Chapter 12: Cyber Security, Malware, and Protection Tools (Set-5)
A company uses the same admin password on many routers. Which risk becomes most serious if one password leaks?
A Screen burn-in
B Disk defrag need
C Lateral movement
D Font size issue
Reusing one admin password across devices allows an attacker to move from one compromised router to others quickly. Unique credentials and least privilege reduce spread and limit the attacker’s reach.
An attacker tries one common password on many user accounts instead of many passwords on one account. What is this called?
A Brute forcing
B Password spraying
C Disk wiping
D Port scanning
Password spraying uses a small set of common passwords across many accounts to avoid lockouts. Strong passwords, account lockout rules, and 2FA significantly reduce success of such attacks.
A security team blocks inbound ports but allows any program to send data out. What major risk still remains?
A Data exfiltration
B Screen flicker
C Fan noise
D File naming
Even with inbound blocking, malware inside a system can send stolen data outward if outbound traffic is uncontrolled. Outbound firewall rules, application control, and monitoring help prevent data leakage.
A phishing email uses a real company logo and correct formatting, but the link domain is slightly different. Which check exposes the scam best?
A Font checking
B Image quality
C Domain verification
D Email length
Phishing often relies on look-alike domains. Checking the exact domain spelling and top-level domain prevents credential theft. A real logo is easy to copy, so domain checks matter most.
A malware sample changes its code slightly each time to avoid signatures. What technique is this?
A Sandboxing
B Hashing
C Quarantine
D Polymorphism
Polymorphic malware modifies its code while keeping the same behavior, making signature matching harder. Heuristic and behavior-based detection, plus patching and least privilege, improve defense against it.
A user enables macros in an unknown document and a hidden script installs malware. Which control would reduce this risk most?
A Macro restrictions
B Higher brightness
C Bigger storage
D Faster mouse
Many attacks use malicious macros to run scripts. Disabling macros by default, allowing only signed macros, and training users to avoid unknown documents helps block these infections.
A ransomware attack encrypts shared folders across a network. Which control best limits the damage?
A Screen lock
B Keyboard layout
C Least privilege
D Wallpaper change
Least privilege limits what an infected account can access. If users have minimal permissions, ransomware cannot encrypt many shared folders. Proper access control greatly reduces the blast radius.
A security team needs to know “what happened, when, and from where” after an incident. Which data source helps most?
A System logs
B Screen settings
C Wallpaper history
D Font library
Logs record events like logins, access attempts, process starts, and network connections. They support investigation and timeline building, helping identify entry point and affected systems for response.
A trojan creates a hidden remote access channel that bypasses normal login. What is the best term?
A Cookie
B Shortcut
C Cache
D Backdoor
A backdoor is hidden access that bypasses standard authentication. Attackers use it for persistent control. Removing the malware, rotating credentials, and checking for persistence are critical steps.
Malware running only in memory leaves few files on disk. Which type fits best?
A Boot sector virus
B Adware bundle
C Fileless malware
D Zip bomb
Fileless malware often uses built-in tools and runs in memory, making file-based detection harder. Behavior monitoring, patching, restricting scripts, and endpoint detection tools help catch it.
A website uses HTTPS, but the domain is fake and steals logins. What is the correct statement?
A HTTPS ≠ trust
B HTTPS blocks phishing
C HTTPS deletes malware
D HTTPS stops scams
HTTPS encrypts traffic but does not guarantee the site is legitimate. Attackers can use HTTPS on fake domains. Users must verify the exact domain and avoid login links from messages.
A user receives a call claiming “bank support” and asking for OTP to reverse a transaction. What attack is this?
A Smishing
B Adware
C Spoofing
D Vishing
Vishing is voice phishing. Scammers impersonate trusted roles to steal OTPs or passwords. Banks do not ask for OTPs on calls. Verify by calling an official number yourself.
An attacker convinces an employee to urgently change a vendor bank account using email. Which fraud is this?
A Worm attack
B BEC scam
C Keylogging
D DNS caching
Business Email Compromise targets payments by impersonating executives or vendors. Independent verification (call known contacts) and dual approval for payment changes are strong defenses against BEC.
A device joins a botnet. What is the attacker most likely to use it for?
A Disk cleanup
B File backup
C DDoS traffic
D Screen recording
Botnets commonly launch DDoS attacks by sending huge traffic from many infected devices. Keeping systems patched, using antivirus, and blocking suspicious connections reduces botnet infections.
A rootkit is particularly dangerous because it can
A Hide other malware
B Improve performance
C Expand storage
D Fix drivers
Rootkits conceal malicious activity by altering system functions, making detection difficult. They can maintain persistent access. Recovery may require specialized scans, secure boot checks, or reinstalling clean OS.
Antivirus detects a safe file as malicious and blocks it. What is this error called?
A False negative
B Data breach
C False positive
D Backdoor
A false positive occurs when legitimate software is incorrectly flagged. It can interrupt work, so verification is needed. Updated signatures and improved heuristics help reduce false positives.
Malware exists but antivirus reports “no threats found.” What is this called?
