M

Question 1

this stands for malicious software. it is designed to gain access to a computer without the consent of the user

Answer 1

malware

Question 2

they perform unwanted tasks in the host computer for the benefit of a third party

Answer 2

malware

Question 3

special type of malware used for forced advertising. supported by the organizations whose products are advertised

Answer 3

adware

Question 4

malicious software downloaded along with the free software on the internet and installed in the computer without the user’s knowledge.

Answer 4

browser hijacking software

Question 5

this modifies the browsers setting and redirect links to other unintentional sites

Answer 5

browser hijacking software

Question 6

installed in the target computer with or without the user permission and is designed to steal sensitive information from the target machine

Answer 6

spyware

Question 7

this is a malicious code written to damage/harm the computer by deleting or appending a file, occupying memory space through code replication, slow down the performance of the computer, format the computer, etc…

Answer 7

virus

Question 8

true or false: virus can be spread via email attachment, pen drives, digital images, e-greeting, audio, or video clips

Answer 8

true

Question 9

true or false: a virus may be present in a computer but it cannot activate itself without human intervention or when the executable file (.exe) is executed

Answer 9

true

Question 10

this virus can replicate itself and doesn’t need human intervention to travel over the network and spread from the infected machine to the whole network; can spread through the network, using the loopholes of the OS or via email

Answer 10

worms

Question 11

the replication and spreading of the ____ over the network consume the network resources like space and bandwidth and force the network to choke

Answer 11

worm

Question 12

this is a malicious code that is installed in the computer by pretending to be useful software. this not only damages the computer but also creates a backdoor in the computer so it can be controlled by a remote computer

Answer 12

trojan horse

Question 13

this can become part of botnet (robot-network) or a network of computers infected by malicious code and controlled by a central controller

Answer 13

trojan horse

Question 14

the computers infected by trojan horse are known as

Answer 14

zombies

Question 15

true or false: trojans neither infect other computers in the network nor do they replicate

Answer 15

true

Question 16

networks of hijacked computer devices used to carry out various scams and cyberattacks. these automate mass attacks, such as data theft, server crashing, and malware distribution

Answer 16

botnet

Question 17

botnet is formed using two words

Answer 17

robot and network

Question 18

while surfing the internet, suddenly a pop-up alert appears in the screen which warns the presence of dangerous virus, spyware, etc., and urges the user to download the full paid version of the software to fix the problem

Answer 18

scareware

Question 19

as the user downloads the malicious code, their computer is held hostage until the ransom is paid. the malicious code can neither be uninstalled nor used until the ransom is paid

Answer 19

scareware

Question 20

when was the internet born

Answer 20

1960’s; access is limited to scientists, researchers, and the defense only

Question 21

when was the internet launched to the public

Answer 21

1996

Question 22

this is used to describe an unlawful activity in which computer or computing devices, such as smartphones, tablets, personal digital assistants are used as a tool for criminal activity

Answer 22

cyber crime

Question 23

this is often committed by the people of destructive and criminal mindset, either for revenge, greed or adventure

Answer 23

cyber crime

Question 24

an attack to the network or computer by some person with authorized system access

Answer 24

insider attack

Question 25

performed by dissatisfied or unhappy inside employees or contractors; motivation can be revenger or greed

Answer 25

insider attack

Question 26

true or false: it is easy for an insider to perform a cyber attack as he is well aware of the policies, processes, IT architecture, and wellness of the security system

Answer 26

true

Question 27

the insider attack could be prevented by planning and installing an _________ (IDS) in the organization

Answer 27

intrusion detection systems

Question 28

the attacker is either hired by an insider or an external entity to the organization

Answer 28

external attack

Question 29

cyber attacks can be classified as?

Answer 29

structure attacks and unstructured attacks base don the level of maturity of the attacker

Question 30

generally performed by amateurs who don’t have any predefined motives to perform the cyber attack; they test a tool available on the internet on the network of a random company

Answer 30

unstructured attacks

Question 31

performed by highly skilled and experienced people and the motives are clear in their mind; use tools that can’t be noticed by intrusion detection systems

Answer 31

structure attack

Question 32

true or false: cyber crimes have turned out to be low investment, low-risk business with huge returns

Answer 32

true

Question 33

people are motivated towards committing cyber crime to make quick and easy money

Answer 33

money

Question 34

some people try to take revenge with other person/organizations/society/or religion by defaming its reputation or bringing economical or physical loss; comes under the category of cyber terrorism

Answer 34

revenge

Question 35

one can have pride if they hack highly secured networks like defense sites or networks

Answer 35

recognition

Question 36

the anonymity that a cyber space provides motivate cyber crimes; it is easier to get away with criminal activity in cyber space than the real word

