Correct Answer : Option (D) :   All of the Above

---

Explanation : Cyber Security is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology (IT) security, cybersecurity measures are designed to combat threats against networked systems and applications, whether those threats originate from inside or outside of an organization.

Source : F T L

Correct Answer : Option (D) :   August Kerckhoffs

---

Explanation : August Kerckhoffs, a linguist and German professor at HEC, wrote an essay in the Journal of Military Science in February 1883. Kerckhoff had unwittingly established the foundations for contemporary encryption, earning him the title of “Father of Computer Security.”

Correct Answer : Option (B) :   Bob Thomas

---

Explanation : The true birth of Cyber Security occurred in the 1970s. This began with a project called The Advanced Research Projects Agency Network (ARPANET). This was the connectivity network developed prior to the internet itself. A man named Bob Thomas determined it was possible for a computer program to move over a network.

Correct Answer : Option (A) :   Stalking

---

Explanation :

Correct Answer : Option (C) :   Cyber attack

---

Explanation : An effort to steal, spy on, damage, or destroy diverse components of cyberspace, such as computer systems, related peripherals, network systems, and information, is known as a cyber attack.

Correct Answer : Option (C) :   Malicious Software

---

Explanation : Different types of harmful software and programs that can pose threats to a system, network or anything related to cyberspace are termed as Malware. Examples of some common malware are Virus, Trojans, Ransomware, spyware, worms, rootkits etc.

Correct Answer : Option (B) :   4

---

Explanation : The 4 key elements that constitute the security are:

* confidentiality
* integrity
* authenticity
* availability

Authenticity is not considered as one of the key elements in some other security models, but the popular CIA Triad eliminates this as authenticity at times comes under confidentiality & availability.

Correct Answer : Option (D) :   Information Security

---

Explanation : Information Security (abbreviated as InfoSec) is a process or set of processes used for protecting valuable information for alteration, destruction, deletion or disclosure by unauthorised users.

Correct Answer : Option (A) :   Dos Attack

---

Explanation : A dos attack refers to the denial of service attack. It is a kind of cyber attack in which one tries to make a machine (or targeted application, website etc.) unavailable for its intended users. It is usually accomplished by disturbing the service temporarily or indefinitely of the target connected to the internet.

Correct Answer : Option (D) :   All of the Above

---

Explanation :

Correct Answer : Option (C) :   Criminal organizations, Black hat hackers, malware developers, cyber-terrorists

---

Explanation : Criminal-minded organizations, groups and individuals cyber-terrorist groups, Black hat hackers, malware developers etc are those who can deploy malwares to any target system or network in order to deface that system.

Correct Answer : Option (B) :   Authenticity

---

Explanation : According to the CIA triad the three components that a security need is the Confidentiality, Integrity, Availability (as in short read as CIA).

Correct Answer : Option (B) :   CIA Triad

---

Explanation : Various security models were being developed till date. This is by far the most popular and widely used model which focuses on the information’s confidentiality, integrity as well as availability and how these key elements can be preserved for a better security in any organization.

Correct Answer : Option (D) :   Unchanged default password

---

Explanation : Disaster, eavesdropping and information leakage come under information security threats whereas not changing the default password of any system, hardware or any software comes under the category of vulnerabilities that the user may pose to its system.

Correct Answer : Option (A) :   Spam

---

Explanation : It is a type of unsolicited email which is generally sent in bulk to an indiscriminate recipient list for commercial purpose. Generally, these types of mail are considered unwanted because most users don't want these emails at all.

Correct Answer : Option (D) :   All of the Above

---

Explanation :

Correct Answer : Option (D) :   All of the Above

---

Explanation :

Correct Answer : Option (C) :   SQL Injection

---

Explanation : SQLi (Structured Query Language Injection) is a popular attack where SQL code is targeted or injected; for breaking the web application having SQL vulnerabilities. This allows the attacker to run malicious code and take access to the database of that server.

Correct Answer : Option (B) :   Cross Site Scripting

---

Explanation : Cross Site Scripting is another popular web application attack type that can hamper the reputation of any site.

Correct Answer : Option (A) :   AIC (Availability, Integrity, Confidentiality)

---

Explanation : This approach of naming it CIA Triad as AIC (Availability, Integrity, Confidentiality) Triad because people get confused about this acronym with the abbreviation and the secret agency name Central Intelligence Agency.

Correct Answer : Option (A) :   flood

---

Explanation : Flood comes under natural disaster which is a threat to any information and not acts as a vulnerability to any system.

Correct Answer : Option (D) :   Cloud workload protection platforms

---

Explanation : Nowadays data centres support workloads from different geographic locations across the globe through physical systems, virtual machines, servers, and clouds. Their security can be managed using Cloud workload protection platforms which manage policies regarding security of information irrespective of its location.

Correct Answer : Option (C) :   Spyware

---

Explanation : It is generally defined as the software designed to enter the target's device or computer system, gather all information, observe all user activities, and send this information to a third party. Another important thing about the spyware is that it works in the background sends all information without your permission.

Correct Answer : Option (A) :   AES

---

Explanation : Denial of Service, Man in the Middle, and Malware exploit the system causing a threat to security, hence they are considered as cybercrime. AES (Advanced Encryption Standard) provides security by encrypting the data.

