Chapter 12: Cyber Security, Malware, and Protection Tools (Set-8)
A company ranks systems as “critical, important, normal” before applying controls. This process is called
A Disk formatting
B Screen scaling
C Asset classification
D File renaming
Explanation: Asset classification groups systems and data by importance and sensitivity. It helps decide which assets need stronger access control, encryption, monitoring, and faster patching to reduce risk.
A threat becomes more dangerous when it can exploit a
A Wallpaper
B Vulnerability
C Speaker
D Mouse pad
Explanation: Threats cause harm mainly by using vulnerabilities. Fixing weaknesses with patches, secure settings, and strong authentication reduces the chance that threats can successfully attack.
Risk is usually calculated by combining likelihood with
A Impact
B Screen size
C File format
D CPU speed
Explanation: Risk depends on how likely an attack is and how much damage it would cause. High-impact systems require stronger controls even if attacks are less likely.
A login alert shows access from a new country. The best immediate action is to
A Share OTP quickly
B Disable antivirus
C Change password + 2FA
D Ignore the alert
Explanation: Changing the password blocks the attacker using stolen credentials. Enabling 2FA adds a second barrier, so even if the password is stolen again, login becomes much harder.
“Least privilege” in an office network means giving users
A Maximum admin rights
B Same access to all
C Full database control
D Minimum required access
Explanation: Least privilege reduces damage if an account is compromised. Users get only the permissions needed for their job, limiting what an attacker can reach through that account.
A phishing email requests “urgent payment” and a changed bank account. Which scam is most likely?
A BEC fraud
B Disk cleanup
C Screen sharing
D File backup
Explanation: Business Email Compromise involves impersonating executives or vendors to redirect payments. Verification by calling known numbers and using approval checks helps prevent this fraud.
A user installs a fake “security cleaner” after scary popups. This is best called
A Firmware
B Antivirus
C Scareware
D Encryption
Explanation: Scareware uses fear messages to trick users into installing malicious programs or paying money. Trust only known security tools and avoid random popups that claim infections.
A computer is slow and shows many ads after installing free software. The most likely malware is
A Rootkit
B Worm
C Patch
D Adware
Explanation: Adware causes unwanted ads and may track browsing. It often comes bundled with free installers. Choose trusted downloads, read install steps, and scan to remove adware.
A “backdoor” installed by malware is mainly used for
A Hidden remote access
B Faster startup
C Bigger storage
D Better graphics
Explanation: Backdoors allow attackers to access a system without normal login. They support persistence and data theft. Remove malware, patch systems, and change all passwords after cleanup.
A worm spreads faster than a virus mainly because it can
A Need host program
B Spread without user action
C Require manual install
D Run only offline
Explanation: Worms can self-spread across networks by exploiting vulnerabilities without users opening files. Patch management and firewalls are important to prevent worm outbreaks.
A ransomware attack usually shows which clear sign?
A Better Wi-Fi speed
B New wallpaper only
C Encrypted files + note
D Quiet computer sound
Explanation: Ransomware often encrypts files and displays a ransom message. Isolate the device, remove malware, and restore from clean backups. Paying is risky and not guaranteed.
A tool that blocks unauthorized inbound connections is
A Firewall
B Notepad
C Calculator
D Media player
Explanation: A firewall filters network traffic using rules. It blocks unwanted connections and helps protect systems from network attacks, especially on public or untrusted networks.
Antivirus “quarantine” is useful because it
A Deletes backups
B Speeds up internet
C Hides browser tabs
D Stops file execution
Explanation: Quarantine isolates suspicious files so they cannot run. This prevents harm while allowing analysis or deletion. It also helps when a file is wrongly detected, so it can be restored safely.
Why should antivirus signatures be updated regularly?
A Screen becomes brighter
B Printer works faster
C New threats appear
D Files become smaller
Explanation: New malware variants appear frequently. Updating signatures helps antivirus recognize newer threats. Without updates, the tool may miss infections and give a false sense of safety.
Heuristic scanning is helpful when malware is
A Always harmless
B New or modified
C Only in images
D Only on USB
Explanation: Heuristics detect suspicious behavior patterns, not just known signatures. This helps catch new or changed malware, though users should confirm before deleting files due to possible false positives.
A scheduled scan is mainly used for
A Faster file copying
B Better screen display
C Automatic regular scanning
D Higher battery life
Explanation: Scheduled scans run at set times without user action. They help ensure regular system checking and can detect threats that real-time protection may miss.
