Cybersecurity | Internboot Assesments

A Cybersecurity internship is a great opportunity to gain hands-on experience in protecting systems, networks, and data from cyber threats. It prepares you for roles like Security Analyst, Penetration Tester, SOC Analyst, or Cybersecurity Engineer.

What You Learn in a Cybersecurity Internship

Fundamentals: CIA Triad (Confidentiality, Integrity, Availability), threat types, risk management
Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), packet sniffing
System Hardening: Securing Linux/Windows environments, patch management
Ethical Hacking: Penetration testing, vulnerability assessment, Kali Linux tools
Tools:
- Wireshark (network analysis)
- Metasploit (exploitation framework)
- Nmap (network scanner)
- Burp Suite (web security testing)
- SIEM tools (Splunk, ELK stack)
Incident Response: Monitoring alerts, responding to breaches, reporting
Compliance & Governance: GDPR, ISO 27001, HIPAA, SOC2

Important Notice:
Once you start the quiz, you will not be able to pause, exit, or restart it. Please ensure you are ready before beginning.

Cybersecurity L1

NameEmailPhone Number

1 / 100

1) Which of the following is NOT a common cybersecurity threat?

a) Machine Learning

b) SQL injection

c) Phishing

d) Ransomware

2 / 100

2) Which of the following is an example of malware?

a) Trojan horse

b) Firewall

c) Two-factor authentication

d) Antivirus

3 / 100

3) Which of the following is a secure version of HTTP?

a) HTTPS

b) HTTP

c) SFTP

d) FTP

4 / 100

4) Which phase of penetration testing involves gathering information about the target?

a) Exploitation

b) Remediation

c) Reporting

d) Reconnaissance

5 / 100

5) Which standard is widely used for information security management systems (ISMS)?

a) ISO 27001

b) PCI DSS

c) HIPAA

d) GDPR

6 / 100

6) What does the alt attribute do in an <img> tag?

a) Adds a border

b) Provides alternative text

c) Resizes the image

d) Adds a title

7 / 100

7) Which of the following is an example of a regulatory compliance standard?

a) NIST Cybersecurity Framework

b) HIPAA

c) COBIT

d) ISO 9001

8 / 100

8) What is a common vulnerability of the MD5 hashing algorithm?

a) Incompatibility with Windows systems

b) Slow processing speed

c) Susceptibility to collision attacks

d) High storage usage

9 / 100

9) Which law enforcement guideline helps maintain evidence integrity in digital forensics?

a) HIPAA

b) Chain of Custody

c) GDPR

d) ISO 27001

10 / 100

10) What is the main goal of container security in cloud environments?

a) Backing up container data daily

b) Blocking all network traffic

c) Securing container images, runtimes, and orchestration platforms

d) Encrypting all data on disk

11 / 100

11) What does a Security Information and Event Management (SIEM) system do?

a) Collects and analyzes security event data in real-time

b) Blocks websites

c) Manages user accounts

d) Encrypts data

12 / 100

12) Which technique is used to detect anomalies in network traffic?

a) Steganography

b) Cryptography

c) Signature-based detection

d) Anomaly-based detection

13 / 100

13) Which cryptographic algorithm is widely used in securing internet communications (HTTPS)?

a) RC4

b) AES

c) DES

d) RSA

14 / 100

14) In public key cryptography, what is the public key used for?

a) Encrypting messages

b) Generating passwords

c) Decrypting messages

d) Storing user data

15 / 100

15) Which cryptographic function is one-way and cannot be reversed?

a) Decryption

b) Key Exchange

c) Encryption

d) Hashing

16 / 100

16) Which tool is often used for web application penetration testing?

a) Burp Suite

b) Microsoft Excel

c) Adobe Acrobat

d) Metasploit

17 / 100

17) What is “Infrastructure as Code” (IaC) in DevSecOps?

a) Managing and provisioning infrastructure through code and automation

b) Writing hardware configurations manually

c) Encrypting infrastructure data

d) Physical hardware maintenance

18 / 100

18) What does IP spoofing involve?

a) Encrypting network data

b) Injecting SQL commands

c) Listening to network traffic

d) Masking IP address to mimic another system

19 / 100

19) What does a host-based intrusion detection system (HIDS) do?

a) Scans email attachments

b) Encrypts network traffic

c) Logs browser history

d) Detects malicious activity on individual systems

20 / 100

20) Which term describes unsolicited or junk email?

a) Spam

b) Scam

c) Phishing

d) Spoofing

21 / 100

21) What is the main purpose of ethical hacking?

a) To identify and fix security vulnerabilities legally

b) To steal data

c) To crash systems

d) To monitor user activity

22 / 100

22) What is the role of a “forensic image”?

