Chapter 12: Cyber Security, Malware, and Protection Tools (Set-3)
A security team lists “customer database, admin accounts, payment system” and then decides which needs strongest protection first. What step are they doing?
A File compression
B Asset classification
C Screen calibration
D Printer sharing
Explanation: Asset classification means identifying and grouping assets by importance and sensitivity. It helps decide which controls are needed first, such as stronger access rules for critical systems and sensitive data.
An attacker looks for outdated software because it is easier to exploit. In security terms, outdated software increases the system’s
A Vulnerability level
B Screen resolution
C Power efficiency
D Storage quota
Explanation: Outdated software often contains known security holes. Attackers exploit these weaknesses using published methods, so delaying updates increases the chance of compromise and makes systems easier targets.
A company evaluates “likelihood of attack” and “damage if it happens” to decide protection priority. This is mainly called
A Data entry
B Disk formatting
C Risk assessment
D Packet switching
Explanation: Risk assessment measures how likely a threat is to occur and how severe the impact would be. It guides decisions like which systems to patch first and where to add controls.
A user receives login alerts from an unknown country and quickly changes password and enables 2FA. Which security goal is mainly achieved?
A File encryption
B Network routing
C Hardware upgrade
D Account protection
Explanation: Quick action after suspicious alerts reduces the chance of takeover. Changing the password and enabling 2FA blocks attackers even if they know old credentials, protecting the account from misuse.
A security policy says “use least privilege for all employees.” What does “least privilege” mean?
A Fastest internet plan
B Maximum storage space
C Minimum required access
D Strongest screen lock
Explanation: Least privilege means users get only the access needed for their job. It limits damage if an account is compromised, because the attacker cannot reach extra systems or sensitive data.
A cybercriminal demands money to stop leaking stolen photos. This crime is best described as
A Cyber extortion
B Data backup
C File indexing
D Secure browsing
Explanation: Cyber extortion involves threatening victims to force payment, often using stolen data or service disruption. Strong privacy controls, backups, and quick incident response reduce harm from such attacks.
A hacker changes a website’s displayed content without permission. Which cybercrime term fits best?
A Disk cleanup
B Safe mode boot
C Website defacement
D Key generation
Explanation: Website defacement means unauthorized modification of a website’s content. It usually indicates weak security or stolen credentials and can harm reputation, so the site must be secured and restored quickly.
A “data breach” is most directly caused when
A Confidential data exposed
B Monitor brightness changes
C RAM usage increases
D Keyboard language changes
Explanation: A data breach occurs when sensitive information is accessed or revealed without authorization. It may happen due to hacking, insider misuse, or poor security settings, and requires reporting and containment.
A user installs a “free PDF converter” that secretly steals browser passwords. This is most likely
A Router firmware
B Trojan software
C Screen recorder
D Antivirus update
Explanation: Trojans look legitimate but perform harmful actions like stealing credentials. They often come from untrusted downloads. Avoid unknown installers and use security scans to reduce trojan infections.
A worm spreads using a network flaw and then installs more malware. The “installs more malware” part is best called
A Screen refresh
B Cache clearing
C File naming
D Payload action
Explanation: The payload is what the malware does after infection, such as stealing data, encrypting files, or downloading other malware. Blocking the spread and removing the worm prevents the payload from executing.
A “logic bomb” activates when a certain condition is met, like a specific date. Which category does it belong to?
A Network device
B Backup method
C Malware type
D Password policy
Explanation: A logic bomb is malicious code that triggers when a condition occurs. It may delete files or disrupt services. Controls like code review, monitoring, and least privilege help reduce such risks.
A program that secretly gives remote control access to an attacker is commonly called
A Backdoor malware
B Screen driver
C Disk partition
D File converter
Explanation: Backdoor malware provides hidden access for attackers to control a system. It may be installed by trojans or other malware. Removing it and changing credentials is essential to regain security.
Which symptom most strongly suggests ransomware on a computer?
A Battery drains faster
B Mouse feels slow
C Files show strange extensions
D Printer stops working
Explanation: Ransomware often encrypts files and changes extensions, plus displays a ransom note. Immediate isolation from the network and using backups are key steps to reduce spread and recover data safely.
A keylogger is most dangerous for users of
A Offline calculator
B Online banking
C Local wallpaper
D Text editor only
Explanation: Keyloggers can capture passwords, PINs, and OTPs typed for banking or shopping. This can lead to direct financial theft. Strong security tools, 2FA, and avoiding unsafe downloads reduce risk.
A botnet-controlled device is often called a
A Zombie computer
B Master server
C Backup node
D Safe sandbox
Explanation: A zombie computer is an infected device controlled remotely as part of a botnet. It can be used for spam or attacks without the owner’s knowledge. Malware protection and patching prevent infection.
A rootkit is often discovered late because it mainly focuses on
A Showing popup ads
B Compressing video files
C Hiding malicious activity
D Cleaning temp folders
Explanation: Rootkits try to hide malware presence by modifying system components. This makes detection difficult. Using trusted scanners, secure boot features, and reinstalling from clean sources may be required.
