1Which part of the internet is not indexed by standard search engines and requires specific software, configurations, or authorization to access?
A.Surface Web
B.Deep Web
C.Dark Web
D.Transparent Web
Correct Answer: Dark Web
Explanation:The Dark Web is a subset of the Deep Web that is intentionally hidden and requires specific software like Tor or I2P to access.
Incorrect! Try again.
2What is the primary routing mechanism used by the Tor network to maintain user anonymity?
A.Garlic Routing
B.Onion Routing
C.Tomato Routing
D.Packet Switching
Correct Answer: Onion Routing
Explanation:Tor uses Onion Routing, where data is encapsulated in layers of encryption, peeled off one by one by relay nodes.
Incorrect! Try again.
3Which Top-Level Domain (TLD) is specifically associated with sites hosted on the Tor network?
A..com
B..exe
C..onion
D..tor
Correct Answer: .onion
Explanation:The .onion TLD denotes an anonymous hidden service reachable via the Tor network.
Incorrect! Try again.
4In the context of email basics, what does SMTP stand for?
A.Simple Mail Transfer Protocol
B.Secure Mail Transmission Protocol
C.Standard Mail Text Protocol
D.System Mail Transfer Protocol
Correct Answer: Simple Mail Transfer Protocol
Explanation:SMTP (Simple Mail Transfer Protocol) is the standard protocol for sending emails across the Internet.
Incorrect! Try again.
5Which protocol is primarily used by email clients to retrieve messages from a mail server?
A.SMTP
B.FTP
C.IMAP
D.SNMP
Correct Answer: IMAP
Explanation:IMAP (Internet Message Access Protocol) is used to retrieve emails from a server, allowing management of emails directly on the server.
Incorrect! Try again.
6What is the most critical section of an email for forensic analysis when tracing the origin of a message?
A.The Subject Line
B.The Email Header
C.The Email Body
D.The Signature Block
Correct Answer: The Email Header
Explanation:The Email Header contains routing information, IP addresses of sending servers, and timestamps essential for tracing the origin.
Incorrect! Try again.
7Which specific field in an email header usually reveals the IP address of the sender?
A.Return-Path
B.Received
C.From
D.To
Correct Answer: Received
Explanation:The 'Received' fields trace the path of the email from sender to recipient, often containing the originating IP address.
Incorrect! Try again.
8What is the term for an email attack where the sender manipulates the address to make it appear as if it came from a trusted source?
A.Email Spoofing
B.Email Sniffing
C.Email Spiking
D.Email Bombing
Correct Answer: Email Spoofing
Explanation:Email spoofing involves altering the email header to make the message appear to come from a legitimate or known source.
Incorrect! Try again.
9In a phishing investigation, what is 'Typosquatting'?
A.Using all caps in the subject line
B.Registering a domain name extremely similar to a legitimate one
C.Deleting email logs
D.Encrypting the email body
Correct Answer: Registering a domain name extremely similar to a legitimate one
Explanation:Typosquatting relies on mistakes such as typos made by internet users when inputting a website address into a web browser.
Incorrect! Try again.
10Which type of phishing attack specifically targets high-profile executives like CEOs or CFOs?
A.Spear Phishing
B.Whaling
C.Vishing
D.Smishing
Correct Answer: Whaling
Explanation:Whaling is a specific form of spear phishing aimed at high-value targets, often to steal sensitive data or initiate fraudulent wire transfers.
Incorrect! Try again.
11What is the primary function of an Intrusion Detection System (IDS)?
A.To block all network traffic
B.To encrypt network data
C.To monitor network traffic for suspicious activity
D.To act as a web server
Correct Answer: To monitor network traffic for suspicious activity
Explanation:An IDS monitors network traffic for suspicious activity and issues alerts when such activity is discovered.
Incorrect! Try again.
12How does an Intrusion Prevention System (IPS) differ mainly from an IDS?
A.IPS only logs data
B.IPS takes active action to stop the threat
C.IPS is slower
D.IPS cannot detect viruses
Correct Answer: IPS takes active action to stop the threat
Explanation:Unlike an IDS which primarily alerts, an IPS sits inline with traffic and can actively block or drop malicious packets.
Incorrect! Try again.
13Which type of IDS detection method relies on a database of known attack patterns?
A.Anomaly-based detection
B.Signature-based detection
C.Heuristic detection
D.Behavior-based detection
Correct Answer: Signature-based detection
Explanation:Signature-based detection compares network traffic against a database of known threat signatures.
