Cyber Security Online Question

Which 3 levels in OSI Model are usually implemented in the software within the operating system?
(a) Data Link, Transport, Application (b) Application, Presentation, Session (c) Transport, Session, Presentation

Which of these protocols reside in Layer 3 - Network in the OSI Model?
(a) TCP and IPSec (b) IP and TCP (c) IP and IPSec

A netmask can be represented by which two ways?
(a) Pound Notation (80.2012.212.50#24) and Decimal Numbers (Netmask: (b) Slash Notation ( and Pound Notation (80.2012.212.50#24) (c) Decimal Numbers (Netmask: and Slash Notation (

Which is the broadcast address in this network:
(a) (b) (c)

Which one of these is a RFC 1918 ip address?
(a) (b) (c)

Shortening an IPv6 address means:
(a) Removing a group of only 0's (b) Converting 8 groups of 4 hexadecimal numbers into a valid IPv4 address (c) Removing unused groups of hexadecimal numbers

What is spoofing?
(a) A way of terminating a 3-way handshake connection (b) Falsifying data, making something appear different than they really are (c) A way server hides from attacks, a defensive mechanics

What is Zero-Trust architecture?
(a) A network where only some resources/devices are trusted (b) A network where all systems/resources need explicit access to be able to communicate (c) A network where we do not trust public network(internet), but we trust local network

You need an IDS (Intrusion Detection System) in addition to IPS (Intrusion Prevention System) to be able to both detect and prevent access
(a) False. IPS is also able to detect if positioned correctly in the network (b) Neither of the other options are correct (c) True. IDS and IPS are two separate product or devices, with designed roles on different parts of the network. (c) IDS tells the IPS to block/prevent.

To be able to detect and block specific file types/documents to be blocked from downloading from the internet, with a firewall, you need:
(a) A Next-Generation Firewall with phaser features (b) A Next-Generation Firewall with layer 7 features (c) A Next-Generation Firewall with layer 6 features

A cookie can not be used to control a users session/state
(a) False. Cookies are often used for tracking sessions (b) True, only supercookies have this feature

Cyber Security Online Question

Which types of packets can be used to determine if a system is alive on the network?
(a) ICMP Echo Request, ICMP Timestamp Request, TCP SYN, TCP ACK (b) ICMP Echo Request, TCP SYN, SW-1TCH, ICMP Timestamp Request (c) ICMP handshake Request, TCP ACK, NMAP

ARP Scanning can only be used to identify hosts/systems on the LAN
(a) True (b) False

NMAP Timing options (-T) can be used to to avoid detection by
(a) Choose when to scan. E.g. only scan during the night (b) Timing option is used to time a scan to CPU clocks, so they are in sync, for more efficient scanning (c) Limit speed on how fast hosts are scanned

What is a strobe of data?
(a) Small amount of traffic trying to hide from detecting (b) A sudden increase of traffic in the network

What is IDOR?
(a) Invalid Data or Reference (b) Insecure Direct Object Reference (c) Insecure Door or Room

What is SQL injection?
(a) It is used to inject malicious code to a database server, through a query (b) It is used to spoof or inject false headers in a HTTP request (c) It is used in Buffer Overflow attacks to overwrite memory

What is best practice in defending against SQL injection?
(a) Blocking specific ports that SQL injections are usually attacked via (b) Programmers will not make web applications that allow user input (c) Sanitizing users input in a web application

What is CSP - Content Security Policy?
(a) A strict way of sanitizing user input on a website (b) TLS encryption between server and client (c) A strict way of controlling where javacsript is allowed to be executed from

Which order of security protocols is correct, going from least to most secure?
(a) WPA, WPA2, WPA3, WEP (b) WEP, WPA, WPA2, WPA3 (c) WPA, WEP, WPA2, WPA3

Using the same strong password, with high entropy, on multiple sites is good practice
(a) True. Storing passwords in clear text in database is no longer practiced and are now only using strong encryption (b) False. If one site is breached/hacked and stores passwords in clear text, your password is now in hackers hands

SIEM is commonly used to
(a) Secure the servers that are hosted in the cloud (b) Do a real-time analysis of security alerts generated by applications, hosts and network hardware (c) Preventively block attacks against networks

Classifications of incidents should generally be according to
(a) Category, sensitivity, criticality (b) Category, sensitivity, criticality, SLA, contact channel (c) Category, sensitivity, criticality, SLA

The 6stages of PICERL are:
(a) Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned (b) Preparation, Identification, Containment, Eradication, Recovery, Payment (c) Preparation, Identification, Containment, Eradication, Recovery, Vacation

In which phase of PICERL is blocking attackers usually done?
(a) Eradication (b) Containment (c) Preparation (d) Identification