Top 250+ Solved Information Cyber Security (ICS) MCQ Questions Answer
Q. When discussing IDS/IPS, what is a signature?
a. an electronic signature used to authenticate the identity of a user on the network
b. patterns of activity or code corresponding to attacks
c. "normal," baseline network behavior
d. none of the above
Q. Which is true of a signature-based IDS?
a. it cannot work with an ips
b. it only identifies on known signatures
c. it detects never-before-seen anomalies
d. it works best in large enterprises.
Q. A false positive can be defined as:
a. an alert that indicates nefarious activity on a system that, upon further inspection, turns out to represent legitimate network traffic or behavior
b. an alert that indicates nefarious activity on a system that, upon further inspection, turns out to truly be nefarious activity
c. the lack of an alert for nefarious activity
d. all of the above
Q. The features of traditional IPSes are found in all of these modern systems, except:
a. next-generation firewalls
b. antimalware
c. unified threat management appliances
d. network behavior analysis systems
Q. How does machine learning benefit IDSes/IPSes?
a. by lowering the volume of attacks analyzed
b. by adding heuristic anomaly detection capabilities
c. by searching for similar patterns to known attacks
d. by helping identify signatures more quickly
Q. A valid definition of digital evidence is:
a. none of the below
b. data stored or transmitted using a computer
c. digital data of probative value
d. any digital evidence on a computer
Q. What are the three general categories of computer systems that can contain digital evidence?
a. desktop, laptop, server
b. personal computer, internet, mobile telephone
c. hardware, software, networks
d. open computer systems, communication systems, embedded systems
Q. In terms of digital evidence, the Internet is an example of:
a. open computer systems
b. communication systems
c. embedded computer systems
d. none of the above
Q. Cybertrails are advantageous because:
a. they are not connected to the physical world.
b. nobody can be harmed by crime on the internet.
c. they are easy to follow.
d. offenders who are unaware of them leave behind more clues than they otherwise would have.
Q. Personal computers and networks are often a valuable source of evidence. Those involved with _______ should be comfortable with this technology.
a. criminal investigation
b. prosecution
c. defense work
d. all of the above
Q. Computers can play the following roles in a crime:
a. target, object, and subject
b. evidence, instrumentality, contraband, or fruit of crime
c. object, evidence, and tool
d. symbol, instrumentality, and source of evidence
Q. The following specializations exist in digital investigations:
a. first responder (k. digital crime scene technician)
b. forensic examiner
c. digital investigator
d. all of the above
Q. The process of documenting the seizure of digital evidence and, in particular, when that evidence changes hands, is known as:
a. chain of custody
b. field notes
c. interim report
d. none of the above
Q. When assessing the reliability of digital evidence, the investigator is concerned with whether the computer that generated the evidence was functioning normally, and:
a. whether chain of custody was maintained
b. whether there are indications that the actual digital evidence was tampered with
c. whether the evidence was properly secured in transit
d. whether the evidence media was compatible with forensic machines
Q. The fact that with modern technology, a photocopy of a document has become acceptable in place of the original is known as:
a. best evidence rule
b. due diligence
c. quid pro quo
d. voir dire