1Which part of the internet is not indexed by standard search engines and requires specific software, configurations, or authorization to access?
A.Deep Web
B.Transparent Web
C.Dark Web
D.Surface Web
Correct Answer: Dark Web
Explanation:
The Dark Web is a subset of the Deep Web that is intentionally hidden and requires specific software like Tor or I2P to access.
Incorrect! Try again.
2What is the primary routing mechanism used by the Tor network to maintain user anonymity?
A.Tomato Routing
B.Packet Switching
C.Onion Routing
D.Garlic Routing
Correct Answer: Onion Routing
Explanation:
Tor uses Onion Routing, where data is encapsulated in layers of encryption, peeled off one by one by relay nodes.
Incorrect! Try again.
3Which Top-Level Domain (TLD) is specifically associated with sites hosted on the Tor network?
A..onion
B..exe
C..tor
D..com
Correct Answer: .onion
Explanation:
The .onion TLD denotes an anonymous hidden service reachable via the Tor network.
Incorrect! Try again.
4In the context of email basics, what does SMTP stand for?
A.Simple Mail Transfer Protocol
B.System Mail Transfer Protocol
C.Secure Mail Transmission Protocol
D.Standard Mail Text Protocol
Correct Answer: Simple Mail Transfer Protocol
Explanation:
SMTP (Simple Mail Transfer Protocol) is the standard protocol for sending emails across the Internet.
Incorrect! Try again.
5Which protocol is primarily used by email clients to retrieve messages from a mail server?
A.SMTP
B.IMAP
C.SNMP
D.FTP
Correct Answer: IMAP
Explanation:
IMAP (Internet Message Access Protocol) is used to retrieve emails from a server, allowing management of emails directly on the server.
Incorrect! Try again.
6What is the most critical section of an email for forensic analysis when tracing the origin of a message?
A.The Email Header
B.The Signature Block
C.The Email Body
D.The Subject Line
Correct Answer: The Email Header
Explanation:
The Email Header contains routing information, IP addresses of sending servers, and timestamps essential for tracing the origin.
Incorrect! Try again.
7Which specific field in an email header usually reveals the IP address of the sender?
A.Received
B.From
C.To
D.Return-Path
Correct Answer: Received
Explanation:
The 'Received' fields trace the path of the email from sender to recipient, often containing the originating IP address.
Incorrect! Try again.
8What is the term for an email attack where the sender manipulates the address to make it appear as if it came from a trusted source?
A.Email Sniffing
B.Email Spiking
C.Email Spoofing
D.Email Bombing
Correct Answer: Email Spoofing
Explanation:
Email spoofing involves altering the email header to make the message appear to come from a legitimate or known source.
Incorrect! Try again.
9In a phishing investigation, what is 'Typosquatting'?
A.Registering a domain name extremely similar to a legitimate one
B.Deleting email logs
C.Encrypting the email body
D.Using all caps in the subject line
Correct Answer: Registering a domain name extremely similar to a legitimate one
Explanation:
Typosquatting relies on mistakes such as typos made by internet users when inputting a website address into a web browser.
Incorrect! Try again.
10Which type of phishing attack specifically targets high-profile executives like CEOs or CFOs?
A.Vishing
B.Smishing
C.Spear Phishing
D.Whaling
Correct Answer: Whaling
Explanation:
Whaling is a specific form of spear phishing aimed at high-value targets, often to steal sensitive data or initiate fraudulent wire transfers.
Incorrect! Try again.
11What is the primary function of an Intrusion Detection System (IDS)?
A.To act as a web server
B.To encrypt network data
C.To block all network traffic
D.To monitor network traffic for suspicious activity
Correct Answer: To monitor network traffic for suspicious activity
Explanation:
An IDS monitors network traffic for suspicious activity and issues alerts when such activity is discovered.
Incorrect! Try again.
12How does an Intrusion Prevention System (IPS) differ mainly from an IDS?
A.IPS only logs data
B.IPS cannot detect viruses
C.IPS is slower
D.IPS takes active action to stop the threat
Correct Answer: IPS takes active action to stop the threat
Explanation:
Unlike an IDS which primarily alerts, an IPS sits inline with traffic and can actively block or drop malicious packets.
Incorrect! Try again.
13Which type of IDS detection method relies on a database of known attack patterns?
A.Anomaly-based detection
B.Signature-based detection
C.Heuristic detection
D.Behavior-based detection
Correct Answer: Signature-based detection
Explanation:
Signature-based detection compares network traffic against a database of known threat signatures.