A strong password reduces success of
A Brute-force guessing
B Disk defrag
C Screen flicker
D File indexing
Explanation: Brute-force attacks try many password combinations. Long, complex, and unique passwords make guessing harder. Account lockouts and 2FA further reduce brute-force success.
Credential stuffing becomes likely when users
A Use passphrases
B Enable 2FA
C Reuse same passwords
D Update software
Explanation: Credential stuffing uses leaked logins from one site to access others. Reusing passwords makes this easy. Unique passwords per site and 2FA greatly reduce this risk.
A password manager mainly helps by
A Disabling antivirus
B Sharing OTPs
C Blocking all ads
D Creating unique passwords
Explanation: Password managers generate and store strong unique passwords for each account. This prevents reuse and reduces account takeover risk after breaches, while keeping logins easy to manage.
2FA is strongest when the second factor is
A Common PIN only
B Authenticator app code
C Username reminder
D Public email link
Explanation: Authenticator app codes are generally safer than SMS OTP because SMS can be intercepted. Adding a second factor blocks attackers even if they steal the password.
Smishing is best described as phishing via
A Voice calls
B USB drives
C SMS messages
D Cookies
Explanation: Smishing uses text messages to push fake links or ask for OTPs. Avoid unknown SMS links and verify claims using official apps or websites.
Vishing is best described as phishing via
A Voice call
B Email attachment
C QR sticker
D Browser ad
Explanation: Vishing scams use phone calls to impersonate banks or support. They often ask for OTPs or passwords. Never share OTPs; call back using official numbers to verify.
Email spoofing is dangerous because it can
A Speed up email
B Encrypt messages
C Look like trusted sender
D Remove spam
Explanation: Spoofing fakes sender identity to gain trust. Users may click links or share data. Verify requests through another channel, and check domains carefully before acting.
A safe way to check a suspicious link is to
A Click it quickly
B Reply with OTP
C Disable browser security
D Hover to view URL
Explanation: Hovering shows the actual URL destination, revealing misspellings or strange domains. This prevents accidental clicks on phishing links and helps users verify legitimacy.
Typosquatting attacks mainly use
A Faster CPU
B Look-alike domains
C Secure backups
D Strong encryption
Explanation: Typosquatting uses domains with small spelling changes to trick users into visiting fake sites. Always check the exact domain, especially before entering passwords or OTPs.
HTTPS mainly ensures
A Virus-free website
B Faster downloads
C Encrypted web traffic
D Strong password
Explanation: HTTPS encrypts data between browser and website, reducing interception risk. It does not guarantee the site is genuine, so domain verification is still important.
A VPN is mainly used to
A Encrypt network traffic
B Remove malware
C Clean disk space
D Speed up CPU
Explanation: VPN encrypts traffic between your device and the VPN server, improving privacy on public Wi-Fi. It does not replace antivirus or safe browsing but adds an extra security layer.
A good ransomware defense includes
A Shared admin passwords
B Disabled updates
C Unknown downloads
D Offline backups
Explanation: Offline backups cannot be encrypted by ransomware on an infected device. Keeping a disconnected copy and testing restore steps ensures recovery without paying attackers.
Malware removal should start by
A Sharing files online
B Ignoring warnings
C Isolating the device
D Turning off firewall
Explanation: Isolation prevents malware spread and blocks communication with attacker servers. After isolation, scan with updated tools, remove threats, patch vulnerabilities, and change passwords from a clean device.
Patch management mainly helps by
A Closing known weaknesses
B Increasing screen size
C Improving speaker sound
D Reducing file names
Explanation: Patch management ensures updates are applied on time to fix known vulnerabilities. Attackers often exploit unpatched systems, so faster patching reduces the window of exposure.
Encryption at rest helps protect data when
A Screen is bright
B Wi-Fi is fast
C Device is stolen
D Battery is low
Explanation: Encryption at rest makes stored data unreadable without the key. If a laptop or phone is stolen, encryption helps protect files from offline access and supports confidentiality.
Data minimization supports privacy by
A Sharing data widely
B Keeping data forever
C Disabling passwords
D Collecting only needed
Explanation: Collecting only necessary data reduces harm if a breach occurs. Less stored data means less exposure. It also improves compliance with privacy rules and reduces unnecessary data sharing.
Third-party cookies mainly increase
A Cross-site tracking
B Malware scanning
C File backup
D Screen clarity
Explanation: Third-party cookies can track users across websites for advertising and profiling. Blocking them reduces tracking and improves privacy while still allowing most sites to function normally.
