Chapter 12: Cyber Security, Malware, and Protection Tools (Set-4)
A security officer asks employees to report any suspicious email within 10 minutes using a fixed form. This practice mainly strengthens
A Screen lock timing
B File compression method
C Keyboard shortcut use
D Incident reporting process
Explanation: Fast incident reporting helps security teams react quickly to contain threats, block malicious links, and warn others. A standard form ensures correct details are captured, improving investigation and response.
An attacker studies an organization’s public website to find exposed email addresses and uses them for scams. This activity is best called
A Encryption
B Reconnaissance
C Disk defragmentation
D Data archiving
Explanation: Reconnaissance is the information-gathering stage where attackers collect details like emails, systems, or employee names. This data is used to plan targeted phishing or other attacks more successfully.
A company reduces attack chances by closing unused ports and removing unnecessary services. This action mainly reduces the
A Password length
B Disk capacity
C Attack surface
D Screen timeout
Explanation: The attack surface is the total number of possible entry points into a system. Removing unnecessary services and closing unused ports reduces ways attackers can enter, lowering overall risk.
A single email account shows many repeated login attempts in a short time, trying different passwords. Which attack is most likely?
A Brute-force attack
B Password spraying
C Disk cleaning
D Driver update
Explanation: Password spraying tries common passwords across many accounts or repeated attempts across locations. Strong unique passwords, account lockout, and 2FA help prevent attackers from successfully logging in.
A cyber threat that tricks users into installing fake security software is best described as
A Firmware
B Freeware
C Scareware
D Clipboard tool
Explanation: Scareware shows false warnings like “your PC is infected” to push users into installing malicious software or paying money. Using trusted security tools and avoiding random popups helps prevent it.
A user downloads a “game mod” that looks safe but silently installs spyware. Which user mistake is most related?
A Strong password use
B Regular backup practice
C Screen lock setting
D Untrusted download habit
Explanation: Untrusted downloads often bundle trojans or spyware. Safe computing means using official sources, reading installation prompts, and scanning files. These steps reduce infections from fake tools and mods.
A program secretly changes browser settings and redirects searches. This is often a sign of
A File compressor
B Browser hijacker
C System driver
D Printer manager
Explanation: A browser hijacker changes homepage, search engine, or redirects traffic to unwanted sites. It may collect data or show ads. Removing suspicious extensions and scanning the system helps fix it.
A “zero-day vulnerability” is dangerous mainly because
A Password is short
B Wi-Fi is slow
C No patch exists
D Screen is cracked
Explanation: A zero-day vulnerability is unknown to the vendor or not yet fixed, so attackers can exploit it before a patch is available. Strong monitoring and layered security help reduce damage until patched.
A “security baseline” in an organization usually means
A Maximum RAM speed
B Highest screen quality
C Largest disk size
D Minimum secure settings
Explanation: A security baseline is a standard set of safe configuration settings for devices and software. It ensures consistent security across systems, reducing weak setups that attackers often target.
A Trojan that pretends to be an invoice and spreads via email attachment is mainly relying on
A CPU overheating
B Social engineering
C Disk fragmentation
D File indexing
Explanation: Social engineering manipulates people into opening attachments or clicking links. Attackers design messages to look urgent or official, making users bypass caution. Training and verification reduce success.
“Fileless malware” is harder to detect because it mainly
A Needs a printer
B Uses only USB
C Runs in memory
D Avoids internet always
Explanation: Fileless malware often runs in memory using legitimate tools, leaving fewer files on disk. This makes traditional scans harder. Behavior monitoring, patching, and restricting scripting tools reduce risk.
A common method used by ransomware to spread inside a company network is
A Screen brightness
B Shared folder access
C Audio driver update
D Keyboard layout
Explanation: Ransomware can spread through shared drives and folders, encrypting files across the network. Limiting permissions, using least privilege, and keeping backups reduces damage from such spread.
A “command and control” server is used mainly to
A Store family photos
B Increase Wi-Fi range
C Encrypt backups
D Control infected devices
Explanation: Command-and-control servers communicate with malware on infected machines, sending instructions and receiving stolen data. Blocking suspicious network traffic and using threat detection helps disrupt this control.
Spyware that records screenshots and browsing history is mainly violating
A CPU performance
B Screen resolution
C User privacy
D Disk formatting
Explanation: Spyware collects personal information without permission, harming privacy and sometimes leading to identity theft. Using updated anti-spyware tools, limiting app permissions, and avoiding unsafe software reduces exposure.
A rootkit often requires stronger cleanup steps because it may
A Modify system core
B Only show ads
C Use only SMS
D Affect only photos
Explanation: Rootkits can alter deep system components to hide and maintain control. Removal may need specialized tools, secure boot checks, or reinstalling from clean media to fully restore trust in the system.
A key reason antivirus uses “heuristics” is to detect malware that
A Is always harmless
B Needs no internet
C Is only old
D Has no signature yet
Explanation: Heuristics look for suspicious behavior and patterns instead of only known signatures. This helps detect new or modified malware. It can cause occasional false positives, so verification is important.
