1. What is the full form of LDAP?
A : Light Weight Directory Access Provider
B : Light Weight Directory Access Protocol
C : Light Weight Directory Access Program
D : Light Weight Directory Access Protection
Answer: Light Weight Directory Access Protocol
2. What is the full form of CIA under information security?
A : Confidentiality Integrity Availability
B : Criminal Investigation Agency
C : Cost Information Agency
D : Credit Integrity Assement
Answer: Confidentiality Integrity Availability
3. What is called periodic assessment of security vulnerability in computer system?
A : Threat
B : Attack
C : Hacking
D : Security audit
Answer: Security audit
4. What is called a single point of access for several networking services?
A : Phishing
B : Web service
C : Directory service
D : Worms
Answer: Directory service
5. Which activities endanger the sovereignty and integrity of nation?
A : Cyber Terrorism
B : Cyber vandalism
C : Cyber squatting
D : Carding
Answer: Cyber Terrorism
6. Which method go through all the files or network elements with an intention to detect something unusual?
A : Probing
B : Phishing
C : Infecting
D : Scanning
Answer: Scanning
7. Victims of cyber attack might loose _______.
A : data
B : money
C : both a & b
D : none of them
Answer: both a & b
8. Under information security, any device having _______is classified as a computing device.
A : processor
B : memory
C : both a & b
D : neither a nor b
Answer: both a & b
9. Attacking the victims through fake URL resembling that of a valid financial Institution is called_____ .
A : Worms
B : Phishing attack
C : Trojans
D : Computer Viruses
Answer: Phishing attack
10. Getting the user ID and password from a victim through dubious program is called_____attack.
A : Worms
B : Phishing attack
C : Trojan
D : Computer Viruses
Answer: Trojan
11. A malicious program spreading through Internet and storage media and attacking the data in victims computer is called_______.
A : Worms
B : Phishing attack
C : Trojan
D : Computer Virus
Answer: Computer Virus
12. Potential weaknesses in IT infrastructure through which a cyber attack might occur is called __.
A : strength
B : antivirus
C : vulnerability
D : port
Answer: vulnerability
13. Vulnerability for cyber attack may be in______.
A : operating system
B : application software
C : IT infrastructure
D : all of them
Answer: all of them
14. To protect the network infrastructure from vulnerability, _____ is setup.
A : firewall
B : Internet security software
C : both a & b
D : none of them
Answer: both a & b
15. The person using vulnerability in operating system or application software or IT infrastructure to intrude in to the computer of a victim is called ______ .
A : hacker
B : cracker
C : maker
D : taker
Answer: hacker
16. Periodic assessment of security vulnerability in computer systems is called _______audit.
A : threat
B : attack
C : hacking
D : security
Answer: security
17. The security audit team______ to keep the computers safe from cyber attacks.
A : assesses vulnerability
B : decides the safety measures through hardware and software
C : considers latest threat scenario and implements information safety
D : all of them
Answer: all of them
18. To ensure information safety, ________should be implemented.
A : physical access security
B : password access security
C : secure IT infrastructure
D : all of them
Answer: all of them
19. A single point of access for several networking services is called _____.
A : Directory Service
B : web server
C : email server
D : none of them
Answer: Directory Service
20. Directory service permits security administrators to ______.
A : concentrate on security of directory service instead of individual machines
B : create new vulnerabilities
C : damage the security of computers
D : create new virus
Answer: concentrate on security of directory service instead of individual machines
21. Directory service should be able to _______in the infrastructure.
A : include new services
B : esaily search for information in the network
C : the information stored on the directory server should be accessible from any operating system
D : all of them
Answer: all of them
22. Protecting access to a computer through________ is called access control.
A : physical restriction of entry
B : password security for login
C : both a & b
D : none of them
Answer: both a & b
23. Security should be implemented at the stage of ______in software.
A : development stage
B : entire life cycle
C : Sofware Development Life Cycle (SDLC)
D : all of them
Answer: all of them
24. SDLC in software development stands for _____.
A : Software Development Life Circus
B : Software Development Life Cycle
C : Software Drafting Life Cycle
D : Software Development Lead Cycle
Answer: Software Development Life Cycle
25. Protection from______ of source code means non-disclosure of the source code to outsiders.
A : disclosure
B : alteration
C : destruction
D : log of changes (whois making request)
Answer: disclosure
26. Protection from ______of source code means alloting the right to edit the source code to authorized persons only.
A : disclosure
B : alteration
C : destruction
D : log of changes (whois making request)
Answer: alteration
27. Protection from _______of source code means protection of any individual from destroying the software source code.
A : disclosure
B : alteration
C : destruction
D : log of changes (whois making request)
Answer: destruction
28. Protection from ________of source code means recording all changes made to the source code and the person making such changes.
