Information and Cyber Security MCQs SPPU BE Computer Engineering

1. What is the full form of LDAP?

A : Light Weight Directory Access Provider
B : Light Weight Directory Access Protocol
C : Light Weight Directory Access Program
D : Light Weight Directory Access Protection

Answer: Light Weight Directory Access Protocol

2. What is the full form of CIA under information security?

A : Confidentiality Integrity Availability
B : Criminal Investigation Agency
C : Cost Information Agency
D : Credit Integrity Assement

Answer: Confidentiality Integrity Availability

3. What is called periodic assessment of security vulnerability in computer system?

A : Threat
B : Attack
C : Hacking
D : Security audit

Answer: Security audit

4. What is called a single point of access for several networking services?

A : Phishing
B : Web service
C : Directory service
D : Worms

Answer: Directory service

5. Which activities endanger the sovereignty and integrity of nation?

A : Cyber Terrorism
B : Cyber vandalism
C : Cyber squatting
D : Carding

Answer: Cyber Terrorism

6. Which method go through all the files or network elements with an intention to detect something unusual?

A : Probing
B : Phishing
C : Infecting
D : Scanning

Answer: Scanning

7. Victims of cyber attack might loose _______.

A : data
B : money
C : both a & b
D : none of them

Answer: both a & b

8. Under information security, any device having _______is classified as a computing device.

A : processor
B : memory
C : both a & b
D : neither a nor b

Answer: both a & b

9. Attacking the victims through fake URL resembling that of a valid financial Institution is called_____ .

A : Worms
B : Phishing attack
C : Trojans
D : Computer Viruses

Answer: Phishing attack

10. Getting the user ID and password from a victim through dubious program is called_____attack.

A : Worms
B : Phishing attack
C : Trojan
D : Computer Viruses

Answer: Trojan

11. A malicious program spreading through Internet and storage media and attacking the data in victims computer is called_______.

A : Worms
B : Phishing attack
C : Trojan
D : Computer Virus

Answer: Computer Virus

12. Potential weaknesses in IT infrastructure through which a cyber attack might occur is called __.

A : strength
B : antivirus
C : vulnerability
D : port

Answer: vulnerability

13. Vulnerability for cyber attack may be in______.

A : operating system
B : application software
C : IT infrastructure
D : all of them

Answer: all of them

14. To protect the network infrastructure from vulnerability, _____ is setup.

A : firewall
B : Internet security software
C : both a & b
D : none of them

Answer: both a & b

15. The person using vulnerability in operating system or application software or IT infrastructure to intrude in to the computer of a victim is called ______ .

A : hacker
B : cracker
C : maker
D : taker

Answer: hacker

16. Periodic assessment of security vulnerability in computer systems is called _______audit.

A : threat
B : attack
C : hacking
D : security

Answer: security

17. The security audit team______ to keep the computers safe from cyber attacks.

A : assesses vulnerability
B : decides the safety measures through hardware and software
C : considers latest threat scenario and implements information safety
D : all of them

Answer: all of them

18. To ensure information safety, ________should be implemented.

A : physical access security
B : password access security
C : secure IT infrastructure
D : all of them

Answer: all of them

19. A single point of access for several networking services is called _____.

A : Directory Service
B : web server
C : email server
D : none of them

Answer: Directory Service

20. Directory service permits security administrators to ______.

A : concentrate on security of directory service instead of individual machines
B : create new vulnerabilities
C : damage the security of computers
D : create new virus

Answer: concentrate on security of directory service instead of individual machines

21. Directory service should be able to _______in the infrastructure.

A : include new services
B : esaily search for information in the network
C : the information stored on the directory server should be accessible from any operating system
D : all of them

Answer: all of them

22. Protecting access to a computer through________ is called access control.

A : physical restriction of entry
B : password security for login
C : both a & b
D : none of them

Answer: both a & b

23. Security should be implemented at the stage of ______in software.

A : development stage
B : entire life cycle
C : Sofware Development Life Cycle (SDLC)
D : all of them

Answer: all of them

24. SDLC in software development stands for _____.

A : Software Development Life Circus
B : Software Development Life Cycle
C : Software Drafting Life Cycle
D : Software Development Lead Cycle

