Cybersecurity | Assesments

A Cybersecurity internship is a great opportunity to gain hands-on experience in protecting systems, networks, and data from cyber threats. It prepares you for roles like Security Analyst, Penetration Tester, SOC Analyst, or Cybersecurity Engineer.

What You Learn in a Cybersecurity Internship

Fundamentals: CIA Triad (Confidentiality, Integrity, Availability), threat types, risk management
Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), packet sniffing
System Hardening: Securing Linux/Windows environments, patch management
Ethical Hacking: Penetration testing, vulnerability assessment, Kali Linux tools
Tools:
- Wireshark (network analysis)
- Metasploit (exploitation framework)
- Nmap (network scanner)
- Burp Suite (web security testing)
- SIEM tools (Splunk, ELK stack)
Incident Response: Monitoring alerts, responding to breaches, reporting
Compliance & Governance: GDPR, ISO 27001, HIPAA, SOC2

Important Notice:
Once you start the quiz, you will not be able to pause, exit, or restart it. Please ensure you are ready before beginning.

Cybersecurity D1

NameEmailPhone Number

1 / 44

Confidentiality ensures that:

a) Data is accurate and consistent

b) None of the above

c) Data is accessible only to authorized users

d) Systems are always available

2 / 44

DDoS attacks primarily impact which CIA component?

a) None

b) Confidentiality

c) Availability

d) Integrity

3 / 44

Which of the following is NOT in the scope of cybersecurity?

a) Websites

b) Mobile phones

c) IoT devices

d) Personal diaries

4 / 44

Sending phishing emails to a target is:

a) Exploitation

b) Weaponization

c) Delivery

d) Installation

5 / 44

Which of these is an example of confidentiality protection?

a) Backup servers

b) Load balancers

c) Encryption

d) Hashing

6 / 44

Installing backdoors on victim systems is:

a) C2

b) Installation

c) Reconnaissance

d) Delivery

7 / 44

Ransomware blocking access to data affects:

a) Availability

b) Confidentiality

c) None

d) Integrity

8 / 44

How many phishing emails are estimated to be sent daily?

a) 300 million

b) 3 million

c) 30 million

d) 3 billion

9 / 44

Example of ethical hacking is:

a) Running malware to check defenses secretly

b) Selling data on dark web

c) Testing a login page with company’s permis

d) Exploiting a bank’s database without notice

10 / 44

10)

Phishing emails are an example of:

a) Insider threat

b) Firewall misconfiguration

c) Social engineering attack

d) Malware infection

11 / 44

11)

The first stage of cyber kill chain is:

a) Delivery

b) Weaponization

c) Reconnaissance

d) Exploitation

12 / 44

12)

Primary goal of malware is:

a) To monitor CPU usage

b) To cause harm or steal data

c) To update systems

d) To optimize resources

13 / 44

13)

APT stands for:

a) Advanced Persistent Threat

b) Application Penetration Test

c) Advanced Protection Technology

d) Automatic Phishing Technique

14 / 44

14)

Encrypting customer data ensures:

a) Integrity

b) vailability

c) Confidentiality

d) ll of the above

15 / 44

15)

Which role involves detecting and responding to cyber incidents in real time?

a) System developer

b) Ethical hacker

c) Cloud architect

d) Security analyst

16 / 44

16)

Ethical hacking must always be performed with:

a) Permission

b) Bypassing law

c) Malware tools

d) Secrecy

17 / 44

17)

Main role of an ethical hacker is:

a) Launch real attacks

b) Report vulnerabilities to improve security

c) Exploit systems without consent

d) Disable systems for testing

18 / 44

18)

Integrity is violated when:

a) Hackers delete or modify records

b) Data is encrypted securely

c) Systems crash due to overload

d) Authorized users access data

19 / 44

19)

Main objective of cybersecurity is to prevent:

a) Unauthorized access and attacks

b) System installation delays

c) Software updates

d) Internet connection failures

20 / 44

20)

Which CIA principle is most affected if hospital patient records are tampered with?

a) Integrity

b) All of the above

c) Availability

d) Confidentiality

21 / 44

21) In 2025, how many internet users are estimated globally?

a) 3 billion

b) 4 billion

c) 5+ billion

d) 7 billion

22 / 44

22)

