1. What is the main purpose of penetration testing?

A. To damage a system
B. To protect user data through antivirus
C. To find and report security vulnerabilities
D. To upgrade the firewall

2. Which of the following is a valid reason to perform a vulnerability assessment?

A. To improve network speed
B. To increase user awareness
C. To identify known security weaknesses
D. To test new hardware

3. What does the OSI model stand for?

A. Open Source Internet
B. Open System Interconnection
C. Operating System Interface
D. Online Secure Infrastructure

4. Which port is commonly used for HTTPS?

A. 80
B. 23
C. 443
D. 21

5. What is the default port number for SSH?

A. 21
B. 22
C. 23
D. 25

6. Which tool is typically used for network scanning?

A. Nmap
B. Wireshark
C. Hydra
D. Nikto
7. What is the primary purpose of a firewall?
A. Prevent viruses
B. Monitor website performance
C. Block unauthorized access
D. Analyze encrypted traffic

8. Which one of the following is a Layer 2 protocol?

A. TCP
B. IP
C. Ethernet
D. HTTP

9. What is phishing?
A. An attack targeting software
B. A method of encrypting emails
C. A social engineering attack to trick users
D. A denial of service attack

10. What does a white box penetration test include?

A. No prior knowledge
B. Only public information
C. Full knowledge of the system
D. Only blacklisted IPs

11. What kind of scan uses no packets but relies on passive analysis?
A. Active scan
B. Passive scan
C. SYN scan
D. Banner grab

12. Which layer does IP operate at in the OSI model?

A. Layer 2
B. Layer 7
C. Layer 3
D. Layer 1

13. What is the function of DNS?

A. To resolve domain names to IP addresses
B. To encrypt internet traffic
C. To create MAC addresses
D. To monitor networks

14. Which tool is best for packet analysis?

A. Nmap
B. Wireshark
C. Nessus
D. Metasploit

15. What is a SYN scan used for?

A. Malware detection
B. Encryption testing
C. Port scanning
D. DNS resolution

16. Which command line tool is used to trace the path packets take?
A. traceroute
B. netcat
C. ping
D. dig

17. What does CVE stand for?

A. Common Vulnerability Enumeration
B. Common Vulnerabilities and Exposures
C. Cybersecurity Vulnerability Exchange
D. Computer Virus Entry
18. What is the result of a successful SQL Injection?
A. Unauthorized database access
B. Password cracking
C. Firewall bypass
D. Website defacement

19. What does the tool Nikto test?

A. Password strength
B. Web servers
C. Database schema
D. Wi-Fi networks

20. What is a zero-day vulnerability?

A. A previously unknown vulnerability
B. An expired certificate
C. A misconfigured firewall
D. A known bug with a patch

21. What is meant by privilege escalation?

A. Encrypting user credentials
B. Escaping a sandbox
C. Gaining higher-level access
D. Blocking admin accounts

22. Which protocol is considered secure for remote login?

A. SSH
B. Telnet
C. HTTP
D. FTP

23. What does the tool Hydra do?

A. Exploit SQL injection
B. Brute force login attacks
C. Scan for XSS
D. Block phishing attempts
24. What is a black box test?
A. Tester has partial system knowledge
B. Only source code is given
C. No prior knowledge of the system
D. Only test cases are provided

25. What is an IDS?

A. Internal Detection System
B. Intrusion Detection System
C. Internet Data Source
D. Inbound Domain Shield

26. What is cross-site scripting (XSS)?

A. Stealing physical devices
B. Injecting scripts into web pages
C. Modifying firewall rules
D. Gaining shell access

27. Which type of XSS requires a user to click a malicious link?

A. Stored XSS
B. Reflected XSS
C. DOM-based XSS
D. Blind XSS

28. What is the purpose of input validation?

A. Speed up website performance
B. Prevent user logins
C. Block malicious inputs
D. Enable two-factor authentication

29. What does 'least privilege' mean in security?

A. Users should have admin rights
B. Use open ports only
C. Users have only necessary access
D. Block all users by default

30. Which tool is used for web application vulnerability scanning?

A. Nikto
B. Nmap
C. Tcpdump
D. Burpsuite Lite

31. Which is a Layer 4 protocol?

A. Ethernet
B. IP
C. TCP
D. HTTP

32. What is the use of the /etc/passwd file in Linux?

A. Stores application logs
B. Stores user account information
C. Handles SSH keys
D. Controls bootloader settings

33. Which of the following is NOT a common password attack?

A. Dictionary attack
B. Brute-force attack
C. Reverse engineering
D. Credential stuffing

34. What is a vulnerability?

A. A secure connection
B. An antivirus update
C. A security weakness
D. A patch for a system
35. What is a honeypot?
A. A security tool to block IPs
B. A decoy system to attract attackers
C. A firewall plugin
D. A password cracking script

