Cyber Security MCQ with Answers PDF

1.What is the full form of LDAP?

A Light Weight Directory Access Provider
B Light Weight Directory Access Protocol
C Light Weight Directory Access Program
D Light Weight Directory Access Protection
Ans. b
2.What is called the collective terms of malicious software, such as viruses, worms and trojans?
A Spam
B Phishing
C Malware
D Harm
Ans. c
3. What is the full form of CIA under information security?
A Confidentiality Integrity Availability
B Criminal Investigation Agency
C Cost Information Agency
D Credit Integrity Assessment
Ans. a
4.What is called periodic assessment of security vulnerability in computer system?
A Threat
B Attack
C Hacking
D Security audit
Ans. d
5.What is called a single point of access for several networking services?
A Phishing
B Web service
C Directory service
D Worms
Ans. c
6.Which activities endanger the sovereignty and integrity of nation?
A Cyber Terrorism
B Cyber vandalism
C Cyber squatting
D Carding
Ans. a
7. Which crime involves the use of computer networks to create, distribute or access materials tha
sexually expoit underage persons?
A Assault by Threat
B Cyber squatting
C Cyber vandalism
D Child pornography
Ans. d
8.Which method go through all the files or network elements with an intention to detect something
unusual?
A Probing
B Phishing
C Infecting
D Scanning
Ans. d
9. Victims of cyber attack might loose _______.
(a) data
(b) money
(c) both a & b
(d) none of them
Ans. c
10. Under information security, any device having _______is classified as a computing device.
(a) processor
(b) memory
(c) both a & b
(d) neither a nor b
Ans. c
11. Under information security, CIA stands for _______.
(a) Criminal Investigation Agency
(b) Confidentiality, Integrity, Availability
(c) Cost Information Agency
(d) Credit Integrity Assessment
Ans. b
12. Script files sent mostly through email attachment to attack host computer are called ______.
(a) Worms
(b) Phishing attacks
(c) Trojans
(d) Computer Viruses
Ans. a
13. Attacking the victims through fake URL resembling that of a valid financial Institution
is called_____ .
(a) Worms
(b) Phishing attack
(c) Trojans
(d) Computer Viruses
Ans. b
14. Getting the user ID and password from avictim through dubious program is called _____attack.
(a) Worms
(b) Phishing attack
(c) Trojan
(d) Computer Viruses
Ans. c
15. A malicious program spreading through internet and storage media and attacking the data in victims
computer is called_______.
(a) Worms
(b) Phishing attack
(c) Trojan
(d) Computer Virus
Ans. d
16. Potential weaknesses in IT infrastructure through which a cyber attack might occur is called __.
(a) strength
(b) antivirus
(c) vulnerability
(d) port
Ans. c
17. Vulnerability for cyber attack may be in______.
(a) operating system
(b) application software
(c) IT infrastructure
(d) all of them
Ans. d
18. To protect the network infrastructure from vulnerability, _____ is setup.
(a) firewall
(b) Internet security software
(c) both a & b
(d) none of them
Ans. c
19. The person using vulnerability in operating system or application software or IT infrastructure to
intrude in to the computer of a victim is called ______ .
(a) hacker
(b) cracker
(c) maker
(d) taker
Ans. a
20. Periodic assessment of security vulnerability in computer systems is called _______audit.
(a) threat
(b) attack
(c) hacking
(d) security
Ans. d
21. The security audit team______ to keep the computers safe from cyber attacks.
(a) assesses vulnerability
(b) decides the safety measures through hardware and software
(c) considers latest threat scenario and implements information safety
(d) all of them
Ans. d
22. To ensure information safety, ________should be implemented.
(a) physical access security
(b) password access security
(c) secure IT infrastructure
(d) all of them
Ans. d
23. A single point of access for several networking services is called _____.
(a) Directory Service
(b) web server
(c) email server
(d) none of them
Ans. a
24. Directory service permits security administrators to ______.
(a) concentrate on security of directory service instead of individual machines
(b) create new vulnerabilities
(c) damage the security of computers
(d) create new virus
Ans. a
25. Directory service should be able to _______in the infrastructure.
(a) include new services
(b) esaily search for information in the network
(c) the information stored on the directory server should be accessible from any operating system
(d) all of them
Ans. d
26. LDAP in directory service stands for ______.
(a) Light Weight Director Access Provider
(b) Light Weight Director Access Protocol
(c) Light Weight Director Access Provider
(d) Light Weight Director Access Protection
Ans. b
27. Protecting access to a computer through________ is called access control.
(a) physical restriction of entry
(b) password security for login
(c) both a & b
(d) none of them
Ans. c
28. Security should be implemented at the stage of ______in software.
(a) development stage
(b) entire life cycle
(c) Sofware Development Life Cycle (SDLC)
(d) all of them
Ans. d
29. SDLC in software development stands for _____.
(a) Software Development Life Circus
(b) Software Development Life Cycle
(c) Software Drafting Life Cycle
(d) Software Development Lead Cycle
Ans. b
30. Protection from______ of source code means non-disclosure of the source code to outsiders.
(a) disclosure
(b) alteration
(c) destruction
(d) log of changes (whois making request)
Ans. a
31. Protection from ______of source code means alloting the right to edit the source code to authorized
persons only.
(a) disclosure
(b) alteration
(c) destruction
(d) log of changes (whois making request)
Ans. b
32. Protection from _______of source code means protection of any individual from destroying the
software source code.
(a) disclosure
(b) alteration
(c) destruction
(d) log of changes (whois making request)
Ans. c
33. Protection from ________of source code means recording all changes made to the source code and
the person making such changes.
(a) disclosure
(b) alteration
(c) destruction
(d) log of changes (whois making request)
Ans. d
32. _______of access rights in source code development means verification of role before permitting
access to source code.
(a) verification
(b) maintaining historical records
(c) error handling
(d) log of changes (whois making request)
Ans. a
33. _____in source code development means verification of role before permitting access to source code.
(a) verification
(b) maintaining historical records
(c) error handling
(d) log of changes (whois making request)
Ans. b
34. _____in source code development means handling of configuration errors, session errors and
exceptions.
(a) verification
(b) maintaining historical records
(c) error handling
(d) log of changes (whois making request)
Ans. c
35. Protecting the data divulged by customers from unauthorized access is called____.
(a) privacy protection
(b) audit
(c) antinvirus
(d) vulnerability
Ans a
36. Information on criminal records of individuals, financial data of companies, genetic information,
address, mobile number, email ID, record of web surfing behaviour, record of credit card, record of debit
card, netbanking details, etc. are classified under ______.
(a) privacy protection