Incorrect! Try again.
14What is a 'False Positive' in the context of IDS/IPS?
A.A malicious attack that is missed
B.A legitimate activity flagged as malicious
C.A system crash
D.A successful virus removal
Correct Answer: A legitimate activity flagged as malicious
Explanation:A False Positive occurs when the system incorrectly identifies benign traffic or behavior as a threat.
Incorrect! Try again.
15What does WAF stand for in web security?
A.Wide Area Firewall
B.Web Application Firewall
C.Wireless Access Firewall
D.Windows Authentication File
Correct Answer: Web Application Firewall
Explanation:WAF stands for Web Application Firewall, designed to protect web applications by filtering and monitoring HTTP traffic.
Incorrect! Try again.
16At which layer of the OSI model does a Web Application Firewall (WAF) primarily operate?
A.Layer 3 (Network)
B.Layer 4 (Transport)
C.Layer 2 (Data Link)
D.Layer 7 (Application)
Correct Answer: Layer 7 (Application)
Explanation:WAFs operate at Layer 7 to inspect the content of web traffic (HTTP/HTTPS) and block application-specific attacks.
Incorrect! Try again.
17Which attack involves injecting malicious SQL queries into input fields to manipulate a database?
A.Cross-Site Scripting (XSS)
B.SQL Injection
C.CSRF
D.Buffer Overflow
Correct Answer: SQL Injection
Explanation:SQL Injection (SQLi) allows attackers to interfere with the queries an application makes to its database.
Incorrect! Try again.
18What type of web attack involves injecting malicious scripts into trusted websites viewed by other users?
A.SQL Injection
B.Cross-Site Scripting (XSS)
C.Directory Traversal
D.Brute Force
Correct Answer: Cross-Site Scripting (XSS)
Explanation:XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.
Incorrect! Try again.
19Which attack forces an end user to execute unwanted actions on a web application in which they are currently authenticated?
A.Cross-Site Request Forgery (CSRF)
B.SQL Injection
C.Man-in-the-Middle
D.Packet Sniffing
Correct Answer: Cross-Site Request Forgery (CSRF)
Explanation:CSRF tricks the victim into submitting a malicious request used to perform actions on their behalf without their knowledge.
Incorrect! Try again.
20What is a 'Directory Traversal' attack?
A.Overloading the server with requests
B.Accessing restricted directories and files by manipulating file paths
C.Stealing cookies
D.Injecting SQL commands
Correct Answer: Accessing restricted directories and files by manipulating file paths
Explanation:Directory Traversal (or Path Traversal) aims to access files and directories that are stored outside the web root folder (e.g., using ../../).
Incorrect! Try again.
21In Email Forensics, what is the role of an MTA (Mail Transfer Agent)?
A.To read emails
B.To display emails to the user
C.To route and transfer emails between servers
D.To attach files
Correct Answer: To route and transfer emails between servers
Explanation:The MTA involves the software on the server responsible for transferring emails from one computer to another.
Incorrect! Try again.
22What is the standard port number for SMTP traffic?
A.21
B.25
C.80
D.443
Correct Answer: 25
Explanation:Port 25 is the default standard port for Simple Mail Transfer Protocol (SMTP).
Incorrect! Try again.
23Which component of an IDS is responsible for collecting data from the network?
A.Sensor
B.Analyzer
C.Database
D.Console
Correct Answer: Sensor
Explanation:Sensors are placed at key points in the network to collect traffic data for analysis by the IDS.
Incorrect! Try again.
24What is the main disadvantage of Anomaly-based IDS?
A.It cannot detect new attacks
B.It has a high rate of false positives
C.It requires virus signatures
D.It is only for wireless networks
Correct Answer: It has a high rate of false positives
Explanation:Because anomaly-based systems define 'normal' behavior, any deviation (even legitimate new behavior) can trigger a false positive.
Incorrect! Try again.
25Which web attack aims to make a machine or network resource unavailable to its intended users?
A.DoS (Denial of Service)
B.Phishing
C.SQL Injection
D.Privilege Escalation
Correct Answer: DoS (Denial of Service)
Explanation:A DoS attack seeks to shut down a machine or network, making it inaccessible to its intended users.
Incorrect! Try again.
26What does a 'Logic Bomb' generally refer to in cyber crime?
A.A physical explosive
B.Malicious code set to execute when specific conditions are met
C.A failed hacking attempt
D.A type of firewall
Correct Answer: Malicious code set to execute when specific conditions are met
Explanation:A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Incorrect! Try again.