a) A backup of data in an encrypted format

b) A scanned paper document

c) A screenshot of suspicious activity

d) An exact bit-by-bit copy of digital storage for analysis

23 / 100

23) What is the primary goal of cybersecurity?

a) Marketing digital products

b) Enhancing device speed

c) Designing websites

d) Protecting data and systems from attacks

24 / 100

24) What is a common method for ensuring file system security in operating systems?

a) Installing browser extensions

b) File and folder permissions

c) Using open-source licenses

d) Increasing RAM

25 / 100

25) What does the term “Insecure Deserialization” refer to in the OWASP Top 10?

a) Unencrypted database

b) Converting objects into code

c) Attacks where untrusted data is used to abuse the logic of the application

d) Failure in loading CSS

26 / 100

26) What does “penetration testing” involve?

a) Updating firewall rules

b) Simulating cyberattacks to test system defenses

c) Installing antivirus software

d) Encrypting data

27 / 100

27) What is the function of endpoint encryption?

a) Improve application UI

b) Increase system boot speed

c) Protect data by making it unreadable without a key

d) Block pop-ups

28 / 100

28) What is the function of a Cloud Access Security Broker (CASB)?

a) Encrypting emails

b) Managing user passwords

c) Scanning network traffic only

d) Enforcing security policies between cloud service users and providers

29 / 100

29) Question

a) Incident response policy

b) Disaster recovery policy

c) Acceptable use policy (AUP)

d) Data retention policy

30 / 100

30) Which Linux command is used to change file permissions?

a) rm

b) chmod

c) mv

d) sudo

31 / 100

31) What is “memory forensics” used to analyze?

a) User permissions

b) Network logs

c) Volatile data in RAM to identify running processes and malware

d) Hard disk drives only

32 / 100

32) What is the main function of a proxy server in a network?

a) Hide user IP address and filter content

b) Encrypt files

c) Block USB ports

d) Perform hardware diagnostics

33 / 100

33) What is port scanning used for in cybersecurity?

a) Encrypting files

b) Identifying open ports on a device

c) Analyzing passwords

d) Preventing data loss

34 / 100

34)

Which type of data is characterized by being non-numeric and descriptive, often involving categories or labels?

a) Quantitative data

b) Qualitative data

c) Continuous data

d) Discrete data

35 / 100

35) During which phase are vulnerabilities patched and root causes eliminated?

a) Recovery

b) Containment

c) Identification

d) Eradication

36 / 100

36) Which security header helps protect against XSS attacks?

a) X-Content-Type-Options

b) Access-Control-Allow-Origin

c) Cache-Control

d) Content-Security-Policy

37 / 100

37) Which is the most basic type of cybersecurity attack?

a) Trojan Horse

b) Packet Sniffing

c) SQL injection

d) DDoS attack

38 / 100

38) What is the primary purpose of a security policy in an organization?

a) To define acceptable use and protect assets

b) To design user interfaces

c) To increase software speed

d) To manage network traffic

39 / 100

39) Which type of vulnerability can exploit trust in the user’s browser session?

a) Insecure Deserialization

b) XSS

c) Injection

d) CSRF

40 / 100

40) What is a “chain of custody” in digital forensics?

a) A backup procedure

b) Documentation of evidence handling to maintain its integrity

c) The process of encrypting files

d) A method for password cracking

41 / 100

41) What is the purpose of a proxy server in network security?

a) To monitor user keystrokes

b) To encrypt data at rest

c) To act as an intermediary between clients and servers, controlling and filtering requests

d) To store passwords

42 / 100

42) Which OWASP Top 10 vulnerability involves untrusted data being used to trick an interpreter?

a) Injection

b) Sensitive Data Exposure

c) Cross-Site Scripting

d) Security Misconfiguration

43 / 100

43) Which of the following is not in the OWASP Top 10 list (as of 2021)?

a) Open Redirects

b) Broken Access Control

c) Server-Side Request Forgery

d) Insecure Design

44 / 100

44) Which layer of the OSI model does a router operate on?

a) Transport layer

b) Application layer

c) Data Link layer

d) Network layer

45 / 100

45) What is the main goal of access control policies?

a) To speed up login processes

b) To restrict access to resources based on user roles

c) To encrypt files

d) To allow all users unrestricted access

46 / 100

46) What is the primary function of a firewall?

a) To filter and control incoming and outgoing network traffic

b) To monitor employee productivity

c) To backup files

d) To encrypt data

47 / 100

47) What is the purpose of an endpoint protection platform (EPP)?

a) Enhance GUI design

b) Prevent malware and unauthorized access on endpoint devices

c) Manage cloud storage

d) Monitor website traffic

48 / 100

48) Which of the following is a core function of an operating system?

