Cybersecurity | Assesments

A Cybersecurity internship is a great opportunity to gain hands-on experience in protecting systems, networks, and data from cyber threats. It prepares you for roles like Security Analyst, Penetration Tester, SOC Analyst, or Cybersecurity Engineer.

What You Learn in a Cybersecurity Internship

Fundamentals: CIA Triad (Confidentiality, Integrity, Availability), threat types, risk management
Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), packet sniffing
System Hardening: Securing Linux/Windows environments, patch management
Ethical Hacking: Penetration testing, vulnerability assessment, Kali Linux tools
Tools:
- Wireshark (network analysis)
- Metasploit (exploitation framework)
- Nmap (network scanner)
- Burp Suite (web security testing)
- SIEM tools (Splunk, ELK stack)
Incident Response: Monitoring alerts, responding to breaches, reporting
Compliance & Governance: GDPR, ISO 27001, HIPAA, SOC2

Important Notice:
Once you start the quiz, you will not be able to pause, exit, or restart it. Please ensure you are ready before beginning.

Cybersecurity D1

NameEmailPhone Number

1 / 44

Integrity is violated when:

a) Hackers delete or modify records

b) Data is encrypted securely

c) Systems crash due to overload

d) Authorized users access data

2 / 44

Attackers establishing communication with compromised systems is:

a) Delivery

b) Weaponization

c) C2 (Command and Control)

d) Exploitation

3 / 44

The “C” in CIA triad stands for:

a) Compliance

b) Communication

c) Confidentiality

d) Control

4 / 44

Which attack demanded $10 million in 2024 from a retail chain?

a) Insider threat

b) DDoS attack

c) SQL Injection

d) Ransomware

5 / 44

Which role involves detecting and responding to cyber incidents in real time?

a) System developer

b) Ethical hacker

c) Security analyst

d) Cloud architect

6 / 44

Ethical hacking must always be performed with:

a) Secrecy

b) Permission

c) Malware tools

d) Bypassing law

7 / 44

Malware includes:

a) Worms

b) Ransomware

c) Viruses

d) All of the above

8 / 44

How many phishing emails are estimated to be sent daily?

a) 3 million

b) 300 million

c) 3 billion

d) 30 million

9 / 44

Which is an insider threat example?

a) Phishing attempt on staff

b) Hackers breaching a system

c) Employee selling company secrets

d) Malware spreading via USB

10 / 44

10)

In 2024, LockBit ransomware affected approximately:

a) 500 organizations

b) 5,000 organizations

c) 100 organizations

d) 1,000+ organizations

11 / 44

11)

The cyber kill chain was developed by:

a) Microsoft

b) Lockheed Martin

c) NSA

d) Google

12 / 44

12)

A financial analyst's salary is often dependent on:

a) The company's stock price

b) The amount of caffeine they consume

c) The number of hours they sleep

d) Their level of experience and specialized knowledge

13 / 44

13)

APT stands for:

a) Application Penetration Test

b) Automatic Phishing Technique

c) Advanced Protection Technology

d) Advanced Persistent Threat

14 / 44

14)

Creating a malicious payload is part of which stage?

a) C2

b) Delivery

c) Reconnaissance

d) Weaponization

15 / 44

15)

DDoS attacks primarily impact which CIA component?

a) Integrity

b) None

c) Confidentiality

d) Availability

16 / 44

16) In 2025, how many internet users are estimated globally?

a) 5+ billion

b) 4 billion

c) 3 billion

d) 7 billion

17 / 44

17)

Which of these is an example of confidentiality protection?

a) Load balancers

b) Encryption

c) Hashing

d) Backup servers

18 / 44

18)

In a 2024 attack, phishing was used in which kill chain stage?

a) Exploitation

b) C2

c) Installation

d) Delivery

19 / 44

19)

The first stage of cyber kill chain is:

a) Weaponization

b) Delivery

c) Reconnaissance

d) Exploitation

20 / 44

20)

Penetration testing is also known as:

a) White-hat hacking

b) Malware analysis

c) Incident response

d) Blue teaming

21 / 44

21)

A checksum is used to protect which principle of the CIA triad?

