Cyber Security Questions and Answers – Network Models – OSI Model Security
Preparing for cyber security interviews or aptitude tests in Tanzania? This collection of OSI Model Security multiple choice questions and answers will help you understand different vulnerabilities and security issues associated with each layer of the OSI model.
OSI Model Security MCQs and Answers
1. The ____________ model is 7-layer architecture where each layer is having some specific functionality to perform.
a) TCP/IP
b) Cloud
c) OSI
d) OIS
Answer: c
Explanation: The OSI model is 7-layer architecture where each layer is having some specific functionality to perform. All these layers work in collaboration for transmitting the data from 1 person to another worldwide.
2. The full form of OSI is OSI model is ______________
a) Open Systems Interconnection
b) Open Software Interconnection
c) Open Systems Internet
d) Open Software Internet
Answer: a
Explanation: The OSI model is 7-layer architecture where each layer is having some specific functionality to perform. All these layers work in collaboration for transmitting the data from 1 person to another worldwide.
3. Which of the following is not physical layer vulnerability?
a) Physical theft of data & hardware
b) Physical damage or destruction of data & hardware
c) Unauthorized network access
d) Keystroke & Other Input Logging
Answer: c
Explanation: Unauthorized network access is not an example of physical layer vulnerability. The rest three physical theft of data & hardware, damage or destruction of data & hardware and keystroke & Other Input Logging are physical layer vulnerabilities.
4. In __________________ layer, vulnerabilities are directly associated with physical access to networks and hardware.
a) physical
b) data-link
c) network
d) application
Answer: a
Explanation: In the physical layer, vulnerabilities are directly associated with physical access to networks and hardware such as unauthorized network access, damage or destruction of data & hardware and keystroke & Other Input Logging.
5. Loss of power and unauthorized change in the functional unit of hardware comes under problems and issues of the physical layer.
a) True
b) False
Answer: a
Explanation: Loss of power and unauthorized change in the functional unit of hardware comes under problems and issues of the physical layer. Other such issues are unauthorized network access, damage or destruction of data & hardware and keystroke & Other Input Logging.
6. Which of the following is not a vulnerability of the data-link layer?
a) MAC Address Spoofing
b) VLAN circumvention
c) Switches may be forced for flooding traffic to all VLAN ports
d) Overloading of transport-layer mechanisms
Answer: d
Explanation: MAC Address Spoofing, VLAN circumvention and switches may be forced for flooding traffic to all VLAN ports are examples of data-link layer vulnerability.
7. ____________ is data-link layer vulnerability where stations are forced to make direct communication with another station by evading logical controls.
a) VLAN attack
b) VLAN Circumvention
c) VLAN compromisation method
d) Data-link evading
Answer: b
Explanation: VLAN Circumvention is data-link layer vulnerability where stations are forced to make direct communication with another station by evading logical controls implemented using subnets and firewalls.
8. ________________may be forced for flooding traffic to all VLAN ports allowing interception of data through any device that is connected to a VLAN.
a) Switches
b) Routers
c) Hubs
d) Repeaters
Answer: a
Explanation: Switches may be forced for flooding traffic to all VLAN ports allowing interception of data through any device that are connected to a VLAN. It is a vulnerability of data link layer.
9. Which of the following is not a vulnerability of the network layer?
a) Route spoofing
b) Identity & Resource ID Vulnerability
c) IP Address Spoofing
d) Weak or non-existent authentication
Answer: d
Explanation: Weak or non-existent authentication is a vulnerability of the session layer. Route spoofing, identity & resource ID vulnerability & IP Address Spoofing are examples of network layer vulnerability.
10. Which of the following is an example of physical layer vulnerability?
a) MAC Address Spoofing
b) Physical Theft of Data
c) Route spoofing
d) Weak or non-existent authentication
Answer: b
Explanation: Physical theft of data is an example of physical layer vulnerability. Other such issues are unauthorized network access, damage or destruction of data & hardware and keystroke & Other Input Logging.
11. Which of the following is an example of data-link layer vulnerability?
a) MAC Address Spoofing
b) Physical Theft of Data
c) Route spoofing
d) Weak or non-existent authentication
Answer: a
Explanation: MAC Address spoofing is an example of data-link layer vulnerability. VLAN circumvention, as well as switches, may be forced for flooding traffic to all VLAN ports are some other examples of data-link layer vulnerability.
12. Which of the following is an example of network layer vulnerability?
a) MAC Address Spoofing
b) Physical Theft of Data
c) Route spoofing
d) Weak or non-existent authentication
Answer: c
Explanation: Route spoofing is an example of network layer vulnerability. Other examples of network layer vulnerabilities are IP Address Spoofing and Identity & Resource ID Vulnerability.
