Chapter 12: Cyber Security, Malware, and Protection Tools (Set-9)
A company decides which systems need strongest controls by checking “likelihood + damage.” What is this activity called?
A File indexing
B Disk cleanup
C Risk assessment
D Screen tuning
Risk assessment evaluates how likely an attack is and how much impact it can cause. It helps prioritize protections like patching, access control, encryption, and monitoring for high-risk assets.
Attackers often start by collecting employee emails and roles from public sites. This phase is called
A Reconnaissance
B Encryption
C Quarantine
D Backup
Reconnaissance is information gathering before an attack. Attackers use public data for targeted phishing and impersonation. Limiting exposed details and training staff helps reduce success.
A company blocks unused ports and removes unnecessary services. This mainly reduces
A Screen size
B Battery drain
C File format
D Attack surface
Attack surface means all possible entry points. Closing ports and removing unused services reduces ways attackers can enter, lowering the chance of successful exploitation and malware spread.
A hacker uses a stolen password to access email, then uses that account to reset other services. This is an example of
A Disk defrag
B Data compression
C Account takeover
D Screen casting
Account takeover occurs when an attacker gains control of an account using stolen credentials. Email takeover is especially dangerous because it can reset other accounts. Use 2FA and unique passwords.
A policy says employees should not install software without approval. This policy mainly prevents
A Screen flicker
B Untrusted installs
C Printer jams
D Audio noise
Unapproved software can contain trojans, spyware, or adware. Restricting installs reduces infections and keeps systems standardized, making patching and security management easier.
A user sees a message: “Your PC is infected—pay now!” and installs a fake cleaner. This threat is
A Rootkit
B Worm
C Scareware
D Firewall
Scareware uses fear to trick users into installing malware or paying money. Trust only known security tools and ignore random popups claiming infections.
A malware that looks like a normal app but secretly steals data is a
A Trojan
B Virus
C Worm
D Patch
A trojan disguises itself as legitimate software. After installation, it may steal data, open backdoors, or download more malware. Download only from trusted sources.
A worm spreads fastest inside networks because it can
A Need user click
B Require host file
C Run only offline
D Self-propagate
Worms can replicate and spread through vulnerabilities without user action. Patching systems and using network controls help prevent worm outbreaks.
A ransomware incident impacts shared folders the most when users have
A Excessive permissions
B Strong passwords
C 2FA enabled
D Updated antivirus
If users have broad access, ransomware can encrypt many shared files. Least privilege limits reach and reduces damage. Combine with backups and patching for stronger defense.
A keylogger mainly aims to steal
A Screen brightness
B Printer settings
C Passwords and PINs
D File names
Keyloggers record keystrokes to capture credentials like passwords, PINs, and OTPs typed. Use 2FA, updated security tools, and avoid risky downloads to reduce theft.
A botnet is controlled through
A Wallpaper app
B Command server
C ZIP tool
D Email filter
Botnets communicate with command-and-control servers to receive instructions and send data. Blocking suspicious connections and removing malware can break control and protect devices.
A rootkit is difficult to detect because it
A Shows many ads
B Deletes all files
C Hides in system
D Uses only SMS
Rootkits modify system components to hide malicious activity. This makes detection hard. Trusted scans, secure boot checks, and clean reinstall may be needed to fully remove them.
Antivirus “real-time protection” is important because it
A Blocks threats immediately
B Works yearly only
C Needs no updates
D Deletes backups
Real-time protection scans files as they run or download and blocks threats before they spread. It is a key layer along with updates and scheduled scans.
Quarantine in antivirus is used to
A Increase disk space
B Speed up Wi-Fi
C Hide browser tabs
D Isolate suspicious files
Quarantine prevents suspicious files from executing by isolating them. It protects the system while allowing later analysis or safe restoration if the file is a false alert.
Signature-based detection is strongest for
A New zero-days
B Hardware faults
C Known malware
D Screen issues
Signatures match known malware patterns. They work well for known threats, but new variants may require heuristics and behavior detection. Regular updates improve signature coverage.
Heuristic scanning helps detect
A Only old viruses
B New variants
C Printer issues
D RAM problems
Heuristics detect suspicious behaviors and patterns, helping find new or modified malware not yet in signature databases. It improves detection but may sometimes flag safe files.