a) Confidentiality

b) Availability

c) None

d) Integrity

22 / 44

22) Cybersecurity primarily focuses on protecting:

a) Systems, networks, and data

b) Hardware components only

c) Systems, networks, and data

d) Hardware components only

23 / 44

23) A bank protecting customers from phishing is an example of:

a) Data mining

b) Cybersecurity in action

c) Database management

d) Social engineering

24 / 44

24)

Installing ransomware on company servers relates to which kill chain stage?

a) Reconnaissance

b) Weaponization

c) Installation

d) C2

25 / 44

25)

Phishing attacks target primarily:

a) Databases

b) Network cables

c) Human behavior

d) Servers

26 / 44

26)

Confidentiality ensures that:

a) None of the above

b) Systems are always available

c) Data is accessible only to authorized users

d) Data is accurate and consistent

27 / 44

27)

Installing backdoors on victim systems is:

a) Delivery

b) Reconnaissance

c) Installation

d) C2

28 / 44

28)

Sending phishing emails to a target is:

a) Installation

b) Weaponization

c) Exploitation

d) Delivery

29 / 44

29)

Example of ethical hacking is:

a) Exploiting a bank’s database without notice

b) Running malware to check defenses secretly

c) Testing a login page with company’s permis

d) Selling data on dark web

30 / 44

30)

Main role of an ethical hacker is:

a) Exploit systems without consent

b) Disable systems for testing

c) Launch real attacks

d) Report vulnerabilities to improve security

31 / 44

31)

Encrypting customer data ensures:

a) Integrity

b) ll of the above

c) Confidentiality

d) vailability

32 / 44

32)

Which CIA principle is most affected if hospital patient records are tampered with?

a) Integrity

b) All of the above

c) Confidentiality

d) Availability

33 / 44

33)

Exploiting unpatched software vulnerabilities occurs in:

a) Exploitation

b) C2

c) Actions on objectives

d) Session

34 / 44

34)

Which is the MOST dangerous due to persistence and sophistication?

a) Phishing

b) APT

c) Malware

d) Insider misuse

35 / 44

35)

Which organization would need cybersecurity the most?

a) Hospitals

b) All of the above

c) E-commerce platforms

d) Banks

36 / 44

36)

Phishing emails are an example of:

a) Malware infection

b) Social engineering attack

c) Insider threat

d) Firewall misconfiguration

37 / 44

37)

Primary goal of malware is:

a) To cause harm or steal data

b) To update systems

c) To optimize resources

d) To monitor CPU usage

38 / 44

38)

Data breaches in 2024 exposed how many personal records approximately?

a) 1.5 billion

b) 3.2 billion

c) 2.6 billion

d) 5 billion

39 / 44

39)

Which of the following is a popular ethical hacking certification?

a) All of the above

b) CompTIA PenTest+

c) CEH

d) OSCP

40 / 44

40)

The biggest ethical rule in penetration testing is:

a) Number of exploits used

b) Speed

c) Confidentiality

d) Payment

41 / 44

41)

Who benefits from ethical hacking?

a) Hackers only

b) None

c) Both organization and customers

d) Organization only

42 / 44

42)

Which of the following is NOT in the scope of cybersecurity?

a) Personal diaries

b) Websites

c) Mobile phones

d) IoT devices

43 / 44

43)

Main objective of cybersecurity is to prevent:

a) Unauthorized access and attacks

b) Software updates

c) Internet connection failures

d) System installation delays

44 / 44

44)

Ransomware blocking access to data affects:

a) Availability

b) Confidentiality

c) Integrity

d) None

Your score is

Exit

Important Notice:
Once you start the quiz, you will not be able to pause, exit, or restart it. Please ensure you are ready before beginning.

Cybersecurity L2

1 / 100

1) Which type of evidence is considered volatile?

a) RAM contents

b) Archived emails

c) Hard drive data

d) Printed documents

2 / 100

2) What is the first step in creating an incident response plan?

a) Recovery and lessons learned

b) Preparation and policy development

c) Eradication of threats

d) Containment strategy

3 / 100

3) Which OWASP category includes flaws like missing security headers and misconfigured permissions?

a) Cryptographic Failures

b) Broken Authentication

c) Security Misconfiguration

d) Insecure Design

4 / 100

4) Which digital forensic tool can analyze Windows registry files?

