1. What is the primary goal of network security?
A) Improve network speed
B) Prevent unauthorized access and ensure data integrity
C) Enhance user experience
D) Reduce internet costs
✅ Answer: B) Prevent unauthorized access and ensure data integrity
Explanation: Network security aims to protect networks from threats, unauthorized access, and data breaches while ensuring confidentiality, integrity, and availability.
2. Which of the following is NOT a fundamental principle of network security?
A) Confidentiality
B) Availability
C) Integrity
D) Latency
✅ Answer: D) Latency
Explanation: The three fundamental principles of network security are CIA (Confidentiality, Integrity, and Availability). Latency refers to network speed, not security.
3. What is the most common network security threat?
A) Malware
B) High latency
C) Poor bandwidth
D) ISP throttling
✅ Answer: A) Malware
Explanation: Malware (such as viruses, worms, and ransomware) is one of the most common network security threats, aiming to disrupt, steal, or damage data.
4. A firewall primarily works at which OSI layer?
A) Application Layer
B) Network Layer
C) Transport Layer
D) Data Link Layer
✅ Answer: B) Network Layer
Explanation: Firewalls filter traffic based on IP addresses and ports, operating mostly at Layer 3 (Network Layer).
5. What is the primary function of an Intrusion Detection System (IDS)?
A) To block malicious traffic
B) To detect and alert suspicious activity
C) To speed up network traffic
D) To provide network redundancy
✅ Answer: B) To detect and alert suspicious activity
Explanation: IDS monitors network traffic for anomalies and generates alerts but does not block traffic like an Intrusion Prevention System (IPS).
6. Which protocol is used for secure remote access to a network device?
A) Telnet
B) HTTP
C) SSH
D) FTP
✅ Answer: C) SSH
Explanation: SSH (Secure Shell) is an encrypted protocol used for secure remote access, unlike Telnet, which is unencrypted.
7. What is the purpose of a VPN?
A) To increase network speed
B) To provide a secure communication channel over an untrusted network
C) To monitor network traffic
D) To block malware
✅ Answer: B) To provide a secure communication channel over an untrusted network
Explanation: A Virtual Private Network (VPN) encrypts communication, ensuring security over public or untrusted networks.
8. What does the principle of “Least Privilege” mean?
A) Users should have minimal permissions required for their job
B) Users should have administrator access
C) All users should have equal privileges
D) Users should have no access at all
✅ Answer: A) Users should have minimal permissions required for their job
Explanation: The Principle of Least Privilege (PoLP) ensures users only have necessary permissions, reducing security risks.
9. What type of attack involves intercepting network traffic to steal data?
A) DDoS attack
B) Man-in-the-Middle (MITM) attack
C) SQL Injection
D) Phishing
✅ Answer: B) Man-in-the-Middle (MITM) attack
Explanation: In an MITM attack, a hacker intercepts and manipulates communication between two parties.
10. Which of the following is a best practice for securing wireless networks?
A) Using WEP encryption
B) Keeping the SSID public
C) Using WPA3 encryption
D) Disabling MAC address filtering
✅ Answer: C) Using WPA3 encryption
Explanation: WPA3 is the most secure Wi-Fi encryption protocol, replacing WPA2 and WEP, which have known vulnerabilities.
11. What is the purpose of a DMZ (Demilitarized Zone) in network security?
A) To isolate high-risk servers from internal networks
B) To slow down cyberattacks
C) To encrypt all data transmissions
D) To provide free access to external users
✅ Answer: A) To isolate high-risk servers from internal networks
Explanation: A DMZ is a separate network segment used to host public-facing services while protecting internal networks.
12. What is the role of Multi-Factor Authentication (MFA) in network security?
A) To encrypt passwords
B) To require multiple forms of identity verification
C) To improve password complexity
D) To log network activities
✅ Answer: B) To require multiple forms of identity verification
Explanation: MFA enhances security by requiring two or more authentication factors, like passwords and biometrics.
13. What is a honeypot in cybersecurity?
A) A type of firewall
B) A fake system designed to attract attackers
C) A network vulnerability scanner
D) A DDoS protection tool
✅ Answer: B) A fake system designed to attract attackers
Explanation: Honeypots lure attackers to analyze their behavior and improve network security.
14. Which of the following is a strong password policy?
A) Using the same password everywhere
B) Changing passwords every 10 years
C) Using long, complex passwords with symbols
D) Writing passwords on sticky notes
✅ Answer: C) Using long, complex passwords with symbols
Explanation: Strong passwords use length, complexity, and uniqueness to resist attacks.
15. What is a botnet?
A) A network of computers infected with malware
B) A secure VPN
C) A type of firewall
D) A security testing tool
✅ Answer: A) A network of computers infected with malware
Explanation: Botnets are controlled by attackers to perform DDoS attacks and spread malware.
16. Which of the following is an example of endpoint security?
A) Using a proxy server
B) Installing antivirus software
C) Encrypting network traffic
D) Blocking access to social media
✅ Answer: B) Installing antivirus software
Explanation: Endpoint security protects individual devices like PCs, laptops, and mobile phones.
17. Which attack type floods a network with excessive traffic?
A) Phishing
B) DDoS Attack
C) MITM Attack
D) SQL Injection
✅ Answer: B) DDoS Attack
Explanation: DDoS (Distributed Denial of Service) attacks overwhelm networks, causing downtime.
18. What is the safest way to remotely access a company network?
A) Using public Wi-Fi
B) Using a VPN
C) Using HTTP
D) Disabling firewall protection
✅ Answer: B) Using a VPN
Explanation: VPNs encrypt remote access, protecting against eavesdropping.
19. What is Zero Trust Security?
A) A security model that assumes every access request is untrusted
B) A firewall type
C) A security feature for wireless networks
D) A type of password policy
✅ Answer: A) A security model that assumes every access request is untrusted
Explanation: Zero Trust enforces strict identity verification before granting access.
20. What is Network Access Control (NAC)?
A) A method to control access based on policies
B) A form of malware
C) A security camera system
D) A backup network
✅ Answer: A) A method to control access based on policies
Explanation: NAC enforces security policies before allowing devices to connect to a network.
21. What is the main purpose of network segmentation?
A) To increase internet speed
B) To reduce broadcast traffic
C) To isolate different parts of a network for security purposes
D) To enable faster Wi-Fi connections
✅ Answer: C) To isolate different parts of a network for security purposes
Explanation: Network segmentation divides a network into separate zones, limiting access and reducing attack surfaces.
22. What is an essential security measure for protecting IoT devices in a network?
A) Disabling all security updates
B) Using default manufacturer credentials
C) Keeping firmware updated and changing default passwords
D) Connecting all devices to an open public Wi-Fi
✅ Answer: C) Keeping firmware updated and changing default passwords
Explanation: IoT devices must be updated regularly, and default passwords should be changed to prevent unauthorized access.
23. Which type of firewall inspects traffic at multiple OSI layers, including application-level protocols?
A) Packet filtering firewall
B) Circuit-level gateway
C) Stateful inspection firewall
D) Next-Generation Firewall (NGFW)
✅ Answer: D) Next-Generation Firewall (NGFW)
Explanation: NGFWs inspect traffic at Layer 7 (Application Layer) and provide deep packet inspection (DPI).
24. Which of the following best describes MAC address filtering?
A) A method to encrypt network traffic
B) A technique to block or allow specific devices based on their MAC addresses
C) A way to increase Wi-Fi speed
D) A protocol for dynamic IP address assignment
✅ Answer: B) A technique to block or allow specific devices based on their MAC addresses
Explanation: MAC address filtering helps control which devices can connect to a network based on their unique MAC addresses.
25. What type of attack exploits vulnerabilities in a network protocol by injecting malicious packets?
A) Phishing
B) Man-in-the-Middle (MITM)
C) Packet Sniffing
D) Protocol Exploitation
✅ Answer: D) Protocol Exploitation
Explanation: Attackers exploit weaknesses in network protocols (e.g., TCP/IP, DNS, ARP) to manipulate traffic or gain unauthorized access.