(b) audit
(c) antinvirus
(d) vulnerability
Ans. a
37. Information security audit may be conducted with reference to _____ .
(a) vulnerabilities
(b) threats
(c) preventive measures
(d) all of them
Ans. d
38. Information security audit analyses events of past threats to formulate _____.
(a) security measures
(b) safe practices
(c) software protection
(d) all of them
Ans. d
39. Any single employee ______hold all data needed for making a complete financial transaction.
(a) should not
(b) should
(c) may
(d) might
Ans. a
40. IT audit of the firm should be conducted periodically, which may be every______ .
(a) fortnight
(b) month
(c) quarter
(d) all of them
Ans. d
MCQ on Virus and Antivirus
1. There are _________ types of computer virus.
a) 5
b) 7
c) 10
d) 12
Answer: c
2. A computer ________ is a malicious code which self-replicates by copying itself to other programs.
a) program
b) virus
c) application
d) worm
Ans. b
3. In which year Apple II virus came into existence?
a) 1979
b) 1980
c) 1981
d) 1982
Answer: c
4. The virus hides itself from getting detected by ______ different ways.
a) 2
b) 3
c) 4
d) 5
Answer: b
5. _______________ infects the master boot record and it is challenging and a complex task to remove
this virus.
a) Boot Sector Virus
b) Polymorphic
c) Multipartite
d) Trojans
Answer: a
6. ________________ gets installed & stays hidden in your computer’s memory. It stays involved to the
specific type of files which it infects.
a) Boot Sector Virus
b) Direct Action Virus
c) Polymorphic Virus
d) Multipartite Virus
Answer: b
7. ______________ infects the executables as well as the boot sectors.
a) Non-resident virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus
Answer: d
8. ______________ are difficult to identify as they keep on changing their type and signature.
a) Non-resident virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus
Answer: c
9. Which of the below-mentioned reasons do not satisfy the reason why people create a computer virus?
a) Research purpose
b) Pranks
c) Identity theft
d) Protection
Answer: d
10. The virus that spread in application software is called as
1. Boot virus
2. Macro virus
3. File virus
4. Anti virus
Ans. b
11. How does a Le-Hard virus come into existence?
1. Hardware
2. Software
3. FRIDAY 13
4. Command.Com
Ans. 4
12. What is the virus that spread in computer?
1. It is hardware
2. It is system software
3. It is a computer program
4. It is a windows tool
Ans. 3
13. What kind of attempts is made by individuals to obtain confidential information from a person by
falsifying their identity?
1. Computer viruses
2. Spyware scams
3. Phishing scams
4. None of the above
Ans. 3
14. When does the time bomb occur?
1. During a particular logic and data
2. During a particular time
3. During a particular data or time
4. None of the above
Ans. 3
15. Delayed payload of some viruses is also called as
1. Time
2. Bomb
3. Anti-virus
4. None of the above
Ans. 2
16. The difference between a virus and a self-replicating program which is like a virus is that rather than
creating copies of itself on only one system it propagate through computer network. What is the self
replicating program called?
1. Keylogger
2. Cracker
3. Worm
4. All of the above
Ans. 3
17. What is anti-virus?
1. It is a computer
2. It is a program code
3. It is a company name
4. It is an application
Ans. 2
18. What is the software called that’s designed to exploit a computer user and is a broad term covering
computer viruses, worms, Trojan, adware, etc.?
A Malware
B Spyware
C Backdoors
D Key-logger
Ans. a
19. Which of the following is a software that, once installed on your computer, tracks your internet
browsing habits and sends you popups containing advertisements related to the sites and topics you’ve
visited?
A Adware
B Spyware
C Malware
D Bots
Ans. a
20. Which of the following is a program capable of continually replicating with little or no user
intervention?
A Worms
B Trojan horses
C Virus
D none of these
Ans. c
21. Which of the following is the type of software that has self-replicating software that causes damage to
files and system?
A Worms
B Backdoors
C Viruses
D Trojan horses
Ans. a
22. Antivirus software is an example of
A a security utility
B an operating system
C An office suite
D business software
Ans. a
23 ….are often delivered to a PC through an email attachment & are often designed to do harm
A E-mail messages
B Portals
C Spam
D Viruses
Ans. d
24 ….viruses are often transmitted by a floppy disk left in the floppy drive
A Boot sector
B Logic bomb
C Trojan horse
D Script
Ans. a
25. What is the most common way to get a virus in your computer ‘s hard disk
A By opening emails
B By uploading pictures from mobile phones to the computer
C By installing games from their CDROMS
D None of the above
Ans. a
26. _______ is the part of malware such as worms or viruses which performs the malicious action;
deleting data, sending spam or encrypting data.
A Payload
B Spamming
C Exploits
D Scams
Ans. a
27. _________ is the action of recording the keys struck on a keyboard, typically covertly, so that the
person using the keyboard is unaware that their actions are being monitored.
A Keylogging
B Spamming
C Denial of service
D Exploits
Ans. a
28. The attack that focuses on capturing small packets from the network transmitted by other computers
and reading the data content in search of any type of information is ____
A Eavesdropping
B Exploits
C Scams
D Denial of service
Ans. a
29. _________ are computer programs that are designed by attackers to gain root or administrative access
to your computer.
A Backdoors
B Rootkits
C Malware
D Antiware
Ans. b
30. What is the software called which when get downloaded on computer scans your hard drive for
personal information and your internet browsing habits?
A Spyware
B Antiware
C Backdoors
D Malware
Ans. a
31. Which of the following is a type of program that either pretends to have, or is described as having, a
set of useful or desirable features but actually contains damaging code.
A) Trojans
B) Viruses
C) Worm
D) Adware
E) Bots
Ans. a
32. Which of the following is harmful to the computer?
a) Shareware
b) antivirus
c) virus
d) freeware
Ans. c
33. Computer Virus is simply meaning is ____
a) hardware component
b) disease
c) set of computer instructions or code
d) type of bacteria
Ans. c
34. Virus enter the computer when computer starts is _____
a) salami shaving
b) macro
c) file infector
d) boot sector
Ans. d
35. Computer anti virus program includes ____ example of
a) Solomon Toolkit
b) Nortron
c) McAfee
d) All of these
Ans. d
36. Another name of computer virus is
a) vaccine
b) worm
c) Trojan Horse
d) DES
Ans. a
37. When computer virus starts to impact the data, it is known as
a) virus infection
b) virus spreading
c) data losing
d) shutting down
Ans. a
38. Another name for free computer software is
a) encrypted software
b) copy protected software
c) Public domain software
d) shareware
Ans. c
39. Which one is not a computer virus?
a) Trojan horse
b) logic bomb
c) McAfee
d) redlof
Ans. c
40. What is a software program that has the ability to replicate itself and spread from one computer to
another called?
a) Computer virus
b) Computer memory
c) computer program
d) Computer file
Ans. a