A firewall can reduce attacks mainly by controlling
A Network connections
B Keyboard layout
C Screen colors
D File fonts
Firewalls allow or block traffic based on rules. They help prevent unauthorized access, reduce exposure to scans and exploits, and limit malware communication when outbound rules are applied.
A user uses one password on many websites. After one breach, the biggest risk is
A Disk corruption
B Screen burn
C Credential stuffing
D Printer failure
Credential stuffing uses leaked credentials to try logins on other sites. Unique passwords per site and 2FA greatly reduce the chance of account takeover after a breach.
A passphrase is often stronger mainly because it is
A Short and numeric
B Based on name
C Same everywhere
D Longer and memorable
Longer passwords increase resistance to guessing and brute force. Passphrases are easier to remember while still being long. Avoid common phrases and personal details.
A password manager reduces risk by preventing
A Screen lock
B Password reuse
C File sharing
D Disk cleaning
Password managers store strong unique passwords, so users don’t reuse the same one. This prevents chain compromise when one website leaks credentials.
2FA reduces account takeover because it adds
A Bigger username
B Faster login
C Second factor
D Longer email
With 2FA, attackers need both password and an extra proof like app code or prompt. Even stolen passwords alone usually fail, greatly improving account security.
A phishing email typically tries to get you to
A Enter credentials
B Update drivers
C Clean storage
D Change wallpaper
Phishing uses fake pages and urgent messages to steal logins, bank details, or OTPs. Check domains, avoid clicking unknown links, and log in through official apps.
Smishing is most likely received through
A Voice call
B USB drive
C SMS text
D Browser cookie
Smishing uses SMS links to steal data or install malware. Avoid unknown links, verify through official apps, and report suspicious texts to reduce risk.
Vishing is most likely done using
A Email links
B Phone calls
C QR codes
D Popups
Vishing scammers call pretending to be bank or support staff to steal OTPs and passwords. Never share OTPs on calls; verify using official numbers.
Spoofing in cyber scams mainly means
A Encrypting data
B Removing malware
C Creating backups
D Faking identity
Spoofing makes emails, numbers, or websites look legitimate. Always verify unexpected requests, check domains, and confirm sensitive actions through trusted channels.
A safe way to confirm a bank alert is to
A Open official app
B Click SMS link
C Reply with OTP
D Forward to all
Scammers often include fake links. Using the official app or typing the official URL avoids phishing pages. Never share OTPs, and contact official support if unsure.
HTTPS indicates
A Trusted company
B Virus-free page
C Encrypted connection
D Fast internet
HTTPS encrypts traffic between browser and website, protecting data in transit. It does not prove a site is legitimate, so domain checking remains essential.
A VPN is most useful on public Wi-Fi to
A Remove spyware
B Encrypt traffic
C Speed internet
D Block all ads
VPN encrypts your data from device to VPN server, reducing interception risk on public Wi-Fi. It is an extra layer and should be used with safe browsing and antivirus.
Keeping one backup offline helps mainly against
A Ransomware
B Screen damage
C Battery drain
D Keyboard dust
Offline backups cannot be encrypted by ransomware on an infected device. Keeping a disconnected copy and testing restores ensures you can recover without paying attackers.
After detecting malware, the best first action is to
A Disable antivirus
B Share files
C Ignore alerts
D Disconnect network
Disconnecting limits spread and blocks malware communication. Then run trusted scans, remove threats, patch vulnerabilities, and change passwords from a clean device to prevent reinfection.
Patch management mainly reduces
A Screen brightness
B Printer errors
C Known vulnerabilities
D File size
Patch management applies security updates to fix known weaknesses. Attackers often exploit unpatched flaws, so timely patching reduces the exposure window.
Encryption at rest protects data if
A Device is stolen
B Wi-Fi is slow
C Screen is cracked
D Battery is low
Encryption at rest makes stored data unreadable without the key. If a laptop or phone is stolen, encryption protects files from offline access.
