1Which IEEE standard governs Wireless LAN (WLAN) technologies?
A.IEEE 802.3
B.IEEE 802.11
C.IEEE 802.15
D.IEEE 802.1X
Correct Answer: IEEE 802.11
Explanation:IEEE 802.11 is the set of standards that define communication for wireless local area networks (WLANs).
Incorrect! Try again.
2In the context of wireless security, what is an 'Evil Twin' attack?
A.A rogue access point that mimics a legitimate SSID to intercept traffic
B.A bluetooth attack that crashes the device
C.Two hackers working simultaneously on the same network
D.A virus that replicates itself on mobile devices
Correct Answer: A rogue access point that mimics a legitimate SSID to intercept traffic
Explanation:An Evil Twin is a rogue AP configured to look exactly like a legitimate hotspot to trick users into connecting to it.
Incorrect! Try again.
3Which wireless encryption protocol is considered the weakest and has been deprecated due to severe vulnerabilities?
A.WPA2
B.WPA3
C.WEP
D.WPA-Enterprise
Correct Answer: WEP
Explanation:Wired Equivalent Privacy (WEP) is an old security algorithm that is easily cracked and no longer considered secure.
Incorrect! Try again.
4What is the primary difference between Bluejacking and Bluesnarfing?
A.Bluejacking involves stealing data, while Bluesnarfing sends unsolicited messages
B.Bluejacking sends unsolicited messages, while Bluesnarfing involves stealing data
C.Bluejacking takes full control of the device, while Bluesnarfing only crashes it
D.There is no difference; they are synonyms
Correct Answer: Bluejacking sends unsolicited messages, while Bluesnarfing involves stealing data
Explanation:Bluejacking is relatively harmless spamming of messages, whereas Bluesnarfing is the unauthorized theft of information from a Bluetooth device.
Incorrect! Try again.
5Which Bluetooth attack allows an attacker to take full control of a target device to make calls or send texts?
A.Bluejacking
B.Bluesnarfing
C.Bluebugging
D.Bluestriking
Correct Answer: Bluebugging
Explanation:Bluebugging goes beyond data theft and allows the attacker to take control of the device's commands.
Incorrect! Try again.
6What is the primary function of a SIEM (Security Information and Event Management) system?
A.To act as a firewall for wireless networks
B.To aggregate and analyze log data from various sources to detect security incidents
C.To encrypt mobile device hard drives
D.To manage cloud subscriptions
Correct Answer: To aggregate and analyze log data from various sources to detect security incidents
Explanation:SIEM solutions collect log data, correlate events, and generate alerts for potential security threats.
Incorrect! Try again.
7In a Security Operations Center (SOC), what is the main responsibility of Tier 1 analysts?
A.Deep forensic analysis
B.Threat hunting
C.Triage and initial classification of security alerts
D.Managing the budget of the security team
Correct Answer: Triage and initial classification of security alerts
Explanation:Tier 1 analysts allow for the initial review of incoming alerts to determine if they are false positives or real incidents requiring escalation.
Incorrect! Try again.
8What core component does the Android operating system use as its foundation?
A.Windows NT Kernel
B.Linux Kernel
C.Darwin Kernel
D.Microkernel
Correct Answer: Linux Kernel
Explanation:Android is built on top of the Linux kernel, which handles low-level hardware interactions and memory management.
Incorrect! Try again.
9iOS utilizes a security mechanism that restricts apps from accessing data or processes of other apps. What is this called?
A.Rooting
B.Containerization
C.Sandboxing
D.Hypervising
Correct Answer: Sandboxing
Explanation:Sandboxing isolates apps so that if one is compromised, it cannot easily affect the system or other apps.
Incorrect! Try again.
10The process of removing software restrictions imposed by Apple on iOS devices is known as:
A.Rooting
B.Jailbreaking
C.Sideloading
D.Unlocking
Correct Answer: Jailbreaking
Explanation:Jailbreaking is the specific term for escalating privileges on iOS to bypass manufacturer restrictions.
