Explanation:SNMP stands for Simple Network Management Protocol, used for managing devices on IP networks.
Incorrect! Try again.
7In SNMP, what is the 'MIB'?
A.Management Information Base
B.Master IP Block
C.Main Interface Bridge
D.Malware Infection Block
Correct Answer: Management Information Base
Explanation:MIB stands for Management Information Base, a hierarchical database used to manage entities in a communications network.
Incorrect! Try again.
8What are the two default community strings often used in SNMP?
A.admin and user
B.root and guest
C.public and private
D.default and secure
Correct Answer: public and private
Explanation:'public' is typically read-only, and 'private' is typically read-write. These defaults are often left unchanged, posing a security risk.
Incorrect! Try again.
9Which protocol is targeted during Directory Service Enumeration to query Active Directory?
A.HTTP
B.FTP
C.LDAP
D.SSH
Correct Answer: LDAP
Explanation:The Lightweight Directory Access Protocol (LDAP) is used to access and maintain distributed directory information services like Active Directory.
Incorrect! Try again.
10What is the default TCP port for LDAP?
A.25
B.53
C.389
D.3389
Correct Answer: 389
Explanation:LDAP uses TCP port 389 by default for unencrypted communications.
Incorrect! Try again.
11Which SMTP command is used to verify if a user exists on the mail server?
A.HELO
B.VRFY
C.DATA
D.QUIT
Correct Answer: VRFY
Explanation:The VRFY (Verify) command is used to validate a user's email address on an SMTP server.
Incorrect! Try again.
12Which SMTP command expands a mailing list to show its members?
A.EXPN
B.RCPT
C.MAIL
D.RSET
Correct Answer: EXPN
Explanation:The EXPN (Expand) command asks the server to confirm if a mailing list exists and list its members.
Incorrect! Try again.
13What is the definition of System Hacking?
A.Scanning a network for live hosts
B.The process of gaining access, escalating privileges, and hiding files
C.Monitoring network traffic for anomalies
D.Developing security policies
Correct Answer: The process of gaining access, escalating privileges, and hiding files
Explanation:System hacking is the active phase of compromising a system, including cracking passwords, escalating privileges, and covering tracks.
Incorrect! Try again.
14Which password attack involves trying every possible combination of characters?
A.Dictionary Attack
B.Brute Force Attack
C.Social Engineering
D.Shoulder Surfing
Correct Answer: Brute Force Attack
Explanation:A brute force attack attempts every possible alphanumeric combination until the correct password is found.
Incorrect! Try again.
15What is a 'Rainbow Table' used for?
A.Visualizing network traffic
B.Looking up pre-computed password hashes
C.Encrypting email communications
D.Storing firewall rules
Correct Answer: Looking up pre-computed password hashes
Explanation:Rainbow tables are large databases of pre-computed hash chains used to reverse cryptographic hash functions, usually for cracking passwords.
Incorrect! Try again.
16Adding random bits of data to a password before hashing it to defeat Rainbow Tables is called:
A.Salting
B.Peppering
C.Spiceing
D.Masking
Correct Answer: Salting
Explanation:A salt is random data added to a password before hashing to ensure that the same password results in a different hash.
Incorrect! Try again.
17In Microsoft Windows, where are local user account passwords stored (in hashed form)?
A.In the Registry SAM file
B.In the kernel32.dll
C.In the boot.ini file
D.In the My Documents folder
Correct Answer: In the Registry SAM file
Explanation:Local password hashes are stored in the Security Account Manager (SAM) database in the Windows Registry.
Incorrect! Try again.
18What is the legacy authentication protocol used by older Windows systems, known for vulnerabilities?
A.Kerberos
B.NTLM
C.OAUTH
D.RADIUS
Correct Answer: NTLM
Explanation:NTLM (New Technology LAN Manager) is an older Microsoft authentication protocol that has been largely replaced by Kerberos due to security weaknesses.
