1Which part of the internet is not indexed by standard search engines and requires specific software, configurations, or authorization to access?
A.Deep Web
B.Surface Web
C.Transparent Web
D.Dark Web
Correct Answer: Dark Web
Explanation:
The Dark Web is a subset of the Deep Web that is intentionally hidden and requires specific software like Tor or I2P to access.
Incorrect! Try again.
2What is the primary routing mechanism used by the Tor network to maintain user anonymity?
A.Tomato Routing
B.Packet Switching
C.Garlic Routing
D.Onion Routing
Correct Answer: Onion Routing
Explanation:
Tor uses Onion Routing, where data is encapsulated in layers of encryption, peeled off one by one by relay nodes.
Incorrect! Try again.
3Which Top-Level Domain (TLD) is specifically associated with sites hosted on the Tor network?
A..com
B..exe
C..onion
D..tor
Correct Answer: .onion
Explanation:
The .onion TLD denotes an anonymous hidden service reachable via the Tor network.
Incorrect! Try again.
4In the context of email basics, what does SMTP stand for?
A.Secure Mail Transmission Protocol
B.Standard Mail Text Protocol
C.Simple Mail Transfer Protocol
D.System Mail Transfer Protocol
Correct Answer: Simple Mail Transfer Protocol
Explanation:
SMTP (Simple Mail Transfer Protocol) is the standard protocol for sending emails across the Internet.
Incorrect! Try again.
5Which protocol is primarily used by email clients to retrieve messages from a mail server?
A.FTP
B.SNMP
C.IMAP
D.SMTP
Correct Answer: IMAP
Explanation:
IMAP (Internet Message Access Protocol) is used to retrieve emails from a server, allowing management of emails directly on the server.
Incorrect! Try again.
6What is the most critical section of an email for forensic analysis when tracing the origin of a message?
A.The Email Body
B.The Email Header
C.The Signature Block
D.The Subject Line
Correct Answer: The Email Header
Explanation:
The Email Header contains routing information, IP addresses of sending servers, and timestamps essential for tracing the origin.
Incorrect! Try again.
7Which specific field in an email header usually reveals the IP address of the sender?
A.Received
B.From
C.To
D.Return-Path
Correct Answer: Received
Explanation:
The 'Received' fields trace the path of the email from sender to recipient, often containing the originating IP address.
Incorrect! Try again.
8What is the term for an email attack where the sender manipulates the address to make it appear as if it came from a trusted source?
A.Email Spoofing
B.Email Spiking
C.Email Bombing
D.Email Sniffing
Correct Answer: Email Spoofing
Explanation:
Email spoofing involves altering the email header to make the message appear to come from a legitimate or known source.
Incorrect! Try again.
9In a phishing investigation, what is 'Typosquatting'?
A.Encrypting the email body
B.Deleting email logs
C.Using all caps in the subject line
D.Registering a domain name extremely similar to a legitimate one
Correct Answer: Registering a domain name extremely similar to a legitimate one
Explanation:
Typosquatting relies on mistakes such as typos made by internet users when inputting a website address into a web browser.
Incorrect! Try again.
10Which type of phishing attack specifically targets high-profile executives like CEOs or CFOs?
A.Smishing
B.Vishing
C.Whaling
D.Spear Phishing
Correct Answer: Whaling
Explanation:
Whaling is a specific form of spear phishing aimed at high-value targets, often to steal sensitive data or initiate fraudulent wire transfers.
Incorrect! Try again.
11What is the primary function of an Intrusion Detection System (IDS)?
A.To encrypt network data
B.To block all network traffic
C.To act as a web server
D.To monitor network traffic for suspicious activity
Correct Answer: To monitor network traffic for suspicious activity
Explanation:
An IDS monitors network traffic for suspicious activity and issues alerts when such activity is discovered.
Incorrect! Try again.
12How does an Intrusion Prevention System (IPS) differ mainly from an IDS?
A.IPS takes active action to stop the threat
B.IPS only logs data
C.IPS is slower
D.IPS cannot detect viruses
Correct Answer: IPS takes active action to stop the threat
Explanation:
Unlike an IDS which primarily alerts, an IPS sits inline with traffic and can actively block or drop malicious packets.
Incorrect! Try again.
13Which type of IDS detection method relies on a database of known attack patterns?
A.Signature-based detection
B.Heuristic detection
C.Behavior-based detection
D.Anomaly-based detection
Correct Answer: Signature-based detection
Explanation:
Signature-based detection compares network traffic against a database of known threat signatures.