26. What is an Air Gap in network security?
A) A type of firewall
B) A security measure where a system is physically isolated from external networks
C) A technique to improve Wi-Fi signals
D) A feature in VPNs
✅ Answer: B) A security measure where a system is physically isolated from external networks
Explanation: Air-gapped systems are physically isolated, making them difficult to breach remotely.
27. What is the primary weakness of WEP encryption in wireless networks?
A) It requires too much processing power
B) It is vulnerable to dictionary attacks
C) It has weak encryption and can be cracked easily
D) It is only available on newer devices
✅ Answer: C) It has weak encryption and can be cracked easily
Explanation: WEP (Wired Equivalent Privacy) has severe security flaws, and tools like Aircrack-ng can crack it in minutes.
28. What is the function of a Network Intrusion Prevention System (NIPS)?
A) To monitor and log network traffic
B) To block malicious traffic before it reaches its target
C) To analyze packet latency
D) To optimize bandwidth usage
✅ Answer: B) To block malicious traffic before it reaches its target
Explanation: NIPS actively blocks malicious traffic in real-time, unlike IDS, which only detects threats.
29. What technique is used to protect against ARP spoofing?
A) Enabling HTTPS
B) Using a VPN
C) Implementing Dynamic ARP Inspection (DAI)
D) Disabling MAC address filtering
✅ Answer: C) Implementing Dynamic ARP Inspection (DAI)
Explanation: DAI (Dynamic ARP Inspection) verifies ARP packets and prevents ARP spoofing attacks.
30. Which protocol provides secure email communication?
A) HTTP
B) POP3
C) IMAP
D) SMTP with TLS/SSL
✅ Answer: D) SMTP with TLS/SSL
Explanation: SMTP (Simple Mail Transfer Protocol) with TLS/SSL ensures encrypted email communication.
31. What type of attack involves overwhelming a target with excessive DNS queries?
A) DNS Hijacking
B) DNS Spoofing
C) DNS Amplification Attack
D) ARP Poisoning
✅ Answer: C) DNS Amplification Attack
Explanation: Attackers exploit open DNS resolvers to amplify traffic and overwhelm the victim.
32. Which command is used to check open network connections on a system?
A) ls
B) ping
C) netstat
D) ifconfig
✅ Answer: C) netstat
Explanation: The netstat command displays active network connections, open ports, and routing tables.
33. Which network security concept involves preventing unauthorized access by default?
A) Implicit Deny
B) Open Access
C) Least Privilege
D) Zero Trust
✅ Answer: A) Implicit Deny
Explanation: Implicit Deny means that if a rule doesn’t explicitly allow access, it is automatically denied.
34. What is a primary benefit of Network Access Control (NAC)?
A) Encrypts all internet traffic
B) Protects against phishing attacks
C) Ensures that only compliant devices can access the network
D) Speeds up network connections
✅ Answer: C) Ensures that only compliant devices can access the network
Explanation: NAC verifies devices before allowing them onto the network, enforcing security policies.
35. What is a VLAN hopping attack?
A) A technique to bypass VLAN security and access restricted networks
B) A method to optimize VLAN traffic
C) A type of phishing attack
D) A way to enhance Wi-Fi performance
✅ Answer: A) A technique to bypass VLAN security and access restricted networks
Explanation: VLAN hopping exploits vulnerabilities in VLAN configurations to gain unauthorized access.
36. What does SNMP stand for?
A) Secure Network Management Protocol
B) Simple Network Management Protocol
C) Security Network Monitoring Process
D) Standard Network Maintenance Protocol
✅ Answer: B) Simple Network Management Protocol
Explanation: SNMP is used to monitor and manage network devices.
37. What is a Rogue Access Point?
A) A Wi-Fi router with strong security
B) An unauthorized wireless access point installed without approval
C) A firewall feature
D) A network intrusion tool
✅ Answer: B) An unauthorized wireless access point installed without approval
Explanation: Rogue APs create security risks as they bypass network controls.
38. Which security measure helps prevent brute-force attacks on network devices?
A) Disabling firewalls
B) Enforcing account lockout policies
C) Using public Wi-Fi
D) Reducing encryption strength
✅ Answer: B) Enforcing account lockout policies
Explanation: Account lockouts prevent repeated login attempts, stopping brute-force attacks.
39. What is the best defense against phishing attacks?
A) Installing a firewall
B) Using a VPN
C) Security awareness training
D) Increasing bandwidth
✅ Answer: C) Security awareness training
Explanation: User education is the most effective defense against phishing.
40. Which attack manipulates DNS cache entries to redirect users to malicious sites?
A) DNS Spoofing
B) ARP Poisoning
C) DDoS Attack
D) MITM Attack
✅ Answer: A) DNS Spoofing
Explanation: DNS Spoofing alters DNS cache records, redirecting users to malicious sites.
41. What is the primary purpose of network hardening?
A) To increase network speed
B) To reduce network complexity
C) To enhance security by reducing vulnerabilities
D) To improve internet connectivity
✅ Answer: C) To enhance security by reducing vulnerabilities
Explanation: Network hardening involves removing unnecessary services, patching vulnerabilities, and strengthening configurations to minimize risks.
42. Which protocol is used for secure file transfer over a network?
A) FTP
B) TFTP
C) SFTP
D) HTTP
✅ Answer: C) SFTP
Explanation: SFTP (Secure File Transfer Protocol) encrypts data using SSH, making file transfers secure.
43. What does a Stateful Firewall do that a Stateless Firewall does not?
A) Filters packets based on IP addresses
B) Tracks the state of active connections
C) Uses MAC address filtering
D) Increases network speed
✅ Answer: B) Tracks the state of active connections
Explanation: Stateful Firewalls keep track of active connections and dynamically allow or deny packets based on session state.
44. Which network security attack tricks a switch into forwarding traffic to all ports?
A) MAC Flooding
B) DNS Spoofing
C) IP Spoofing
D) VLAN Hopping
✅ Answer: A) MAC Flooding
Explanation: MAC Flooding overwhelms a switch’s MAC address table, forcing it to broadcast packets to all ports, exposing sensitive data.
45. What is a key security measure when using Remote Desktop Protocol (RDP)?
A) Allowing unrestricted access
B) Using strong passwords and multi-factor authentication
C) Disabling encryption
D) Running RDP on port 3389 without changes
✅ Answer: B) Using strong passwords and multi-factor authentication
Explanation: RDP should be secured with strong passwords, MFA, and restricted access to prevent unauthorized connections.
46. What is the main purpose of a proxy server in network security?
A) To monitor network latency
B) To bypass firewalls
C) To act as an intermediary for requests between clients and servers
D) To replace encryption methods
✅ Answer: C) To act as an intermediary for requests between clients and servers
Explanation: A proxy server acts as a gateway that filters requests, hides IP addresses, and improves security.
47. What kind of attack exploits vulnerabilities in the Dynamic Host Configuration Protocol (DHCP)?
A) DHCP Snooping
B) DHCP Starvation Attack
C) SYN Flood Attack
D) ARP Poisoning
✅ Answer: B) DHCP Starvation Attack
Explanation: Attackers exhaust the available IP pool on a DHCP server, preventing legitimate devices from obtaining an IP address.
48. What security protocol is used to encrypt web traffic?
A) HTTP
B) SSL/TLS
C) FTP
D) Telnet
✅ Answer: B) SSL/TLS
Explanation: SSL (Secure Sockets Layer) and TLS (Transport Layer Security) encrypt web traffic to ensure secure communication.
49. What is the role of a Security Information and Event Management (SIEM) system?
A) To provide Wi-Fi connectivity
B) To collect, analyze, and correlate security logs
C) To optimize firewall performance
D) To reduce latency
✅ Answer: B) To collect, analyze, and correlate security logs
Explanation: SIEM systems centralize security event data to detect threats, generate alerts, and improve response time.
50. Which method can prevent unauthorized access to a network through an open port?
A) Using VLANs
B) Implementing port security
C) Enabling remote access
D) Disabling antivirus
✅ Answer: B) Implementing port security
Explanation: Port security restricts access to network ports based on MAC address filtering and limits.
