70 most important Information and cyber security (ICS) multiple choice questions. These ICS mcq questions are meant for online exams of various universities. The below cyber security mcq questions can also be asked for interviews. We are planning to provide you ics mcq pdf along with the other study material.
Information and Cyber Security multiple choice questions (mcq)
Q.1. What is the full form of LDAP?
A : Light Weight Directory Access Provider
B : Light Weight Directory Access Protocol
C : Light Weight Directory Access Program
D : Light Weight Directory Access Protection
Light Weight Directory Access Protocol
Q.3. What is the full form of CIA under information security?
A : Confidentiality Integrity Availability
B : Criminal Investigation Agency
C : Cost Information Agency
D : Credit Integrity Assement
Confidentiality Integrity Availability
Q.4. What is called periodic assessment of security vulnerability in computer system?
A : Threat
B : Attack
C : Hacking
D : Security audit
Security audit
Q.5. What is called a single point of access for several networking services?
A : Phishing
B : Web service
C : Directory service
D : Worms
Directory service
Q.6. Which activities endanger the sovereignty and integrity of nation?
A : Cyber Terrorism
B : Cyber vandalism
C : Cyber squatting
D : Carding
Cyber Terrorism
Q.8. Which method go through all the files or network elements with an intention to detect something unusual?
A : Probing
B : Phishing
C : Infecting
D : Scanning
Scanning
Q.9. Victims of cyber attack might loose _______.
A : data
B : money
C : both a & b
D : none of them
both a & b
Q.10. Under information security, any device having _______is classified as a computing device.
A : processor
B : memory
C : both a & b
D : neither a nor b
both a & b
Q.
A : Worms
B : Phishing attacks
C : Trojans
D : Computer Viruses
Worms
Q.13. Attacking the victims through fake URL resembling that of a valid financial Institution is called_____ .
A : Worms
B : Phishing attack
C : Trojans
D : Computer Viruses
Phishing attack
Q.14. Getting the user ID and password from a victim through dubious program is called_____attack.
A : Worms
B : Phishing attack
C : Trojan
D : Computer Viruses
Trojan
Q.15. A malicious program spreading through Internet and storage media and attacking the data in victims computer is called_______.
A : Worms
B : Phishing attack
C : Trojan
D : Computer Virus
Computer Virus
Q.16. Potential weaknesses in IT infrastructure through which a cyber attack might occur is called __.
A : strength
B : antivirus
C : vulnerability
D : port
vulnerability
Q.17. Vulnerability for cyber attack may be in______.
A : operating system
B : application software
C : IT infrastructure
D : all of them
all of them
Q.18. To protect the network infrastructure from vulnerability, _____ is setup.
A : firewall
B : Internet security software
C : both a & b
D : none of them
both a & b
Q.19. The person using vulnerability in operating system or application software or IT infrastructure to intrude in to the computer of a victim is called ______ .
A : hacker
B : cracker
C : maker
D : taker
hacker
Q.20. Periodic assessment of security vulnerability in computer systems is called _______audit.
A : threat
B : attack
C : hacking
D : security
security
Q.21. The security audit team______ to keep the computers safe from cyber attacks.
A : assesses vulnerability
B : decides the safety measures through hardware and software
C : considers latest threat scenario and implements information safety
D : all of them
all of them
Q.22. To ensure information safety, ________should be implemented.
A : physical access security
B : password access security
C : secure IT infrastructure
D : all of them
all of them
Q.23. A single point of access for several networking services is called _____.
A : Directory Service
B : web server
C : email server
D : none of them
Directory Service
Q.24. Directory service permits security administrators to ______.
A : concentrate on security of directory service instead of individual machines
B : create new vulnerabilities
C : damage the security of computers
D : create new virus
concentrate on security of directory service instead of individual machines
Q.25. Directory service should be able to _______in the infrastructure.
A : include new services
B : esaily search for information in the network
C : the information stored on the directory server should be accessible from any operating system
D : all of them
all of them
Q.27. Protecting access to a computer through________ is called access control.
A : physical restriction of entry
B : password security for login
C : both a & b
D : none of them
both a & b
Q.28. Security should be implemented at the stage of ______in software.