If antivirus “quarantines” a file, the file is
A Uploaded to social media
B Prevented from running
C Sent to printer queue
D Made into a backup
Explanation: Quarantine isolates suspicious files so they cannot execute and harm the system. It allows later analysis and safe removal. Users should avoid restoring quarantined files unless confirmed safe.
A firewall that allows only approved applications to access the internet is using
A Screen lock policy
B Disk cleanup rule
C Application control
D Password hashing
Explanation: Application control limits which programs can connect online, blocking unknown or suspicious apps. This helps stop malware from contacting command servers or sending stolen data out of the computer.
Why is “real-time protection” important even if you run weekly scans?
A Stops threats instantly
B Deletes backups always
C Disables browser cookies
D Increases disk space
Explanation: Real-time protection blocks malware at download or execution time, reducing infection chances before it spreads. Weekly scans are useful, but real-time protection prevents many attacks from starting.
A safe computing rule says “do not use admin account for daily browsing.” This reduces risk because
A Increases screen quality
B Speeds up internet
C Adds storage space
D Limits malware privileges
Explanation: Using a normal account limits what malware can change if infected. Admin accounts have high privileges, so malware can disable security tools or alter system settings more easily when run as admin.
A password like “R0hit@2026!” is still weak mainly because it
A Has symbols included
B Is hard to type
C Uses predictable pattern
D Is mixed case
Explanation: Even with symbols, predictable patterns like name plus year are guessable. Strong passwords should be long, random, and not based on personal details. Password managers help create safer passwords.
“Password hashing” is important because it
A Deletes phishing emails
B Protects stored passwords
C Blocks all malware
D Improves Wi-Fi speed
Explanation: Hashing stores passwords in a one-way form so the original password isn’t saved directly. If a database leaks, hashing reduces immediate exposure, though strong unique passwords are still essential.
Two-factor authentication is weaker if the second factor is
A App-generated code
B Hardware security key
C Biometric on phone
D Shared OTP by SMS
Explanation: SMS-based OTP can be intercepted through SIM swap or message forwarding. App codes or hardware keys are generally safer. Still, SMS 2FA is better than password-only security.
A common safe browsing habit to avoid fake login pages is to
A Click ads first
B Trust every email
C Use saved bookmarks
D Disable HTTPS
Explanation: Bookmarks for official sites reduce the chance of entering fake phishing pages. Combine this with checking the domain and HTTPS, and avoid logging in through random links sent in messages.
“Secure downloads” best means
A Verify file source
B Turn off antivirus
C Ignore warnings
D Use random mirrors
Explanation: Secure downloads involve using official sources, verifying the website, scanning the file, and avoiding pirated software. This reduces infections from trojans, spyware, and bundled adware.
A user saves passwords in a plain text file on desktop. The biggest risk is
A Faster login speed
B Easy password theft
C Better screen look
D More disk space
Explanation: Plain text password storage is easily stolen by malware or anyone with access to the device. A password manager encrypts stored credentials and adds protection, especially with a master password.
Social engineering works best when attackers create
A Slow internet speed
B High screen brightness
C Extra RAM usage
D Trust and urgency
Explanation: Attackers use urgency and authority to rush decisions, like “pay now” or “verify now.” Training helps users pause, verify via official channels, and avoid sharing OTPs or passwords.
A “spear phishing” email is different because it is
A Sent to everyone
B Always harmless
C Targeted to one person
D Only on SMS
Explanation: Spear phishing targets specific individuals using personal details to look genuine. It is more convincing than general phishing. Verifying requests and checking sender details helps prevent successful attacks.
A company asks employees to verify payment requests by calling the requester on a known number. This prevents
A Disk fragmentation
B Business email compromise
C Screen flicker
D File corruption
Explanation: Business email compromise involves attackers impersonating executives or vendors to redirect payments. Independent verification using known contacts stops many fraud attempts, especially urgent invoice or bank-change messages.
A “smishing” message often contains
A Printer driver update
B Safe website bookmark
C Verified certificate only
D Short link to click
Explanation: Smishing uses SMS to push users to click shortened or suspicious links. Avoid clicking unknown SMS links, and check directly in official apps or websites to confirm any claim.
A “vishing” scam is usually performed through
A Email attachment
B Website popup
C Phone call voice
D USB drive
Explanation: Vishing is voice phishing, where scammers call pretending to be a bank or support team. They try to get OTPs or passwords. Never share such codes over phone calls.
A spoofed website can be detected by checking the
A Domain spelling carefully
B Background color
C Font type used
D Page loading speed
Explanation: Spoofed sites often use slight spelling changes or extra characters. Checking the exact domain name is the best basic defense. Use bookmarks and avoid login links from messages.
A QR code posted on a random pole asks for “KYC update” and opens a payment page. This is likely a
A Disk restore tool
B Antivirus update
C Backup service
D QR phishing scam
Explanation: QR scams trick users into opening malicious links or payment pages. Scan QR codes only from trusted sources, check URLs shown, and never enter credentials or make payments without verification.
