Multiple Choice Questions
Cybersecurity: Advanced Threats and Defense (Continued)
Topic: Cybersecurity
Grade: 12
Question 1:
Which of the following best describes a man-in-the-middle attack?
A) A type of malware that encrypts files and demands a ransom for their release.
B) A malicious software that disguises itself as a legitimate program.
C) An attack where an attacker intercepts communication between two parties without their knowledge.
D) A technique used to gain unauthorized access to a computer system.
Answer: C) An attack where an attacker intercepts communication between two parties without their knowledge.
Explanation: In a man-in-the-middle attack, an attacker secretly intercepts and possibly alters the communication between two parties, such as a user and a website. The attacker is able to eavesdrop on the conversation and may even manipulate the messages being exchanged. This type of attack can be used to steal sensitive information, such as login credentials or financial data. An example of a man-in-the-middle attack is when an attacker sets up a rogue Wi-Fi hotspot, pretending to be a legitimate access point, and captures all the data transmitted by unsuspecting users.
Question 2:
Which of the following is an example of a social engineering attack?
A) A brute force attack on a password-protected account.
B) A distributed denial-of-service (DDoS) attack that overwhelms a website with traffic.
C) A phishing email that tricks the recipient into revealing personal information.
D) A SQL injection attack that exploits vulnerabilities in a web application.
Answer: C) A phishing email that tricks the recipient into revealing personal information.
Explanation: Social engineering attacks involve manipulating people into performing actions or revealing confidential information. Phishing is a common form of social engineering, where attackers send deceptive emails that appear to be from a trusted source, such as a bank or a popular website. The emails often contain links to fake websites that mimic the legitimate ones, aiming to trick users into entering their login credentials or other sensitive information. An example of a phishing attack is when an email claims that the recipient\’s account has been compromised and asks them to click on a link to verify their information.
Question 3:
Which of the following is a characteristic of a strong password?
A) Contains a combination of uppercase and lowercase letters.
B) Includes the user\’s name or username.
C) Is the same for all online accounts.
D) Consists of a single word from the dictionary.
Answer: A) Contains a combination of uppercase and lowercase letters.
Explanation: A strong password should include a mix of uppercase and lowercase letters, numbers, and special characters. This increases the complexity and makes it harder for attackers to guess or crack the password. Using personal information, such as the user\’s name or username, should be avoided as it can be easily guessed. Using the same password for multiple accounts is also risky, as a breach in one account could lead to unauthorized access to other accounts. Finally, using a single word from the dictionary is not recommended, as attackers often use dictionary-based attacks to crack passwords.
Question 4:
What is the purpose of a firewall in a network?
A) To encrypt data transmission between devices.
B) To prevent unauthorized access to the network.
C) To detect and remove malware from devices.
D) To establish secure connections between devices.
Answer: B) To prevent unauthorized access to the network.
Explanation: A firewall is a security device or software that monitors and controls incoming and outgoing network traffic. Its primary purpose is to enforce a set of rules or policies that determine which network connections are allowed and which are blocked. By filtering out unwanted traffic, a firewall helps protect the network from unauthorized access by external attackers. It acts as a barrier between the internal network and the external world, preventing malicious actors from gaining entry. Firewalls can also provide additional security features, such as intrusion detection and prevention systems.
Question 5:
What is the main goal of cryptography in cybersecurity?
A) To prevent unauthorized access to computer systems.
B) To detect and remove malware from devices.
C) To protect the confidentiality and integrity of information.
D) To secure wireless network connections.
Answer: C) To protect the confidentiality and integrity of information.
Explanation: Cryptography is the practice of encrypting and decrypting information to ensure its confidentiality and integrity. The main goal is to make sure that only authorized individuals or systems can access and modify the information. By using encryption algorithms, sensitive data is transformed into an unreadable format that can only be deciphered with the proper decryption key. This prevents unauthorized access to the information, even if it is intercepted during transmission. Cryptography also ensures the integrity of the information by allowing the recipient to verify its authenticity and detect any unauthorized modifications.