Incorrect! Try again.
19What is the primary authentication protocol used in Active Directory environments?
A.Kerberos
B.SSL
C.WEP
D.CHAP
Correct Answer: Kerberos
Explanation:Kerberos is the default network authentication protocol used in Windows Active Directory domains.
Incorrect! Try again.
20What entity issues tickets in the Kerberos protocol?
A.The Client
B.The Key Distribution Center (KDC)
C.The File Server
D.The Gateway
Correct Answer: The Key Distribution Center (KDC)
Explanation:The KDC (usually the Domain Controller) is responsible for authenticating users and issuing Ticket Granting Tickets (TGTs).
Incorrect! Try again.
21What is 'Privilege Escalation'?
A.Downgrading user rights to Guest
B.Gaining higher-level access (e.g., Administrator) from a standard user account
C.Moving laterally to another computer with same rights
D.Resetting a password
Correct Answer: Gaining higher-level access (e.g., Administrator) from a standard user account
Explanation:Privilege escalation is the act of exploiting a bug or configuration oversight to gain elevated access to resources that are normally protected.
Incorrect! Try again.
22Which tool allows an attacker to execute processes on a remote system, often used in Windows environments?
A.PsExec
B.Notepad
C.Calc
D.Paint
Correct Answer: PsExec
Explanation:PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, often used by both admins and attackers.
Incorrect! Try again.
23Software designed to infiltrate or damage a computer system without the owner's informed consent is collectively known as:
A.Firmware
B.Shareware
C.Malware
D.Freeware
Correct Answer: Malware
Explanation:Malware is a contraction of 'malicious software'.
Incorrect! Try again.
24What distinguishes a Computer Virus from a Worm?
A.A virus requires a host program to replicate, while a worm is standalone
B.A virus encrypts data, a worm deletes it
C.A virus travels over networks, a worm stays local
D.There is no difference
Correct Answer: A virus requires a host program to replicate, while a worm is standalone
Explanation:A virus attaches itself to a host file/program to run. A worm is a standalone program that replicates itself to spread to other computers.
Incorrect! Try again.
25Which type of malware disguises itself as legitimate software to trick the user into installing it?
A.Trojan Horse
B.Worm
C.Virus
D.Logic Bomb
Correct Answer: Trojan Horse
Explanation:Named after the Greek myth, a Trojan Horse appears useful or desirable but carries a malicious payload.
Incorrect! Try again.
26What is the primary function of Ransomware?
A.To steal credit card numbers quietly
B.To encrypt user files and demand payment for the decryption key
C.To display advertisements
D.To turn the computer into a bot
Correct Answer: To encrypt user files and demand payment for the decryption key
Explanation:Ransomware restricts access to the computer system or encrypts data and demands a ransom to restore access.
Incorrect! Try again.
27Software that gathers information about a person or organization without their knowledge is called:
A.Spyware
B.Ransomware
C.Adware
D.Logic Bomb
Correct Answer: Spyware
Explanation:Spyware is designed to track browsing habits, keystrokes, or other data without the user's consent.
Incorrect! Try again.
28Malware that automatically delivers advertisements is known as:
A.Adware
B.Rootkit
C.Botnet
D.Virus
Correct Answer: Adware
Explanation:Adware (Advertising-supported software) automatically generates online advertisements on the user interface.
Incorrect! Try again.
29What is 'Scareware'?
A.Software that screams when opened
B.Malware that tricks users into buying unnecessary software by claiming their computer is infected
C.A virus that deletes system 32
D.A worm that spreads via email
Correct Answer: Malware that tricks users into buying unnecessary software by claiming their computer is infected
Explanation:Scareware uses social engineering to cause shock or anxiety (e.g., fake antivirus warnings) to manipulate users into buying unwanted software.
Incorrect! Try again.