Answer: Software Development Life Cycle

25. Protection from______ of source code means non-disclosure of the source code to outsiders.

A : disclosure
B : alteration
C : destruction
D : log of changes (whois making request)

Answer: disclosure

26. Protection from ______of source code means alloting the right to edit the source code to authorized persons only.

A : disclosure
B : alteration
C : destruction
D : log of changes (whois making request)

Answer: alteration

27. Protection from _______of source code means protection of any individual from destroying the software source code.

A : disclosure
B : alteration
C : destruction
D : log of changes (whois making request)

Answer: destruction

28. Protection from ________of source code means recording all changes made to the source code and the person making such changes.

A : disclosure
B : alteration
C : destruction
D : log of changes (who is making request)

Answer: log of changes (who is making request)

29. _______of access rights in source code development means verification of role before permitting access to source code.

A : verification
B : maintaining historical records
C : error handling
D : log of changes (whois making request)

Answer: verification

30. _____in source code development means handling of configuration errors, session errors and exceptions.

A : verification
B : maintaining historical records
C : error handling
D : log of changes (whois making request)

Answer: error handling

31. Protecting the data divulged by customers from unauthorized access is called____.

A : privacy protection
B : audit
C : antinvirus
D : vulnerability

Answer: privacy protection

32. Information on criminal records of individuals, financial data of companies, genetic information, address, mobile number, email ID, record of web surfing behaviour, record of credit card, record of debit card, netbanking details, etc. are classified under ______.

A : privacy protection
B : audit
C : antinvirus
D : vulnerability

Answer: privacy protection

33. Information security audit may be conducted with reference to _____ .

A : vulnerabilities
B : threats
C : preventive measures
D : all of them

Answer: all of them

34. Information security audit analyses events of past threats to formulate _____.

A : security measures
B : safe practices
C : software protection
D : all of them

Answer: all of them

35. Any single employee ______hold all data needed for making a complete financial transaction.

A : should not
B : should
C : may
D : might

should not

36. IT audit of the firm should be conducted periodically, which may be every______ .

A : fortnight
B : month
C : quarter
D : all of them

Answer: all of them

37. IT act aims to_______ .

A : protect victims of cyber fraud
B : punish misbehious involving technology
C : both a & b
D : none of them

Answer: both a & b

38. _____ can keep unwanted ads to show up?

A : Adware
B : Hardware
C : Malware
D : Spyware

Answer: Adware

39. There are broadly how many categories of IT risks?

A : 3
B : 5
C : 2
D : 7

Answer: 5

40. ______ servers provide a central storeroom for storing and managing information?

A : Clint
B : Directory
C : Post
D : Group

Answer: Directory

41. ______ generally refers to a system that can control, monitor and restrict the movement of people, assets or vehicles, in, out and around a building or site?

A : Access control
B : Security Guard
C : Form Denial
D : None

Answer: Access control

42. Which chapter of the IT awareness Act talks about electronic governance?

A : 4
B : 3
C : 2
D : 1

Answer: 3

43. Chapter 7 of the IT awareness act deals with?

A : E-Commerce
B : Electronic Governance
C : Digital Signature
D : None

Answer: Digital Signature

44. Which chapter of the IT awareness act talks about penalities and adjudication?

A : 5
B : 7
C : 11
D : 9

Answer: 9

45. The IT awareness act addresses which of the following issues?

A : Legal recognition of electronic documents
B : Legal Recognition of digital signatures
C : Offenses and contraventions
D : All of the above

Answer: All of the above

46. Why would a hacker use a proxy server?

A : To create a stronger connection with the target
B : To create a ghost server on the network.
C : To obtain a remote access connection.
D : To hide malicious activity on the network.

Answer: To hide malicious activity on the network.

