What is the purpose of the Metasploit Framework? A. To scan for viruses B. To execute and develop exploits C. To design web applications D. To improve network speed

B. To execute and develop exploits Explanation: The Metasploit Framework provides tools for testing and deploying exploits against known vulnerabilities to assess security risks.

Which Metasploit component helps manage exploits and payloads? A. Metasploit Express B. Metasploit Pro C. msfconsole D. Wireshark

C. msfconsole Explanation: The msfconsole is the primary interface for Metasploit, allowing users to manage exploits, payloads, and modules efficiently.

5. What is a payload in Metasploit? A. A type of firewall B. Malicious code executed after exploitation C. A security patch D. An encryption key

B. Malicious code executed after exploitation Explanation: A payload is the code that runs after successfully exploiting a vulnerability, often used to gain access or manipulate a system.

What does a reverse shell payload do? A. Prevents unauthorized access B. Grants attacker control over the compromised system C. Optimizes system performance D. Encrypts files

B. Grants attacker control over the compromised system Explanation: A reverse shell connects the compromised machine back to the attacker, allowing remote control of the system.

What is the function of the Metasploit module "exploit"? A. To scan networks B. To test vulnerabilities by executing an attack C. To create passwords D. To block malicious traffic

B. To test vulnerabilities by executing an attack Explanation: Exploit modules in Metasploit contain code that targets specific vulnerabilities to demonstrate their impact.

Which of the following is an example of a technical control? A. Security awareness training B. Incident response planning C. Firewall protection D. Employee background checks

C. Firewall protection Explanation: Technical controls use technology (such as firewalls and encryption) to protect systems against cyber threats.

Which of the following is NOT considered an administrative control? A. Password complexity policies B. Access control lists C. Employee cybersecurity training D. Risk assessment procedures

B. Access control lists Explanation: Access control lists (ACLs) are a technical control used to manage user permissions on systems.

Which of the following is an example of an administrative control for cybersecurity? A. Implementing multi-factor authentication B. Conducting regular security audits C. Using intrusion detection systems D. Deploying antivirus software

B. Conducting regular security audits Explanation: Security audits ensure compliance with policies and help identify risks—an administrative measure rather than a technical one.

How do technical controls differ from administrative controls? A. Technical controls involve policies, while administrative controls involve software B. Administrative controls use technology, while technical controls rely on employee training C. Administrative controls set security policies, while technical controls enforce them through security tools D. Technical controls and administrative controls serve the same function

C. Administrative controls set security policies, while technical controls enforce them through security tools Explanation: Administrative controls create the security framework, while technical controls implement protections through technology.

Which administrative control helps reduce insider threats? A. Conducting background checks for employees B. Using data encryption software C. Deploying intrusion detection systems D. Restricting access using firewalls

A. Conducting background checks for employees Explanation: Background checks ensure employees are trustworthy, reducing risks associated with insider threats.

What is a buffer overflow attack? A. An attack that encrypts all system files B. A method to fill memory beyond its limit, causing unexpected behavior C. A technique used for network optimization D. A way to prevent unauthorized access

B. A method to fill memory beyond its limit, causing unexpected behavior Explanation: Buffer overflow occurs when an application writes more data to a memory buffer than it was allocated, leading to system crashes or potential code execution by attackers.

What is a polymorphic virus? A. A virus that spreads only through email attachments B. A virus that changes its code to evade detection C. A type of virus that encrypts hard drives D. A virus designed for ethical hacking

B. A virus that changes its code to evade detection Explanation: Polymorphic viruses modify their code structure while maintaining functionality, making it harder for antivirus programs to detect them.

How do antivirus programs counter polymorphic viruses? A. By blocking internet access B. By using heuristic analysis and behavior-based detection C. By scanning only executable files D. By limiting system RAM usage

B. By using heuristic analysis and behavior-based detection Explanation: Since polymorphic viruses change their signature, antivirus software uses behavior-based detection techniques to identify suspicious activity.

What is the purpose of a backdoor in cybersecurity? A. To enhance encryption security B. To secretly bypass authentication and system defenses C. To improve firewall strength D. To prevent phishing attacks

B. To secretly bypass authentication and system defenses Explanation: Attackers use backdoors to gain unauthorized access to systems while avoiding detection.