30A type of malicious code that remains dormant until a specific event or date triggers it is called:
A.Logic Bomb
B.Spyware
C.Adware
D.Backdoor
Correct Answer: Logic Bomb
Explanation:A logic bomb is code inserted into software that executes a malicious function when specific criteria (like a date or employee termination) are met.
Incorrect! Try again.
31What is a 'Rootkit'?
A.A kit for rooting Android phones
B.Software designed to hide the existence of other malware and maintain privileged access
C.A password cracking tool
D.A database scanning tool
Correct Answer: Software designed to hide the existence of other malware and maintain privileged access
Explanation:Rootkits modify the operating system to hide processes, files, and network connections, making detection very difficult.
Incorrect! Try again.
32A 'Polymorphic Virus' is difficult to detect because:
A.It is written in Python
B.It changes its code or signature each time it infects a new file
C.It is invisible to the user
D.It only runs on Linux
Correct Answer: It changes its code or signature each time it infects a new file
Explanation:Polymorphic viruses encrypt their payload and use a different decryption routine for every infection to evade signature-based detection.
Incorrect! Try again.
33What is a 'Macro Virus'?
A.A virus that is very large in file size
B.A virus written in the macro language of applications like Microsoft Word or Excel
C.A virus that infects the boot sector
D.A virus that attacks Mac computers
Correct Answer: A virus written in the macro language of applications like Microsoft Word or Excel
Explanation:Macro viruses exploit the macro capabilities of office automation software to execute malicious code when a document is opened.
Incorrect! Try again.
34A network of compromised computers controlled by an attacker is called a:
A.Botnet
B.Intranet
C.Subnet
D.Darknet
Correct Answer: Botnet
Explanation:A Botnet (Robot Network) consists of 'zombie' computers infected with malware that are controlled remotely by a botmaster.
Incorrect! Try again.
35What is a 'Wrapper' or 'Binder' in the context of Trojans?
A.A tool used to combine a malicious executable with a legitimate file
B.A type of antivirus
C.A firewall rule
D.A method of encrypting emails
Correct Answer: A tool used to combine a malicious executable with a legitimate file
Explanation:Wrappers bind the Trojan server to a legitimate application (like a game or calculator) so the user installs the malware while thinking they are running the safe app.
Incorrect! Try again.
36Which of the following describes a 'Drive-by Download'?
A.Downloading files to a USB drive
B.Unintended download of malware by visiting a compromised website
C.Downloading drivers for a printer
D.Manually downloading a virus for research
Correct Answer: Unintended download of malware by visiting a compromised website
Explanation:Drive-by downloads occur when a user visits a malicious or compromised website that exploits browser vulnerabilities to install malware without user interaction.
Incorrect! Try again.
37Under U.S. law, which act is primarily used to prosecute computer hacking and malware distribution?
A.HIPAA
B.CFAA (Computer Fraud and Abuse Act)
C.SOX
D.GDPR
Correct Answer: CFAA (Computer Fraud and Abuse Act)
Explanation:The Computer Fraud and Abuse Act (CFAA) is the primary federal statute in the US prohibiting unauthorized access to computers.
Incorrect! Try again.
38In the context of malware and the law, what does 'Intent' typically determine?
A.The speed of the internet connection
B.The difference between accidental damage and criminal liability
C.The programming language used
D.The cost of the hardware
Correct Answer: The difference between accidental damage and criminal liability
Explanation:Criminal prosecution often relies on proving malicious intent; accidental damage is usually a civil matter.
Incorrect! Try again.
39What is an 'Overt Channel'?
A.A hidden communication path
B.A legitimate, authorized communication path for transferring data
C.A channel used only by spies
D.An encrypted VPN
Correct Answer: A legitimate, authorized communication path for transferring data
Explanation:Overt channels are the standard, intended paths for communication within a system (e.g., standard network traffic).
Incorrect! Try again.
40What is a 'Covert Channel'?
