Cyber Security & Penetration Testing Multiple Choice Questions

1. A process is nothing but a running instance of a program. True or False?

a. True
b. False

2. Which of the following Linux commands is used to check files opened by current user?

a. crontab
b. ls -l
c. lsof
d. dir

3. Which of the following files in Linux is used to store account passwords?

a. /etc/passwd
b. /etc/passwords
c. /etc/login
d. /etc/shadow

4. Which of the following commands is used to view and edit Windows Security Policies?

a. regedit.exe
b. gpedit.msc
c. wf.exe
d. cmd

5. An application running at Ring 2 has higher privileges than an application running at Ring 0. True or False?

a. True
b. False

6. Which of the following Linux commands is used to clear all the current iptables rules?

a. iptables -L
b. iptables -F
c. iptables – A
d. None of the above.

7. Which of the following value denotes full access (read/write/execute) to all users and groups?

a. 555
b. 666
c. 777
d. 077

8. Which of the following directories in Linux stores all configuration files?

a. /var
b. /bin
c. /etc
d. /lib

9. You can add a row using SQL in a database with which of the following?

a. ADD
b. CREATE
c. INSERT
d. MAKE

10. The command to remove a table customer from a database is:

a. REMOVE TABLE CUSTOMER;
b. DROP TABLE CUSTOMER;
c. DELETE TABLE CUSTOMER;
d. UPDATE TABLE CUSTOMER;

11. Which one of the following sorts rows in SQL?

a. SORT BY
b. ALIGN BY
c. GROUP BY
d. ORDER BY

12. DROP and TRUNCATE both are used for same purpose. True or false?

a. True
b. False

13. Which of the following is not an ACID property?

a. Consistency
b. Isolation
c. Durability
d. Availability

14. A SQL query is terminated by which of the following symbols?

a. Single quote
b. Double quote
c. Exclamation mark
d. Semicolon

15. In SQL, which of the following commands is used to select only one copy of each set of duplicate rows?

a. SELECT UNIQUE
b. SELECT DISTINCT
c. SELECT DIFFERENT
d. None of the above

16. Which of the following is an aggregate function in SQL?

a. CREATE
b. GRANT
c. GROUP BY
d. All of the above

17. Which of the following are possible vulnerabilities in a database?

a. Using DELETE to delete table data
b. Using the DROP command
c. SQL injection
d. All of the above

18. The FROM SQL clause is used to do what?

a. Specify which table we are selecting or deleting data FROM
b. Specify the range for a search condition
c. Specify a search condition
d. None of the above

19. Which of the following is a device that forwards packets between networks by processing the routing information included in the packet?

a. A router
b. A Firewall
c. A Switch
d. None of the above

20. Which of the following is not a layer of the TCP/IP protocol?

a. Application Layer
b. Session Layer
c. Transport Layer
d. Internetwork layer

21. TCP is a connectionless protocol. True or False?

a. True
b. False

22. Port number 443 is used by which of the following?

a. FTP
b. SMTP
c. HTTPS
d. DHCP

23. Which of the following protocols is used for translating IP addresses to MAC addresses?

a. DHCP
b. DNS
c. ARP
d. UDP

24. Which of the following TCP flags is used for closing a connection?

a. ACK
b. RST
c. PSH
d. FIN

25. Is 198.111.1.256 a valid IP V4 address?

a. Yes
b. No

26. IP V6 addresses are made up of how many bits?

a. 64 Bits
b. 32 Bits
c. 96 Bits
d. 128 Bits

27. A DHCP server is responsible for providing which of the following to its client?

a. MAC Address
b. IP Address
c. Protocol
d. All of the above

28. Which of the following helps detect malicious attacks over a network using the signature matching technique?

a. Router
b. Switch
c. Intrusion Detection System
d. All of the above

29. Windows PowerShell is built on top of Java framework. True or False?

a. True
b. False

30. Which of the following is a lightweight script used to perform a single function in PowerShell?

a. Pipe
b. Function
c. Cmdlet
d. ISE

31. Is PS C:\Admin\user> ls | a valid Windows PowerShell statement?

a. Yes
b. No

32. Which of the following symbols is used to denote a comment in a shell script?

a. @
b. <!–
c. %
d. #

33. Which of the following commands is used to make the shell script executable?

a. chmod –l filename.sh
b. chmod 010 filename.sh
c. chmod –x filename.sh
d. None of the above