Which of the following is an example of a backdoor vulnerability? A. Weak passwords stored in plaintext B. Unpatched software exploits allowing remote access C. Multi-factor authentication D. Use of a VPN for secure browsing

B. Unpatched software exploits allowing remote access Explanation: Backdoors are often created when attackers exploit unpatched vulnerabilities, enabling unauthorized system access.

What is a zero-day attack? A. An attack launched only on weekends B. An exploit targeting undiscovered vulnerabilities before they are patched C. A harmless network scan D. A security patch that fixes malware issues

B. An exploit targeting undiscovered vulnerabilities before they are patched Explanation: Zero-day attacks exploit vulnerabilities that are unknown to developers, leaving systems defenseless until a fix is available.

How can organizations mitigate zero-day vulnerabilities? A. By ignoring security updates B. By applying software patches promptly and using threat detection tools C. By disabling firewalls D. By limiting internet access

B. By applying software patches promptly and using threat detection tools Explanation: Regular patching and behavior-based anomaly detection can reduce exposure to zero-day attacks.

What is Cross-Site Scripting (XSS)? A. A technique that encrypts network traffic B. An attack where malicious scripts are injected into web applications C. A method for compressing website data D. A harmless browser feature

B. An attack where malicious scripts are injected into web applications Explanation: XSS allows attackers to inject scripts into websites, enabling them to steal user credentials or modify site content.

Which security measure helps prevent XSS attacks? A. Using input validation and sanitization B. Disabling firewalls C. Allowing unrestricted script execution D. Removing all cookies

A. Using input validation and sanitization Explanation: Proper validation ensures user-inputted data cannot contain malicious scripts.

What is a Man-in-the-Browser attack? A. An attack that targets website graphics B. A method where malware alters web transactions in real time C. A browser add-on for encryption D. A secure way to browse the internet

B. A method where malware alters web transactions in real time Explanation: This attack involves modifying online transactions before they are sent to a website’s server.

How can users prevent Man-in-the-Browser attacks? A. By using anti-malware tools and ensuring secure transactions B. By disabling browser encryption C. By installing random browser extensions D. By using unsecured public Wi-Fi

A. By using anti-malware tools and ensuring secure transactions Explanation: Antivirus software and secure browsing practices help prevent these types of attacks.

What is social engineering? A. A technique to manipulate individuals into revealing confidential information B. A way to boost website rankings C. A type of network encryption D. A harmless software update

A. A technique to manipulate individuals into revealing confidential information Explanation: Social engineering exploits human psychology to trick people into compromising security.

What does a keylogger do? A. Encrypts user files B. Records keystrokes to capture sensitive information C. Speeds up computer performance D. Prevents cyber attacks

B. Records keystrokes to capture sensitive information Explanation: Keyloggers secretly log keyboard inputs to steal passwords, credit card details, and other sensitive data.

What is a logic bomb in cybersecurity? A. A firewall system B. Malicious code that triggers an attack when specific conditions are met C. A harmless security update D. A way to block phishing attempts

B. Malicious code that triggers an attack when specific conditions are met Explanation: Logic bombs lie dormant in a system until a predefined event (such as a date or action) activates them.

Which of the following can indicate the presence of a logic bomb? A. Unusual system behavior after a specific event B. Faster network speeds C. Increased storage capacity D. Improved performance

A. Unusual system behavior after a specific event Explanation: Logic bombs execute malicious actions once certain conditions are met.

What is the primary function of routing in networking? A. Encrypting network traffic B. Directing data packets between networks efficiently C. Blocking unauthorized users D. Scanning for vulnerabilities

B. Directing data packets between networks efficiently Explanation: Routing ensures data travels from source to destination using the most optimal path.

What is the purpose of a honeynet in cybersecurity? A. A real-world network designed for business operations B. A deceptive network used to attract and study attackers C. A firewall feature that prevents malware infections D. A secure way to transmit encrypted data

B. A deceptive network used to attract and study attackers Explanation: Honeynets mimic real systems, allowing security experts to analyze attack techniques.

