Cybersecurity Fundamentals Quiz – MCQs for Students and Freshers

Understanding cybersecurity basics is essential for students and freshers preparing for IT interviews, entrance tests, or foundational certifications. This quiz includes 25 beginner-friendly MCQs designed to test your knowledge on essential topics like network security, threats, cryptography, and system protection — all with clear explanations to help you learn.

Q1. What are the three core principles of cybersecurity?

A. Protection, Privacy, and Control
B. Confidentiality, Integrity, and Availability
C. Privacy, Access, and Security
D. Authentication, Monitoring, and Access
Correct Answer: B. Confidentiality, Integrity, and Availability
Explanation:
Known as the CIA Triad, these principles ensure that data is protected, remains unaltered, and is available when needed.

Q2. Which of the following best describes a brute-force attack?

A. Using software to scan networks
B. Trying multiple password combinations until one works
C. Hijacking a user session
D. Phishing emails to users
Correct Answer: B. Trying multiple password combinations until one works
Explanation:
Brute-force attacks systematically try every possible combination to guess a password.

Q3. What is the main purpose of a digital certificate?

A. Encrypting database records
B. Validating the identity of a website or user
C. Storing cookies securely
D. Blocking spam emails
Correct Answer: B. Validating the identity of a website or user
Explanation:
Digital certificates verify authenticity and are used in SSL/TLS to secure websites.

Q4. Which protocol is used for secure web browsing?

A. HTTP
B. FTP
C. HTTPS
D. TCP/IP
Correct Answer: C. HTTPS
Explanation:
HTTPS uses SSL/TLS to encrypt communication between the browser and the server, ensuring privacy and security.

Q5. What is two-factor authentication (2FA)?

A. Using two different passwords
B. Using username and password
C. Combining two verification methods like password + OTP
D. Biometric scanning only
Correct Answer: C. Combining two verification methods like password + OTP
Explanation:
2FA enhances security by requiring two forms of identity verification, such as something you know and something you have.

Q6. Which tool is commonly used for network vulnerability scanning?

A. GitHub
B. Nmap
C. Wireshark
D. Outlook
Correct Answer: B. Nmap
Explanation:
Nmap is used for network discovery and security auditing, commonly applied in penetration testing.

Q7. What is the primary function of a firewall?

A. Encrypt files
B. Filter network traffic
C. Manage DNS records
D. Detect spam emails
Correct Answer: B. Filter network traffic
Explanation:
Firewalls block or allow traffic based on predefined security rules.

Q8. What is the term for unauthorized access to a system?

A. Authorization
B. Authentication
C. Hacking
D. Hardening
Correct Answer: C. Hacking
Explanation:
Hacking is the act of gaining unauthorized access to a system or network.

Q9. Which of the following is a strong password example?

A. john123
B. admin
C. QwEr@2451
D. password123
Correct Answer: C. QwEr@2451
Explanation:
Strong passwords combine uppercase, lowercase, symbols, and numbers.

Q10. What is the purpose of penetration testing?

A. Install antivirus
B. Test system performance
C. Find security weaknesses
D. Monitor user behavior
Correct Answer: C. Find security weaknesses
Explanation:
Penetration testing simulates real attacks to identify and fix vulnerabilities.

Q11. What is social engineering in cybersecurity?

A. Upgrading social apps
B. Manipulating people to reveal confidential info
C. Coding software with social themes
D. Installing security updates
Correct Answer: B. Manipulating people to reveal confidential info
Explanation:
Social engineering exploits human behaviour to gain access to systems or data.

Q12. Which type of malware disguises itself as legitimate software?

A. Worm
B. Spyware
C. Trojan
D. Ransomware
Correct Answer: C. Trojan
Explanation:
Trojans appear harmless but allow unauthorized access or cause damage once installed.

Q13. Which of the following is a characteristic of phishing attacks?