“Data minimization” supports privacy by
A Sharing data widely
B Collecting only necessary
C Storing forever always
D Disabling encryption
Explanation: Data minimization means collecting only needed personal data and keeping it only as long as required. Less stored data reduces harm if a breach occurs and improves overall privacy compliance.
A strong step to protect sensitive files on a laptop is to enable
A Screen wallpaper lock
B Auto-play music
C Full disk encryption
D Quick file rename
Explanation: Full disk encryption protects data if a device is lost or stolen by making files unreadable without the key. It supports confidentiality and reduces chances of offline data theft from the drive.
In incident response, “containment” mainly means
A Increase internet speed
B Create new accounts
C Print security policy
D Stop threat spreading
Explanation: Containment isolates affected devices, blocks malicious traffic, and limits access to prevent further damage. It is a key incident response step before cleanup and recovery, especially during malware outbreaks.
The best immediate action after a confirmed data breach is to
A Hide it silently
B Follow incident plan
C Delete all logs
D Share publicly first
Explanation: Organizations should follow an incident response plan: contain, assess impact, protect accounts, and report as required. Hiding breaches increases damage and legal risk, while logs help investigation.
Security logs are valuable because they
A Increase battery life
B Improve screen size
C Show event history
D Delete malware fully
Explanation: Logs record actions like logins, access attempts, and system changes. They help detect suspicious behavior and support investigation after incidents, making it easier to find the entry point and affected systems.
“Patch management” is important because it helps
A Increase file compression
B Improve printer speed
C Reduce screen glare
D Apply updates on time
Explanation: Patch management ensures software updates are tested and applied regularly. This closes known vulnerabilities before attackers exploit them, improving overall security across many computers in an organization.
A “secure browsing” indicator in the address bar commonly includes
A High brightness icon
B HTTPS padlock
C Volume icon
D Battery icon
Explanation: HTTPS indicates encrypted communication with the website. It improves privacy, especially for logins and payments. Still, users must check the correct domain because scammers can use HTTPS too.
Cookies can be risky for privacy mainly because they can
A Track user behavior
B Increase monitor size
C Delete files automatically
D Improve Wi-Fi speed
Explanation: Some cookies, especially third-party cookies, track browsing across sites for advertising. Limiting trackers reduces profiling. Clearing cookies and using privacy settings helps control unwanted tracking.
A “secure disposal” step for a hard drive in an office is to
A Just delete files
B Rename folders
C Move to desktop
D Use certified wiping
Explanation: Simple deletion does not remove data permanently. Certified wiping overwrites storage to reduce recovery chances. For very sensitive data, physical destruction or professional disposal may be used.
A user plugs an unknown USB drive found in a parking area. The biggest risk is
A Faster file copy
B Malware infection
C Better sound quality
D More storage space
Explanation: Unknown USB drives may contain malware or malicious shortcuts. Safe USB practices include not using unknown drives, disabling auto-run, and scanning removable media before opening any files.
A “digital footprint” is increased most when a person
A Uses 2FA daily
B Updates antivirus
C Shares location publicly
D Locks device screen
Explanation: Posting location, photos, and personal details increases digital footprint and can help scammers. Limit public sharing, review privacy settings, and think before posting to reduce long-term privacy risks.
A “data breach notification” is required in many places to
A Boost internet speed
B Increase storage size
C Improve screen quality
D Inform affected users
Explanation: Many laws require notifying affected users and regulators after certain breaches. Timely notification supports user protection, like changing passwords or monitoring accounts, and increases transparency and legal compliance.
A common protection against credential theft on public Wi-Fi is to use
A Same weak password
B Open hotspot always
C VPN or HTTPS
D Disable screen lock
Explanation: Public Wi-Fi can allow interception if traffic is not encrypted. HTTPS encrypts web data, and a VPN encrypts broader traffic. Avoid sensitive logins on unknown networks when possible.
A computer shows high CPU usage and unknown processes, and antivirus alerts appear. What is a sensible first troubleshooting step?
A Ignore and continue
B Disconnect and scan
C Share files publicly
D Disable security tools
Explanation: Disconnecting limits spread and stops malware from contacting command servers. Then run a trusted antivirus scan, check recent installs, and follow removal steps. Disabling security tools increases risk.
An “awareness cue” in phishing is often
A Mismatched sender domain
B Correct bank URL
C Expected attachment
D Known phone number
Explanation: Phishing messages often use fake or slightly changed domains. Checking the sender address and domain carefully helps detect scams. Users should verify requests through official channels instead of replying.
A good “malware removal” sequence generally starts with
A Share infected files
B Increase brightness
C Rename all files
D Isolate the device
Explanation: Isolation prevents malware from spreading to other devices and stops data theft. After isolation, scan with updated tools, remove threats, apply patches, and change passwords from a clean device if needed.
A basic rule for cyber laws awareness in workplaces is
A Use any pirated apps
B Do not share data
C Ignore user privacy
D Hide all incidents
Explanation: Cyber laws and privacy rules require protecting personal and confidential data. Sharing data without permission can cause legal issues. Following policies, using secure systems, and reporting incidents supports compliance.