Incorrect! Try again.
14What is a 'False Positive' in the context of IDS/IPS?
A.A system crash
B.A legitimate activity flagged as malicious
C.A malicious attack that is missed
D.A successful virus removal
Correct Answer: A legitimate activity flagged as malicious
Explanation:
A False Positive occurs when the system incorrectly identifies benign traffic or behavior as a threat.
Incorrect! Try again.
15What does WAF stand for in web security?
A.Web Application Firewall
B.Wireless Access Firewall
C.Windows Authentication File
D.Wide Area Firewall
Correct Answer: Web Application Firewall
Explanation:
WAF stands for Web Application Firewall, designed to protect web applications by filtering and monitoring HTTP traffic.
Incorrect! Try again.
16At which layer of the OSI model does a Web Application Firewall (WAF) primarily operate?
A.Layer 2 (Data Link)
B.Layer 7 (Application)
C.Layer 4 (Transport)
D.Layer 3 (Network)
Correct Answer: Layer 7 (Application)
Explanation:
WAFs operate at Layer 7 to inspect the content of web traffic (HTTP/HTTPS) and block application-specific attacks.
Incorrect! Try again.
17Which attack involves injecting malicious SQL queries into input fields to manipulate a database?
A.Cross-Site Scripting (XSS)
B.SQL Injection
C.CSRF
D.Buffer Overflow
Correct Answer: SQL Injection
Explanation:
SQL Injection (SQLi) allows attackers to interfere with the queries an application makes to its database.
Incorrect! Try again.
18What type of web attack involves injecting malicious scripts into trusted websites viewed by other users?
A.SQL Injection
B.Brute Force
C.Directory Traversal
D.Cross-Site Scripting (XSS)
Correct Answer: Cross-Site Scripting (XSS)
Explanation:
XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.
Incorrect! Try again.
19Which attack forces an end user to execute unwanted actions on a web application in which they are currently authenticated?
A.SQL Injection
B.Packet Sniffing
C.Man-in-the-Middle
D.Cross-Site Request Forgery (CSRF)
Correct Answer: Cross-Site Request Forgery (CSRF)
Explanation:
CSRF tricks the victim into submitting a malicious request used to perform actions on their behalf without their knowledge.
Incorrect! Try again.
20What is a 'Directory Traversal' attack?
A.Overloading the server with requests
B.Stealing cookies
C.Accessing restricted directories and files by manipulating file paths
D.Injecting SQL commands
Correct Answer: Accessing restricted directories and files by manipulating file paths
Explanation:
Directory Traversal (or Path Traversal) aims to access files and directories that are stored outside the web root folder (e.g., using ../../).
Incorrect! Try again.
21In Email Forensics, what is the role of an MTA (Mail Transfer Agent)?
A.To route and transfer emails between servers
B.To attach files
C.To display emails to the user
D.To read emails
Correct Answer: To route and transfer emails between servers
Explanation:
The MTA involves the software on the server responsible for transferring emails from one computer to another.
Incorrect! Try again.
22What is the standard port number for SMTP traffic?
A.21
B.443
C.80
D.25
Correct Answer: 25
Explanation:
Port 25 is the default standard port for Simple Mail Transfer Protocol (SMTP).
Incorrect! Try again.
23Which component of an IDS is responsible for collecting data from the network?
A.Database
B.Console
C.Sensor
D.Analyzer
Correct Answer: Sensor
Explanation:
Sensors are placed at key points in the network to collect traffic data for analysis by the IDS.
Incorrect! Try again.
24What is the main disadvantage of Anomaly-based IDS?
A.It cannot detect new attacks
B.It is only for wireless networks
C.It has a high rate of false positives
D.It requires virus signatures
Correct Answer: It has a high rate of false positives
Explanation:
Because anomaly-based systems define 'normal' behavior, any deviation (even legitimate new behavior) can trigger a false positive.
Incorrect! Try again.
25Which web attack aims to make a machine or network resource unavailable to its intended users?
A.SQL Injection
B.DoS (Denial of Service)
C.Privilege Escalation
D.Phishing
Correct Answer: DoS (Denial of Service)
Explanation:
A DoS attack seeks to shut down a machine or network, making it inaccessible to its intended users.
Incorrect! Try again.
26What does a 'Logic Bomb' generally refer to in cyber crime?