13. Which of the following is an example of physical layer vulnerability?
a) MAC Address Spoofing
b) Route spoofing
c) Weak or non-existent authentication
d) Keystroke & Other Input Logging
Answer: d
Explanation: Keystroke & other input logging is an example of physical layer vulnerability. Other such physical layer vulnerabilities are unauthorized network access, damage or destruction of data & hardware and keystroke & Other Input Logging.
14. Which of the following is an example of data-link layer vulnerability?
a) Physical Theft of Data
b) VLAN circumvention
c) Route spoofing
d) Weak or non-existent authentication
Answer: b
Explanation: VLAN circumvention is an example of data-link layer vulnerability. MAC Address Spoofing, as well as switches, may be forced for flooding traffic to all VLAN ports are some other examples of data-link layer vulnerability.
Transport, Session, Presentation and Application Layer Security Questions
15. Which of the following is not a transport layer vulnerability?
a) Mishandling of undefined, poorly defined
b) The Vulnerability that allows “fingerprinting” & other enumeration of host information
c) Overloading of transport-layer mechanisms
d) Unauthorized network access
Answer: d
Explanation: The different vulnerabilities of the Transport layer are mishandling of undefined, poorly defined, Vulnerability that allow “fingerprinting” & other enumeration of host information, Overloading of transport-layer mechanisms etc. Unauthorized network access is an example of physical layer vulnerability.
16. Which of the following is not session layer vulnerability?
a) Mishandling of undefined, poorly defined
b) Spoofing and hijacking of data based on failed authentication attempts
c) Passing of session-credentials allowing intercept and unauthorized use
d) Weak or non-existent authentication mechanisms
Answer: a
Explanation: Vulnerabilities of session layer of the OSI model are spoofing and hijacking of data based on failed authentication attempts, weak or non-existent authentication mechanisms, and the passing of session-credentials allowing intercept and unauthorized use.
17. Failed sessions allow brute-force attacks on access credentials. This type of attacks are done in which layer of the OSI model?
a) Physical layer
b) Data-link Layer
c) Session layer
d) Presentation layer
Answer: c
Explanation: Session identification may be subject to spoofing may lead to data leakage which depends on failed authentication attempts and allow hackers to allow brute-force attacks on access credentials.
18. Transmission mechanisms can be subject to spoofing & attacks based on skilled modified packets.
a) True
b) False
Answer: a
Explanation: Transmission mechanisms can be subject to spoofing & attacks based on skilled modified packets. This type of attacks is done in the transport layer of the OSI model.
19. Which of the following is not an example of presentation layer issues?
a) Poor handling of unexpected input can lead to the execution of arbitrary instructions
b) Unintentional or ill-directed use of superficially supplied input
c) Cryptographic flaws in the system may get exploited to evade privacy
d) Weak or non-existent authentication mechanisms
Answer: d
Explanation: Cryptographic flaws may be exploited to circumvent privacy, unintentional or ill-directed use of superficially supplied input, and poor handling of unexpected input are examples of presentation layer flaws.
20. Which of the following is not a vulnerability of the application layer?
a) Application design bugs may bypass security controls
b) Inadequate security controls force “all-or-nothing” approach
c) Logical bugs in programs may be by chance or on purpose be used for crashing programs
d) Overloading of transport-layer mechanisms
Answer: d
Explanation: Application design flaws may bypass security controls, inadequate security controls as well as logical bugs in programs may be by chance or on purpose be used for crashing programs. These all are part of application layer vulnerability.
21. Which of the following is an example of Transport layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) poor handling of unexpected input
d) highly complex application security controls
Answer: b
Explanation: Overloading of transport-layer mechanisms is an example of transport layer vulnerability. Other examples of Transport layer vulnerability are mishandling of undefined, poorly defined, Vulnerability that allows “fingerprinting” & other enumeration of host information.
22. Which of the following is an example of session layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) poor handling of unexpected input
d) highly complex application security controls
Answer: a
Explanation: Weak or non-existent mechanisms for authentication is an example of session layer vulnerability. Other examples are spoofing and the hijacking of data based on failed-authentication attempts & passing of session-credentials allowing intercept and unauthorized use.
23. Which of the following is an example of presentation layer vulnerability?
a) weak or non-existent mechanisms for authentication
b) overloading of transport-layer mechanisms
c) highly complex application security controls
d) poor handling of unexpected input
Answer: d
Explanation: Poor handling of unexpected input is an example of presentation layer vulnerability. Cryptographic flaws may be exploited to circumvent privacy, unintentional use of superficially supplied input are some other examples of presentation layer vulnerability.
24. Which of the following is an example of application layer vulnerability?
a) Cryptographic flaws lead to the privacy issue
b) Very complex application security controls
c) MAC Address Spoofing
d) Weak or non-existent authentication
Answer: b
Explanation: Very complex application security controls can be an example of application layer vulnerability. Inadequate security controls, as well as logical bugs in programs, are some other examples of such type.