Cyber Security MCQ

Solution: A) Information Security

Explanation:  Information security refers to the protection provided to the valuable data/ information form recording, destruction, unauthorized access, or disclosure. It is the method used to prevent physical and electronic information.

Database security is the security provided to protect a large amount of data in the company (small and huge databases). It includes several controls, tools, and measures to preserve data integrity, confidentiality, and availability in the computer system.

Solution: C) Cloud workload protection platform.

Explanation: Cloud workload protection platform (CWPP) is used in the cloud for the safety and protection of information. It keeps applications secure and protects workload for all types in any location (cloud work protection across multiple users).

AWS monitors the network activity and account behavior to identify the threats within the cloud environment.

One drive is the safest place to keep the data/ files safe as it has a built-in SSL encryption tunnel that protects data. It can save photos, documents, and other files in the cloud.

Solution: C) Threat

Explanation: A threat is a negative action taken to damage data, steal data or disrupt digital life. The threat is a condition in which some illegal actions compromise confidential information. This information is harmed by unauthorized access, disclosure, modification, and data destruction.

Vulnerability is the leak/weak point that threatens the organization's cyber security. The attack is a planned assault to steal and harm the information.

A bug is an unwanted and undescribed problem in the computer system (hardware or software). It is the fault and flows in any computer program or hardware system.   

Solution: D) Cyberattack

Explanation: A cyberattack attacks a computer system via the internet, where unauthorized attempts are made to access a computer system to modify and steal data. There are numerous cyber-attacks:-

• Malware
• Phishing
• Denial of attack
• SQL injection
• Brute-force attack
• Cross-site scripting

Cybercrime is the crime done by using the computer as an instrument and a network to do something illegal. Cybercrime is an illegal fraud over the internet like trafficking in child pornography, intellectual property, stealing identities, and violating privacy. Various cyber-crime in India are:- Hacking, denial-of –services, spamming, cross-site scripting and phishing scam, etc.

System hacking is one digital crime where a system is hacked by sending malicious code to the system. Various viruses are added to hack the system.    

Solution: D) Availability of information.

Explanation:  With the availability of information, users can access the information. Availability is the presence of data needed by the user at any time (information is accessible to the authorized user).

Solution: C) Authenticity

Explanation: Authenticity identifies the authentic user and origin of the information. Authenticity is the feature of security that ensures the validation and authorization of an individual/ user to receive specific information (it ensures the exchange of information, message, the transaction is from the claimed source it should be).

Confidentiality is the secrecy of the message, transaction, and information.

Availability ensures the presence of data at the required time (decision time). Availability is the presence of data needed by the user (authorized user).

Integrity refers to protecting and guarding the data, application, hardware, and operating system against being altered by unauthorized individuals.

Solution: C) Encryption of data.

Explanation: Data encryption is used to maintain and ensure the confidentiality of data or information. Various algorithms are used to encrypt data, and further, it is decrypted in a readable format. The readable plain text is converted into unreadable encoded format (ciphertext) in encryption.

Solution: D) Open system Interconnection

Explanation: Open system interconnection is a model that provides a framework to transmit a message between any two entities in a network. It consists of seven layers that perform services for the layer above it. Seven layers of the OSI model are:-

• Application layer
• Presentation layer
• Session layer
• Transport layer
• Network layer
• Datalink layer
• Physical layer

Solution: C) Security

Explanation: To strengthen the security and confidentiality of the company, it becomes mandatory for the user to change the password every month.

Solution: B) Cipher Text

Explanation: Ciphertext is an encrypted text (transformed from plain text using an encryption algorithm). Cipher is an algorithm used for converting plain text to ciphertext. Secret text is a hidden message that anyone can write.  

Solution: D) All the above

Explanation: Cyber security functions like acting as a protection shield against malware provide security from cyber-attack and cyber- terrorists.

Solution: C) August Kerckhoffs

Explanation: August Kerckhoffs is the founder of contemporary encryption (an essay in the general of Military science in February 1883). He was a linguist and German professor at HEC, who earned the title of “Father of computer security).

Solution: D) All the above

Explanation: Cyber security performs all the above functions like it protects interconnected systems (hardware/software and data). It reduces the cyberattacks against networks, technologies, and systems by depleting unauthorized vulnerability, exploitation, and threats.

Solution: 4) a, c, d, b

Explanation: In today's world, cyber security is distinguished into five types: Internet of things (IoT) security, application security, cloud security, critical infrastructure security, and network security.

Solution: D) All of them

Explanation: Cyber security is used to achieve three objective elements known as CIA Triad.

Solution: C) AES – Advanced Encryption standard.

Explanation: Malware, Man in the middle, and denial of services cause a threat to the system, but advanced encryption standard (AES) is a type of data security that prevents cybercrime at certain levels.

Solution: D) All of the above

Explanation: SQL injections, phishing, and password attacks are cyber-attack types.

Solution: B) Cyber security makes the system slower

Explanation: Minimization of computer freezing and crashes, protection against viruses, worms, etc., and protecting user privacy are the advantages of cyber security, but making the system slower is the disadvantage because configuring the firewall can be difficult. Therefore, to keep the security upto date, it is necessary to update the new software.  

Solution: A) William Gibson

Explanation: William Gibson (American –Canadian fiction pioneer and coiner) invented the term cyberspace in 1921after examination of many technology fields. Cyberspace refers to linked technologies in information exchange, storage, interaction with digital devices, digital entertainment, network security, and computer and other IT-related matters.

Solution: C) Pharming

Explanation: Pharming is the hacking approach used by cybercriminals. They create pony/ duplicate websites or webpages of the original one to mislead the user to gain their confidential information (login details and passwords).