a) Nmap

b) RegRipper

c) Snort

d) Autopsy

5 / 100

5) Which one of the following is a sign of a broken authentication flaw?

a) Passwords are encrypted

b) Captcha is enabled

c) Session IDs are predictable

d) HTTPS is enforced

6 / 100

6) What is the role of an Endpoint Detection and Response (EDR) system?

a) To monitor and respond to threats on endpoint devices

b) To encrypt databases

c) To create user accounts

d) To manage firewalls

7 / 100

7) Which tool is primarily used for password cracking?

a) John the Ripper

b) Wireshark

c) Nessus

d) Burp Suite

8 / 100

8) Which Windows feature isolates programs to prevent them from affecting the OS?

a) Task Manager

b) Event Viewer

c) System Restore

d) Windows Sandbox

9 / 100

9) Which security feature protects cloud workloads from unauthorized network access?

a) CDNs

b) DNS servers

c) Load balancers

d) Security groups and network ACLs

10 / 100

10) What is the main purpose of a Public Key Infrastructure (PKI)?

a) To monitor user behavior

b) To scan networks

c) To manage encryption keys and digital certificates

d) To manage backups

11 / 100

11) What does the term “red team” refer to in cybersecurity?

a) IT helpdesk staff

b) Malware developers

c) Ethical hackers simulating attackers to test defenses

d) Security auditors who enforce policies

12 / 100

12) What does “data carving” help recover?

a) User credentials

b) Deleted or fragmented files from raw data

c) Network traffic

d) Encrypted files only

13 / 100

13) Which of the following prevents unauthorized access but does not detect it?

a) IPS

b) Firewall

c) IDS

d) Proxy

14 / 100

14) Which tool is commonly used for log management and analysis?

a) John the Ripper

b) Splunk

c) Wireshark

d) Nessus

15 / 100

15) What is the best defense against SQL Injection attacks?

a) Disabling cookies

b) Using MD5 for passwords

c) Parameterized queries (Prepared Statements)

d) Disabling JavaScript

16 / 100

16) What does "sandboxing" refer to in endpoint security?

a) Updating antivirus software

b) Running programs in an isolated environment

c) Deleting system files

d) Encrypting files

17 / 100

17) What is a “pivot” in penetration testing?

a) Performing a denial-of-service attack

b) Encrypting data

c) Switching to a new target after the first fails

d) Using a compromised system to attack other systems within the network

18 / 100

18) Which legal document often grants permission to perform penetration testing?

a) Terms of Service

b) NDA (Non-Disclosure Agreement)

c) Privacy Policy

d) Rules of Engagement

19 / 100

19) Which one of these algorithms is a cryptographic hash function?

a) DES

b) ECC

c) AES

d) SHA-256

20 / 100

20) Which of the following is a network layer attack?

a) SQL injection

b) XSS

c) Keylogging

d) Smurf Attack

21 / 100

21) What is the first step in the cyber kill chain model?

a) Installation

b) Delivery

c) Exploitation

d) Reconnaissance

22 / 100

22) Which organization publishes the NIST Cybersecurity Framework?

a) European Union Agency for Cybersecurity

b) International Organization for Standardization

c) National Institute of Standards and Technology

d) Payment Card Industry Security Standards Council

23 / 100

23) Which service is commonly used to automate compliance checks in cloud environments?

a) Jenkins

b) Ansible

c) GitHub

d) AWS Config

24 / 100

24) Which device is used to segment a network and reduce traffic?

a) Hub

b) Repeater

c) Modem

d) Switch

25 / 100

25) Which vulnerability involves the attacker forcing a logged-in user to perform unwanted actions?

a) Broken Authentication

b) CSRF (Cross-Site Request Forgery)

c) Insecure Design

d) XSS

26 / 100

26) In the OWASP Top 10, what does A07:2021 refer to?

a) Software and Data Integrity Failures

b) Injection

c) Identification and Authentication Failures

d) Cryptographic Failures

27 / 100

27) What is the main focus of the Sarbanes-Oxley Act (SOX) in relation to cybersecurity?

a) Financial reporting and internal controls

b) Cloud security policies

c) Protect healthcare data

d) Encryption standards

28 / 100

28) Why is “documentation” crucial during incident response and digital forensics?