Correct Answer : Option (B) :   Internet Of Things

---

Explanation : The Internet of Things (IoT) is a network of physical objects embedded with sensors, software, and other technologies to connect and exchange data with other devices and systems through the internet.

Correct Answer : Option (D) :   All of the Above

---

Explanation :

Correct Answer : Option (B) :   William Gibson

---

Explanation : William Gibson, an American-Canadian fiction pioneer, and coiner, examined the many streams of technology and invented the word “cyberspace” in 1821. The phrase refers to linked technologies that aid in information exchange, interaction with digital devices, storage and digital entertainment, computer and network security, and other information technology-related matters.

Correct Answer : Option (C) :   Buffer Overflow attack

---

Explanation : The Buffer overflow attack takes place when an excessive amount of data occurs in the buffer, which it cannot handle and lead to data being over-flow into its adjoined storage. This attack can cause a system or application crash and can lead to malicious entry-point.

Correct Answer : Option (A) :   Data tampering

---

Explanation : The term data tampering is used when integrity is compromised in any security model and checking its integrity later becomes costlier. Example: let suppose you sent $50 to an authorised person and in between a Man in the Middle (MiTM) attack takes place and the value has tampered to $500. This is how integrity is compromised.

Correct Answer : Option (C) :   Remote browser access

---

Explanation : Cyber-criminals target browsers for breaching information security. If a user establishes a remote browsing by isolating the browsing session of end user, cyber-criminals will not be able to infect the system along with browser with malware, ultimately reducing the attack surface area.

Correct Answer : Option (D) :   Endpoint Detection and response

---

Explanation : It is a collective name for tools that monitor networks & endpoints of systems and record all the activities for further reporting, analysis & detection in a central database. Analyzing the reports generated through such EDR tools, loopholes in a system or any internal, as well as external breaching attempts can be detected.

Correct Answer : Option (D) :   Vulnerability

---

Explanation : Access control policies are incorporated to a security system for restricting of unauthorised access to any logical or physical system. Every security compliance program must need this as a fundamental component. Those systems which lack this feature is vulnerable.

Correct Answer : Option (B) :   Antivirus

---

Explanation : An antivirus is a kind of software that is specially designed to help the user's computer to detect the virus as well as to avoid the harmful effect of them. In some cases where the virus already resides in the user's computer, it can be easily removed by scanning the entire system with antivirus help.

Correct Answer : Option (A) :   1970

---

Explanation : In the case of hackers in the 1970s, hackers and cyber thieves found out how wired technologies operate and how they might be abused to obtain a competitive edge or misuse the technology.

Correct Answer : Option (C) :   Pharming

---

Explanation : Pharming is a strategy and approach used by cybercriminals to create phony web pages and sites in order to mislead users into giving over personal information such as login IDs and passwords.

Correct Answer : Option (B) :   Credit card details leak in the deep web

---

Explanation : Peer-to-Peer includes phishing, as well as the distribution of Trojans and worms to individuals. The leakage of a huge number of people’s credit card data on the deep web, on the other hand, is classified as a computer-as-weapon cyber-crime.

Correct Answer : Option (A) :   websites

---

Explanation : Enumeration by cyber-attackers is also feasible via websites since attackers target websites in order to obtain the victim’s or target user’s IP address.

Correct Answer : Option (D) :   Cyber Attack

---

Explanation : Extortion, identity theft, email hacking, digital surveillance, stealing hardware, mobile hacking, and physical security breaches are all examples of cyber assaults or activities.

Correct Answer : Option (D) :   Inserting malware loaded USB to a system

---

Explanation : If a suspicious gain access to server room or into any confidential area with a malicious pen-drive loaded with malware which will get triggered automatically once inserted to USB port of any employee’s PC; such attacks come under physical hacking, because that person in gaining unauthorized physical access to any room or organization first, then managed to get an employee’s PC also, all done physically – hence breaching physical security.

Correct Answer : Option (C) :   switching off the phone

---

Explanation : Switching off the phone in the fear of preserving the confidentiality of data is not a proper solution for data confidentiality. Fingerprint detection, face recognition, password-based authentication, two-step verifications are some of these.

Correct Answer : Option (D) :   All of the Above

---

Explanation : Antivirus is a kind of software program that helps to detect and remove viruses form the user's computer and provides a safe environment for users to work on. There are several kinds of antivirus software are available in the market, such as Kaspersky, Mcafee, Quick Heal, Norton etc., so the correct answer is D.

Correct Answer : Option (B) :   Black Hat hackers

---

Explanation : Black Hat hackers, often known as “crackers,” are a sort of cyber crime that gain illegal access to a user’s account or system in order to steal confidential data or introduce malware into the system for personal gain or to harm the company.

Correct Answer : Option (A) :   MIT

---

Explanation : The term “hacker” was coined at MIT (Massachusetts Institute of Technology) because individuals and highly competent professionals use computer languages to address various challenges. In this context, labels such as geeks and nerds have been coined.

Correct Answer : Option (C) :   Phishing attack

---

Explanation : Phishing is a type of cybercrime in which a person is digitally persuaded to disclose private information. Phishing comes in a variety of forms. Some of them employ malware and emails to divert users to various websites

Correct Answer : Option (B) :   Phishing

---

Explanation : Wireless attacks are malicious attacks done in wireless systems, networks or devices. Attacks on Wi-Fi network is one common example that general people know. Other such sub-types of wireless attacks are wireless authentication attack, Encryption cracking etc.