Solution: B) Threat

Explanation: A threat to the system security is defined as a potential hazard that causes harm to the system or network and results in a breach of security. The threat can damage to hardware and software of the system by different means. Vulnerability is the system's weakness exploited by an attacker, but exploitation is reverse as it is the security weakness that has undesirable and unintended consequences.

Solution: C) Nation/State-sponsored hacker

Explanation: In this digital era government has also switched to digital working; therefore, the state of central government hire highly skilled hackers to protect the country from cyber terrorists and other groups/ individual. These hackers safeguard the confidential information of the country/state and keep an eye on the plans, activities, and communications of the cyber attackers. These hackers act as soldiers for digital war.

Solution: c) Nmap

Explanation: Nmap tool is used for security editing and discovering networks. The full form of Nmap is network mapper, a free and open-source tool useful for various systems and network administrators. It is also useful in managing service upgrade schedules, network inventory, and monitoring host and service uptime. Nmap runs on all the major components of the operating system but works well against single hosts. Nmap is designed to scan large networks very rapidly. 

Solution: C) LC4

Explanation:  LC4 is a password auditing, security, and recovery tool previously known as L0phtCrack. This tool helps in regaining and testing password strength in Microsoft Windows passwords. 

Explanation: Phishing is one kind of cyber-attack in which a fake link is sent to the user and asked to open it. This is a very common method of stealing sensitive data digitally via emails, but it is not an example of physical data leakage in security.

Shoulder surfing is the method where criminals spy over your shoulder to steal your personal information from ATMs, personal laptops, public kiosks, and other electronic device in public.

Dumpster diving is the attack on the trashed information or dumped information. It can be in both digital and physical forms both.

Solution: A) Creeper

Explanation:  Bob Thomas of BBN created the creeper program in 1971. Creeper was designed to test whether the self-replicating program was possible or not.

Solution: B) Spam

Explanation: Spam is not an example of privacy threat and real security because spam is of various types like email spam, illegal email messages, unsolicited, undesired electronic message, message spam, SMS or private message within websites and spam targeting users of instant messaging (IM) services.

Solution: C) Spyware

Explanation: Spyware is malware/ software automatically install itself on the computer and start gathering and monitoring the online behavior of user without their knowledge or permission. Spyware violates user privacy or endangers device security.

Solution: D) None of above

Explanation: Firewall is a network security system used to monitor and control incoming and outgoing network traffic (based on predetermined security rules).

Solution: C) Ignorance

Explanation: Ignorance is not an external threat to a computer system.

Solution: D) DoS attacks

Explanation:  Full form of DoS is a denial of services, a kind of cyber-attack where the perpetrator makes machine or network resources unavailable to the users. When the host is connected to the internet, all the services are temporarily or indefinitely disturbed. 

Solution: C) Scanning

Explanation: Scanning is the process of reading the text quickly to find something particular. Scanning is contrasted with skimming (finding the general meaning of the text in a quick reading).

Solution: C) Code red.

Explanation: Code red is a virus (worm) that came in isolation on July 15, 2001. The technical name of code red is CRv and CRvII. It is a server jamming worm discovered and researched by eEye Digital Security (Riley Hassell discovered exploited vulnerability). This server attacks the running Microsoft's IIS web server.

Solution: B) Hybrid attack

Explanation: Hybrid attack combines the two attacks (dictionary attack and brute force attack). In this attack, the perpetrator immerges two or more tools to carry out the assault. Various numbers, letters, and special characters are used in this attack. 

Solution: B) Login Using ID

Explanation: Login by using the ID is not the headache of Tor as in this login user ID, and password is utilized to access the account. Instead of this, Tor protects the browsing data, instant messaging, and relay chats.

Solution: Email

Explanation: Sending is not an email-related hacking tool as it doesn't compromise email data. Sending protects the business email accounts and helps in providing a secure solution for delivering mails in the business. Mail password, Mail Pass View, and Email Finder Pro are email hacking tools.

Solution: D) WEP

Explanation: Wireless equivalent privacy is the least strong security encryption standard. Rather wireless security is necessary for cyber security, and some common kinds of cyber security are WPA2, WPA3, WPA (Wi-Fi protected access).

Solution: B) Worm

Explanation: Stuxnet is a multi-part computer worm discovered in June 2010. This worm was made to take over industrial control systems and run the equipment with malicious programs. It aimed at the data acquisition system and supervisory control. It causes substantial damage to the nuclear program of Iran.

Solution: B) Cyberethics

Explanation: Cyberethics is the collection of rules and regulations to protect the digital and online working environment. Cyberethics are regulated to examine the legal, morals, and social issues while working on computer/information and communication technologies.

Cyber laws are the legal IT laws made by the government related to legal informatics and digital circulation of information, information security, software, and e-commerce.

Cyber security refers to the security provided to the data by encrypting it using algorithms.

Cybersafety refers to the user's awareness to protect itself and prevent risk measures associated with information technology. These are the user's preventive cyber measures for the safe and responsible use of information and communication technologies (ICT). It is also termed online safety, and internet safety helps in reducing cyber-crime.

Solution: C) Authority's private key.

Explanation: Certificate authorities signed the digital certificates using their private key as signatures are confidential. No one has the authority to copy them; therefore, they are kept safe with their private key (no one can access them).

Solution: B) Message Digest

Explanation: The integrity of messages is verified by using the message digest technique as it ensures the delivery of the message over an unsecured channel. At this unsecured channel, messages can be changed; therefore, it uses the cryptographic hash function that creates a compressed image of the message called a digest. Nowadays, the hash algorithm MD5 is commonly used to check the integrity of the message.