Answer 36

anonymity

Question 37

the government itself is involved in cyber trespassing to keep eye on other person/network/country; the reason could be politically, economically, or socially motivated

Answer 37

cyber espionage

Question 38

this is an act of stalking, harassing or threatening someone using internet/computer as a medium; this is often done to defame a person using the internet as it offers anonymity; behavior includes false accusations, threats, sexual exploitation to minors, monitoring, etc…

Answer 38

cyber stalking

Question 39

an act of possessing image or video of a minor (under 18) engaged in sexual conduct

Answer 39

child pornography

Question 40

use of computer to forge or counterfeit a document

Answer 40

forgery and counterfeiting

Question 41

true or false: because of the internet, it is possible to produce counterfeit that matches the original document to such an extent that it is not possible to judge the authenticity of the document without expert judgement

Answer 41

true

Question 41

this is an illegal reproduction and distribution for personal use or business. it comes under crime related to IPR infringement

Answer 41

software piracy and crime related to IPRs

Question 42

it is defined as the use of computer resources to intimidate or coerce government, the civilian population in furtherance of political or social objectives

Answer 42

cyber terrorism

Question 43

process of acquiring personal and sensitive information (identity theft) of an individual via email by disguising as a trustworthy entity in an electronic communication

Answer 43

phishing

Question 44

if a telephone is used as a medium for identity theft, it is known as _______

Answer 44

Vishing

Question 45

This uses SMS to lure customers or steal their personal information

Answer 45

Smishing

Question 46

the act of physical destroying computer resources using physical force or malicious code

Answer 46

computer vandalism

Question 47

practice of modifying computer hardware and software to accomplish a goal outside the creator’s original purpose

Answer 47

computer hacking

Question 48

persons who hack the system to find security vulnerabilities of a system and notify to the organizations so that a preventive action can be taken to protect the system from outside hackers; may be paid employee of an organization or a freelancer

Answer 48

white hat

Question 49

white hat are popularly known as

Answer 49

ethical hackers

Question 50

hack the system with ill intentions. they find security loopholes and exploit the system for personal or organizational benefits until the organization who’s hacked apply security patches

Answer 50

black hat

Question 51

black hat hackers are popularly known as

Answer 51

crackers

Question 52

they find out security vulnerabilities and report to the site administrators and offer the fix of the security bug for a consultancy fee

Answer 52

grey hat

Question 53

someone outside computer security consulting firms who bug-test a system prior to its launch, looking for exploits so they can be closed

Answer 53

blue hat

Question 54

true or false: the organization can sue the hacker, if found, for the sum of more than or equivalent to the loss borne by the organization

Answer 54

true

Question 55

sending of unsolicited and commercial bulk message over the internet is known as

Answer 55

spamming

Question 56

the email is not targeted to one particular person but to a large number of people

Answer 56

mass mailing

Question 57

the real identity of the person is not known

(spamming)

Answer 57

anonymity

Question 57

the email is neither expected nor requested for the recipient

Answer 57

unsolicited

Question 58

an activity involving injecting a malicious client side script into a trusted website. the information gained can be used for financial benefits or physical access to a system for personal interest

Answer 58

cross-site scripting

Question 59

cyber criminals lure the customers to online auction fraud schemes which often lead to either overpayment of the product or the item is never delivered once the payment is made

Answer 59

online auction fraud

Question 60

malicious code inserted into legitimate software, in which the malicious action is triggered by some specific condition. this can either destroy the information stored in the system or make system unusable

Answer 60

logic bombs

Question 60

an act reserving the domain names of someone else’s trademark with intent to sell it afterwards to the organization who is the owner of the trademark at a higher price

Answer 60

cyber squatting

Question 61

hacker gains access to a website of an organization and either blocks it or modify it to serve political, economical, or social interest

Answer 61

web jacking

Question 62

examples of web jacking

Answer 62

educational institutes were hacked by pakistani hackers and an animation which contains pakistani flags were flashed in the homepage of these websites
indian hackers hacked website of pakistani railways and flashed indian flag for several hours on the occasion of independencce day of india in 2014

Question 63

hacking the username and password of ISP of an individual and surfing the internet at his cost

Answer 63

internet time theft

Question 64

a cyber attack in which the network is chocked and often collapsed by flooding it with useless traffic and thus preventing the legitimate network traffic

Answer 64

denial of service attack

Question 65

an attack which proceeds with small increments and finally add up to lead to a major attack, like gaining access to online banking of an individual and withdrawing small amounts unnoticed by the owner

Answer 65

salami attack

Question 66

a practice of changing the data before its entry into the computer system.

