CYBERSECURITY

ANALYST POP
QUIZ: 100
MULTIPLE-
CHOICE
QUESTIONS

BY IZZMIER IZZUDDIN
 QUESTIONS

1. What is the triad that represents the core principles of cybersecurity?

A. Scalability, Agility, Flexibility
B. Confidentiality, Integrity, Availability
C. Efficiency, Reliability, Accuracy
D. Usability, Speed, Security

2. What is the purpose of encryption?

A. To hide data from hackers
B. To secure data by converting it into an unreadable format
C. To speed up network communication
D. To compress files for storage

3. Which of the following best describes malware?

A. A legitimate program with vulnerabilities
B. Any software designed to harm, exploit or otherwise compromise data
C. A form of backup software
D. A patch for system updates

4. What is the main objective of penetration testing?

A. To monitor user behaviour
B. To assess vulnerabilities in a system
C. To perform risk analysis
D. To provide firewall configuration

5. Which regulation is primarily designed for data protection and privacy in the European
Union?
A. GDPR
B. HIPAA
C. ISO 27001
D. PCI DSS

6. What protocol is used for secure web traffic?

A. HTTP
B. HTTPS
C. FTP
D. Telnet

7. What does DNS stand for?

A. Domain Network System
B. Data Network Services
C. Domain Name System
 D. Digital Name Server

8. What port does HTTPS typically use?

A. 22
B. 80
C. 443
D. 8080

9. Which protocol is commonly used for file transfers?

A. FTP
B. SMTP
C. SSH
D. POP3

10. What is the default gateway in a network?

A. The path a packet takes to leave a local network
B. The primary DNS server
C. The IP address of the network switch
D. A device used to load-balance network traffic

11. What is a common method used in phishing attacks?

A. Sending fake emails to trick users into revealing sensitive information
B. Launching a DDoS attack to crash a system
C. Exploiting SQL Injection vulnerabilities
D. Modifying firmware in hardware devices

12. What is the difference between a virus and a worm?

A. A virus spreads automatically; a worm requires user action.
B. A worm spreads automatically; a virus requires user action.
C. Worms infect files, while viruses spread through networks.
D. They are essentially the same.

13. What is the main purpose of a honeypot?

A. To prevent network intrusions
B. To attract and study attackers
C. To encrypt sensitive data
D. To test firewall rules

14. Which of these is a preventive control?

A. Antivirus software
B. SIEM solution
C. Forensic analysis tools
 D. Incident reports

15. What is the most secure form of multi-factor authentication?

A. SMS code and password
B. Email verification and password
C. Biometrics and hardware token
D. Security questions and password

16. Which command in Linux is used to change permissions?

A. chmod
B. chown
C. ls
D. mv

17. Which tool is used to detect open ports on a network?

A. Nmap
B. Wireshark
C. Metasploit
D. Nessus

18. What does the acronym SQL stand for?

A. Simple Query Language
B. Structured Query Language
C. Secured Query Language
D. Server Query Language

19. Which of the following is an example of a hashing algorithm?

A. AES
B. SHA-256
C. RSA
D. DES

20. What type of attack is characterised by overwhelming a system with traffic?

A. Phishing
B. Denial of Service (DoS)
C. Man-in-the-Middle
D. Ransomware

5. Incident Response

21. What is the first step in the NIST Incident Response Framework?
A. Containment
 B. Detection
C. Preparation
D. Recovery

22. During an incident, when should logs be collected?

A. Before taking any containment action
B. After eradicating the threat
C. After notifying the management team
D. After closing the case

23. What is the primary goal of containment in incident response?

A. To restore systems to normal operations
B. To prevent further damage or spread of the threat
C. To identify the attacker
D. To collect evidence

24. What type of evidence is found in log files?

A. Physical
B. Documentary
C. Digital
D. Testimonial

25. What should be done immediately after recovering from a ransomware attack?
A. Perform a root cause analysis
B. Reconnect all systems to the network
C. Notify the attacker about recovery
D. Ignore the attack and continue operations

26. What is the primary responsibility of an L2 SOC analyst?

A. Writing detailed incident reports
B. Escalating every alert
C. Conducting in-depth investigations and threat analysis
D. Monitoring SIEM dashboards

27. What does a SIEM solution provide?

A. Threat hunting capabilities
B. Automated alert generation and event correlation
C. Vulnerability scanning
D. Incident ticket management

28. What is the key purpose of using a playbook in a SOC?

A. To escalate incidents directly to management
B. To ensure consistent and standardised response actions
 C. To update firewall configurations automatically
D. To prioritise alerts for L1 analysts