a) To create marketing reports

b) To comply with regulations and maintain evidence integrity

c) To encrypt data

d) To speed up recovery

29 / 100

29) Which system service in Windows is responsible for managing security policies?

a) Disk Cleanup

b) Device Manager

c) Task Scheduler

d) Local Security Authority Subsystem Service (LSASS)

30 / 100

30) What does the “containment” phase focus on during incident response?

a) Creating backups

b) Reporting incidents publicly

c) Stopping the spread of an attack and limiting damage

d) Removing malware

31 / 100

31) Which of the following is an example of social engineering?

a) Phishing email asking for login info

b) SQL injection

c) Malware installation through USB

d) Password brute-force

32 / 100

32) Which of the following is used to ensure data integrity?

a) Random number generator

b) Public key

c) Hash functions

d) Symmetric key

33 / 100

33) Which type of firewall filters traffic at the network layer?

a) Proxy firewall

b) Application firewall

c) Packet-filtering firewall

d) Stateful firewall

34 / 100

34) What is the role of a security standard?

a) Incident reporting

b) Business continuity planning

c) Specific mandatory requirements and controls

d) General high-level principles

35 / 100

35) What does a Data Loss Prevention (DLP) system do?

a) Scans for vulnerabilities

b) Manages user accounts

c) Encrypts network traffic

d) Prevents unauthorized transmission of sensitive data outside the organization

36 / 100

36) What does the “principle of least privilege” help prevent?

a) Security Misconfiguration

b) XSS

c) SQL injection

d) Excessive access and privilege abuse

37 / 100

37) What is the role of “post-exploitation” in penetration testing?

a) Reporting vulnerabilities

b) Maintaining access and escalating privileges after gaining entry

c) Cleaning up system logs

d) Initial information gathering

38 / 100

38) What is the function of the tool “Snort”?

a) Network intrusion detection system

b) Password manager

c) Antivirus software

d) Encryption software

39 / 100

39) What is the primary goal of a disaster recovery plan?

a) Prevent security breaches

b) Encrypt data at rest

c) Monitor network traffic

d) Restore critical business functions after an incident

40 / 100

40) What is the purpose of “file carving” in digital forensics?

a) Deleting corrupted files

b) Encrypting files

c) Recovering files without file system metadata

d) Compressing files for storage

41 / 100

41) Which OWASP vulnerability involves allowing attackers to access functions or data they shouldn’t be able to?

a) Insecure Deserialization

b) Security Misconfiguration

c) Cross-Site Scripting (XSS)

d) Broken Access Control

42 / 100

42) Which security technology helps protect against Distributed Denial of Service (DDoS) attacks?

a) VPN

b) DDoS mitigation services

c) IDS

d) Firewall

43 / 100

43) What is “footprinting” in ethical hacking?

a) Erasing logs to hide activity

b) Collecting information about a target system or network

c) Writing malware

d) Exploiting vulnerabilities

44 / 100

44) What does “least privilege” mean in access control?

a) Users can access all files

b) Users have full administrative rights

c) Users have the minimum access necessary for their job

d) Users have no access

45 / 100

45) Which protocol uses cryptographic methods to secure web communication?

a) SMTP

b) HTTPS

c) FTP

d) HTTP

46 / 100

46) Which of the following is an example of asymmetric key encryption?

a) RSA

b) AES

c) DES

d) Blowfish

47 / 100

47) What is the role of antivirus “heuristics”?

a) Compress files

b) Improve graphics

c) Encrypt data

d) Detect previously unknown malware by behavior analysis

48 / 100

48) Question

49 / 100

49) What is the purpose of a digital certificate in cryptography?

a) Create random keys

b) Encrypt data

c) Store cookies

d) Verify identity

50 / 100

50) Which of these protocols operates over port 443?

a) FTP

b) SMTP

c) HTTPS

d) HTTP

51 / 100

51) Which of the following is an example of a passive reconnaissance technique?

a) Running brute force attacks

b) Exploiting a vulnerability

c) Scanning open ports

d) Monitoring social media profiles

52 / 100

52) What is the difference between a virus and a worm?

a) Viruses replicate themselves automatically, worms do not

b) Both are the same

c) Worms need user action to spread, viruses do not

d) Worms spread without user action; viruses require user action

53 / 100

53) What is the purpose of a “security baseline” in cloud environments?