A.A TV channel for hackers
B.A mechanism used to transfer information in a way that violates the system's security policy
C.A standard FTP connection
D.A public chat room
Correct Answer: A mechanism used to transfer information in a way that violates the system's security policy
Explanation:Covert channels are hidden communication paths used to exfiltrate data or control malware, bypassing security monitors.
Incorrect! Try again.
41Hiding data within the headers of TCP/IP packets is an example of:
A.Overt Channel
B.Covert Storage Channel
C.Social Engineering
D.Phishing
Correct Answer: Covert Storage Channel
Explanation:A covert storage channel uses storage locations (like packet headers) to hide data that usually wouldn't be inspected for payload content.
Incorrect! Try again.
42Manipulating system resources to signal information (e.g., CPU usage patterns) is an example of:
A.Covert Timing Channel
B.Covert Storage Channel
C.Overt Channel
D.Multiplexing
Correct Answer: Covert Timing Channel
Explanation:Covert timing channels convey information by modulating the timing of events or resource usage.
Incorrect! Try again.
43Steganography is best described as:
A.Scrambling text so it is unreadable
B.Hiding the existence of a message within another medium (like an image)
C.Cracking passwords
D.Scanning ports
Correct Answer: Hiding the existence of a message within another medium (like an image)
Explanation:Steganography is the practice of concealing a message, image, or file within another file.
Incorrect! Try again.
44Which tool is commonly used to extract password hashes from Windows memory (LSASS)?
A.Mimikatz
B.Wireshark
C.Nmap
D.Ping
Correct Answer: Mimikatz
Explanation:Mimikatz is a post-exploitation tool that extracts plaintexts passwords, hash, PIN code, and kerberos tickets from memory.
Incorrect! Try again.
45What is a 'Zero-Day' exploit?
A.An exploit that takes zero days to fix
B.An attack that exploits a vulnerability unknown to the software vendor
C.An attack that occurs at midnight
D.A virus that lasts for zero days
Correct Answer: An attack that exploits a vulnerability unknown to the software vendor
Explanation:Zero-day refers to the fact that the developers have had zero days to fix the vulnerability because they were unaware of it before the attack.
Incorrect! Try again.
46What is the purpose of a 'Keylogger'?
A.To log into a website
B.To record every keystroke made by a user
C.To lock the keyboard
D.To generate encryption keys
Correct Answer: To record every keystroke made by a user
Explanation:Keyloggers capture keystrokes to steal sensitive information like passwords, credit card numbers, and emails.
Incorrect! Try again.
47Which Windows service is the 'Local Security Authority' responsible for validating users?
A.LSASS.EXE
B.SVCHOST.EXE
C.EXPLORER.EXE
D.WINLOGON.EXE
Correct Answer: LSASS.EXE
Explanation:Local Security Authority Subsystem Service (LSASS) is responsible for enforcing the security policy on the system and verifying users.
Incorrect! Try again.
48A malware that restricts access to the computer system until a fee is paid is specifically targeting which aspect of the CIA triad?
A.Confidentiality
B.Integrity
C.Availability
D.Non-repudiation
Correct Answer: Availability
Explanation:Ransomware denies the user access to their data, directly attacking the Availability of the system.
Incorrect! Try again.
49In Windows, what does the command net user do?
A.Displays network statistics
B.Adds, removes, or modifies user accounts
C.Connects to a shared folder
D.Starts a service
Correct Answer: Adds, removes, or modifies user accounts
Explanation:net user is a command-line tool used to manage user accounts on a Windows system.
Incorrect! Try again.
50Which of the following is an example of a Multipartite Virus?
A.A virus that attacks both the boot sector and executable files
B.A virus that has multiple parts
C.A virus that attacks multiple people
D.A virus that uses multiple encryption keys
Correct Answer: A virus that attacks both the boot sector and executable files
Explanation:Multipartite viruses are hybrid viruses that exhibit the characteristics of both boot sector viruses and file infectors.
Incorrect! Try again.
Give Feedback
Help us improve by sharing your thoughts or reporting issues.