A.Malicious code set to execute when specific conditions are met
B.A type of firewall
C.A failed hacking attempt
D.A physical explosive
Correct Answer: Malicious code set to execute when specific conditions are met
Explanation:
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Incorrect! Try again.
27Which of the following is a tool often used for network intrusion detection?
A.Word
B.Photoshop
C.Excel
D.Snort
Correct Answer: Snort
Explanation:
Snort is a popular open-source network intrusion prevention system and intrusion detection system.
Incorrect! Try again.
28In the context of the Dark Web, what is an 'Exit Node'?
A.The server where traffic leaves the Tor network to reach the open internet
B.An offline server
C.The first server you connect to
D.A firewall rule
Correct Answer: The server where traffic leaves the Tor network to reach the open internet
Explanation:
The exit node is the final relay in a Tor circuit where the traffic is decrypted and sent to the final destination on the public internet.
Incorrect! Try again.
29What is the first step in an email crime investigation?
A.Acquiring and preserving the email evidence
B.Seizing the suspect's computer
C.Arresting the suspect
D.Deleting the spam
Correct Answer: Acquiring and preserving the email evidence
Explanation:
The immediate priority is to secure the evidence (the email and its headers) in a forensically sound manner to prevent alteration.
Incorrect! Try again.
30Which email protocol leaves the original email on the server by default?
A.POP3
B.HTTP
C.IMAP
D.FTP
Correct Answer: IMAP
Explanation:
IMAP synchronizes with the server, leaving the original message on the server, whereas POP3 often downloads and deletes it.
Incorrect! Try again.
31What is 'Session Hijacking'?
A.Breaking a password
B.Taking over a user's active web session by stealing the session ID
C.Stealing a laptop
D.Phishing for credit cards
Correct Answer: Taking over a user's active web session by stealing the session ID
Explanation:
Session hijacking involves exploiting a valid computer session to gain unauthorized access to information or services.
Incorrect! Try again.
32Which of the following is a passive security device?
A.Proxy Server
B.IPS
C.Firewall
D.IDS
Correct Answer: IDS
Explanation:
An IDS is typically passive; it monitors and alerts but does not sit inline to block traffic automatically like a Firewall or IPS.
Incorrect! Try again.
33In a SQL injection attack, what does the input ' OR '1'='1 typically achieve?
A.It deletes the database
B.It shuts down the server
C.It evaluates to True, bypassing authentication
D.It encrypts the data
Correct Answer: It evaluates to True, bypassing authentication
Explanation:
This is a tautology (a statement that is always true) used to trick the database into returning all records or bypassing login checks.
Incorrect! Try again.
34Which type of XSS attack stores the malicious script permanently on the target server (e.g., in a forum post)?
A.Reflected XSS
B.Stored (Persistent) XSS
C.DOM-based XSS
D.Local XSS
Correct Answer: Stored (Persistent) XSS
Explanation:
Stored XSS occurs when the malicious script is saved on the server (e.g., in a database) and served to users who access that content.
Incorrect! Try again.
35What is the purpose of 'DKIM' in email security?
A.To archive emails
B.To verify that an email message was not forged or altered
C.To block spam
D.To encrypt the email body
Correct Answer: To verify that an email message was not forged or altered
Explanation:
DomainKeys Identified Mail (DKIM) provides an encryption key and digital signature that verifies that an email message was not forged or altered.
Incorrect! Try again.
36A 'Zero-day' attack refers to:
A.An attack that takes zero seconds
B.An attack exploiting a vulnerability unknown to the software vendor
C.An attack on a closed network
D.An attack that happens at midnight
Correct Answer: An attack exploiting a vulnerability unknown to the software vendor
Explanation:
A Zero-day exploit targets a vulnerability that the developers are unaware of and have had 'zero days' to fix.
Incorrect! Try again.
37Which part of the email header is easiest to spoof?
A.From address
B.Received-By IP
C.Message-ID
D.DKIM Signature
Correct Answer: From address
Explanation:
The 'From' field is easily manipulated by the sender's mail client, unlike the 'Received' headers added by intermediate servers.
Incorrect! Try again.
38What does a Host-based IDS (HIDS) monitor?
A.Activity and logs on a specific individual device
B.Wireless signals only
C.Traffic on the entire subnet
D.Traffic at the ISP level
Correct Answer: Activity and logs on a specific individual device
Explanation:
HIDS operates on a specific host or device, monitoring system logs, file modifications, and local activity.
Incorrect! Try again.
39What is 'Bitcoin's' primary role in the Dark Web?