Antivirus “false positive” means
A Virus ignored
B Firewall disabled
C Backup corrupted
D Safe file flagged
Explanation: A false positive occurs when antivirus wrongly marks a legitimate file as malicious. Users should verify before deleting. Updates and better detection methods reduce false positives over time.
Antivirus “false negative” means
A Malware not detected
B Safe file flagged
C Scan runs faster
D Update fails always
Explanation: A false negative happens when malware is present but not detected. This can occur with new threats or disabled protection. Regular updates, heuristic scanning, and layered security reduce this risk.
Why is “regular signature update” important for antivirus accuracy?
A Improves screen quality
B Reduces battery use
C Adds new malware patterns
D Increases keyboard speed
Explanation: Signature updates include new malware fingerprints and detection rules. Without updates, antivirus may miss new threats. Frequent updates improve detection and help respond to newly discovered malware outbreaks.
A firewall that blocks outgoing connections from unknown apps helps prevent
A Screen flicker
B Data exfiltration
C Printer jam
D Low storage
Explanation: Data exfiltration is unauthorized sending of data out of a system. Malware often tries to connect to attacker servers. Outbound firewall rules can block such connections and reduce data theft.
“Quarantine” helps security teams because it
A Speeds up downloads
B Changes passwords
C Stops file execution
D Encrypts backups
Explanation: Quarantined files are isolated so they cannot run and cause harm. This reduces immediate risk while allowing analysis, removal, or safe restoration if the file is later confirmed harmless.
A sandbox is useful when checking a suspicious file because it
A Boosts Wi-Fi signal
B Clears browser history
C Extends battery life
D Limits system damage
Explanation: Sandboxing runs a program in an isolated environment. If the file is malicious, it has limited access to the main system. This helps safely observe behavior before installing or trusting it.
A “scheduled scan” is especially useful for
A Regular unattended checks
B Increasing RAM size
C Changing file formats
D Hiding desktop icons
Explanation: Scheduled scans run automatically at planned times, ensuring periodic checking even when users forget. They help detect threats that slip past real-time protection, improving overall security hygiene.
A strong password policy that requires unique passwords for all systems mainly reduces
A Screen lock delay
B Print speed loss
C Credential stuffing risk
D Battery overheating
Explanation: Credential stuffing uses leaked passwords from one site to access other accounts. Unique passwords prevent attackers from reusing stolen credentials. Password managers make this easier to follow.
A passphrase like “BlueRiver$Morning!2026” is strong mainly because it is
A Short and common
B Long and mixed
C Based on birthday
D Same for all
Explanation: Strong passphrases are long and include varied characters. Length makes guessing harder. Avoid common phrases and personal details. Using unique passphrases per account improves protection against guessing and leaks.
Two-factor authentication improves security even if a password is stolen because it requires
A More screen brightness
B Extra storage space
C Second proof of identity
D Faster network speed
Explanation: 2FA adds another check such as an app code or hardware prompt. Attackers need both the password and the second factor, making account takeover much harder even after a leak.
A secure backup strategy for ransomware should include at least one backup that is
A Offline or disconnected
B Always on same PC
C Only in recycle bin
D Shared to everyone
Explanation: Offline backups cannot be encrypted by ransomware running on the infected system. Keeping at least one disconnected copy and testing restoration steps ensures real recovery without paying attackers.
Safe browsing against fake websites is improved most by checking the
A Page background color
B Font size used
C Number of images
D Exact domain name
Explanation: Phishing sites often use look-alike domains with small spelling changes. Checking the exact domain before logging in is critical. Use bookmarks for official sites and avoid clicking unknown shortened links.
A “drive-by download” attack usually happens when
A Restarting your computer
B Updating your antivirus
C Visiting infected website
D Using strong passwords
Explanation: Drive-by downloads can occur when a compromised website silently downloads malware using browser or plugin vulnerabilities. Keeping browsers updated and disabling risky plugins reduces such attacks.
A typical sign of social engineering in a message is
A Correct company domain
B Urgent pressure to act
C Clear contact details
D No links included
Explanation: Social engineering often uses urgency like “act now” to force mistakes. Always pause, verify through official channels, and avoid sharing passwords or OTPs. Legit companies rarely demand urgent secret details.
Smishing is most likely received through
A Bluetooth transfer
B Printer queue
C SMS text message
D Screen notification only
Explanation: Smishing uses SMS to push malicious links or request OTPs. Users should treat unknown texts as suspicious, avoid clicking links, and verify by visiting official apps or websites directly.
Vishing attackers usually try to steal
A OTPs and passwords
B Wallpaper themes
C Screen resolution
D Printer ink levels
Explanation: Vishing happens over voice calls, where scammers impersonate banks or support. They often ask for OTPs and passwords. Never share these on calls; confirm with official numbers.
Email spoofing is dangerous because it can
A Increase storage size
B Fix broken links
C Look like trusted sender
D Improve antivirus speed
Explanation: Spoofing makes emails appear from legitimate addresses. This tricks users into clicking links or sharing data. Verify sender details carefully and confirm sensitive requests using another trusted communication method.
