Cybersecurity | Assesments

A Cybersecurity internship is a great opportunity to gain hands-on experience in protecting systems, networks, and data from cyber threats. It prepares you for roles like Security Analyst, Penetration Tester, SOC Analyst, or Cybersecurity Engineer.

What You Learn in a Cybersecurity Internship

Fundamentals: CIA Triad (Confidentiality, Integrity, Availability), threat types, risk management
Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), packet sniffing
System Hardening: Securing Linux/Windows environments, patch management
Ethical Hacking: Penetration testing, vulnerability assessment, Kali Linux tools
Tools:
- Wireshark (network analysis)
- Metasploit (exploitation framework)
- Nmap (network scanner)
- Burp Suite (web security testing)
- SIEM tools (Splunk, ELK stack)
Incident Response: Monitoring alerts, responding to breaches, reporting
Compliance & Governance: GDPR, ISO 27001, HIPAA, SOC2

Important Notice:
Once you start the quiz, you will not be able to pause, exit, or restart it. Please ensure you are ready before beginning.

Cybersecurity D1

NameEmailPhone Number

1 / 44

Main objective of cybersecurity is to prevent:

a) Unauthorized access and attacks

b) Software updates

c) Internet connection failures

d) System installation delays

2 / 44

Which CIA principle is most affected if hospital patient records are tampered with?

a) All of the above

b) Confidentiality

c) Integrity

d) Availability

3 / 44

Sending phishing emails to a target is:

a) Weaponization

b) Exploitation

c) Installation

d) Delivery

4 / 44

Attackers establishing communication with compromised systems is:

a) Exploitation

b) Weaponization

c) C2 (Command and Control)

d) Delivery

5 / 44

Which organization would need cybersecurity the most?

a) Hospitals

b) E-commerce platforms

c) Banks

d) All of the above

6 / 44

Which of the following is NOT in the scope of cybersecurity?

a) Personal diaries

b) IoT devices

c) Mobile phones

d) Websites

7 / 44

Confidentiality ensures that:

a) Data is accessible only to authorized users

b) Data is accurate and consistent

c) Systems are always available

d) None of the above

8 / 44

Ransomware blocking access to data affects:

a) Availability

b) Integrity

c) None

d) Confidentiality

9 / 44

Encrypting customer data ensures:

a) Integrity

b) Confidentiality

c) ll of the above

d) vailability

10 / 44

10)

In 2024, LockBit ransomware affected approximately:

a) 1,000+ organizations

b) 5,000 organizations

c) 500 organizations

d) 100 organizations

11 / 44

11)

Main role of an ethical hacker is:

a) Launch real attacks

b) Report vulnerabilities to improve security

c) Disable systems for testing

d) Exploit systems without consent

12 / 44

12)

DDoS attacks primarily impact which CIA component?

a) None

b) Availability

c) Confidentiality

d) Integrity

13 / 44

13)

The biggest ethical rule in penetration testing is:

a) Payment

b) Speed

c) Number of exploits used

d) Confidentiality

14 / 44

14)

How many phishing emails are estimated to be sent daily?

a) 3 billion

b) 30 million

c) 300 million

d) 3 million

15 / 44

15)

In a 2024 attack, phishing was used in which kill chain stage?

a) Exploitation

b) C2

c) Installation

d) Delivery

16 / 44

16)

The cyber kill chain was developed by:

a) Microsoft

b) Lockheed Martin

c) NSA

d) Google

17 / 44

17)

Creating a malicious payload is part of which stage?

a) Weaponization

b) C2

c) Reconnaissance

d) Delivery

18 / 44

18)

Installing backdoors on victim systems is:

a) Reconnaissance

b) Installation

c) C2

d) Delivery

19 / 44

19)

Phishing emails are an example of:

a) Insider threat

b) Malware infection

c) Firewall misconfiguration

d) Social engineering attack

20 / 44

20)

The “C” in CIA triad stands for:

a) Confidentiality

b) Compliance

c) Control

d) Communication

21 / 44

21) A bank protecting customers from phishing is an example of:

a) Data mining

b) Social engineering

c) Database management

d) Cybersecurity in action

22 / 44

22)