A : development stage
B : entire life cycle
C : Sofware Development Life Cycle (SDLC)
D : all of them
all of them
Q.29. SDLC in software development stands for _____.
A : Software Development Life Circus
B : Software Development Life Cycle
C : Software Drafting Life Cycle
D : Software Development Lead Cycle
Software Development Life Cycle
Q.30. Protection from______ of source code means non-disclosure of the source code to outsiders.
A : disclosure
B : alteration
C : destruction
D : log of changes (whois making request)
disclosure
Q.31. Protection from ______of source code means alloting the right to edit the source code to authorized persons only.
A : disclosure
B : alteration
C : destruction
D : log of changes (whois making request)
alteration
Q.32. Protection from _______of source code means protection of any individual from destroying the software source code.
A : disclosure
B : alteration
C : destruction
D : log of changes (whois making request)
destruction
Q.33. Protection from ________of source code means recording all changes made to the source code and the person making such changes.
A : disclosure
B : alteration
C : destruction
D : log of changes (who is making request)
D : log of changes (who is making request)
Q.32. _______of access rights in source code development means verification of role before permitting access to source code.
A : verification
B : maintaining historical records
C : error handling
D : log of changes (whois making request)
verification
Q.34. _____in source code development means handling of configuration errors, session errors and exceptions.
A : verification
B : maintaining historical records
C : error handling
D : log of changes (whois making request)
error handling
Q.35. Protecting the data divulged by customers from unauthorized access is called____.
A : privacy protection
B : audit
C : antinvirus
D : vulnerability
privacy protection
Q.36. Information on criminal records of individuals, financial data of companies, genetic information, address, mobile number, email ID, record of web surfing behaviour, record of credit card, record of debit card, netbanking details, etc. are classified under ______.
A : privacy protection
B : audit
C : antinvirus
D : vulnerability
privacy protection
Q.37. Information security audit may be conducted with reference to _____ .
A : vulnerabilities
B : threats
C : preventive measures
D : all of them
all of them
Q.38. Information security audit analyses events of past threats to formulate _____.
A : security measures
B : safe practices
C : software protection
D : all of them
all of them
Q.39. Any single employee ______hold all data needed for making a complete financial transaction.
A : should not
B : should
C : may
D : might
should not
Q.40. IT audit of the firm should be conducted periodically, which may be every______ .
A : fortnight
B : month
C : quarter
D : all of them
all of them
Q.41. IT act aims to_______ .
A : protect victims of cyber fraud
B : punish misbehious involving technology
C : both a & b
D : none of them
both a & b
Q.64. _____ can keep unwanted ads to show up?
A : Adware
B : Hardware
C : Malware
D : Spyware
Adware
Q.65. There are broadly how many categories of IT risks?
A : 3
B : 5
C : 2
D : 7
Q.66. ______ servers provides a central storeroom for storing and managing information?
A : Clint
B : Directory
C : Post
D : Group
Directory
Q.67. ______ generally refers to a system that can control, monitor and restrict the movement of people, assets or vehicles, in, out and around a building or site?
A : Access control
B : Security Guard
C : Form Denial
D : None
Access control
Q.68. Which chapter of the IT awareness Act talks about electronic governance?
A : 4
B : 3
C : 2
D : 1
3
Q.69. Chapter 7 of the IT awareness act deals with?
A : E- Commerce
B : Electronic Governance
C : Digital Signature
D : None
Digital Signature
Q.70. Which chapter of the IT awareness act talks about penalities and adjudication?
A : 5
B : 7
C : 11
D : 9
9
Q.71. The IT awareness act addresses which of the following issues?
A : Legal recognition of electronic documents
B : Legal Recognition of digital signatures
C : Offenses and contraventions
D : All of the above
All of the above
Q.72. Why would a hacker use a proxy server?
A : To create a stronger connection with the target
B : To create a ghost server on the network.
C : To obtain a remote access connection.
D : To hide malicious activity on the network.
To hide malicious activity on the network.
Q.73. What type of symmetric key algorithm using a streaming cipher to encrypt information?
A : RC4
B : Blowfish
C : SHA
D : MD5
RC4
Q.74. Which of the following is not a factor in securing the environment against an attack on security?
A : The education of the attacker
B : The system configuration
C : The network architecture
D : The business strategy of the company
The business strategy of the company
Q.75. What type of attack uses a fraudulent server with a relay address?