Which is an insider threat example?

a) Hackers breaching a system

b) Phishing attempt on staff

c) Employee selling company secrets

d) Malware spreading via USB

23 / 44

23)

Data breaches in 2024 exposed how many personal records approximately?

a) 2.6 billion

b) 3.2 billion

c) 1.5 billion

d) 5 billion

24 / 44

24)

Exploiting unpatched software vulnerabilities occurs in:

a) Exploitation

b) C2

c) Actions on objectives

d) Session

25 / 44

25)

Penetration testing is also known as:

a) Blue teaming

b) White-hat hacking

c) Incident response

d) Malware analysis

26 / 44

26)

The biggest ethical rule in penetration testing is:

a) Confidentiality

b) Payment

c) Number of exploits used

d) Speed

27 / 44

27)

Attackers establishing communication with compromised systems is:

a) Exploitation

b) Weaponization

c) C2 (Command and Control)

d) Delivery

28 / 44

28) A bank protecting customers from phishing is an example of:

a) Database management

b) Data mining

c) Social engineering

d) Cybersecurity in action

29 / 44

29)

In 2024, LockBit ransomware affected approximately:

a) 500 organizations

b) 100 organizations

c) 5,000 organizations

d) 1,000+ organizations

30 / 44

30)

Malware includes:

a) Viruses

b) All of the above

c) Ransomware

d) Worms

31 / 44

31)

The cyber kill chain was developed by:

a) Google

b) Microsoft

c) NSA

d) Lockheed Martin

32 / 44

32)

Which is the MOST dangerous due to persistence and sophistication?

a) Phishing

b) Insider misuse

c) APT

d) Malware

33 / 44

33)

Who benefits from ethical hacking?

a) None

b) Both organization and customers

c) Organization only

d) Hackers only

34 / 44

34) Cybersecurity primarily focuses on protecting:

a) Hardware components only

b) Systems, networks, and data

c) Hardware components only

d) Systems, networks, and data

35 / 44

35)

A checksum is used to protect which principle of the CIA triad?

a) Integrity

b) None

c) Availability

d) Confidentiality

36 / 44

36)

Creating a malicious payload is part of which stage?

a) Reconnaissance

b) C2

c) Weaponization

d) Delivery

37 / 44

37)

Which of the following is a popular ethical hacking certification?

a) OSCP

b) CEH

c) CompTIA PenTest+

d) All of the above

38 / 44

38)

Which organization would need cybersecurity the most?

a) E-commerce platforms

b) All of the above

c) Hospitals

d) Banks

39 / 44

39)

Phishing attacks target primarily:

a) Databases

b) Network cables

c) Human behavior

d) Servers

40 / 44

40)

Installing ransomware on company servers relates to which kill chain stage?

a) C2

b) Reconnaissance

c) Weaponization

d) Installation

41 / 44

41)

A financial analyst's salary is often dependent on:

a) The amount of caffeine they consume

b) The company's stock price

c) Their level of experience and specialized knowledge

d) The number of hours they sleep

42 / 44

42)

The “C” in CIA triad stands for:

a) Confidentiality

b) Compliance

c) Communication

d) Control

43 / 44

43)

In a 2024 attack, phishing was used in which kill chain stage?

a) Installation

b) Exploitation

c) C2

d) Delivery

44 / 44

44)

Which attack demanded $10 million in 2024 from a retail chain?

a) Insider threat

b) DDoS attack

c) Ransomware

d) SQL Injection

Your score is

Exit

Important Notice:
Once you start the quiz, you will not be able to pause, exit, or restart it. Please ensure you are ready before beginning.

Cybersecurity L2

1 / 100

1) Which of the following tools is used for penetration testing automation?

a) OpenSSL

b) Wireshark

c) Metasploit

d) Snort

2 / 100

2) Which tool is used to exploit known vulnerabilities and automate attacks?

a) John the Ripper

b) Nmap

c) Wireshark

d) Metasploit

3 / 100

3) Which Windows feature isolates programs to prevent them from affecting the OS?

a) Event Viewer

b) Task Manager

c) Windows Sandbox

d) System Restore

4 / 100

4) Which standard provides guidelines for IT governance and management?

a) COBIT

b) HIPAA

c) PCI DSS

d) ISO 27001

5 / 100

5) Which protocol uses cryptographic methods to secure web communication?