29. What is a false positive in SOC operations?

A. A legitimate alert missed by the system
B. An alert triggered by benign activity
C. An alert triggered by confirmed malicious activity
D. An alert caused by network misconfiguration

30. Which of these is NOT a common log source for a SIEM?

A. Firewalls
B. DNS servers
C. CCTV cameras
D. Active Directory

31. What is the purpose of a use case in a SIEM?

A. To improve network speeds
B. To define and correlate events for specific threats
C. To store logs for compliance purposes
D. To configure firewall rules

32. What is the typical escalation path for unresolved incidents in a SOC?
A. L1 → L2 → L3 → Management
B. L1 → L3 → Management
C. L2 → L1 → Management
D. L3 → L1 → L2

33. Which log format is commonly used for storing network logs?
A. JSON
B. XML
C. CSV
D. Syslog

34. What does EDR stand for in cybersecurity?

A. Endpoint Detection and Response
B. Enterprise Disaster Recovery
C. Enhanced Data Retention
D. External Device Recognition

35. Which of the following is an advantage of using threat intelligence in SOC operations?
A. It eliminates false positives completely.
B. It helps analysts stay informed about emerging threats.
C. It automates all incident response activities.
 D. It replaces the need for SIEM solutions.

36. What is the purpose of the ISO/IEC 27001 standard?

A. To define secure coding practices
B. To specify requirements for an information security management system
C. To outline forensic investigation techniques
D. To monitor network traffic

37. What is a key requirement of PCI DSS compliance?

A. Implementation of multifactor authentication for cardholder data access
B. Deployment of honeypots across the network
C. Blocking all incoming network traffic
D. Using only Linux-based systems

38. Which of the following is a HIPAA compliance requirement?

A. Encrypting data at rest and in transit
B. Performing network scans every 24 hours
C. Using only cloud-based storage
D. Implementing token-based authentication

39. What is a significant focus of the GDPR?

A. Incident response automation
B. Data protection and privacy for EU citizens
C. Development of malware removal tools
D. Cybersecurity awareness training

40. What is the role of the CISO in an organisation?

A. Manage day-to-day IT operations
B. Oversee the organisation’s information security program
C. Monitor social media for threats
D. Approve all financial transactions

41. What is an IOC (Indicator of Compromise)?

A. A software vulnerability
B. Evidence of potential malicious activity
C. A technique used by ethical hackers
D. A firewall rule for blocking traffic

42. Which of the following is an example of tactical threat intelligence?

A. An IP address associated with a botnet
B. A monthly threat landscape report
C. Strategic recommendations for CISO planning
 D. A guide for implementing a SIEM

43. What is the primary source of threat intelligence?

A. Antivirus vendors
B. External data feeds and internal logs
C. HR systems
D. Network cables

44. Which of these tools can be used to collect threat intelligence?

A. Splunk
B. VirusTotal
C. Metasploit
D. Wireshark

45. What is the MITRE ATT&CK framework used for?

A. Penetration testing
B. Understanding adversary tactics, techniques and procedures (TTPs)
C. Encrypting sensitive files
D. Training employees on cybersecurity awareness

46. What is a Man-in-the-Middle (MITM) attack?

A. An attacker intercepts and modifies communications between two parties.
B. An attacker sends multiple phishing emails simultaneously.
C. An attacker gains physical access to a server room.
D. An attacker uses a brute-force method to crack passwords.

47. Which of these attacks exploits weaknesses in input validation?

A. SQL Injection
B. DNS Spoofing
C. Phishing
D. Malware Dropping

48. What is ransomware?

A. A type of malware that locks files and demands payment for access.
B. A virus that spreads through USB devices.
C. An attack that floods a network with traffic.
D. A tool used for password recovery.

49. What does a buffer overflow attack typically target?

A. The application’s memory management
B. The user’s login credentials
C. The encryption algorithms
 D. The network bandwidth

50. What is spear phishing?

A. A highly targeted phishing attack
B. A type of network reconnaissance
C. An attack on hardware vulnerabilities
D. A brute-force method for password cracking

51. What should be checked first when an alert is received in a SOC?

A. Log files
B. Firewall rules
C. Threat intelligence feeds
D. Email policies

52. What type of log provides information about login attempts?

A. Event logs
B. Network logs
C. DNS logs
D. Web server logs

53. Which tool is commonly used for analysing PCAP files?

A. Wireshark
B. Splunk
C. Nessus
D. Burp Suite

54. What is lateral movement in the context of cyber attacks?

A. Moving within a network to gain access to additional systems
B. Sending data to an external attacker
C. Deploying ransomware on endpoints
D. Overwriting system logs