34. Which of the following operators is used to append text during output redirection in a shell script?

a. >
b. <<
c. <
d. >>

35. Which of the following functions in Python is used to accept input from user?

a. raw-input()
b. read_raw()
c. raw_input()
d. get_inputs()

36. Lists in Python can hold heterogeneous data types. True or False?

a. True
b. False

37. Which of the following is not a benefit of virtualization?

a. Virtualization technology is eco-friendly.
b. Virtualization facilitates faster deployments.
c. Virtualization increases overall cost.
d. None of the above.

38. A Type 2 hypervisor resides directly on the hypervisor. True or false?

a. True
b. False

39. The feature of hypervisors that allows us to save the current state of a machine is called:

a. Snapshot
b. Freeze
c. Backup
d. Restore

40. Which of the following are types of Clouds?

a. Public Cloud
b. Hybrid Cloud
c. Only a
d. Both a and b

41. What is the name of the technology that wraps up piece of software or an application along with everything that the application needs to run?

a. Cloud Computing
b. Virtualization
c. Docker
d. None of the above

41. In computer security, which of the following means that computer system assets can be modified only by authorized parties?

a. Confidentiality
b. Integrity
c. Availability
d. Authenticity

42. Which of the following are mainly unskilled and novice hackers who use tools and scripts developed by others to hack into systems?

a. White hat hackers
b. Gray hat hackers
c. Script-kiddies
d. Suicide hackers

43. A procedure document contains high-level statements and is generic in nature. True or False?

a. True
b. False

44. What is a zero-day vulnerability?

a. A vulnerability that is known to all
b. A vulnerability about which no one knows at all
c. A vulnerability that is known but whose fix has not yet been developed
d. None of the above

45. Fingerprint scan is an authentication technique based on which of the following principles?

a. Something you have
b. Something you are
c. Something you know
d. None of the above

46. Denial of Service attacks affect which of the following factors?

a. Confidentiality
b. Integrity
c. Availability
d. All of the above

47. A weakness in a system is known as a:

a. Risk
b. Threat
c. Exploit
d. Vulnerability

48. Which of the following should be included in the scope of penetration testing?

a. DNS server
b. Mail server
c. Communication links
d. All of the above

49. Which of the following most closely simulates the actions of a real world attacker/hacker?

a. Vulnerability assessment
b. Security audit
c. Penetration testing
d. None of the above

50. Which of the following techniques could be used to test a firewall?

a. Send specially crafted packets by manipulating TCP headers and flags
b. Perform brute force attack
c. Perform SQL injection attack
d. None of the above

51. Which of the following is a test wherein the pen-tester has partial knowledge about the target system/network?

a. Black box testing
b. White box testing
c. Gray box testing
d. Blue box testing

52. Which of the following is one of the important documents to be signed before the penetration test to safeguard interest of the concerned parties?

a. Legal agreement
b. Service level agreement
c. Non-disclosure agreement (NDA)
d. All of the above

53. Sending a probe to the target system using a ping scan is a form of which type of reconnaissance?

a. Active reconnaissance
b. Passive reconnaissance
c. Both a and b
d. None of the above

54. A system is infected with a virus, but the anti-virus software is not able to detect it. This is an example of:

a. False positive
b. False negative

55. Email tracing is same as email tracking. True or false?

a. True
b. False

56. Which of the following Google search operator limits the search only to a particular domain?

a. Allintitle:
b. Allinurl :
c. Site:
d. None of the above.