Incorrect! Try again.
14What is a 'False Positive' in the context of IDS/IPS?
A.A successful virus removal
B.A malicious attack that is missed
C.A legitimate activity flagged as malicious
D.A system crash
Correct Answer: A legitimate activity flagged as malicious
Explanation:
A False Positive occurs when the system incorrectly identifies benign traffic or behavior as a threat.
Incorrect! Try again.
15What does WAF stand for in web security?
A.Wireless Access Firewall
B.Wide Area Firewall
C.Web Application Firewall
D.Windows Authentication File
Correct Answer: Web Application Firewall
Explanation:
WAF stands for Web Application Firewall, designed to protect web applications by filtering and monitoring HTTP traffic.
Incorrect! Try again.
16At which layer of the OSI model does a Web Application Firewall (WAF) primarily operate?
A.Layer 7 (Application)
B.Layer 3 (Network)
C.Layer 4 (Transport)
D.Layer 2 (Data Link)
Correct Answer: Layer 7 (Application)
Explanation:
WAFs operate at Layer 7 to inspect the content of web traffic (HTTP/HTTPS) and block application-specific attacks.
Incorrect! Try again.
17Which attack involves injecting malicious SQL queries into input fields to manipulate a database?
A.Cross-Site Scripting (XSS)
B.CSRF
C.SQL Injection
D.Buffer Overflow
Correct Answer: SQL Injection
Explanation:
SQL Injection (SQLi) allows attackers to interfere with the queries an application makes to its database.
Incorrect! Try again.
18What type of web attack involves injecting malicious scripts into trusted websites viewed by other users?
A.SQL Injection
B.Brute Force
C.Directory Traversal
D.Cross-Site Scripting (XSS)
Correct Answer: Cross-Site Scripting (XSS)
Explanation:
XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.
Incorrect! Try again.
19Which attack forces an end user to execute unwanted actions on a web application in which they are currently authenticated?
A.Packet Sniffing
B.Man-in-the-Middle
C.Cross-Site Request Forgery (CSRF)
D.SQL Injection
Correct Answer: Cross-Site Request Forgery (CSRF)
Explanation:
CSRF tricks the victim into submitting a malicious request used to perform actions on their behalf without their knowledge.
Incorrect! Try again.
20What is a 'Directory Traversal' attack?
A.Injecting SQL commands
B.Accessing restricted directories and files by manipulating file paths
C.Stealing cookies
D.Overloading the server with requests
Correct Answer: Accessing restricted directories and files by manipulating file paths
Explanation:
Directory Traversal (or Path Traversal) aims to access files and directories that are stored outside the web root folder (e.g., using ../../).
Incorrect! Try again.
21In Email Forensics, what is the role of an MTA (Mail Transfer Agent)?
A.To route and transfer emails between servers
B.To display emails to the user
C.To attach files
D.To read emails
Correct Answer: To route and transfer emails between servers
Explanation:
The MTA involves the software on the server responsible for transferring emails from one computer to another.
Incorrect! Try again.
22What is the standard port number for SMTP traffic?
A.80
B.25
C.443
D.21
Correct Answer: 25
Explanation:
Port 25 is the default standard port for Simple Mail Transfer Protocol (SMTP).
Incorrect! Try again.
23Which component of an IDS is responsible for collecting data from the network?
A.Analyzer
B.Console
C.Sensor
D.Database
Correct Answer: Sensor
Explanation:
Sensors are placed at key points in the network to collect traffic data for analysis by the IDS.
Incorrect! Try again.
24What is the main disadvantage of Anomaly-based IDS?
A.It is only for wireless networks
B.It requires virus signatures
C.It has a high rate of false positives
D.It cannot detect new attacks
Correct Answer: It has a high rate of false positives
Explanation:
Because anomaly-based systems define 'normal' behavior, any deviation (even legitimate new behavior) can trigger a false positive.
Incorrect! Try again.
25Which web attack aims to make a machine or network resource unavailable to its intended users?
A.Privilege Escalation
B.Phishing
C.DoS (Denial of Service)
D.SQL Injection
Correct Answer: DoS (Denial of Service)
Explanation:
A DoS attack seeks to shut down a machine or network, making it inaccessible to its intended users.
Incorrect! Try again.
26What does a 'Logic Bomb' generally refer to in cyber crime?
