Question 1

Which of the following is not a commonly used security framework?

Accepted Answer

NIST Cybersecurity Framework

Answer

ISO 27001

Answer

COBIT

Answer

CIS Controls

Question 2

What does the CIA triad stand for in information security?

Accepted Answer

Confidentiality, Integrity, Availability

Answer

Compliance, Integrity, Authentication

Answer

Confidentiality, Integrity, Accountability

Answer

Confidentiality, Identity, Accessibility

Question 3

Which type of malware is specifically designed to replicate itself and spread to other devices?

Accepted Answer

Virus

Answer

Trojan horse

Answer

Ransomware

Answer

Spyware

Question 4

What is the primary purpose of a firewall in network security?

Accepted Answer

To control incoming and outgoing network traffic

Answer

To encrypt sensitive data

Answer

To create backup copies of data

Answer

To detect and remove malware

Question 5

Which of the following describes a Denial of Service (DoS) attack?

Accepted Answer

An attempt to disrupt the normal functioning of a targeted server, service, or network

Answer

A tool for improving network performance

Answer

A way to increase data access speed

Answer

A method to steal personal information

Question 6

What is the role of an Intrusion Detection System (IDS) in cybersecurity?

Accepted Answer

To monitor network traffic for suspicious activities

Answer

To create backups of system data

Answer

To encrypt sensitive data during transmission

Answer

To prevent unauthorized access to a network

Question 7

What is the main purpose of implementing multi-factor authentication (MFA)?

Accepted Answer

To enhance security by requiring multiple forms of verification

Answer

To simplify the login process

Answer

To reduce the need for passwords

Answer

To allow unlimited access to all users

Question 8

Which of the following best describes 'phishing' in the context of cybersecurity?

Accepted Answer

A fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity

Answer

A method of encrypting data

Answer

A type of malware that stores sensitive information

Answer

A technique to speed up network traffic

Question 9

What is the primary function of a Digital Certificate in cybersecurity?

Accepted Answer

To verify the identity of a party in electronic transactions

Answer

To create strong passwords

Answer

To enhance the speed of web browsing

Answer

To compress data for faster transmission

Question 10

Which protocol is commonly used to secure communications over the internet?

Accepted Answer

HTTPS

Answer

SMTP

Answer

FTP

Answer

HTTP

Question 11

Which of the following is a primary goal of information security?

Accepted Answer

Confidentiality

Answer

Integrity

Answer

Non-repudiation

Answer

Availability

Question 12

What does the acronym 'VPN' stand for in the context of security?

Accepted Answer

Virtual Private Network

Answer

Virtual Protected Network

Answer

Variable Private Network

Answer

Visual Public Network

Question 13

Which of the following is an example of a phishing attack?

Accepted Answer

An email that appears to be from a bank asking for personal information

Answer

A software update notification

Answer

A password reset request from a trusted website

Answer

A pop-up ad for antivirus software

Question 14

What is the purpose of a firewall in network security?

Accepted Answer

To monitor and control incoming and outgoing network traffic

Answer

To block all internet access

Answer

To encrypt data transmitted over the internet

Answer

To optimize network performance

Question 15

What is the main purpose of antivirus software?

Accepted Answer

To detect and remove malicious software

Answer

To create backups of data

Answer

To manage network traffic

Answer

To speed up computer performance

Question 16

What is multi-factor authentication (MFA)?

Accepted Answer

A security mechanism that requires two or more verification methods

Answer

A method of encrypting data

Answer

A single password for all accounts

Answer

An automated software update process

Question 17

What does the principle of least privilege entail?

Accepted Answer

Users should have only the access necessary to perform their job functions

Answer

Everyone should have full access to all resources

Answer

Users should change their passwords every month

Answer

Access rights should be granted based on seniority

Question 18

What is the primary function of an intrusion detection system (IDS)?

Accepted Answer

To monitor network traffic for suspicious activity and policy violations

Answer

To manage firewall settings

Answer

To block unauthorized access to a network

Answer

To encrypt sensitive data

Question 19

What is a common method used to secure wireless networks?

Accepted Answer

WPA2 encryption

Answer

Open network access

Answer

Unchanged router password

Answer

Default SSID

Question 20

Which of the following is a common form of malware that encrypts files and demands a ransom for the decryption key?

Accepted Answer

Ransomware

Answer

Adware

Answer

Trojan horse

Answer

Spyware

Question 21

What is the primary purpose of Nmap?

Accepted Answer

Network discovery and security auditing

Answer

File sharing service

Answer

Web hosting platform

Answer

Database management system

Question 22

Which Nmap option is used to perform a TCP connect scan?

Accepted Answer

-sT

Answer

-sS

Answer

-sU

Answer

-sP

Question 23

What does the Nmap option '-p' specify?

