Cybersecurity | Assesments

A Cybersecurity internship is a great opportunity to gain hands-on experience in protecting systems, networks, and data from cyber threats. It prepares you for roles like Security Analyst, Penetration Tester, SOC Analyst, or Cybersecurity Engineer.

What You Learn in a Cybersecurity Internship

Fundamentals: CIA Triad (Confidentiality, Integrity, Availability), threat types, risk management
Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), packet sniffing
System Hardening: Securing Linux/Windows environments, patch management
Ethical Hacking: Penetration testing, vulnerability assessment, Kali Linux tools
Tools:
- Wireshark (network analysis)
- Metasploit (exploitation framework)
- Nmap (network scanner)
- Burp Suite (web security testing)
- SIEM tools (Splunk, ELK stack)
Incident Response: Monitoring alerts, responding to breaches, reporting
Compliance & Governance: GDPR, ISO 27001, HIPAA, SOC2

Important Notice:
Once you start the quiz, you will not be able to pause, exit, or restart it. Please ensure you are ready before beginning.

Cybersecurity D1

NameEmailPhone Number

1 / 44

APT stands for:

a) Automatic Phishing Technique

b) Advanced Protection Technology

c) Application Penetration Test

d) Advanced Persistent Threat

2 / 44

Installing backdoors on victim systems is:

a) Delivery

b) C2

c) Reconnaissance

d) Installation

3 / 44

The “C” in CIA triad stands for:

a) Confidentiality

b) Control

c) Communication

d) Compliance

4 / 44

Encrypting customer data ensures:

a) vailability

b) Integrity

c) Confidentiality

d) ll of the above

5 / 44

Ethical hacking must always be performed with:

a) Secrecy

b) Bypassing law

c) Malware tools

d) Permission

6 / 44

Creating a malicious payload is part of which stage?

a) Weaponization

b) Reconnaissance

c) Delivery

d) C2

7 / 44

How many phishing emails are estimated to be sent daily?

a) 3 billion

b) 300 million

c) 30 million

d) 3 million

8 / 44

Example of ethical hacking is:

a) Selling data on dark web

b) Running malware to check defenses secretly

c) Exploiting a bank’s database without notice

d) Testing a login page with company’s permis

9 / 44

Which organization would need cybersecurity the most?

a) Banks

b) Hospitals

c) E-commerce platforms

d) All of the above

10 / 44

10)

Which role involves detecting and responding to cyber incidents in real time?

a) Cloud architect

b) Ethical hacker

c) System developer

d) Security analyst

11 / 44

11) Cybersecurity primarily focuses on protecting:

a) Hardware components only

b) Systems, networks, and data

c) Hardware components only

d) Systems, networks, and data

12 / 44

12)

DDoS attacks primarily impact which CIA component?

a) None

b) Integrity

c) Availability

d) Confidentiality

13 / 44

13)

Which of the following is a popular ethical hacking certification?

a) OSCP

b) CompTIA PenTest+

c) CEH

d) All of the above

14 / 44

14)

Integrity is violated when:

a) Systems crash due to overload

b) Data is encrypted securely

c) Authorized users access data

d) Hackers delete or modify records

15 / 44

15)

Exploiting unpatched software vulnerabilities occurs in:

a) Actions on objectives

b) Session

c) Exploitation

d) C2

16 / 44

16)

Phishing attacks target primarily:

a) Servers

b) Human behavior

c) Network cables

d) Databases

17 / 44

17)

Which of these is an example of confidentiality protection?

a) Hashing

b) Load balancers

c) Encryption

d) Backup servers

18 / 44

18)

Which attack demanded $10 million in 2024 from a retail chain?

a) SQL Injection

b) Insider threat

c) DDoS attack

d) Ransomware

19 / 44

19)

Phishing emails are an example of:

a) Insider threat

b) Firewall misconfiguration

c) Malware infection

d) Social engineering attack

20 / 44

20)

Who benefits from ethical hacking?

a) Organization only

b) Hackers only

c) Both organization and customers

d) None

21 / 44

21)

Attackers establishing communication with compromised systems is:

a) C2 (Command and Control)

b) Delivery

c) Exploitation

d) Weaponization

22 / 44

22)