51. What type of cyberattack targets VoIP (Voice over IP) systems?
A) Vishing
B) Smishing
C) IP Spoofing
D) SYN Flood
✅ Answer: A) Vishing
Explanation: Vishing (Voice Phishing) is an attack targeting VoIP calls, often used in social engineering scams.
52. Which wireless security protocol should be avoided due to weak encryption?
A) WPA3
B) WPA2-Enterprise
C) WEP
D) 802.1X
✅ Answer: C) WEP
Explanation: WEP (Wired Equivalent Privacy) has weak encryption and is easily cracked, making it insecure.
53. What is the primary role of a reverse proxy in network security?
A) To allow external devices to connect directly to internal servers
B) To protect internal servers by handling requests on their behalf
C) To disable encryption
D) To act as an internet router
✅ Answer: B) To protect internal servers by handling requests on their behalf
Explanation: Reverse proxies shield internal servers, filter malicious traffic, and enhance security.
54. What type of attack attempts to guess a password by trying all possible combinations?
A) Phishing
B) Brute Force Attack
C) Man-in-the-Middle Attack
D) SQL Injection
✅ Answer: B) Brute Force Attack
Explanation: Brute Force Attacks involve systematically guessing passwords until the correct one is found.
55. Which port does HTTPS typically use?
A) 21
B) 22
C) 80
D) 443
✅ Answer: D) 443
Explanation: HTTPS (Hypertext Transfer Protocol Secure) typically runs on port 443 for secure web browsing.
56. What is a common method for securing cloud-based networks?
A) Using on-premise firewalls only
B) Implementing Identity and Access Management (IAM) policies
C) Allowing unrestricted API access
D) Using default credentials
✅ Answer: B) Implementing Identity and Access Management (IAM) policies
Explanation: IAM policies enforce strict access control in cloud environments, enhancing security.
57. What does the “P” stand for in TCP/IP?
A) Protocol
B) Protection
C) Packet
D) Processing
✅ Answer: A) Protocol
Explanation: TCP/IP (Transmission Control Protocol/Internet Protocol) is the foundation of modern network communication.
58. Which of the following is a key advantage of using an IDS (Intrusion Detection System)?
A) It prevents attacks in real-time
B) It logs and alerts administrators of suspicious activity
C) It encrypts network traffic
D) It speeds up internet connectivity
✅ Answer: B) It logs and alerts administrators of suspicious activity
Explanation: IDS monitors network traffic, detects threats, and generates alerts for manual investigation.
59. What type of attack involves redirecting a user from a legitimate site to a malicious site?
A) SQL Injection
B) DNS Spoofing
C) Buffer Overflow
D) Smishing
✅ Answer: B) DNS Spoofing
Explanation: DNS Spoofing alters DNS records to redirect users to malicious websites.
60. What is the benefit of a Zero Trust security model?
A) It assumes all network traffic is trusted
B) It requires constant verification before granting access
C) It eliminates the need for firewalls
D) It allows unrestricted access to internal networks
✅ Answer: B) It requires constant verification before granting access
Explanation: Zero Trust Security enforces continuous authentication and access control, reducing risks.
61. What is the primary function of a Network Access Control (NAC) system?
A) To provide firewall protection
B) To control access based on policies and device security posture
C) To speed up internet connections
D) To disable unauthorized users
✅ Answer: B) To control access based on policies and device security posture
Explanation: NAC ensures that only compliant and authorized devices can access the network.
62. Which protocol is primarily used for secure website authentication?
A) SSH
B) FTP
C) SSL/TLS
D) Telnet
✅ Answer: C) SSL/TLS
Explanation: SSL/TLS encrypts website connections, ensuring secure authentication and data transmission.
63. What type of security measure helps mitigate insider threats?
A) Implementing strict firewall rules
B) Monitoring user behavior and access logs
C) Allowing all employees full network access
D) Using only password authentication
✅ Answer: B) Monitoring user behavior and access logs
Explanation: User behavior analytics (UBA) can detect suspicious activities and prevent insider threats.
64. What does a VPN primarily provide?
A) A faster internet connection
B) Encrypted and secure remote access to a network
C) Protection from phishing attacks
D) A backup internet service
✅ Answer: B) Encrypted and secure remote access to a network
Explanation: A VPN (Virtual Private Network) encrypts traffic, ensuring secure remote access.
65. What is the primary risk of using default credentials on network devices?
A) Devices run faster
B) They can be easily exploited by attackers
C) They improve network performance
D) They allow anonymous access
✅ Answer: B) They can be easily exploited by attackers
Explanation: Default credentials are widely known and commonly targeted by attackers.
66. Which security technique prevents users from connecting to a rogue Wi-Fi access point?
A) Disabling encryption
B) Using Wi-Fi Protected Access 3 (WPA3)
C) Keeping the SSID visible
D) Connecting to any open network
✅ Answer: B) Using Wi-Fi Protected Access 3 (WPA3)
Explanation: WPA3 provides enhanced encryption and protects against rogue access points.
67. What is the main function of a load balancer in network security?
A) To block unauthorized traffic
B) To distribute traffic across multiple servers
C) To increase internet speed
D) To disable unused ports
✅ Answer: B) To distribute traffic across multiple servers
Explanation: A load balancer helps prevent server overload and ensures high availability.
68. What is the primary function of a Network Address Translation (NAT) device?
A) To block all incoming traffic
B) To encrypt data transmissions
C) To map private IP addresses to public IP addresses
D) To disable access control lists
✅ Answer: C) To map private IP addresses to public IP addresses
Explanation: NAT translates private IPs to public IPs, allowing multiple devices to share a single public IP.
69. What is the main advantage of role-based access control (RBAC)?
A) It allows unrestricted network access
B) It simplifies permission management based on roles
C) It eliminates authentication requirements
D) It removes the need for encryption
✅ Answer: B) It simplifies permission management based on roles
Explanation: RBAC assigns permissions based on job roles, improving security and access control.
70. What does an anti-malware system primarily protect against?
A) Unauthorized firewall access
B) Malware infections like viruses, worms, and trojans
C) Brute-force attacks
D) Physical intrusions
✅ Answer: B) Malware infections like viruses, worms, and trojans
Explanation: Anti-malware systems detect and remove malware, protecting network integrity.
71. What is an example of an eavesdropping attack?
A) DDoS attack
B) Phishing attack
C) Packet sniffing on an unencrypted network
D) Ransomware attack
✅ Answer: C) Packet sniffing on an unencrypted network
Explanation: Eavesdropping attacks involve intercepting network traffic to steal sensitive information.
72. What is a primary function of an intrusion prevention system (IPS)?
A) To detect security breaches after they occur
B) To automatically block malicious network traffic
C) To provide data backup services
D) To optimize network performance
✅ Answer: B) To automatically block malicious network traffic
Explanation: IPS actively blocks threats before they impact the network.
73. What type of cyberattack targets VoIP calls?
A) Vishing
B) Pharming
C) DNS Poisoning
D) Cross-site scripting
✅ Answer: A) Vishing
Explanation: Vishing (Voice Phishing) is a social engineering attack targeting VoIP users.
74. Which tool is commonly used to scan for network vulnerabilities?
A) Metasploit
B) Notepad
C) Paint
D) Wireshark
✅ Answer: A) Metasploit
Explanation: Metasploit is widely used for penetration testing and vulnerability scanning.
75. What is an advantage of implementing endpoint detection and response (EDR) solutions?
A) They prevent brute-force attacks
B) They monitor and respond to threats on individual devices
C) They improve Wi-Fi range
D) They eliminate the need for encryption
✅ Answer: B) They monitor and respond to threats on individual devices
Explanation: EDR systems provide real-time monitoring and threat response at the endpoint level.
76. Which network security tool is used to analyze packets in real-time?
A) Nmap
B) Wireshark
C) Adobe Photoshop
D) SQLMap
✅ Answer: B) Wireshark
Explanation: Wireshark captures and analyzes network packets, useful for troubleshooting and security investigations.
77. What is the function of DNSSEC (Domain Name System Security Extensions)?
A) To encrypt all DNS traffic
B) To authenticate DNS responses and prevent spoofing
C) To hide website IP addresses
D) To block unauthorized websites
✅ Answer: B) To authenticate DNS responses and prevent spoofing
Explanation: DNSSEC uses digital signatures to verify the authenticity of DNS responses, preventing DNS spoofing.