1. Which of the following is an anti-virus program

A. Norton
B. K7
C. Quick heal
D. All of these
D. All of these

2. All of the following are examples of real security and privacy threats except:

A. Hackers
B. Virus
C. Spam
D. Worm
C. Spam

Spam or SPAM may refer to:

 Spamming, unsolicited or undesired electronic messages

 Email spam, unsolicited, undesired, or illegal email messages

 Messaging spam, spam targeting users of instant messaging (IM) services, sms or private messages

within websites
3. Trojan horses are very similar to virus in the matter that they are computer programs that replicate

copies of themselves

A. True
B. False
B. False

4. _____________ monitors user activity on internet and transmit that information in the background to

someone else.

A. Malware
B. Spyware
C. Adware
D. None of these
B. Spyware

5. Viruses are __________.

A. Man made
B. Naturally occur
C. Machine made
D. All of the above
A. Man made

6. Firewall is a type of ____________.

A. Virus
B. Security threat
C. Worm
D. None of the above
D. None of the above

a firewall is a network security system that monitors and controls incoming and outgoing network traffic
based on predetermined security rules

7. Unsolicited commercial email is known as ____________.

A. Spam
B. Malware
C. Virus
D. Spyware
A. Spam
8. Which of the following is not an external threat to a computer or a computer network

A. Ignorance
B. Trojan horses
C. Adware
D. Crackers
A. Ignorance

9. When a person is harrassed repeatedly by being followed, called or be written to he / she is a target of

A. Bullying
B. Stalking
C. Identity theft
D. Phishing
B. Stalking

Stalking is unwanted or repeated surveillance by an individual or group towards another person. Stalking
behaviors are interrelated to harassment and intimidation and may include following the victim in person
or monitoring them.
Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, group,
or organization.It may also include monitoring, identity theft, threats, vandalism, solicitation for sex,
or gathering information that may be used to threaten, embarrass or harass.

10. Which of the following is a class of computer threat

A. Phishing
B. Soliciting
C. DoS attacks
D. Stalking
C. DoS attacks
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Information
Security Technologies”.
1. _______ is the practice and precautions taken to protect valuable information from unauthorised
access, recording, disclosure or destruction.
a) Network Security
b) Database Security
c) Information Security
d) Physical Security
View Answer
Answer: c
Explanation: Information Security (abbreviated as InfoSec) is a process or set of processes used for
protecting valuable information for alteration, destruction, deletion or disclosure by unauthorised users.
2. From the options below, which of them is not a threat to information security?
a) Disaster
b) Eavesdropping
c) Information leakage
d) Unchanged default password
View Answer
Answer: d
Explanation: Disaster, eavesdropping and information leakage come under information security threats
whereas not changing the default password of any system, hardware or any software comes under the
category of vulnerabilities that the user may pose to its system.

3. From the options below, which of them is not a vulnerability to information security?
a) flood
b) without deleting data, disposal of storage media
c) unchanged default password
d) latest patches and updates not done
View Answer
Answer: a
Explanation: Flood comes under natural disaster which is a threat to any information and not acts as a
vulnerability to any system.

4. _____ platforms are used for safety and protection of information in the cloud.
a) Cloud workload protection platforms
b) Cloud security protocols
c) AWS
d) One Drive
View Answer
Answer: a
Explanation: Nowadays data centres support workloads from different geographic locations across the
globe through physical systems, virtual machines, servers, and clouds. Their security can be managed
using Cloud workload protection platforms which manage policies regarding security of information
irrespective of its location.

5. Which of the following information security technology is used for avoiding browser-based hacking?
a) Anti-malware in browsers
b) Remote browser access
c) Adware remover in browsers
d) Incognito mode in a browser
View Answer
Answer: b
Explanation: Cyber-criminals target browsers for breaching information security. If a user establishes a
remote browsing by isolating the browsing session of end user, cyber-criminals will not be able to infect
the system along with browser with malware, ultimately reducing the attack surface area.

6. The full form of EDR is _______

a) Endpoint Detection and recovery
b) Early detection and response
c) Endpoint Detection and response
d) Endless Detection and Recovery
View Answer
Answer: c
Explanation: It is a collective name for tools that monitor networks & endpoints of systems and record all
the activities for further reporting, analysis & detection in a central database. Analyzing the reports
generated through such EDR tools, loopholes in a system or any internal, as well as external breaching
attempts can be detected.

7. _______ technology is used for analyzing and monitoring traffic in network and information flow.
a) Cloud access security brokers (CASBs)
b) Managed detection and response (MDR)
c) Network Security Firewall
d) Network traffic analysis (NTA)
View Answer
Answer: d
Explanation: Network traffic analysis (NTA) is an approach of information security for supervising the
traffic in any network, a flow of data over the network as well as malicious threats that are trying to
breach the network. This technological solution also helps in triage the events detected by Network
Traffic Analysing tools.

8. Compromising confidential information comes under _________

a) Bug
b) Threat
c) Vulnerability
d) Attack
View Answer
Answer: b
Explanation: Threats are anything that may cause damage or harm to a computer system, individual or
any information. Compromising of confidential information means extracting out sensitive data from a
system by illegal manner.

9. Lack of access control policy is a _____________

a) Bug
b) Threat
c) Vulnerability
d) Attack
View Answer
Answer: c
Explanation: Access control policies are incorporated to a security system for restricting of unauthorised
access to any logical or physical system. Every security compliance program must need this as a
fundamental component. Those systems which lack this feature is vulnerable.

