1
Which IEEE standard governs Wireless LAN (WLAN) technologies?
A. IEEE 802.3
B. IEEE 802.11
C. IEEE 802.1X
D. IEEE 802.15
Correct Answer: IEEE 802.11
Explanation:
IEEE 802.11 is the set of standards that define communication for wireless local area networks (WLANs).
2
In the context of wireless security, what is an 'Evil Twin' attack?
A. Two hackers working simultaneously on the same network
B. A virus that replicates itself on mobile devices
C. A rogue access point that mimics a legitimate SSID to intercept traffic
D. A bluetooth attack that crashes the device
Correct Answer: A rogue access point that mimics a legitimate SSID to intercept traffic
Explanation:
An Evil Twin is a rogue AP configured to look exactly like a legitimate hotspot to trick users into connecting to it.
3
Which wireless encryption protocol is considered the weakest and has been deprecated due to severe vulnerabilities?
A. WPA3
B. WPA-Enterprise
C. WEP
D. WPA2
Correct Answer: WEP
Explanation:
Wired Equivalent Privacy (WEP) is an old security algorithm that is easily cracked and no longer considered secure.
4
What is the primary difference between Bluejacking and Bluesnarfing?
A. There is no difference; they are synonyms
B. Bluejacking sends unsolicited messages, while Bluesnarfing involves stealing data
C. Bluejacking involves stealing data, while Bluesnarfing sends unsolicited messages
D. Bluejacking takes full control of the device, while Bluesnarfing only crashes it
Correct Answer: Bluejacking sends unsolicited messages, while Bluesnarfing involves stealing data
Explanation:
Bluejacking is relatively harmless spamming of messages, whereas Bluesnarfing is the unauthorized theft of information from a Bluetooth device.
5
Which Bluetooth attack allows an attacker to take full control of a target device to make calls or send texts?
A. Bluejacking
B. Bluestriking
C. Bluebugging
D. Bluesnarfing
Correct Answer: Bluebugging
Explanation:
Bluebugging goes beyond data theft and allows the attacker to take control of the device's commands.
6
What is the primary function of a SIEM (Security Information and Event Management) system?
A. To act as a firewall for wireless networks
B. To aggregate and analyze log data from various sources to detect security incidents
C. To encrypt mobile device hard drives
D. To manage cloud subscriptions
Correct Answer: To aggregate and analyze log data from various sources to detect security incidents
Explanation:
SIEM solutions collect log data, correlate events, and generate alerts for potential security threats.
7
In a Security Operations Center (SOC), what is the main responsibility of Tier 1 analysts?
A. Managing the budget of the security team
B. Triage and initial classification of security alerts
C. Deep forensic analysis
D. Threat hunting
Correct Answer: Triage and initial classification of security alerts
Explanation:
Tier 1 analysts allow for the initial review of incoming alerts to determine if they are false positives or real incidents requiring escalation.
8
What core component does the Android operating system use as its foundation?
A. Microkernel
B. Linux Kernel
C. Windows NT Kernel
D. Darwin Kernel
Correct Answer: Linux Kernel
Explanation:
Android is built on top of the Linux kernel, which handles low-level hardware interactions and memory management.
9
iOS utilizes a security mechanism that restricts apps from accessing data or processes of other apps. What is this called?
A. Hypervising
B. Rooting
C. Containerization
D. Sandboxing
Correct Answer: Sandboxing
Explanation:
Sandboxing isolates apps so that if one is compromised, it cannot easily affect the system or other apps.
10
The process of removing software restrictions imposed by Apple on iOS devices is known as:
A. Unlocking
B. Rooting
C. Sideloading
D. Jailbreaking
Correct Answer: Jailbreaking
Explanation:
Jailbreaking is the specific term for escalating privileges on iOS to bypass manufacturer restrictions.
11
On Android devices, gaining administrative (superuser) privileges is referred to as:
A. Jailbreaking
B. Rooting
C. Bootloading
D. Phishing
Correct Answer: Rooting
Explanation:
Rooting is the process of attaining root access on Android subsystems.
12
Which mobile security model involves separating personal and corporate data on the same device?
A. BYOD (Bring Your Own Device)
B. Containerization
C. CYOD (Choose Your Own Device)
D. Direct Access
Correct Answer: Containerization
Explanation:
Containerization creates a secure, isolated area on a device for business apps and data, keeping them separate from personal data.
13
What is 'Sideloading' in the context of mobile security?
A. Turning the phone sideways to bypass facial recognition
B. Transferring data to the cloud
C. Charging a device via a malicious USB port
D. Installing applications from sources other than the official app store
Correct Answer: Installing applications from sources other than the official app store
Explanation:
Sideloading bypasses the vetting process of official stores (like Google Play), increasing the risk of installing malware.