27Which of the following is a tool often used for network intrusion detection?
A.Photoshop
B.Snort
C.Excel
D.Word
Correct Answer: Snort
Explanation:Snort is a popular open-source network intrusion prevention system and intrusion detection system.
Incorrect! Try again.
28In the context of the Dark Web, what is an 'Exit Node'?
A.The first server you connect to
B.The server where traffic leaves the Tor network to reach the open internet
C.A firewall rule
D.An offline server
Correct Answer: The server where traffic leaves the Tor network to reach the open internet
Explanation:The exit node is the final relay in a Tor circuit where the traffic is decrypted and sent to the final destination on the public internet.
Incorrect! Try again.
29What is the first step in an email crime investigation?
A.Arresting the suspect
B.Seizing the suspect's computer
C.Acquiring and preserving the email evidence
D.Deleting the spam
Correct Answer: Acquiring and preserving the email evidence
Explanation:The immediate priority is to secure the evidence (the email and its headers) in a forensically sound manner to prevent alteration.
Incorrect! Try again.
30Which email protocol leaves the original email on the server by default?
A.POP3
B.IMAP
C.HTTP
D.FTP
Correct Answer: IMAP
Explanation:IMAP synchronizes with the server, leaving the original message on the server, whereas POP3 often downloads and deletes it.
Incorrect! Try again.
31What is 'Session Hijacking'?
A.Stealing a laptop
B.Taking over a user's active web session by stealing the session ID
C.Breaking a password
D.Phishing for credit cards
Correct Answer: Taking over a user's active web session by stealing the session ID
Explanation:Session hijacking involves exploiting a valid computer session to gain unauthorized access to information or services.
Incorrect! Try again.
32Which of the following is a passive security device?
A.Firewall
B.IPS
C.IDS
D.Proxy Server
Correct Answer: IDS
Explanation:An IDS is typically passive; it monitors and alerts but does not sit inline to block traffic automatically like a Firewall or IPS.
Incorrect! Try again.
33In a SQL injection attack, what does the input ' OR '1'='1 typically achieve?
A.It deletes the database
B.It evaluates to True, bypassing authentication
C.It encrypts the data
D.It shuts down the server
Correct Answer: It evaluates to True, bypassing authentication
Explanation:This is a tautology (a statement that is always true) used to trick the database into returning all records or bypassing login checks.
Incorrect! Try again.
34Which type of XSS attack stores the malicious script permanently on the target server (e.g., in a forum post)?
A.Reflected XSS
B.Stored (Persistent) XSS
C.DOM-based XSS
D.Local XSS
Correct Answer: Stored (Persistent) XSS
Explanation:Stored XSS occurs when the malicious script is saved on the server (e.g., in a database) and served to users who access that content.
Incorrect! Try again.
35What is the purpose of 'DKIM' in email security?
A.To encrypt the email body
B.To verify that an email message was not forged or altered
C.To block spam
D.To archive emails
Correct Answer: To verify that an email message was not forged or altered
Explanation:DomainKeys Identified Mail (DKIM) provides an encryption key and digital signature that verifies that an email message was not forged or altered.
Incorrect! Try again.
36A 'Zero-day' attack refers to:
A.An attack that happens at midnight
B.An attack exploiting a vulnerability unknown to the software vendor
C.An attack that takes zero seconds
D.An attack on a closed network
Correct Answer: An attack exploiting a vulnerability unknown to the software vendor
Explanation:A Zero-day exploit targets a vulnerability that the developers are unaware of and have had 'zero days' to fix.
Incorrect! Try again.
37Which part of the email header is easiest to spoof?
A.Received-By IP
B.Message-ID
C.From address
D.DKIM Signature
Correct Answer: From address
Explanation:The 'From' field is easily manipulated by the sender's mail client, unlike the 'Received' headers added by intermediate servers.
Incorrect! Try again.
38What does a Host-based IDS (HIDS) monitor?
A.Traffic on the entire subnet
B.Activity and logs on a specific individual device
C.Traffic at the ISP level
D.Wireless signals only
Correct Answer: Activity and logs on a specific individual device
Explanation:HIDS operates on a specific host or device, monitoring system logs, file modifications, and local activity.
Incorrect! Try again.
39What is 'Bitcoin's' primary role in the Dark Web?
