Sample Questions and Answers
. What defines a zero-day exploit?
A) An exploit with no documented CVE ID
B) A vulnerability that has no available patch at the time of exploitation
C) A malware attack on day one of infection
D) A vulnerability that only affects embedded systems
โ
Answer: B) A vulnerability that has no available patch at the time of exploitation
๐น Explanation: Zero-day exploits target unknown vulnerabilities before a vendor can develop a patch.
- How are zero-day vulnerabilities typically discovered?
A) By scanning public databases
B) Through responsible disclosure programs or exploit development by threat actors
C) By reverse engineering patched software
D) By using social engineering techniques
โ
Answer: B) Through responsible disclosure programs or exploit development by threat actors
๐น Explanation: Researchers or hackers may find zero-days through code analysis, fuzzing, or reverse engineering.
- Which tool is commonly used for discovering zero-day vulnerabilities?
A) Wireshark
B) AFL (American Fuzzy Lop)
C) Metasploit
D) Nessus
โ
Answer: B) AFL (American Fuzzy Lop)
๐น Explanation: AFL is a fuzzing tool that helps identify vulnerabilities by injecting random input into software.
- What is the main reason zero-day exploits are valuable to attackers?
A) They allow data encryption
B) They bypass all existing security defenses
C) They remain undetected by security tools until publicly disclosed
D) They can only be used against outdated systems
โ
Answer: C) They remain undetected by security tools until publicly disclosed
๐น Explanation: Since zero-day vulnerabilities are unknown, antivirus and IDS/IPS systems have no prior signatures to detect them.
- What is a common defense mechanism against zero-day exploits?
A) Disabling antivirus software
B) Using behavior-based threat detection systems
C) Only applying patches after 90 days
D) Using outdated software
โ
Answer: B) Using behavior-based threat detection systems
๐น Explanation: Behavioral analysis can detect anomalous activities linked to zero-day attacks, even without specific signatures.
Section 2: Advanced Evasion Techniques
- What is polymorphic malware?
A) Malware that infects multiple OS types
B) Malware that changes its code to evade signature-based detection
C) Malware that spreads through Bluetooth devices
D) Malware that targets DNS servers
โ
Answer: B) Malware that changes its code to evade signature-based detection
๐น Explanation: Polymorphic malware continuously mutates its code to avoid detection by traditional antivirus programs.
- Which evasion technique involves splitting malicious code into multiple parts to avoid detection?
A) Code obfuscation
B) Encryption
C) Code fragmentation
D) Steganography
โ
Answer: C) Code fragmentation
๐น Explanation: Code fragmentation splits malware payloads into multiple, seemingly harmless pieces to bypass security measures.
- What is the purpose of rootkit-based evasion techniques?
A) To prevent malware from executing
B) To hide malicious activities by gaining deep system-level access
C) To perform network segmentation
D) To increase firewall security
โ
Answer: B) To hide malicious activities by gaining deep system-level access
๐น Explanation: Rootkits operate at the kernel level, making them extremely difficult to detect or remove.
- Which technique allows malware to execute only when specific conditions are met, reducing its detection rate?
A) Sandbox evasion
B) Keylogging
C) DNS tunneling
D) Session hijacking
โ
Answer: A) Sandbox evasion
๐น Explanation: Malware can detect if it’s running in a sandboxed environment and delay execution to avoid detection.
- How does DNS tunneling help attackers evade security controls?
A) By encrypting all traffic between the attacker and victim
B) By encoding malicious data within DNS queries and responses
C) By bypassing firewalls using SSH
D) By redirecting users to phishing websites
โ
Answer: B) By encoding malicious data within DNS queries and responses
๐น Explanation: DNS tunneling allows attackers to exfiltrate data or establish a covert channel through DNS traffic.
Section 3: Mobile Security
- What type of attack involves modifying an appโs code to introduce malicious functions?
A) Jailbreaking
B) Reverse engineering
C) Code injection
D) App repackaging
โ
Answer: D) App repackaging
๐น Explanation: Attackers modify legitimate apps and redistribute them with malicious payloads.
- Which type of malware specifically targets mobile banking applications?
A) Ransomware
B) Spyware
C) Banking Trojans
D) Cryptojackers
โ
Answer: C) Banking Trojans
๐น Explanation: Banking Trojans mimic real banking apps or intercept credentials to steal funds.
- What is a common method of securing mobile applications from reverse engineering?
A) Using static IP addresses
B) Enforcing two-factor authentication
C) Code obfuscation
D) Disabling Bluetooth
โ
Answer: C) Code obfuscation
๐น Explanation: Code obfuscation scrambles an appโs source code, making it harder to analyze or reverse-engineer.
- What is the purpose of a mobile device management (MDM) solution?
A) To detect phishing emails
B) To monitor and control corporate mobile devices
C) To encrypt all internet traffic
D) To manage Windows desktop devices
โ
Answer: B) To monitor and control corporate mobile devices
๐น Explanation: MDM solutions enforce security policies, control device usage, and help secure corporate mobile environments.
- How does a SIM swap attack compromise mobile security?
A) By tricking the carrier into transferring a victimโs phone number to the attacker
B) By sending a malicious SIM card via email
C) By exploiting the SIM card’s encryption keys
D) By injecting malware into SIM firmware
โ
Answer: A) By tricking the carrier into transferring a victimโs phone number to the attacker
๐น Explanation: SIM swap attacks allow criminals to bypass SMS-based 2FA and gain access to sensitive accounts.
Reviews
There are no reviews yet.