Correct Answer : Option (A) :   Keylogging

---

Explanation : Keylogging is the method or procedure of recording all the key strokes/keyboard button pressed by the user of that system.

Correct Answer : Option (D) :   Worm

---

Explanation : Stuxnet is a popular and powerful worm that came into existence in mid 2010, which was very powerful as it was accountable for the cause of huge damage to Iran’s Nuclear program. It mainly targets the PLCs (Programmable Logic Controllers) in a system.

Correct Answer : Option (A) :   Sendinc

---

Explanation : Sendinc is not a tool that compromises email data. It is used to protect business email accounts and provides a fast web-based solution for businesses to start delivering secure emails. The other three are email hacking tools.

Correct Answer : Option (C) :   botnets

---

Explanation : Botnets on infected mobile devices are waiting for orders from their owners. It starts a DDoS flood attack after receiving the owner’s instructions. As a result, calls are not connected or data is not sent.

Correct Answer : Option (B) :   WEP

---

Explanation : Wireless security is an important aspect of cyber-security. Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, and WPA3 are the most common kinds of wireless security. WEP is a famously insecure encryption protocol.

Correct Answer : Option (D) :   Steganography

---

Explanation :

Correct Answer : Option (D) :   All of the Above

---

Explanation : The stealing ideas or the invention of others and using them for their own profits can also be defined in several different ways, such as piracy, intellectual property rights, and plagiarism.

Correct Answer : Option (A) :   Cyber Ethics

---

Explanation : Cyber Ethics refers to exploring the appropriate, ethical behaviors related to online environments and digital media.

Correct Answer : Option (B) :   malicious hacker

---

Explanation : Malicious hackers can gain illegal access at OS level, application level or network level if the penetration testers or ethical hackers lack in testing and reporting the vulnerabilities in a system.

Correct Answer : Option (C) :   Social Engineering

---

Explanation : Using social engineering techniques, hackers try to exploit the victim’s mind to gain valuable information about that person such as his/her phone number, Date of Birth, pet name etc.

Correct Answer : Option (C) :   Pretexting

---

Explanation : In the pretexting technique of social engineering, the attacker pretends in need of legitimate information from the victim for confirming his/her identity.

Correct Answer : Option (D) :   Network-security protocols

---

Explanation : The methods and processes in securing network data from unauthorized content extraction are controlled by network-security protocols.

Correct Answer : Option (A) :   SMTP

---

Explanation : SMTP (Simple Mail Transfer Protocol) is a standard protocol to transmit electronic mail and is a widely used mail transmitting protocol.

Correct Answer : Option (A) :   POP3

---

Explanation : POP (Post Office Protocol) is a simple protocol which fetches the updated mail stored for you by the server. S/MIME (Secure/Multipurpose Internet Mail Extensions), SSMTP (Secure-Simple Mail Transfer Protocol), and PGP (Pretty Good Privacy) are examples of protocols and methods for secure mailing.

Correct Answer : Option (B) :   MAC (Message Authentication Code)

---

Explanation : For authenticating in SSL, a short message known as MAC (Message Authentication Code) is used for authenticating a message; where both the sender & the receiver need to implement the same key in order to start communicating.

Correct Answer : Option (C) :   Private Communication Technology

---

Explanation : Private Communication Technology (PCT) is similar to SSL except that the size of the message is smaller in the case of PCT. It supports different encryption algorithms like DES, RSA, Diffie-Hellman etc.

Correct Answer : Option (B) :   2

---

Explanation : For message encryption using PCT it requires two separate keys. Moreover, PCT has more options for data formats and security algorithms.

Correct Answer : Option (D) :   Data Transferring

---

Explanation : Session Initiation Protocol is used as real-time session maintaining and is used voice, video as well as messaging applications for controlling multimedia communication sessions.

Correct Answer : Option (A) :   Secure Real-time Transport Protocol

---

Explanation : Secure Real-time Transport Protocol is a real-time multimedia delivery protocol with encryption for message integrity and authentication. It is used mostly in entertainment systems and streaming media and sites.

Correct Answer : Option (D) :   Certificate Authority (CA)

---

Explanation : Digital Certificates are used for certifying the ownership of a public key and the entity who issue those certificates is the Certificate Authority.

Correct Answer : Option (C) :   Target of Evaluation

---

Explanation : Target of Evaluation is the term used when any IT infrastructure, system, network require evaluation for security reasons or for fixing any bugs after being tested by penetration testers.

Correct Answer : Option (B) :   Attack

---

Explanation : An “attack” or “cyber-attack” is an attempt taken by attackers to alter, delete, steal or expose any specific data by gaining unauthorized access.

Correct Answer : Option (B) :   Data masking

---

Explanation : Data masking is the method used for developing or creating a structurally similar version of data of any organization that is not authentic. These types of unauthentic data are purposefully created for protecting the actual data.

Correct Answer : Option (A) :   Trap doors

---

Explanation : Trap-doors are hidden entry points in any already hacked system that is set to bypass security measures.

Correct Answer : Option (D) :   Buffer overflow

---

Explanation : Buffer Overflow is a flaw that occurs in memory when excessive data is written which makes the buffer allocated to seize.

Correct Answer : Option (C) :   Doxing

---

Explanation : When an identity of internet user is discovered and published by following his/her details over the internet is called doxing.

