Practice Cybersecurity MCQs covering CIA Triad, threats, firewalls, cryptography, compliance, and enterprise security architecture.
CIA Triad, malware types, encryption basics, phishing, and foundational security concepts.
Confidentiality, Integrity, Availability β DAD mapping, cryptography, compliance, and Parkerian Hexagram.
Internet architecture, network protocols, cyber warfare, DNS, BGP, SCADA, and global governance.
Malware types, exploits, SQLi, XSS, CVE/CVSS, buffer overflows, APT techniques, memory corruption, and advanced attack mechanisms.
Packet filtering, stateful vs stateless, WAF, NGFW, DMZ, NAT, DPI, HA clustering, SSL decryption, and ZTNA.
ZTA fundamentals, NIST SP 800-207, ZTNA, micro-segmentation, mTLS, CISA Maturity Model, SDP, and quantum computing threats.
Symmetric vs asymmetric encryption, AES, RSA, ECC, Diffie-Hellman, hash functions, digital signatures, PKI, X.509, PFS, AEAD, ChaCha20, homomorphic encryption, post-quantum cryptography, and Shor's Algorithm.
Symmetric and asymmetric encryption fundamentals, AES, RSA, ECC, Diffie-Hellman, hybrid encryption, PKI, PFS, block/stream ciphers, and Post-Quantum Cryptography.
OpenVAS history, NVTs, CVSS scoring, GVM daemon architecture (gvmd/gsad/ospd-openvas/Redis), NASL scripting, python-gvm automation, and air-gapped deployments.
HTTP/HTTPS, cookies, XSS, SQLi, CSRF, SSRF, CSP, CORS, WAF, JWT, OAuth 2.0, OWASP Top 10 (A01βA10), and advanced web exploit vectors.
OWASP Top 10 2021: Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Vulnerable Components, Auth Failures, Software Integrity Failures, Logging Failures, and SSRF.
Secure SDLC, SAST, DAST, threat modeling, injection flaws, authentication, authorization, CSRF, SSRF, JWT attacks, insecure deserialization, and DevSecOps security practices.
Android/iOS security models, OWASP Mobile Top 10, mobile malware, MDM/MAM, app permissions, certificate pinning, reverse engineering, and advanced mobile exploitation.
Android sandbox (UID/GID, SELinux), iOS Secure Enclave, ARM TrustZone/TEE, Verified Boot, code signing, AMFI, PAC, seccomp-bpf, MTE, BlastDoor, and platform security architecture.
Shared Responsibility Model, IAM, CASB, CSPM, CWPP, CNAPP, VPC, KMS, envelope encryption, SSRF in cloud, container escapes, IMDSv2, Confidential Computing, and eBPF-based runtime security.
Spear phishing, vishing, smishing, whaling, pretexting, baiting, BEC, OSINT reconnaissance, SPF/DKIM/DMARC, homograph attacks, AiTM frameworks, deepfake audio, HTML smuggling, and advanced evasion techniques.
Viruses, worms, Trojans, ransomware, rootkits, spyware, keyloggers, botnets, fileless malware, polymorphic & metamorphic techniques, C2 infrastructure, DGA, process injection, reverse engineering, and APT tooling.
Cybercrime definitions, threat actor profiling (APT, Script Kiddie, Hacktivist), cyber extortion, identity theft, digital forensics, chain of custody, CFAA, GDPR, Budapest Convention, dark web operations, money laundering, steganalysis, Tor attribution, anti-forensics, MITRE ATT&CK, and advanced attribution techniques.
IR lifecycle (NIST SP 800-61 & SANS), CSIRT, preparation, detection & analysis, containment, eradication, recovery, post-incident lessons learned, IoC vs IoA, SIEM, SOAR, YARA, memory forensics, Volatility, MITRE ATT&CK, threat hunting, process hollowing, Golden SAML, Kerberoasting, and advanced evasion detection.
GDPR, CCPA/CPRA, HIPAA, PCI-DSS, data minimization, purpose limitation, lawful basis, DPIAs, DSARs, Privacy by Design, pseudonymization, anonymization, k-anonymity, differential privacy, homomorphic encryption, Schrems II, BCRs, SCCs, Transfer Impact Assessments, federated learning, data clean rooms, biometric privacy (BIPA), and contextual integrity.
