Chapter 12: Cyber Security, Malware, and Protection Tools (Set-10)
A company blocks inbound ports but leaves all outbound traffic open. Which attack goal is still easiest?
A Screen capture
B Disk defrag
C Data exfiltration
D Font change
Malware already inside can send stolen data outward if outbound traffic is not restricted. Outbound rules, application control, and monitoring reduce “call home” connections and stop hidden data leakage.
One weak admin password is reused on many devices. If attackers crack it once, what becomes easiest next?
A Screen sharing
B Lateral movement
C Disk cleanup
D File sorting
Password reuse across devices allows attackers to move quickly from one system to another using the same credential. Unique admin passwords and least privilege prevent spread and reduce total compromise.
Attackers try one common password across many accounts to avoid lockouts. What is this called?
A Password spraying
B Brute force
C Port forwarding
D Disk wiping
Password spraying uses a small set of common passwords on many accounts, avoiding repeated tries on one account. Strong passwords, lockout policies, and 2FA reduce spraying success.
A malicious file changes its code each time but keeps the same behavior, reducing signature matches. This technique is
A Sandboxing
B Hashing
C Polymorphism
D Quarantine
Polymorphic malware modifies its code to evade signature-based detection. Behavior monitoring, heuristics, and layered defenses help detect it because the harmful actions remain similar even if code changes.
An email uses a real logo, but the sender domain is slightly altered. Which quick check is most reliable?
A Logo quality
B Email length
C Font style
D Exact domain check
Attackers copy logos easily, but fake domains often have tiny spelling differences. Checking the exact sender and link domain helps detect phishing and prevents credential theft.
A macro-enabled document asks to “Enable Content,” then downloads malware. Which control best stops this?
A Macro restriction policy
B Higher brightness
C Larger storage
D Faster CPU
Restricting macros blocks many document-based malware infections. Disabling macros by default and allowing only signed or trusted macros reduces execution of malicious scripts.
A user has access to many shared folders. Ransomware hits the PC. What factor most increases damage?
A Screen timeout
B Wi-Fi speed
C Excessive permissions
D Speaker volume
If an infected account has broad access, ransomware can encrypt many shared files. Least privilege limits reach and reduces impact, especially in shared network environments.
Malware runs mainly in RAM and leaves few files on disk. Which type fits best?
A Boot virus
B Adware
C Spyware
D Fileless malware
Fileless malware often uses built-in tools and runs in memory, making file-based scanning harder. Monitoring behavior, patching, and controlling scripts are key defenses.
A botnet is managed using external servers that send commands. These servers are called
A Local cache
B Command-and-control
C Backup vault
D VPN tunnel
Command-and-control servers coordinate infected machines, sending instructions and receiving data. Blocking suspicious outbound traffic and removing malware breaks communication and reduces botnet control.
A rootkit is especially dangerous because it can
A Hide other malware
B Improve speed
C Fix drivers
D Increase storage
Rootkits alter system functions to conceal malicious activity, making detection difficult. Trusted scanning, secure boot checks, and sometimes clean reinstall are needed to fully restore system trust.
HTTPS is present on a fake login site. What is the correct conclusion?
A HTTPS blocks phishing
B HTTPS stops malware
C HTTPS doesn’t prove trust
D HTTPS means safe
HTTPS encrypts traffic but does not confirm a site is genuine. Attackers can use HTTPS on fake domains. Always verify the exact domain before entering passwords or OTPs.
A scammer calls claiming bank support and asks for OTP to “cancel fraud.” What is this attack?
A Vishing
B Smishing
C Spoofing
D Adware
Vishing is voice phishing. Scammers impersonate officials to steal OTPs and passwords. Banks do not ask for OTPs on calls. Hang up and call back using official numbers.
A payment email asks to change vendor bank details urgently. Which fraud type is most likely?
A Worm spread
B Keylogger
C BEC scam
D Cookie theft
Business Email Compromise targets payments using impersonation and urgency. Independent verification and multi-approval for bank detail changes prevent fraudulent transfers.
An outbound firewall blocks unknown apps from connecting. Which major threat does this reduce most?
A Screen glare
B Data exfiltration
C Battery drain
D File rename
Malware often sends stolen data to attacker servers. Blocking suspicious outbound connections prevents “call home” traffic and reduces data theft, even if malware is already inside.
A user reuses one password on many sites. After one leak, which attack becomes most effective?
A Credential stuffing
B Disk scanning
C Safe browsing
D Sandboxing
Credential stuffing uses leaked credentials to log into other services. Unique passwords per site and 2FA stop chain compromise and reduce account takeover risk.
