Cybersecurity MCQs with Answer
Which of the following is NOT a common type of malware?
A) Ransomware
B) Spyware
C) Firewall
D) Trojan Horse
Answer: C) Firewall
What is the practice of tricking individuals into revealing sensitive information called?
A) Hacking
B) Phishing
C) Spoofing
D) DDoS Attack
Answer: B) Phishing
Which authentication factor relies on something the user knows?
A) Biometric
B) Token
C) Password
D) Smart Card
Answer: C) Password
What is the primary purpose of a firewall in network security?
A) Malware protection
B) Access control
C) Encryption
D) Data backup
Answer: B) Access control
What type of attack floods a network or server with excessive traffic to disrupt services?
A) DDoS Attack
B) Man-in-the-Middle Attack
C) Brute Force Attack
D) Cross-Site Scripting (XSS)
Answer: A) DDoS Attack
Which cryptographic technique is used to ensure the integrity and authenticity of data?
A) Hashing
B) Symmetric Encryption
C) Asymmetric Encryption
D) Digital Signatures
Answer: D) Digital Signatures
What term describes the process of converting plaintext into unreadable ciphertext?
A) Decryption
B) Hashing
C) Encryption
D) Authentication
Answer: C) Encryption
Which security principle ensures that data is accessible only to authorized users?
A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
Answer: A) Confidentiality
What is the purpose of a Virtual Private Network (VPN)?
A) To encrypt network traffic
B) To host public websites
C) To monitor network activity
D) To manage user authentication
Answer: A) To encrypt network traffic
Which of the following is NOT a best practice for password security?
A) Using long, complex passwords
B) Sharing passwords with trusted colleagues
C) Enabling multi-factor authentication
D) Regularly updating passwords
Answer: B) Sharing passwords with trusted colleagues
What is the term for a software vulnerability that remains undetected by the vendor?
A) Zero-Day Exploit
B) Backdoor
C) Buffer Overflow
D) Denial of Service (DoS)
Answer: A) Zero-Day Exploit
Which security measure prevents unauthorized access to a physical location or device?
A) Encryption
B) Firewalls
C) Access Control
D) Intrusion Detection System (IDS)
Answer: C) Access Control
What type of attack involves intercepting communication between two parties?
A) Brute Force Attack
B) Man-in-the-Middle Attack
C) Spoofing Attack
D) Phishing Attack
Answer: B) Man-in-the-Middle Attack
What is the purpose of a Security Information and Event Management (SIEM) system?
A) To detect and respond to security threats
B) To encrypt network traffic
C) To manage user authentication
D) To perform vulnerability assessments
Answer: A) To detect and respond to security threats
Which of the following is an example of a physical security control?
A) Firewalls
B) Biometric scanners
C) Encryption keys
D) Intrusion Detection Systems (IDS)
Answer: B) Biometric scanners
What type of malware is designed to block access to a computer system until a sum of money is paid?
A) Spyware
B) Worm
C) Trojan Horse
D) Ransomware
Answer: D) Ransomware
What is the primary purpose of encryption?
A) To prevent unauthorized access
B) To detect network intrusions
C) To monitor user activity
D) To manage user authentication
Answer: A) To prevent unauthorized access
Which security measure involves verifying the identity of a user or device?
A) Authorization
B) Authentication
C) Encryption
D) Intrusion Detection
Answer: B) Authentication
What is the primary purpose of a penetration test?
A) To identify vulnerabilities in a system
B) To encrypt sensitive data
C) To monitor network traffic
D) To respond to security incidents
Answer: A) To identify vulnerabilities in a system
What term describes the process of granting specific permissions to users based on their roles?
A) Authorization
B) Authentication
C) Encryption
D) Access Control
Answer: A) Authorization
Which security measure involves hiding the complexity of a system to improve security?
A) Authentication
B) Authorization
C) Obscurity
D) Encryption
Answer: C) Obscurity
What is the term for a malicious program that spreads independently and can replicate itself?
A) Virus
B) Worm
C) Trojan Horse
D) Spyware
Answer: B) Worm
Which security measure protects data from being modified or altered without authorization?
A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
Answer: B) Integrity
What is the purpose of a Security Operations Center (SOC)?
A) To manage user authentication
B) To monitor and analyze security incidents
C) To perform penetration tests
D) To enforce access control policies
Answer: B) To monitor and analyze security incidents
Which type of attack involves flooding a network with excessive traffic to disrupt services?