14
Which solution allows IT administrators to remotely wipe, lock, and configure mobile devices across an enterprise?
A. VPN (Virtual Private Network)
B. WPA2
C. MDM (Mobile Device Management)
D. IDS (Intrusion Detection System)
Correct Answer: MDM (Mobile Device Management)
Explanation:
MDM software provides centralized control over mobile devices used within an organization.
15
What is the 'Shared Responsibility Model' in cloud computing?
A. Multiple cloud providers share the cost of security
B. The cloud provider is responsible for everything
C. The customer is responsible for everything
D. Security obligations are divided between the cloud provider and the customer
Correct Answer: Security obligations are divided between the cloud provider and the customer
Explanation:
The provider secures the infrastructure (cloud), while the customer secures the data and configurations (in the cloud).
16
Which Cloud Service Model provides the consumer with the capability to provision processing, storage, and networks (e.g., AWS EC2)?
A. IaaS (Infrastructure as a Service)
B. PaaS (Platform as a Service)
C. DaaS (Desktop as a Service)
D. SaaS (Software as a Service)
Correct Answer: IaaS (Infrastructure as a Service)
Explanation:
IaaS offers fundamental computing resources where the consumer deploys and runs arbitrary software.
17
Which Cloud Service Model delivers applications over the internet (e.g., Gmail, Salesforce)?
A. IaaS (Infrastructure as a Service)
B. PaaS (Platform as a Service)
C. FaaS (Function as a Service)
D. SaaS (Software as a Service)
Correct Answer: SaaS (Software as a Service)
Explanation:
SaaS provides fully functional applications managed by the vendor and accessed by users via a web browser or client.
18
Google App Engine and Microsoft Azure App Service are examples of which cloud model?
A. IaaS
B. PaaS
C. Hybrid
D. SaaS
Correct Answer: PaaS
Explanation:
PaaS provides a platform allowing customers to develop, run, and manage applications without building the infrastructure.
19
Which cloud deployment model is exclusively used by a single organization?
A. Community Cloud
B. Public Cloud
C. Private Cloud
D. Hybrid Cloud
Correct Answer: Private Cloud
Explanation:
A Private Cloud is dedicated to the needs of a single organization, offering more control and privacy.
20
What is a major security risk associated with Insecure APIs in cloud computing?
A. They consume too much electricity
B. They slow down the internet connection
C. They prevent the use of firewalls
D. They can expose sensitive data or allow unauthorized control if not properly authenticated
Correct Answer: They can expose sensitive data or allow unauthorized control if not properly authenticated
Explanation:
APIs are the entry points to cloud services; if insecure, they serve as a gateway for attackers to access data or manipulate services.
21
In the context of Wireless security, what is 'War Driving'?
A. Using a drone to jam signals
B. Physically driving around to locate and map open or vulnerable wireless networks
C. Overclocking a CPU to increase speed
D. Driving a tank into a data center
Correct Answer: Physically driving around to locate and map open or vulnerable wireless networks
Explanation:
War Driving involves moving through an area to detect Wi-Fi signals and identify vulnerable access points.
22
Which of the following is a countermeasure against Bluetooth attacks?
A. Using a PIN of '0000'
B. Keeping Bluetooth in 'Discoverable' mode at all times
C. Broadcasting the device name publicly
D. Setting the device to 'Non-discoverable' or 'Hidden' mode when not pairing
Correct Answer: Setting the device to 'Non-discoverable' or 'Hidden' mode when not pairing
Explanation:
Making the device non-discoverable prevents attackers from easily finding and targeting the device via Bluetooth.
23
What is a 'Rogue Access Point'?
A. A firewall rule that blocks traffic
B. A secure router provided by the ISP
C. An unauthorized wireless access point installed on a secure network
D. A software update for Wi-Fi drivers
Correct Answer: An unauthorized wireless access point installed on a secure network
Explanation:
Rogue APs are unauthorized devices attached to a network, often creating a backdoor for attackers.
24
What is the purpose of SSID broadcasting?
A. To block unauthorized users
B. To increase the speed of the internet
C. To encrypt the data traffic
D. To announce the presence and name of the wireless network to nearby devices
Correct Answer: To announce the presence and name of the wireless network to nearby devices
Explanation:
The Service Set Identifier (SSID) is the network name broadcasted so devices can see and connect to it.
25
Which mobile threat involves an attacker intercepting communication between the user and a server?
A. Geofencing
B. Man-in-the-Middle (MitM) attack
C. Screen locking
D. Data resting
Correct Answer: Man-in-the-Middle (MitM) attack
Explanation:
In MitM attacks, the attacker secretly relays and possibly alters the communication between two parties who believe they are communicating directly.