Antivirus marks a safe file as malware. This is called
A False negative
B Data breach
C False positive
D Backdoor
False positives occur when harmless files are flagged. Verify before deleting. Better signatures and heuristics reduce false positives while still protecting against real threats.
Malware exists but the antivirus says “clean.” This error is
A False positive
B False negative
C Quarantine
D Patch
False negatives happen when threats are missed, often due to new variants or stealth behavior. Use layered security, updates, and behavior monitoring to reduce missed detections.
A backup drive is always connected to the PC. During ransomware, what is likely?
A Backup blocks ransomware
B Backup stays untouched
C Backup speeds recovery
D Backup gets encrypted
Connected backups can be encrypted like other drives. Keep at least one offline or disconnected backup and test restore steps to ensure reliable recovery without paying.
A security team wants proof of who accessed what and when. Which control supports this best?
A Detailed logging
B Wallpaper policy
C Screen timeout
D File naming
Detailed logs record logins, access events, and changes, enabling investigation and timeline building. They help identify entry points, affected systems, and misuse during incident response.
A system uses least privilege. What does it primarily limit after compromise?
A Screen quality
B CPU speed
C Blast radius
D Disk size
Least privilege limits what an attacker can access through a compromised account. This reduces spread to other systems and protects sensitive data, lowering the overall impact of the incident.
A company wants to reduce phishing success long term. Most effective approach is
A Bigger monitors
B Awareness training
C More storage
D Faster internet
Training teaches users to spot fake domains, urgency cues, and unsafe attachments. Since many attacks rely on human error, ongoing awareness and reporting culture significantly reduces phishing success.
A worm spreads through an unpatched service. Which control best prevents this?
A Higher brightness
B Longer passwords
C Timely patching
D More backups
Worms exploit known vulnerabilities to self-spread. Applying security patches quickly closes the weakness and prevents rapid network-wide infection.
A device becomes part of a botnet. What is it commonly used for?
A DDoS flooding
B Disk cleanup
C File backup
D Screen recording
Botnets often flood services with traffic to cause denial of service. Keeping devices patched and protected prevents infection and reduces participation in large-scale attacks.
A QR code on a random poster opens a payment page for “KYC update.” Best safe action is to
A Pay immediately
B Share OTP
C Disable antivirus
D Verify URL first
QR scams hide malicious URLs. Scan only trusted codes, check the displayed URL and app warnings, and never enter credentials or make payments without verification.
A security baseline is used to ensure
A Maximum screen size
B Minimum secure config
C Highest CPU speed
D Largest storage
A baseline defines standard secure settings like disabling risky services, enabling updates, and strong access controls. It prevents weak, inconsistent setups that attackers exploit.
A “typosquatted” domain is used to
A Encrypt data
B Stop malware
C Trick with spelling
D Speed browsing
Typosquatting uses look-alike domains with small spelling changes. Users may enter credentials on fake sites. Checking exact domain names and using bookmarks helps prevent it.
A sandbox is most useful for
A Testing suspicious files
B Making backups
C Increasing RAM
D Deleting cookies
Sandboxing isolates execution so suspicious programs cannot easily affect the main system. It supports safe analysis and reduces damage if the file is malicious.
Outbound traffic control is important because many malware types must
A Print documents
B Change fonts
C Call home
D Save images
Malware often contacts external servers for commands or data transfer. Blocking outbound communication reduces attacker control and prevents data theft even if the device is infected.
A user clicks a suspicious link accidentally. Best immediate step is
A Share screenshot
B Disconnect network
C Disable firewall
D Ignore it
Disconnecting reduces spread and blocks malware downloads or command connections. Then scan, change passwords from a clean device, and report to IT if it’s a work system.
Encryption at rest protects most when
A Wi-Fi is slow
B Screen is dim
C Battery is low
D Device is lost
Encryption at rest makes stored data unreadable without the key. If a laptop or phone is lost or stolen, encryption helps prevent offline data access from the drive.
Data minimization reduces breach impact because
A More ads shown
B Faster Wi-Fi
C Less data stored
D Longer emails
Collecting and storing only necessary data reduces what can be stolen during a breach. It also improves privacy compliance and lowers long-term exposure from stored records.
Third-party cookies mainly increase
A Cross-site tracking
B Virus detection
C Backup speed
D Screen clarity
Third-party cookies track users across websites, building profiles for ads. Blocking them reduces tracking and improves privacy while still allowing essential site functions.
Secure disposal of storage should include
A Simple delete
B Folder rename
C Move to desktop
D Certified wiping
Deletion often leaves recoverable data. Secure wiping overwrites data to reduce recovery. For high sensitivity, encryption plus wipe or certified destruction is recommended.
