Exam Module - Codex Academy

Course Exam Module

Based on the previous 6 course videos which you have watched, Answer the questions below

1 / 30

What is scanning in the context of cybersecurity?

A method for cleaning infected files

The process of examining a system or network for vulnerabilities

The act of installing security updates

A technique for encrypting data

2 / 30

Which of the following is NOT a type of social engineering attack?

Phishing

Vishing

SQL Injection

Pretexting

3 / 30

Which of the following is a real-world example of access control?

Using a fingerprint scanner to unlock a smartphone

Sharing a document via email

Streaming a video online

Typing a document in a word processor

4 / 30

Which of the following is an effective measure to prevent password attacks?

Using common passwords like “password123

Implementing multi-factor authentication (MFA)

Writing passwords on sticky notes

Disabling password complexity requirements

5 / 30

What is one of the primary roles in preventing cyber attacks within an organization?

Marketing Manager

Chief Information Security Officer (CISO)

Sales Representative

Customer Service Representative

6 / 30

In the context of currently happening cybercrimes, which scenario best illustrates a social engineering attack?

A hacker breaking into a server room

An employee receiving a fake email from IT requesting their password

A computer virus spreading through a network

A denial-of-service attack on a company’s website

7 / 30

Which of the following is NOT a method of scanning?

Authenticated scan

Unauthenticated scan

Agent-based scan

Manual scan

8 / 30

Which of the following is an example of a hashing algorithm?

AES

RSA

SHA-1

3DES

9 / 30

How can access control vulnerabilities like IDOR be exploited?

By guessing passwords through brute force attacks

By manipulating URLs to access unauthorized resources

By using SQL injection to retrieve data

By installing keyloggers on target devices

10 / 30

What can be identified using the Nmap tool during a port scan?

Network traffic volume

Open ports and the services running on them

User activity logs

Hardware failures

11 / 30

Which of the following practices can help mitigate the risk of IDOR vulnerabilities?

Encrypting all network traffic

Implementing access control checks on both the client and server sides

Using multi-factor authentication (MFA) for all user logins

Regularly updating antivirus software

12 / 30

How does vishing differ from phishing?

Vishing uses emails while phishing uses phone calls

Vishing uses phone calls while phishing uses emails

Vishing targets social media accounts while phishing targets bank accounts

Vishing is a type of network attack while phishing is not

13 / 30

What is encryption and how does it help secure data?

A method for deleting files

A process of converting data into a coded format to prevent unauthorized access

A technique for compressing files

A way to back up data

14 / 30

What does ‘breaching’ refer to in cybersecurity?

Updating security protocols

Gaining unauthorized access to data, systems, or networks

Installing new software

Training employees on cybersecurity

15 / 30

Which of the following methods is commonly used to store passwords securely in applications?

Plain text

Symmetric encryption

Hashing with salt

Base64 encoding

16 / 30

What is the primary purpose of a password?

To make the login screen look nicer

To remember user preferences

To secure access to personal accounts and data

To reduce internet speed

17 / 30

Which of the following best describes a recent cybersecurity incident?

A major social media platform was hacked, exposing millions of user accounts

A company’s server was upgraded without any data loss

A local business updated its antivirus software

An individual forgot their password and had to reset it

18 / 30

Which of the following is an effective way to detect a phishing email?

The email asks for personal information and has a sense of urgency

The email is from a known contact and contains no spelling errors

The email has a secure and official-looking logo

The email uses a popular domain name like Gmail or Yahoo

19 / 30

Which of the following is NOT a type of encryption?

Symmetric encryption

Asymmetric encryption

Hashing

Sorting

20 / 30

Which scanning method involves providing credentials to the scanning tool for deeper access?

Authenticated scan

Unauthenticated scan

Agent-based scan

External scan

21 / 30

How can CyberChef be used to perform Base64 encryption and decryption?

By entering text in the input field and selecting the appropriate “Base64 Encode” and “Base64 Decode” operations

By manually writing an encryption algorithm in the code editor

By running a network scan to find vulnerable ports

By configuring firewall rules

22 / 30

How do scanning tools help to identify vulnerabilities?

By automatically fixing security issues

By examining system configurations and identifying weaknesses

By monitoring employee behavior

By providing antivirus protection

23 / 30

What is a social engineering attack?

A type of attack that exploits software vulnerabilities

A method of stealing physical devices

A technique that manipulates people into divulging confidential information

A way to breach security through network hacking

24 / 30

How does Base64 encryption work and what is a practical use case for it?

Converts binary data to a text format for easier transmission

Encrypts data with a public key for secure communication

Encodes data with a private key for storage

Uses a fixed key length for symmetric encryption

25 / 30

What does the term “IDOR” stand for?

Insecure Data Output Reference

Internal Data Operation Registry

Insecure Direct Object Reference

Immediate Data Object Resource

26 / 30

In the context of preventing cyber attacks, which practice is essential for employees to follow?

Ignoring suspicious emails

Regularly updating and patching software

Sharing passwords with colleagues

Using the same password for multiple accounts

27 / 30

What is a brute force attack?

Guessing passwords from a list of known passwords

An attack using social engineering techniques

Trying all possible password combinations to find the correct one

Exploiting software vulnerabilities to gain access

28 / 30

Which tool can be used for performing a brute force attack on a web application?

Nmap

Wireshark

Hydra

Visual Studio

29 / 30

What is a cyber incident/attack?

An accidental deletion of files by an employee

Unauthorized access or damage to a computer system or network

Scheduled system maintenance

A software update

30 / 30

What is the primary purpose of access control in cybersecurity?

To log user activity

To prevent unauthorized access to resources

To enhance website performance

To facilitate data backups

To view your test Score Report or result, first you need to fill below details.

Your score is

Contact Details

Courses

Company