10. Possible threat to any information cannot be ________________

a) reduced
b) transferred
c) protected
d) ignored
View Answer
Answer: d
Explanation: When there lies a threat to any system, safeguards can be implemented, outsourced,
distributed or transferred to some other system, protected using security tools and techniques but cannot
be ignored.
Here are 1000 MCQs on Cyber Security (Chapterwise).

1. What is Cyber Security?

a) Cyber Security provides security against malware
b) Cyber Security provides security against cyber-terrorists
c) Cyber Security protects a system from cyber attacks
d) All of the mentioned
View Answer
Answer: d
Explanation: Cyber Security provides security to a system against cyber-attacks by using various
technologies, and processes.

2. What does cyber security protect?

a) Cyber security protects criminals
b) Cyber security protects internet-connected systems
c) Cyber security protects hackers
d) None of the mentioned
View Answer
Answer: b
Explanation: It protects internet-connected systems such as hardware, software, and data from cyber-
attacks. It aims to reduce cyber attacks against the system, network, and technologies by reducing
unauthorized exploitation, vulnerability, and threats.

3. Who is the father of computer security?

a) August Kerckhoffs
b) Bob Thomas
c) Robert
d) Charles
View Answer
Answer: a
Explanation: August Kerckhoffs, a linguist and German professor at HEC, wrote an essay in the Journal
of Military Science in February 1883. Kerckhoff had unwittingly established the foundations for
contemporary encryption, earning him the title of “Father of Computer Security.”

4. Which of the following is defined as an attempt to steal, spy, damage or destroy computer systems,
networks, or their associated information?
a) Cyber attack
b) Computer security
c) Cryptography
d) Digital hacking
View Answer
Answer: a
Explanation: An effort to steal, spy on, damage, or destroy diverse components of cyberspace, such as
computer systems, related peripherals, network systems, and information, is known as a cyber attack.

5. Which of the following is a type of cyber security?

a) Cloud Security
b) Network Security
c) Application Security
d) All of the above
View Answer
Answer:d
Explanation: Since technology is improving, the threat and attacks against the technology are also
increasing. Hence, to provide security, it is divided into the following types:
Cloud Security: Provides security for the data stored on the cloud.
Network Security: Protects the internal network from threats.
Application Security: Protects data stored in the application software.

6. What are the features of cyber security?

a) Compliance
b) Defense against internal threats
c) Threat Prevention
d) All of the above
View Answer
Answer: d
Explanation: The features are as follows:
Compliance: Creating a program that meets the requirements and rules of the users.
Defense against internal threats: Should provide security against internal exploitation.
Threat Prevention: Should be capable of detecting the threat and preventing them.

7. Which of the following is an objective of network security?

a) Confidentiality
b) Integrity
c) Availability
d) All of the above
View Answer

8. Which of the following is not a cybercrime?

a) Denial of Service
b) Man in the Middle
c) Malware
d) AES
View Answer
Answer: d
Explanation: Denial of Service, Man in the Middle, and Malware exploit the system causing a threat to
security, hence they are considered as cybercrime. AES (Advanced Encryption Standard) provides
security by encrypting the data.

9. Which of the following is a component of cyber security?

a) Internet Of Things
b) AI
c) Database
d) Attacks
View Answer
Answer: a
Explanation: The Internet of Things (IoT) is a network of physical objects embedded with sensors,
software, and other technologies to connect and exchange data with other devices and systems through
the internet.

10. Which of the following is a type of cyber attack?

a) Phishing
b) SQL Injections
c) Password Attack
d) All of the above
View Answer
Answer: d
Explanation: Attacks are Phishing, SQL Injections, and Password Attack.
Phishing: The attacker sends a large number of fraudulent emails and gains access to the system.
SQL Injections: The attacker gains access to the protected information by adding malicious code to the
SQL server.
Password Attack: Attackers gain access to the passwords unethically and gain access to the confidential
data.

11. Which of the following is not an advantage of cyber security?

a) Makes the system slower
b) Minimizes computer freezing and crashes
c) Gives privacy to users
d) Protects system against viruses
View Answer
Answer: a
Explanation: The advantages are minimization of computer freezing and crashes, user privacy, and
protection against viruses, worms, etc. Disadvantages include the system becoming slow, configuring
firewalls correctly can be difficult, need to update the new software in order to keep security up to date.

12. “Cyberspace” was coined by _________

a) Richard Stallman
b) William Gibson
c) Andrew Tannenbaum
d) Scott Fahlman
View Answer
Answer: b
Explanation: William Gibson, an American-Canadian fiction pioneer, and coiner, examined the many
streams of technology and invented the word “cyberspace” in 1821. The phrase refers to linked
technologies that aid in information exchange, interaction with digital devices, storage and digital
entertainment, computer and network security, and other information technology-related matters.

13. In which year has hacking become a practical crime and a matter of concern in the field of cyber
technology?
a) 1991
b) 1983
c) 1970
d) 1964
View Answer
Answer: c
Explanation: In the case of hackers in the 1970s, hackers and cyber thieves found out how wired
technologies operate and how they might be abused to obtain a competitive edge or misuse the
technology.

14. Governments hired some highly skilled hackers for providing cyber security for the country or state.
These types of hackers are termed as _______
a) Nation / State sponsored hackers
b) CIA triad
c) Special Hackers
d) Government Hackers
View Answer
Answer: a
Explanation: Nation / State-sponsored hackers are those who are engaged or paid by a nation’s or state’s
government to safeguard the country from cyber terrorists and other groups or individuals, as well as to
expose their plans, communications, and activities.

15. Which of the following act violates cyber security?

a) Exploit
b) Attack
c) Threat
d) Vulnerability
View Answer
Answer: b
Explanation: A threat is a possible danger that might lead to a security breach and cause harm to the
system or network. Vulnerability is a word that refers to a flaw in a network or system that might be
exploited by an attacker. Exploiting a security flaw might result in unexpected and unwanted effects. A
cyber-attack is an attempt by attackers to alter, delete, steal or expose any specific data by gaining
unauthorized access.

16. Which of the following actions compromise cyber security?

a) Vulnerability
b) Attack
c) Threat
d) Exploit
View Answer
Answer: c
Explanation: A threat is defined as a potential hazard that might result in a breach of security and cause
harm to the system or network. Vulnerability is a term that refers to a weakness in a network or system
that an attacker may exploit. Exploiting a weakness in security might have unintended and undesirable
consequences.