A.It is the software used to browse
B.It is the hosting provider
C.It is a common method for anonymous payment
D.It acts as a firewall
Correct Answer: It is a common method for anonymous payment
Explanation:Cryptocurrencies like Bitcoin are used on the Dark Web to facilitate pseudo-anonymous transactions for illegal goods and services.
Incorrect! Try again.
40Which attack involves an attacker intercepting communication between two parties?
A.Man-in-the-Middle (MITM)
B.DDoS
C.Phishing
D.Logic Bomb
Correct Answer: Man-in-the-Middle (MITM)
Explanation:MITM attacks involve an attacker secretly relaying and possibly altering the communications between two parties who believe they are communicating directly.
Incorrect! Try again.
41What is 'Business Email Compromise' (BEC)?
A.A virus that deletes emails
B.A scam compromising legitimate business email accounts to conduct unauthorized transfers
C.Spam advertising
D.Email server maintenance
Correct Answer: A scam compromising legitimate business email accounts to conduct unauthorized transfers
Explanation:BEC is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that perform wire transfer payments.
Incorrect! Try again.
42The 'Deep Web' includes:
A.Only illegal content
B.Anything not indexed by search engines (e.g., medical records, academic databases)
C.Only social media
D.Google search results
Correct Answer: Anything not indexed by search engines (e.g., medical records, academic databases)
Explanation:The Deep Web refers to parts of the World Wide Web whose contents are not indexed by standard web search-engines, including legitimate databases and private networks.
Incorrect! Try again.
43Which mechanism in a WAF allows only pre-approved traffic and blocks everything else?
A.Blacklisting
B.Whitelisting
C.Greylisting
D.Redlisting
Correct Answer: Whitelisting
Explanation:Whitelisting (positive security model) denies all traffic by default and only allows specific, known-good traffic.
Incorrect! Try again.
44In web attacks, what is a 'Brute Force' attack?
A.Guessing passwords by trying every possible combination
B.Physically breaking the server
C.Sending a virus via email
D.Injecting SQL code
Correct Answer: Guessing passwords by trying every possible combination
Explanation:Brute force attacks involve an automated system attempting every possible combination of characters to discover a password.
Incorrect! Try again.
45What distinguishes a Distributed Denial of Service (DDoS) from a standard DoS?
A.DDoS is slower
B.DDoS uses a single attacker machine
C.DDoS uses multiple compromised systems (botnet) to attack
D.DDoS targets emails only
Correct Answer: DDoS uses multiple compromised systems (botnet) to attack
Explanation:DDoS utilizes a network of compromised machines (bots) to flood the target, making it harder to block than a single-source DoS.
Incorrect! Try again.
46Which file on a web server determines which parts of the site crawlers are permitted to access?
A.index.html
B.robots.txt
C.config.php
D.style.css
Correct Answer: robots.txt
Explanation:robots.txt is a standard used by websites to communicate with web crawlers and other web robots about which areas of the website should not be processed or scanned.
Incorrect! Try again.
47What is the primary utility of 'Packet Sniffing' in forensics?
A.To edit files remotely
B.To capture and analyze data traffic moving across a network
C.To encrypt hard drives
D.To clean viruses
Correct Answer: To capture and analyze data traffic moving across a network
Explanation:Packet sniffing involves intercepting and logging traffic that passes over a digital network, useful for analyzing attacks or evidence.
Incorrect! Try again.
48In email forensics, 'MUA' stands for:
A.Mail User Agent
B.Mail Unified Access
C.Master User Authorization
D.Mail Upload Agent
Correct Answer: Mail User Agent
Explanation:MUA (Mail User Agent) is the email client software (like Outlook or Thunderbird) used by the user to compose and read emails.
Incorrect! Try again.
49Which vulnerability allows an attacker to include a file, usually exploiting a 'dynamic file inclusion' mechanism implemented in the target application?
A.Local File Inclusion (LFI)
B.Brute Force
C.Dictionary Attack
D.Syn Flood
Correct Answer: Local File Inclusion (LFI)
Explanation:LFI allows an attacker to include files on a server through the web browser, potentially leading to information disclosure or code execution.
Incorrect! Try again.
50The 'Silk Road' was a famous marketplace located on:
A.The Surface Web
B.The Dark Web
C.A private LAN
D.Facebook
Correct Answer: The Dark Web
Explanation:Silk Road was a notorious online black market on the Dark Web, operated via Tor, known for selling illegal drugs.
Incorrect! Try again.
Give Feedback
Help us improve by sharing your thoughts or reporting issues.