78. What security measure helps prevent brute-force attacks?
A) Using CAPTCHA verification
B) Enabling auto-login
C) Allowing unlimited login attempts
D) Using common passwords
✅ Answer: A) Using CAPTCHA verification
Explanation: CAPTCHAs prevent automated bots from executing brute-force attacks.
79. What type of cyberattack uses compromised IoT devices to launch large-scale attacks?
A) MITM Attack
B) Botnet Attack
C) SQL Injection
D) Phishing Attack
✅ Answer: B) Botnet Attack
Explanation: Botnets control infected IoT devices to launch large-scale DDoS attacks.
80. Which security feature helps prevent email spoofing?
A) DNS over HTTPS (DoH)
B) SPF, DKIM, and DMARC records
C) Using only HTTP websites
D) Disabling encryption
✅ Answer: B) SPF, DKIM, and DMARC records
Explanation: SPF, DKIM, and DMARC authenticate emails, preventing spoofing and phishing attacks.
81. What is the purpose of a honeynet in network security?
A) To increase network speed
B) To deceive and analyze attackers by simulating a real network
C) To optimize bandwidth usage
D) To replace intrusion detection systems
✅ Answer: B) To deceive and analyze attackers by simulating a real network
Explanation: A honeynet is a network of honeypots designed to trap and monitor attackers.
82. What is the primary function of a jump server in network security?
A) To block unauthorized network access
B) To act as an intermediary for accessing critical systems securely
C) To provide free internet access
D) To encrypt all email communications
✅ Answer: B) To act as an intermediary for accessing critical systems securely
Explanation: A jump server (jump box) is used to securely access protected network zones.
83. What is a key characteristic of a bastion host?
A) It is heavily secured and exposed to the internet
B) It is used for network sniffing
C) It reduces internet latency
D) It disables unauthorized users
✅ Answer: A) It is heavily secured and exposed to the internet
Explanation: Bastion hosts are hardened to withstand attacks, often placed in DMZs for external access.
84. What is the main purpose of whitelisting in network security?
A) To allow only pre-approved applications or devices to run
B) To block all network traffic
C) To enable unrestricted access
D) To optimize server performance
✅ Answer: A) To allow only pre-approved applications or devices to run
Explanation: Whitelisting ensures that only trusted applications, users, or devices can access a network.
85. Which protocol prevents loops in a network with redundant links?
A) ARP
B) STP
C) RIP
D) BGP
✅ Answer: B) STP
Explanation: Spanning Tree Protocol (STP) prevents network loops by blocking redundant links.
86. What is the main function of port knocking?
A) To secure remote access by dynamically opening ports after a secret sequence
B) To close all firewall ports
C) To scan for open network ports
D) To log all network activities
✅ Answer: A) To secure remote access by dynamically opening ports after a secret sequence
Explanation: Port knocking allows access only when the correct sequence of connection attempts is made.
87. What is a key characteristic of a black hole routing strategy?
A) It redirects malicious traffic to a non-existent location
B) It increases network bandwidth
C) It allows unauthorized access
D) It scans for network vulnerabilities
✅ Answer: A) It redirects malicious traffic to a non-existent location
Explanation: Black hole routing discards unwanted traffic to mitigate DDoS attacks.
88. What security technique helps prevent brute-force attacks on SSH?
A) Enabling Telnet
B) Disabling encryption
C) Implementing fail2ban or SSH rate limiting
D) Allowing unrestricted login attempts
✅ Answer: C) Implementing fail2ban or SSH rate limiting
Explanation: Fail2ban bans IPs after repeated failed attempts, preventing brute-force attacks.
89. What is an example of a covert channel attack?
A) Encrypting all data transmissions
B) Using hidden communication methods to exfiltrate data
C) Monitoring firewall rules
D) Disabling two-factor authentication
✅ Answer: B) Using hidden communication methods to exfiltrate data
Explanation: Covert channels secretly transfer data, bypassing security measures.
90. What is the role of a data loss prevention (DLP) system?
A) To detect and prevent unauthorized data transfers
B) To disable all network access
C) To scan for malware
D) To optimize network speed
✅ Answer: A) To detect and prevent unauthorized data transfers
Explanation: DLP solutions prevent data leaks by monitoring and controlling data movement.
91. What attack involves inserting malicious commands into legitimate user inputs?
A) SQL Injection
B) DoS Attack
C) DNS Poisoning
D) Phishing
✅ Answer: A) SQL Injection
Explanation: SQL Injection occurs when an attacker injects malicious SQL queries into an input field.
92. What does a network tap do in network security?
A) Encrypts data
B) Captures and monitors network traffic for analysis
C) Increases firewall performance
D) Provides wireless access
✅ Answer: B) Captures and monitors network traffic for analysis
Explanation: A network tap is used to analyze and capture network packets.
93. What is an example of a logic bomb attack?
A) A backdoor in a firewall
B) A hidden script that executes malicious actions when triggered
C) A brute-force attack
D) A social engineering attack
✅ Answer: B) A hidden script that executes malicious actions when triggered
Explanation: A logic bomb remains dormant until a specific condition is met, then executes malicious actions.
94. What network security best practice helps reduce attack surfaces?
A) Keeping all services enabled
B) Disabling unused services and ports
C) Allowing all incoming connections
D) Using weak passwords
✅ Answer: B) Disabling unused services and ports
Explanation: Minimizing running services reduces the number of potential vulnerabilities.
95. What attack exploits a system’s ability to process XML input?
A) ARP Spoofing
B) XML External Entity (XXE) Injection
C) ICMP Flood Attack
D) DNS Hijacking
✅ Answer: B) XML External Entity (XXE) Injection
Explanation: XXE Injection manipulates XML parsers to extract sensitive data or cause denial-of-service attacks.
96. Which technology is commonly used for micro-segmentation in network security?
A) Virtual Local Area Networks (VLANs)
B) HTTP Tunneling
C) Telnet
D) Brute Force Authentication
✅ Answer: A) Virtual Local Area Networks (VLANs)
Explanation: VLANs create isolated network segments, limiting access and improving security.
97. What is the primary function of a sandbox in cybersecurity?
A) To prevent network access
B) To isolate and analyze potentially malicious files
C) To increase firewall speeds
D) To optimize routing protocols
✅ Answer: B) To isolate and analyze potentially malicious files
Explanation: Sandboxing runs suspicious files in an isolated environment to prevent harm.
98. Which protocol is used for encrypted email communication?
A) SMTP
B) IMAP
C) PGP (Pretty Good Privacy)
D) FTP
✅ Answer: C) PGP (Pretty Good Privacy)
Explanation: PGP encrypts emails, ensuring secure communication.
99. What is a key advantage of using the principle of network defense in depth?
A) It uses multiple layers of security to reduce risks
B) It replaces the need for a firewall
C) It increases network latency
D) It allows unlimited access to all users
✅ Answer: A) It uses multiple layers of security to reduce risks
Explanation: Defense in Depth ensures redundant security layers, preventing single points of failure.
100. What is a major security risk of using public Wi-Fi networks?
A) Higher internet speed
B) Exposure to Man-in-the-Middle (MITM) attacks
C) Improved encryption
D) Increased firewall protection
✅ Answer: B) Exposure to Man-in-the-Middle (MITM) attacks
Explanation: Public Wi-Fi networks are untrusted, making them vulnerable to MITM attacks.
101. What is the primary purpose of a network baseline?
A) To increase network speed
B) To establish normal network behavior for anomaly detection
C) To allow unrestricted network access
D) To reduce the number of security policies
✅ Answer: B) To establish normal network behavior for anomaly detection
Explanation: Network baselining helps define normal traffic patterns to identify deviations and potential threats.
102. What is the best practice for handling network logs?
A) Deleting logs after 24 hours
B) Storing logs in a centralized and secure location
C) Keeping logs only on individual devices
D) Not monitoring logs at all
✅ Answer: B) Storing logs in a centralized and secure location
Explanation: Centralized log management enables better security monitoring, forensic analysis, and compliance auditing.