Correct Answer : Option (A) :   Payload

---

Explanation : Payloads are parts of a virus that helps in performing malicious activities such as destroying information, blocking network traffic, compromising data, steal and spy for sensitive information.

Correct Answer : Option (D) :   Card Skimmer

---

Explanation : Card Skimmer is hardware that is installed and setup in ATMs secretly so that when any user will swipe or insert their card in the ATM, the skimmer will fetch all information from the magnetic strip.

Correct Answer : Option (B) :   interfaces

---

Explanation : Physical ports are connections that connect two systems for their interactions. LAN, PS2 and DVI are examples of physical ports.

Correct Answer : Option (C) :   Logical ports

---

Explanation : Logical ports are end-point to a logical connection. The numbers are pre-assigned by IANA (Internet Assigned Numbers Authority) which ranges from 0 – 65536.

Correct Answer : Option (D) :   0, 65536

---

Explanation : The numbers are pre-assigned by IANA (Internet Assigned Numbers Authority) which ranges from 0 – 65536. All the used protocols are assigned with a unique port number.

Correct Answer : Option (A) :   Hardware Firewall

---

Explanation : Hardware firewalls are those firewalls that need to be connected as additional hardware between the device through which the internet is coming to the system and the network used for connecting to the internet.

Correct Answer : Option (A) :   data packets

---

Explanation : Firewalls examines each data packets that are entering or leaving the internal network which ultimately prevents unauthorized access.

Correct Answer : Option (B) :   4

---

Explanation : There are four types of firewall based on their working and characteristics. These are Packet Filtering Firewalls, Circuit Level Gateway Firewalls, Application level Gateway Firewalls, and Stateful Multilayer Inspection Firewalls.

Correct Answer : Option (C) :   dropped

---

Explanation : In the packet filtering firewall, when the rules defined by the Access Control List is not meet by any data packet, the packet is dropped & logs are updated in the firewall.

Correct Answer : Option (D) :   Address, Protocols and Packet attributes

---

Explanation : Network administrators can create their own ACL rules based on Address, Protocols and Packet attributes. This is generally done where the specific customised type of data packets need to pass through firewall screening.

Correct Answer : Option (B) :   less costly

---

Explanation : Packet filtering firewalls are more advantageous because they are less costly and they use fewer resources and are used effectively in small networks.

Correct Answer : Option (A) :   Session layer

---

Explanation : In the session layer (which is the fifth layer) of the OSI model, circuit-level gateway firewalls are deployed for monitoring TCP sessions for 3-way handshakes.

Correct Answer : Option (D) :   They do not filter individual packets

---

Explanation : Circuit-level gateway firewalls don’t filter packets individually which gives the attacker a chance to take access in the network.

Correct Answer : Option (C) :   Application-level Gateway Firewalls

---

Explanation : Application level Gateway Firewalls are deployed in the application-layer of OSI model for protecting the network for different protocols of the application layer.

Correct Answer : Option (C) :   application layer protocol

---

Explanation : Some specific application layer protocols need protection from attacks which is done by the application level gateway firewall in the application layer of the OSI model.

Correct Answer : Option (B) :   Stateful Multilayer Inspection

---

Explanation : Stateful Multilayer Inspection firewalls are a combination of other three types of firewalls. These combinations are Packet filtering, circuit level and application-level gateway firewalls.

Correct Answer : Option (D) :   Scans for illicit data packets at the presentation layer

---

Explanation : Stateful Multilayer Inspection firewalls are designed to perform filtering packets in the network layer, check for legitimate sessions in the session layer as well as evaluate all packets at the application layer of OSI model. But it cannot scan for illicit data packets at the presentation layer.

Correct Answer : Option (A) :   complex internal architecture

---

Explanation : Stateful Multilayer Inspection firewalls are complex internally due to multiple characteristics of different firewalls incorporated together which makes it powerful and more secure.

Correct Answer : Option (C) :   third generation firewalls

---

Explanation : Application layer firewalls are also called third generation firewalls. They came into the picture in around 1995-1998. Application level gateway firewalls are helped in making the network performance smooth for logging traffic.

Correct Answer : Option (D) :   Cyber espionage

---

Explanation : Cyber espionage is a practice done by both ethical and non-ethical hackers to spy on others for gathering confidential information.

Correct Answer : Option (B) :   Drive-by Download

---

Explanation : An accidental yet dangerous action that takes place in the cyberspace which helps attackers place their malware into the victim’s system. This technique is called Drive-by Download.

Correct Answer : Option (D) :   Cyber-Replication

---

Explanation : The technique and approach through which cyber-crooks develop fake web pages and sites to trick people for gaining personal details such as login ID and password as well as personal information, is known as pharming.

Correct Answer : Option (A) :   Dumpster diving

---

Explanation : In the technology world, where information about a person seems everywhere; dumpster diving is the name of the technique where the attacker looks for information in dustbins and trashes. For example, after withdrawing money from ATM, the user usually throw the receipt in which the total amount and account details are mentioned. These type of information becomes helpful to a hacker, for which they use dumpster diving.

Correct Answer : Option (C) :   Piggybacking

---

Explanation : Piggybacking is the technique used for social engineering, as the attacker or unauthorized person/individual follows behind an authorized person/employee & gets into an authorized area to observe the system, gain confidential data or for a fraudulent purpose.