A.It is a common method for anonymous payment
B.It is the software used to browse
C.It is the hosting provider
D.It acts as a firewall
Correct Answer: It is a common method for anonymous payment
Explanation:
Cryptocurrencies like Bitcoin are used on the Dark Web to facilitate pseudo-anonymous transactions for illegal goods and services.
Incorrect! Try again.
40Which attack involves an attacker intercepting communication between two parties?
A.DDoS
B.Man-in-the-Middle (MITM)
C.Phishing
D.Logic Bomb
Correct Answer: Man-in-the-Middle (MITM)
Explanation:
MITM attacks involve an attacker secretly relaying and possibly altering the communications between two parties who believe they are communicating directly.
Incorrect! Try again.
41What is 'Business Email Compromise' (BEC)?
A.A virus that deletes emails
B.Spam advertising
C.Email server maintenance
D.A scam compromising legitimate business email accounts to conduct unauthorized transfers
Correct Answer: A scam compromising legitimate business email accounts to conduct unauthorized transfers
Explanation:
BEC is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that perform wire transfer payments.
Incorrect! Try again.
42The 'Deep Web' includes:
A.Google search results
B.Only social media
C.Anything not indexed by search engines (e.g., medical records, academic databases)
D.Only illegal content
Correct Answer: Anything not indexed by search engines (e.g., medical records, academic databases)
Explanation:
The Deep Web refers to parts of the World Wide Web whose contents are not indexed by standard web search-engines, including legitimate databases and private networks.
Incorrect! Try again.
43Which mechanism in a WAF allows only pre-approved traffic and blocks everything else?
A.Blacklisting
B.Greylisting
C.Whitelisting
D.Redlisting
Correct Answer: Whitelisting
Explanation:
Whitelisting (positive security model) denies all traffic by default and only allows specific, known-good traffic.
Incorrect! Try again.
44In web attacks, what is a 'Brute Force' attack?
A.Guessing passwords by trying every possible combination
B.Physically breaking the server
C.Injecting SQL code
D.Sending a virus via email
Correct Answer: Guessing passwords by trying every possible combination
Explanation:
Brute force attacks involve an automated system attempting every possible combination of characters to discover a password.
Incorrect! Try again.
45What distinguishes a Distributed Denial of Service (DDoS) from a standard DoS?
A.DDoS is slower
B.DDoS uses multiple compromised systems (botnet) to attack
C.DDoS targets emails only
D.DDoS uses a single attacker machine
Correct Answer: DDoS uses multiple compromised systems (botnet) to attack
Explanation:
DDoS utilizes a network of compromised machines (bots) to flood the target, making it harder to block than a single-source DoS.
Incorrect! Try again.
46Which file on a web server determines which parts of the site crawlers are permitted to access?
A.robots.txt
B.style.css
C.config.php
D.index.html
Correct Answer: robots.txt
Explanation:
robots.txt is a standard used by websites to communicate with web crawlers and other web robots about which areas of the website should not be processed or scanned.
Incorrect! Try again.
47What is the primary utility of 'Packet Sniffing' in forensics?
A.To encrypt hard drives
B.To clean viruses
C.To edit files remotely
D.To capture and analyze data traffic moving across a network
Correct Answer: To capture and analyze data traffic moving across a network
Explanation:
Packet sniffing involves intercepting and logging traffic that passes over a digital network, useful for analyzing attacks or evidence.
Incorrect! Try again.
48In email forensics, 'MUA' stands for:
A.Mail User Agent
B.Mail Unified Access
C.Master User Authorization
D.Mail Upload Agent
Correct Answer: Mail User Agent
Explanation:
MUA (Mail User Agent) is the email client software (like Outlook or Thunderbird) used by the user to compose and read emails.
Incorrect! Try again.
49Which vulnerability allows an attacker to include a file, usually exploiting a 'dynamic file inclusion' mechanism implemented in the target application?
A.Syn Flood
B.Brute Force
C.Dictionary Attack
D.Local File Inclusion (LFI)
Correct Answer: Local File Inclusion (LFI)
Explanation:
LFI allows an attacker to include files on a server through the web browser, potentially leading to information disclosure or code execution.
Incorrect! Try again.
50The 'Silk Road' was a famous marketplace located on:
A.A private LAN
B.The Dark Web
C.Facebook
D.The Surface Web
Correct Answer: The Dark Web
Explanation:
Silk Road was a notorious online black market on the Dark Web, operated via Tor, known for selling illegal drugs.