Cybersecurity | Assesments

A Cybersecurity internship is a great opportunity to gain hands-on experience in protecting systems, networks, and data from cyber threats. It prepares you for roles like Security Analyst, Penetration Tester, SOC Analyst, or Cybersecurity Engineer.

What You Learn in a Cybersecurity Internship

Fundamentals: CIA Triad (Confidentiality, Integrity, Availability), threat types, risk management
Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), packet sniffing
System Hardening: Securing Linux/Windows environments, patch management
Ethical Hacking: Penetration testing, vulnerability assessment, Kali Linux tools
Tools:
- Wireshark (network analysis)
- Metasploit (exploitation framework)
- Nmap (network scanner)
- Burp Suite (web security testing)
- SIEM tools (Splunk, ELK stack)
Incident Response: Monitoring alerts, responding to breaches, reporting
Compliance & Governance: GDPR, ISO 27001, HIPAA, SOC2

Important Notice:
Once you start the quiz, you will not be able to pause, exit, or restart it. Please ensure you are ready before beginning.

Cybersecurity D1

NameEmailPhone Number

1 / 44

The “C” in CIA triad stands for:

a) Communication

b) Confidentiality

c) Control

d) Compliance

2 / 44

APT stands for:

a) Application Penetration Test

b) Automatic Phishing Technique

c) Advanced Protection Technology

d) Advanced Persistent Threat

3 / 44

Installing ransomware on company servers relates to which kill chain stage?

a) Installation

b) C2

c) Reconnaissance

d) Weaponization

4 / 44

In a 2024 attack, phishing was used in which kill chain stage?

a) Delivery

b) Exploitation

c) C2

d) Installation

5 / 44

Which role involves detecting and responding to cyber incidents in real time?

a) Security analyst

b) System developer

c) Ethical hacker

d) Cloud architect

6 / 44

Encrypting customer data ensures:

a) vailability

b) Integrity

c) ll of the above

d) Confidentiality

7 / 44

Phishing attacks target primarily:

a) Network cables

b) Human behavior

c) Servers

d) Databases

8 / 44

Creating a malicious payload is part of which stage?

a) Reconnaissance

b) Weaponization

c) C2

d) Delivery

9 / 44

In 2024, LockBit ransomware affected approximately:

a) 1,000+ organizations

b) 5,000 organizations

c) 100 organizations

d) 500 organizations

10 / 44

10)

Which of these is an example of confidentiality protection?

a) Backup servers

b) Load balancers

c) Encryption

d) Hashing

11 / 44

11)

Which organization would need cybersecurity the most?

a) All of the above

b) Hospitals

c) Banks

d) E-commerce platforms

12 / 44

12)

Who benefits from ethical hacking?

a) Both organization and customers

b) Hackers only

c) None

d) Organization only

13 / 44

13)

Which of the following is a popular ethical hacking certification?

a) OSCP

b) CompTIA PenTest+

c) CEH

d) All of the above

14 / 44

14)

Data breaches in 2024 exposed how many personal records approximately?

a) 1.5 billion

b) 3.2 billion

c) 5 billion

d) 2.6 billion

15 / 44

15)

Ransomware blocking access to data affects:

a) Integrity

b) Availability

c) None

d) Confidentiality

16 / 44

16)

Malware includes:

a) Worms

b) Viruses

c) Ransomware

d) All of the above

17 / 44

17)

Which is the MOST dangerous due to persistence and sophistication?

a) Insider misuse

b) Phishing

c) Malware

d) APT

18 / 44

18)

Sending phishing emails to a target is:

a) Exploitation

b) Weaponization

c) Delivery

d) Installation

19 / 44

19)

A financial analyst's salary is often dependent on:

a) The company's stock price

b) Their level of experience and specialized knowledge

c) The number of hours they sleep

d) The amount of caffeine they consume

20 / 44

20)

The first stage of cyber kill chain is:

a) Exploitation

b) Reconnaissance

c) Weaponization

d) Delivery

21 / 44

21)

The biggest ethical rule in penetration testing is:

a) Payment

b) Number of exploits used

c) Confidentiality

d) Speed

22 / 44

22)

Which CIA principle is most affected if hospital patient records are tampered with?

a) Availability

b) All of the above

c) Integrity

d) Confidentiality

23 / 44

23)