Main objective of cybersecurity is to prevent:

a) Software updates

b) Unauthorized access and attacks

c) System installation delays

d) Internet connection failures

23 / 44

23) In 2025, how many internet users are estimated globally?

a) 7 billion

b) 3 billion

c) 4 billion

d) 5+ billion

24 / 44

24)

Which CIA principle is most affected if hospital patient records are tampered with?

a) Integrity

b) Confidentiality

c) Availability

d) All of the above

25 / 44

25)

Malware includes:

a) All of the above

b) Ransomware

c) Worms

d) Viruses

26 / 44

26)

A financial analyst's salary is often dependent on:

a) Their level of experience and specialized knowledge

b) The number of hours they sleep

c) The company's stock price

d) The amount of caffeine they consume

27 / 44

27)

Which is an insider threat example?

a) Malware spreading via USB

b) Phishing attempt on staff

c) Hackers breaching a system

d) Employee selling company secrets

28 / 44

28)

In 2024, LockBit ransomware affected approximately:

a) 5,000 organizations

b) 1,000+ organizations

c) 500 organizations

d) 100 organizations

29 / 44

29) A bank protecting customers from phishing is an example of:

a) Social engineering

b) Data mining

c) Cybersecurity in action

d) Database management

30 / 44

30)

In a 2024 attack, phishing was used in which kill chain stage?

a) Exploitation

b) Installation

c) Delivery

d) C2

31 / 44

31)

The biggest ethical rule in penetration testing is:

a) Number of exploits used

b) Confidentiality

c) Payment

d) Speed

32 / 44

32)

Penetration testing is also known as:

a) White-hat hacking

b) Malware analysis

c) Blue teaming

d) Incident response

33 / 44

33)

Data breaches in 2024 exposed how many personal records approximately?

a) 3.2 billion

b) 5 billion

c) 1.5 billion

d) 2.6 billion

34 / 44

34)

Which is the MOST dangerous due to persistence and sophistication?

a) Malware

b) Insider misuse

c) Phishing

d) APT

35 / 44

35)

Ransomware blocking access to data affects:

a) Confidentiality

b) None

c) Availability

d) Integrity

36 / 44

36)

The first stage of cyber kill chain is:

a) Reconnaissance

b) Weaponization

c) Delivery

d) Exploitation

37 / 44

37)

Primary goal of malware is:

a) To update systems

b) To monitor CPU usage

c) To cause harm or steal data

d) To optimize resources

38 / 44

38)

Installing ransomware on company servers relates to which kill chain stage?

a) Reconnaissance

b) C2

c) Weaponization

d) Installation

39 / 44

39)

A checksum is used to protect which principle of the CIA triad?

a) Availability

b) None

c) Confidentiality

d) Integrity

40 / 44

40)

The cyber kill chain was developed by:

a) NSA

b) Microsoft

c) Lockheed Martin

d) Google

41 / 44

41)

Sending phishing emails to a target is:

a) Exploitation

b) Weaponization

c) Installation

d) Delivery

42 / 44

42)

Confidentiality ensures that:

a) Data is accessible only to authorized users

b) Systems are always available

c) Data is accurate and consistent

d) None of the above

43 / 44

43)

Main role of an ethical hacker is:

a) Report vulnerabilities to improve security

b) Disable systems for testing

c) Exploit systems without consent

d) Launch real attacks

44 / 44

44)

Which of the following is NOT in the scope of cybersecurity?

a) Personal diaries

b) Mobile phones

c) Websites

d) IoT devices

Your score is

Exit

Important Notice:
Once you start the quiz, you will not be able to pause, exit, or restart it. Please ensure you are ready before beginning.

Cybersecurity L2

1 / 100

1) What is the purpose of a honeypot in cybersecurity?

a) To speed up network traffic

b) To backup sensitive data

c) To store encryption keys

d) To trap attackers and analyze their methods

2 / 100

2) Which of the following tools is used for penetration testing automation?

a) OpenSSL

b) Snort

c) Wireshark

d) Metasploit

3 / 100

3) Which organization primarily develops standards for cybersecurity in the U.S.?

a) UNESCO

b) UNICEF

c) WHO

d) NIST

4 / 100

4) What does "sandboxing" refer to in endpoint security?