Correct Answer : Option (C) :   physical security

---

Explanation : When cyber-criminal gain access to an authorized area and steal pen drives and DVDs which contain sensitive information about an employee or about the organization, then it can be said that the physical security of the organization is weak.

Correct Answer : Option (D) :   Powersploit

---

Explanation : The Powersploit is an access maintaining tool used for Windows systems. This tool is used for gaining re-access to the victim’s system using PowerShell.

Correct Answer : Option (B) :   Tracks clearing

---

Explanation : Tracks clearing or covering tracks is the name of the phase where the hackers delete logs of their existence & other activity records they do during the hacking process. This step is actually an unethical one.

Correct Answer : Option (A) :   Tails

---

Explanation : If any user is looking for Linux based security solutions, Tails is one of the most popular Linux-based operating systems that provides anonymity and an incognito option for securing its user data.

Correct Answer : Option (A) :   Ubuntu

---

Explanation : Qubes OS, Tails OS, and Tin Hat are amongst the most secured Linux Operating Systems (OS) that provide fast and secure Linux experience along with maintaining anonymity for the users.

Correct Answer : Option (C) :   Tails

---

Explanation : If any user is looking for Linux based security solutions, Tails is one of the most popular Linux-based operating systems that provide anonymity and incognito option for securing its user data.

Correct Answer : Option (D) :   Mandatory Access Control

---

Explanation : Mandatory Access Control is a technique that provides separation of a computer with its OS into several small discrete sections so that the user of a system can only utilize those pieces of a system for which they’ve been given permission to.

Correct Answer : Option (B) :   Role-Based Access Control

---

Explanation : RBAC which is abbreviated as Role-Based Access Control defines a set of functions for users in a Linux system and is often built on top of DTE systems. Here users can log for certain roles and run particular programs that are apposite for the role.

Correct Answer : Option (D) :   Buffer-overflow

---

Explanation : In a buffer-overflow attack, the extra data that holds some specific instructions in the memory for actions is projected by a cyber-criminal or penetration tester to crack the system.

Correct Answer : Option (D) :   boundary checks

---

Explanation : Buffer-overflow may remain as a bug in apps if boundary checks are not done fully by developers or are skipped by the QA (Quality Assurance) testers of the software development team.

Correct Answer : Option (A) :   C, C++

---

Explanation : Applications developed by programming languages like C and C++ have this common buffer-overflow error. The strcat(), strcpy(), sprintf(), gets() etc when called in C and C++ can be exploited because these functions don’t check whether the stack is large enough for storing the data.

Correct Answer : Option (C) :   Stack-based

---

Explanation : In the case of stack-based buffer overflows, which is very common among the two types of buffer-overflow; it exploits applications by flooding the stack: memory-space where users externally input the data.

Correct Answer : Option (B) :   statically

---

Explanation : In application that uses heap, memory utilized by the application is allocated at the beginning of the function call and the memory get released at the end of a program. Accessing of values in the stack is very fast.

Correct Answer : Option (C) :   websites

---

Explanation : Enumeration by cyber-attackers is possible through websites also, as the attackers target websites for fetching the IP address of the victim or the target user.

Correct Answer : Option (D) :   Perl and JavaScript

---

Explanation : Various scripting languages are used by attackers, such as Perl and JavaScript, that are programmed to fetch not only the IP address from the site but also other user’s personal information.

Correct Answer : Option (A) :   Private chats

---

Explanation : Enumeration is an information gaining technique used in ethical hacking to achieve data regarding victim’s IP table, SNMP data, lists of username and passwords of different systems etc but not private chats.

Correct Answer : Option (A) :   NTP

---

Explanation : NTP Suite is employed for NTP enumeration. This is significant for a network environment; where anyone can discover other primary servers which assist the hosts to update their time, and the entire process can be done without authenticating.

Correct Answer : Option (B) :   Linux systems

---

Explanation : ‘enum4linux’ is implemented for enumerating the Linux systems. Using this, the attacker can examine and establish the usernames that are present in a target host.

Correct Answer : Option (C) :   ‘show original’ option

---

Explanation : It is possible to know the IP address of the sender of your email by opening the email and going to the ‘more’ button and then selecting the ‘show original’ option. In this way, one can find the IP address and do enumeration.

Correct Answer : Option (D) :   network enumerator

---

Explanation : A network enumerator is a computer program implemented for recovering usernames & info on groups, shares as well as services of networked computers. These type of programs are used for network enumeration in order to detect hosts or devices on a particular network.

Correct Answer : Option (C) :   OS fingerprinting

---

Explanation : OS fingerprinting is an ethical hacking technique used for determining what operating system (OS) is running on a remote computer.

Correct Answer : Option (A) :   Active fingerprinting

---

Explanation : Active fingerprinting is gained if you send especially skilled packets to a target machine and then listing down its replies and analyzing the information gathered for determining the target OS.

Correct Answer : Option (B) :   Get the admin password

---

Explanation : DNSenum is a popular Perl script that can fetch information such as – fetching host address, perform a reverse lookup, get additional name and sub-domain through Google scraping etc.

Correct Answer : Option (B) :   Exploits

---

Explanation : Exploits are the piece of programs or scripts that allow hackers to take control over any system. Vulnerability scanners such as Nexpose and Nessus are used for finding such vulnerabilities.

