD)
d) Bing Vulnerability database (BVD)
View Answer

Answer: d
Explanation: Exploit-db (https://www.exploit-db.com/), Common Vulnerabilities and Exposures (CVE)
(https://cve.mitre.org/), and National Vulnerability Database (NVD) (https://nvd.nist.gov/) are three
vulnerability listing site.
6. There are __________ types of exploits based on their working.
a) two
b) three
c) four
d) five
View Answer
Answer: a
Explanation: There are two different types of exploits. These are remote exploits – where hackers can
MCQ ON ETHICAL
gain access to the system or network remotely, and localHACKING
exploits – where the hacker need to access the
system physically and overpass the rights.
7. How many types of exploits are there based on their nature from hacking’s perspective?
a) 4
b) 3
c) 2
d) 5
View Answer

Answer: c
Explanation: There are basically 2 types of exploits based on the nature of their existence and knowledge.
These are known and unknown (i.e. Zero Day). Known exploits are those that are released publicly and
people know about them. Unknown exploits are such type of exploits that are not known or the bugs are
not fixed by vendors or owners.
8. Known exploits have a confirmation of and measures can be taken against it to resolve them.
a) True
b) False
View Answer

Answer: a
Explanation: Known exploits have a confirmation of and measures can be taken against it to resolve them.
These types of vulnerabilities and exploit details are available online in blogs and sites.
9. Unknown exploits are those exploits that have not yet been reported openly and hence present a
straightforward attack at firms and the government agencies.
a) True
b) False
View Answer
Answer: a
Explanation: Unknown exploits are those exploits that have not yet been reported openly and hence
present a straightforward attack at firms and the government agencies. They’re also called Zero-day
exploits.
10. A ____________ is a set of changes done to any program or its associated data designed for updating,
fixing, or improving it.
a) scratch
b) patch
c) fixer
d) resolver
View Answer
Answer: b
Explanation: The term ‘patch’ in the applied computer science is a set of changes done to any program or
its associated data designed for updating, fixing, or improving it. Patch releases are done by vendors to
solve any bug in a system.
11. Fixing of security vulnerabilities in a system by additional programs is known as __________
patches.
a) hacking
b) database
c) server
d) security
View Answer
Answer: d
Explanation: Fixing of security vulnerabilities in a system by additional programs is known as security
MCQ
patches. These type of patches helps in ONsecurity
fixing ETHICALbugs
HACKING
and improving the overall security of the
system.
12. Known bugs can be solved or removed by __________________ develop by the vendors of the
application.
a) removing the application
b) changing the software
c) installing security patches
d) installing database patches
View Answer

Answer: c
Explanation: Known bugs and vulnerabilities of a system can be solved or installing or updating the
security patches developed by the vendor or owner of that particular application.
advertisement

13. ___________________ are some very frequent updates that come for every anti-virus.
a) Patch update
b) Data update
c) Code update
d) Definition update
View Answer
Answer: d
Explanation: Definition updates are some very frequent updates that come for every anti-virus. These
updates are frequently rolled out in order to update your antivirus software with the latest releases of
attack vectors and bugs.
14. National Vulnerability Database (NVD) is _________________ repository of data regarding
vulnerability standards.
a) U.S. government
b) India government
c) Russian government
d) China Government
View Answer

Answer: a
Explanation: National Vulnerability Database (NVD) is the US government repository of data regarding
vulnerability standards. It is available from the link https://nvd.nist.gov.
15. CVE is a directory of lists of publicly recognized information security vulnerabilities as well as
exposures.
a) True
b) False
View Answer

Answer: a
Explanation: CVE is a directory of lists of publicly recognized information security vulnerabilities as well
as exposures. It is available from the link https://cve.mitre.or