What is a DMZ (Demilitarized Zone) in networking security? A. A safe zone where network traffic is ignored B. A segment of a network that hosts external-facing services while protecting the internal network C. A hidden network only accessible by administrators D. A type of encrypted VPN tunnel

B. A segment of a network that hosts external-facing services while protecting the internal network Explanation: A DMZ ensures that externally accessible systems (such as web servers) are isolated from an organization’s internal network.

What is the primary function of Network Address Translation (NAT)? A. Encrypting data between two endpoints B. Converting private IP addresses to public C. IP addresses for internet access Filtering malicious traffic D. Reducing bandwidth usage

B. Converting private IP addresses to public IP addresses for internet access Explanation: NAT allows devices in a private network to communicate with external networks using a shared public IP.

What security benefit does a Virtual Private Network (VPN) provide? A. Increases network speed B. Hides IP addresses and encrypts data transmissions C. Blocks all incoming traffic D. Creates honeypots for attackers

B. Hides IP addresses and encrypts data transmissions Explanation: VPNs ensure secure and private internet communication by encrypting data.

What is IPsec commonly used for? A. Securing IP-based network traffic through encryption and authentication B. Monitoring network traffic for intrusions C. Detecting malware D. Blocking phishing emails

A. Securing IP-based network traffic through encryption and authentication Explanation: IPsec provides encrypted communication between network devices.

How does an air-gap network enhance security? A. By physically isolating a network from internet connectivity B. By enhancing encryption protocols C. By speeding up data transfers D. By limiting user access

A. By physically isolating a network from internet connectivity Explanation: Air-gapped networks minimize cybersecurity risks by disconnecting from external networks.

What advantage does a Virtual LAN (VLAN) provide? A. Logical segmentation of networks without requiring separate physical infrastructure B. Faster internet speeds C. Automated malware scanning D. Real-time attack detection

A. Logical segmentation of networks without requiring separate physical infrastructure Explanation: VLANs enhance network organization and security by segmenting traffic logically.

What is tunneling in networking? A. A secure method of transmitting data across an unsecured network B. A way to block malicious websites C. A form of malware protection D. A method for encrypting stored passwords

A. A secure method of transmitting data across an unsecured network Explanation: Tunneling encapsulates data to ensure security during transmission.

What does DNSSEC protect against? A. Unauthorized modifications to DNS records B. DDoS attacks C. Malware infections D. Unauthorized file access

A. Unauthorized modifications to DNS records Explanation: DNSSEC secures DNS responses through cryptographic authentication.

What is network sniffing? A. Capturing and analyzing network traffic B. Blocking incoming connections C. Encrypting all transmitted data D. Speeding up communication between devices

A. Capturing and analyzing network traffic Explanation: Sniffing tools help monitor and analyze network activity but can be used for both security and malicious purposes.

What port is used by HTTP? A. 443 B. 80 C. 53 D. 22

B. 80 Explanation: HTTP operates on port 80 for standard web traffic.

Which port is used by HTTPS? A. 80 B. 443 C. 53 D. 25

B. 443 Explanation: HTTPS uses encryption for secure web browsing and operates on port 443.

What port is used for Secure Shell (SSH)? A. 21 B. 22 C. 80 D. 3389

B. 22 Explanation: SSH operates on port 22 for secure remote access.

Which port is commonly used by DNS? A. 53 B. 25 C. 110 D. 143

A. 53 Explanation: DNS queries and responses typically use port 53.

What protocol uses port 3389? A. RDP B. SMTP C. Telnet D. SNMP

A. RDP Explanation: Remote Desktop Protocol (RDP) enables remote control of computers over port 3389.

Which port does FTP use? A. 20 & 21 B. 80 C. 25 D. 143

A. 20 & 21 Explanation: FTP uses ports 20 (for data transfer) and 21 (for control commands).

What port is associated with SMTP? A. 25 B. 143 C. 110 D. 53

A. 25 Explanation: Simple Mail Transfer Protocol (SMTP) uses port 25 for email communication.

Which port does LDAP operate on? A. 389 B. 636 C. 53 D. 110

A. 389 Explanation: LDAP directory services use port 389, while LDAPS (secure LDAP) operates on port 636.

NETWORK SECURITY

Flashcard

•

Computers

•

University

•

Practice Problem

•

Medium

Carmelita Benito

Used 3+ times

FREE Resource

Student preview

70 questions

Show all answers

FLASHCARD QUESTION

Front

Which of the following contributes to an expanded attack surface?