A : NTLM
B : MITM
C : NetBIOS
D : SMB
MITM
Q.76. To hide information inside a picture, what technology is used?
A : Rootkits
B : Bitmapping
C : Steganography
D : Image Rendering
Steganography
Q.77. Which phase of hacking performs actual attack on a network or system?
A : Reconnaissance
B : Maintaining Access
C : Scanning
D : Gaining Access
Gaining Access
Q.79. Which federal code applies the consequences of hacking activities that disrupt subway transit system?
A : Electronic Communications Interception of Oral Communications
B : 18 U.S.C $ 1029
C : Cyber security Enhancement Act 2002
D : 18 U.S.C. $ 1030
Cyber security Enhancement Act 2002
Q.80. Which ports should be blocked to prevent null session enumeration?
A : Port 120 and 445
B : Port 135 and 136
C : Port 110 and 137
D : Port 135 and 139
Port 135 and 139
Q.81.The first phase of hacking an IT system is compromise of which foundation of security?
A : Availability
B : Confidentiality
C : Integrity
D : Authentication
Confidentiality
Q.82. How is IP address spoofing detected?
A : Installing and configuring a IDS that can read the IP header
B : Comparing the TTL value of the actual and spoofed addresses
C : Implementing a firewall to the network
D : Identify all TCP sessions that are initiated but does not complete successfully
Comparing the TTL value of the actual and spoofed addresses
Q.83. Which of the following is not a typical characteristic of an ethical hacker?
A : Excellent knowledge of windows.
B : Understands the process of exploiting network vulnerabilities.
C : patience, persistence and perseverance.
D : Has the highest level of security for the organization.
Has the highest level of security for the organization.
Q.84. What type of rootkit will patch, hook, or replace the version of system call in order to hide information?
A : Library level rootkits
B : Kernel level rootkits
C : System level rootkits
D : Application level rootkits
Library level rootkits
Q.85. What is the purpose of a Denial service attack?
A : Exploit a weakness in the TCP/IP stack
B : To execute a Trojan on a system
C : To overload a system so it is no longer operational
D : To shutdown services by turning them off
To overload a system so it is no longer operational
Q.86. Which of the following will allow footprinting to be conducted without detection?
A : PingSweep
B : Traceroute
C : War Dialers
D : ARIN
ARIN
Q.87. Performing hacking activities with the intent of gaining visibility for an unfair situation is called_______.
A : Cracking
B : Analysis
C : Hacktivism
D : Exploitation
Hacktivism
Q.88. What is the most important activity in system hacking?
A : Information gathering
B : Cracking passwords
C : Escalating privileges
D : Covering tracks
Cracking passwords
Q.90. Why would HTTP Tunneling be used?
A : To identify proxy servers
B : Web activity is not scanned
C : To bypass a firewall
D : HTTP is a easy protocol to work with
To bypass a firewall
Q.91. Keyloggers are a form of _______.
A : Spyware
B : Shoulder surfing
C : Trojan
D : Social engineering
Spyware
Q.94. Having individuals provide personal information to obtain a free offer provided through the internet is considered what type of social engineering?
A : Web-based
B : Human-base
C : User-based
D : Computer-based
Computer-based
Q.95. _____framework made cracking of vulnerabilities easy like point and click.
A : .Net
B : Metasploit
C : Zeus
D : Ettercap
Metasploit
Q.96. _____ is a popular tool used for discovering networks as well as in security auditing.
A : Ettercap
B : Metasploit
C : Nmap
D : Burp Suit
Nmap
Q.97. Which of the below mentioned tool is used for Wi-Fi hacking?
A : Wireshark
B : Nessus
C : Aircrack-ng
D : Snort
Aircrack-ng
Q.98. Aircrac-ng is used for ______
A : Firewall bypassing
B : Wi-Fi attacks
C : Packet filtering
D : System password cracking
Wi-Fi attacks
Q.99. ______ is a web application assessment security tool.
A : LC4
B : Weblnspect
C : Ettercap
D : QualysGuard
Weblnspect
Q.100. _____ is a password recovery and auditing tool.
A : LC3
B : LC4
C : Network Stumbler
D : Maltego
PGP