17. Which of the following is the hacking approach where cyber-criminals design fake websites or pages
for tricking or gaining additional traffic?
a) Pharming
b) Website-Duplication
c) Mimicking
d) Spamming
View Answer
Answer: a
Explanation: Pharming is a strategy and approach used by cybercriminals to create phony web pages and
sites in order to mislead users into giving over personal information such as login IDs and passwords.

18. Which of the following is not a type of peer-to-peer cyber-crime?

a) MiTM
b) Injecting Trojans to a target victim
c) Credit card details leak in the deep web
d) Phishing
View Answer
Answer: c
Explanation: Peer-to-peer includes phishing, as well as the distribution of Trojans and worms to
individuals. The leakage of a huge number of people’s credit card data on the deep web, on the other
hand, is classified as a computer-as-weapon cyber-crime.

19. A cyber-criminal or penetration tester uses the additional data that stores certain special instructions in
the memory for activities to break the system in which of the following attack?
a) Clickjacking
b) Buffer-overflow
c) Phishing
d) MiTM
View Answer
Answer: b
Explanation: The excess data that contains certain specific instructions in the memory for actions are
projected by a cyber-criminal or penetration tester to break the system in a buffer-overflow attack.

20. Which of the following do Cyber attackers commonly target for fetching IP address of a target or
victim user?
a) ip tracker
b) emails
c) websites
d) web pages
View Answer
Answer: c
Explanation: Enumeration by cyber-attackers is also feasible via websites since attackers target websites
in order to obtain the victim’s or target user’s IP address.

21. Which of the following is defined as an attempt to harm, damage or cause threat to a system or
network?
a) Digital crime
b) Threats
c) System hijacking
d) Cyber Attack
View Answer
Answer: d
Explanation: Extortion, identity theft, email hacking, digital surveillance, stealing hardware, mobile
hacking, and physical security breaches are all examples of cyber assaults or activities.

22. They are nefarious hackers, and their main motive is to gain financial profit by doing cyber crimes.
Who are “they” referred to here?
a) White Hat Hackers
b) Black Hat Hackers
c) Hactivists
d) Gray Hat Hackers
View Answer
Answer: b
Explanation: Black Hat hackers, often known as “crackers,” are a sort of cyber crime that gain illegal
access to a user’s account or system in order to steal confidential data or introduce malware into the
system for personal gain or to harm the company.

23. IT security in any firm or organization is maintained and handled by ____________________

a) Software Security Specialist
b) CEO of the organization
c) Security Auditor
d) IT Security Engineer
View Answer
Answer: d
Explanation: This is a position in a company or organisation where an individual develops and maintains
different systems and security tools for the company or organisation to which he or she belongs.

24. Where did the term “hacker” originate?

a) MIT
b) New York University
c) Harvard University
d) Bell’s Lab
View Answer
Answer: a
Explanation: The term “hacker” was coined at MIT (Massachusetts Institute of Technology) because
individuals and highly competent professionals use computer languages to address various challenges. In
this context, labels such as geeks and nerds have been coined.

25. What is the existence of weakness in a system or network is known as?

a) Attack
b) Exploit
c) Vulnerability
d) Threat
View Answer
Answer: c
Explanation: Vulnerability is a term that refers to a weakness in a network or system that an attacker may
exploit. Exploiting a weakness in security might have unintended and undesirable consequences.

26. Which of the following is an internet scam done by cyber-criminals where the user is convinced
digitally to provide confidential information.
a) MiTM attack
b) Phishing attack
c) Website attack
d) DoS attack
View Answer
Answer: b
Explanation: Phishing is a type of cybercrime in which a person is digitally persuaded to disclose private
information. Phishing comes in a variety of forms. Some of them employ malware and emails to divert
users to various websites.

27. Which of the following is not a step followed by cyber-criminals in data breaching?
a) Exfiltration
b) Research and info-gathering
c) Attack the system
d) Fixing the bugs
View Answer
Answer: d
Explanation: During a hack, cyber-criminals first do research on the target, gathering data about the
victim’s system and network. Then go ahead and attack. Once the attacker has gained access, he or she
takes sensitive information.
28. Which of the following online service’s privacy cannot be protected using Tor?
a) Browsing data
b) Instant messaging
c) Login using ID
d) Relay chats
View Answer
Answer: c
Explanation: Login using ID will obviously take your ID in order to access your account and is not the
headache of Tor. Privacy regarding instant messaging, browsing data, relay chats are some of the
following online services protected by Tor.

29. Which of the following term refers to a group of hackers who are both white and black hat?
a) Yellow Hat hackers
b) Grey Hat hackers
c) Red Hat Hackers
d) White-Black Hat Hackers
View Answer
Answer: b
Explanation: Grey Hat Hackers are a hybrid of ethical and unethical hacker personalities. They hack other
people’s computers for fun, but they don’t hurt them, and they exploit network faults and vulnerabilities
without the admin or owner’s awareness.

30. Which of the following is not an email-related hacking tool?

a) Mail Password
b) Email Finder Pro
c) Mail PassView
d) Sendinc
View Answer
Answer: d
Explanation: Sendinc is not a tool that compromises email data. It is used to protect business email
accounts and provides a fast web-based solution for businesses to start delivering secure emails. The other
three are email hacking tools.

30. Which of the following DDoS in mobile systems wait for the owner to trigger the cyber attack?
a) botnets
b) programs
c) virus
d) worms
View Answer
Answer: a
Explanation: Botnets on infected mobile devices are waiting for orders from their owners. It starts a
DDoS flood attack after receiving the owner’s instructions. As a result, calls are not connected or data is
not sent.

31. Which of the following is the least strong security encryption standard?
a) WPA3
b) WPA2
c) WPA
d) WEP
View Answer
Answer: d
Explanation: Wireless security is an important aspect of cyber-security. Wired Equivalent Privacy (WEP),
Wi-Fi Protected Access (WPA), WPA2, and WPA3 are the most common kinds of wireless security.
WEP is a famously insecure encryption protocol.

32. Which of the following is a Stuxnet?

a) Trojan
b) Antivirus
c) Worm
d) Virus
View Answer
Answer: c
Explanation: Stuxnet is a popular and powerful worm that came into existence in mid 2010, which was
very powerful as it was accountable for the cause of huge damage to Iran’s Nuclear program. It mainly
targets the PLCs (Programmable Logic Controllers) in a system.