a) Managing hardware resources

b) Compiling source code

c) Designing user interfaces

d) Encrypting email

49 / 100

49) Which tool is commonly used for digital forensics and data recovery?

a) Nessus

b) Metasploit

c) Autopsy

d) Wireshark

50 / 100

50) What is the role of compliance audits?

a) To install firewalls

b) To verify adherence to security policies and regulations

c) To design system architecture

d) To encrypt data

51 / 100

51) Which type of attack involves overwhelming a system with traffic to render it unavailable?

a) Phishing

b) DDoS

c) Man-in-the-Middle

d) SQL injection

52 / 100

52) What is the final step in a penetration testing process?

a) Reporting findings and recommending fixes

b) Reconnaissance

c) Exploitation

d) Scanning

53 / 100

53) What is the role of a firewall in cybersecurity?

a) Filtering incoming and outgoing network traffic

b) Encrypting data

c) Monitoring temperature

d) Boosting internet speed

54 / 100

54) Which tool is commonly used for network traffic analysis?

a) Nmap

b) Metasploit

c) Burp Suite

d) Wireshark

55 / 100

55) Which component is necessary for asymmetric encryption?

a) Symmetric block

b) Public and private key pair

c) Single secret key

d) Hash Key

56 / 100

56) What is two-factor authentication (2FA)?

a) Using two firewalls in series

b) Using a single password to access multiple accounts

c) Requiring two different types of authentication to verify user identity

d) Encrypting data twice

57 / 100

57) Which security practice is essential for continuous integration/continuous deployment (CI/CD) pipelines?

a) Ignoring security during deployment

b) Manual code review only

c) Disabling firewalls

d) Automated security testing integrated into pipelines

58 / 100

58) Which type of malware disguises itself as legitimate software?

a) Worm

b) Ransomware

c) Botnet

d) Trojan Horse

59 / 100

59) Which tool is commonly used for network vulnerability scanning?

a) Photoshop

b) Nmap

c) Visual Studio

d) Wireshark

60 / 100

60) What is the purpose of a DMZ (Demilitarized Zone) in network architecture?

a) Backup user data

b) Monitor physical devices

c) Increase bandwidth

d) Host public-facing services while protecting internal networks

61 / 100

61) What does “A01:2021 – Broken Access Control” primarily refer to?

a) Unpatched software

b) Privilege escalation and access bypass

c) Session timeout

d) Improper user input

62 / 100

62) What is the role of antivirus software in endpoint security?

a) Compresses files

b) Increases internet speed

c) Detects and removes malware

d) Optimizes disk usage

63 / 100

63) What is the main purpose of log analysis in incident response?

a) To delete logs

b) To identify suspicious activities and trace attack sources

c) To encrypt data

d) To create new user accounts

64 / 100

64) Which Windows security feature prevents unauthorized changes to the operating system?

a) User Account Control (UAC)

b) Windows Defender Firewall

c) Control Panel

d) Task Scheduler

65 / 100

65) How can you mitigate Cross-Site Scripting (XSS)?

a) Use parameterized queries

b) Disable JavaScript

c) Encode output and validate input

d) Enable cookies

66 / 100

66) Which type of encryption uses the same key for both encryption and decryption?

a) Symmetric encryption

b) Public-key encryption

c) HAshing

d) Asymmetric encryption

67 / 100

67) What is the full form of SSL in network security?

a) Secured Service Logic

b) Secure Sockets Layer

c) Secure Software Link

d) Safe System Login

68 / 100

68) What does the principle of “least privilege” mean in cloud security?

a) Giving users maximum access rights

b) Disabling all user access

c) Allowing anonymous access

d) Granting users only the permissions necessary to perform their job

69 / 100

69) Which vulnerability allows attackers to inject malicious scripts into web pages viewed by others?

a) SQL injection

b) Cross-Site Scripting (XSS))

c) CSRF

d) SSRF

70 / 100

70) What does DevSecOps stand for?

a) Device Security Optimization

b) Device Security Operations

c) Development Secondary Operations

d) Development, Security, and Operations integration

71 / 100

71) Which compliance framework is specifically designed for payment card data security?

a) SOX

b) HIPAA

c) PCI DSS

d) GDPR

72 / 100

72) What does GDPR primarily regulate?

a) Personal data protection and privacy in the EU

b) Network configuration standards

c) Password complexity

d) Software development lifecycle

73 / 100

73) Which tool is used for vulnerability scanning in networks?

a) Burp Suite

b) John the Ripper

c) Nessus

d) Wireshark

74 / 100

74) Which document outlines the detailed procedures to enforce a security policy?

a) Security guideline

b) Security standard

c) Security policy

d) Security procedure

75 / 100

75) What is “privilege escalation” in ethical hacking?