A : disclosure
B : alteration
C : destruction
D : log of changes (who is making request)
Answer: log of changes (who is making request)
29. _______of access rights in source code development means verification of role before permitting access to source code.
A : verification
B : maintaining historical records
C : error handling
D : log of changes (whois making request)
Answer: verification
30. _____in source code development means handling of configuration errors, session errors and exceptions.
A : verification
B : maintaining historical records
C : error handling
D : log of changes (whois making request)
Answer: error handling
31. Protecting the data divulged by customers from unauthorized access is called____.
A : privacy protection
B : audit
C : antinvirus
D : vulnerability
Answer: privacy protection
32. Information on criminal records of individuals, financial data of companies, genetic information, address, mobile number, email ID, record of web surfing behaviour, record of credit card, record of debit card, netbanking details, etc. are classified under ______.
A : privacy protection
B : audit
C : antinvirus
D : vulnerability
Answer: privacy protection
33. Information security audit may be conducted with reference to _____ .
A : vulnerabilities
B : threats
C : preventive measures
D : all of them
Answer: all of them
34. Information security audit analyses events of past threats to formulate _____.
A : security measures
B : safe practices
C : software protection
D : all of them
Answer: all of them
35. Any single employee ______hold all data needed for making a complete financial transaction.
A : should not
B : should
C : may
D : might
should not
36. IT audit of the firm should be conducted periodically, which may be every______ .
A : fortnight
B : month
C : quarter
D : all of them
Answer: all of them
37. IT act aims to_______ .
A : protect victims of cyber fraud
B : punish misbehious involving technology
C : both a & b
D : none of them
Answer: both a & b
38. _____ can keep unwanted ads to show up?
A : Adware
B : Hardware
C : Malware
D : Spyware
Answer: Adware
39. There are broadly how many categories of IT risks?
A : 3
B : 5
C : 2
D : 7
Answer: 5
40. ______ servers provide a central storeroom for storing and managing information?
A : Clint
B : Directory
C : Post
D : Group
Answer: Directory
41. ______ generally refers to a system that can control, monitor and restrict the movement of people, assets or vehicles, in, out and around a building or site?
A : Access control
B : Security Guard
C : Form Denial
D : None
Answer: Access control
42. Which chapter of the IT awareness Act talks about electronic governance?
A : 4
B : 3
C : 2
D : 1
Answer: 3
43. Chapter 7 of the IT awareness act deals with?
A : E-Commerce
B : Electronic Governance
C : Digital Signature
D : None
Answer: Digital Signature
44. Which chapter of the IT awareness act talks about penalities and adjudication?
A : 5
B : 7
C : 11
D : 9
Answer: 9
45. The IT awareness act addresses which of the following issues?
A : Legal recognition of electronic documents
B : Legal Recognition of digital signatures
C : Offenses and contraventions
D : All of the above
Answer: All of the above
46. Why would a hacker use a proxy server?
A : To create a stronger connection with the target
B : To create a ghost server on the network.
C : To obtain a remote access connection.
D : To hide malicious activity on the network.
Answer: To hide malicious activity on the network.
