🔐
Cyber Security Hard

Cyber Threats and Attack Vectors

Play this advanced cybersecurity quiz online for free — 20 hard questions and answers on cyber threats and attack vectors.

20 Questions
35s Per Question
0+ Plays
← All Cyber Security Quizzes 📚 Study Guide for this category →
💡 Create account to save scores & earn XP
📋 View All 20 Questions & Answers

1. What is 'DNS spoofing'?

  • A. Corrupting DNS data to redirect traffic to malicious websites ✓
  • B. Legitimate DNS configuration
  • C. A type of firewall
  • D. A type of antivirus software

💡 DNS spoofing corrupts DNS data, redirecting users' traffic away from legitimate destinations toward malicious websites.

2. What is a 'supply chain vulnerability'?

  • A. A weakness introduced through third-party vendors, software, or hardware used by an organization ✓
  • B. A vulnerability only in an organization's own code
  • C. A type of firewall
  • D. A type of antivirus software

💡 A supply chain vulnerability is a weakness introduced through third-party vendors, software, or hardware an organization relies on.

3. What does 'buffer overflow' refer to in cybersecurity?

  • A. A vulnerability where a program writes more data to a buffer than it can hold, potentially allowing code execution ✓
  • B. A legitimate programming technique
  • C. A type of firewall
  • D. A type of antivirus software

💡 A buffer overflow occurs when a program writes more data to a buffer than it can hold, which can potentially be exploited to execute malicious code.

4. What does 'insider threat' refer to in cybersecurity?

  • A. A security risk originating from within an organization, such as an employee ✓
  • B. Only external attackers
  • C. A type of firewall
  • D. A type of antivirus software

💡 An 'insider threat' refers to a security risk that originates from within an organization, such as a current or former employee.

5. What does 'data exfiltration' refer to?

  • A. The unauthorized transfer of data from a system ✓
  • B. Legitimate data backup processes
  • C. A type of firewall
  • D. A type of antivirus software

💡 'Data exfiltration' refers to the unauthorized transfer of data out of a compromised system, often the goal of an attack.

6. What is 'watering hole attack'?

  • A. Compromising a website frequently visited by a target group to infect their devices ✓
  • B. A direct phishing email attack
  • C. A type of firewall
  • D. A type of antivirus software

💡 A watering hole attack compromises a website that a target group frequently visits, infecting visitors' devices when they access it.

7. What does 'supply chain attack' refer to?

  • A. Compromising a target by attacking less secure elements in its supply chain, such as third-party vendors ✓
  • B. A direct attack on the primary target only
  • C. A type of firewall
  • D. A type of antivirus software

💡 A supply chain attack compromises a target indirectly, by exploiting weaker security in its vendors or other supply chain partners.

8. What is 'cross-site scripting' (XSS)?

  • A. An attack that injects malicious scripts into webpages viewed by other users ✓
  • B. A legitimate web development technique
  • C. A type of firewall
  • D. A type of antivirus software

💡 Cross-site scripting (XSS) injects malicious scripts into webpages that are then executed in other users' browsers.

9. What is a 'zero-day vulnerability'?

  • A. A previously unknown security flaw that attackers can exploit before developers can fix it ✓
  • B. A known and patched vulnerability
  • C. A type of firewall
  • D. A type of antivirus software

💡 A zero-day vulnerability is a previously unknown security flaw that attackers can exploit before developers have a chance to fix it.

10. What is a 'DDoS attack' (Distributed Denial of Service)?

  • A. An attack overwhelming a system with traffic from multiple sources to make it unavailable ✓
  • B. A type of data encryption
  • C. A type of software update
  • D. A type of hardware upgrade

💡 A DDoS attack floods a target system with overwhelming traffic from multiple sources, making it unavailable to legitimate users.

11. What is 'advanced persistent threat' (APT)?

  • A. A prolonged, targeted cyberattack in which an intruder gains access and remains undetected for an extended period ✓
  • B. A short, random attack
  • C. A type of firewall
  • D. A type of antivirus software

💡 An advanced persistent threat (APT) is a prolonged, targeted cyberattack in which an intruder maintains undetected access over an extended period.

12. What is 'privilege escalation' in the context of an attack?

  • A. Exploiting a vulnerability to gain higher levels of system access than originally authorized ✓
  • B. Reducing an attacker's access
  • C. A type of firewall
  • D. A type of antivirus software

💡 Privilege escalation exploits a vulnerability to gain a level of system access beyond what was originally authorized.

13. What does 'lateral movement' refer to in a cyberattack?

  • A. An attacker moving through a network after initial compromise to access additional systems ✓
  • B. An attacker's initial entry point only
  • C. A type of firewall
  • D. A type of antivirus software

💡 'Lateral movement' describes an attacker's efforts to move through a network after an initial breach, seeking access to additional systems.

14. What does 'credential stuffing' involve?

  • A. Using stolen username-password pairs to attempt unauthorized logins across multiple sites ✓
  • B. A legitimate login method
  • C. A type of firewall
  • D. A type of antivirus software

💡 Credential stuffing uses stolen username-password combinations to attempt unauthorized logins across many different websites at once.

15. What is 'SQL injection'?

  • A. An attack technique that inserts malicious SQL code into a query to manipulate a database ✓
  • B. A legitimate database query method
  • C. A type of firewall
  • D. A type of antivirus software

💡 SQL injection inserts malicious SQL code into a database query, potentially exposing or manipulating sensitive data.

16. What does 'clickjacking' involve?

  • A. Tricking users into clicking something different from what they perceive, often to perform unintended actions ✓
  • B. Legitimate website navigation
  • C. A type of firewall
  • D. A type of antivirus software

💡 Clickjacking tricks users into clicking on something different from what they perceive, often triggering unintended, potentially harmful actions.

17. What is a 'man-in-the-middle attack'?

  • A. An attack where a third party secretly intercepts and possibly alters communication between two parties ✓
  • B. A legitimate network monitoring technique
  • C. A type of firewall
  • D. A type of antivirus software

💡 A man-in-the-middle attack occurs when a third party secretly intercepts, and potentially alters, communication between two unsuspecting parties.

18. What is 'command and control' (C2) infrastructure in cyberattacks?

  • A. Servers used by attackers to communicate with and control compromised systems ✓
  • B. Legitimate network administration tools only
  • C. A type of firewall
  • D. A type of antivirus software

💡 Command and control (C2) infrastructure consists of servers attackers use to communicate with and remotely control compromised systems.

19. What is a 'logic bomb'?

  • A. Malicious code that triggers a harmful action when specific conditions are met ✓
  • B. A legitimate scheduled task
  • C. A type of firewall
  • D. A type of antivirus software

💡 A logic bomb is malicious code programmed to trigger a harmful action once specific conditions, like a date, are met.

20. What is 'session hijacking'?

  • A. Taking over a valid user session to gain unauthorized access to information or services ✓
  • B. A legitimate session management technique
  • C. A type of firewall
  • D. A type of antivirus software

💡 Session hijacking involves taking over a legitimate, active user session to gain unauthorized access to information or services.

More Cyber Security Quizzes

View all Cyber Security quizzes →