General security

Are You InfoSec Geek Enough? Take This Quiz and Let’s See What You Got!

aurelius
July 15, 2015 by
aurelius

I have prepared a simple quiz for you guys out there who are brave enough to test if you really are a certified InfoSec geek. Take note of the questions since some of them are commonly used in technical and security interviews or maybe security exams.

Answers, and some explanations, are at the bottom of the article. Just write down your own answers on a piece of paper. To grade it, turn to the Answers Section and check your own paper. No cheating! If you cheat on this quiz, you are not cheating on me, but you are cheating yourself.

There are 35 questions in this quiz, so just record your score and find out what's your InfoSec Geek rating. Are you ready?

Questions:

  1. Which is more secure: Telnet or SSH?
  2. Who exposed United States government surveillance programs like PRISM?
  3. What is the name of the famous computer worm that was branded as the first malware that attacked SCADA (Supervisory Control and Data Acquisition) systems and was also discovered in 2010 by VirusBlokAda (antivirus software vendor)?
  4. What TCP port does SMTP (Simple Mail Transfer Protocol) listen to by default?
  5. In a data transmission suppose that you need to do both encryption and compression; which process should you do first?
  6. What open source security tool is used commonly for scanning ports or for network exploration?
  7. How would you prevent SQL Injection attacks?
  8. Who broke and cracked the Enigma machine code during World War II?
  9. What type of attack payload is ' and 1 = any (select 1 from users where FULL_NAME like '%%dministrator' and rownum<=1 and PASSWORD like '0%') and '1%%'='1?
  10. In GNU/Linux, what file is used for changing your DNS?
  11. Which security algorithm for wireless networks is easier to crack, WEP or WPA2?
  12. What Operating System (OS) Memory Protection is known for preventing or mitigating buffer overflows?
  13. What type of attack is <script>alert('Hello Readers of Infosec Institute!');</script>?
  14. _____ is also known as the Caesar Cipher.
  15. What does GNU mean?
  16. What operating system is commonly exploited with MS08-067 Microsoft Server Service Relative Path Stack Corruption?
  17. What programming language is used in the snippet below?

    # code starts here

    import os

    lol = os.system(l”s –la”)

    ……………..
  18. _____ was initially developed under the codename Project Spartan which is a web browser in development by Microsoft.
  19. What does RTFM mean?
  20. Which is more secure HTTPS or SSL?
  21. How many layers does the OSI model have? Enumerate them!
  22. Who is the father of the C programming language?
  23. What Windows Operating System has LM (LanMan) hash disabled by default?
  24. x31xc0x50x68x6ex2fx73x68x68x2fx2fx62x69x89xe3x50x89xe2x53x89xe1xb0x0bxcdx80 is an example of a _____.
  25. ______ is an IT / Security / Surveillance Company that was recently hacked wherein the hack revealed a zero-day cross-platform Flash exploit - CVE-2015-5119.
  26. What kind of a computer virus is a virus that usually leverages or infects Microsoft Word, Microsoft Excels or similar word processors and application software?
  27. What is the name of the famous computer virus that forced Pentagon, CIA, the British Parliament, and most large corporations to completely shut down their mail systems in 2000?
  28. What is the name of the virus which is considered to be the first computer virus for MS-DOS?
  29. Rootpipe, WireLurker and Masque Attack are examples of vulnerabilities that targets what devices?
  30. What kind of a program is offered by large companies in order to invite hackers to find vulnerabilities in their system or applications and then if a vulnerability is found, a reward or a Hall of Fame is given to the hacker?
  31. What is the largest, most famous hacker and security conference in the world?
  32. What United States government surveillance program is referred to as the Digital Network Intelligence Exploitation System/Analytic Framework by NSA (National Security Agency)?
  33. _____ is known as the search engine for IOT (Internet of Things), inter-connected devices, and devices exposed on the Internet.
  34. _____ is the art of Human Hacking.
  35. _____ is the predecessor of Dalvik which is used and created solely for the Android project.