a) HTTPS

b) SMTP

c) HTTP

d) FTP

6 / 100

6) Which of the following is an example of social engineering?

a) Malware installation through USB

b) Phishing email asking for login info

c) SQL injection

d) Password brute-force

7 / 100

7) Which security technology helps protect against Distributed Denial of Service (DDoS) attacks?

a) IDS

b) Firewall

c) VPN

d) DDoS mitigation services

8 / 100

8) What is the first step in the cyber kill chain model?

a) Exploitation

b) Reconnaissance

c) Installation

d) Delivery

9 / 100

9) Which legal document often grants permission to perform penetration testing?

a) Rules of Engagement

b) Privacy Policy

c) NDA (Non-Disclosure Agreement)

d) Terms of Service

10 / 100

10) Which one of these is considered a cyber threat?

a) Ransomware

b) Antivirus installation

c) Software update

d) Password creation

11 / 100

11) What is a “pivot” in penetration testing?

a) Encrypting data

b) Using a compromised system to attack other systems within the network

c) Switching to a new target after the first fails

d) Performing a denial-of-service attack

12 / 100

12) What does the term “red team” refer to in cybersecurity?

a) Security auditors who enforce policies

b) IT helpdesk staff

c) Ethical hackers simulating attackers to test defenses

d) Malware developers

13 / 100

13) What does the term “key length” influence in encryption?

a) Storage format

b) Encryption speed

c) Level of security

d) Power consumption

14 / 100

14) Which device is used to segment a network and reduce traffic?

a) Switch

b) Hub

c) Repeater

d) Modem

15 / 100

15) Which process involves verifying the identity of a user or system?

a) Encryption

b) Authorization

c) Authentication

d) Auditing

16 / 100

16) What is the purpose of a “security baseline” in cloud environments?

a) To manage user accounts

b) To back up cloud data

c) To increase network speed

d) To define a minimum set of security controls required for cloud resources

17 / 100

17) What does the “principle of least privilege” help prevent?

a) Security Misconfiguration

b) XSS

c) Excessive access and privilege abuse

d) SQL injection

18 / 100

18) What is the role of an Endpoint Detection and Response (EDR) system?

a) To encrypt databases

b) To create user accounts

c) To manage firewalls

d) To monitor and respond to threats on endpoint devices

19 / 100

19) What does the term 'cybersecurity' mean?

a) Protecting websites only

b) Protecting computer systems from digital threats

c) Protecting websites only

d) Increasing internet speed

20 / 100

20) What does “timeline analysis” refer to in digital forensics?

a) Monitoring network speed

b) Constructing a chronological sequence of events during an incident

c) Scheduling backups

d) Encrypting logs

21 / 100

21) What is a “buffer overflow” attack?

a) Intercepting network traffic

b) Stealing credentials

c) Encrypting files for ransom

d) Overloading memory buffer to execute malicious code

22 / 100

22) Which of the following is an example of asymmetric key encryption?

a) RSA

b) Blowfish

c) AES

d) DES

23 / 100

23) What is the difference between a vulnerability scan and a penetration test?

a) There is no difference

b) Vulnerability scans are manual; penetration tests are automated

c) Vulnerability scans identify potential weaknesses; penetration tests actively exploit them

d) Vulnerability scans fix issues; penetration tests only report them

24 / 100

24) Which DevSecOps tool is used for static application security testing (SAST)?

a) Kubernetes

b) Docker

c) SonarQube

d) Terraform

25 / 100

25) Which protocol is used to securely transfer files over the Internet?

a) SFTP

b) FTP

c) HTTP

d) POP3

26 / 100

26) What is the role of antivirus “heuristics”?

a) Compress files

b) Encrypt data

c) Improve graphics

d) Detect previously unknown malware by behavior analysis

27 / 100

27) Which organization primarily develops standards for cybersecurity in the U.S.?

a) NIST

b) UNICEF

c) UNESCO

d) WHO

28 / 100

28) In the OWASP Top 10, what does A07:2021 refer to?

a) Cryptographic Failures

b) Injection

c) Identification and Authentication Failures

d) Software and Data Integrity Failures

29 / 100

29) What does “data carving” help recover?