A False negative
B False positive
C Safe mode
D Quarantine
A false negative means a real threat is missed. It may happen with new or stealthy malware. Layered security, behavior detection, and updated tools reduce the chance of missed infections.
A company keeps one backup permanently connected to the same PC. During ransomware, what is the likely outcome?
A Backup becomes faster
B Backup blocks malware
C Backup stays hidden
D Backup gets encrypted
Connected backups can be encrypted by ransomware just like other drives. Safe backup strategy includes an offline or disconnected copy and tested restore steps to ensure real recovery.
A user reuses one password across email, banking, and shopping sites. Which attack becomes easier after one leak?
A Port scanning
B Sandboxing
C Credential stuffing
D Disk cloning
Credential stuffing uses leaked username-password pairs to try logins on other sites. Unique passwords prevent chain compromise. Password managers and 2FA strongly reduce account takeover risk.
A security baseline is mainly used to ensure devices have
A Maximum brightness
B Standard secure settings
C Fastest CPU speed
D Biggest disk size
A baseline defines minimum secure configurations, such as disabling risky services and enabling updates. It reduces inconsistent settings across systems and prevents weak setups that attackers commonly exploit.
A “zero-day” exploit is hardest to stop quickly because
A Patch not available
B Wi-Fi is slow
C Disk is full
D Screen is small
Zero-day means no patch exists yet, so prevention relies on layered defenses like least privilege, monitoring, application control, and rapid response. Once a patch is released, apply it quickly.
A suspicious attachment is opened and the computer starts contacting unknown servers. Which control helps block that communication?
A Screen lock rules
B Disk cleanup tools
C Outbound firewall rules
D Font settings
Many malware types must contact external servers for commands or data transfer. Outbound firewall rules and application control can block unknown connections and reduce data theft or further payload download.
A user wants to verify a link without clicking it. Which safe step helps most?
A Increase brightness
B Change password later
C Disable antivirus
D Hover URL preview
Hovering shows the true destination URL, revealing look-alike domains or strange redirects. It reduces accidental clicks on phishing links, especially in emails that display misleading link text.
A ransomware note demands payment in cryptocurrency. What is the best practical recovery choice if backups exist?
A Restore from backup
B Pay immediately
C Delete all files
D Ignore encryption
Paying does not guarantee file recovery and funds criminals. If clean backups exist, restoring is safer. First isolate the system, remove malware, patch vulnerabilities, then restore files.
An employee shares OTP with “support staff” during a call. Which security failure occurred?
A Firewall misconfig
B Disk corruption
C Social engineering success
D Screen timeout
Attackers exploit trust to obtain OTPs and passwords. Users must never share OTPs. Training, verification steps, and clear policies reduce social engineering success and protect accounts.
A company wants to reduce phishing impact even if passwords are stolen. Best control is
A Strong 2FA
B Bigger monitors
C More RAM
D Faster CPU
2FA adds a second proof, so stolen passwords alone are not enough for login. App-based codes or hardware keys are stronger than SMS. This greatly reduces account takeover.
A web browser stores third-party cookies across sites. What privacy risk increases most?
A Faster downloads
B Cross-site tracking
C Better graphics
D More storage
Third-party cookies can track users across many websites and build profiles. Blocking trackers and limiting third-party cookies reduces data collection and improves privacy without harming core security tools.
A person sells an old laptop after deleting files only. Why is this unsafe?
A RAM may drop
B Wi-Fi may slow
C Screen may crack
D Data may recover
Simple deletion often leaves recoverable data. Secure wiping or full disk erase is needed. Using encryption before disposal also helps, because even recovered data remains unreadable without the key.
A fake website uses a slight spelling change like “micros0ft” instead of “microsoft.” This trick is called
A Sandboxing
B Hashing
C Typosquatting
D Quarantine
Typosquatting uses look-alike domains to trick users into visiting fake sites. Checking domain spelling, using bookmarks, and avoiding login links from messages help prevent credential theft.
A security tool isolates suspicious programs so they cannot affect the main system. This concept is
A Sandboxing
B Spoofing
C Smishing
D Keylogging
Sandboxing runs programs in an isolated environment, reducing harm if malicious. It allows safer testing and behavior observation. It is a useful layer along with antivirus and patching.
A security team wants to reduce human error in phishing. Most effective long-term method is
A Bigger storage
B New keyboards
C Faster printers
D Awareness training
Awareness training teaches users to spot phishing cues like urgent language and fake domains. Regular practice improves behavior, increases reporting, and reduces the chance of users clicking harmful links.
A malware spreads by exploiting a network vulnerability, not by attaching to files. Which type fits?
A Virus
B Adware
C Worm
D Trojan
Worms self-propagate through networks by exploiting vulnerabilities, often without user action. Patching, network segmentation, and firewall rules reduce worm spread and limit outbreaks.
A program that pretends to be antivirus but actually installs malware is
A Rogue antivirus
B Safe browser
C Disk utility
D Backup agent
Rogue antivirus is fake security software that scares users into installing malware or paying money. Use trusted security vendors and avoid popups claiming “critical infection” from unknown sources.