Integrity is violated when:

a) Data is encrypted securely

b) Authorized users access data

c) Hackers delete or modify records

d) Systems crash due to overload

23 / 44

23) In 2025, how many internet users are estimated globally?

a) 7 billion

b) 4 billion

c) 5+ billion

d) 3 billion

24 / 44

24)

The first stage of cyber kill chain is:

a) Reconnaissance

b) Weaponization

c) Exploitation

d) Delivery

25 / 44

25)

Data breaches in 2024 exposed how many personal records approximately?

a) 3.2 billion

b) 5 billion

c) 1.5 billion

d) 2.6 billion

26 / 44

26) Cybersecurity primarily focuses on protecting:

a) Hardware components only

b) Systems, networks, and data

c) Systems, networks, and data

d) Hardware components only

27 / 44

27)

Which of the following is a popular ethical hacking certification?

a) All of the above

b) OSCP

c) CEH

d) CompTIA PenTest+

28 / 44

28)

A checksum is used to protect which principle of the CIA triad?

a) Confidentiality

b) None

c) Availability

d) Integrity

29 / 44

29)

Who benefits from ethical hacking?

a) None

b) Organization only

c) Both organization and customers

d) Hackers only

30 / 44

30)

Malware includes:

a) Viruses

b) Ransomware

c) All of the above

d) Worms

31 / 44

31)

APT stands for:

a) Advanced Persistent Threat

b) Automatic Phishing Technique

c) Application Penetration Test

d) Advanced Protection Technology

32 / 44

32)

Which role involves detecting and responding to cyber incidents in real time?

a) Cloud architect

b) Ethical hacker

c) System developer

d) Security analyst

33 / 44

33)

Primary goal of malware is:

a) To cause harm or steal data

b) To monitor CPU usage

c) To update systems

d) To optimize resources

34 / 44

34)

Which attack demanded $10 million in 2024 from a retail chain?

a) DDoS attack

b) Insider threat

c) SQL Injection

d) Ransomware

35 / 44

35)

Exploiting unpatched software vulnerabilities occurs in:

a) Session

b) C2

c) Actions on objectives

d) Exploitation

36 / 44

36)

Phishing attacks target primarily:

a) Databases

b) Servers

c) Network cables

d) Human behavior

37 / 44

37)

Penetration testing is also known as:

a) Malware analysis

b) Blue teaming

c) White-hat hacking

d) Incident response

38 / 44

38)

Ethical hacking must always be performed with:

a) Secrecy

b) Malware tools

c) Bypassing law

d) Permission

39 / 44

39)

Example of ethical hacking is:

a) Running malware to check defenses secretly

b) Exploiting a bank’s database without notice

c) Testing a login page with company’s permis

d) Selling data on dark web

40 / 44

40)

Which is an insider threat example?

a) Hackers breaching a system

b) Phishing attempt on staff

c) Employee selling company secrets

d) Malware spreading via USB

41 / 44

41)

Which of these is an example of confidentiality protection?

a) Load balancers

b) Hashing

c) Encryption

d) Backup servers

42 / 44

42)

Which is the MOST dangerous due to persistence and sophistication?

a) Malware

b) Insider misuse

c) Phishing

d) APT

43 / 44

43)

A financial analyst's salary is often dependent on:

a) The amount of caffeine they consume

b) The company's stock price

c) The number of hours they sleep

d) Their level of experience and specialized knowledge

44 / 44

44)

Installing ransomware on company servers relates to which kill chain stage?

a) C2

b) Weaponization

c) Installation

d) Reconnaissance

Your score is

Exit

Important Notice:
Once you start the quiz, you will not be able to pause, exit, or restart it. Please ensure you are ready before beginning.

Cybersecurity L2

1 / 100

1) What is “container orchestration” and which tool is most popular for it?

a) Scanning containers; Trivy

b) Encrypting containers; Docker

c) Managing multiple containers; Kubernetes

d) Building containers; Jenkins

2 / 100

2) What is the primary goal of a disaster recovery plan?

a) Restore critical business functions after an incident

b) Monitor network traffic

c) Encrypt data at rest

d) Prevent security breaches

3 / 100

3) What is a zero-day vulnerability?

a) A type of password attack

b) A vulnerability already patched

c) A vulnerability that has no security risk

d) A newly discovered flaw not yet fixed

4 / 100

4) Which system service in Windows is responsible for managing security policies?