Data minimization helps privacy by
A Sharing more data
B Keeping forever
C Disabling locks
D Collecting less data
Collecting only needed data reduces exposure in a breach and improves privacy compliance. Less stored data means less can be stolen, leaked, or misused.
Third-party cookies mainly increase
A Malware removal
B Backup speed
C Tracking across sites
D Screen quality
Third-party cookies can track users across websites, building advertising profiles. Blocking them reduces tracking and improves privacy.
Secure disposal of a drive requires
A Secure wiping
B Simple delete
C Rename folders
D Move files
Deleting files does not fully remove data. Secure wiping overwrites data to reduce recovery. For very sensitive data, encryption plus wipe or certified destruction may be needed.
Safe USB behavior reduces risk of
A Faster transfers
B Extra storage
C Malware infection
D Better audio
USB drives can carry malware and malicious shortcuts. Scan before opening and avoid unknown drives. Disabling auto-run helps prevent automatic execution of malicious code.
A digital footprint is mainly your
A Screen fingerprint
B Online activity trail
C Disk usage graph
D Printer history
A digital footprint is the trace of your online activity like posts, logins, and searches. Limiting oversharing and adjusting privacy settings reduces misuse and identity theft risk.
Incident response focuses on
A Detect, contain, recover
B Print, scan, copy
C Browse, download, share
D Sleep, restart, format
Incident response includes detecting the issue, containing spread, removing threats, and restoring systems. It also involves reporting and improving controls to prevent similar incidents.
Awareness training mainly improves
A CPU performance
B Screen resolution
C Safe user behavior
D Printer speed
Training helps users spot phishing cues, verify requests, and avoid unsafe downloads. Since many attacks target human mistakes, awareness is a strong defense.
Threat modeling helps by identifying
A Screen settings
B Likely attack paths
C Disk partitions
D Printer queues
Threat modeling lists assets, possible attackers, and attack routes. It guides control selection like patching, access restriction, monitoring, and secure design.
“Attack vector” means
A Backup location
B Disk partition
C Screen mode
D Method of attack
Attack vector is the route used to attack a system, such as phishing, weak passwords, or infected USB. Controlling vectors reduces successful attacks.
A data breach often results from
A Low battery
B Slow CPU
C Unauthorized access
D Small screen
A data breach happens when sensitive data is accessed or exposed without permission. Causes include hacking, stolen credentials, or misconfiguration. Quick reporting and containment reduces harm.
Least privilege helps most after
A Account compromise
B Screen damage
C Printer jam
D File rename
If an account is hacked, least privilege limits what the attacker can access. This reduces spread, protects important data, and lowers overall incident impact.
A security baseline ensures
A Faster gaming
B Consistent secure setup
C Bigger storage
D Better sound
A baseline defines minimum secure settings like updates, firewall rules, and disabled risky services. It reduces weak configurations and standardizes security across devices.
Outbound firewall rules help block
A Screen flicker
B Printer queues
C File copying
D Malware calling home
Many malware types contact external servers for commands or data theft. Outbound rules can block suspicious connections, reducing exfiltration and stopping command-and-control communication.
A sandbox is best used to
A Speed CPU
B Increase RAM
C Test suspicious files
D Remove cookies
Sandboxing runs a file in isolation so it cannot easily harm the main system. It helps observe behavior safely and reduces risk from unknown programs.
A “false positive” means
A Safe file flagged
B Malware missed
C Backup deleted
D Patch failed
False positive occurs when antivirus marks a legitimate file as malicious. Verify before deleting. Updates and improved detection reduce such errors.
A “false negative” means
A Safe file flagged
B Malware not detected
C Scan faster
D Update works
False negative means malware is present but not detected. Layered security, updates, and behavior monitoring reduce the chance of missing threats.
Email attachments are risky mainly because they may contain
A Safe backups
B Text formatting
C Malware payload
D Screen themes
Attachments can hide malicious scripts, trojans, or ransomware. Verify sender, scan attachments, and avoid enabling macros. If unsure, do not open.
Layered security is recommended because
A One layer may fail
B It removes all risk
C It stops updates
D It needs no policy
No single defense is perfect. Layered security combines updates, firewall, antivirus, backups, and training. If one fails, others still reduce attack success and limit damage.