47. What type of symmetric key algorithm using a streaming cipher to encrypt information?
A : RC4
B : Blowfish
C : SHA
D : MD5
Answer: RC4
48. Which of the following is not a factor in securing the environment against an attack on security?
A : The education of the attacker
B : The system configuration
C : The network architecture
D : The business strategy of the company
Answer: The business strategy of the company
49. What type of attack uses a fraudulent server with a relay address?
A : NTLM
B : MITM
C : NetBIOS
D : SMB
Answer: MITM
50. To hide information inside a picture, what technology is used?
A : Rootkits
B : Bitmapping
C : Steganography
D : Image Rendering
Answer: Steganography
51. Which phase of hacking performs actual attack on a network or system?
A : Reconnaissance
B : Maintaining Access
C : Scanning
D : Gaining Access
Answer: Gaining Access
52. Which federal code applies the consequences of hacking activities that disrupt subway transit system?
A : Electronic Communications Interception of Oral Communications
B : 18 U.S.C $ 1029
C : Cyber security Enhancement Act 2002
D : 18 U.S.C. $ 1030
Answer: Cyber security Enhancement Act 2002
53. Which ports should be blocked to prevent null session enumeration?
A : Port 120 and 445
B : Port 135 and 136
C : Port 110 and 137
D : Port 135 and 139
Answer: Port 135 and 139
54. The first phase of hacking an IT system is compromise of which foundation of security?
A : Availability
B : Confidentiality
C : Integrity
D : Authentication
Answer: Confidentiality
55. How is IP address spoofing detected?
A : Installing and configuring a IDS that can read the IP header
B : Comparing the TTL value of the actual and spoofed addresses
C : Implementing a firewall to the network
D : Identify all TCP sessions that are initiated but does not complete successfully
Answer: Comparing the TTL value of the actual and spoofed addresses
56. Which of the following is not a typical characteristic of an ethical hacker?
A : Excellent knowledge of windows.
B : Understands the process of exploiting network vulnerabilities.
C : patience, persistence and perseverance.
D : Has the highest level of security for the organization.
Answer: Has the highest level of security for the organization.
57. What type of rootkit will patch, hook, or replace the version of system call in order to hide information?
A : Library level rootkits
B : Kernel level rootkits
C : System level rootkits
D : Application level rootkits
Answer: Library level rootkits
58. What is the purpose of a Denial service attack?
A : Exploit a weakness in the TCP/IP stack
B : To execute a Trojan on a system
C : To overload a system so it is no longer operational
D : To shutdown services by turning them off
Answer: To overload a system so it is no longer operational
59. Which of the following will allow footprinting to be conducted without detection?
A : PingSweep
B : Traceroute
C : War Dialers
D : ARIN
Answer: ARIN
60. Performing hacking activities with the intent of gaining visibility for an unfair situation is called_______.
A : Cracking
B : Analysis
C : Hacktivism
D : Exploitation
Answer: Hacktivism
61. What is the most important activity in system hacking?
A : Information gathering
B : Cracking passwords
C : Escalating privileges
D : Covering tracks
Answer: Cracking passwords
62. Why would HTTP Tunneling be used?
A : To identify proxy servers
B : Web activity is not scanned
C : To bypass a firewall
D : HTTP is a easy protocol to work with
Answer: To bypass a firewall
63. Keyloggers are a form of _______.
A : Spyware
B : Shoulder surfing
C : Trojan
D : Social engineering
Answer: Spyware
64. Having individuals provide personal information to obtain a free offer provided through the internet is considered what type of social engineering?
A : Web-based
B : Human-base
C : User-based
D : Computer-based
Answer: Computer-based
65. _____framework made cracking of vulnerabilities easy like point and click.
A : .Net
B : Metasploit
C : Zeus
D : Ettercap
Answer: Metasploit
66. _____ is a popular tool used for discovering networks as well as in security auditing.
A : Ettercap
B : Metasploit
C : Nmap
D : Burp Suit
Answer: Nmap
67. Which of the below-mentioned tool is used for Wi-Fi hacking?
A : Wireshark
B : Nessus
C : Aircrack-ng
D : Snort
Answer: Aircrack-ng
68. Aircrac-ng is used for ______
A : Firewall bypassing
B : Wi-Fi attacks
C : Packet filtering
D : System password cracking
Answer: Wi-Fi attacks
69. ______ is a web application assessment security tool.
A : LC4
B : Weblnspect
C : Ettercap
D : QualysGuard
Answer: Weblnspect
70. _____ is a password recovery and auditing tool.
A : LC3
B : LC4
C : Network Stumbler
D : Maltego
Answer: LC4