Which of the following is NOT in the scope of cybersecurity?

a) Personal diaries

b) IoT devices

c) Websites

d) Mobile phones

24 / 44

24)

Which attack demanded $10 million in 2024 from a retail chain?

a) Insider threat

b) Ransomware

c) SQL Injection

d) DDoS attack

25 / 44

25)

Which is an insider threat example?

a) Employee selling company secrets

b) Phishing attempt on staff

c) Hackers breaching a system

d) Malware spreading via USB

26 / 44

26)

DDoS attacks primarily impact which CIA component?

a) Availability

b) Integrity

c) Confidentiality

d) None

27 / 44

27)

Confidentiality ensures that:

a) None of the above

b) Data is accurate and consistent

c) Systems are always available

d) Data is accessible only to authorized users

28 / 44

28) In 2025, how many internet users are estimated globally?

a) 7 billion

b) 5+ billion

c) 4 billion

d) 3 billion

29 / 44

29)

Integrity is violated when:

a) Hackers delete or modify records

b) Data is encrypted securely

c) Authorized users access data

d) Systems crash due to overload

30 / 44

30)

How many phishing emails are estimated to be sent daily?

a) 3 million

b) 3 billion

c) 300 million

d) 30 million

31 / 44

31)

Main objective of cybersecurity is to prevent:

a) Software updates

b) System installation delays

c) Internet connection failures

d) Unauthorized access and attacks

32 / 44

32)

Attackers establishing communication with compromised systems is:

a) Weaponization

b) Delivery

c) C2 (Command and Control)

d) Exploitation

33 / 44

33)

Example of ethical hacking is:

a) Exploiting a bank’s database without notice

b) Running malware to check defenses secretly

c) Selling data on dark web

d) Testing a login page with company’s permis

34 / 44

34)

Installing backdoors on victim systems is:

a) C2

b) Reconnaissance

c) Delivery

d) Installation

35 / 44

35) Cybersecurity primarily focuses on protecting:

a) Systems, networks, and data

b) Systems, networks, and data

c) Hardware components only

d) Hardware components only

36 / 44

36)

Phishing emails are an example of:

a) Firewall misconfiguration

b) Malware infection

c) Social engineering attack

d) Insider threat

37 / 44

37)

Ethical hacking must always be performed with:

a) Secrecy

b) Bypassing law

c) Malware tools

d) Permission

38 / 44

38)

Exploiting unpatched software vulnerabilities occurs in:

a) Exploitation

b) Actions on objectives

c) C2

d) Session

39 / 44

39)

The cyber kill chain was developed by:

a) Microsoft

b) NSA

c) Google

d) Lockheed Martin

40 / 44

40) A bank protecting customers from phishing is an example of:

a) Data mining

b) Database management

c) Social engineering

d) Cybersecurity in action

41 / 44

41)

Main role of an ethical hacker is:

a) Disable systems for testing

b) Report vulnerabilities to improve security

c) Launch real attacks

d) Exploit systems without consent

42 / 44

42)

A checksum is used to protect which principle of the CIA triad?

a) None

b) Confidentiality

c) Availability

d) Integrity

43 / 44

43)

Primary goal of malware is:

a) To monitor CPU usage

b) To update systems

c) To cause harm or steal data

d) To optimize resources

44 / 44

44)

Penetration testing is also known as:

a) Incident response

b) White-hat hacking

c) Malware analysis

d) Blue teaming

Your score is

Exit

Important Notice:
Once you start the quiz, you will not be able to pause, exit, or restart it. Please ensure you are ready before beginning.

Cybersecurity L2

1 / 100

1) What is the difference between a vulnerability scan and a penetration test?

a) There is no difference

b) Vulnerability scans fix issues; penetration tests only report them

c) Vulnerability scans identify potential weaknesses; penetration tests actively exploit them

d) Vulnerability scans are manual; penetration tests are automated

2 / 100

2) The OWASP Top 10 is updated approximately every:

a) 10 years

b) 3 years

c) 5 years

d) 2 years

3 / 100

3) Which security feature protects cloud workloads from unauthorized network access?

a) Security groups and network ACLs

b) CDNs

c) DNS servers

d) Load balancers

4 / 100

4) What does the “containment” phase focus on during incident response?