a) Updating antivirus software

b) Deleting system files

c) Encrypting files

d) Running programs in an isolated environment

5 / 100

5) Which of the following helps mitigate sensitive data exposure?

a) CDN caching

b) JSON formatting

c) Session cookies

d) Strong encryption (e.g., AES)

6 / 100

6) What is “container orchestration” and which tool is most popular for it?

a) Encrypting containers; Docker

b) Building containers; Jenkins

c) Managing multiple containers; Kubernetes

d) Scanning containers; Trivy

7 / 100

7) Which system service in Windows is responsible for managing security policies?

a) Local Security Authority Subsystem Service (LSASS)

b) Disk Cleanup

c) Task Scheduler

d) Device Manager

8 / 100

8) Which Linux tool helps detect rootkits on a system?

a) Grep

b) Tripwire

c) Nmap

d) Wireshark

9 / 100

9) Which tool is used to exploit known vulnerabilities and automate attacks?

a) Wireshark

b) Nmap

c) John the Ripper

d) Metasploit

10 / 100

10) What is the difference between a virus and a worm?

a) Viruses replicate themselves automatically, worms do not

b) Both are the same

c) Worms need user action to spread, viruses do not

d) Worms spread without user action; viruses require user action

11 / 100

11) What does the term 'cybersecurity' mean?

a) Protecting computer systems from digital threats

b) Increasing internet speed

c) Protecting websites only

d) Protecting websites only

12 / 100

12) Question

13 / 100

13) Which of the following is a network layer attack?

a) Keylogging

b) XSS

c) Smurf Attack

d) SQL injection

14 / 100

14) What is a “data retention policy”?

a) Policy on user access management

b) Policy on software updates

c) Policy on physical security

d) Policy on how long data is stored and when it should be deleted

15 / 100

15) What is “forensic triage”?

a) Prioritizing evidence collection and analysis during a security incident

b) Encrypting evidence

c) Monitoring user activity

d) Creating backups

16 / 100

16) What is “footprinting” in ethical hacking?

a) Collecting information about a target system or network

b) Exploiting vulnerabilities

c) Erasing logs to hide activity

d) Writing malware

17 / 100

17) What is “secrets management” in cloud security?

a) User authentication

b) Blocking network traffic

c) Managing confidential information such as API keys and passwords securely

d) Encrypting user emails

18 / 100

18) What is a brute force attack in cryptography?

a) Breaking encryption using software bugs

b) Social engineering technique

c) Guessing keys using dictionary words

d) Trying all possible key combinations

19 / 100

19) What is the role of a security standard?

a) Incident reporting

b) Business continuity planning

c) Specific mandatory requirements and controls

d) General high-level principles

20 / 100

20) What is the purpose of a “security baseline” in cloud environments?

a) To back up cloud data

b) To increase network speed

c) To define a minimum set of security controls required for cloud resources

d) To manage user accounts

21 / 100

21) Which type of evidence is considered volatile?

a) Archived emails

b) Hard drive data

c) RAM contents

d) Printed documents

22 / 100

22) Which of these protocols operates over port 443?

a) HTTPS

b) HTTP

c) FTP

d) SMTP

23 / 100

23) Which compliance requirement mandates breach notification within 72 hours?

a) SOX

b) HIPAA

c) GDPR

d) PCI DSS

24 / 100

24) Which one of the following is a sign of a broken authentication flaw?

a) Passwords are encrypted

b) Session IDs are predictable

c) HTTPS is enforced

d) Captcha is enabled

25 / 100

25) What type of security policy defines how an organization responds to security incidents?

a) Data classification policy

b) Incident response policy

c) Password policy

d) Acceptable use policy

26 / 100

26) What is the function of the tool “Snort”?

a) Antivirus software

b) Password manager

c) Network intrusion detection system

d) Encryption software

27 / 100

27) The OWASP Top 10 is updated approximately every:

a) 3 years

b) 5 years

c) 2 years

d) 10 years

28 / 100

28) Which cryptographic technique uses different keys for encryption and decryption?

a) Vigenère cipher

b) Asymmetric encryption

c) Caesar cipher

d) Symmetric encryption

29 / 100

29) What is the main purpose of a Public Key Infrastructure (PKI)?