A “QR scam” is most dangerous when it leads to
A Better camera focus
B Faster app download
C Clearer screen image
D Fake payment page
Explanation: QR scams may open a fake page that steals payment details or triggers unauthorized transfers. Scan only trusted QR codes and check the URL preview or app warnings before confirming any payment.
A safe first step after clicking a suspicious link accidentally is to
A Increase screen timeout
B Disconnect from network
C Change wallpaper
D Install random tools
Explanation: Disconnecting limits malware from downloading more payloads or spreading. Then run a trusted security scan, change passwords from a safe device, and report the incident if it is a workplace system.
When removing malware, why is restarting into safe mode sometimes recommended?
A Wi-Fi becomes stronger
B Screen becomes brighter
C Malware runs less
D RAM becomes larger
Explanation: Safe mode loads fewer drivers and startup programs, so many malware components remain inactive. This can make it easier for security tools to detect and remove malicious files without interference.
A “security patch” is best described as
A Fix for software flaw
B Backup file copy
C New mouse device
D Internet speed booster
Explanation: A patch is an update that fixes bugs and security vulnerabilities. Applying patches quickly reduces exploitation risk. Attackers commonly target known unpatched flaws, so patching is a key defense.
Encryption supports privacy because it
A Speeds up downloads
B Removes malware fully
C Protects readable data
D Deletes old cookies
Explanation: Encryption converts data into unreadable form without the correct key. It protects data during storage and transmission, especially on public networks. It does not remove malware, but it protects confidentiality.
HTTPS mainly helps users by protecting
A Printer connection
B Screen brightness
C File naming style
D Data in transit
Explanation: HTTPS encrypts communication between browser and website, reducing interception risk on networks. It improves privacy and security for logins and payments, though users must still check the correct domain.
A company restricts USB use and blocks auto-run features. This mainly reduces risk from
A Infected removable media
B Slow internet speed
C Weak screen colors
D High CPU temperature
Explanation: USB drives can carry malware that runs automatically or tricks users into opening infected files. Restricting USB use and disabling auto-run reduces infection chances and protects systems from quick spread.
Browser privacy improves when you block
A Screen notifications
B Third-party trackers
C Keyboard shortcuts
D Printer drivers
Explanation: Third-party trackers follow users across websites for advertising. Blocking them reduces profiling and data collection. Combining tracker blocking with privacy settings and careful permissions helps protect user privacy.
Secure disposal of a smartphone before sale should include
A Rename all folders
B Only uninstall apps
C Factory reset plus wipe
D Just delete photos
Explanation: Factory reset removes user data, but some data may still be recoverable if not done properly. Logging out of accounts, removing SIM/SD cards, and using secure erase features improve safety.
A “digital footprint” can harm privacy if you
A Share too much online
B Use a long password
C Enable 2FA
D Update your OS
Explanation: Posts, comments, photos, and app data create a digital footprint. Oversharing can expose personal details to scammers. Use privacy settings, limit public information, and think before posting.
A user receives a suspicious email. Which verification step is safest?
A Reply asking details
B Open attachment first
C Use official website login
D Click link quickly
Explanation: Instead of clicking email links, go directly to the official website or app to check account status. This avoids phishing traps. Report suspicious emails using proper channels to warn others.
An organization practices “incident response.” What is a key goal of incident response?
A Increase internet speed
B Install new printers
C Create user accounts
D Contain and recover
Explanation: Incident response aims to detect, contain, and remove threats, then recover systems safely. It also includes documenting what happened and preventing repeat incidents with fixes like patches and training.
A “security log” is most useful for
A Improving screen clarity
B Investigating an incident
C Faster file copying
D Changing keyboard language
Explanation: Security logs record events like logins, failures, and system changes. During incidents, logs help identify what happened, when it happened, and which accounts or devices were involved.
A “data privacy” rule focuses mainly on
A Faster CPU processing
B Better video playback
C Proper personal data use
D Higher monitor refresh
Explanation: Data privacy rules control how personal data is collected, stored, shared, and deleted. Following privacy practices reduces misuse and legal risk, and builds user trust through responsible handling.
Awareness training reduces cyber risk mainly because it helps users
A Recognize common scams
B Add more RAM
C Increase typing speed
D Change screen theme
Explanation: Many attacks rely on human mistakes, like clicking phishing links or sharing OTPs. Awareness training teaches warning signs and safe steps, reducing successful scams and improving early incident reporting.
A “security policy violation” example is
A Locking screen when away
B Using password manager
C Sharing passwords with coworker
D Reporting phishing email
Explanation: Sharing passwords breaks security rules and removes accountability. It increases the chance of misuse and makes investigations harder. Each user should have their own access with proper permissions.
A layered security approach is best described as
A Only antivirus installed
B Only strong passwords
C Only firewall enabled
D Multiple defenses together
Explanation: Layered security uses multiple controls like updates, antivirus, firewall, least privilege, backups, and training. If one control fails, others still protect the system, reducing overall risk and impact.