MCQ Questions

1) What is the difference between symmetric and asymmetric encryption?

A. Symmetric encryption uses the same key for both encryption and decryption, while
asymmetric encryption uses different keys for encryption and decryption.
B. Symmetric encryption uses a public key for encryption, while asymmetric encryption uses
a private key for decryption.
C. Symmetric encryption is used for securing web traffic, while asymmetric encryption is
used for securing email.
D. Symmetric encryption is more secure than asymmetric encryption.

2) What is a zero-day vulnerability?

A. A vulnerability that has been identified and patched.
B. A vulnerability that is unknown to the software vendor and has no patch available.
C. A vulnerability that can be exploited by a hacker to gain access to a network.
D. A vulnerability that is only present in older versions of software.

3) What is the purpose of a honeypot?

A. To attract cybercriminals and record their actions.
B. To detect and prevent malware infections.
C. To block malicious traffic from entering a network.
D. To monitor network traffic and alert administrators of any anomalies.

4) What is the difference between data confidentiality and data integrity?

A. Data confidentiality is the protection of data from unauthorized disclosure, while data
integrity is the protection of data from unauthorized modification.
B. Data confidentiality is the protection of data from unauthorized modification, while data
integrity is the protection of data from unauthorized disclosure.
C. Data confidentiality is the protection of data from unauthorized deletion, while data
integrity is the protection of data from unauthorized disclosure.
D. Data confidentiality is the protection of data from unauthorized disclosure, while data
integrity is the protection of data from unauthorized deletion.
5) What is the purpose of a security information and event management (SIEM) system?
A. To block malicious traffic from entering a network.
B. To monitor network traffic and alert administrators of any anomalies.
C. To encrypt sensitive data in a network.
D. To repair vulnerabilities in a network or system.

6) What is a distributed denial of service (DDoS) attack?

A. An attack in which an attacker pretends to be a legitimate entity to obtain sensitive
information.
B. An attack in which an attacker physically steals hardware from a computer system
C. An attack in which an attacker alters the source code of a website
D. An attack that floods a website with traffic to make it unavailable, using multiple devices
across different networks.

7) What is the purpose of a virtual private network (VPN)?

A. To secure email communications.
B. To block malicious traffic from entering a network.
C. To allow remote users to access a private network securely.
D. To monitor network traffic and alert administrators of any anomalies.

8) What is a botnet?
A. A network of computers infected with malware and controlled by a hacker.
B. A device used to detect and prevent cyberattacks.
C. A type of software used to encrypt data.
D. A tool used by security researchers to test the security of a network.

9) What is the difference between a virus and a worm?

A. A virus spreads by attaching itself to a program, while a worm spreads by exploiting
vulnerabilities in a network.
B. A virus is a type of malware, while a worm is a hardware component.
C. A virus is designed to steal sensitive information, while a worm is designed to disrupt
network traffic.
D. A virus is self-replicating, while a worm is not.

10) What is the purpose of two-factor authentication (2FA)?

A. To require two passwords for access to a system.
B. To require a password and a security question for access to a system.
C. To require a password and a fingerprint scan for access to a system.
D. To require two forms of authentication for access to a system.

11) What is the difference between a vulnerability and an exploit?

A. A vulnerability is a weakness in a system, while an exploit is a tool used to take advantage
of that weakness.
B. A vulnerability is a tool used to detect weaknesses in a system, while an exploit is a tool
used to patch those weaknesses.
C. A vulnerability is a hardware component, while an exploit is a software program.
D. A vulnerability is a type of malware, while an exploit is a type of phishing attack.

12) What is a denial of service (DoS) attack?

A. An attack in which an attacker pretends to be a legitimate entity to obtain sensitive
information.
B. An attack in which an attacker physically steals hardware from a computer system.
C. An attack in which an attacker alters the source code of a website.
D. An attack in which an attacker floods a website with traffic to make it unavailable.

13) What is the purpose of a security audit?

A. To detect and prevent cyberattacks.
B. To test the security of a network or system.
C. To monitor network traffic and alert administrators of any anomalies.
D. To repair vulnerabilities in a network or system.

14) What is the difference between a virus and a Trojan horse?

A. A virus is a program that replicates by attaching itself to other programs, while a Trojan
horse is a program that appears to be legitimate but has a hidden malicious purpose.
B. A virus is a program that appears to be legitimate but has a hidden malicious purpose,
while a Trojan horse replicates by attaching itself to other programs.
C. A virus and a Trojan horse are essentially the same thing.
D. A virus spreads by exploiting vulnerabilities in a network, while a Trojan horse is a
network of computers infected with malware and controlled by a hacker.

15) What is social engineering?

A. A type of attack that floods a website with traffic to make it unavailable.
B. A type of attack that takes advantage of vulnerabilities in a network to gain unauthorized
access.
C. A type of attack that uses human interaction and psychological manipulation to trick
victims into revealing sensitive information or performing certain actions.
D. A type of encryption algorithm used to protect sensitive data.

16) What is a buffer overflow attack?

A. An attack that exploits a vulnerability in the buffer size of a program to execute malicious
code.
B. An attack that uses social engineering to trick users into downloading malware.
C. An attack that floods a website with traffic to make it unavailable.
D. An attack that encrypts a victim's files or system and demands a ransom in exchange for
the decryption key.

17) What is a man-in-the-middle (MITM) attack?

A. An attack that uses a fake website to trick users into revealing sensitive information.
B. An attack that intercepts communication between two parties to eavesdrop or modify the
communication.
C. An attack that takes advantage of a vulnerability in a system to gain unauthorized access.
D. An attack that infects a computer with malware and uses it to perform malicious activities.

18) What is a rootkit?

A. A type of malware that locks a victim's files or system and demands a ransom in exchange
for the decryption key.
B. A type of malware that uses a remote server to control a network of infected computers.
C. A type of malware that hides its presence and activities from detection by antivirus
software or system administrators.
D. A type of malware that exploits a vulnerability in a network to gain unauthorized access

19) What is a side-channel attack?

A. An attack that exploits a vulnerability in the buffer size of a program to execute malicious
code.
B. An attack that takes advantage of a vulnerability in a system to gain unauthorized access.
C. An attack that targets a specific person or organization rather than a broad group of users.
D. An attack that uses information leaked through physical or electromagnetic signals to
extract sensitive information.

20) What is an SQL injection attack?

A. An attack that floods a website with traffic to make it unavailable.
B. An attack that takes advantage of a vulnerability in a system to gain unauthorized access.
C. An attack that injects malicious SQL code into a web application to extract sensitive
information or modify the database.
D. An attack that uses social engineering to trick users into revealing sensitive information.