Answer 66

data diddling

Question 67

DA or the basic salary of the person is changed in the payroll data of an individual for pay calculation. once the salary is calculated and transferred to his account, the total salary is replaced by his actual salary in the report

Answer 67

data diddling

Question 68

a process of changing the header information of an email so that its original source is not identified and it appears to an individual at the receiving end that the email has been originated from source other than the original source

Answer 68

email spoofing

Question 69

a process of identifying an individual and ensuring that the individual is the same who he/she claims to be.

Answer 69

authentication

Question 70

what is the typical method for authentication over the internet

Answer 70

username and password

Question 71

it is a password which can be used one time only and is sent to the user as an SMS or an email at the mobile number/email address that they have specified during the registration process

Answer 71

one time password

Question 72

this is a known two-factor authentication method and requires two type of evidence to authenticate an individual to provide an extra layer of security for authentication

Answer 72

one time password

Question 73

biometric data and physical token are examples of

Answer 73

two-way authentication/two-factor authentication

Question 74

the process of giving access to an individual to certain resources based on the credentials of an individual is known as

Answer 74

authorization

Question 75

this combines both the username and password along with hardware security measures like biometric system

Answer 75

hybrid authentication system

Question 76

a method to provide secure access via hybrid security authentication to the company network over the internet

Answer 76

Virtual Private Network (VPN)

Question 77

a technique to convert the data in unreadable form before transmitting it over the internet

Answer 77

encryption

Question 78

a technique to lock the data by converting it to complex codes using mathematical algorithms

Answer 78

encryption

Question 79

the decoding of the complex code to original text using key is known as

Answer 79

decryption

Question 80

if the same key is used to lock and unlock the data, it is known as

Answer 80

symmetric key encryption

Question 81

the key used to encrypt and decrypt data are different; every user possess two keys: public and private key

Answer 81

asymmetric key encryption

Question 82

provide a situational example of asymmetric encryption

Answer 82

A will encrypt the message using B’s public key, as the public key is known to everyone. Once the message is encrypted, the message can safely be sent over to B through the internet. As soon as the message is received by B, he will use his private key to decrypt the message and regenerate the original message

Question 83

a technique to validate data and is also used for authentication; this is created by encrypting the data with the private key of the sender, then the encrypted data is attached with the original message. the receiver can decrypt the signature with the public key of the sender, then if the decrypted message is same with the original message, the data is not tampered and the authenticity of the sender is verified

Answer 83

digital signatures

Question 84

a special program designed to protect the system against virus. it not only prevents the malicious code to enter the system but also detects and destroys the malicious code that is installed into the system

Answer 84

antivirus

Question 85

a hardware/software which acts as a shield between an organization’s network and the internet and protects it from threats like virus, malware, hackers, etc.; it limits the people who can have access to your network

Answer 85

firewall

Question 86

example of hardware firewalls

Answer 86

routers

Question 87

firewalls installed on the server and client machines and acts as a gateway to the organization’s network

Answer 87

software firewalls

Question 88

true or false: the firewalls can be configured to follow rules and policies and based on these defined rules the firewalls can follow the following filtering mechanisms

Answer 88

true

Question 89

all the outbound traffic is routed through these for monitoring and controlling the packet that are routed out of the organization

Answer 89

proxy

Question 90

based on the rules defined in the policies, each packet is filtered by their type, port information, source, and destination information. for example. ip address, domain names, port numbers, protocols

Answer 90

packet filtering

Question 91

the outgoing/incoming packets are judged based on defined characteristics only instead of going through all the field of a packet

Answer 91

stateful inspection

Question 92

a technique of hiding secret messages in a document file, image file, and program or protocol, such that embedded message is invisible and can be retrieved using special software

Answer 92

steganography

Question 93

this is a fundamental system in case of a mishap where data is inadvertently lost or corrupted from original system

Answer 93

data recovery

Question 94

only changed or newly added data is backed up subsequently after the last full or incremental backup; recovery is made with the help of last full backup and all incremental backups performed everyday from the date of last full backup

Answer 94

incremental backup

Question 95

data is backed up on a full-scale and recovered back from the same

Answer 95

full back up

Question 96

this defines the threshold limits of a system in terms of time needed to restore an application and allowable limit of data loss

Answer 96

recovery time objective and recovery point objective

Question 97

only changed or newly added data is backed up after last full or differential backup but changes made in the previous differential backup are updated in the next differential backup

Answer 97

differential backup

Question 98

aob means

Answer 98

age of backup

Question 99

speeds at which data is backed up and restored

Answer 99

time taken to backup and time taken to recover

Question 100

measured in terms of cost for infrastructure, operations, and maintenance

Answer 100

total cost of ownership