a) Encrypting files

b) Reducing user privileges

c) Gaining higher access rights than initially allowed

d) Logging out users

76 / 100

76) What is an Advanced Persistent Threat (APT)?

a) A one-time data breach

b) A prolonged and targeted cyberattack

c) A harmless intrusion

d) A short-term malware infection

77 / 100

77) Which of the following is a common vulnerability in cloud environments?

a) Open ports and misconfigured storage buckets

b) Using strong passwords

c) Regular software updates

d) Multi-factor authentication

78 / 100

78)

What is the primary role of "data lineage" in data management?

a) To track the origin, transformations, and movement of data over its lifecycle.

b) To encrypt data for security purposes.

c) To visualize data relationships.

d) To store the physical data files.

79 / 100

79) What is the primary goal of incident response?

a) To create new vulnerabilities

b) To delete user accounts

c) To ignore security incidents

d) To detect, contain, and recover from security incidents

80 / 100

80) Which network device is used to connect different networks together?

a) Hub

b) Switch

c) Router

d) Bridge

81 / 100

81) What is “live forensics”?

a) Writing malware

b) Monitoring network traffic only

c) Collecting data from a system while it is still running

d) Analyzing data from a powered-off system

82 / 100

82) What is the main purpose of cryptography?

a) Enhancing software speed

b) Storing large data

c) Data compression

d) Securing communication

83 / 100

83) Which phase of incident response involves identifying and verifying an incident?

a) Recovery

b) Identification

c) Preparation

d) Eradication

84 / 100

84) What technology creates a secure, encrypted tunnel over the internet?

a) Proxy server

b) IDS

c) Firewall

d) VPN

85 / 100

85) Which tool is popular for automated web application security testing?

a) Burp Suite

b) Nessus

c) Wireshark

d) Metasploit

86 / 100

86) What is the process of converting ciphertext back into readable form called?

a) Transformation

b) Decoding

c) Decryption

d) Unpacking

87 / 100

87) What does the CIA triad stand for in cybersecurity?

a) Cybersecurity, Identity, Authentication

b) Code, Infrastructure, Application

c) Control, Integrity, Access

d) Confidentiality, Integrity, Availability

88 / 100

88) What is a “white hat” hacker?

a) A black hat hacker’s assistant

b) A script kiddie

c) An ethical hacker authorized to find vulnerabilities

d) A malicious hacker

89 / 100

89) Which cloud security model shares responsibility between the cloud provider and the user?

a) Private cloud model

b) Public cloud model

c) Hybrid cloud model

d) Shared responsibility model

90 / 100

90) Which of these best describes privilege escalation?

a) Deleting system restore points

b) Upgrading the system RAM

c) Gaining access to system logs

d) A normal user gaining higher access rights illegitimately

91 / 100

91) Which tool is commonly used for scanning container images for vulnerabilities?

a) Nessus

b) Metasploit

c) Trivy

d) Wireshark

92 / 100

92) What does OWASP stand for?

a) Operational Web and App Secure Program

b) Open Web Application Security Project

c) Online Web Application Security Project

d) Organization for Web Application Security Practices

93 / 100

93) Why is patch management critical for endpoint security?

a) It improves screen resolution

b) It updates antivirus definitions

c) It speeds up the computer boot process

d) It fixes security vulnerabilities in OS and applications

94 / 100

94) A broken authentication flaw can lead to which major risk?

a) Brute-force attacks

b) UI failure

c) Code injection

d) SQL optimization

95 / 100

95) What does AES stand for?

a) Advanced Encryption Standard

b) Application Encryption Scheme

c) Advanced Encryption System

d) Advanced Email Security

96 / 100

96) What is “social engineering” in penetration testing?

a) Encrypting communications

b) Using technical exploits only

c) Manipulating people to divulge confidential information

d) Monitoring network traffic

97 / 100

97) What does “shift-left security” mean in DevSecOps?

a) ng security in development

b) Delaying security testing until after deployment

c) Integrating security earlier in the software development lifecycle

d) Removing security tools

98 / 100

98) What does a “security baseline” refer to?

a) The maximum number of users allowed on a network

b) The network topology

c) The minimum security configurations required on systems

d) The default password list

99 / 100

99) Which algorithm is known for producing digital signatures?

a) DES

b) DSA

c) MD5

d) SHA-1

100 / 100

100) What does the term “zero-day vulnerability” mean?

a) A phishing attack

b) A previously unknown vulnerability exploited before a patch is available

c) A vulnerability fixed by antivirus

d) A vulnerability known for years

Your score is

Exit

What You Learn in a Cybersecurity Internship

Leave a Reply Cancel reply