Correct Answer : Option (D) :   Bing Vulnerability database (BVD)

---

Explanation : Exploit-db (https://www.exploit-db.com/), Common Vulnerabilities and Exposures (CVE) (https://cve.mitre.org/), and National Vulnerability Database (NVD) (https://nvd.nist.gov/) are three vulnerability listing site.

Correct Answer : Option (C) :   installing security patches

---

Explanation : Known bugs and vulnerabilities of a system can be solved or installing or updating the security patches developed by the vendor or owner of that particular application.

Correct Answer : Option (A) :   U.S. government

---

Explanation : National Vulnerability Database (NVD) is the US government repository of data regarding vulnerability standards. It is available from the link https://nvd.nist.gov.

Correct Answer : Option (B) :   Clickjacking

---

Explanation : Clickjacking is a malicious method used by cyber-criminals to trick a user into clicking on something else which is illicit from what the user wants. The single click usually redirects the employee to a strange site from where infected files get downloaded into the system of the employee.

Correct Answer : Option (A) :   Cloud scan

---

Explanation : Among the following-given options, the Cloud Scan is one, and only that is not a type of scanning.

Correct Answer : Option (B) :   Cracking passwords

---

Explanation : While trying to hack a system, the most important thing is cracking the passwords.

Correct Answer : Option (D) :   information

---

Explanation : Through clickjacking, the employee’s system may get compromised by an infected program, trojans or spyware which got downloaded in the background automatically as the user fell into the trick of an attacker

Correct Answer : Option (C) :   Physical authorization

---

Explanation : There are 3 main aspects that need to keep in mind when putting together new employees or users into an application. These are: Representing users in the database, Access control, and Employee’s authentication.

Correct Answer : Option (C) :   infected sites

---

Explanation : It is very important to block unknown, strange and infected sites within the corporate network, by the network administrator so that any employee may not accidentally access those sites or open infected sites by means of clickjacking or URL-redirection techniques.

Correct Answer : Option (A) :   pen drive

---

Explanation : Use of pen drive to bring your work from home tasks to office systems may bring worms and virus along with it (if your home system is infected with any malware or infected programs) and may cause harm to your office systems.

Correct Answer : Option (B) :   Creeper

---

Explanation : The Creeper is called the first computer virus as it replicates itself (or clones itself) and spread from one system to another. It is created by Bob Thomas at BBN in early 1971 as an experimental computer program.

Correct Answer : Option (D) :   Firewall

---

Explanation : It is essential to always keep the firewall on in our computer system. It saves the computer system against hackers, viruses, and installing software form unknown sources. We can also consider it the first line of defense of the computer system.

Correct Answer : Option (D) :   All of the Above

---

Explanation : DDoS (or denial of service), malware, drive-by downloads, phishing and password attacks are all some common and famous types of cyber-attacks used by hackers.

Correct Answer : Option (C) :   Malware

---

Explanation : Malware is a kind of short program used by the hacker to gain access to sensitive data/ information. It is used to denote many kinds of viruses, worms, Trojans, and several other harmful programs. Sometimes malware is also known as malicious software.

Correct Answer : Option (A) :   Transmission Control Protocol/ internet protocol

---

Explanation : The term "TCP/IP" stood for Transmission Control Protocol/Internet Protocol and was developed by the US Government in the early days of the internet.

Correct Answer : Option (B) :   Performance

---

Explanation : On the basis of response time and transit time, the performance of a network is measured.

Correct Answer : Option (A) :   Security

---

Explanation : Encryption techniques are usually used to improve the security of the network.

Correct Answer : Option (C) :   It is a device installed at the boundary of an incorporate to protect it against the unauthorized access.

---

Explanation : A firewall can be the type of either a software or the hardware device that filters each and every data packet coming from the network, internet. It can also be considered as a device installed at the boundary of an incorporate to protect form unauthorized access. Sometimes firewall also refers to the first line of defense against viruses, unauthorized access, malicious software etc.

Correct Answer : Option (D) :   1970

---

Explanation : In 1970, the world's first computer virus was created by Robert (Bob) Thomas. This virus was designed as it creates copies of itself or clones itself and spreads one computer to another. So the correct answer will be 1970.

Correct Answer : Option (D) :   Reaper

---

Explanation : Reaper is considered as the world's first antivirus program or software as it can detect the copies of a Creeper (the world's first man-made computer virus) and could delete it as well.

Correct Answer : Option (D) :   Economy of the Mechanism

---

Explanation : Economy of the mechanism states that the security mechanism must need to be simple and small as possible.

Correct Answer : Option (B) :   Browser Hijacker

---

Explanation : Browser hijacking is a technique that takes over your system’s browser settings and the attack will redirect the websites you visit some other websites of its preference.

Correct Answer : Option (C) :   Ransomware

---

Explanation : Ransomware has become a popular attack since last few years, and the attacker target board members, high-ranked officials and managing committee members of an organization; where the ransomware compromise the system by encrypting all files and ask for some ransom in order to unlock or decrypt all files.

Correct Answer : Option (A) :   Keeping backup of

---

Explanation : Keeping a secured backup of the important and precious file is a solution to prevent your files from ransomware. The backup should have to be made in some secured cloud storage of any other location (server) in an encrypted form.

Correct Answer : Option (C) :   product licensing

---

Explanation : Product licensing is the technique to obtain permission from a firm or organization for using, manufacturing & selling one or more products within a definite market area. This is done by the company for security reasons and usually takes a royal fee/amount from its users.