a) Network traffic

b) User credentials

c) Encrypted files only

d) Deleted or fragmented files from raw data

30 / 100

30) Which tool is widely used for network traffic analysis during incident investigations?

a) Wireshark

b) John the Ripper

c) Burp Suite

d) Nessus

31 / 100

31) Which of the following is a layer 2 device in the OSI model?

a) Router

b) Switch

c) Firewall

d) Server

32 / 100

32) What is the main focus of the Sarbanes-Oxley Act (SOX) in relation to cybersecurity?

a) Protect healthcare data

b) Financial reporting and internal controls

c) Encryption standards

d) Cloud security policies

33 / 100

33) Which system service in Windows is responsible for managing security policies?

a) Disk Cleanup

b) Device Manager

c) Local Security Authority Subsystem Service (LSASS)

d) Task Scheduler

34 / 100

34) What is “container orchestration” and which tool is most popular for it?

a) Building containers; Jenkins

b) Managing multiple containers; Kubernetes

c) Encrypting containers; Docker

d) Scanning containers; Trivy

35 / 100

35) Which vulnerability involves the attacker forcing a logged-in user to perform unwanted actions?

a) Insecure Design

b) CSRF (Cross-Site Request Forgery)

c) Broken Authentication

d) XSS

36 / 100

36) What is a brute force attack in cryptography?

a) Trying all possible key combinations

b) Guessing keys using dictionary words

c) Breaking encryption using software bugs

d) Social engineering technique

37 / 100

37) What does a Data Loss Prevention (DLP) system do?

a) Scans for vulnerabilities

b) Prevents unauthorized transmission of sensitive data outside the organization

c) Manages user accounts

d) Encrypts network traffic

38 / 100

38) What is “forensic triage”?

a) Monitoring user activity

b) Prioritizing evidence collection and analysis during a security incident

c) Encrypting evidence

d) Creating backups

39 / 100

39) Which of the following is an example of a passive reconnaissance technique?

a) Exploiting a vulnerability

b) Scanning open ports

c) Monitoring social media profiles

d) Running brute force attacks

40 / 100

40) What is the first step in creating an incident response plan?

a) Preparation and policy development

b) Recovery and lessons learned

c) Eradication of threats

d) Containment strategy

41 / 100

41) Which Linux tool helps detect rootkits on a system?

a) Grep

b) Tripwire

c) Wireshark

d) Nmap

42 / 100

42) Which of the following helps mitigate sensitive data exposure?

a) Strong encryption (e.g., AES)

b) CDN caching

c) JSON formatting

d) Session cookies

43 / 100

43) What does the “containment” phase focus on during incident response?

a) Reporting incidents publicly

b) Creating backups

c) Stopping the spread of an attack and limiting damage

d) Removing malware

44 / 100

44) What is the primary goal of a disaster recovery plan?

a) Encrypt data at rest

b) Monitor network traffic

c) Restore critical business functions after an incident

d) Prevent security breaches

45 / 100

45) Which of these protocols operates over port 443?

a) HTTP

b) FTP

c) SMTP

d) HTTPS

46 / 100

46) Which cybersecurity principle ensures that data is not modified by unauthorized users?

a) Integrity

b) Availability

c) Confidentiality

d) Reliability

47 / 100

47) What is the purpose of a digital certificate in cryptography?

a) Create random keys

b) Store cookies

c) Encrypt data

d) Verify identity

48 / 100

48) Which of the following prevents unauthorized access but does not detect it?

a) IPS

b) IDS

c) Firewall

d) Proxy

49 / 100

49) What is “secrets management” in cloud security?

a) Encrypting user emails

b) Managing confidential information such as API keys and passwords securely

c) User authentication

d) Blocking network traffic

50 / 100

50) What is a “data retention policy”?

a) Policy on software updates

b) Policy on physical security

c) Policy on user access management

d) Policy on how long data is stored and when it should be deleted

51 / 100

51) What is the best defense against SQL Injection attacks?

a) Using MD5 for passwords

b) Parameterized queries (Prepared Statements)

c) Disabling cookies

d) Disabling JavaScript

52 / 100

52) Which one of these algorithms is a cryptographic hash function?

a) SHA-256

b) DES

c) ECC

d) AES

53 / 100

53) What is the role of “post-exploitation” in penetration testing?