a) To increase network speed

b) To back up cloud data

c) To manage user accounts

d) To define a minimum set of security controls required for cloud resources

54 / 100

54) Which tool is widely used for network traffic analysis during incident investigations?

a) John the Ripper

b) Burp Suite

c) Nessus

d) Wireshark

55 / 100

55) Which cloud service model provides the highest level of user control over the infrastructure?

a) SaaS

b) IaaS

c) FaaS

d) PaaS

56 / 100

56) Which protocol is used to securely transfer files over the Internet?

a) Encrypt and secure communication over public networks

b) Block pop-up ads

c) Increase internet speed

d) Download large files faster

57 / 100

57) What does the “principle of defense in depth” advocate in cloud security?

a) Using only firewalls

b) Ignoring security updates

c) Single-layer security measures

d) Multiple layers of security controls to protect assets

58 / 100

58) What is the function of a Network Access Control (NAC) system?

a) To scan websites for malware

b) To enforce security policies on devices trying to access the network

c) To backup data automatically

d) To encrypt emails

59 / 100

59) Which protocol is used to securely transfer files over the Internet?

a) HTTP

b) SFTP

c) POP3

d) FTP

60 / 100

60) What is a zero-day vulnerability?

a) A newly discovered flaw not yet fixed

b) A vulnerability already patched

c) A vulnerability that has no security risk

d) A type of password attack

61 / 100

61) What does the term “key length” influence in encryption?

a) Encryption speed

b) Level of security

c) Power consumption

d) Storage format

62 / 100

62) What is a brute force attack in cryptography?

a) Social engineering technique

b) Breaking encryption using software bugs

c) Trying all possible key combinations

d) Guessing keys using dictionary words

63 / 100

63) What is “container orchestration” and which tool is most popular for it?

a) Encrypting containers; Docker

b) Managing multiple containers; Kubernetes

c) Scanning containers; Trivy

d) Building containers; Jenkins

64 / 100

64) What does “timeline analysis” refer to in digital forensics?

a) Encrypting logs

b) Scheduling backups

c) Monitoring network speed

d) Constructing a chronological sequence of events during an incident

65 / 100

65) What is a “data retention policy”?

a) Policy on how long data is stored and when it should be deleted

b) Policy on software updates

c) Policy on user access management

d) Policy on physical security

66 / 100

66) Which DevSecOps tool is used for static application security testing (SAST)?

a) Docker

b) SonarQube

c) Kubernetes

d) Terraform

67 / 100

67) What does the term 'cybersecurity' mean?

a) Protecting websites only

b) Increasing internet speed

c) Protecting websites only

d) Protecting computer systems from digital threats

68 / 100

68) A ______ is an attack where the attacker tricks users into clicking malicious links.

a) Firewall breach

b) Phishing attack

c) Antivirus check

d) Proxy attack

69 / 100

69) Which Linux tool helps detect rootkits on a system?

a) Wireshark

b) Grep

c) Nmap

d) Tripwire

70 / 100

70) Which tool is used to exploit known vulnerabilities and automate attacks?

a) Wireshark

b) John the Ripper

c) Metasploit

d) Nmap

71 / 100

71) What does a firewall do in a network?

a) Encrypts files

b) Protects against physical theft

c) Detects phishing emails

d) Controls incoming and outgoing network traffic

72 / 100

72) What is the key benefit of using containers in DevSecOps?

a) Reduced security

b) Increased application portability and consistency across environments

c) Manual configuration only

d) Slower deployment

73 / 100

73) What is a “buffer overflow” attack?

a) Stealing credentials

b) Intercepting network traffic

c) Encrypting files for ransom

d) Overloading memory buffer to execute malicious code

74 / 100

74) What is “forensic triage”?

a) Monitoring user activity

b) Creating backups

c) Prioritizing evidence collection and analysis during a security incident

d) Encrypting evidence

75 / 100

75) Which process involves verifying the identity of a user or system?

a) Encryption

b) Authorization

c) Auditing

d) Authentication

76 / 100

76) What kind of attack involves exploiting unpatched software vulnerabilities?

a) DDoS attack

b) Zero-day attack

c) SQL Injection

d) Phishing

77 / 100

77) Which OWASP vulnerability occurs when the system fails to protect API endpoints properly?