36. Which HTTP method is used to update a resource?

A. GET
B. POST
C. PUT
D. DELETE

37. What’s the primary goal of social engineering?

A. Exploit hardware flaws
B. Infect networks with malware
C. Trick users into revealing confidential info
D. Slow down systems

38. What is the function of SSL/TLS?

A. Port scanning
B. File sharing
C. Encrypting web traffic
D. Server patching

39. Which tool is commonly used for exploiting vulnerabilities?

A. Nmap
B. Metasploit
C. Burp Suite
D. ZAP

40. What is a MAC address?

A. A software license key
B. A hardware address
C. A memory control setting
D. A file extension
41. What is a common use of netcat (nc)?
A. DNS spoofing
B. Port scanning and banner grabbing
C. Web application scanning
D. SQL injection

42. What is the role of an SIEM system?

A. Endpoint scanning
B. Packet sniffing
C. Centralized log management and analysis
D. Firewall configuration

43. Which layer of the OSI model does SSL operate on?
A. Transport
B. Network
C. Application
D. Session

44. What is the purpose of a reverse shell?

A. Defend against malware
B. Get root access directly
C. Allow attacker to control a system
D. Log out all users

45. Which of the following is used for password cracking?

A. John the Ripper
B. Nikto
C. Nmap
D. Lynis

46. What is meant by “defense in depth”?

A. Using a single firewall
B. Blocking all ports
C. Multiple layers of security
D. Hiding systems from attackers

47. Which port is used for FTP?

A. 23
B. 21
C. 110
D. 143

48. What is the risk of running outdated software?

A. Slower performance
B. Data formatting issues
C. Vulnerabilities may be exploited
D. Increased battery usage

49. Which tool is commonly used to intercept HTTP traffic?

A. Nikto
B. Wireshark
C. Burp Suite
D. Nessus

50. What is a buffer overflow?

A. File compression technique
B. Sending excessive data to crash a system
C. Restarting a system remotely
D. Encrypting network traffic

51. What does the robots.txt file do?

A. Blocks malware
B. Lists admin users
C. Tells search engines what not to index
D. Controls firewall rules
52. What’s the main risk of using default credentials?
A. Hardware overheating
B. Faster login
C. Easy for attackers to guess
D. Licensing issues

53. Which tool is used for subdomain enumeration?

A. Sublist3r
B. John
C. Netcat
D. Hydra

54. What does ARP spoofing target?

A. IP layer
B. DNS records
C. MAC address mapping
D. Routing protocols

55. What is the main function of DNSSEC?

A. Encrypt DNS queries
B. Speed up DNS resolution
C. Authenticate DNS responses
D. Block ads

56. Which of the following is an example of privilege escalation?

A. Logging out of a session
B. Gaining root access from a user account
C. Resetting a password
D. Running a port scan

57. What is the purpose of OS fingerprinting?

A. Determine system uptime
B. Identify the operating system running on a host
C. Update kernel
D. Delete user accounts
58. What is meant by 'enumeration' in a security context?
A. Blocking ports
B. Gaining access to the OS
C. Extracting detailed information from a system
D. Deleting logs

59. Which tool is widely used for web application proxying and fuzzing?
A. Burp Suite
B. Nmap
C. Hydra
D. Sqlmap

60. What is the default port for SMTP?

A. 80
B. 21
C. 443
D. 25

61. What is the risk of directory traversal?

A. Downloading large files
B. Executing scripts remotely
C. Accessing restricted files
D. Bypassing login

62. What protocol does ping use?

A. TCP
B. UDP
C. ICMP
D. ARP

63. What does a red team typically do?

A. Defend networks
B. Perform code audits
C. Simulate real-world attacks
D. Analyze system logs

64. Which of the following tools can crack wireless passwords?

A. Nikto
B. Aircrack-ng
C. Sqlmap
D. Gobuster

65. What is a CVSS score used for?

A. Rating system performance
B. Assigning IP addresses
C. Measuring vulnerability severity
D. Logging user activity

66. What is an SSRF vulnerability?

A. Server can read files
B. External server is forced to send emails
C. Attacker forces server to make requests
D. DNS data leakage

67. What is a common risk of running services as root?

A. Slower services
B. Increased logging
C. Full system compromise if exploited
D. Reduced memory usage

68. Which tool is used for DNS zone transfer testing?

A. dig
B. curl
C. ping
D. traceroute
69. Which of the following is an open-source vulnerability scanner?
A. Nessus
B. Qualys
C. OpenVAS
D. Zscaler