103. What is the purpose of network sandboxing?
A) To analyze suspicious files in an isolated environment
B) To block all internet traffic
C) To provide unrestricted network access
D) To increase bandwidth
✅ Answer: A) To analyze suspicious files in an isolated environment
Explanation: Sandboxing allows testing potentially malicious files without risking the main network.
104. Which type of attack involves attackers injecting malicious scripts into trusted websites?
A) Cross-Site Scripting (XSS)
B) DNS Spoofing
C) ARP Poisoning
D) Brute Force Attack
✅ Answer: A) Cross-Site Scripting (XSS)
Explanation: XSS attacks inject malicious scripts into trusted websites, affecting users who visit them.
105. What is the function of an air-gapped network?
A) To provide free internet access
B) To physically isolate sensitive systems from external networks
C) To increase network speed
D) To enable cloud connectivity
✅ Answer: B) To physically isolate sensitive systems from external networks
Explanation: Air-gapped networks provide maximum security by completely disconnecting critical systems.
106. What is a common risk when using outdated software in a network?
A) Increased compatibility
B) Exposure to known vulnerabilities
C) Faster network speeds
D) Enhanced encryption
✅ Answer: B) Exposure to known vulnerabilities
Explanation: Outdated software often contains known security flaws that attackers can exploit.
107. What is the purpose of Network Behavior Anomaly Detection (NBAD)?
A) To encrypt network traffic
B) To identify deviations from normal network activity
C) To optimize bandwidth usage
D) To block all network requests
✅ Answer: B) To identify deviations from normal network activity
Explanation: NBAD systems detect anomalies that could indicate cyberattacks or unauthorized activity.
108. What type of encryption does WPA3 use to improve wireless security?
A) RC4
B) AES-GCM
C) DES
D) MD5
✅ Answer: B) AES-GCM
Explanation: WPA3 uses AES-GCM encryption, providing stronger protection than WPA2.
109. Which of the following best describes an Advanced Persistent Threat (APT)?
A) A short-lived network attack
B) A highly targeted and long-term cyberattack by a skilled group
C) A type of spam email
D) A firewall misconfiguration
✅ Answer: B) A highly targeted and long-term cyberattack by a skilled group
Explanation: APTs are stealthy, long-term attacks conducted by nation-states or advanced cybercriminals.
110. What does a botnet primarily do?
A) Speeds up the network
B) Helps with software updates
C) Allows remote attackers to control compromised devices
D) Encrypts network connections
✅ Answer: C) Allows remote attackers to control compromised devices
Explanation: Botnets are used to launch large-scale attacks like DDoS, spam, and credential theft.
111. What is an important security measure for preventing social engineering attacks?
A) Using complex passwords
B) Conducting regular security awareness training
C) Increasing internet speed
D) Allowing anonymous access
✅ Answer: B) Conducting regular security awareness training
Explanation: Training employees helps them recognize and prevent phishing, impersonation, and other social engineering tactics.
112. What is the primary function of a session hijacking attack?
A) To send spam emails
B) To exploit an active user session and gain unauthorized access
C) To slow down a network
D) To encrypt network data
✅ Answer: B) To exploit an active user session and gain unauthorized access
Explanation: Session hijacking occurs when an attacker steals a session token to impersonate a user.
113. Which technology is used to secure DNS traffic against spoofing?
A) DNSSEC
B) HTTP
C) FTP
D) SNMP
✅ Answer: A) DNSSEC
Explanation: DNSSEC (Domain Name System Security Extensions) authenticates DNS responses to prevent spoofing attacks.
114. What is the risk of using default SNMP community strings?
A) Improved encryption
B) Unauthorized access to network devices
C) Faster network speed
D) Secure device communication
✅ Answer: B) Unauthorized access to network devices
Explanation: Default SNMP community strings (like “public”) can be exploited to gain control over network devices.
115. What type of malware encrypts user data and demands payment for decryption?
A) Trojan
B) Ransomware
C) Spyware
D) Adware
✅ Answer: B) Ransomware
Explanation: Ransomware encrypts user data and demands a ransom for decryption keys.
116. Which type of authentication relies on multiple factors such as something you know, have, and are?
A) Single-Factor Authentication
B) Multi-Factor Authentication (MFA)
C) Password-Only Authentication
D) CAPTCHA Verification
✅ Answer: B) Multi-Factor Authentication (MFA)
Explanation: MFA uses two or more authentication factors, such as passwords, biometrics, or security tokens.
117. What does MAC Spoofing allow an attacker to do?
A) Encrypt network traffic
B) Change their MAC address to bypass security measures
C) Increase internet speed
D) Block all incoming traffic
✅ Answer: B) Change their MAC address to bypass security measures
Explanation: MAC spoofing allows attackers to masquerade as a trusted device and bypass network security.
118. What is a common defense against brute-force login attempts?
A) Disabling firewalls
B) Account lockout policies
C) Using public Wi-Fi
D) Allowing unlimited login attempts
✅ Answer: B) Account lockout policies
Explanation: Account lockout policies prevent attackers from making unlimited login attempts.
119. What is a primary security concern when using third-party cloud services?
A) Lack of internet connectivity
B) Loss of direct control over data security
C) Improved server uptime
D) Increased network speed
✅ Answer: B) Loss of direct control over data security
Explanation: Third-party cloud providers manage security, but users must ensure compliance, encryption, and access control.
120. What is the primary goal of a penetration test?
A) To fix all network issues
B) To identify and exploit vulnerabilities in a controlled environment
C) To replace antivirus software
D) To increase network bandwidth
✅ Answer: B) To identify and exploit vulnerabilities in a controlled environment
Explanation: Penetration testing simulates attacks to find and fix security weaknesses before real attackers exploit them.
121. What is the primary goal of a network penetration test?
A) To intentionally damage network infrastructure
B) To identify and exploit vulnerabilities in a controlled manner
C) To block all external connections
D) To improve internet speed
✅ Answer: B) To identify and exploit vulnerabilities in a controlled manner
Explanation: Penetration testing (ethical hacking) simulates real-world attacks to identify security flaws before attackers do.
122. What type of cyberattack involves overwhelming a network with excessive SYN requests?
A) DDoS Attack
B) SYN Flood Attack
C) SQL Injection
D) Man-in-the-Middle Attack
✅ Answer: B) SYN Flood Attack
Explanation: SYN Flood attacks exploit the TCP handshake process to consume resources and disrupt network availability.
123. What does the term “Defense in Depth” mean in cybersecurity?
A) Relying on a single security solution
B) Implementing multiple layers of security controls
C) Using only a firewall for protection
D) Avoiding security updates
✅ Answer: B) Implementing multiple layers of security controls
Explanation: Defense in Depth uses redundant security layers (firewalls, IDS/IPS, encryption, etc.) to mitigate risks.
124. What does a NAC (Network Access Control) system enforce?
A) Password strength policies
B) Firewall rules
C) Security policies before allowing device access to the network
D) Bandwidth usage restrictions
✅ Answer: C) Security policies before allowing device access to the network
Explanation: NAC ensures devices meet security requirements (e.g., updated antivirus) before connecting to the network.
125. What is the primary function of a SIEM (Security Information and Event Management) system?
A) To provide high-speed internet
B) To monitor and analyze security logs for threat detection
C) To manage user passwords
D) To encrypt network traffic
✅ Answer: B) To monitor and analyze security logs for threat detection
Explanation: SIEM solutions collect and correlate security logs to identify and respond to potential threats.
126. What is a key feature of an IDS (Intrusion Detection System)?
A) It blocks all network traffic
B) It monitors and alerts on suspicious activity but does not block traffic
C) It increases network speed
D) It encrypts all incoming traffic
✅ Answer: B) It monitors and alerts on suspicious activity but does not block traffic
Explanation: IDS detects threats and generates alerts but does not actively prevent them like an IPS.
127. What is the purpose of a Mantrap in network security?
A) To physically restrict access to a secure area
B) To improve Wi-Fi range
C) To enhance firewall performance
D) To encrypt network traffic
✅ Answer: A) To physically restrict access to a secure area
Explanation: Mantraps are physical security controls used to prevent unauthorized entry into sensitive areas.