a) Broken Access Control

b) Injection

c) Cryptographic Failures

d) API Misconfiguration

78 / 100

78) Which compliance requirement mandates breach notification within 72 hours?

a) PCI DSS

b) HIPAA

c) SOX

d) GDPR

79 / 100

79) Which of the following tools is used for penetration testing automation?

a) Snort

b) Metasploit

c) Wireshark

d) OpenSSL

80 / 100

80) Which cybersecurity principle ensures that data is not modified by unauthorized users?

a) Confidentiality

b) Availability

c) Reliability

d) Integrity

81 / 100

81) Which of the following is a layer 2 device in the OSI model?

a) Firewall

b) Router

c) Server

d) Switch

82 / 100

82) What is the primary purpose of a firewall on an endpoint device?

a) Speed up system startup

b) Encrypt files

c) Block unauthorized network traffic

d) Manage user accounts

83 / 100

83) What is the primary function of SELinux?

a) Backup files automatically

b) Increase network bandwidth

c) Enhance GUI design

d) Provide mandatory access control on Linux systems

84 / 100

84) What does “immutable infrastructure” mean in DevSecOps?

a) Infrastructure that can be modified anytime

b) Infrastructure only on-premises

c) Infrastructure components are replaced rather than updated to reduce configuration drift

d) Infrastructure without security

85 / 100

85) What is “secrets management” in cloud security?

a) User authentication

b) Blocking network traffic

c) Encrypting user emails

d) Managing confidential information such as API keys and passwords securely

86 / 100

86) What is the difference between a vulnerability scan and a penetration test?

a) Vulnerability scans are manual; penetration tests are automated

b) Vulnerability scans identify potential weaknesses; penetration tests actively exploit them

c) There is no difference

d) Vulnerability scans fix issues; penetration tests only report them

87 / 100

87) Which standard provides guidelines for IT governance and management?

a) COBIT

b) PCI DSS

c) HIPAA

d) ISO 27001

88 / 100

88) What is a “policy exception” in cybersecurity?

a) A type of malware

b) An encryption method

c) A situation where security policy cannot be followed for valid reasons

d) A firewall rule

89 / 100

89) Which cryptographic technique uses different keys for encryption and decryption?

a) Vigenère cipher

b) Asymmetric encryption

c) Symmetric encryption

d) Caesar cipher

90 / 100

90) What is the purpose of penetration testing?

a) To identify security vulnerabilities

b) To update software

c) To boost antivirus performance

d) To test network speed

91 / 100

91) What does IDS stand for in network security?

a) Intrusion Detection System

b) Internal Detection Standard

c) Internet Defense System

d) Integrated Defense Security

92 / 100

92) Which encryption technique splits data into fixed-size blocks for processing?

a) One-time pad

b) Hash function

c) Block cipher

d) Stream cipher

93 / 100

93) Which organization primarily develops standards for cybersecurity in the U.S.?

a) NIST

b) UNICEF

c) WHO

d) UNESCO

94 / 100

94) Which penetration testing phase includes validating security controls by exploiting vulnerabilities?

a) Planning

b) Reporting

c) Exploitation

d) Reconnaissance

95 / 100

95) Which of the following helps mitigate sensitive data exposure?

a) JSON formatting

b) CDN caching

c) Strong encryption (e.g., AES)

d) Session cookies

96 / 100

96) What is the main drawback of symmetric encryption?

a) Slow performance

b) Difficult to implement

c) Key distribution problem

d) Low accuracy

97 / 100

97) Which one of these is considered a cyber threat?

a) Antivirus installation

b) Software update

c) Password creation

d) Ransomware

98 / 100

98) What type of security policy defines how an organization responds to security incidents?

a) Acceptable use policy

b) Incident response policy

c) Password policy

d) Data classification policy

99 / 100

99) What is the purpose of a honeypot in cybersecurity?

a) To trap attackers and analyze their methods

b) To store encryption keys

c) To speed up network traffic

d) To backup sensitive data

100 / 100

100) The OWASP Top 10 is updated approximately every:

a) 3 years

b) 5 years

c) 2 years

d) 10 years

Your score is

The average score is 85%

What You Learn in a Cybersecurity Internship

Leave a Reply Cancel reply