Incorrect! Try again.
11On Android devices, gaining administrative (superuser) privileges is referred to as:
A.Rooting
B.Jailbreaking
C.Phishing
D.Bootloading
Correct Answer: Rooting
Explanation:Rooting is the process of attaining root access on Android subsystems.
Incorrect! Try again.
12Which mobile security model involves separating personal and corporate data on the same device?
A.BYOD (Bring Your Own Device)
B.Containerization
C.CYOD (Choose Your Own Device)
D.Direct Access
Correct Answer: Containerization
Explanation:Containerization creates a secure, isolated area on a device for business apps and data, keeping them separate from personal data.
Incorrect! Try again.
13What is 'Sideloading' in the context of mobile security?
A.Charging a device via a malicious USB port
B.Installing applications from sources other than the official app store
C.Turning the phone sideways to bypass facial recognition
D.Transferring data to the cloud
Correct Answer: Installing applications from sources other than the official app store
Explanation:Sideloading bypasses the vetting process of official stores (like Google Play), increasing the risk of installing malware.
Incorrect! Try again.
14Which solution allows IT administrators to remotely wipe, lock, and configure mobile devices across an enterprise?
A.MDM (Mobile Device Management)
B.VPN (Virtual Private Network)
C.WPA2
D.IDS (Intrusion Detection System)
Correct Answer: MDM (Mobile Device Management)
Explanation:MDM software provides centralized control over mobile devices used within an organization.
Incorrect! Try again.
15What is the 'Shared Responsibility Model' in cloud computing?
A.The cloud provider is responsible for everything
B.The customer is responsible for everything
C.Security obligations are divided between the cloud provider and the customer
D.Multiple cloud providers share the cost of security
Correct Answer: Security obligations are divided between the cloud provider and the customer
Explanation:The provider secures the infrastructure (cloud), while the customer secures the data and configurations (in the cloud).
Incorrect! Try again.
16Which Cloud Service Model provides the consumer with the capability to provision processing, storage, and networks (e.g., AWS EC2)?
A.SaaS (Software as a Service)
B.PaaS (Platform as a Service)
C.IaaS (Infrastructure as a Service)
D.DaaS (Desktop as a Service)
Correct Answer: IaaS (Infrastructure as a Service)
Explanation:IaaS offers fundamental computing resources where the consumer deploys and runs arbitrary software.
Incorrect! Try again.
17Which Cloud Service Model delivers applications over the internet (e.g., Gmail, Salesforce)?
A.SaaS (Software as a Service)
B.PaaS (Platform as a Service)
C.IaaS (Infrastructure as a Service)
D.FaaS (Function as a Service)
Correct Answer: SaaS (Software as a Service)
Explanation:SaaS provides fully functional applications managed by the vendor and accessed by users via a web browser or client.
Incorrect! Try again.
18Google App Engine and Microsoft Azure App Service are examples of which cloud model?
A.SaaS
B.PaaS
C.IaaS
D.Hybrid
Correct Answer: PaaS
Explanation:PaaS provides a platform allowing customers to develop, run, and manage applications without building the infrastructure.
Incorrect! Try again.
19Which cloud deployment model is exclusively used by a single organization?
A.Public Cloud
B.Private Cloud
C.Hybrid Cloud
D.Community Cloud
Correct Answer: Private Cloud
Explanation:A Private Cloud is dedicated to the needs of a single organization, offering more control and privacy.
Incorrect! Try again.
20What is a major security risk associated with Insecure APIs in cloud computing?
A.They consume too much electricity
B.They can expose sensitive data or allow unauthorized control if not properly authenticated
C.They slow down the internet connection
D.They prevent the use of firewalls
Correct Answer: They can expose sensitive data or allow unauthorized control if not properly authenticated
Explanation:APIs are the entry points to cloud services; if insecure, they serve as a gateway for attackers to access data or manipulate services.
Incorrect! Try again.
21In the context of Wireless security, what is 'War Driving'?