Codes of ethics (ISCΒ², ACM), intellectual property (copyright, patent, trademark, trade secret), CFAA, DMCA, ECPA, HIPAA, SOX, GLBA, COPPA, PCI-DSS, digital signatures, chain of custody, e-discovery, Mens Rea, bug bounty programs, Budapest Convention, Tallinn Manual, Wassenaar Arrangement, active cyber defense, Section 230, Third-Party Doctrine, Respondeat Superior, and AI ethics.
Digital forensics methodology, chain of custody, disk imaging, file carving, memory forensics, network forensics, log analysis, steganography, anti-forensics, e-discovery, and forensic tools.
GDPR, HIPAA, PCI-DSS, SOX, ISO 27001, NIST CSF, FedRAMP, FISMA, CMMC, SOC 2, compliance frameworks, audit controls, risk management, and regulatory requirements.
Quantum computing threats, Shor's algorithm, Grover's algorithm, NIST PQC finalists, ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (SPHINCS+), lattice cryptography, code-based cryptography, and migration strategies.
VPN architectures, tunneling protocols, IPSec, OpenVPN, WireGuard, SSL/TLS VPN, split tunneling, kill switch, NAT-T, IKE/IKEv2, Perfect Forward Secrecy, DMVPN, and enterprise VPN deployment.
Protocol architectures, cryptographic suites (ChaCha20, AES-GCM), Noise Protocol Framework, IKEv2, NAT traversal, performance comparisons, Cryptokey Routing, TCP Meltdown, Malleable C2 evasion, and post-quantum WireGuard extensions.
PTES phases, scoping, OSINT, black/gray/white box testing, vulnerability analysis, exploitation, privilege escalation, web app attacks (SQLi, XSS, SSRF), Active Directory attacks, Kerberoasting, EDR evasion, API unhooking, ROP chains, AMSI bypass, and post-exploitation mechanics.
Cybersecurity is one of the most heavily tested subjects in competitive exams, certification programs, and university assessments worldwide. Whether you are preparing for CompTIA Security+, CISSP, CEH, CISM, or a university semester paper, these Cybersecurity MCQs cover every concept that appears on those assessments.
This collection spans 27 topic areas: CIA Triad (the single most-tested concept in every cybersecurity exam), Threats & Vulnerabilities, Firewalls, Zero Trust Architecture, Cryptography, Symmetric vs. Asymmetric Encryption, Web Security, OWASP Top 10, Application Security, Mobile Security, Cloud Security, Phishing & Social Engineering, Malware, Cyber Crimes, Incident Response, Data Protection & Privacy, Cyber Laws and Ethics, Cyber Forensics, Compliance & Regulations, Post-Quantum Cryptography, VPN, WireGuard vs. OpenVPN vs. IPSec, and Penetration Testing.
Each topic is structured into three progressive difficulty levels β Basics, Concepts, and Advanced β so you can build knowledge systematically. Basics questions test direct recall of definitions and pillar identification. Concepts questions test applied understanding, DAD mapping, and architectural trade-offs. Advanced questions test multi-pillar analysis, cryptographic mechanisms, and compliance standards.
Use Study Mode to understand each concept before moving on, and Exam Mode to practise timed recall β the same pressure conditions you will face in CompTIA Security+, CISSP, or university viva exams.
These Cybersecurity multiple-choice questions cover every concept tested in university exams, placement tests, GATE preparation, and technical screening rounds. From foundational definitions to tricky edge-case scenarios, every MCQ comes with a verified explanation to reinforce the concept β not just the answer.
MCQ practice is the fastest way to identify gaps in your knowledge. Selecting the wrong option is valuable β it shows you exactly what needs more review. Use Exam Mode to build the recall speed that matters in timed tests, and Study Mode to absorb explanations during initial learning.
Combine these MCQs with the Cybersecurity Theory Notes for conceptual depth and the Cybersecurity Interview Q&A guide for answer phrasing under pressure. Together, the three resources cover every angle: understanding, rapid recall, and articulation.
