Question#1
Which of the following best describes a botnet used in DDoS attacks?
a) A group of users monitoring online activity
b) An encrypted tunnel between client and server
c) A set of firewall rules blocking all external traffic
d) A network of compromised internet-connected devices controlled remotely by an attacker ✅ - Answer

Question#2
What is the main function of the decryption algorithm in the symmetric cipher model?
a) It produces ciphertext from plaintext using a key
b) It hashes the message for integrity checking
c) It transforms ciphertext back into plaintext using a key ✅ - Answer
d) It generates new encryption keys for messages

Question#3
What type of cryptographic attack tries every possible key to decrypt data?
a) Man-in-the-middle attack
b) Brute-force attack ✅ - Answer
c) SQL injection attack
d) Phishing attack

Question#4
In the context of cryptography, what does integrity ensure?
a) Information is readable only by authorized parties
b) Only the sender knows the encryption method
c) A user cannot deny sending a message
d) Information remains unaltered during transmission ✅ - Answer

Question#5
Which layer is NOT commonly targeted by DDoS attacks according to the OSI model?
a) Application layer (Layer 7)
b) Presentation layer (Layer 6)
c) Network layer (Layer 3)
d) Session layer (Layer 5) ✅ - Answer

Question#6
Which of the following is a major disadvantage of symmetric key cryptography?
a) It requires two keys for operation
b) It produces unbreakable ciphertext
c) It cannot encrypt large files
d) The key must be securely exchanged between parties ✅ - Answer

Question#7
What is a defining feature of a man-in-the-middle (MITM) attack?
a) An attacker secretly intercepts and possibly alters communication between two parties ✅ - Answer
b) A user downloads malicious files from unknown sources
c) A device is infected by a virus from an email
d) A server is flooded with requests to disrupt services

Question#8
Phishing attacks often aim to accomplish all the following except:
a) Overload the server with illegitimate traffic ✅ - Answer
b) Compromise online accounts using stolen credentials
c) Download malware onto a victim's device
d) Trick victims into giving up personal information

Question#9
What is SQL injection primarily used for?
a) Injecting malicious SQL statements via web page input to manipulate databases ✅ - Answer
b) Spreading malware between devices
c) Intercepting encrypted communication
d) Flooding servers with network traffic

Question#10
Which of the following can help prevent session hijacking?
a) Opening suspicious email attachments
b) Ignoring software updates
c) Using a VPN to encrypt communications to business-critical servers ✅ - Answer
d) Turning off firewalls

Question#11
DNS spoofing attacks take advantage of what aspect of the DNS system?
a) DNS queries always going through VPN tunnels
b) The inability of DNS to process encrypted data
c) The mapping of domain names to IP addresses can be manipulated ✅ - Answer
d) The DNS system requiring two-factor authentication

Question#12
Which type of cryptography does NOT require any encryption key to operate?
a) Symmetric key cryptography
b) Asymmetric key cryptography
c) Public key cryptography
d) Hash function ✅ - Answer

Question#13
In a ransomware attack, what typically happens after the ransom is paid?
a) The attacker deletes all stolen data
b) The victim receives instructions to regain access to their system ✅ - Answer
c) The system is restored automatically without user input
d) Law enforcement is notified immediately

Question#14
What distinguishes asymmetric key cryptography from symmetric key cryptography?
a) It always requires a secure channel for key exchange
b) It uses a pair of keys - one public and one private for encryption and decryption ✅ - Answer
c) It is less secure than symmetric key methods
d) It relies on a single key between sender and receiver

Question#15
Which of the following is NOT a component of a symmetric cipher scheme?
a) Digital Signature Algorithm ✅ - Answer
b) Cipher text
c) Secret key
d) Encryption algorithm

Question#16
What character is often used to test web applications for SQL injection vulnerabilities?
a) The "@" (at sign) character
b) The "*" (asterisk) character
c) The " ' " (single quote) character ✅ - Answer
d) The "#" (hash) symbol

Question#17
Which method is commonly recommended for preventing MITM attacks?
a) Ignoring suspicious URLs in emails
b) Installing unverified browser plugins
c) Using strong encryption on access points or a VPN ✅ - Answer
d) Regularly clearing browser cookies

Question#18
In insider threats, what security control helps limit unauthorized access?
a) Increasing user freedom within sensitive areas
b) Restricting employee access and employing multifactor authentication ✅ - Answer
c) Relying solely on password complexity
d) Allowing open admin privileges for efficiency

Question#19
A hash function in cryptography produces:
a) Two unique outputs for the same input
b) A fixed length output from variable length input without using a key ✅ - Answer
c) Encrypted messages decipherable by the recipient
d) A variable length output from fixed length input using a key

Question#20
Why are DDoS attacks difficult to defend against?
a) They only use a single compromised computer
b) Attack traffic can look like legitimate requests from real devices ✅ - Answer
c) They always exploit server software bugs
d) Attackers use physical access to data centers