a) To manage backups

b) To scan networks

c) To monitor user behavior

d) To manage encryption keys and digital certificates

30 / 100

30) What is the main focus of the Sarbanes-Oxley Act (SOX) in relation to cybersecurity?

a) Financial reporting and internal controls

b) Cloud security policies

c) Encryption standards

d) Protect healthcare data

31 / 100

31) In the OWASP Top 10, what does A07:2021 refer to?

a) Identification and Authentication Failures

b) Injection

c) Software and Data Integrity Failures

d) Cryptographic Failures

32 / 100

32) Which of the following is used to ensure data integrity?

a) Hash functions

b) Symmetric key

c) Public key

d) Random number generator

33 / 100

33) Which of the following is an example of social engineering?

a) Phishing email asking for login info

b) Malware installation through USB

c) SQL injection

d) Password brute-force

34 / 100

34) Which legal document often grants permission to perform penetration testing?

a) Rules of Engagement

b) Terms of Service

c) NDA (Non-Disclosure Agreement)

d) Privacy Policy

35 / 100

35) What is the first step in creating an incident response plan?

a) Containment strategy

b) Preparation and policy development

c) Recovery and lessons learned

d) Eradication of threats

36 / 100

36) Which standard provides guidelines for IT governance and management?

a) ISO 27001

b) COBIT

c) HIPAA

d) PCI DSS

37 / 100

37) Which process involves verifying the identity of a user or system?

a) Authentication

b) Authorization

c) Encryption

d) Auditing

38 / 100

38) Which of the following is a layer 2 device in the OSI model?

a) Firewall

b) Router

c) Server

d) Switch

39 / 100

39) Which of the following is an example of asymmetric key encryption?

a) AES

b) DES

c) Blowfish

d) RSA

40 / 100

40) Which security technology helps protect against Distributed Denial of Service (DDoS) attacks?

a) Firewall

b) IDS

c) VPN

d) DDoS mitigation services

41 / 100

41) What is the purpose of penetration testing?

a) To boost antivirus performance

b) To update software

c) To identify security vulnerabilities

d) To test network speed

42 / 100

42) What does the term “red team” refer to in cybersecurity?

a) Security auditors who enforce policies

b) Malware developers

c) IT helpdesk staff

d) Ethical hackers simulating attackers to test defenses

43 / 100

43) What is the best defense against SQL Injection attacks?

a) Parameterized queries (Prepared Statements)

b) Using MD5 for passwords

c) Disabling JavaScript

d) Disabling cookies

44 / 100

44) What is a “buffer overflow” attack?

a) Intercepting network traffic

b) Stealing credentials

c) Overloading memory buffer to execute malicious code

d) Encrypting files for ransom

45 / 100

45) Which of the following is an example of a passive reconnaissance technique?

a) Running brute force attacks

b) Scanning open ports

c) Exploiting a vulnerability

d) Monitoring social media profiles

46 / 100

46) Which tool is commonly used for log management and analysis?

a) Nessus

b) Wireshark

c) Splunk

d) John the Ripper

47 / 100

47) What is a “policy exception” in cybersecurity?

a) A firewall rule

b) A situation where security policy cannot be followed for valid reasons

c) An encryption method

d) A type of malware

48 / 100

48) Which security feature protects cloud workloads from unauthorized network access?

a) Security groups and network ACLs

b) CDNs

c) Load balancers

d) DNS servers

49 / 100

49) Which Windows feature isolates programs to prevent them from affecting the OS?

a) System Restore

b) Task Manager

c) Windows Sandbox

d) Event Viewer

50 / 100

50) Which organization publishes the NIST Cybersecurity Framework?

a) European Union Agency for Cybersecurity

b) International Organization for Standardization

c) National Institute of Standards and Technology

d) Payment Card Industry Security Standards Council

51 / 100

51) What is a “pivot” in penetration testing?

a) Encrypting data

b) Using a compromised system to attack other systems within the network

c) Switching to a new target after the first fails

d) Performing a denial-of-service attack

52 / 100

52) What does a Data Loss Prevention (DLP) system do?

a) Manages user accounts

b) Scans for vulnerabilities

c) Encrypts network traffic

d) Prevents unauthorized transmission of sensitive data outside the organization

53 / 100

53) What is the role of “post-exploitation” in penetration testing?