128. Which security practice helps prevent unauthorized access to routers and switches?
A) Using default administrator credentials
B) Disabling password authentication
C) Enabling SSH and changing default passwords
D) Allowing unrestricted access
✅ Answer: C) Enabling SSH and changing default passwords
Explanation: Changing default credentials and using SSH encryption helps prevent unauthorized access.
129. What is a watering hole attack?
A) An attack where malware is planted on websites commonly visited by a target
B) A brute-force attack on web applications
C) A method of DNS poisoning
D) A denial-of-service (DoS) attack
✅ Answer: A) An attack where malware is planted on websites commonly visited by a target
Explanation: Watering hole attacks compromise websites that targeted users frequently visit, infecting them with malware.
130. What type of firewall inspects traffic based on application-level protocols?
A) Packet filtering firewall
B) Stateful firewall
C) Next-Generation Firewall (NGFW)
D) Circuit-level gateway
✅ Answer: C) Next-Generation Firewall (NGFW)
Explanation: NGFWs offer deep packet inspection (DPI), application filtering, and intrusion prevention.
131. What is the purpose of an SSL/TLS certificate?
A) To encrypt communications between clients and servers
B) To authenticate network devices
C) To block malicious websites
D) To improve firewall efficiency
✅ Answer: A) To encrypt communications between clients and servers
Explanation: SSL/TLS certificates ensure secure, encrypted communication over HTTPS.
132. What attack involves sending fraudulent ARP messages to a network?
A) ARP Poisoning
B) DNS Spoofing
C) SQL Injection
D) Phishing
✅ Answer: A) ARP Poisoning
Explanation: ARP poisoning manipulates ARP tables to redirect network traffic to an attacker.
133. What is the purpose of IPsec in network security?
A) To provide secure encrypted communication over IP networks
B) To improve network performance
C) To disable unauthorized devices
D) To block incoming HTTP traffic
✅ Answer: A) To provide secure encrypted communication over IP networks
Explanation: IPsec (Internet Protocol Security) ensures confidentiality, integrity, and authentication of network traffic.
134. What is the primary security risk of an open Wi-Fi network?
A) Increased network speed
B) Exposure to Man-in-the-Middle (MITM) attacks
C) Enhanced encryption
D) Reduced bandwidth usage
✅ Answer: B) Exposure to Man-in-the-Middle (MITM) attacks
Explanation: Open Wi-Fi networks lack encryption, making them vulnerable to MITM attacks.
135. Which attack manipulates serialized objects to execute malicious code?
A) Cross-Site Scripting (XSS)
B) SQL Injection
C) Insecure Deserialization
D) Buffer Overflow
✅ Answer: C) Insecure Deserialization
Explanation: Insecure deserialization allows attackers to manipulate serialized objects to execute malicious code.
136. What is the purpose of an email gateway in network security?
A) To block and filter malicious emails
B) To increase email server performance
C) To improve network speed
D) To disable encryption
✅ Answer: A) To block and filter malicious emails
Explanation: Email gateways scan incoming and outgoing emails for spam, phishing, and malware.
137. What is an important step in securing an API?
A) Allowing unrestricted access
B) Implementing authentication and rate limiting
C) Disabling all logging
D) Using only HTTP instead of HTTPS
✅ Answer: B) Implementing authentication and rate limiting
Explanation: Securing APIs involves using authentication (OAuth, API keys) and limiting excessive requests.
138. What is the role of an endpoint detection and response (EDR) solution?
A) To optimize network performance
B) To monitor and respond to threats at the endpoint level
C) To manage firewall rules
D) To speed up software updates
✅ Answer: B) To monitor and respond to threats at the endpoint level
Explanation: EDR solutions detect, investigate, and respond to security incidents on individual devices.
139. What is a primary goal of Zero Trust security?
A) To grant all users full access
B) To assume all access requests are untrusted until verified
C) To disable encryption
D) To allow anonymous authentication
✅ Answer: B) To assume all access requests are untrusted until verified
Explanation: Zero Trust security enforces strict access controls, verifying every request before granting access.
140. What security measure protects against password reuse attacks?
A) Using single-factor authentication
B) Enforcing password history policies
C) Allowing default passwords
D) Removing account lockouts
✅ Answer: B) Enforcing password history policies
Explanation: Password history policies prevent users from reusing old passwords, reducing security risks.
141. What is the purpose of rate limiting in network security?
A) To allow unlimited API requests
B) To restrict excessive traffic and prevent abuse
C) To improve internet speed
D) To encrypt all network communications
✅ Answer: B) To restrict excessive traffic and prevent abuse
Explanation: Rate limiting controls the number of requests a user can make within a specified timeframe to prevent DDoS attacks, API abuse, and brute-force attacks.
142. What is an example of a Physical Security Control in network security?
A) Encryption
B) Biometric authentication and CCTV monitoring
C) Firewalls
D) Intrusion detection systems
✅ Answer: B) Biometric authentication and CCTV monitoring
Explanation: Physical security controls protect hardware and infrastructure from unauthorized access or tampering.
143. Which technique helps protect passwords stored in a database?
A) Storing them in plaintext
B) Encrypting passwords using MD5
C) Using hashing and salting methods
D) Using default credentials
✅ Answer: C) Using hashing and salting methods
Explanation: Hashing and salting passwords ensure that stored credentials remain secure, even if stolen.
144. What does a network sniffer do?
A) Encrypts data in transit
B) Captures and analyzes network traffic
C) Blocks unauthorized network traffic
D) Increases internet speed
✅ Answer: B) Captures and analyzes network traffic
Explanation: Network sniffers like Wireshark analyze packets to monitor, troubleshoot, and detect security threats.
145. Which network security measure helps prevent brute-force attacks?
A) Keeping weak passwords
B) Using account lockout policies
C) Allowing unlimited login attempts
D) Disabling multi-factor authentication
✅ Answer: B) Using account lockout policies
Explanation: Locking accounts after repeated failed attempts prevents brute-force attacks.
146. What is the primary risk of using public cloud services without proper security configurations?
A) Faster internet speed
B) Exposure to unauthorized access and data leaks
C) Better software updates
D) Increased bandwidth
✅ Answer: B) Exposure to unauthorized access and data leaks
Explanation: Improper cloud security configurations can expose sensitive data to unauthorized users.
147. What type of attack involves an attacker impersonating a legitimate user to gain access?
A) Cross-site scripting (XSS)
B) Session Hijacking
C) DNS Poisoning
D) SQL Injection
✅ Answer: B) Session Hijacking
Explanation: Session hijacking occurs when an attacker steals a user’s session ID to gain unauthorized access.
148. Which security measure helps prevent insider threats?
A) Enforcing strong password policies only
B) Implementing user behavior analytics (UBA) and access controls
C) Disabling firewalls
D) Allowing unrestricted network access
✅ Answer: B) Implementing user behavior analytics (UBA) and access controls
Explanation: User behavior analytics (UBA) detects suspicious activity, while access controls limit unnecessary privileges.
149. What is an important feature of a Next-Generation Firewall (NGFW)?
A) Packet filtering only
B) Deep packet inspection and application awareness
C) Allowing all incoming traffic
D) Disabling encryption
✅ Answer: B) Deep packet inspection and application awareness
Explanation: NGFWs provide advanced threat detection, DPI, and application filtering.
150. What is a common security risk when using IoT devices?
A) Increased network speed
B) Lack of regular firmware updates and weak authentication
C) Enhanced encryption
D) Secure built-in firewalls
✅ Answer: B) Lack of regular firmware updates and weak authentication
Explanation: IoT devices often have security weaknesses due to default credentials and infrequent updates.
151. What is the purpose of a honeypot in cybersecurity?
A) To block all incoming traffic
B) To detect and analyze attacker behavior
C) To increase firewall efficiency
D) To disable network encryption
✅ Answer: B) To detect and analyze attacker behavior
Explanation: Honeypots simulate real systems to attract and monitor attackers without risking production systems.