Correct Answer : Option (B) :   employee access

---

Explanation : It is important to limit employee access to all data and information as well as limit the authority for installing software. Otherwise, any employee with illicit intention may install programs that are either pirated version or may cause damage to the internal corporate network.

Correct Answer : Option (D) :   strangers, keyloggers

---

Explanation : One must isolate payment systems and payment processes from those computers that you think are used by strangers or may contain keyloggers. Otherwise, your card details and PIN may get compromised.

Correct Answer : Option (B) :   Fail-safe Defaults

---

Explanation : The fail-safe Defaults principle of cyber security restricts how privileges are initiated whenever a subject or object is created. In cases where the privileges, rights, access or some other security-related attribute is not granted explicitly, it should also not granted access to the object.

Correct Answer : Option (A) :   Least privileges

---

Explanation : The example given in the above question refers to the least privileges principle of cyber security. The least privileges principle of cyber security states that no rights, access to the system should be given to any of the employees of the organization unless he/she needs those particular rights, access in order to complete the given task. In short, we can say that its primary work is to restrict or control the assignment of rights to the employees.

Correct Answer : Option (D) :   Both A and B

---

Explanation : The Open Design is a kind of open design artifact whose documentation is publically available, which means anyone can use it, study, modify, distribute, and make the prototypes. However, the CSS (or Content Scrambling System) and DVD Player are both examples of open design.

Correct Answer : Option (B) :   Compromise recording

---

Explanation : The principle called compromise factor states that in some cases, it is more beneficial to records or document the details of the intrusion that to adopt more efficient measures to avoid it.

Correct Answer : Option (C) :   Complete Mediation

---

Explanation : The complete mediation principle of cybersecurity requires that all the access must be checked to ensure that they are genuinely allowed. However, the example given in the above question can be considered as an example of Complete Mediation.

Correct Answer : Option (A) :   Caesar Cipher

---

Explanation : Caesar Cipher is the simplest type of substitution cipher with a mono-alphabetic encryption code wherein each letter of plain-text is replaced by another letter in creating the cipher-text.

Correct Answer : Option (B) :   Shift Cipher

---

Explanation : Shift Cipher is the concept that tells us about the replacement of every alphabet by another alphabet and the entire series gets ‘shifted’ by some fixed quantity (which is the key) between 0 and 25.

Correct Answer : Option (D) :   Monoalphabetic Cipher

---

Explanation : Monoalphabetic cipher is a cipher formed out of substitution where for a given key-value the cipher alphabet for every plain text remains fixed all through the encryption procedure.

Correct Answer : Option (C) :   Phishing is one of the most commonly used methods that are used by hackers to gain access to the network

---

Explanation : In terms of Email Security, phishing is one of the standard methods that are used by Hackers to gain access to a network. The Email Security Tools can handle several types of attacks, such as the incoming attacks, and protect the outbound messages containing sensitive data/information as well.

Correct Answer : Option (D) :   All of the Above

---

Explanation : The term VPN stands for Virtual Private Network. It is a type of network security-enhancing tool that can be either a software program or a hardware device. It usually authenticates the communication between a device and a network by creating a secure encrypted virtual "tunnel". In general, the software VPNs are considered as the most cost-effective, user friendly over the hardware VPNs.

Correct Answer : Option (A) :   Plain text

---

Explanation : The cipher algorithm is used to create an encrypted message by taking the input as understandable text or "plain text" and obtains unreadable or "cipher text" as output. It is usually used to protect the information while transferring one place to another place.

Correct Answer : Option (B) :   Challenge Handshake Authentication Protocols

---

Explanation : The term "CHAP" stands for the Challenge Handshake Authentication Protocols. In computer networks, it can be defined as an authentication scheme that avoids the transfer of unencrypted passwords over the network. The "CHAP" is one of the many authentication schemes used by the Point To Point Protocol (PPP), which is a serial transmission protocol for Wide Networks Connections (WAN).

Correct Answer : Option (A) :   RATs

---

Explanation : The RAT is an abbreviation of Remote Access Trojans or Remote Administration Tools, which gives the total control of a Device, which means it, can control anything or do anything in the target device remotely. It allows the attacker administrative control just as if they have physical access to your device.

Correct Answer : Option (C) :   Trojans perform tasks for which they are designed or programmed

---

Explanation : Trojans are a type of malware that will perform any types of actions for those they are design or programmed. Another important thing about Trojans is that the user may not know that the malware enters their system until the Trojan starts doing its job for which they are programmed.

Correct Answer : Option (D) :   Security through obscurity

---

Explanation : The "Security through obscurity" is an approach which just opposite to the Open Design principle.

Correct Answer : Option (B) :   80

---

Explanation : The default port number used by the apache and several other web servers is 80.

Correct Answer : Option (C) :   URL

---

Explanation : DNS stands for the Domain name system; the main work of a DNS is to translate the Domain name into an IP address that is understandable to the computers.

Correct Answer : Option (D) :   Administrative

---

Explanation : If a user uses the Root account of the UNIX operating system, he can carry out all types of administrative functions because it provides all necessary privileges and rights to a user.

Correct Answer : Option (A) :   Kevin Poulsen

---

Explanation : The SIPRNET (or Advanced Research Project Agency Network) system was first hacked by Kevin Poulsen as he breaks into the Pentagon network.