55. What is the purpose of chain of custody in incident analysis?

A. To protect the analyst’s work
B. To ensure evidence is handled and documented properly
C. To encrypt data during forensic investigations
D. To assign blame during an attack

56. What is the main advantage of using AI in cybersecurity?

A. AI eliminates the need for human analysts
B. AI can detect threats faster and with greater accuracy
C. AI requires no training to operate effectively
 D. AI can replace all network devices

57. What does Zero Trust Architecture emphasise?

A. Trusting all devices within the network perimeter
B. Continuous verification and least-privilege access
C. Encrypting all user data
D. Using only open-source software

58. What is quantum cryptography primarily used for?

A. Enhancing email security
B. Enabling secure communication through quantum key distribution
C. Detecting phishing emails
D. Simulating cyber threats

59. What is the role of SOAR in cybersecurity?

A. Automate orchestrate and coordinate incident response
B. Encrypt data during transit
C. Manage user access controls
D. Backup network configurations

60. What is the main risk of using IoT devices in a network?

A. They consume excessive bandwidth.
B. They often lack strong security controls.
C. They are incompatible with encryption protocols.
D. They are difficult to monitor.

61. What is a zero-day vulnerability?

A. A vulnerability that is patched immediately
B. A vulnerability discovered and exploited before a patch is available
C. A vulnerability related to outdated hardware
D. A vulnerability found only in cloud environments

62. What is CVE in the context of vulnerabilities?

A. Critical Vulnerability Exploit
B. Common Vulnerabilities and Exposures
C. Cybersecurity Vulnerability Event
D. Continuous Vulnerability Evaluation

63. Which tool is widely used for vulnerability scanning?

A. Nessus
B. Wireshark
C. Metasploit
 D. Burp Suite

64. What is privilege escalation?

A. Gaining higher access rights than authorised
B. Overwriting system files
C. Sending phishing emails
D. Installing antivirus software

65. Which attack vector exploits SMB vulnerabilities like EternalBlue?

A. WannaCry ransomware
B. Keylogging
C. SQL Injection
D. Cross-Site Scripting (XSS)

66. What is the first phase of a penetration test?

A. Exploitation
B. Reporting
C. Reconnaissance
D. Remediation

67. What is the purpose of a white-box penetration test?

A. To simulate an external attacker with no information
B. To simulate an insider threat with complete access
C. To identify hardware failures
D. To monitor network traffic

68. Which tool is commonly used for web application penetration testing?
A. Burp Suite
B. Splunk
C. SIEM
D. Wireshark

69. What is the role of Metasploit in cybersecurity?

A. Malware analysis
B. Exploitation and penetration testing
C. Incident response
D. Compliance monitoring

70. What is a red team engagement?

A. A vulnerability scanning exercise
B. A simulation of a real-world attack by ethical hackers
C. An audit of compliance policies
 D. A backup recovery test

71. What is a common method for analysing malware?

A. Static and dynamic analysis
B. Packet sniffing
C. Social engineering
D. Network scanning

72. Which of the following is NOT an indicator of malware infection?

A. Unusual outbound network traffic
B. Frequent application crashes
C. Updated antivirus definitions
D. New unknown processes in Task Manager

73. What is the primary purpose of a sandbox in malware analysis?

A. Isolate and safely analyse malware behaviour
B. Encrypt malicious files
C. Block phishing emails
D. Monitor user activities

74. What is a Trojan horse in cybersecurity?

A. A program that appears harmless but hides malicious intent
B. A hardware-based keylogger
C. A vulnerability scanner
D. A type of firewall rule

75. What is the role of VirusTotal in malware investigation?

A. Analysing and sharing file and URL scans
B. Penetration testing
C. Network monitoring
D. Generating encryption keys

76. What is a primary security challenge in cloud environments?

A. Lack of scalability
B. Misconfigured cloud settings
C. Inability to run virtual machines
D. Inadequate network speed

77. What is a CASB (Cloud Access Security Broker)?

A. A tool for managing cloud-based firewall rules
B. A service to enforce security policies between users and cloud providers
C. A cloud-based SIEM platform
 D. A vulnerability scanner for cloud systems

78. What is multi-tenancy in cloud computing?

A. Hosting multiple users on a single physical server
B. Running multiple firewalls for added security
C. Using multiple encryption protocols
D. Isolating users in separate environments

79. What is the shared responsibility model in cloud security?

A. Cloud providers and customers share responsibility for security
B. Cloud providers handle all security responsibilities
C. Customers are fully responsible for cloud security
D. Cloud providers focus only on compliance