70. What is the main goal of a DoS attack?

A. Gain remote access
B. Encrypt user files
C. Overwhelm services to disrupt access
D. Steal passwords

71. What does LDAP stand for?

A. Lightweight Directory Access Protocol
B. Linux Data Access Path
C. Local Directory Application Process
D. Log Detection and Analysis Protocol

72. What’s the function of /etc/shadow in Linux?

A. Logs SSH sessions
B. Stores user credentials securely
C. Lists kernel modules
D. Displays firewall rules

73. What is the impact of an insecure deserialization vulnerability?

A. Slower performance
B. Arbitrary code execution
C. Directory listing
D. Firewall misconfiguration

74. What type of attack is a CSRF?

A. Client-side injection
B. File upload vulnerability
C. Unauthorized command sent from a user’s browser
D. Log poisoning
75. What’s the purpose of the whois command?
A. Scan open ports
B. Analyze web traffic
C. Get domain registration information
D. Inspect running processes

76. What is the purpose of TCP three-way handshake?

A. Encrypt communication
B. Transfer data
C. Establish a reliable connection
D. Resolve hostnames

77. What does the chmod command do in Linux?

A. Change file permissions
B. Move files
C. Update packages
D. Restart the system

78. What is the purpose of a SIEM tool?

A. Detect malware
B. Log management and correlation
C. Send email notifications
D. Encrypt data

79. Which protocol is used for secure file transfer?

A. FTP
B. TFTP
C. SFTP
D. Telnet

80. Which of the following is an example of a brute-force tool?

A. Nikto
B. Gobuster
C. Hydra
D. Tcpdump

81. What is a DMZ in network security?

A. Direct Memory Zone
B. A zone between internal and external networks
C. Denied Management Zone
D. Default Monitoring Zone

82. What is the result of successful directory enumeration?

A. Crashed server
B. Access to sensitive files and folders
C. Cleaned up logs
D. Terminated processes

83. What is a common goal of lateral movement in an attack?

A. Stay on one machine
B. Move within the network to gain further access
C. Bypass antivirus
D. Perform updates

84. Which of the following best describes ‘pivoting’?

A. Updating OS patches
B. Exploiting a different vulnerability
C. Using a compromised system to attack other systems
D. Changing DNS entries

85. What is the use of SSLStrip?

A. Strengthen SSL
B. Log brute-force attempts
C. Downgrade HTTPS to HTTP
D. Bypass firewalls
86. What is the key difference between TCP and UDP?
A. TCP is encrypted
B. UDP is faster but less reliable
C. TCP is only for email
D. UDP supports VPNs

87. What’s the role of a packet sniffer?

A. Stop packets from leaving
B. Block incoming connections
C. Capture network traffic for analysis
D. Encrypt email

88. What is the goal of an exploit?

A. Harden a system
B. Log traffic
C. Take advantage of a vulnerability
D. Run antivirus

89. Which file contains Linux system logs?

A. /etc/shadow
B. /var/log/syslog
C. /home/user/logs
D. /tmp/logs.txt

90. Which type of vulnerability allows code execution in a browser?

A. SSRF
B. XSS
C. CSRF
D. SQLi

91. What is the purpose of CVE identifiers?

A. Assign IP addresses
B. Encrypt software
C. Track known vulnerabilities
D. Define DNS rules
92. What is a threat actor?
A. A type of malware
B. A firewall setting
C. An entity that poses a security risk
D. A vulnerability scanner

93. What is session hijacking?

A. Terminating an active session
B. Guessing passwords
C. Taking over an active session to impersonate a user
D. Flooding a port

94. What is a common outcome of phishing attacks?

A. Slower websites
B. IP address leakage
C. Credential theft
D. Server upgrades

95. What is the default port for DNS?

A. 25
B. 53
C. 443
D. 110

96. Which command checks listening services in Linux?

A. ifconfig
B. ls
C. netstat -tuln
D. sudo service

97. What is an MITM attack?

A. An encryption technique
B. Man-in-the-Middle
C. Master in TCP Messaging
D. Memory Injection Tool

98. What is an open redirect vulnerability?

A. Redirecting users without their knowledge
B. Sending spam emails
C. Flooding DNS servers
D. Disabling SSL

99. What is the purpose of iptables in Linux?

A. View network interfaces
B. Manage users
C. Configure firewall rules
D. Update packages

100. What is an APT in cybersecurity?

A. Advanced Package Tool
B. Advanced Persistent Threat
C. Admin Permission Table
D. Automated Port Tracker