a) Task Scheduler

b) Device Manager

c) Local Security Authority Subsystem Service (LSASS)

d) Disk Cleanup

5 / 100

5) Which of the following is a network layer attack?

a) Keylogging

b) SQL injection

c) Smurf Attack

d) XSS

6 / 100

6) Which protocol uses cryptographic methods to secure web communication?

a) HTTP

b) SMTP

c) FTP

d) HTTPS

7 / 100

7) What does the term 'cybersecurity' mean?

a) Protecting computer systems from digital threats

b) Protecting websites only

c) Increasing internet speed

d) Protecting websites only

8 / 100

8) What does the “principle of defense in depth” advocate in cloud security?

a) Ignoring security updates

b) Using only firewalls

c) Multiple layers of security controls to protect assets

d) Single-layer security measures

9 / 100

9) What does “data carving” help recover?

a) Network traffic

b) Deleted or fragmented files from raw data

c) User credentials

d) Encrypted files only

10 / 100

10) What does “immutable infrastructure” mean in DevSecOps?

a) Infrastructure only on-premises

b) Infrastructure without security

c) Infrastructure that can be modified anytime

d) Infrastructure components are replaced rather than updated to reduce configuration drift

11 / 100

11) Which organization publishes the NIST Cybersecurity Framework?

a) International Organization for Standardization

b) National Institute of Standards and Technology

c) European Union Agency for Cybersecurity

d) Payment Card Industry Security Standards Council

12 / 100

12) What is “secrets management” in cloud security?

a) Encrypting user emails

b) Managing confidential information such as API keys and passwords securely

c) Blocking network traffic

d) User authentication

13 / 100

13) Which protocol is used to securely transfer files over the Internet?

a) Increase internet speed

b) Download large files faster

c) Encrypt and secure communication over public networks

d) Block pop-up ads

14 / 100

14) Which of the following tools is used for penetration testing automation?

a) OpenSSL

b) Wireshark

c) Snort

d) Metasploit

15 / 100

15) What is the best defense against SQL Injection attacks?

a) Using MD5 for passwords

b) Disabling cookies

c) Parameterized queries (Prepared Statements)

d) Disabling JavaScript

16 / 100

16) What is the role of “post-exploitation” in penetration testing?

a) Cleaning up system logs

b) Initial information gathering

c) Maintaining access and escalating privileges after gaining entry

d) Reporting vulnerabilities

17 / 100

17) Which encryption technique splits data into fixed-size blocks for processing?

a) Hash function

b) Block cipher

c) One-time pad

d) Stream cipher

18 / 100

18) What is the role of an Endpoint Detection and Response (EDR) system?

a) To manage firewalls

b) To encrypt databases

c) To create user accounts

d) To monitor and respond to threats on endpoint devices

19 / 100

19) What is the first step in creating an incident response plan?

a) Containment strategy

b) Eradication of threats

c) Preparation and policy development

d) Recovery and lessons learned

20 / 100

20) What does the term “red team” refer to in cybersecurity?

a) IT helpdesk staff

b) Malware developers

c) Ethical hackers simulating attackers to test defenses

d) Security auditors who enforce policies

21 / 100

21) What is the primary function of SELinux?

a) Increase network bandwidth

b) Enhance GUI design

c) Backup files automatically

d) Provide mandatory access control on Linux systems

22 / 100

22) What is the purpose of a “security baseline” in cloud environments?

a) To manage user accounts

b) To increase network speed

c) To define a minimum set of security controls required for cloud resources

d) To back up cloud data

23 / 100

23) Which of the following is an example of social engineering?

a) Phishing email asking for login info

b) Password brute-force

c) SQL injection

d) Malware installation through USB

24 / 100

24) The OWASP Top 10 is updated approximately every:

a) 10 years

b) 5 years

c) 3 years

d) 2 years

25 / 100

25) What is the difference between a vulnerability scan and a penetration test?

a) Vulnerability scans identify potential weaknesses; penetration tests actively exploit them

b) There is no difference

c) Vulnerability scans fix issues; penetration tests only report them

d) Vulnerability scans are manual; penetration tests are automated

26 / 100

26) Which cybersecurity principle ensures that data is not modified by unauthorized users?