152. What is an essential security practice when using SSH?
A) Allowing root login
B) Disabling password authentication and using SSH keys
C) Keeping SSH on port 22
D) Using Telnet instead
✅ Answer: B) Disabling password authentication and using SSH keys
Explanation: Using SSH keys enhances security and prevents brute-force attacks.
153. What does an SSL/TLS certificate verify?
A) Network speed
B) The identity of a website and secure encryption of data
C) Wi-Fi signal strength
D) Default browser settings
✅ Answer: B) The identity of a website and secure encryption of data
Explanation: SSL/TLS certificates authenticate websites and ensure encrypted communication.
154. What is a common security risk associated with Remote Desktop Protocol (RDP)?
A) Increased network speed
B) Weak authentication leading to unauthorized access
C) Improved encryption
D) Better firewall efficiency
✅ Answer: B) Weak authentication leading to unauthorized access
Explanation: Poorly secured RDP can allow attackers to exploit default credentials and gain access.
155. What is a smurf attack?
A) A DDoS attack using ICMP Echo Requests
B) A type of phishing attack
C) A malware infection
D) A web application vulnerability
✅ Answer: A) A DDoS attack using ICMP Echo Requests
Explanation: Smurf attacks flood a target with ICMP requests, overwhelming network resources.
156. What is the function of a Web Application Firewall (WAF)?
A) To encrypt all network traffic
B) To protect web applications from common threats like SQL Injection and XSS
C) To block all outgoing traffic
D) To improve network latency
✅ Answer: B) To protect web applications from common threats like SQL Injection and XSS
Explanation: WAFs filter, monitor, and block malicious HTTP requests targeting web applications.
157. What is a primary use of blockchain in cybersecurity?
A) To speed up network traffic
B) To provide immutable and tamper-proof data records
C) To replace encryption
D) To optimize routing protocols
✅ Answer: B) To provide immutable and tamper-proof data records
Explanation: Blockchain technology ensures data integrity by using decentralized, tamper-resistant ledgers.
158. What is a key function of Multi-Factor Authentication (MFA)?
A) To provide a single point of authentication
B) To require two or more authentication factors for improved security
C) To replace encryption
D) To increase password length
✅ Answer: B) To require two or more authentication factors for improved security
Explanation: MFA enhances security by requiring multiple verification factors.
159. What type of cyberattack involves attackers modifying a website’s DNS records to redirect users?
A) DNS Poisoning
B) Man-in-the-Middle (MITM) Attack
C) Ransomware Attack
D) Buffer Overflow
✅ Answer: A) DNS Poisoning
Explanation: DNS poisoning (cache poisoning) redirects users to malicious sites by altering DNS records.
160. What is a primary defense against ransomware attacks?
A) Using outdated software
B) Keeping regular backups and applying security patches
C) Allowing unverified email attachments
D) Disabling firewalls
✅ Answer: B) Keeping regular backups and applying security patches
Explanation: Regular backups and patching help recover from ransomware attacks and prevent exploitation.
161. What is the primary purpose of an Intrusion Prevention System (IPS)?
A) To detect and log network threats
B) To automatically block detected threats in real-time
C) To increase network speed
D) To provide a backup for network configurations
✅ Answer: B) To automatically block detected threats in real-time
Explanation: IPS actively prevents security breaches by blocking malicious traffic before it reaches the target.
162. What is an example of an endpoint security measure?
A) Using a proxy server
B) Installing antivirus software on workstations
C) Disabling firewall rules
D) Increasing network bandwidth
✅ Answer: B) Installing antivirus software on workstations
Explanation: Endpoint security measures like antivirus, EDR (Endpoint Detection and Response), and disk encryption help secure individual devices.
163. What is the main risk of using a Bring Your Own Device (BYOD) policy in an organization?
A) Increased network performance
B) Greater risk of malware infections and data breaches
C) Improved encryption
D) Reduced need for security monitoring
✅ Answer: B) Greater risk of malware infections and data breaches
Explanation: BYOD increases security risks since personal devices may lack proper security controls.
164. What type of attack exploits a vulnerability in DNS queries to redirect users to malicious sites?
A) SQL Injection
B) DNS Spoofing
C) Cross-Site Scripting (XSS)
D) Zero-Day Exploit
✅ Answer: B) DNS Spoofing
Explanation: DNS Spoofing manipulates DNS records to redirect users to fraudulent websites.
165. What is a key characteristic of asymmetric encryption?
A) Uses a single key for both encryption and decryption
B) Uses a pair of public and private keys
C) Requires manual key exchange
D) Cannot be used for network security
✅ Answer: B) Uses a pair of public and private keys
Explanation: Asymmetric encryption (e.g., RSA) uses public and private keys to encrypt and decrypt data securely.
166. Which security measure prevents unauthorized USB devices from connecting to a corporate network?
A) Enabling MAC filtering
B) Implementing USB port control policies
C) Disabling all network access
D) Using a VPN
✅ Answer: B) Implementing USB port control policies
Explanation: USB port security policies prevent unauthorized removable devices from being used, reducing risks like malware infections.
167. What is a primary risk of failing to update network firmware?
A) Increased internet speed
B) Exposure to known security vulnerabilities
C) Improved firewall performance
D) Faster VPN connections
✅ Answer: B) Exposure to known security vulnerabilities
Explanation: Outdated firmware may contain security flaws, making devices vulnerable to exploits and attacks.
168. What technique allows attackers to hide malicious traffic within normal-looking packets?
A) Packet Sniffing
B) Tunneling
C) Intrusion Detection
D) Network Address Translation (NAT)
✅ Answer: B) Tunneling
Explanation: Tunneling techniques like DNS tunneling or ICMP tunneling allow attackers to bypass security controls.
169. What is the best way to secure an administrator account on a network device?
A) Using default credentials
B) Implementing Multi-Factor Authentication (MFA) and strong passwords
C) Disabling password authentication
D) Storing passwords in plaintext
✅ Answer: B) Implementing Multi-Factor Authentication (MFA) and strong passwords
Explanation: MFA and strong passwords protect administrator accounts from brute-force and credential-stuffing attacks.
170. What is a common method used by attackers to gain access to a password-protected Wi-Fi network?
A) MAC Address Filtering
B) WPA2/WPA3 Encryption
C) Evil Twin Attack
D) Using a VPN
✅ Answer: C) Evil Twin Attack
Explanation: An Evil Twin Attack involves setting up a fake Wi-Fi network with the same name (SSID) as a legitimate one to trick users into connecting.
171. Which protocol is commonly used for email encryption?
A) HTTP
B) PGP (Pretty Good Privacy)
C) FTP
D) SNMP
✅ Answer: B) PGP (Pretty Good Privacy)
Explanation: PGP encrypts emails to ensure confidentiality and integrity.
172. What is a key advantage of using biometric authentication?
A) Biometric data cannot be stolen
B) It eliminates the need for passwords
C) It provides unique and hard-to-replicate authentication factors
D) It slows down authentication processes
✅ Answer: C) It provides unique and hard-to-replicate authentication factors
Explanation: Biometric authentication uses unique physical traits, making it harder to forge.
173. What type of attack occurs when an attacker captures and replays a network session to gain access?
A) Man-in-the-Middle (MITM) Attack
B) Replay Attack
C) Buffer Overflow
D) DNS Poisoning
✅ Answer: B) Replay Attack
Explanation: Replay attacks involve capturing valid authentication tokens and reusing them to gain unauthorized access.
174. What is a primary function of a Security Operations Center (SOC)?
A) To store passwords for employees
B) To monitor, detect, and respond to security incidents
C) To improve internet speed
D) To disable firewall rules
✅ Answer: B) To monitor, detect, and respond to security incidents
Explanation: SOC teams analyze security logs, respond to threats, and enhance overall security posture.
175. Which security measure protects against unauthorized network scans?
A) Disabling the firewall
B) Using Intrusion Detection Systems (IDS) and rate-limiting tools
C) Allowing unrestricted access
D) Using default security settings
✅ Answer: B) Using Intrusion Detection Systems (IDS) and rate-limiting tools
Explanation: IDS and rate-limiting tools help detect and prevent network scanning attempts.