a) Reporting incidents publicly

b) Creating backups

c) Stopping the spread of an attack and limiting damage

d) Removing malware

5 / 100

5) Which tool is commonly used for log management and analysis?

a) Nessus

b) John the Ripper

c) Splunk

d) Wireshark

6 / 100

6) What is the main drawback of symmetric encryption?

a) Key distribution problem

b) Slow performance

c) Difficult to implement

d) Low accuracy

7 / 100

7) What is the main purpose of a Public Key Infrastructure (PKI)?

a) To scan networks

b) To monitor user behavior

c) To manage backups

d) To manage encryption keys and digital certificates

8 / 100

8) What does “immutable infrastructure” mean in DevSecOps?

a) Infrastructure components are replaced rather than updated to reduce configuration drift

b) Infrastructure without security

c) Infrastructure that can be modified anytime

d) Infrastructure only on-premises

9 / 100

9) Which of the following tools is used for penetration testing automation?

a) Snort

b) OpenSSL

c) Metasploit

d) Wireshark

10 / 100

10) What is the role of antivirus “heuristics”?

a) Encrypt data

b) Compress files

c) Detect previously unknown malware by behavior analysis

d) Improve graphics

11 / 100

11) Which one of these algorithms is a cryptographic hash function?

a) AES

b) DES

c) ECC

d) SHA-256

12 / 100

12) Which OWASP vulnerability involves allowing attackers to access functions or data they shouldn’t be able to?

a) Security Misconfiguration

b) Broken Access Control

c) Cross-Site Scripting (XSS)

d) Insecure Deserialization

13 / 100

13) Which penetration testing phase includes validating security controls by exploiting vulnerabilities?

a) Exploitation

b) Reporting

c) Planning

d) Reconnaissance

14 / 100

14) Which of the following prevents unauthorized access but does not detect it?

a) IDS

b) Proxy

c) IPS

d) Firewall

15 / 100

15) What is “forensic triage”?

a) Encrypting evidence

b) Prioritizing evidence collection and analysis during a security incident

c) Monitoring user activity

d) Creating backups

16 / 100

16) What is the purpose of penetration testing?

a) To update software

b) To identify security vulnerabilities

c) To test network speed

d) To boost antivirus performance

17 / 100

17) What is the purpose of a honeypot in cybersecurity?

a) To backup sensitive data

b) To store encryption keys

c) To speed up network traffic

d) To trap attackers and analyze their methods

18 / 100

18) What is the first step in the cyber kill chain model?

a) Delivery

b) Installation

c) Exploitation

d) Reconnaissance

19 / 100

19) What is the primary purpose of a firewall on an endpoint device?

a) Encrypt files

b) Speed up system startup

c) Block unauthorized network traffic

d) Manage user accounts

20 / 100

20) What does a Data Loss Prevention (DLP) system do?

a) Manages user accounts

b) Scans for vulnerabilities

c) Encrypts network traffic

d) Prevents unauthorized transmission of sensitive data outside the organization

21 / 100

21) Which one of these is considered a cyber threat?

a) Antivirus installation

b) Password creation

c) Software update

d) Ransomware

22 / 100

22) What is the role of an Endpoint Detection and Response (EDR) system?

a) To monitor and respond to threats on endpoint devices

b) To create user accounts

c) To manage firewalls

d) To encrypt databases

23 / 100

23) What is the difference between a virus and a worm?

a) Both are the same

b) Worms need user action to spread, viruses do not

c) Worms spread without user action; viruses require user action

d) Viruses replicate themselves automatically, worms do not

24 / 100

24) Which compliance requirement mandates breach notification within 72 hours?

a) PCI DSS

b) HIPAA

c) SOX

d) GDPR

25 / 100

25) Why is “documentation” crucial during incident response and digital forensics?

a) To create marketing reports

b) To speed up recovery

c) To encrypt data

d) To comply with regulations and maintain evidence integrity

26 / 100

26) Question

27 / 100

27) Which tool is primarily used for password cracking?

a) Wireshark

b) John the Ripper

c) Nessus

d) Burp Suite

28 / 100

28) Which cryptographic technique uses different keys for encryption and decryption?