a) Reporting vulnerabilities

b) Initial information gathering

c) Cleaning up system logs

d) Maintaining access and escalating privileges after gaining entry

54 / 100

54) What type of security policy defines how an organization responds to security incidents?

a) Acceptable use policy

b) Password policy

c) Incident response policy

d) Data classification policy

55 / 100

55) What is “footprinting” in ethical hacking?

a) Writing malware

b) Erasing logs to hide activity

c) Collecting information about a target system or network

d) Exploiting vulnerabilities

56 / 100

56) Which type of evidence is considered volatile?

a) RAM contents

b) Printed documents

c) Archived emails

d) Hard drive data

57 / 100

57) Which security feature protects cloud workloads from unauthorized network access?

a) DNS servers

b) Load balancers

c) Security groups and network ACLs

d) CDNs

58 / 100

58) What is the key benefit of using containers in DevSecOps?

a) Reduced security

b) Manual configuration only

c) Increased application portability and consistency across environments

d) Slower deployment

59 / 100

59) What is the function of the tool “Snort”?

a) Password manager

b) Encryption software

c) Antivirus software

d) Network intrusion detection system

60 / 100

60) What is the primary function of SELinux?

a) Increase network bandwidth

b) Enhance GUI design

c) Provide mandatory access control on Linux systems

d) Backup files automatically

61 / 100

61) Which tool is commonly used for log management and analysis?

a) Wireshark

b) Splunk

c) John the Ripper

d) Nessus

62 / 100

62) What does the “principle of defense in depth” advocate in cloud security?

a) Multiple layers of security controls to protect assets

b) Single-layer security measures

c) Using only firewalls

d) Ignoring security updates

63 / 100

63) The OWASP Top 10 is updated approximately every:

a) 2 years

b) 5 years

c) 10 years

d) 3 years

64 / 100

64) What does “least privilege” mean in access control?

a) Users have full administrative rights

b) Users can access all files

c) Users have the minimum access necessary for their job

d) Users have no access

65 / 100

65) Question

66 / 100

66) What is the primary purpose of a firewall on an endpoint device?

a) Encrypt files

b) Block unauthorized network traffic

c) Manage user accounts

d) Speed up system startup

67 / 100

67) Which digital forensic tool can analyze Windows registry files?

a) Nmap

b) RegRipper

c) Snort

d) Autopsy

68 / 100

68) Which tool is primarily used for password cracking?

a) Nessus

b) Burp Suite

c) John the Ripper

d) Wireshark

69 / 100

69) What is the difference between a virus and a worm?

a) Viruses replicate themselves automatically, worms do not

b) Worms spread without user action; viruses require user action

c) Worms need user action to spread, viruses do not

d) Both are the same

70 / 100

70) A ______ is an attack where the attacker tricks users into clicking malicious links.

a) Firewall breach

b) Antivirus check

c) Phishing attack

d) Proxy attack

71 / 100

71) Which of the following is a network layer attack?

a) Smurf Attack

b) Keylogging

c) XSS

d) SQL injection

72 / 100

72) What kind of attack involves exploiting unpatched software vulnerabilities?

a) DDoS attack

b) Zero-day attack

c) Phishing

d) SQL Injection

73 / 100

73) Which organization publishes the NIST Cybersecurity Framework?

a) Payment Card Industry Security Standards Council

b) European Union Agency for Cybersecurity

c) International Organization for Standardization

d) National Institute of Standards and Technology

74 / 100

74) What is a zero-day vulnerability?

a) A type of password attack

b) A vulnerability that has no security risk

c) A newly discovered flaw not yet fixed

d) A vulnerability already patched

75 / 100

75) Why is “documentation” crucial during incident response and digital forensics?

a) To encrypt data

b) To create marketing reports

c) To comply with regulations and maintain evidence integrity

d) To speed up recovery

76 / 100

76) Which encryption technique splits data into fixed-size blocks for processing?

a) Block cipher

b) Hash function

c) Stream cipher

d) One-time pad

77 / 100

77) Which penetration testing phase includes validating security controls by exploiting vulnerabilities?

a) Exploitation

b) Reconnaissance

c) Planning

d) Reporting

78 / 100

78) What does a firewall do in a network?