A phishing site requests OTP right after password entry. Best response is
A Enter OTP
B Refresh page
C Close and report
D Try later
Entering OTP can complete account takeover. Close the page, report it, and log in through official app/URL to check account security and change passwords if needed.
A company wants to detect abnormal logins quickly. Best simple control is
A Login alerts
B Bigger monitors
C File compression
D Screen themes
Login alerts notify users or admins about new devices, locations, or failed attempts. Early alerts enable quick response like password change and 2FA activation, preventing full takeover.
A “patch window” that is too slow increases risk mainly because
A Wi-Fi slows down
B Screens flicker
C Exploits appear fast
D Files grow bigger
Attackers often exploit vulnerabilities soon after they become known. Faster patching for critical updates reduces exposure time and prevents exploitation during the vulnerable period.
A malware removal plan should include changing passwords because
A Screen may flicker
B Disk may defrag
C RAM may increase
D Credentials may be stolen
Malware like spyware or keyloggers may steal passwords. After cleanup, change passwords from a clean device and enable 2FA to prevent attackers from reusing stolen credentials.
A company uses “defense in depth.” This means
A One strong password
B Multiple security layers
C Only firewall
D Only antivirus
Defense in depth uses multiple controls like patching, firewall, antivirus, least privilege, backups, and training. If one layer fails, others still reduce attack success and impact.
A “drive-by download” attack often relies on
A Long passwords
B Offline backups
C Unpatched browser
D Secure wiping
Drive-by downloads happen when a compromised site exploits browser vulnerabilities to download malware automatically. Keeping browsers and plugins updated reduces this risk significantly.
Phishing prevention improves most when users always
A Verify via official channel
B Trust urgent emails
C Share OTP quickly
D Click shortened links
Verification through official apps, websites, or known phone numbers stops many scams. Attackers rely on urgency and fear, so independent confirmation prevents credential theft and payment fraud.
A system shows unknown extensions installed in browser. Best first fix is
A Increase brightness
B Rename folders
C Disable updates
D Remove and scan
Malicious extensions can hijack searches and steal data. Remove unknown extensions, reset browser settings, and run anti-malware scans. Then update browser and change affected passwords.
A security policy is most useful because it
A Boosts CPU
B Speeds Wi-Fi
C Sets clear rules
D Improves graphics
Policies define password standards, safe browsing, reporting steps, and access control rules. Clear policies reduce unsafe behavior and make security enforcement consistent across an organization.
The “attack vector” in a phishing case is usually
A Malicious link
B Screen issue
C Disk error
D Power surge
Attack vector is the route used to attack. In phishing, the link or attachment is the vector that leads to fake sites or malware downloads. Blocking and training reduce vector success.
Data breach response should start with
A Hiding evidence
B Containment steps
C Deleting logs
D Sharing publicly
Containment limits ongoing damage by isolating systems, blocking malicious accounts, and stopping data leakage. Logs should be preserved for investigation, and notification rules should be followed.
If a system is infected, why avoid restoring from backup immediately?
A Screen may dim
B Wi-Fi may slow
C CPU may heat
D Backup may be infected
Restoring too early can reintroduce malware if the infection source isn’t removed. First isolate and clean the system, patch vulnerabilities, then restore from known-clean backups.
A safe computing habit that reduces malware risk most is
A Use bright screen
B Disable firewall
C Keep software updated
D Share passwords
Updates fix vulnerabilities that malware exploits. Combined with trusted downloads and real-time security tools, regular updates strongly reduce infection risk and prevent automated attacks.
Which practice best protects privacy on shared computers?
A Log out of accounts
B Save passwords openly
C Disable screen lock
D Ignore updates
Logging out prevents others from accessing accounts. Also avoid saving passwords in browsers, clear sessions if needed, and use 2FA to reduce account misuse on shared devices.
Incident reporting is important because it
A Increases ads
B Speeds containment
C Slows Wi-Fi
D Changes fonts
Reporting suspicious activity early allows security teams to block links, isolate systems, and prevent spread. Late reporting often increases damage and makes investigation harder.
A “spoofed” phone number can mislead users because it
A Encrypts calls
B Blocks malware
C Looks official
D Speeds network
Caller ID spoofing makes scam calls appear from trusted numbers. Users should not trust caller ID alone. Verify by hanging up and calling back using official numbers.
Secure Wi-Fi at home should include
A WPA2/WPA3 encryption
B Open network
C Default admin login
D Shared guest password
WPA2/WPA3 protects Wi-Fi traffic with strong encryption. Also change default router admin password, update firmware, and use a strong Wi-Fi passphrase to prevent unauthorized access.