A.Driving a tank into a data center
B.Physically driving around to locate and map open or vulnerable wireless networks
C.Using a drone to jam signals
D.Overclocking a CPU to increase speed
Correct Answer: Physically driving around to locate and map open or vulnerable wireless networks
Explanation:War Driving involves moving through an area to detect Wi-Fi signals and identify vulnerable access points.
Incorrect! Try again.
22Which of the following is a countermeasure against Bluetooth attacks?
A.Keeping Bluetooth in 'Discoverable' mode at all times
B.Using a PIN of '0000'
C.Setting the device to 'Non-discoverable' or 'Hidden' mode when not pairing
D.Broadcasting the device name publicly
Correct Answer: Setting the device to 'Non-discoverable' or 'Hidden' mode when not pairing
Explanation:Making the device non-discoverable prevents attackers from easily finding and targeting the device via Bluetooth.
Incorrect! Try again.
23What is a 'Rogue Access Point'?
A.An unauthorized wireless access point installed on a secure network
B.A firewall rule that blocks traffic
C.A secure router provided by the ISP
D.A software update for Wi-Fi drivers
Correct Answer: An unauthorized wireless access point installed on a secure network
Explanation:Rogue APs are unauthorized devices attached to a network, often creating a backdoor for attackers.
Incorrect! Try again.
24What is the purpose of SSID broadcasting?
A.To encrypt the data traffic
B.To announce the presence and name of the wireless network to nearby devices
C.To block unauthorized users
D.To increase the speed of the internet
Correct Answer: To announce the presence and name of the wireless network to nearby devices
Explanation:The Service Set Identifier (SSID) is the network name broadcasted so devices can see and connect to it.
Incorrect! Try again.
25Which mobile threat involves an attacker intercepting communication between the user and a server?
A.Man-in-the-Middle (MitM) attack
B.Screen locking
C.Data resting
D.Geofencing
Correct Answer: Man-in-the-Middle (MitM) attack
Explanation:In MitM attacks, the attacker secretly relays and possibly alters the communication between two parties who believe they are communicating directly.
Incorrect! Try again.
26What is 'Shadow IT' in the context of Cloud Security?
A.Dark mode interfaces in cloud apps
B.The use of IT systems and cloud services without explicit approval from the IT department
C.A hacking group targeting clouds
D.Backup data stored in a dark room
Correct Answer: The use of IT systems and cloud services without explicit approval from the IT department
Explanation:Shadow IT creates security blind spots because the IT security team cannot protect or monitor services they don't know exist.
Incorrect! Try again.
27Which cloud attack involves an attacker exploiting the shared resources in a virtualized environment to access data from another tenant?
A.Guest-Escape / Hypervisor Jumping
B.Phishing
C.SQL Injection
D.DDoS
Correct Answer: Guest-Escape / Hypervisor Jumping
Explanation:This attack involves breaking out of a virtual machine (VM) to interact with the hypervisor or other VMs on the same physical host.
Incorrect! Try again.
28What is a CASB (Cloud Access Security Broker)?
A.A physical lock for server rooms
B.Software that sits between cloud service users and cloud applications to enforce security policies
C.A type of cloud malware
D.A government agency regulating clouds
Correct Answer: Software that sits between cloud service users and cloud applications to enforce security policies
Explanation:CASBs provide visibility, compliance, data security, and threat protection for cloud services.
Incorrect! Try again.
29Why is 'Multitenancy' a security concern in the cloud?
A.It increases the cost of storage
B.Multiple customers share the same physical resources, creating a risk of data leakage if isolation fails
C.It requires more electricity
D.It makes the internet slower
Correct Answer: Multiple customers share the same physical resources, creating a risk of data leakage if isolation fails
Explanation:In multitenancy, a failure in logical separation could allow one tenant to view another tenant's data.
Incorrect! Try again.
30Which of the following is a critical step when testing security in the cloud (Penetration Testing)?