176. What is the purpose of an Out-of-Band (OOB) management network?
A) To allow internet access only
B) To provide dedicated access for remote administration
C) To block all network traffic
D) To slow down brute-force attacks
✅ Answer: B) To provide dedicated access for remote administration
Explanation: OOB networks provide separate, secure channels for managing network devices.
177. What is the primary benefit of network segmentation?
A) Faster internet speeds
B) Reduced attack surface and controlled access between network zones
C) Improved Wi-Fi signal strength
D) Better antivirus performance
✅ Answer: B) Reduced attack surface and controlled access between network zones
Explanation: Network segmentation isolates sensitive systems, reducing the impact of breaches.
178. What does the term “Blacklisting” mean in network security?
A) Blocking known malicious IPs, applications, or websites
B) Allowing all traffic through the firewall
C) Encrypting data at rest
D) Using only single-factor authentication
✅ Answer: A) Blocking known malicious IPs, applications, or websites
Explanation: Blacklisting prevents access to identified threats, helping mitigate cyberattacks.
179. What is the primary role of a Web Proxy?
A) To encrypt all network traffic
B) To filter web traffic and enforce security policies
C) To disable firewalls
D) To slow down internet access
✅ Answer: B) To filter web traffic and enforce security policies
Explanation: Web proxies enhance security by blocking malicious sites and filtering content.
180. What is the main goal of an email security gateway?
A) To improve internet speeds
B) To filter phishing emails and block malware attachments
C) To allow all incoming messages
D) To disable network encryption
✅ Answer: B) To filter phishing emails and block malware attachments
Explanation: Email security gateways help protect organizations from phishing, spam, and malware-laden emails.
181. What is the main security risk of using an outdated SSL/TLS protocol?
A) Increased network speed
B) Vulnerability to attacks like POODLE and BEAST
C) Improved encryption
D) Stronger authentication
✅ Answer: B) Vulnerability to attacks like POODLE and BEAST
Explanation: Old SSL/TLS versions (e.g., SSL 3.0, TLS 1.0) have vulnerabilities that allow attackers to decrypt data.
182. What is the purpose of Network Time Protocol (NTP) security?
A) To synchronize device clocks securely
B) To improve Wi-Fi range
C) To increase internet speed
D) To encrypt network data
✅ Answer: A) To synchronize device clocks securely
Explanation: NTP security prevents time spoofing attacks, which can disrupt authentication and logs.
183. What type of cyberattack attempts to guess encryption keys?
A) Brute Force Attack
B) SQL Injection
C) ARP Poisoning
D) Cross-Site Request Forgery (CSRF)
✅ Answer: A) Brute Force Attack
Explanation: Brute force attacks attempt all possible key combinations to decrypt data.
184. What is the role of a network-based Intrusion Detection System (NIDS)?
A) To actively block threats in real-time
B) To detect and log suspicious network activity
C) To increase network bandwidth
D) To encrypt all network traffic
✅ Answer: B) To detect and log suspicious network activity
Explanation: NIDS monitors network traffic for unusual behavior but does not actively block attacks.
185. What is the best method to secure an API from unauthorized access?
A) Using strong API keys and OAuth authentication
B) Allowing anonymous requests
C) Storing credentials in plaintext
D) Disabling access controls
✅ Answer: A) Using strong API keys and OAuth authentication
Explanation: Secure APIs by using authentication mechanisms like OAuth, API keys, and JWTs.
186. What is the primary function of a Load Balancer in network security?
A) To distribute network traffic across multiple servers
B) To block malicious traffic
C) To disable encryption
D) To filter phishing emails
✅ Answer: A) To distribute network traffic across multiple servers
Explanation: Load balancers prevent overload by distributing traffic across multiple servers.
187. What type of malware locks users out of their system and demands payment?
A) Trojan
B) Ransomware
C) Adware
D) Spyware
✅ Answer: B) Ransomware
Explanation: Ransomware encrypts user data, demanding a ransom for decryption keys.
188. What security feature protects against unauthorized DNS changes?
A) DNSSEC
B) HTTP
C) FTP
D) ICMP
✅ Answer: A) DNSSEC
Explanation: DNSSEC (Domain Name System Security Extensions) ensures integrity and authenticity of DNS records.
189. What does the principle of “Separation of Duties” in network security mean?
A) Granting all users full network access
B) Dividing responsibilities among multiple users to prevent fraud
C) Using a single administrator account for all tasks
D) Disabling firewalls
✅ Answer: B) Dividing responsibilities among multiple users to prevent fraud
Explanation: Separation of Duties (SoD) prevents one person from having complete control, reducing insider threats.
190. What attack manipulates a user into revealing confidential information?
A) Social Engineering
B) SQL Injection
C) Denial of Service (DoS)
D) ARP Spoofing
✅ Answer: A) Social Engineering
Explanation: Social engineering exploits human psychology to trick users into disclosing sensitive information.
191. Which tool is commonly used for scanning network vulnerabilities?
A) Nmap
B) Notepad
C) Calculator
D) Photoshop
✅ Answer: A) Nmap
Explanation: Nmap scans network hosts and services to identify security vulnerabilities.
192. What does a CAPTCHA primarily prevent?
A) Brute-force and bot-driven attacks
B) Network sniffing
C) Data encryption
D) Firewall misconfiguration
✅ Answer: A) Brute-force and bot-driven attacks
Explanation: CAPTCHAs challenge automated scripts, preventing bot-driven attacks and brute-force attempts.
193. What security measure can protect against a Rogue Access Point attack?
A) Enabling MAC address filtering and wireless intrusion detection
B) Using default Wi-Fi credentials
C) Disabling encryption
D) Broadcasting the SSID openly
✅ Answer: A) Enabling MAC address filtering and wireless intrusion detection
Explanation: Rogue Access Points can be detected using MAC filtering and intrusion detection systems.
194. What is a critical step in preventing SQL Injection attacks?
A) Using parameterized queries and input validation
B) Allowing unrestricted database access
C) Using plaintext credentials
D) Disabling database encryption
✅ Answer: A) Using parameterized queries and input validation
Explanation: Parameterized queries prevent malicious SQL code from being executed.
195. What is a “Zero-Day” vulnerability?
A) A vulnerability that is widely known and patched
B) A vulnerability that has no known fix at the time of discovery
C) A hardware malfunction
D) A misconfigured firewall
✅ Answer: B) A vulnerability that has no known fix at the time of discovery
Explanation: Zero-day vulnerabilities are unknown security flaws exploited before a fix is available.
196. What does a Reverse Proxy do in network security?
A) Blocks all network traffic
B) Protects backend servers by handling client requests on their behalf
C) Increases network latency
D) Disables firewall protection
✅ Answer: B) Protects backend servers by handling client requests on their behalf
Explanation: Reverse proxies filter and manage client requests before they reach backend servers.
197. What type of firewall inspects the full contents of a data packet?
A) Packet Filtering Firewall
B) Deep Packet Inspection (DPI) Firewall
C) Circuit-Level Gateway
D) Stateful Firewall
✅ Answer: B) Deep Packet Inspection (DPI) Firewall
Explanation: DPI firewalls analyze packet contents, providing better security against malware and intrusion attempts.
198. What is a common method used in phishing attacks?
A) Sending fake emails that appear to come from legitimate sources
B) Encrypting all network traffic
C) Disabling firewalls
D) Using biometric authentication
✅ Answer: A) Sending fake emails that appear to come from legitimate sources
Explanation: Phishing attacks trick users into providing sensitive information via fraudulent emails.
199. What is a primary function of a Security Operations Center (SOC)?
A) To respond to and monitor security incidents in real-time
B) To manage corporate Wi-Fi networks
C) To optimize network bandwidth
D) To create website content
✅ Answer: A) To respond to and monitor security incidents in real-time
Explanation: SOC teams actively monitor, detect, and respond to security threats.
200. What does the term “Least Privilege” mean in security?
A) Giving users minimal permissions needed to perform their job
B) Granting full administrator rights to all employees
C) Allowing unrestricted access to all network resources
D) Using default passwords
✅ Answer: A) Giving users minimal permissions needed to perform their job
Explanation: The principle of Least Privilege (PoLP) ensures users only have access to what they need, reducing security risks.