a) Symmetric encryption

b) Caesar cipher

c) Vigenère cipher

d) Asymmetric encryption

29 / 100

29) Which OWASP category includes flaws like missing security headers and misconfigured permissions?

a) Insecure Design

b) Broken Authentication

c) Security Misconfiguration

d) Cryptographic Failures

30 / 100

30) What is the role of “post-exploitation” in penetration testing?

a) Maintaining access and escalating privileges after gaining entry

b) Cleaning up system logs

c) Initial information gathering

d) Reporting vulnerabilities

31 / 100

31) What does “timeline analysis” refer to in digital forensics?

a) Monitoring network speed

b) Scheduling backups

c) Encrypting logs

d) Constructing a chronological sequence of events during an incident

32 / 100

32) Which standard provides guidelines for IT governance and management?

a) PCI DSS

b) COBIT

c) ISO 27001

d) HIPAA

33 / 100

33) Which vulnerability involves the attacker forcing a logged-in user to perform unwanted actions?

a) CSRF (Cross-Site Request Forgery)

b) Insecure Design

c) Broken Authentication

d) XSS

34 / 100

34) Which of the following is an example of social engineering?

a) Phishing email asking for login info

b) SQL injection

c) Password brute-force

d) Malware installation through USB

35 / 100

35) What is the first step in creating an incident response plan?

a) Eradication of threats

b) Containment strategy

c) Recovery and lessons learned

d) Preparation and policy development

36 / 100

36) Which digital forensic tool can analyze Windows registry files?

a) RegRipper

b) Snort

c) Autopsy

d) Nmap

37 / 100

37) Which type of firewall filters traffic at the network layer?

a) Packet-filtering firewall

b) Stateful firewall

c) Proxy firewall

d) Application firewall

38 / 100

38) What is a “pivot” in penetration testing?

a) Using a compromised system to attack other systems within the network

b) Switching to a new target after the first fails

c) Performing a denial-of-service attack

d) Encrypting data

39 / 100

39) What does “least privilege” mean in access control?

a) Users have full administrative rights

b) Users have no access

c) Users have the minimum access necessary for their job

d) Users can access all files

40 / 100

40) Which process involves verifying the identity of a user or system?

a) Authentication

b) Auditing

c) Authorization

d) Encryption

41 / 100

41) Which service is commonly used to automate compliance checks in cloud environments?

a) Jenkins

b) Ansible

c) AWS Config

d) GitHub

42 / 100

42) Which cloud service model provides the highest level of user control over the infrastructure?

a) SaaS

b) IaaS

c) FaaS

d) PaaS

43 / 100

43) Which type of evidence is considered volatile?

a) Printed documents

b) RAM contents

c) Hard drive data

d) Archived emails

44 / 100

44) What is the purpose of “file carving” in digital forensics?

a) Recovering files without file system metadata

b) Deleting corrupted files

c) Encrypting files

d) Compressing files for storage

45 / 100

45) What is the role of a security standard?

a) Business continuity planning

b) Incident reporting

c) Specific mandatory requirements and controls

d) General high-level principles

46 / 100

46) Which cybersecurity principle ensures that data is not modified by unauthorized users?

a) Integrity

b) Reliability

c) Availability

d) Confidentiality

47 / 100

47) What does the “principle of least privilege” help prevent?

a) XSS

b) Excessive access and privilege abuse

c) Security Misconfiguration

d) SQL injection

48 / 100

48) What is the best defense against SQL Injection attacks?

a) Using MD5 for passwords

b) Disabling cookies

c) Disabling JavaScript

d) Parameterized queries (Prepared Statements)

49 / 100

49) What type of security policy defines how an organization responds to security incidents?

a) Password policy

b) Acceptable use policy

c) Data classification policy

d) Incident response policy

50 / 100

50) Which legal document often grants permission to perform penetration testing?

a) Terms of Service

b) NDA (Non-Disclosure Agreement)

c) Rules of Engagement

d) Privacy Policy

51 / 100

51) What does the term 'cybersecurity' mean?

a) Increasing internet speed

b) Protecting computer systems from digital threats

c) Protecting websites only

d) Protecting websites only

52 / 100

52) What is the purpose of a digital certificate in cryptography?

a) Encrypt data

b) Store cookies

c) Verify identity

d) Create random keys

53 / 100

53) What is a zero-day vulnerability?