a) Initial information gathering

b) Maintaining access and escalating privileges after gaining entry

c) Reporting vulnerabilities

d) Cleaning up system logs

54 / 100

54) Which tool is primarily used for password cracking?

a) Burp Suite

b) John the Ripper

c) Nessus

d) Wireshark

55 / 100

55) Which of the following prevents unauthorized access but does not detect it?

a) IPS

b) Firewall

c) IDS

d) Proxy

56 / 100

56) What is the difference between a vulnerability scan and a penetration test?

a) Vulnerability scans identify potential weaknesses; penetration tests actively exploit them

b) Vulnerability scans fix issues; penetration tests only report them

c) There is no difference

d) Vulnerability scans are manual; penetration tests are automated

57 / 100

57) What is the function of a Network Access Control (NAC) system?

a) To scan websites for malware

b) To encrypt emails

c) To enforce security policies on devices trying to access the network

d) To backup data automatically

58 / 100

58) Which service is commonly used to automate compliance checks in cloud environments?

a) Ansible

b) Jenkins

c) GitHub

d) AWS Config

59 / 100

59) A ______ is an attack where the attacker tricks users into clicking malicious links.

a) Antivirus check

b) Proxy attack

c) Firewall breach

d) Phishing attack

60 / 100

60) What is the role of antivirus “heuristics”?

a) Compress files

b) Encrypt data

c) Detect previously unknown malware by behavior analysis

d) Improve graphics

61 / 100

61) What does the “containment” phase focus on during incident response?

a) Reporting incidents publicly

b) Stopping the spread of an attack and limiting damage

c) Creating backups

d) Removing malware

62 / 100

62) Which one of these algorithms is a cryptographic hash function?

a) SHA-256

b) ECC

c) DES

d) AES

63 / 100

63) What is a zero-day vulnerability?

a) A newly discovered flaw not yet fixed

b) A vulnerability that has no security risk

c) A vulnerability already patched

d) A type of password attack

64 / 100

64) What does a firewall do in a network?

a) Detects phishing emails

b) Encrypts files

c) Controls incoming and outgoing network traffic

d) Protects against physical theft

65 / 100

65) What does the “principle of defense in depth” advocate in cloud security?

a) Multiple layers of security controls to protect assets

b) Using only firewalls

c) Single-layer security measures

d) Ignoring security updates

66 / 100

66) Which penetration testing phase includes validating security controls by exploiting vulnerabilities?

a) Planning

b) Reconnaissance

c) Reporting

d) Exploitation

67 / 100

67) Which type of firewall filters traffic at the network layer?

a) Stateful firewall

b) Proxy firewall

c) Packet-filtering firewall

d) Application firewall

68 / 100

68) Which one of these is considered a cyber threat?

a) Antivirus installation

b) Password creation

c) Software update

d) Ransomware

69 / 100

69) Which protocol uses cryptographic methods to secure web communication?

a) HTTPS

b) FTP

c) SMTP

d) HTTP

70 / 100

70) What is the purpose of “file carving” in digital forensics?

a) Deleting corrupted files

b) Encrypting files

c) Compressing files for storage

d) Recovering files without file system metadata

71 / 100

71) Which cloud service model provides the highest level of user control over the infrastructure?

a) PaaS

b) FaaS

c) IaaS

d) SaaS

72 / 100

72) What does “data carving” help recover?

a) User credentials

b) Network traffic

c) Encrypted files only

d) Deleted or fragmented files from raw data

73 / 100

73) What is the primary goal of a disaster recovery plan?

a) Restore critical business functions after an incident

b) Encrypt data at rest

c) Monitor network traffic

d) Prevent security breaches

74 / 100

74) Which tool is widely used for network traffic analysis during incident investigations?

a) John the Ripper

b) Burp Suite

c) Wireshark

d) Nessus

75 / 100

75) Which vulnerability involves the attacker forcing a logged-in user to perform unwanted actions?

a) Insecure Design

b) XSS

c) Broken Authentication

d) CSRF (Cross-Site Request Forgery)

76 / 100

76) Which DevSecOps tool is used for static application security testing (SAST)?

a) Kubernetes

b) Docker

c) Terraform

d) SonarQube

77 / 100

77) What does “immutable infrastructure” mean in DevSecOps?