A.Launching an attack without warning
B.Obtaining permission from the Cloud Service Provider (CSP) before testing
C.Ignoring the Service Level Agreement
D.Testing only on weekends
Correct Answer: Obtaining permission from the Cloud Service Provider (CSP) before testing
Explanation:Testing without permission violates terms of service and the provider may interpret the test as a real attack and block it.
Incorrect! Try again.
31What does WPA3 use to replace the WPA2 Pre-Shared Key exchange, making it resistant to offline dictionary attacks?
A.WEP
B.Simultaneous Authentication of Equals (SAE)
C.TKIP
D.Plaintext
Correct Answer: Simultaneous Authentication of Equals (SAE)
Explanation:SAE is the handshake protocol in WPA3 that prevents attackers from determining the password through offline dictionary attacks.
Incorrect! Try again.
32What is a 'Botnet' often used for in cloud attacks?
A.Mining cryptocurrency legally
B.Perform Distributed Denial of Service (DDoS) attacks
C.Backing up data
D.Indexing web pages
Correct Answer: Perform Distributed Denial of Service (DDoS) attacks
Explanation:Botnets are networks of compromised devices used to flood a target with traffic, causing a DDoS.
Incorrect! Try again.
33What allows Android users to verify what capabilities an application is requesting (e.g., access to camera, contacts)?
A.App Permissions
B.Kernel Panic
C.Root Access
D.The instruction manual
Correct Answer: App Permissions
Explanation:The permission model requires apps to ask the user for consent before accessing sensitive hardware or data.
Explanation:WPA introduced TKIP to address the vulnerabilities of WEP, though it was later replaced by CCMP/AES in WPA2.
Incorrect! Try again.
35What is 'Geo-tagging' and why is it a mobile security risk?
A.Playing games based on location; it wastes battery
B.Embedding location data in photos/posts; it reveals the user's physical location to stalkers
C.Tagging friends in photos; it is a privacy violation
D.Using GPS for maps; it uses data
Correct Answer: Embedding location data in photos/posts; it reveals the user's physical location to stalkers
Explanation:Geo-tags add metadata to files that can reveal exactly where a photo was taken, compromising physical safety.
Incorrect! Try again.
36In the context of SOC, what does 'Correlation' mean?
A.Connecting the power cables
B.Linking different events from log files to identify a complex attack pattern
C.Communicating with the HR department
D.Backing up files to two locations
Correct Answer: Linking different events from log files to identify a complex attack pattern
Explanation:Correlation engines in SIEMs look for relationships between seemingly unrelated events to detect sophisticated threats.
Incorrect! Try again.
37Which of the following is a physical security threat to mobile devices?
A.Malware
B.Phishing
C.Theft or Loss
D.SQL Injection
Correct Answer: Theft or Loss
Explanation:Because mobile devices are portable, they are easily lost or stolen, giving attackers physical access to the device.
Incorrect! Try again.
38What is 'Cryptojacking' in a cloud environment?
A.Stealing credit card numbers
B.Unauthorized use of cloud computing resources to mine cryptocurrency
C.Encrypting data for ransom
D.Hacking into a bank
Correct Answer: Unauthorized use of cloud computing resources to mine cryptocurrency
Explanation:Attackers hijack the processing power of cloud instances to mine crypto, driving up costs for the victim.
Incorrect! Try again.
39The NIST definition of Cloud Computing includes 'Rapid Elasticity'. What does this mean?
A.The cloud is made of rubber
B.Capabilities can be elastically provisioned and released to scale rapidly outward and inward
C.The internet speed is constant
D.Data is stored on flexible disks
Correct Answer: Capabilities can be elastically provisioned and released to scale rapidly outward and inward
Explanation:Rapid Elasticity allows systems to automatically scale resources up or down based on demand.
Incorrect! Try again.
40Which attack vector involves a malicious insider abusing their authorized access to cloud data?
A.Insider Threat
B.Outsider Threat
C.DDoS
D.War Driving
Correct Answer: Insider Threat
Explanation:Insider threats involve employees or contractors using their legitimate privileges to steal data or cause harm.