a) Confidentiality

b) Availability

c) Reliability

d) Integrity

27 / 100

27) What is the function of the tool “Snort”?

a) Network intrusion detection system

b) Encryption software

c) Password manager

d) Antivirus software

28 / 100

28) Which type of firewall filters traffic at the network layer?

a) Application firewall

b) Stateful firewall

c) Packet-filtering firewall

d) Proxy firewall

29 / 100

29) Which one of the following is a sign of a broken authentication flaw?

a) Captcha is enabled

b) HTTPS is enforced

c) Passwords are encrypted

d) Session IDs are predictable

30 / 100

30) What is a brute force attack in cryptography?

a) Social engineering technique

b) Breaking encryption using software bugs

c) Guessing keys using dictionary words

d) Trying all possible key combinations

31 / 100

31) Which vulnerability involves the attacker forcing a logged-in user to perform unwanted actions?

a) Broken Authentication

b) CSRF (Cross-Site Request Forgery)

c) Insecure Design

d) XSS

32 / 100

32) Which security technology helps protect against Distributed Denial of Service (DDoS) attacks?

a) IDS

b) DDoS mitigation services

c) Firewall

d) VPN

33 / 100

33) What does the term “key length” influence in encryption?

a) Power consumption

b) Encryption speed

c) Level of security

d) Storage format

34 / 100

34) Which tool is widely used for network traffic analysis during incident investigations?

a) Nessus

b) John the Ripper

c) Burp Suite

d) Wireshark

35 / 100

35) What is the primary purpose of a firewall on an endpoint device?

a) Manage user accounts

b) Encrypt files

c) Speed up system startup

d) Block unauthorized network traffic

36 / 100

36) What is the purpose of a honeypot in cybersecurity?

a) To store encryption keys

b) To backup sensitive data

c) To trap attackers and analyze their methods

d) To speed up network traffic

37 / 100

37) Which Windows feature isolates programs to prevent them from affecting the OS?

a) Task Manager

b) System Restore

c) Event Viewer

d) Windows Sandbox

38 / 100

38) What type of security policy defines how an organization responds to security incidents?

a) Incident response policy

b) Acceptable use policy

c) Data classification policy

d) Password policy

39 / 100

39) Which of the following is an example of asymmetric key encryption?

a) RSA

b) AES

c) Blowfish

d) DES

40 / 100

40) Why is “documentation” crucial during incident response and digital forensics?

a) To create marketing reports

b) To encrypt data

c) To speed up recovery

d) To comply with regulations and maintain evidence integrity

41 / 100

41) Which of the following is an example of a passive reconnaissance technique?

a) Running brute force attacks

b) Exploiting a vulnerability

c) Scanning open ports

d) Monitoring social media profiles

42 / 100

42) A ______ is an attack where the attacker tricks users into clicking malicious links.

a) Proxy attack

b) Phishing attack

c) Firewall breach

d) Antivirus check

43 / 100

43) Which Linux tool helps detect rootkits on a system?

a) Tripwire

b) Grep

c) Wireshark

d) Nmap

44 / 100

44) Which type of evidence is considered volatile?

a) Archived emails

b) Printed documents

c) Hard drive data

d) RAM contents

45 / 100

45) Which tool is commonly used for log management and analysis?

a) Wireshark

b) John the Ripper

c) Nessus

d) Splunk

46 / 100

46) What does IDS stand for in network security?

a) Internal Detection Standard

b) Integrated Defense Security

c) Intrusion Detection System

d) Internet Defense System

47 / 100

47) What is the first step in the cyber kill chain model?

a) Reconnaissance

b) Delivery

c) Exploitation

d) Installation

48 / 100

48) What is the purpose of penetration testing?

a) To test network speed

b) To update software

c) To boost antivirus performance

d) To identify security vulnerabilities

49 / 100

49) Which penetration testing phase includes validating security controls by exploiting vulnerabilities?

a) Reporting

b) Exploitation

c) Reconnaissance

d) Planning

50 / 100

50) Which protocol is used to securely transfer files over the Internet?

a) FTP

b) HTTP

c) POP3

d) SFTP

51 / 100

51) What is the purpose of a digital certificate in cryptography?

a) Create random keys

b) Store cookies

c) Encrypt data

d) Verify identity

52 / 100

52) What does a firewall do in a network?

