Computer System Security 99+ Most Important MCQ (Multi choice question)
This Blog cover all possible Multi Choice Question from topic Introduction to Computer system security, session hijack, threat to information system.
Total amount of question covers in This MCQ series is 100. They cover all the important aspect related to that topic provided below.
If you want the Hard copy of MCQ then u can comment in the comment session. The Question is prepared after putting lot of effort so instead of copy it please share the Link so that we can able to take Benefit of our effort.
This post cover all Important question of Computer System Security along with explanation hope so it is useful please help and support.
Q1: The storm botnet was mainly used for
- Phishing
- D Dos Attack
- Hacking
- None of the above
Answer:
DDos Attack Distributed Denial of Service
Explanation:
Storm Botnet as name suggest it is the network of Bot computer which is basically controlled by other and the purpose of doing this is to do Spamming, Steeling Data from the system and perform service attack etc.
Q2: Which statement is correct for silent banker?
- It is a Trojan Horse
- It records keystrokes, capture screen and steals confidential banking credentials and send them to a remote attacker
- Both a and b
- None of the above
Answer:
Both A and B
Explanation:
Silent Banker is a type Trojan Horse which record the Keystrokes, and steals confidential banking login credential.
Q3: Which of the following is true for Stuxnet
- It is a Virus
- It is a Botnet
- It is a computer worm
- a ransomware
Answer:
It is a Computer Warm
Explanation:
Stuxnet is a malicious computer warm used to infect the computer. It was first introduce in 2010 and got publicity in media as it did substantial damage to the nuclear program of Iran.
Q4: Which of the following is incorrect for attack on Target corporation
- It is an example of server side attack
- more than 140 million credit card information was stolen in the attack
- the attack happened in 2011
- None of the above
Answer:
The attack happened in 2011
Explanation:
the attack was happen in 2013. It is the 2nd largest breach of credit and debit card after TJX Breach which happened in 2007.
Q5: Identify the correct name of bug bounty program
- Google Vulnerability Program
- Microsoft Bug Bounty Program
- Mozilla Bounty Program
- Pwn2Own competition
Answer:
Pwn2Own competition
Explanation
Bug Bounty Program is organized to find the bug and if person can find it then he will be rewarded. Pwn2Own competition winner gets $15K to find the bug.
Q6: _______________ are the attempts by individuals to obtain confidential information from you by falsifying their identity
- Computer Virus
- Phishing scams
- Phishing trips
- Spyware scams
Answer:
Phishing scams
Explanation:
Phishing is the fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy user
Q 7 which of the following is correct for MITM
- Its stands for Man-In-The-Middle attack
- It happens when a communication between the two systems is intercepted by an outside entity
- It can happen in any form of online communication, such as email, social media, web surfing
- All of the above
Answer:
All of the above
MITM attack where the attacker possibly alters, observe or read the communication between two system. Example of MITM attack is eavesdrop.
Q8 Which of the following describes a monitoring software, installed without your consent?
- Malware
- Adware
- Spyware
- Ransomware
Answer:
Spyware
Spyware is a malicious Software designed to gain access to yours computer without yours knowledge and steal your sensitive information
Q9 Which type of cyber attack is commonly performed through emails
- Trojans
- warms
- Ransomware
- Phishing
Answer
Phishing
Phishing attack are done to obtain Confidential information from you by falsifying identity and the main source of attack is Emails.
Q:10. If you share too much information on social media, you might be at risk of?
- Identity Theft
- Ransomware
- Malware
- Adware
Answer
Identity Theft
There are lot of social media apps that ask for permission to access your account before installing them. You are at risk of Identity Theft when you post updates of your activities or Your social media account.
Q:11. Which of the following programming languages have common buffer overflow problem in the development of applications?
- C, Ruby
- C, C++
- Python, Ruby
- C, Python
Answer
C, C++
Explanation;
C & C ++ have Common butter overflow problems in development of applications because Strcat (), Strcpy (), gets () when called in C & C++ can be exploited because these functions don’t check whether the Stack is large enough for Storing the data.
Q:12 Which type of buffer overflows are common among attackers?
- Memory-based
- Queue-based
- Stack-based
- Heap-based
Answer
Stack Based
Explanation
Stack based butter overflow is common among attackers because it exploits application by overflowing the Stack Memory Space where users externally input the data.
Q:13. In attack, malicious code is pushed into
- buffer-overflow, stack
- buffer-overflow, queue
- buffer-overflow, memory-card
- buffer-overflow, external drive
Answer
buffer-overflow, stack
Explanation:
Malicious code can be pushed into the Stack during butter-overflow attack. The overflow can be used to overwrite the return address so that the to control flow tranfer to the malicious code.
Q:14. In case of integer overflow, Which of the following option/s is/are true?
- It is a result of an attempt to store a value greater than the maximum value an integer can store
- Integer overflow can compromise a program’s reliability and security
- Both A and B
- None of the above
Answer
Both A and B
Explanation
Integer overflow occurs when integer exceeds the max value and due to this programs reliability and Security is compromised.
Q:15. A string which contains
- Format, text
- Text, format
- text and format, format
- None of the above
Answer
text and format, format
Explanation
format String is a ASCII String which contain text and format parameters. for Example printf (” this year is: %d”, 2222)
Q:16. If we talk about control hijacking, which of the following is true
- In Buffer overflow attacks, stack based attacks are more common than heap based attack.
- Integer overflow attacks is not a type of control hijacking.
- Format string vulnerabilities are used to prevent control hijacking.
- All of the above
Answer
In Buffer overflow attacks, stack based attacks are more common than heap based attack.
Explanation
Control hijacking means take control of target machine & execute arbitrary Code on target machine by hijacking application Control flow. Examples of Control hijacking are Buffer over flow attack. Integer overflow attack and format string Vulnerability.
Q:17. If we mark the stack and heap segment as non executable,
- No code will execute.
- return-oriented programming will also not be able to exploit it.
- we can prevent overflow code execution.
- All of the above.
Answer
we can prevent overflow code execution.
Explanation
Data Execution Prevention (DEP) prevent overflow Cocle execution but it does not defend against ROP because ROP doesn’t require the Code in the Stack/heap. It only need the address to the code in stack / heap and that address is not having DEP.
Q:18. If we talk about Return Oriented Programming, which of the following statement is true ?
- It is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as DEP and code signing
- These types of attacks arise when an adversary manipulates the call stack by taking advantage of a bug in the program, often a buffer overflow.
- Return-oriented programming is an advanced version of a stack smashing attack.
- All of the above
Answer
All of the above
Explanation
Return oriented Programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defence such as DẸP & code signing. It is an advanced version of stack smashing attack.
Q.19. An hardware device’s interrupt request
- Instruction Set Randomization
- Information Storage and Retrieval
- Interrupt Service Routine
- Intermediate Session Routing
Answer
Interrupt Service Routine
Explanation
ISR is process invoked by an interrupt request By interrupting the handles from hardware device. By interrupting the active process, it handles the request & sends it to CPU. when ISR is complete the process is resumed.
Q:20. Which of the following is a method of randomization?
- ASLR
- Sys-call randomization
- Memory randomization
- All of the above.
Answer
All of the above
Explanation
Randomization is a computer Security technique. In this everything in Process memory must be randomized i.e. randomly positioning the Stack, heap, Shared libs, base image. Randomization methods are ASLR, Sys-call randomization, Instruction Set Randomization (ISR)