26
What is 'Shadow IT' in the context of Cloud Security?
A. The use of IT systems and cloud services without explicit approval from the IT department
B. A hacking group targeting clouds
C. Backup data stored in a dark room
D. Dark mode interfaces in cloud apps
Correct Answer: The use of IT systems and cloud services without explicit approval from the IT department
Explanation:
Shadow IT creates security blind spots because the IT security team cannot protect or monitor services they don't know exist.
27
Which cloud attack involves an attacker exploiting the shared resources in a virtualized environment to access data from another tenant?
A. DDoS
B. Phishing
C. SQL Injection
D. Guest-Escape / Hypervisor Jumping
Correct Answer: Guest-Escape / Hypervisor Jumping
Explanation:
This attack involves breaking out of a virtual machine (VM) to interact with the hypervisor or other VMs on the same physical host.
28
What is a CASB (Cloud Access Security Broker)?
A. Software that sits between cloud service users and cloud applications to enforce security policies
B. A type of cloud malware
C. A physical lock for server rooms
D. A government agency regulating clouds
Correct Answer: Software that sits between cloud service users and cloud applications to enforce security policies
Explanation:
CASBs provide visibility, compliance, data security, and threat protection for cloud services.
29
Why is 'Multitenancy' a security concern in the cloud?
A. It increases the cost of storage
B. It makes the internet slower
C. It requires more electricity
D. Multiple customers share the same physical resources, creating a risk of data leakage if isolation fails
Correct Answer: Multiple customers share the same physical resources, creating a risk of data leakage if isolation fails
Explanation:
In multitenancy, a failure in logical separation could allow one tenant to view another tenant's data.
30
Which of the following is a critical step when testing security in the cloud (Penetration Testing)?
A. Launching an attack without warning
B. Obtaining permission from the Cloud Service Provider (CSP) before testing
C. Ignoring the Service Level Agreement
D. Testing only on weekends
Correct Answer: Obtaining permission from the Cloud Service Provider (CSP) before testing
Explanation:
Testing without permission violates terms of service and the provider may interpret the test as a real attack and block it.
31
What does WPA3 use to replace the WPA2 Pre-Shared Key exchange, making it resistant to offline dictionary attacks?
A. Simultaneous Authentication of Equals (SAE)
B. WEP
C. Plaintext
D. TKIP
Correct Answer: Simultaneous Authentication of Equals (SAE)
Explanation:
SAE is the handshake protocol in WPA3 that prevents attackers from determining the password through offline dictionary attacks.
32
What is a 'Botnet' often used for in cloud attacks?
A. Perform Distributed Denial of Service (DDoS) attacks
B. Backing up data
C. Mining cryptocurrency legally
D. Indexing web pages
Correct Answer: Perform Distributed Denial of Service (DDoS) attacks
Explanation:
Botnets are networks of compromised devices used to flood a target with traffic, causing a DDoS.
33
What allows Android users to verify what capabilities an application is requesting (e.g., access to camera, contacts)?
A. Kernel Panic
B. App Permissions
C. Root Access
D. The instruction manual
Correct Answer: App Permissions
Explanation:
The permission model requires apps to ask the user for consent before accessing sensitive hardware or data.
34
Which wireless security protocol uses TKIP (Temporal Key Integrity Protocol)?
A. WPA
B. WEP
C. WPA2
D. WPA3
Correct Answer: WPA
Explanation:
WPA introduced TKIP to address the vulnerabilities of WEP, though it was later replaced by CCMP/AES in WPA2.
35
What is 'Geo-tagging' and why is it a mobile security risk?
A. Embedding location data in photos/posts; it reveals the user's physical location to stalkers
B. Tagging friends in photos; it is a privacy violation
C. Using GPS for maps; it uses data
D. Playing games based on location; it wastes battery
Correct Answer: Embedding location data in photos/posts; it reveals the user's physical location to stalkers
Explanation:
Geo-tags add metadata to files that can reveal exactly where a photo was taken, compromising physical safety.
36
In the context of SOC, what does 'Correlation' mean?
A. Communicating with the HR department
B. Backing up files to two locations
C. Connecting the power cables
D. Linking different events from log files to identify a complex attack pattern
Correct Answer: Linking different events from log files to identify a complex attack pattern
Explanation:
Correlation engines in SIEMs look for relationships between seemingly unrelated events to detect sophisticated threats.
37
Which of the following is a physical security threat to mobile devices?
A. Phishing
B. Theft or Loss
C. SQL Injection
D. Malware
Correct Answer: Theft or Loss
Explanation:
Because mobile devices are portable, they are easily lost or stolen, giving attackers physical access to the device.
38
What is 'Cryptojacking' in a cloud environment?