33. Which of the following ethical hacking technique is used for determining which operating system
(OS) is running on a remote computer?
a) Operating System fingerprinting
b) Operating System penetration testing
c) Digital-printing
d) Machine printing
View Answer
Answer: a
Explanation: OS fingerprinting is an ethical hacking technique used for determining what operating
system (OS) is running on a remote computer. OS Fingerprinting is the practice of examining data
packets that come from a network in order to extract intelligence that may be utilized in future assaults.

34. Which of the following can diminish the chance of data leakage?
a) Steganography
b) Chorography
c) Cryptography
d) Authentication
View Answer
Answer: a
Explanation: Ordinary files are targeted by hackers or other cyber criminals in order to disguise distinct
data or information within another data file. You can reduce the risk of data leaking by employing
steganography.

1. Which of the following is not a type of cyber crime?

a) Data theft
b) Forgery
c) Damage to data and systems
d) Installing antivirus for protection
View Answer
Answer: d
Explanation: Cyber crimes are one of the most threatening terms that is an evolving phase. It is said that
major percentage of the World War III will be based on cyber-attacks by cyber armies of different
countries.
2. Cyber-laws are incorporated for punishing all criminals only.
a) True
b) False
View Answer
Answer: b
Explanation: Cyber-laws were incorporated in our law book not only to punish cyber criminals but to
reduce cyber crimes and tie the hands of citizens from doing illicit digital acts that harm or damage
other’s digital property or identity.

3. Cyber-crime can be categorized into ________ types.

a) 4
b) 3
c) 2
d) 6
View Answer
Answer: c
Explanation: Cyber crime can be categorized into 2 types. These are peer-to-peer attack and computer as
weapon. In peer-to-peer attack, attackers target the victim users; and in computer as weapon attack
technique, computers are used by attackers for a mass attack such as illegal and banned photo leak, IPR
violation, pornography, cyber terrorism etc.

4. Which of the following is not a type of peer-to-peer cyber-crime?

a) Phishing
b) Injecting Trojans to a target victim
c) MiTM
d) Credit card details leak in deep web
View Answer
Answer: d
Explanation: Phishing, injecting Trojans and worms to individuals comes under peer-to-peer cyber crime.
Whereas, leakage of credit card data of a large number of people in deep web comes under computer as
weapon cyber-crime.

5. Which of the following is not an example of a computer as weapon cyber-crime?

a) Credit card fraudulent
b) Spying someone using keylogger
c) IPR Violation
d) Pornography
View Answer
Answer: b
Explanation: DDoS (Distributed Denial of Service), IPR violation, pornography are mass attacks done
using a computer. Spying someone using keylogger is an example of peer-to-peer attack.

6. Which of the following is not done by cyber criminals?

a) Unauthorized account access
b) Mass attack using Trojans as botnets
c) Email spoofing and spamming
d) Report vulnerability in any system
View Answer
Answer: d
Explanation: Cyber-criminals are involved in activities like accessing online accounts in unauthorized
manner; use Trojans to attack large systems, sending spoofed emails. But cyber-criminals do not report
any bug is found in a system, rather they exploit the bug for their profit.

7. What is the name of the IT law that India is having in the Indian legislature?
a) India’s Technology (IT) Act, 2000
b) India’s Digital Information Technology (DIT) Act, 2000
c) India’s Information Technology (IT) Act, 2000
d) The Technology Act, 2008
View Answer
Answer: c
Explanation: The Indian legislature thought of adding a chapter that is dedicated to cyber law. This finally
brought India’s Information Technology (IT) Act, 2000 which deals with the different cyber-crimes and
their associated laws.

8. In which year India’s IT Act came into existence?

a) 2000
b) 2001
c) 2002
d) 2003
View Answer
Answer: a
Explanation: On 17th Oct 2000, the Indian legislature thought of adding a chapter that is dedicated to
cyber law, for which India’s Information Technology (IT) Act, 2000 came into existence.

9. What is the full form of ITA-2000?

a) Information Tech Act -2000
b) Indian Technology Act -2000
c) International Technology Act -2000
d) Information Technology Act -2000
View Answer
Answer: d
Explanation: Information Technology Act -2000 (ITA-2000), came into existence on 17 th Oct 2000, that
is dedicated to cyber-crime and e-commerce law in India.

10. The Information Technology Act-2000 bill was passed at the time when K. R. Narayanan was
President of India.
a) True
b) False
View Answer
Answer: a
Explanation: The President of India at the time the ITA-2000 was enacted, was K. R. Narayanan. The bill
was passed by the Indian Parliament and became law after receiving the President’s assent.

11. Under which section of IT Act, stealing any digital asset or information is written a cyber-crime.
a) 65
b) 65-D
c) 67
d) 70
View Answer
Answer: a
Explanation: When a cyber-criminal steals any computer documents, assets or any software’s source code
from any organization, individual, or from any other means then the cyber crime falls under section 65 of
IT Act, 2000.

12. What is the punishment in India for stealing computer documents, assets or any software’s source
code from any organization, individual, or from any other means?
a) 6 months of imprisonment and a fine of Rs. 50,000
b) 1 year of imprisonment and a fine of Rs. 100,000
c) 2 years of imprisonment and a fine of Rs. 250,000
d) 3 years of imprisonment and a fine of Rs. 500,000
View Answer
Answer: d
Explanation: The punishment in India for stealing computer documents, assets or any software’s source
code from any organization, individual, or from any other means is 3 years of imprisonment and a fine of
Rs. 500,000.

13. What is the updated version of the IT Act, 2000?

a) IT Act, 2007
b) Advanced IT Act, 2007
c) IT Act, 2008
d) Advanced IT Act, 2008
View Answer
Answer: c
Explanation: In the year 2008, the IT Act, 2000 was updated and came up with a much broader and
precise law on different computer-related crimes and cyber offenses.

14. In which year the Indian IT Act, 2000 got updated?

a) 2006
b) 2008
c) 2010
d) 2012
View Answer
Answer: b
Explanation: In the year 2008, the IT Act, 2000 was updated and came up with a much broader and
precise law on different computer-related crimes and cyber offenses.