a) A newly discovered flaw not yet fixed

b) A type of password attack

c) A vulnerability already patched

d) A vulnerability that has no security risk

54 / 100

54) What is the function of a Network Access Control (NAC) system?

a) To enforce security policies on devices trying to access the network

b) To encrypt emails

c) To scan websites for malware

d) To backup data automatically

55 / 100

55) Which DevSecOps tool is used for static application security testing (SAST)?

a) Docker

b) Kubernetes

c) SonarQube

d) Terraform

56 / 100

56) Which system service in Windows is responsible for managing security policies?

a) Device Manager

b) Local Security Authority Subsystem Service (LSASS)

c) Task Scheduler

d) Disk Cleanup

57 / 100

57) What is “container orchestration” and which tool is most popular for it?

a) Building containers; Jenkins

b) Managing multiple containers; Kubernetes

c) Scanning containers; Trivy

d) Encrypting containers; Docker

58 / 100

58) What is a brute force attack in cryptography?

a) Social engineering technique

b) Trying all possible key combinations

c) Guessing keys using dictionary words

d) Breaking encryption using software bugs

59 / 100

59) A ______ is an attack where the attacker tricks users into clicking malicious links.

a) Proxy attack

b) Firewall breach

c) Phishing attack

d) Antivirus check

60 / 100

60) Which protocol uses cryptographic methods to secure web communication?

a) SMTP

b) HTTPS

c) FTP

d) HTTP

61 / 100

61) Which of the following is an example of asymmetric key encryption?

a) RSA

b) Blowfish

c) AES

d) DES

62 / 100

62) What does a firewall do in a network?

a) Controls incoming and outgoing network traffic

b) Protects against physical theft

c) Detects phishing emails

d) Encrypts files

63 / 100

63) Which protocol is used to securely transfer files over the Internet?

a) SFTP

b) FTP

c) POP3

d) HTTP

64 / 100

64) What is the purpose of a “security baseline” in cloud environments?

a) To back up cloud data

b) To increase network speed

c) To manage user accounts

d) To define a minimum set of security controls required for cloud resources

65 / 100

65) What is the main focus of the Sarbanes-Oxley Act (SOX) in relation to cybersecurity?

a) Financial reporting and internal controls

b) Encryption standards

c) Cloud security policies

d) Protect healthcare data

66 / 100

66) Which organization publishes the NIST Cybersecurity Framework?

a) National Institute of Standards and Technology

b) International Organization for Standardization

c) European Union Agency for Cybersecurity

d) Payment Card Industry Security Standards Council

67 / 100

67) What does the “principle of defense in depth” advocate in cloud security?

a) Using only firewalls

b) Ignoring security updates

c) Multiple layers of security controls to protect assets

d) Single-layer security measures

68 / 100

68) Which encryption technique splits data into fixed-size blocks for processing?

a) Hash function

b) Stream cipher

c) Block cipher

d) One-time pad

69 / 100

69) In the OWASP Top 10, what does A07:2021 refer to?

a) Identification and Authentication Failures

b) Cryptographic Failures

c) Injection

d) Software and Data Integrity Failures

70 / 100

70) Which Linux tool helps detect rootkits on a system?

a) Nmap

b) Wireshark

c) Grep

d) Tripwire

71 / 100

71) Which of these protocols operates over port 443?

a) HTTP

b) SMTP

c) FTP

d) HTTPS

72 / 100

72) Which tool is used to exploit known vulnerabilities and automate attacks?

a) Metasploit

b) John the Ripper

c) Nmap

d) Wireshark

73 / 100

73) What is the primary function of SELinux?

a) Enhance GUI design

b) Increase network bandwidth

c) Provide mandatory access control on Linux systems

d) Backup files automatically

74 / 100

74) What does the term “key length” influence in encryption?

a) Level of security

b) Encryption speed

c) Storage format

d) Power consumption

75 / 100

75) Which of the following helps mitigate sensitive data exposure?

a) JSON formatting

b) Strong encryption (e.g., AES)

c) Session cookies

d) CDN caching

76 / 100

76) Which one of the following is a sign of a broken authentication flaw?

a) Session IDs are predictable

b) Passwords are encrypted

c) Captcha is enabled

d) HTTPS is enforced

77 / 100

77) Which organization primarily develops standards for cybersecurity in the U.S.?