80. Which of the following is a best practice for securing cloud storage?
A. Disable encryption
B. Use public access for convenience
C. Implement strong access controls and encryption
D. Use default settings provided by the provider

81. What is the purpose of a honeypot in cybersecurity?

A. Attract attackers to a decoy system for monitoring
B. Block network traffic
C. Encrypt sensitive data
D. Speed up firewall configuration

82. What does a DDoS attack target?

A. System availability
B. Data confidentiality
C. Network segmentation
D. User authentication

83. What is the Kill Chain model used for?

A. Identifying the stages of a cyber attack
B. Encrypting data in transit
C. Designing secure applications
D. Blocking phishing emails

84. What is the primary purpose of network segmentation?

A. Limit the spread of an attack
B. Increase network bandwidth
C. Reduce hardware costs
 D. Improve compliance auditing

85. What is cyber threat hunting?

A. Proactively searching for threats that evade automated detection
B. Responding to detected malware infections
C. Blocking phishing attempts
D. Installing antivirus software

86. What is social engineering?

A. Manipulating individuals to gain access to sensitive information
B. Developing firewalls for networks
C. Analysing malware behaviour
D. Scanning for network vulnerabilities

87. Which is the most effective way to prevent phishing?

A. Training employees to recognise phishing attempts
B. Installing antivirus software
C. Disabling the internet for users
D. Using outdated email systems

88. What is the purpose of a cybersecurity awareness program?

A. Educate users about potential threats and secure practices
B. Install network firewalls
C. Monitor employee behaviour
D. Configure SIEM tools

89. What is a common sign of a phishing email?

A. Requests for personal or financial information
B. Regular updates from the organisation
C. Internal newsletters
D. Messages with no typos

90. What should you do if you receive a suspicious email?

A. Click the link to verify its legitimacy
B. Report it to the IT/security team
C. Forward it to all colleagues
D. Ignore it completely

91. What is an essential skill for SOC analysts?

A. Knowledge of SIEM tools and log analysis
B. Web development
C. Graphic design
 D. Data entry

92. What is the most common entry-level certification for cybersecurity?

A. CompTIA Security+
B. PMP
C. CISSP
D. AWS Certified Solutions Architect

93. Which programming language is beneficial for cybersecurity analysts?

A. Python
B. JavaScript
C. PHP
D. CSS

94. What is a CTF (Capture The Flag) exercise?

A. A gamified way to solve cybersecurity challenges
B. A network speed test
C. An encryption algorithm
D. A type of malware

95. Which cybersecurity framework is widely adopted for beginners?

A. NIST Cybersecurity Framework
B. PRINCE2
C. ITIL
D. Agile

96. What is the primary goal of continuous learning in cybersecurity?

A. Stay updated on emerging threats and technologies
B. Automate all tasks
C. Learn web development
D. Monitor email usage

97. What is the role of a blue team?

A. Defending an organisation against attacks
B. Simulating real-world attacks
C. Scanning for vulnerabilities
D. Writing software code

98. What is one advantage of networking with other cybersecurity professionals?

A. Sharing best practices and learning opportunities
B. Increasing network traffic
C. Automating vulnerability scans
D. Monitoring social media
99. Why is hands-on experience essential for cybersecurity professionals?
A. It helps develop practical skills for real-world scenarios
B. It replaces the need for certifications
C. It ensures compliance with regulations
D. It speeds up software installation

100. What is a SOC analyst’s primary responsibility?

A. Monitor, detect and respond to security incidents
B. Develop organisational policies
C. Design new networks
D. Conduct physical security audits
ANSWERS

1. B
2. A
3. B
4. B
5. B
6. B
7. B
8. C
9. B
10. A
11. B
12. A
13. C
14. A
15. C
16. A
17. B
18. B
19. C
20. A
21. B
22. C
23. B
24. A
25. A
26. B
27. C
28. A
29. B
30. A
31. B
32. B
33. B
34. A
35. A
36. C
37. A
38. C
39. C
40. A
41. B
42. A
43. A
44. B
45. C
46. A
47. B
48. B
49. A
50. B
51. B
52. A
53. B
54. A
55. A
56. A
57. A
58. C
59. C
60. B
61. B
62. B
63. A
64. A
65. A
66. C
67. B
68. A
69. B
70. B
71. A
72. C
73. A
74. A
75. A
76. B
77. B
78. A
79. A
80. C
81. A
82. A
83. A
84. A
85. A
86. A
87. A
88. A
89. A
90. B
91. A
92. A
93. A
94. A
95. A
96. A
97. A
98. A
99. A
100. A