a) Protects against physical theft

b) Controls incoming and outgoing network traffic

c) Detects phishing emails

d) Encrypts files

53 / 100

53) What is the main purpose of a Public Key Infrastructure (PKI)?

a) To manage encryption keys and digital certificates

b) To manage backups

c) To monitor user behavior

d) To scan networks

54 / 100

54) What is “footprinting” in ethical hacking?

a) Writing malware

b) Exploiting vulnerabilities

c) Collecting information about a target system or network

d) Erasing logs to hide activity

55 / 100

55) Which compliance requirement mandates breach notification within 72 hours?

a) SOX

b) HIPAA

c) PCI DSS

d) GDPR

56 / 100

56) Which service is commonly used to automate compliance checks in cloud environments?

a) AWS Config

b) Ansible

c) GitHub

d) Jenkins

57 / 100

57) What does “timeline analysis” refer to in digital forensics?

a) Monitoring network speed

b) Constructing a chronological sequence of events during an incident

c) Encrypting logs

d) Scheduling backups

58 / 100

58) What is a “pivot” in penetration testing?

a) Encrypting data

b) Using a compromised system to attack other systems within the network

c) Performing a denial-of-service attack

d) Switching to a new target after the first fails

59 / 100

59) Which of the following is a layer 2 device in the OSI model?

a) Router

b) Switch

c) Firewall

d) Server

60 / 100

60) Which cryptographic technique uses different keys for encryption and decryption?

a) Caesar cipher

b) Vigenère cipher

c) Asymmetric encryption

d) Symmetric encryption

61 / 100

61) What does the “containment” phase focus on during incident response?

a) Removing malware

b) Creating backups

c) Reporting incidents publicly

d) Stopping the spread of an attack and limiting damage

62 / 100

62) Which one of these is considered a cyber threat?

a) Ransomware

b) Software update

c) Password creation

d) Antivirus installation

63 / 100

63) What is a “buffer overflow” attack?

a) Intercepting network traffic

b) Encrypting files for ransom

c) Overloading memory buffer to execute malicious code

d) Stealing credentials

64 / 100

64) What does a Data Loss Prevention (DLP) system do?

a) Scans for vulnerabilities

b) Manages user accounts

c) Encrypts network traffic

d) Prevents unauthorized transmission of sensitive data outside the organization

65 / 100

65) What does the “principle of least privilege” help prevent?

a) Security Misconfiguration

b) Excessive access and privilege abuse

c) SQL injection

d) XSS

66 / 100

66) Which legal document often grants permission to perform penetration testing?

a) Rules of Engagement

b) Terms of Service

c) Privacy Policy

d) NDA (Non-Disclosure Agreement)

67 / 100

67) What is the role of a security standard?

a) General high-level principles

b) Incident reporting

c) Business continuity planning

d) Specific mandatory requirements and controls

68 / 100

68) Which tool is used to exploit known vulnerabilities and automate attacks?

a) Nmap

b) Metasploit

c) Wireshark

d) John the Ripper

69 / 100

69) Which of the following helps mitigate sensitive data exposure?

a) JSON formatting

b) Session cookies

c) CDN caching

d) Strong encryption (e.g., AES)

70 / 100

70) Which OWASP vulnerability occurs when the system fails to protect API endpoints properly?

a) Broken Access Control

b) Cryptographic Failures

c) Injection

d) API Misconfiguration

71 / 100

71) Which process involves verifying the identity of a user or system?

a) Encryption

b) Authentication

c) Auditing

d) Authorization

72 / 100

72) Which security feature protects cloud workloads from unauthorized network access?

a) Security groups and network ACLs

b) Load balancers

c) CDNs

d) DNS servers

73 / 100

73) What is “forensic triage”?

a) Encrypting evidence

b) Creating backups

c) Prioritizing evidence collection and analysis during a security incident

d) Monitoring user activity

74 / 100

74) Which of the following prevents unauthorized access but does not detect it?

a) Proxy

b) Firewall

c) IDS

d) IPS

75 / 100

75) Which standard provides guidelines for IT governance and management?

a) PCI DSS

b) HIPAA

c) ISO 27001

d) COBIT

76 / 100

76) What is the main drawback of symmetric encryption?