A.Malicious code set to execute when specific conditions are met
B.A type of firewall
C.A physical explosive
D.A failed hacking attempt
Correct Answer: Malicious code set to execute when specific conditions are met
Explanation:
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Incorrect! Try again.
27Which of the following is a tool often used for network intrusion detection?
A.Excel
B.Snort
C.Word
D.Photoshop
Correct Answer: Snort
Explanation:
Snort is a popular open-source network intrusion prevention system and intrusion detection system.
Incorrect! Try again.
28In the context of the Dark Web, what is an 'Exit Node'?
A.The server where traffic leaves the Tor network to reach the open internet
B.A firewall rule
C.An offline server
D.The first server you connect to
Correct Answer: The server where traffic leaves the Tor network to reach the open internet
Explanation:
The exit node is the final relay in a Tor circuit where the traffic is decrypted and sent to the final destination on the public internet.
Incorrect! Try again.
29What is the first step in an email crime investigation?
A.Deleting the spam
B.Seizing the suspect's computer
C.Arresting the suspect
D.Acquiring and preserving the email evidence
Correct Answer: Acquiring and preserving the email evidence
Explanation:
The immediate priority is to secure the evidence (the email and its headers) in a forensically sound manner to prevent alteration.
Incorrect! Try again.
30Which email protocol leaves the original email on the server by default?
A.POP3
B.FTP
C.HTTP
D.IMAP
Correct Answer: IMAP
Explanation:
IMAP synchronizes with the server, leaving the original message on the server, whereas POP3 often downloads and deletes it.
Incorrect! Try again.
31What is 'Session Hijacking'?
A.Taking over a user's active web session by stealing the session ID
B.Breaking a password
C.Phishing for credit cards
D.Stealing a laptop
Correct Answer: Taking over a user's active web session by stealing the session ID
Explanation:
Session hijacking involves exploiting a valid computer session to gain unauthorized access to information or services.
Incorrect! Try again.
32Which of the following is a passive security device?
A.Proxy Server
B.Firewall
C.IDS
D.IPS
Correct Answer: IDS
Explanation:
An IDS is typically passive; it monitors and alerts but does not sit inline to block traffic automatically like a Firewall or IPS.
Incorrect! Try again.
33In a SQL injection attack, what does the input ' OR '1'='1 typically achieve?
A.It deletes the database
B.It evaluates to True, bypassing authentication
C.It shuts down the server
D.It encrypts the data
Correct Answer: It evaluates to True, bypassing authentication
Explanation:
This is a tautology (a statement that is always true) used to trick the database into returning all records or bypassing login checks.
Incorrect! Try again.
34Which type of XSS attack stores the malicious script permanently on the target server (e.g., in a forum post)?
A.Reflected XSS
B.Local XSS
C.Stored (Persistent) XSS
D.DOM-based XSS
Correct Answer: Stored (Persistent) XSS
Explanation:
Stored XSS occurs when the malicious script is saved on the server (e.g., in a database) and served to users who access that content.
Incorrect! Try again.
35What is the purpose of 'DKIM' in email security?
A.To block spam
B.To archive emails
C.To encrypt the email body
D.To verify that an email message was not forged or altered
Correct Answer: To verify that an email message was not forged or altered
Explanation:
DomainKeys Identified Mail (DKIM) provides an encryption key and digital signature that verifies that an email message was not forged or altered.
Incorrect! Try again.
36A 'Zero-day' attack refers to:
A.An attack that takes zero seconds
B.An attack exploiting a vulnerability unknown to the software vendor
C.An attack that happens at midnight
D.An attack on a closed network
Correct Answer: An attack exploiting a vulnerability unknown to the software vendor
Explanation:
A Zero-day exploit targets a vulnerability that the developers are unaware of and have had 'zero days' to fix.
Incorrect! Try again.
37Which part of the email header is easiest to spoof?
A.From address
B.Received-By IP
C.Message-ID
D.DKIM Signature
Correct Answer: From address
Explanation:
The 'From' field is easily manipulated by the sender's mail client, unlike the 'Received' headers added by intermediate servers.
Incorrect! Try again.
38What does a Host-based IDS (HIDS) monitor?
A.Traffic at the ISP level
B.Traffic on the entire subnet
C.Activity and logs on a specific individual device
D.Wireless signals only
Correct Answer: Activity and logs on a specific individual device
Explanation:
HIDS operates on a specific host or device, monitoring system logs, file modifications, and local activity.
Incorrect! Try again.
39What is 'Bitcoin's' primary role in the Dark Web?