15. What type of cyber-crime, its laws and punishments does section 66 of the Indian IT Act holds?
a) Cracking or illegally hack into any system
b) Putting antivirus into the victim
c) Stealing data
d) Stealing hardware components
View Answer
Answer: a
Explanation: Under section 66 of IT Act, 2000 which later came up with a much broader and precise law
says that cracking or illegally hacking into any victim’s computer is a crime. It covers a wide range of
cyber-crimes under this section of the IT Act.
This set of Cyber Security Quiz focuses on “Cyber Laws and IT laws – 2”.

1. Accessing computer without prior authorization is a cyber-crimes that come under _______
a) Section 65
b) Section 66
c) Section 68
d) Section 70
View Answer
Answer: b
Explanation: Under section 66 of IT Act, 2000 which later came up with a much broader and precise law
says that without prior authorization or permission, if any individual access any computer system, it is a
cyber-crime.

2. Cracking digital identity of any individual or doing identity theft, comes under __________ of IT Act.
a) Section 65
b) Section 66
c) Section 68
d) Section 70
View Answer
Answer: b
Explanation: Under section 66 of IT Act, 2000 which later came up with a much broader and precise law
(as IT Act, 2008) says that if any individual steals the identity or misuse any victim’s identity for his/her
own profit, it is a cyber-crime.

3. Accessing Wi-Fi dishonestly is a cyber-crime.

a) True
b) False
View Answer
Answer: a
Explanation: Under section 66 of IT Act, 2000 which later came up with a much broader and precise law
(as IT Act, 2008) says that if any individual access anyone’s Wi-Fi network without the permission of the
owner or for doing a malicious activity, it is a cyber-crime.

4. Download copy, extract data from an open system done fraudulently is treated as _________
a) cyber-warfare
b) cyber-security act
c) data-backup
d) cyber-crime
View Answer
Answer: d
Explanation: Download copy, extract data from an open system done fraudulently is treated as according
to section 66 of the Indian IT Act.

5. Any cyber-crime that comes under section 66 of IT Act, the accused person gets fined of around Rs
________
a) 2 lacs
b) 3 lacs
c) 4 lacs
d) 5 lacs
View Answer
Answer: d
Explanation: Any cyber-crime that comes under section 66 of the Indian IT Act, the person accused of
such cyber-crime gets fined of around five lacs rupees.

6. How many years of imprisonment can an accused person face, if he/she comes under any cyber-crime
listed in section 66 of the Indian IT Act, 2000?
a) 1 year
b) 2 years
c) 3 years
d) 4 years
View Answer
Answer: c
Explanation: Any cyber-crime that comes under section 66 of the Indian IT Act, the person accused of
such cyber-crime gets fined of around five lacs rupees and 3 years of imprisonment.

7. Any digital content which any individual creates and is not acceptable to the society, it’s a cyber-crime
that comes under _________ of IT Act.
a) Section 66
b) Section 67
c) Section 68
d) Section 69
View Answer
Answer: b
Explanation: Any digital content which is either lascivious is not acceptable by the society or viewers or
that digital item corrupts the minds of the audience, then the creator of such contents falls under the
cyber-crime of section 67 of the Indian IT Act.

8. IT Act 2008 make cyber-crime details more precise where it mentioned if anyone publishes sexually
explicit digital content then under ___________ of IT Act, 2008 he/she has to pay a legitimate amount of
fine.
a) section 67-A
b) section 67-B
c) section 67-C
d) section 67-D
View Answer
Answer: a
Explanation: IT Act 2008 makes cyber-crime details more precise where it mentioned if anyone publishes
sexually explicit digital content then under section 67 – A he/she has to pay a legitimate amount of fine.

9. If anyone publishes sexually explicit type digital content, it will cost that person imprisonment of
_________ years.
a) 2
b) 3
c) 4
d) 5
View Answer
Answer: d
Explanation: IT Act 2008 make cyber-crime details more precise where it mentioned if anyone publishes
sexually explicit digital content then under section 67 – A he/she has to pay a legitimate amount of fine
and imprisonment of five years.

10. Using spy cameras in malls and shops to capture private parts of any person comes under _______ of
IT Act, 2008.
a) Section 66
b) Section 67
c) Section 68
d) Section 69
View Answer
Answer: b
Explanation: Using of spy cameras in malls and shops to capture private parts of any person, without the
concern of that victim, then it comes under section 67 of IT Act, 2008 as a punishable offense.

11. Using spy cameras in malls and shops to capture private parts of any person comes under section 67
of IT Act, 2008 and is punished with a fine of Rs. 5 Lacs.
a) True
b) False
View Answer
Answer: a
Explanation: Using of spy cameras in malls and shops to capture private parts of any person, without the
concern of that victim, then it comes under section 67 of IT Act, 2008 where the person doing such crime
is punished with a fine of Rs. 5 Lacs.

12. Using of spy cameras in malls and shops to capture private parts of any person comes under section
67 of IT Act, 2008 and is punished with imprisonment of ___________
a) 2 years
b) 3 years
c) 4 years
d) 5 years
View Answer
Answer: b
Explanation: Using of spy cameras in malls and shops to capture private parts of any person, without the
concern of that victim, then it comes under section 67 of IT Act, 2008 where the person doing such crime
is punished with imprisonment of 3 years.

13. Misuse of digital signatures for fraudulent purposes comes under __________ of IT Act.
a) section 65
b) section 66
c) section 71
d) section 72
View Answer
Answer: d
Explanation: Cyber-criminals and black hat hackers do one common form of cyber-crime that is a misuse
of digital signatures. The law for this fraudulent act comes under section 72 of the Indian IT Act.

14. Sending offensive message to someone comes under _____________ of the Indian IT Act ______
a) section 66-A, 2000
b) section 66-B, 2008
c) section 67, 2000
d) section 66-A, 2008
View Answer
Answer: d
Explanation: Sending an offensive message, emails o any digital content through an electronic medium to
your recipient is a punishable offense that comes under section 66 – A of the Indian IT Act, 2008.

15. Stealing of digital files comes under __________ of the Indian IT Act.
a) section 66-A
b) section 66-B
c) section 66-C
d) section 66-D
View Answer
Answer: c
Explanation: Stealing of digital files, e-documents from any system or cloud or electronic device is a
punishable offense that comes under section 66 – C of the Indian IT Act.