57. Which of the following is a utility for enumerating NetBIOS shares?

a. Netstat
b. Nbtstat
c. Nslookup
d. ps

58. Which of the following is used to find domain registration information?

a. Finger
b. WHOIS
c. PING
d. All of the above.

59. Which of the following search engines is used to find devices over the Internet?

a. WHOIS
b. Netcraft
c. Shodan
d. Bing

60. Which of the following technique uses precomputed hashes for password cracking?

a. Dictionary attack
b. Hybrid attack
c. Brute force attack
d. Rainbow table attack

61. Trojans use a covert channel to communicate remotely with the attacker. True or False?

a. True
b. False

62. Which of the following viruses spread to Microsoft Office documents like Word and Excel?

a. File virus
b. Polymorphic virus
c. Macro virus
d. None of the above

63. Which of the following malware types makes kernel-level changes to hide its presence?

a. Spyware
b. Worm
c. Keylogger
d. Rootkit

64. Which of the following is a small piece of information that is sent from a website to the client system and is retained for further tracking?

a. HTTP
b. Cookie
c. XML
d. None of the above

65. It is safe to use the same session ID before and after login. True or False?

a. True
b. False

66. Which of the following attacks store a script permanently into the vulnerable application?

a. Reflected cross-site scripting
b. SQL injection
c. Persistent cross-site scripting
d. None of the above

67. Which of the following would help prevent SQL injection?

a. Using HTTPS
b. Installing anti-virus software
c. Using a parameterized query
d. All of the above

68. The SSID is the MAC address of the access point. True or False?

a. True
b. False

69. Which of the following is not a subtype of 802.11 network?

a. 802.11b
b. 802.11ay
c. 802.11g
d. 802.11n

70. Which of the following is a technique for examining Wi-Fi radio transmissions to obtain useful and valuable information?

a. Radio analysis
b. Spectrum analysis
c. Bandwidth monitoring
d. None of the above

71. The operating system that comes installed by default from the mobile manufacturer is known as what?

a. Custom ROM
b. Stock ROM
c. Original ROM
d. User ROM

72. The Android operating system uses the Linux kernel at its core. True or False?

a. True
b. False

73. Which of the following represents a single screen in an Android application?

a. Service
b. Broadcast
c. Activity
d. None of the above

74. What is Cydia?

a. A security application on iOS
b. An internet browser on iOS
c. An application platform for installing third-party applications on iOS
d. An internal system process in iOS

75. Which of the following is a framework for testing vulnerabilities in an Android application?

a. APKTool
b. ADB
c. Drozer
d. Manifest tool

76. A bastion host is a special-purpose host computer which is placed inside the firewall or DMZ and is hardened to withstand external attacks. True or false?

a. True
b. False

77. At which layer of the OSI model does the circuit-level gateway firewall work?

a. Layer 2
b. Layer 1
c. Layer 5
d. Layer 7

78. Which of the following architectures involves two or more firewalls that connect separate network segments?

a. Screened subnet
b. Multi-homed firewall
c. Gateway firewall
d. None of the above

79. A honeypot running emulated services with limited capability is known as?

a. Medium-interaction honeypot
b. High-interaction honeypot
c. Low-interaction honeypot
d. None of the above

80. Which of the following techniques involves encapsulating data in some other protocol format?

a. Source routing
b. Tunneling
c. Proxy server
d. IP spoofing

81. Cryptography provides which of the following features?

a. Confidentiality
b. Integrity
c. Availability
d. All of the above

82. A public key and private key pair is used in symmetric encryption. True or False?

a. True
b. False

83. A transposition cipher is a simple cipher that replaces bits, characters, or blocks of characters with different bits, characters, or blocks. True or False?

a. True
b. False

84. Which of the following is a program that helps connect to a system over the network in a secure way?

a. SSL
b. TLS
c. Both a and b
d. Only a

85. Enterprise applications prefer to use which of the following certificates?

a. Self-signed
b. CA-signed
c. Root-signed
d. None of the above

86. The message digest of a text is reversible. True or False?

a. True
b. False

Post Views: 4,250

You may also like:

Related Posts