A.It is the hosting provider
B.It is a common method for anonymous payment
C.It is the software used to browse
D.It acts as a firewall
Correct Answer: It is a common method for anonymous payment
Explanation:
Cryptocurrencies like Bitcoin are used on the Dark Web to facilitate pseudo-anonymous transactions for illegal goods and services.
Incorrect! Try again.
40Which attack involves an attacker intercepting communication between two parties?
A.Logic Bomb
B.Phishing
C.DDoS
D.Man-in-the-Middle (MITM)
Correct Answer: Man-in-the-Middle (MITM)
Explanation:
MITM attacks involve an attacker secretly relaying and possibly altering the communications between two parties who believe they are communicating directly.
Incorrect! Try again.
41What is 'Business Email Compromise' (BEC)?
A.A scam compromising legitimate business email accounts to conduct unauthorized transfers
B.A virus that deletes emails
C.Email server maintenance
D.Spam advertising
Correct Answer: A scam compromising legitimate business email accounts to conduct unauthorized transfers
Explanation:
BEC is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that perform wire transfer payments.
Incorrect! Try again.
42The 'Deep Web' includes:
A.Google search results
B.Anything not indexed by search engines (e.g., medical records, academic databases)
C.Only social media
D.Only illegal content
Correct Answer: Anything not indexed by search engines (e.g., medical records, academic databases)
Explanation:
The Deep Web refers to parts of the World Wide Web whose contents are not indexed by standard web search-engines, including legitimate databases and private networks.
Incorrect! Try again.
43Which mechanism in a WAF allows only pre-approved traffic and blocks everything else?
A.Whitelisting
B.Greylisting
C.Blacklisting
D.Redlisting
Correct Answer: Whitelisting
Explanation:
Whitelisting (positive security model) denies all traffic by default and only allows specific, known-good traffic.
Incorrect! Try again.
44In web attacks, what is a 'Brute Force' attack?
A.Guessing passwords by trying every possible combination
B.Sending a virus via email
C.Injecting SQL code
D.Physically breaking the server
Correct Answer: Guessing passwords by trying every possible combination
Explanation:
Brute force attacks involve an automated system attempting every possible combination of characters to discover a password.
Incorrect! Try again.
45What distinguishes a Distributed Denial of Service (DDoS) from a standard DoS?
A.DDoS is slower
B.DDoS targets emails only
C.DDoS uses multiple compromised systems (botnet) to attack
D.DDoS uses a single attacker machine
Correct Answer: DDoS uses multiple compromised systems (botnet) to attack
Explanation:
DDoS utilizes a network of compromised machines (bots) to flood the target, making it harder to block than a single-source DoS.
Incorrect! Try again.
46Which file on a web server determines which parts of the site crawlers are permitted to access?
A.config.php
B.index.html
C.style.css
D.robots.txt
Correct Answer: robots.txt
Explanation:
robots.txt is a standard used by websites to communicate with web crawlers and other web robots about which areas of the website should not be processed or scanned.
Incorrect! Try again.
47What is the primary utility of 'Packet Sniffing' in forensics?
A.To clean viruses
B.To encrypt hard drives
C.To edit files remotely
D.To capture and analyze data traffic moving across a network
Correct Answer: To capture and analyze data traffic moving across a network
Explanation:
Packet sniffing involves intercepting and logging traffic that passes over a digital network, useful for analyzing attacks or evidence.
Incorrect! Try again.
48In email forensics, 'MUA' stands for:
A.Mail Upload Agent
B.Mail Unified Access
C.Master User Authorization
D.Mail User Agent
Correct Answer: Mail User Agent
Explanation:
MUA (Mail User Agent) is the email client software (like Outlook or Thunderbird) used by the user to compose and read emails.
Incorrect! Try again.
49Which vulnerability allows an attacker to include a file, usually exploiting a 'dynamic file inclusion' mechanism implemented in the target application?
A.Dictionary Attack
B.Local File Inclusion (LFI)
C.Brute Force
D.Syn Flood
Correct Answer: Local File Inclusion (LFI)
Explanation:
LFI allows an attacker to include files on a server through the web browser, potentially leading to information disclosure or code execution.
Incorrect! Try again.
50The 'Silk Road' was a famous marketplace located on:
A.Facebook
B.The Surface Web
C.A private LAN
D.The Dark Web
Correct Answer: The Dark Web
Explanation:
Silk Road was a notorious online black market on the Dark Web, operated via Tor, known for selling illegal drugs.