Accepted Answer

Ports to scan

Answer

IP addresses to skip

Answer

Scan speed

Answer

Network protocols to use

Question 24

What type of scanning does the '-sS' option in Nmap perform?

Accepted Answer

SYN scan

Answer

Null scan

Answer

ACK scan

Answer

FIN scan

Question 25

Which command in Nmap can be used for OS detection?

Accepted Answer

-O

Answer

-sP

Answer

-A

Answer

-sV

Question 26

What does the Nmap option '-A' accomplish?

Accepted Answer

Enables OS detection, version detection, script scanning, and traceroute

Answer

Limits the scan to a specific number of ports

Answer

Logs output to a file

Answer

Disables host discovery

Question 27

In Nmap, what is the purpose of the '-T' option?

Accepted Answer

To control the timing template of the scan

Answer

To set the output format

Answer

To include specific scripts during the scan

Answer

To specify the target IP address

Question 28

What is the function of the Nmap script engine?

Accepted Answer

To allow users to write and run scripts for customized scanning

Answer

To monitor network traffic

Answer

To create firewall rules

Answer

To manage network configurations

Question 29

What does the Nmap option '-sP' (now known as '-sn') do?

Accepted Answer

Performs a ping scan to determine live hosts

Answer

Scans for vulnerabilities

Answer

Conducts a full TCP scan

Answer

Detects service versions

Question 30

What output format does the '-oN' option in Nmap provide?

Accepted Answer

Normal output format

Answer

JSON output format

Answer

XML output format

Answer

Grepable output format

Question 31

What is the primary purpose of the Setoolkit tool?

Accepted Answer

Social engineering attacks

Answer

Malware analysis

Answer

Network scanning

Answer

Web application testing

Question 32

Which command is often used to start the Setoolkit tool?

Accepted Answer

setoolkit

Answer

launch-setoolkit

Answer

run-setoolkit

Answer

start-setoolkit

Question 33

In which of the following scenarios would Setoolkit NOT be appropriately used?

Accepted Answer

Obtaining unauthorized access to a system

Answer

Performing penetration testing with permission

Answer

Conducting a security awareness training

Answer

Simulating a social engineering attack for evaluation

Question 34

Which of the following is NOT a feature of Setoolkit?

Accepted Answer

Malware reverse engineering

Answer

USB-based attacks

Answer

Phishing attacks

Answer

Website attacks

Question 35

Which type of attack simulates the act of someone impersonating a legitimate service provider to gather sensitive information using Setoolkit?

Accepted Answer

Spear phishing attacks

Answer

Brute force attacks

Answer

Man-in-the-middle attacks

Answer

Cross-site scripting

Question 36

What type of social engineering attack can be tested with Setoolkit's 'Web Jacking' feature?

Accepted Answer

Fake website creation

Answer

Network sniffing

Answer

Denial of service

Answer

Password cracking

Question 37

What is the primary goal of a phishing attack?

Accepted Answer

To steal sensitive information from individuals

Answer

To promote a product or service

Answer

To enhance network security

Answer

To increase website traffic

Question 38

Which method is commonly used in phishing attacks to lure victims?

Accepted Answer

Impersonating a trusted organization

Answer

Providing a secure login page

Answer

Blocking user access altogether

Answer

Using complex encryption algorithms

Question 39

What is a common sign that an email might be a phishing attempt?

Accepted Answer

Unusual sender email address

Answer

Personalized greetings

Answer

Correct spelling and grammar

Answer

Professional design

Question 40

What is a common tactic used in phishing scams to create urgency?

Accepted Answer

Threatening account suspension

Answer

Providing helpful tips

Answer

Requesting feedback

Answer

Offering discounts

Question 41

What type of phishing involves fake websites designed to look like legitimate ones?

Accepted Answer

Website phishing

Answer

Email phishing

Answer

Voice phishing

Answer

SMS phishing

Question 42

What is spear phishing?

Accepted Answer

A targeted phishing attack directed at a specific individual or organization

Answer

A generalized phishing attempt sent to many people

Answer

Phishing through social media only

Answer

Phishing that involves physical letters

Question 43

Which of the following is a common characteristic of phishing websites?

Accepted Answer

They often have URLs that slightly misspell the legitimate site

Answer

They are designed by professional developers

Answer

They always have a secure HTTPS connection

Answer

They often provide clear contact information

Question 44

What role does social engineering play in phishing?

Accepted Answer

It manipulates individuals into providing confidential information

Answer

It decreases phishing attempts

Answer

It focuses on improving network security

Answer

It enhances email encryption standards

Question 45

What is the primary purpose of the NIST Cybersecurity Framework (CSF)?

Accepted Answer

To provide a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks.