a) Key distribution problem

b) Difficult to implement

c) Slow performance

d) Low accuracy

77 / 100

77) What is the purpose of “file carving” in digital forensics?

a) Recovering files without file system metadata

b) Deleting corrupted files

c) Encrypting files

d) Compressing files for storage

78 / 100

78) What is the function of a Network Access Control (NAC) system?

a) To scan websites for malware

b) To enforce security policies on devices trying to access the network

c) To encrypt emails

d) To backup data automatically

79 / 100

79) What does "sandboxing" refer to in endpoint security?

a) Encrypting files

b) Deleting system files

c) Running programs in an isolated environment

d) Updating antivirus software

80 / 100

80) Which DevSecOps tool is used for static application security testing (SAST)?

a) Docker

b) Terraform

c) SonarQube

d) Kubernetes

81 / 100

81) Which OWASP vulnerability involves allowing attackers to access functions or data they shouldn’t be able to?

a) Broken Access Control

b) Security Misconfiguration

c) Insecure Deserialization

d) Cross-Site Scripting (XSS)

82 / 100

82) Which tool is primarily used for password cracking?

a) Burp Suite

b) John the Ripper

c) Nessus

d) Wireshark

83 / 100

83) Which cloud service model provides the highest level of user control over the infrastructure?

a) FaaS

b) SaaS

c) IaaS

d) PaaS

84 / 100

84) Which one of these algorithms is a cryptographic hash function?

a) SHA-256

b) AES

c) DES

d) ECC

85 / 100

85) What kind of attack involves exploiting unpatched software vulnerabilities?

a) Phishing

b) Zero-day attack

c) DDoS attack

d) SQL Injection

86 / 100

86) In the OWASP Top 10, what does A07:2021 refer to?

a) Identification and Authentication Failures

b) Injection

c) Cryptographic Failures

d) Software and Data Integrity Failures

87 / 100

87) Which OWASP category includes flaws like missing security headers and misconfigured permissions?

a) Security Misconfiguration

b) Cryptographic Failures

c) Insecure Design

d) Broken Authentication

88 / 100

88) What does “least privilege” mean in access control?

a) Users have no access

b) Users have full administrative rights

c) Users can access all files

d) Users have the minimum access necessary for their job

89 / 100

89) Which digital forensic tool can analyze Windows registry files?

a) Nmap

b) Autopsy

c) Snort

d) RegRipper

90 / 100

90) Which device is used to segment a network and reduce traffic?

a) Hub

b) Switch

c) Modem

d) Repeater

91 / 100

91) Which of these protocols operates over port 443?

a) FTP

b) HTTPS

c) HTTP

d) SMTP

92 / 100

92) What is a “data retention policy”?

a) Policy on how long data is stored and when it should be deleted

b) Policy on physical security

c) Policy on software updates

d) Policy on user access management

93 / 100

93) Question

94 / 100

94) What is a “policy exception” in cybersecurity?

a) An encryption method

b) A situation where security policy cannot be followed for valid reasons

c) A firewall rule

d) A type of malware

95 / 100

95) What is the role of antivirus “heuristics”?

a) Improve graphics

b) Detect previously unknown malware by behavior analysis

c) Compress files

d) Encrypt data

96 / 100

96) Which organization primarily develops standards for cybersecurity in the U.S.?

a) WHO

b) NIST

c) UNICEF

d) UNESCO

97 / 100

97) What is the difference between a virus and a worm?

a) Worms spread without user action; viruses require user action

b) Viruses replicate themselves automatically, worms do not

c) Both are the same

d) Worms need user action to spread, viruses do not

98 / 100

98) What is the main focus of the Sarbanes-Oxley Act (SOX) in relation to cybersecurity?

a) Financial reporting and internal controls

b) Encryption standards

c) Cloud security policies

d) Protect healthcare data

99 / 100

99) What is the key benefit of using containers in DevSecOps?

a) Increased application portability and consistency across environments

b) Reduced security

c) Slower deployment

d) Manual configuration only

100 / 100

100) Which of the following is used to ensure data integrity?

a) Random number generator

b) Public key

c) Hash functions

d) Symmetric key

Your score is

The average score is 71%

What You Learn in a Cybersecurity Internship

Leave a Reply Cancel reply