A device lock with a long PIN helps most when the device is
A Fully updated
B Lost or stolen
C Charging slowly
D On airplane mode
A strong device lock prevents unauthorized access to apps and data after loss or theft. Combined with encryption and remote wipe features, it helps protect personal information and accounts.
A user receives an email with a mismatched “reply-to” address. What is the best response?
A Click to confirm
B Reply with OTP
C Open attachment
D Report as phishing
Mismatched reply-to addresses are a strong phishing clue. Reporting helps security teams block similar emails and warn others. Users should avoid replying or clicking, and verify via official channels.
A company applies patches monthly, but critical vulnerabilities are exploited in days. What improvement helps most?
A Faster patch cycle
B Higher brightness
C More printers
D Bigger monitors
Some vulnerabilities are exploited quickly after disclosure. Faster patching for critical updates reduces exposure time. Risk-based patching prioritizes high-impact systems and urgent vulnerabilities first.
A security incident response plan should clearly define
A Screen wallpaper
B Font selection
C Roles and steps
D Keyboard layout
A plan must define who does what, how to contain, how to communicate, and how to recover. Clear roles reduce confusion during incidents and speed up containment and restoration.
After malware removal, which step helps prevent re-infection through the same weakness?
A Apply security patches
B Change wallpaper
C Defrag disk
D Rename folders
Patches close vulnerabilities that malware exploited. Without patching, the same attack can work again. Updating OS and apps, plus changing compromised passwords, strengthens long-term protection.
A user tries to log in to a bank by clicking a link in SMS. The safest alternative is to
A Reply to SMS
B Open official app
C Share OTP first
D Click shortened link
Smishing often uses SMS links to fake login pages. Opening the official app or typing the official URL avoids the trap. Never share OTPs and report suspicious messages.
A “payload” in malware can include which action?
A Improving battery life
B Updating drivers
C Cleaning temp files
D Encrypting user files
The payload is the harmful action performed after infection, such as encrypting files, stealing passwords, or opening backdoors. Early detection and blocking prevent payload execution and damage.
A company enforces “unique passwords + 2FA” and also monitors unusual logins. This combination is best described as
A Single control
B File formatting
C Layered security
D Screen tuning
Layered security uses multiple defenses so if one fails, others still protect. Unique passwords reduce reuse risk, 2FA blocks takeovers, and monitoring detects suspicious activity early.
A suspicious USB found in public is risky mainly due to
A Malware delivery
B Better storage
C Faster transfer
D Extra RAM
Unknown USB drives can carry malware or malicious shortcuts. Plugging them in may infect a system. Avoid unknown drives, disable auto-run, and scan removable media before opening files.
A phishing site asks for OTP immediately after password entry. What should the user do?
A Enter OTP quickly
B Refresh the page
C Try again later
D Close and report
Legit services do not request OTP via suspicious links. Entering OTP can complete account takeover. Close the page, report it, and log in using official app/URL to verify account safety.
A user installs updates only for apps, not for the operating system. What risk increases most?
A Cleaner desktop
B Faster boot time
C Unpatched OS flaws
D Better graphics
OS patches fix core vulnerabilities attackers often target. Ignoring OS updates leaves known holes open. Updating both OS and applications reduces overall risk because attackers exploit any weak component.
A security team isolates an infected PC from the network first. Which incident-response step is this?
A Containment
B Recovery
C Archiving
D Formatting
Containment stops spread and prevents malware from contacting external servers. It buys time to investigate, remove threats, and protect other systems. After containment, cleanup and recovery follow.
A company stores sensitive data. Which practice best supports “confidentiality”?
A Bigger monitors
B Encryption at rest
C Faster Wi-Fi
D More storage
Encryption at rest protects data stored on disks so it is unreadable without the key. It helps if devices are stolen or drives are accessed improperly, strengthening confidentiality of sensitive information.
A user disables antivirus because it “slows the PC” and then gets infected. Which security principle was ignored?
A Continuous protection
B Screen optimization
C File naming
D Printer sharing
Security requires continuous protection like real-time scanning and updates. Disabling tools removes a key layer and increases exposure to malicious downloads and phishing. Performance issues should be fixed without disabling security.
A security team checks software vendors and applies urgent fixes quickly. Which process is this?
A Disk partitioning
B Video rendering
C Data labeling
D Patch management
Patch management includes tracking updates, prioritizing critical fixes, testing, and deploying them. It reduces vulnerability windows and prevents exploitation of known security flaws across systems.
An attacker uses a fake QR code to open a payment link. Which prevention step is best?
A Increase brightness
B Disable Wi-Fi always
C Verify URL before pay
D Turn off updates
QR codes can hide malicious URLs. Users should scan only trusted QR codes, check the displayed URL and app warnings, and avoid entering credentials or making payments without verification.
A user’s browser shows many suspicious extensions installed without permission. Best first corrective action is to
A Remove extensions and scan
B Change wallpaper only
C Increase volume level
D Disable screen lock
Malicious extensions can hijack searches, steal data, and inject ads. Remove unknown extensions, reset browser settings, and run a trusted malware scan. Then update browser and change passwords if needed.