21. What is "privilege escalation"?
- a) Gaining higher-level access than intended
- b) Encrypting user privileges
- c) Deleting admin accounts
- d) Blocking user permissions
Answer: A - Exploiting flaws to elevate access (e.g., user β admin).
22. Which attack bypasses authentication using stolen cookies?
- a) XSS
- b) CSRF
- c) Session fixation
- d) DNS spoofing
Answer: C - Session fixation forces a user to use a known session ID.
23. What is "Metasploit" primarily used for?
- a) Vulnerability scanning
- b) Exploit development and execution
- c) Packet sniffing
- d) Firewall configuration
Answer: B - Metasploit is a penetration testing framework for exploits.
24. Which wireless encryption is least secure?
- a) WEP
- b) WPA
- c) WPA2
- d) WPA3
Answer: A - WEP (Wired Equivalent Privacy) is easily cracked.
25. What does "CVE" stand for?
- a) Common Vulnerabilities and Exposures
- b) Critical Vulnerability Exploit
- c) Certified Vulnerability Examiner
- d) Cyber Vulnerability Engine
Answer: A - CVE is a public catalog of known security flaws.
26. Which tool analyzes packet captures?
- a) Wireshark
- b) Aircrack-ng
- c) Hydra
- d) Nikto
Answer: A - Wireshark inspects network traffic in real-time or from captures (.pcap).
27. What is "blue team" in cybersecurity?
- a) Defenders who protect systems
- b) Ethical hackers who simulate attacks
- c) Malware developers
- d) Compliance auditors
Answer: A - Blue teams focus on detection, response, and hardening defenses.
28. Which attack floods a server with SYN packets?
- a) SYN flood
- b) ICMP flood
- c) HTTP flood
- d) UDP flood
Answer: A - SYN flood exploits the TCP three-way handshake.
29. What is "steganography"?
- a) Hiding data within other files (e.g., images)
- b) Encrypting data with AES
- c) Deleting data permanently
- d) Scanning for open ports
Answer: A - Steganography conceals data without altering the fileβs appearance.
30. Which protocol does "ping" use?
- a) ICMP
- b) TCP
- c) UDP
- d) HTTP
Answer: A - Ping uses ICMP Echo Request/Reply messages.
31. What is "rainbow table" used for?
- a) Password cracking via precomputed hashes
- b) Network mapping
- c) Encrypting files
- d) Bypassing firewalls
Answer: A - Rainbow tables reverse hashes faster than brute force.
32. Which vulnerability allows file uploads to execute code?
- a) LFI (Local File Inclusion)
- b) RFI (Remote File Inclusion)
- c) Unrestricted file upload
- d) CSRF
Answer: C - Uploading malicious files (e.g., .php) can lead to RCE.
33. What is "Kali Linux" primarily used for?
- a) Penetration testing
- b) Web hosting
- c) Data analytics
- d) Gaming
Answer: A - Kali Linux is a distro packed with hacking tools (Nmap, Metasploit).
34. Which attack manipulates DNS queries?
- a) DNS poisoning
- b) ARP spoofing
- c) SQL injection
- d) XSS
Answer: A - DNS poisoning redirects users to malicious sites via fake DNS entries.
35. What is "Burp Suite" used for?
- a) Web application testing
- b) Network scanning
- c) Password cracking
- d) Firewall configuration
Answer: A - Burp Suite intercepts and manipulates HTTP requests for web app audits.
36. Which term describes fake access points?
- a) Evil Twin
- b) Zombie AP
- c) Rogue AP
- d) Phantom AP
Answer: A - Evil Twin mimics legitimate Wi-Fi to steal data.
37. What is "LDAP injection"?
- a) Exploiting directory service queries
- b) Corrupting DNS records
- c) Bypassing SSL/TLS
- d) Hijacking HTTP sessions
Answer: A - LDAP injection manipulates directory service inputs (e.g., Active Directory).
38. Which tool automates SQL injection attacks?
- a) sqlmap
- b) Nessus
- c) Snort
- d) Tcpdump
Answer: A - sqlmap detects and exploits SQLi vulnerabilities.
39. What is "honeypot" in cybersecurity?
- a) A decoy system to attract attackers
- b) A password-cracking tool
- c) A type of malware
- d) A firewall rule
Answer: A - Honeypots gather threat intelligence by mimicking vulnerable systems.
40. Which header prevents clickjacking?
- a) X-Frame-Options
- b) Content-Security-Policy
- c) Strict-Transport-Security
- d) Cache-Control
Answer: A -
X-Frame-Options: DENY stops pages from being embedded in iframes.