20 Cyber Threats Quiz Questions and Answers

Question 1:
What is phishing?
A. A type of malware that spreads through networks
B. An attempt to obtain sensitive information by disguising as a trustworthy entity
C. A denial-of-service attack that floods a server
D. Encrypting data and demanding ransom
Correct Answer: B
Explanation: Phishing is a social engineering attack where attackers deceive individuals into providing confidential information, such as passwords or credit card numbers, by posing as legitimate organizations.

Question 2:
Which of the following is a common vector for malware distribution?
A. Physical hardware tampering
B. Email attachments
C. Secure HTTPS websites
D. Encrypted VPN connections
Correct Answer: B
Explanation: Malware is often distributed via email attachments, which can contain viruses, trojans, or other malicious code that executes when opened.

Question 3:
What does a DDoS attack primarily aim to achieve?
A. Steal personal data from users
B. Overwhelm a target’s bandwidth or resources
C. Encrypt files for ransom
D. Gain unauthorized access to a system
Correct Answer: B
Explanation: A Distributed Denial-of-Service (DDoS) attack involves flooding a target with traffic from multiple sources, making it unavailable to users.

Question 4:
Which cyber threat involves tricking individuals into revealing confidential information through psychological manipulation?
A. Ransomware
B. Social engineering
C. Spyware
D. Worm
Correct Answer: B
Explanation: Social engineering exploits human psychology to manipulate people into divulging sensitive information or performing actions that compromise security.

Question 5:
What is ransomware?
A. Software that monitors user activity without consent
B. Malware that locks files and demands payment for access
C. A network attack that intercepts data
D. Code that replicates itself across systems
Correct Answer: B
Explanation: Ransomware encrypts the victim’s data and demands a ransom, typically in cryptocurrency, to provide the decryption key.

Question 6:
How does a zero-day exploit work?
A. It targets vulnerabilities that are already patched
B. It exploits unknown or unpatched software flaws
C. It only affects outdated hardware
D. It requires user permission to execute
Correct Answer: B
Explanation: A zero-day exploit takes advantage of a vulnerability that is unknown to the software vendor, leaving systems exposed until a patch is developed.

Question 7:
What is the primary purpose of a firewall in cybersecurity?
A. To encrypt data transmissions
B. To monitor and control incoming and outgoing network traffic
C. To scan for viruses in real-time
D. To backup data automatically
Correct Answer: B
Explanation: A firewall acts as a barrier between a trusted internal network and untrusted external networks, filtering traffic based on predefined security rules.

Question 8:
Which of the following is an example of an insider threat?
A. A hacker from outside the organization stealing data
B. An employee leaking sensitive information intentionally
C. A virus spreading through email
D. A DDoS attack on a website
Correct Answer: B
Explanation: Insider threats involve individuals within an organization, such as employees or contractors, who misuse their access to compromise security.

Question 9:
What makes a strong password effective against cyber threats?
A. Using common words from the dictionary
B. Including a mix of uppercase, lowercase, numbers, and symbols
C. Sharing it across multiple accounts
D. Keeping it short for easy remembrance
Correct Answer: B
Explanation: A strong password is complex and includes a combination of character types, making it harder for attackers to crack using brute force or dictionary attacks.

Question 10:
How does encryption help mitigate cyber threats?
A. By making data faster to transmit
B. By converting data into a secure format that is unreadable without a key
C. By blocking all network traffic
D. By automatically deleting suspicious files
Correct Answer: B
Explanation: Encryption protects data by encoding it so that only authorized parties with the correct key can decrypt and access it, reducing the risk of unauthorized exposure.

Question 11:
What is a botnet in the context of cyber threats?
A. A network of private computers controlled without the owners’ knowledge
B. A type of antivirus software
C. Encrypted communication channels
D. A physical security device
Correct Answer: A
Explanation: A botnet is a group of compromised computers infected with malware, which attackers control remotely to perform tasks like sending spam or launching DDoS attacks.

Question 12:
Which threat involves intercepting and altering communication between two parties?
A. Man-in-the-middle attack
B. Phishing
C. Ransomware
D. SQL injection
Correct Answer: A
Explanation: In a man-in-the-middle attack, the attacker secretly intercepts and possibly alters the communication between two parties, often to steal information.

Question 13:
What is the main risk associated with public Wi-Fi networks?
A. Overheating of devices
B. Unencrypted data transmission that can be easily intercepted
C. Automatic software updates
D. Increased battery life
Correct Answer: B
Explanation: Public Wi-Fi often lacks encryption, allowing attackers to eavesdrop on data transmissions and potentially steal sensitive information like login credentials.

Question 14:
How does two-factor authentication (2FA) enhance security?
A. By requiring only a password
B. By adding a second verification step, such as a code sent to a device
C. By encrypting all emails
D. By blocking IP addresses
Correct Answer: B
Explanation: 2FA requires two forms of identification, making it harder for attackers to gain access even if they have stolen a password.

Question 15:
What is SQL injection?
A. Injecting malicious code into a website’s database
B. A type of virus that affects hardware
C. Encrypting SQL databases
D. A social engineering tactic
Correct Answer: A
Explanation: SQL injection is a code injection technique that exploits vulnerabilities in a database-driven application, allowing attackers to manipulate or extract data.

Question 16:
Which cyber threat is associated with clicking on malicious links?
A. Advanced persistent threats
B. Drive-by downloads
C. Firewall breaches
D. Insider attacks
Correct Answer: B
Explanation: Drive-by downloads occur when a user visits a compromised website or clicks a malicious link, automatically downloading malware without their knowledge.

Question 17:
What does “zero trust” mean in cybersecurity?
A. Trusting all internal users by default
B. Verifying every user and device, regardless of location
C. Allowing unrestricted access to networks
D. Relying solely on passwords
Correct Answer: B
Explanation: Zero trust is a security model that assumes no one is trustworthy by default, requiring continuous verification of users and devices to prevent threats.

Question 18:
How can phishing be distinguished from spear-phishing?
A. Phishing targets individuals, while spear-phishing targets organizations
B. Phishing is general, while spear-phishing is targeted at specific individuals or groups
C. They are the same thing
D. Spear-phishing involves malware only
Correct Answer: B
Explanation: Spear-phishing is a more targeted form of phishing that customizes attacks for specific victims, making it harder to detect.

Question 19:
What is the role of antivirus software in preventing cyber threats?
A. It scans and removes malicious software from systems
B. It manages network traffic
C. It encrypts all files automatically
D. It generates passwords
Correct Answer: A
Explanation: Antivirus software detects, prevents, and removes viruses and other malware by scanning files and monitoring system behavior.

Question 20:
Which practice helps prevent data breaches?
A. Storing all data in plain text
B. Regularly updating software and patches
C. Sharing passwords with colleagues
D. Using the same password for all accounts
Correct Answer: B
Explanation: Regular software updates and patches fix vulnerabilities that could be exploited in data breaches, enhancing overall security.