a) Encrypts files

b) Detects phishing emails

c) Controls incoming and outgoing network traffic

d) Protects against physical theft

79 / 100

79) What does “immutable infrastructure” mean in DevSecOps?

a) Infrastructure only on-premises

b) Infrastructure that can be modified anytime

c) Infrastructure without security

d) Infrastructure components are replaced rather than updated to reduce configuration drift

80 / 100

80) What is the main drawback of symmetric encryption?

a) Difficult to implement

b) Slow performance

c) Low accuracy

d) Key distribution problem

81 / 100

81) What is the purpose of “file carving” in digital forensics?

a) Encrypting files

b) Recovering files without file system metadata

c) Deleting corrupted files

d) Compressing files for storage

82 / 100

82) What is a “policy exception” in cybersecurity?

a) A situation where security policy cannot be followed for valid reasons

b) A type of malware

c) A firewall rule

d) An encryption method

83 / 100

83) Which cryptographic technique uses different keys for encryption and decryption?

a) Asymmetric encryption

b) Caesar cipher

c) Vigenère cipher

d) Symmetric encryption

84 / 100

84) What is the purpose of penetration testing?

a) To update software

b) To boost antivirus performance

c) To identify security vulnerabilities

d) To test network speed

85 / 100

85) What is the role of a security standard?

a) Business continuity planning

b) Incident reporting

c) Specific mandatory requirements and controls

d) General high-level principles

86 / 100

86) Which service is commonly used to automate compliance checks in cloud environments?

a) Ansible

b) AWS Config

c) Jenkins

d) GitHub

87 / 100

87) Which OWASP vulnerability involves allowing attackers to access functions or data they shouldn’t be able to?

a) Insecure Deserialization

b) Security Misconfiguration

c) Cross-Site Scripting (XSS)

d) Broken Access Control

88 / 100

88) Which one of the following is a sign of a broken authentication flaw?

a) Captcha is enabled

b) Session IDs are predictable

c) Passwords are encrypted

d) HTTPS is enforced

89 / 100

89) What is the main purpose of a Public Key Infrastructure (PKI)?

a) To monitor user behavior

b) To manage encryption keys and digital certificates

c) To manage backups

d) To scan networks

90 / 100

90) Which OWASP vulnerability occurs when the system fails to protect API endpoints properly?

a) Injection

b) Cryptographic Failures

c) API Misconfiguration

d) Broken Access Control

91 / 100

91) Which type of firewall filters traffic at the network layer?

a) Packet-filtering firewall

b) Application firewall

c) Proxy firewall

d) Stateful firewall

92 / 100

92) What is the function of a Network Access Control (NAC) system?

a) To enforce security policies on devices trying to access the network

b) To scan websites for malware

c) To backup data automatically

d) To encrypt emails

93 / 100

93) Which compliance requirement mandates breach notification within 72 hours?

a) GDPR

b) SOX

c) PCI DSS

d) HIPAA

94 / 100

94) Which of the following is used to ensure data integrity?

a) Public key

b) Symmetric key

c) Hash functions

d) Random number generator

95 / 100

95) What does IDS stand for in network security?

a) Intrusion Detection System

b) Internet Defense System

c) Integrated Defense Security

d) Internal Detection Standard

96 / 100

96) What does "sandboxing" refer to in endpoint security?

a) Encrypting files

b) Updating antivirus software

c) Deleting system files

d) Running programs in an isolated environment

97 / 100

97) Which cloud service model provides the highest level of user control over the infrastructure?

a) IaaS

b) PaaS

c) SaaS

d) FaaS

98 / 100

98) Which protocol is used to securely transfer files over the Internet?

a) Increase internet speed

b) Encrypt and secure communication over public networks

c) Download large files faster

d) Block pop-up ads

99 / 100

99) What is the purpose of a honeypot in cybersecurity?

a) To backup sensitive data

b) To speed up network traffic

c) To trap attackers and analyze their methods

d) To store encryption keys

100 / 100

100) Which OWASP category includes flaws like missing security headers and misconfigured permissions?

a) Security Misconfiguration

b) Insecure Design

c) Cryptographic Failures

d) Broken Authentication

Your score is

The average score is 85%

What You Learn in a Cybersecurity Internship

Leave a Reply Cancel reply