A. Use of encrypted tunnels
B. Emailing fake links to steal data
C. Logging keystrokes
D. Denial of service
Correct Answer: B. Emailing fake links to steal data
Explanation:
Phishing emails trick users into entering sensitive information on fake websites.

Q14. Which one is a secure protocol for file transfers?

A. FTP
B. TFTP
C. SFTP
D. Telnet
Correct Answer: C. SFTP
Explanation:
SFTP (Secure File Transfer Protocol) encrypts file transfers, unlike FTP or TFTP.

Q15. What is the goal of an Intrusion Detection System (IDS)?

A. Block websites
B. Monitor and detect suspicious activities
C. Encrypt all data
D. Provide DNS resolution
Correct Answer: B. Monitor and detect suspicious activities
Explanation:
IDS tools alert on possible intrusions or malicious behaviour in networks or systems.

Q16. What does hashing ensure in cybersecurity?

A. Data availability
B. Data recovery
C. Data confidentiality
D. Data integrity
Correct Answer: D. Data integrity
Explanation:
Hashing verifies that data has not been changed or tampered with.

Q17. What is the difference between a virus and a worm?

A. Viruses need user action; worms self-replicate
B. Worms attach to files
C. Viruses affect only Linux systems
D. Worms are harmless
Correct Answer: A. Viruses need user action; worms self-replicate
Explanation:
Viruses require a host and user interaction, while worms spread independently.

Q18. What is the function of a honeypot in cybersecurity?

A. Speed up the network
B. Detect and distract attackers
C. Store passwords securely
D. Connect IoT devices
Correct Answer: B. Detect and distract attackers
Explanation:
Honeypots act as decoy systems to lure attackers and study their behaviour.

Q19. What is the first step of the cybersecurity kill chain?

A. Exploitation
B. Reconnaissance
C. Command and Control
D. Action on Objectives
Correct Answer: B. Reconnaissance
Explanation:
Attackers gather information in the reconnaissance phase before launching an attack.

Q20. Which cybersecurity tool captures and analyzes network packets?

A. Nmap
B. Burp Suite
C. Wireshark
D. Metasploit
Correct Answer: C. Wireshark
Explanation:
Wireshark is a packet analyzer used for network troubleshooting and security analysis.

Q21. What is the full form of VPN?

A. Virtual Personal Network
B. Verified Private Network
C. Virtual Private Network
D. Verified Packet Network
Correct Answer: C. Virtual Private Network
Explanation:
VPNs create a secure, encrypted connection over public networks.

Q22. Which security principle means giving users a minimal level of access?

A. Least Privilege
B. Mandatory Access
C. Role-based Access
D. Selective Authorization
Correct Answer: A. Least Privilege
Explanation:
Least Privilege limits user access to only what’s needed, reducing the risk of misuse.

Q23. What is the purpose of a security audit?

A. Deleting unused files
B. Reviewing security policies and compliance
C. Changing software
D. Updating passwords
Correct Answer: B. Reviewing security policies and compliance
Explanation:
Audits check systems against policies to ensure compliance and detect vulnerabilities.

Q24. What kind of threat is keylogging?

A. Man-in-the-Middle attack
B. Software bug
C. Spyware attack
D. Insider threat
Correct Answer: C. Spyware attack
Explanation:
Keyloggers secretly record keystrokes, often used to steal passwords and personal data.

Q25. Which of the following is NOT a basic cybersecurity control?

A. Regular software updates
B. Strong password policies
C. Disabling firewalls
D. Using antivirus software
Correct Answer: C. Disabling firewalls
Explanation:
Disabling firewalls increases risk; all others are basic security best practices.

Conclusion

These 25 best cybersecurity MCQs are ideal for exam preparation, interviews, and entry-level certifications. By mastering these questions, you’ll strengthen your grasp of core principles, security tools, and threat mitigation techniques that are essential in today’s digital world. For more cybersecurity practice, updates, and expert resources, follow TrainingX.