Incorrect! Try again.
41What is the primary function of a Virtual Private Network (VPN) on a mobile device connecting to public Wi-Fi?
A.To boost signal strength
B.To create an encrypted tunnel for data, protecting it from interception
C.To bypass battery limits
D.To download apps faster
Correct Answer: To create an encrypted tunnel for data, protecting it from interception
Explanation:A VPN encrypts internet traffic, making it unreadable to anyone sniffing the public Wi-Fi network.
Incorrect! Try again.
42Which Bluetooth class has the longest range (approximately 100 meters)?
A.Class 1
B.Class 2
C.Class 3
D.Class 4
Correct Answer: Class 1
Explanation:Class 1 Bluetooth devices have higher power output (100mW) and a range of up to 100 meters.
Incorrect! Try again.
43What is 'MAM' in mobile security?
A.Mobile Application Management
B.Mobile Access Monitoring
C.Main Access Module
D.Man-Against-Machine
Correct Answer: Mobile Application Management
Explanation:MAM focuses on securing specific corporate applications on a device, rather than controlling the entire device like MDM.
Incorrect! Try again.
44Which file format is used for installing software on the Android operating system?
A..EXE
B..DMG
C..APK
D..IPA
Correct Answer: .APK
Explanation:Android Package Kit (APK) is the package file format used by the Android OS for distribution and installation of mobile apps.
Incorrect! Try again.
45In cloud security, what does 'Data Sovereignty' refer to?
A.The king of data
B.The concept that data is subject to the laws of the country in which it is physically stored
C.The encryption level of data
D.The speed of data transfer
Correct Answer: The concept that data is subject to the laws of the country in which it is physically stored
Explanation:Data stored in the cloud resides on physical servers; local laws (like GDPR in Europe) apply to that data depending on the server location.
Incorrect! Try again.
46What is a 'Hybrid Cloud'?
A.A cloud that runs on gas and electricity
B.A composition of two or more clouds (private, community, or public) that remain unique entities but are bound together
C.A cloud that only stores images
D.A cloud maintained by a single person
Correct Answer: A composition of two or more clouds (private, community, or public) that remain unique entities but are bound together
Explanation:Hybrid clouds combine public and private infrastructure, allowing data and applications to be shared between them.
Incorrect! Try again.
47Which wireless attack involves capturing handshake packets and attempting to crack the password offline?
A.WPA Cracking / Dictionary Attack
B.Signal Jamming
C.Beacon Flooding
D.MAC Filtering
Correct Answer: WPA Cracking / Dictionary Attack
Explanation:Attackers capture the 4-way handshake and use wordlists to guess the Pre-Shared Key.
Incorrect! Try again.
48What is 'MAC Address Filtering'?
A.Filtering out Mac computers
B.Allowing or denying network access based on the hardware address of the network card
C.Cleaning the router
D.Blocking websites
Correct Answer: Allowing or denying network access based on the hardware address of the network card
Explanation:MAC filtering creates an allow/deny list based on the unique Media Access Control address of devices.
Incorrect! Try again.
49Why is 'Remote Wipe' a critical feature for enterprise mobile security?
A.To clean the screen remotely
B.To erase sensitive corporate data if a device is lost or stolen
C.To delete apps that are not used
D.To update the OS remotely
Correct Answer: To erase sensitive corporate data if a device is lost or stolen
Explanation:If a device falls into the wrong hands, Remote Wipe ensures that confidential data cannot be accessed.
Incorrect! Try again.
50Which of the following is a symptom of a mobile device being infected with malware?
A.Extended battery life
B.Unexpected data usage spikes and rapid battery drain
C.Faster performance
D.Screen becoming brighter
Correct Answer: Unexpected data usage spikes and rapid battery drain
Explanation:Malware often runs background processes and communicates with C&C servers, consuming data and battery.
Incorrect! Try again.
Give Feedback
Help us improve by sharing your thoughts or reporting issues.