Correct Answer : Option (B) :   Phreaking

---

Explanation : Phreaking is considered as one of the oldest phone hacking techniques used by hackers to make free calls.

Correct Answer : Option (A) :   DEFCON

---

Explanation : DEFCON is one of the most popular and largest Hacker's as well as the security consultant's conference. It is always held once a year in Las Vegas, Nevada, where hackers of all types (such as black hats, gray hats, and white hat hackers), government agents as well as security professionals from around the world attend the conference attends this meeting.

Correct Answer : Option (C) :   Using network vulnerabilities

---

Explanation : Websites get hosted on web servers. Web servers are actually computers running that makes us available & accessible files (web pages) through the internet. Various ways that can help compromise a web server are a misconfiguration of network or OS, bugs in web server’s OS etc.

Correct Answer : Option (D) :   IP address spoofing

---

Explanation : Various ways which can help a hacker deface the web server. These are by fetching credentials through MiTM, brute-forcing administrator password, DNS attack through cache poisoning, FTP server intrusion and many more.

Correct Answer : Option (C) :   Internet Information Services

---

Explanation : Web servers are actually computers running that makes us available & accessible files (web pages) through the internet. The most widely used web server platform is the IIS (Internet Information Services).

Correct Answer : Option (A) :   ASP Trojan

---

Explanation : ASP Trojan is a tiny script that if uploaded to a web server can give hacker complete control of remote PC. ASP Trojan can be easily attached to Web Applications creating a backdoor in web server hacking.

Correct Answer : Option (B) :   Password Guessing

---

Explanation : The web servers are actually computers running that makes us available & accessible files (web pages) through the internet. Different web server attack types are through DOS attack, website defacement using SQLi and directory traversal.

Correct Answer : Option (A) :   Use low-speed internet

---

Explanation : To protect against web server hacking, one need to patch updates regularly, not to use default configurations, use IDS and firewalls with signature updates.

Correct Answer : Option (D) :   Wireless security

---

Explanation : Wireless security is the anticipation of unauthorized access or breaks to computers or data by means of wireless networks. The most widespread types of wireless securities are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 and recently released WPA3.

Correct Answer : Option (D) :   WPA3

---

Explanation : The most extensive types of wireless securities are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 and WPA3. WPA3 is the strongest and recently released.

Correct Answer : Option (C) :   WEP

---

Explanation : The most widespread types of wireless securities are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 and WPA3. WEP is an old IEEE 802.11 standard from the year 1999.

Correct Answer : Option (B) :   Base Transceiver Station

---

Explanation : Base Transceiver Station (BTS) which is also known as a base station (BS) or radio base station (RBS) is alike as that of Access Point (AP) from 802.11, & the mobile operators use it for offering signal coverage.

Correct Answer : Option (A) :   Base Transceiver Station

---

Explanation : Base Transceiver Station is a section of equipment which facilitates wireless communication from 802.11 & the mobile operators use it for offering signal coverage. Examples are GSM, 3G, 4G etc.

Correct Answer : Option (B) :   Wireless Traffic Sniffing

---

Explanation : Wireless Traffic Sniffing is a process of analyzing wireless traffic that may be helpful for forensic investigations or during troubleshooting any wireless issue.

Correct Answer : Option (D) :   Basic Input Output System

---

Explanation : BIOS (Basic Input Output System) passwords are next level of security. BIOS is an essential part of your system & comes with it as you bring the computer home where the password gets stored in CMOS which keeps on running even after the PC gets shut down.

Correct Answer : Option (C) :   unwanted

---

Explanation : Find out, select & uninstall all unwanted programs from your computer to maintain security. At times, there are some programs that get installed with useful applications as separate programs or as complementary programs. If you’re not using those programs or don’t know about their usage and from where they came, it can be a malware also.

Correct Answer : Option (C) :   Windows Firewall

---

Explanation : The Windows Firewall is a security app by Microsoft which is a built-in one into Windows OS that is designed to filter network data from your Windows system & block harmful communications or the programs which are initiating them.

Correct Answer : Option (A) :   vulnerable to

---

Explanation : Mobile phone operating systems contain open APIs that or may be vulnerable to different attacks. OS has a number of connectivity mechanisms through which attackers can spread malware.

Correct Answer : Option (B) :   Windows Defender

---

Explanation : Windows Defender is an anti-malware tool found in newer OS which is designed for protecting computers from viruses, spyware & other malware. It comes built-in with Windows 8 & Windows 10.

Correct Answer : Option (A) :   BitLocker

---

Explanation : BitLocker is an application which now comes as built-in Windows OS and it allows Windows users to encrypt all drives for |security purpose. It checks for TPM status whether activated or not.

Correct Answer : Option (D) :   Mobile security

---

Explanation : Mobile security is the protection of smart-phones, phablets, tablets, and other portable tech-devices, & the networks to which they connect to, from threats & bugs.

Correct Answer : Option (C) :   Reverse engineering

---

Explanation : Reverse engineering is not an issue of PDA (Personal Digital Assistant). Password theft, data theft, wireless vulnerability exploitation, data corruption using virus are some of them.

Correct Answer : Option (C) :   BBProxy

---

Explanation : BBProxy (installed on blackberry phones) is the name of the tool used to conduct blackjacking. What attackers do is they install BBProxy on user’s blackberry and once the tool is activated it opens a covert channel between the hacker and the compromised host.