A. Strong password policies
B. Increased number of connected IoT devices
C. Regular system updates
D. Use of air-gapped networks

Back

B. Increased number of connected IoT devices
Explanation: Each IoT device represents a potential entry point for attackers, increasing the overall attack surface.

FLASHCARD QUESTION

Front

What is the most common security risk associated with IoT devices?

A. Lack of internet access
B. Limited battery life
C. Weak authentication mechanisms
D. High power consumption

Back

C. Weak authentication mechanisms

Explanation: Many IoT devices use default or weak passwords, making them easy targets for unauthorized access.

FLASHCARD QUESTION

Front

Which attack type specifically targets IoT devices?

A. Man-in-the-Middle attack
B. SQL Injection
C. Brute Force attack
D. Botnet attacks

Back

D. Botnet attacks
Explanation: IoT devices are often hijacked by botnets to launch large-scale cyberattacks such as DDoS attacks.

FLASHCARD QUESTION

Front

What is a "zero trust" approach in cybersecurity?

A. Trusting all users by default
B. Relying on firewall protection alone
C. Enforcing strict verification for all access requests
D. Allowing unrestricted internal communication

Back

C. Enforcing strict verification for all access requests
Explanation: The zero trust model assumes that no entity should be automatically trusted, requiring strict authentication and authorization at all levels.

FLASHCARD QUESTION

Front

Which protocol is used to secure website communication?

A. HTTP
B. FTP
C. HTTPS
D. SMTP

Back

C. HTTPS
Explanation: HTTPS encrypts data transmitted between the website and users, preventing interception by malicious actors.

FLASHCARD QUESTION

Front

Which of the following is an essential practice for maintaining site security?

A. Using outdated software
B. Ignoring security patches
C. Regularly updating plugins and software
D. Allowing unrestricted access to admin accounts

Back

C. Regularly updating plugins and software
Explanation: Updates patch vulnerabilities that could be exploited by attackers.

FLASHCARD QUESTION

Front

What is a "honeypot" in cybersecurity?

A. A type of sweet-based attack
B. A decoy system designed to lure hackers
C. A tool for encrypting passwords
D. A method to increase website rankings

Back

B. A decoy system designed to lure hackers
Explanation: Honeypots mimic vulnerable systems to detect and analyze cyberattack tactics without risking actual assets.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

54 questions

Network Components and Protocols

Flashcard

•

11th Grade

80 questions

Reading 6

Flashcard

•

82 questions

Abordaje de la Problemática Suicida - Actividad M3

Flashcard

•

University

48 questions

Đề cương Địa cho em San

Flashcard

•

11th Grade

45 questions

VNU_B1_2_Holidays and travel

Flashcard

•

University

49 questions

Keywords and definitions

Flashcard

•

10th Grade

45 questions

Ôn Tập Kiểm Tra Giữa Kỳ I TIN

Flashcard

•

11th Grade

64 questions

DAY 01

Flashcard

•

Popular Resources on Wayground

5 questions

This is not a...winter edition (Drawing game)

Quiz

•

1st - 5th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Identify Iconic Christmas Movie Scenes

Interactive video

•

6th - 10th Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

11 questions

How well do you know your Christmas Characters?

Lesson

•

3rd Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

20 questions

How the Grinch Stole Christmas

Quiz

•

5th Grade

Discover more resources for Computers

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

20 questions

christmas songs

Quiz

•

KG - University

20 questions

Holiday Trivia

Quiz

•

9th Grade - University

15 questions

Holiday Movies

Quiz

•

University

14 questions

Christmas Trivia

Quiz

•

3rd Grade - University

20 questions

Christmas Trivia

Quiz

•

University

8 questions

5th, Unit 4, Lesson 8

Lesson

•

KG - Professional Dev...

20 questions

Disney Trivia

Quiz

•

University