Answers:

  1. SSH or Secure Shell is more secure than Telnet because it is an encrypted network protocol while Telnet is in plaintext which allows attackers to easily sniff your username and password. That's why it's called Secure Shell!
  2. Edward Snowden
  3. Stuxnet
  4. TCP Port 25
  5. First of all, this question is used in most technical interviews and is actually made famous by Daniel Miessler in his article Information Security Interview Questions
    who was also asked with this question during his interview in Cisco. The answer is compress first before you encrypt. Rumor has it that Apple employees or hiring managers used to ask this question during technical interviews.
  6. Nmap
  7. If you answered parameterized queries then added more examples like sanitizing the input and placing a WAF (Web Application Firewall) on the web server then you are in the right track. Take note that answering WAF only is not enough since WAFs can be bypassed too.
  8. The answer is Alan Turing and I suggest that you watch the movie 'The Imitation Game' to learn more about his life.
  9. SQL Injection payload
  10. /etc/resolv.conf
  11. WEP - Wired Equivalent Privacy
  12. DEP (Data Execution Prevention) is the best answer but if you answered ASLR (Address space layout randomization) or SafeSEH (Safe Structured Exception Handling) then you are also right since both are also OS memory protections.
  13. XSS or Cross-Site Scripting
  14. ROT-3
  15. GNU's Not Unix
  16. Windows XP
  17. Python
  18. Microsoft Edge
  19. Read The F***in Manual! Sorry for the censorship on F***in but I think you know what that word is.
  20. This is another tricky question which is inspired by Daniel Miessler's Information Security Interview Questions. The answer is they are both the same and so there is no difference. I know you are smiling down there.
  21. There are 7 layers of OSI model; Physical (Layer 1), Data Link (Layer 2), Network (Layer 3), Transport (Layer 4), Session (Layer 5), Presentation (Layer 6), and Application (Layer 7). If you answered this question correctly then you must be a networking guy or you still remember your networking class.
  22. Dennis M. Ritchie (dmr) is also one of the key developers of the UNIX operating system.
  23. Windows Vista
  24. Shellcode
  25. If you are paying attention to security news feeds or if you are an up-to-date information security enthusiast then you should be able to answer: Hacking Team.
  26. Macro virus
  27. I Love You Virus or Love Bug
  28. Brain computer virus
  29. Apple devices
  30. Bug Bounty Program
  31. DEF CON (also written as DEFCON or Defcon)
  32. XKeyscore (XKS)
  33. Shodan
  34. Social Engineering
  35. ART (Android Runtime)

InfoSec Geek Rating

35 = Great! You are excellent and you are a certified InfoSec geek. You are one of the cool guys that are cool to hang out with in DEFCON. Keep rocking and keep learning. This is not the final step of course but I know that you know that. This is just a simple quiz to test your strength and you have proven to be worthy. I now award you the Certified Cyber Security Geek Professional certification which is the best InfoSec Geek title ever. Nah, just geeking I mean kidding about the Certified Cyber Security Geek Professional. This is not a security courseware or a certification program. Seriously, congratulations!

25 – 34 = You must have missed some of the details but you are still a certified InfoSec geek. Review the correct answers and check out some of the explanations. I know that you are good in the field of information security and you should keep that up. Congratulations!

20 – 24 = You are an average Cyber Security guy and InfoSec guy. I know you can do better than that score! But of course, you know better than the others.

18 – 19 = You barely passed the quiz but that doesn't mean you're n00b or you don't have skills. Maybe you have missed something, don't forget to try harder. You are still an average cyber security guy though so don't be sad.

10 – 17 = Congratulations on being brave despite having this low score. It's okay to fail, at least you tried and didn't cower. You have much to learn. Google is your master so use it wisely, young Padawan. You might be new in the field on information security but don't stop learning.

1 – 9 = Maybe you have taken the wrong assessment! Don't worry, at least you also tried. If not, then try harder! n00b! LoL

0 = Seriously?

aurelius
aurelius

aurelius is the creator of n00bs CTF Labs, bug bounty hunter, security researcher at Infosec Institute and an application security analyst. He loves playing games and watching movies aside from hacking.