A) DDoS Attack
B) Phishing Attack
C) Ransomware Attack
D) SQL Injection Attack
Answer: A) DDoS Attack
What is the term for a security vulnerability that allows an attacker to bypass authentication?
A) Backdoor
B) Buffer Overflow
C) Zero-Day Exploit
D) SQL Injection
Answer: A) Backdoor
Which security principle ensures that data is available when needed?
A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
Answer: C) Availability
What type of attack involves injecting malicious code into a database query?
A) DDoS Attack
B) Man-in-the-Middle Attack
C) Ransomware Attack
D) SQL Injection Attack
Answer: D) SQL Injection Attack
Which security measure involves keeping software up-to-date to protect against known vulnerabilities?
A) Patch Management
B) Data Encryption
C) Multi-factor Authentication
D) Network Segmentation
Answer: A) Patch Management
What is the term for the process of hiding information within another file or message?
A) Steganography
B) Encryption
C) Decryption
D) Hashing
Answer: A) Steganography
What security measure involves dividing a network into smaller segments to control access?
A) Firewall
B) Intrusion Detection System
C) Network Segmentation
D) VPN
Answer: C) Network Segmentation
Which security measure involves identifying, assessing, and mitigating security risks?
A) Risk Management
B) Incident Response
C) Threat Intelligence
D) Vulnerability Assessment
Answer: A) Risk Management
What is the purpose of encryption keys?
A) To authenticate users
B) To authorize access
C) To decrypt data
D) To generate passwords
Answer: C) To decrypt data
Which security measure involves monitoring network traffic for suspicious activity?
A) Encryption
B) Firewall
C) Intrusion Detection System
D) Authentication
Answer: C) Intrusion Detection System
What is the term for a software program that appears legitimate but performs malicious activities?
A) Virus
B) Worm
C) Trojan Horse
D) Ransomware
Answer: C) Trojan Horse
Which security measure involves controlling access to resources based on user identity?
A) Authorization
B) Authentication
C) Encryption
D) Intrusion Detection
Answer: A) Authorization
What is the term for a security measure that prevents unauthorized access to a system?
A) Authentication
B) Authorization
C) Encryption
D) Firewall
Answer: D) Firewall
Which security measure involves confirming the identity of a user or device?
A) Authorization
B) Authentication
C) Encryption
D) Intrusion Detection
Answer: B) Authentication
What is the term for the practice of monitoring and managing access to information?
A) Encryption
B) Authentication
C) Authorization
D) Access Control
Answer: D) Access Control
Which security measure involves protecting data from unauthorized access?
A) Encryption
B) Authentication
C) Authorization
D) Firewall
Answer: A) Encryption
What is the term for a security vulnerability caused by improper input validation?
A) Backdoor
B) Buffer Overflow
C) SQL Injection
D) Zero-Day Exploit
Answer: B) Buffer Overflow
Which security measure involves verifying that a user or device has the appropriate permissions?
A) Authentication
B) Authorization
C) Encryption
D) Intrusion Detection
Answer: B) Authorization
What is the term for a security vulnerability that allows an attacker to gain unauthorized access?
A) Backdoor
B) Buffer Overflow
C) Zero-Day Exploit
D) Cross-Site Scripting (XSS)
Answer: A) Backdoor
Which security measure involves ensuring that data is not modified or altered without authorization?
A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
Answer: B) Integrity
What is the term for a security measure that prevents unauthorized access to a network?
A) Encryption
B) Firewall
C) Intrusion Detection System
D) Multi-factor Authentication
Answer: B) Firewall
Which security measure involves verifying the identity of a user or device?
A) Authorization
B) Authentication
C) Encryption
D) Intrusion Detection
Answer: B) Authentication
What is the term for a software vulnerability that remains undetected by the vendor?
A) Zero-Day Exploit
B) Backdoor
C) Buffer Overflow
D) Denial of Service (DoS)
Answer: A) Zero-Day Exploit
Which security principle ensures that data is available when needed?
A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
Answer: C) Availability
What type of attack involves intercepting communication between two parties?
A) Brute Force Attack
B) Man-in-the-Middle Attack
C) Spoofing Attack
D) Phishing Attack
Answer: B) Man-in-the-Middle Attack
What is the term for a security vulnerability that allows an attacker to bypass authentication?
A) Backdoor
B) Buffer Overflow
C) Zero-Day Exploit
D) SQL Injection
Answer: A) Backdoor