a) UNICEF

b) UNESCO

c) NIST

d) WHO

78 / 100

78) What does "sandboxing" refer to in endpoint security?

a) Running programs in an isolated environment

b) Updating antivirus software

c) Encrypting files

d) Deleting system files

79 / 100

79) Which security technology helps protect against Distributed Denial of Service (DDoS) attacks?

a) Firewall

b) IDS

c) DDoS mitigation services

d) VPN

80 / 100

80) What is the function of the tool “Snort”?

a) Encryption software

b) Password manager

c) Antivirus software

d) Network intrusion detection system

81 / 100

81) Which of the following is used to ensure data integrity?

a) Random number generator

b) Public key

c) Symmetric key

d) Hash functions

82 / 100

82) Which of the following is an example of a passive reconnaissance technique?

a) Exploiting a vulnerability

b) Scanning open ports

c) Running brute force attacks

d) Monitoring social media profiles

83 / 100

83) What does “data carving” help recover?

a) User credentials

b) Encrypted files only

c) Deleted or fragmented files from raw data

d) Network traffic

84 / 100

84) What is “secrets management” in cloud security?

a) Blocking network traffic

b) Encrypting user emails

c) Managing confidential information such as API keys and passwords securely

d) User authentication

85 / 100

85) What is the key benefit of using containers in DevSecOps?

a) Manual configuration only

b) Slower deployment

c) Increased application portability and consistency across environments

d) Reduced security

86 / 100

86) What is a “policy exception” in cybersecurity?

a) A firewall rule

b) A situation where security policy cannot be followed for valid reasons

c) An encryption method

d) A type of malware

87 / 100

87) What is a “buffer overflow” attack?

a) Intercepting network traffic

b) Overloading memory buffer to execute malicious code

c) Stealing credentials

d) Encrypting files for ransom

88 / 100

88) Which OWASP vulnerability occurs when the system fails to protect API endpoints properly?

a) API Misconfiguration

b) Broken Access Control

c) Cryptographic Failures

d) Injection

89 / 100

89) What is the primary goal of a disaster recovery plan?

a) Encrypt data at rest

b) Prevent security breaches

c) Restore critical business functions after an incident

d) Monitor network traffic

90 / 100

90) Which tool is widely used for network traffic analysis during incident investigations?

a) John the Ripper

b) Burp Suite

c) Wireshark

d) Nessus

91 / 100

91) Which of the following is a layer 2 device in the OSI model?

a) Switch

b) Router

c) Server

d) Firewall

92 / 100

92) What does IDS stand for in network security?

a) Internet Defense System

b) Internal Detection Standard

c) Integrated Defense Security

d) Intrusion Detection System

93 / 100

93) Which Windows feature isolates programs to prevent them from affecting the OS?

a) System Restore

b) Windows Sandbox

c) Task Manager

d) Event Viewer

94 / 100

94) What kind of attack involves exploiting unpatched software vulnerabilities?

a) DDoS attack

b) Zero-day attack

c) Phishing

d) SQL Injection

95 / 100

95) Which protocol is used to securely transfer files over the Internet?

a) Encrypt and secure communication over public networks

b) Increase internet speed

c) Block pop-up ads

d) Download large files faster

96 / 100

96) What does the term “red team” refer to in cybersecurity?

a) Ethical hackers simulating attackers to test defenses

b) Security auditors who enforce policies

c) IT helpdesk staff

d) Malware developers

97 / 100

97) Which of the following is a network layer attack?

a) Smurf Attack

b) SQL injection

c) Keylogging

d) XSS

98 / 100

98) What is “footprinting” in ethical hacking?

a) Erasing logs to hide activity

b) Exploiting vulnerabilities

c) Writing malware

d) Collecting information about a target system or network

99 / 100

99) What is a “data retention policy”?

a) Policy on how long data is stored and when it should be deleted

b) Policy on user access management

c) Policy on physical security

d) Policy on software updates

100 / 100

100) Which device is used to segment a network and reduce traffic?

a) Modem

b) Repeater

c) Switch

d) Hub

Your score is

The average score is 71%

What You Learn in a Cybersecurity Internship

Leave a Reply Cancel reply