Secure disposal of old drives should include
A Simple delete only
B Folder rename
C Certified secure wiping
D Desktop move
Explanation: Deleting files does not fully remove data. Secure wiping overwrites storage, making recovery difficult. For sensitive data, encryption plus wipe or professional destruction may be needed.
Safe USB practice reduces risk of
A Better file transfer
B Extra storage space
C Faster boot
D Malware infection
Explanation: Unknown USB drives can carry malware. Disabling auto-run and scanning removable media helps prevent infection. Avoid using unknown USB devices found in public places.
A digital footprint increases when you
A Enable 2FA
B Share personal data
C Update antivirus
D Lock phone screen
Explanation: Posting personal details, photos, and location increases your online trail. Limiting oversharing and using privacy settings reduces risks like identity theft and targeted scams.
An incident response goal is to
A Speed up internet
B Add new printers
C Contain and recover
D Create wallpapers
Explanation: Incident response focuses on detecting, containing threats, removing them, and restoring systems safely. It also involves learning from the incident to prevent repeat attacks.
Security awareness training mainly helps users
A Recognize phishing cues
B Increase RAM size
C Change printer ink
D Reduce screen glare
Explanation: Training teaches users to identify fake domains, urgent pressure, and suspicious attachments. Since many attacks target human behavior, awareness greatly reduces successful phishing and social engineering.
A common phishing cue is
A Clear official URL
B Expected attachment
C Known phone number
D Mismatched sender domain
Explanation: Phishing often uses slightly altered domains or fake sender addresses. Checking the sender domain and link destination helps detect scams before clicking or sharing sensitive information.
The safest way to confirm a bank message is to
A Reply to message
B Click link inside
C Use official app
D Share OTP quickly
Explanation: Fake messages often include malicious links. Opening the official banking app or typing the official URL avoids phishing pages. Never share OTPs; banks do not ask for them.
A sandbox is used to
A Speed up Wi-Fi
B Run apps safely
C Delete cookies
D Increase disk size
Explanation: Sandboxing runs suspicious programs in an isolated environment so they cannot easily harm the main system. It helps analyze behavior safely and reduces risk from unknown files.
Outbound firewall rules help prevent
A Screen flicker
B Printer jam
C Low storage
D Data exfiltration
Explanation: Malware often sends stolen data to attacker servers. Outbound firewall rules can block unknown connections, reducing data theft and stopping malware from receiving commands.
A “false positive” means
A Safe file flagged
B Malware missed
C Backup deleted
D Patch failed
Explanation: False positive happens when antivirus wrongly marks a legitimate file as malware. Users should verify before deleting. Updated signatures and better heuristics help reduce false positives.
A “false negative” means
A Safe file flagged
B Scan runs faster
C Malware not detected
D Update succeeds
Explanation: False negative means malware is present but not detected. It may happen with new threats or stealth techniques. Layered security and updated tools reduce chances of missed infections.
Least privilege mainly limits
A Screen brightness
B Damage after compromise
C Wi-Fi strength
D File compression
Explanation: If an account is hacked, least privilege limits what the attacker can access. This reduces spread, prevents major data theft, and protects critical systems from unauthorized changes.
A security baseline ensures
A Consistent secure settings
B Faster typing speed
C Bigger monitor size
D Better audio quality
Explanation: A baseline sets minimum safe configurations, such as enabling updates and disabling risky services. It reduces weak setups across devices and makes security management easier.
An “attack surface” increases when you
A Use 2FA
B Apply patches
C Use encryption
D Enable unnecessary services
Explanation: Extra services and open ports provide more entry points. Disabling unused services reduces the attack surface and lowers chances of exploitation by worms, hackers, or automated scans.
Threat modeling helps by
A Increasing storage
B Improving graphics
C Finding attack paths
D Changing screen theme
Explanation: Threat modeling identifies possible threats, assets, and attack routes. It helps plan controls early, making systems safer by reducing weak points and improving security design.
A security policy usually defines
A Rules for safe use
B Printer paper size
C Monitor refresh rate
D Keyboard shortcuts
Explanation: Security policies define password rules, access limits, safe browsing, and reporting steps. They guide users and reduce risky behavior, supporting consistent security practices across an organization.
Layered security works best because
A It removes all threats
B It stops updates
C One failure won’t break
D It needs no training
Explanation: Layered security uses multiple controls like firewall, antivirus, updates, backups, and training. If one control fails, other layers still protect, reducing the chance of major damage.