Answer

To establish a mandatory cybersecurity policy for all organizations.

Answer

To serve as a marketing tool for cybersecurity companies.

Answer

To focus solely on government cybersecurity standards.

Question 46

What does the 'Identify' function of the NIST Cybersecurity Framework focus on?

Accepted Answer

Understanding the organization's risk management context and resources.

Answer

Detecting cyber threats.

Answer

Recovering from incidents.

Answer

Implementing security controls.

Question 47

What is the significance of the 'Recover' function in the NIST Cybersecurity Framework?

Accepted Answer

It focuses on restoring services and capabilities after a cybersecurity incident.

Answer

It is about identifying potential threats before they occur.

Answer

It outlines the development of security policies.

Answer

It emphasizes real-time monitoring of network traffic.

Question 48

How often should organizations review and update their implementation of the NIST Cybersecurity Framework?

Accepted Answer

Regularly, to adapt to changing threats and vulnerabilities.

Answer

Only when a data breach occurs.

Answer

At the discretion of IT staff.

Answer

Once every five years.

Question 49

What is the main goal of using the 'Protect' function in the NIST Cybersecurity Framework?

Accepted Answer

To develop safeguards to ensure delivery of critical infrastructure services.

Answer

To recover from previous security breaches.

Answer

To analyze past cyber incidents.

Answer

To detect ongoing cyber threats.

Question 50

Which of the following best describes a 'Risk Assessment' in the NIST Cybersecurity Framework?

Accepted Answer

A process to identify and evaluate risks to organizational operations and assets.

Answer

A list of best practices for cybersecurity tools.

Answer

A strategy for responding to known threats.

Answer

A mandatory audit conducted every year.

Question 51

What is emphasized in the 'Detect' function of the NIST Cybersecurity Framework?

Accepted Answer

The ability to identify the occurrence of a cybersecurity event in a timely manner.

Answer

Implementing physical security measures.

Answer

Recovering lost data after a security breach.

Answer

Creating backup copies of important data.

Question 52

What is one of the primary benefits of adopting the NIST Cybersecurity Framework for organizations?

Accepted Answer

It provides a flexible approach to managing cybersecurity risks that can be tailored to any organization's needs.

Answer

It offers a one-size-fits-all solution for all cybersecurity challenges.

Answer

It requires organizations to comply with strict government regulations.

Answer

It eliminates the need for any other security measures.

Question 53

What does OSINT stand for in the context of intelligence gathering?

Accepted Answer

Open Source Intelligence

Answer

Online System Integration Tracking

Answer

Open Security Information Network

Answer

Operational Security Intelligence

Question 54

Which of the following sources is typically NOT considered an OSINT source?

Accepted Answer

Classified government documents

Answer

News articles

Answer

Public social media profiles

Answer

Government websites

Question 55

Which of the following best describes the primary purpose of OSINT?

Accepted Answer

To gather and analyze publicly available information for decision-making

Answer

To conduct covert surveillance

Answer

To infiltrate organizations for intelligence

Answer

To collect classified military data

Question 56

What is a common challenge faced when conducting OSINT?

Accepted Answer

Information overload

Answer

High costs of data access

Answer

Privacy violations

Answer

Lack of available data

Question 57

Which of the following techniques is often employed in OSINT to extract information from websites?

Accepted Answer

Web scraping

Answer

Network sniffing

Answer

Social engineering

Answer

Packet crafting

Question 58

Which of the following is a well-known OSINT tool for domain analysis?

Accepted Answer

Whois Lookup

Answer

Nmap

Answer

Burp Suite

Answer

Metasploit

Question 59

Which of the following skills is essential for effectively conducting OSINT investigations?

Accepted Answer

Critical thinking

Answer

Programming in C++

Answer

Network configuration

Answer

Physical surveillance

Question 60

Which of the following is considered a preventive security control?

Accepted Answer

Firewalls

Answer

Incident Response Plans

Answer

Security Audits

Answer

Intrusion Detection Systems

Question 61

What is the main purpose of implementing security policies in an organization?

Accepted Answer

Guiding employee behavior

Answer

Increasing network speed

Answer

Maximizing social media presence

Answer

Reducing hardware costs

Question 62

What type of control is a security awareness training program?

Accepted Answer

Administrative Control

Answer

Physical Control

Answer

Detective Control

Answer

Technical Control

Question 63

Which of the following is a characteristic of a detective control?

Accepted Answer

Monitors and alerts on security incidents

Answer

Provides recovery after an incident

Answer

Prevents unauthorized access

Answer

Establishes security policies

Question 64

Which of the following is an example of a technical security control?

Accepted Answer

Encryption

Answer

Incident response plan

Answer

Background checks

Answer

Security training

Related quizzes

Related quizzes