a) Infrastructure that can be modified anytime

b) Infrastructure without security

c) Infrastructure components are replaced rather than updated to reduce configuration drift

d) Infrastructure only on-premises

78 / 100

78) Which OWASP vulnerability occurs when the system fails to protect API endpoints properly?

a) Injection

b) Broken Access Control

c) API Misconfiguration

d) Cryptographic Failures

79 / 100

79) Which protocol is used to securely transfer files over the Internet?

a) Encrypt and secure communication over public networks

b) Download large files faster

c) Block pop-up ads

d) Increase internet speed

80 / 100

80) Which OWASP vulnerability involves allowing attackers to access functions or data they shouldn’t be able to?

a) Cross-Site Scripting (XSS)

b) Insecure Deserialization

c) Broken Access Control

d) Security Misconfiguration

81 / 100

81) Which OWASP category includes flaws like missing security headers and misconfigured permissions?

a) Security Misconfiguration

b) Insecure Design

c) Cryptographic Failures

d) Broken Authentication

82 / 100

82) What is the main drawback of symmetric encryption?

a) Low accuracy

b) Difficult to implement

c) Key distribution problem

d) Slow performance

83 / 100

83) What does IDS stand for in network security?

a) Internal Detection Standard

b) Integrated Defense Security

c) Intrusion Detection System

d) Internet Defense System

84 / 100

84) What is the purpose of a digital certificate in cryptography?

a) Store cookies

b) Create random keys

c) Encrypt data

d) Verify identity

85 / 100

85) Why is “documentation” crucial during incident response and digital forensics?

a) To comply with regulations and maintain evidence integrity

b) To encrypt data

c) To create marketing reports

d) To speed up recovery

86 / 100

86) Which device is used to segment a network and reduce traffic?

a) Modem

b) Repeater

c) Hub

d) Switch

87 / 100

87) What is the key benefit of using containers in DevSecOps?

a) Reduced security

b) Manual configuration only

c) Increased application portability and consistency across environments

d) Slower deployment

88 / 100

88) What is the primary purpose of a firewall on an endpoint device?

a) Encrypt files

b) Speed up system startup

c) Manage user accounts

d) Block unauthorized network traffic

89 / 100

89) What does “timeline analysis” refer to in digital forensics?

a) Constructing a chronological sequence of events during an incident

b) Monitoring network speed

c) Scheduling backups

d) Encrypting logs

90 / 100

90) What is the first step in the cyber kill chain model?

a) Exploitation

b) Delivery

c) Reconnaissance

d) Installation

91 / 100

91) Which encryption technique splits data into fixed-size blocks for processing?

a) Hash function

b) Block cipher

c) Stream cipher

d) One-time pad

92 / 100

92) What does “least privilege” mean in access control?

a) Users have no access

b) Users have the minimum access necessary for their job

c) Users have full administrative rights

d) Users can access all files

93 / 100

93) Which cybersecurity principle ensures that data is not modified by unauthorized users?

a) Confidentiality

b) Reliability

c) Availability

d) Integrity

94 / 100

94) What is the role of an Endpoint Detection and Response (EDR) system?

a) To manage firewalls

b) To create user accounts

c) To encrypt databases

d) To monitor and respond to threats on endpoint devices

95 / 100

95) What does the term “key length” influence in encryption?

a) Storage format

b) Encryption speed

c) Power consumption

d) Level of security

96 / 100

96) Which protocol is used to securely transfer files over the Internet?

a) POP3

b) FTP

c) HTTP

d) SFTP

97 / 100

97) What does the “principle of least privilege” help prevent?

a) XSS

b) SQL injection

c) Security Misconfiguration

d) Excessive access and privilege abuse

98 / 100

98) What is the primary function of SELinux?

a) Backup files automatically

b) Provide mandatory access control on Linux systems

c) Enhance GUI design

d) Increase network bandwidth

99 / 100

99) Which digital forensic tool can analyze Windows registry files?

a) Nmap

b) Autopsy

c) Snort

d) RegRipper

100 / 100

100) What kind of attack involves exploiting unpatched software vulnerabilities?

a) Phishing

b) Zero-day attack

c) SQL Injection

d) DDoS attack

Your score is

The average score is 85%

What You Learn in a Cybersecurity Internship

Leave a Reply Cancel reply