47. What type of symmetric key algorithm using a streaming cipher to encrypt information?

A : RC4
B : Blowfish
C : SHA
D : MD5

Answer: RC4

48. Which of the following is not a factor in securing the environment against an attack on security?

A : The education of the attacker
B : The system configuration
C : The network architecture
D : The business strategy of the company

Answer: The business strategy of the company

49. What type of attack uses a fraudulent server with a relay address?

A : NTLM
B : MITM
C : NetBIOS
D : SMB

Answer: MITM

50. To hide information inside a picture, what technology is used?

A : Rootkits
B : Bitmapping
C : Steganography
D : Image Rendering

Answer: Steganography

51. Which phase of hacking performs actual attack on a network or system?

A : Reconnaissance
B : Maintaining Access
C : Scanning
D : Gaining Access

Answer: Gaining Access

52. Which federal code applies the consequences of hacking activities that disrupt subway transit system?

A : Electronic Communications Interception of Oral Communications
B : 18 U.S.C $ 1029
C : Cyber security Enhancement Act 2002
D : 18 U.S.C. $ 1030

Answer: Cyber security Enhancement Act 2002

53. Which ports should be blocked to prevent null session enumeration?

A : Port 120 and 445
B : Port 135 and 136
C : Port 110 and 137
D : Port 135 and 139

Answer: Port 135 and 139

54. The first phase of hacking an IT system is compromise of which foundation of security?

A : Availability
B : Confidentiality
C : Integrity
D : Authentication

Answer: Confidentiality

55. How is IP address spoofing detected?

A : Installing and configuring a IDS that can read the IP header
B : Comparing the TTL value of the actual and spoofed addresses
C : Implementing a firewall to the network
D : Identify all TCP sessions that are initiated but does not complete successfully

Answer: Comparing the TTL value of the actual and spoofed addresses

56. Which of the following is not a typical characteristic of an ethical hacker?

A : Excellent knowledge of windows.
B : Understands the process of exploiting network vulnerabilities.
C : patience, persistence and perseverance.
D : Has the highest level of security for the organization.

Answer: Has the highest level of security for the organization.

57. What type of rootkit will patch, hook, or replace the version of system call in order to hide information?

A : Library level rootkits
B : Kernel level rootkits
C : System level rootkits
D : Application level rootkits

Answer: Library level rootkits

58. What is the purpose of a Denial service attack?

A : Exploit a weakness in the TCP/IP stack
B : To execute a Trojan on a system
C : To overload a system so it is no longer operational
D : To shutdown services by turning them off

Answer: To overload a system so it is no longer operational

59. Which of the following will allow footprinting to be conducted without detection?

A : PingSweep
B : Traceroute
C : War Dialers
D : ARIN

Answer: ARIN

60. Performing hacking activities with the intent of gaining visibility for an unfair situation is called_______.

A : Cracking
B : Analysis
C : Hacktivism
D : Exploitation

Answer: Hacktivism

61. What is the most important activity in system hacking?

A : Information gathering
B : Cracking passwords
C : Escalating privileges
D : Covering tracks

Answer: Cracking passwords

62. Why would HTTP Tunneling be used?

A : To identify proxy servers
B : Web activity is not scanned
C : To bypass a firewall
D : HTTP is a easy protocol to work with

Answer: To bypass a firewall

63. Keyloggers are a form of _______.

A : Spyware
B : Shoulder surfing
C : Trojan
D : Social engineering

Answer: Spyware

64. Having individuals provide personal information to obtain a free offer provided through the internet is considered what type of social engineering?

A : Web-based
B : Human-base
C : User-based
D : Computer-based

Answer: Computer-based

65. _____framework made cracking of vulnerabilities easy like point and click.

A : .Net
B : Metasploit
C : Zeus
D : Ettercap

Answer: Metasploit

66. _____ is a popular tool used for discovering networks as well as in security auditing.

A : Ettercap
B : Metasploit
C : Nmap
D : Burp Suit

Answer: Nmap

67. Which of the below-mentioned tool is used for Wi-Fi hacking?

A : Wireshark
B : Nessus
C : Aircrack-ng
D : Snort

Answer: Aircrack-ng

68. Aircrac-ng is used for ______

A : Firewall bypassing
B : Wi-Fi attacks
C : Packet filtering
D : System password cracking

Answer: Wi-Fi attacks

69. ______ is a web application assessment security tool.

A : LC4
B : Weblnspect
C : Ettercap
D : QualysGuard

Answer: Weblnspect

70. _____ is a password recovery and auditing tool.

A : LC3
B : LC4
C : Network Stumbler
D : Maltego

Answer: LC4