Computer Security - Practice MCQs for CCAT

Correct Answer: B - Malicious software

A computer virus is malicious software that can replicate and spread to other computers.

Correct Answer: C - Protect from unauthorized access

A firewall monitors and controls network traffic to protect from unauthorized access.

Correct Answer: A - Fraudulent attempt to obtain sensitive data

Phishing is a fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity.

Correct Answer: B - Protect data

Encryption converts data into a coded form to protect it from unauthorized access.

Correct Answer: D - Malware disguised as legitimate software

A Trojan horse is malware that disguises itself as legitimate software to trick users.

Correct Answer: A - Secretly collect user information

Spyware secretly monitors and collects user information without consent.

Correct Answer: C - Mix of letters, numbers, symbols

A strong password contains a mix of uppercase, lowercase, numbers, and special symbols.

Correct Answer: A - Two different verification methods

Two-factor authentication requires two different methods to verify identity.

Correct Answer: C - Malicious software

Malware is short for malicious software - any software designed to harm.

Correct Answer: C - Secure web communication

SSL (Secure Sockets Layer) provides secure encrypted communication over the internet.

Correct Answer: D - Overwhelming a server with traffic

DDoS (Distributed Denial of Service) floods a server with traffic to make it unavailable.

Correct Answer: A - Malware that encrypts files and demands payment

Ransomware encrypts user files and demands payment for the decryption key.

Correct Answer: D - Manipulating people to reveal confidential information

Social engineering manipulates people into revealing confidential information.

Correct Answer: B - Software that records keystrokes

A keylogger secretly records keyboard inputs to capture passwords and sensitive data.

Correct Answer: B - Using physical characteristics for verification

Biometric authentication uses physical characteristics like fingerprint or retina for verification.

Correct Answer: C - Virtual Private Network

VPN stands for Virtual Private Network, providing secure internet connections.

Correct Answer: A - Unknown vulnerability exploited before patch

Zero-day vulnerability is a security flaw exploited before developers can create a patch.

Correct Answer: B - 443

HTTPS uses port 443 by default for secure web communication.

Correct Answer: C - Malware that hides its presence and provides unauthorized access

A rootkit is malware designed to hide its presence while providing unauthorized access.

Correct Answer: A - Verifying authenticity and integrity

Digital signatures verify the authenticity and integrity of digital documents.

Correct Answer: A - Confidentiality, Integrity, Availability

CIA stands for Confidentiality, Integrity, and Availability — the three fundamental principles of information security.

Correct Answer: C - Worm

A worm is a self-replicating malware that spreads across networks without needing a host program or user action.

Correct Answer: C - Filter incoming and outgoing network traffic

A firewall monitors and filters network traffic based on predefined security rules to protect the network.

Correct Answer: A - Symmetric encryption

Symmetric encryption uses a single shared key for both encrypting and decrypting data.

Correct Answer: D - A fraudulent attempt to obtain sensitive information by disguising as a trusted entity

Phishing is a social engineering attack where attackers impersonate trusted entities to steal sensitive data.

Correct Answer: B - Password and OTP sent to phone

Two-factor authentication requires two different types of verification: something you know (password) and something you have (phone for OTP).

Correct Answer: D - Authentication, integrity, and non-repudiation

A digital signature verifies the sender's identity (authentication), ensures data hasn't been altered (integrity), and prevents denial of sending (non-repudiation).

Correct Answer: A - Denial of Service (DoS)

A Denial of Service (DoS) attack overwhelms a server with excessive traffic, making it unavailable to legitimate users.

Correct Answer: B - Malware disguised as legitimate software

A Trojan Horse is malware that disguises itself as legitimate software to trick users into installing it.

Correct Answer: D - SSL/TLS

SSL/TLS (Secure Sockets Layer / Transport Layer Security) encrypts data transmitted over the internet.

Correct Answer: C - Create a secure encrypted connection over a public network

A VPN (Virtual Private Network) creates an encrypted tunnel over a public network to secure data transmission.

Correct Answer: B - It encrypts files and demands payment for decryption

Ransomware encrypts the victim's files and demands a ransom payment in exchange for the decryption key.

Correct Answer: B - Data has not been altered or tampered with

Integrity ensures that data remains accurate, complete, and unaltered by unauthorized modifications.

Correct Answer: D - RSA

RSA is an asymmetric encryption algorithm that uses a public key for encryption and a private key for decryption.

Correct Answer: D - Guessing passwords by trying all possible combinations

A brute force attack systematically tries every possible combination of characters to crack a password.

Correct Answer: D - Encryption

Encryption converts plaintext data into ciphertext, making it unreadable without the decryption key.

Correct Answer: B - Monitor network for suspicious activity

An IDS monitors network traffic and system activities for signs of malicious behavior or policy violations.

Correct Answer: C - Keylogger

A keylogger records keystrokes to capture passwords, credit card numbers, and other sensitive data.

Correct Answer: D - Data encryption during transmission

HTTPS encrypts data during transmission using SSL/TLS, which plain HTTP does not provide.

Correct Answer: A - Intercepting and altering communication between two parties

In a man-in-the-middle attack, the attacker secretly intercepts and potentially alters communication between two parties.

Correct Answer: A - Verifying data integrity by creating a fixed-length digest

Hashing generates a fixed-length digest (hash value) from data, used to verify that data has not been modified.

Correct Answer: C - SHA-256

SHA-256 (Secure Hash Algorithm 256-bit) is a widely used hashing algorithm for verifying data integrity.

Correct Answer: B - Manipulating people to reveal confidential information

Social engineering manipulates people through psychological tactics to gain unauthorized access or information.

Correct Answer: A - Authentication verifies identity, authorization determines access permissions

Authentication verifies who a user is, while authorization determines what that authenticated user is allowed to do.

Correct Answer: B - AES

AES (Advanced Encryption Standard) is a symmetric encryption algorithm using the same key for encryption and decryption.

Correct Answer: C - A vulnerability unknown to the software vendor with no available fix

A zero-day vulnerability is a previously unknown flaw that attackers can exploit before a patch is available.

Correct Answer: D - Issues digital certificates to verify identities

A Certificate Authority issues digital certificates that authenticate the identity of websites and organizations.

Correct Answer: A - Deep Packet Inspection Firewall

A Deep Packet Inspection (DPI) firewall examines the full content of packets, not just headers, for threats.

Correct Answer: D - Attract and trap attackers to study their methods

A honeypot is a decoy system designed to attract attackers, allowing security teams to study attack methods.

Correct Answer: B - Firmware

Firmware is software stored in hardware for device control — it is not a type of malware.