A. Unauthorized use of cloud computing resources to mine cryptocurrency
B. Stealing credit card numbers
C. Encrypting data for ransom
D. Hacking into a bank
Correct Answer: Unauthorized use of cloud computing resources to mine cryptocurrency
Explanation:
Attackers hijack the processing power of cloud instances to mine crypto, driving up costs for the victim.
39
The NIST definition of Cloud Computing includes 'Rapid Elasticity'. What does this mean?
A. The internet speed is constant
B. The cloud is made of rubber
C. Capabilities can be elastically provisioned and released to scale rapidly outward and inward
D. Data is stored on flexible disks
Correct Answer: Capabilities can be elastically provisioned and released to scale rapidly outward and inward
Explanation:
Rapid Elasticity allows systems to automatically scale resources up or down based on demand.
40
Which attack vector involves a malicious insider abusing their authorized access to cloud data?
A. DDoS
B. Outsider Threat
C. Insider Threat
D. War Driving
Correct Answer: Insider Threat
Explanation:
Insider threats involve employees or contractors using their legitimate privileges to steal data or cause harm.
41
What is the primary function of a Virtual Private Network (VPN) on a mobile device connecting to public Wi-Fi?
A. To boost signal strength
B. To bypass battery limits
C. To create an encrypted tunnel for data, protecting it from interception
D. To download apps faster
Correct Answer: To create an encrypted tunnel for data, protecting it from interception
Explanation:
A VPN encrypts internet traffic, making it unreadable to anyone sniffing the public Wi-Fi network.
42
Which Bluetooth class has the longest range (approximately 100 meters)?
A. Class 4
B. Class 1
C. Class 2
D. Class 3
Correct Answer: Class 1
Explanation:
Class 1 Bluetooth devices have higher power output (100mW) and a range of up to 100 meters.
43
What is 'MAM' in mobile security?
A. Mobile Application Management
B. Mobile Access Monitoring
C. Main Access Module
D. Man-Against-Machine
Correct Answer: Mobile Application Management
Explanation:
MAM focuses on securing specific corporate applications on a device, rather than controlling the entire device like MDM.
44
Which file format is used for installing software on the Android operating system?
A. .APK
B. .DMG
C. .IPA
D. .EXE
Correct Answer: .APK
Explanation:
Android Package Kit (APK) is the package file format used by the Android OS for distribution and installation of mobile apps.
45
In cloud security, what does 'Data Sovereignty' refer to?
A. The speed of data transfer
B. The encryption level of data
C. The concept that data is subject to the laws of the country in which it is physically stored
D. The king of data
Correct Answer: The concept that data is subject to the laws of the country in which it is physically stored
Explanation:
Data stored in the cloud resides on physical servers; local laws (like GDPR in Europe) apply to that data depending on the server location.
46
What is a 'Hybrid Cloud'?
A. A cloud maintained by a single person
B. A composition of two or more clouds (private, community, or public) that remain unique entities but are bound together
C. A cloud that only stores images
D. A cloud that runs on gas and electricity
Correct Answer: A composition of two or more clouds (private, community, or public) that remain unique entities but are bound together
Explanation:
Hybrid clouds combine public and private infrastructure, allowing data and applications to be shared between them.
47
Which wireless attack involves capturing handshake packets and attempting to crack the password offline?
A. Beacon Flooding
B. WPA Cracking / Dictionary Attack
C. MAC Filtering
D. Signal Jamming
Correct Answer: WPA Cracking / Dictionary Attack
Explanation:
Attackers capture the 4-way handshake and use wordlists to guess the Pre-Shared Key.
48
What is 'MAC Address Filtering'?
A. Blocking websites
B. Allowing or denying network access based on the hardware address of the network card
C. Cleaning the router
D. Filtering out Mac computers
Correct Answer: Allowing or denying network access based on the hardware address of the network card
Explanation:
MAC filtering creates an allow/deny list based on the unique Media Access Control address of devices.
49
Why is 'Remote Wipe' a critical feature for enterprise mobile security?
A. To erase sensitive corporate data if a device is lost or stolen
B. To delete apps that are not used
C. To update the OS remotely
D. To clean the screen remotely
Correct Answer: To erase sensitive corporate data if a device is lost or stolen
Explanation:
If a device falls into the wrong hands, Remote Wipe ensures that confidential data cannot be accessed.
50
Which of the following is a symptom of a mobile device being infected with malware?
A. Screen becoming brighter
B. Faster performance
C. Extended battery life
D. Unexpected data usage spikes and rapid battery drain
Correct Answer: Unexpected data usage spikes and rapid battery drain
Explanation:
Malware often runs background processes and communicates with C&C servers, consuming data and battery.