16. Section 79 of the Indian IT Act declares that any 3rd party information or personal data leakage in
corporate firms or organizations will be a punishable offense.
a) True
b) False
View Answer
Answer: a
Explanation: Section 79 of the Indian IT Act covers some of the corporate and business laws circulating
technologies and cyberspace; declares that any 3rd party information or personal data leakage in corporate
firms or organizations will be a punishable offense.
This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack Vectors –
DoS and DDoS”.

1. A ______________ tries to formulate a web resource occupied or busy its users by flooding the URL
of the victim with unlimited requests than the server can handle.
a) Phishing attack
b) DoS attack
c) Website attack
d) MiTM attack
View Answer
Answer: b
Explanation: A DoS attack tries to formulate a web resource occupied or busy to its users by flooding the
URL of the victim with unlimited requests than the server can handle.

2. During a DoS attack, the regular traffic on the target _____________ will be either dawdling down or
entirely interrupted.
a) network
b) system
c) website
d) router
View Answer
Answer: c
Explanation: Using of DoS attack put together web resource by flooding its users with unlimited requests.
During a DoS attack, the regular traffic on the target website will be either dawdling down or entirely
interrupted.
3. The intent of a ______________ is to overkill the targeted server’s bandwidth and other resources of
the target website.
a) Phishing attack
b) DoS attack
c) Website attack
d) MiTM attack
View Answer
Answer: b
Explanation: Web resource gets occupied or busy as it floods its users performing DoS attack. The intent
of this attack is to overkill the targeted server’s bandwidth and other resources of the target website.

4. DoS is abbreviated as _____________________

a) Denial of Service
b) Distribution of Server
c) Distribution of Service
d) Denial of Server
View Answer
Answer: a
Explanation: A Denial of Service attack targets its victim by flooding the URL of the victim with
unlimited requests. The intent of this attack is to overkill the targeted server’s bandwidth and other
resources of the target website.

5. A DoS attack coming from a large number of IP addresses, making it hard to manually filter or crash
the traffic from such sources is known as a _____________
a) GoS attack
b) PDoS attack
c) DoS attack
d) DDoS attack
View Answer
Answer: d
Explanation: A DoS attack coming from a large number of IP addresses, making it hard to manually filter
or crash the traffic from such sources is known as a Distributed Denial of Service (DDoS) attack.

6. DDoS stands for _________________

a) Direct Distribution of Server
b) Distributed Denial of Service
c) Direct Distribution of Service
d) Distributed Denial of Server
View Answer
Answer: b
Explanation: When a DoS attack comes from a large number of IP addresses, this makes it hard to
manually filter or crash the traffic from such sources and the attack is known as a Distributed Denial of
Service (DDoS) attack.

7. Instead of implementing single computer & its internet bandwidth, a ____________ utilizes various
systems & their connections for flooding the targeted website.
a) GoS attack
b) PoS attack
c) DDoS attack
d) DoS attack
View Answer
Answer: c
Explanation: DDoS is another leading attack type. Instead of implementing single computer & its internet
bandwidth, a DDoS utilizes various systems & their connections for flooding the targeted website.

8. There are ______ types of DoS attack.

a) 2
b) 3
c) 4
d) 5
View Answer
Answer: a
Explanation: With the help of DoS attack attackers try to busy its users by flooding the URL of the victim
with limitless requests. There are two types of DoS attack. These are Application Layer Attacks and
Network Layer DoS attacks.

9. Application layer DoS attack is also known as _______________

a) Layer4 DoS attack
b) Layer5 DoS attack
c) Layer6 DoS attack
d) Layer7 DoS attack
View Answer
Answer: d
Explanation: A DoS attack is a very dangerous threat for users who have their services running via the
internet. The Application Layer DoS is also known as Layer-7 DoS attack.

10. ___________ is a type of DoS threats to overload a server as it sends a large number of requests
requiring resources for handling & processing.
a) Network Layer DoS
b) Physical Layer DoS
c) Transport Layer DoS
d) Application Layer DoS
View Answer
Answer: d
Explanation: DoS attacks are of two types. These are Application Layer Attacks and Network Layer DoS
attacks. Application Layer DoS is a type of DoS threats to overload a server as it sends a large number of
requests requiring resources for handling & processing.

11. Which of the following is not a type of application layer DoS?

a) HTTP flooding
b) Slowloris
c) TCP flooding
d) DNS query flooding
View Answer
Answer: c
Explanation: In application Layer DoS, its threats to overload a server as it sends a large quantity of
requests requiring resources for handling & processing. This category includes HTTP flooding, slow-
flooding attack and DNS query flooding.
12. Network layer attack is also known as ________________
a) Layer3-4 DoS attack
b) Layer5 DoS attack
c) Layer6-7 DoS attack
d) Layer2 DoS attack
View Answer
Answer: a
Explanation: Denial of Service attack becomes dangerous because it floods the target service over the
internet. There are two types of DoS attack. The Network Layer DoS is also known as the Layer 3-4 DoS
attack.

13. Which of the following do not comes under network layer DoS flooding?
a) UDP flooding
b) HTTP Flooding
c) SYN flooding
d) NTP Amplification
View Answer
Answer: b
Explanation: Network layer DoS attack is set up to congest the “pipelines” that are connecting user’s
network. This includes attacks such as NTP amplification, SYN flooding, UDP flooding and DNS
amplification.

14. Which of the following do not comes under network layer DoS flooding?
a) DNS amplification
b) UDP flooding
c) DNS query flooding
d) NTP Amplification
View Answer
Answer: c
Explanation: Network layer DoS attack includes attacks such as NTP amplification, SYN flooding, UDP
flooding and DNS amplification. DNS query flooding does not come under the Network layer DoS attack.

15. DDoS are high traffic events that are measured in Gigabits per second (Gbps) or packets per second
(PPS).
a) True
b) False
View Answer
Answer: a
Explanation: At the time of DoS attack, it becomes hard to manually filter or crash the traffic from such
sources. DDoS are high traffic events that are measured in Gigabits per second (Gbps) or packets per
second (PPS).

16. A DDoS with 20 to 40 Gbps is enough for totally shutting down the majority network infrastructures.
a) True
b) False
View Answer
Answer: a
Explanation: A DoS attack is very dangerous for any targeted victim because it can seize business and
bring loss to a company running on the website. A DDoS with 20 to 40 Gbps is enough for totally
shutting down the majority network infrastructures.