Cybersecurity in Aviation MCQs

What is the primary objective of cybersecurity in aviation? A) To enhance in-flight entertainment systems B) To protect aircraft, passengers, and aviation infrastructure from cyber threats C) To manage flight schedules and crew assignments D) To monitor weather conditions Answer: B) To protect aircraft, passengers, and aviation infrastructure from cyber threats Which type of cyber attack involves intercepting and altering communication between two parties? A) Phishing B) Man-in-the-Middle (MitM) C) Denial of Service (DoS) D) Malware Answer: B) Man-in-the-Middle (MitM) What is a “zero-day vulnerability” in cybersecurity? A) A security flaw that is known and patched B) A vulnerability that is exploited on the same day it is discovered C) A vulnerability that has existed for years but remains unexploited D) A type of encryption flaw Answer: B) A vulnerability that is exploited on the same day it is discovered Which aviation system is most susceptible to cyber attacks involving data integrity breaches? A) Air Traffic Management Systems B) In-flight entertainment systems C) Airport passenger information systems D) Aircraft landing gear systems Answer: A) Air Traffic Management Systems What does “network segmentation” help achieve in aviation cybersecurity? A) It improves in-flight communication. B) It isolates different parts of the network to limit the spread of a cyber attack. C) It enhances aircraft performance. D) It increases the speed of data transmission. Answer: B) It isolates different parts of the network to limit the spread of a cyber attack. Which protocol is commonly used to secure communications over the internet? A) HTTP B) HTTPS C) FTP D) SMTP Answer: B) HTTPS What is a “phishing” attack? A) An attack that floods a system with traffic B) A social engineering attack that tricks users into revealing sensitive information C) An attack that exploits software vulnerabilities D) A method of intercepting wireless communications Answer: B) A social engineering attack that tricks users into revealing sensitive information What role does encryption play in aviation cybersecurity? A) It ensures high-speed data transmission. B) It prevents unauthorized access to sensitive data. C) It reduces hardware costs. D) It simplifies software development. Answer: B) It prevents unauthorized access to sensitive data. Which system provides real-time data on aircraft positions and movements? A) Automatic Dependent Surveillance-Broadcast (ADS-B) B) Flight Management System (FMS) C) Aircraft Communications Addressing and Reporting System (ACARS) D) Traffic Collision Avoidance System (TCAS) Answer: A) Automatic Dependent Surveillance-Broadcast (ADS-B) What is “ransomware”? A) A type of malware that encrypts files and demands payment for their release B) A software that protects against viruses C) A system for managing flight operations D) A method of improving aircraft fuel efficiency Answer: A) A type of malware that encrypts files and demands payment for their release Which organization provides guidelines and best practices for cybersecurity in aviation? A) International Civil Aviation Organization (ICAO) B) International Air Transport Association (IATA) C) Federal Aviation Administration (FAA) D) European Union Aviation Safety Agency (EASA) Answer: A) International Civil Aviation Organization (ICAO) What is “social engineering” in the context of cybersecurity? A) A method to engineer more efficient software B) Manipulating individuals into divulging confidential information C) A technique to enhance network security D) A type of encryption algorithm Answer: B) Manipulating individuals into divulging confidential information What is the purpose of a “firewall” in cybersecurity? A) To speed up network connections B) To block or allow network traffic based on security rules C) To manage aircraft maintenance schedules D) To encrypt data transmissions Answer: B) To block or allow network traffic based on security rules Which technology helps ensure the authenticity of messages sent within an aviation network? A) Encryption B) Firewalls C) Digital signatures D) Anti-virus software Answer: C) Digital signatures What is “penetration testing”? A) A method of assessing the physical security of an airport B) A practice of simulating cyber attacks to find vulnerabilities in a system C) A technique for improving aircraft software performance D) A process for encrypting sensitive data Answer: B) A practice of simulating cyber attacks to find vulnerabilities in a system What does the acronym “VPN” stand for in cybersecurity? A) Virtual Private Network B) Very Protected Network C) Variable Protocol Node D) Verified Public Network Answer: A) Virtual Private Network Which type of attack involves overwhelming a system with excessive requests to disrupt its operation? A) Phishing B) Denial of Service (DoS) C) Man-in-the-Middle (MitM) D) SQL Injection Answer: B) Denial of Service (DoS) Which aviation system could be targeted by an attacker to disrupt communication between the cockpit and air traffic control? A) Flight Management System (FMS) B) Aircraft Communications Addressing and Reporting System (ACARS) C) Traffic Collision Avoidance System (TCAS) D) Electronic Flight Instrument System (EFIS) Answer: B) Aircraft Communications Addressing and Reporting System (ACARS) What is a “botnet” in the context of cybersecurity? A) A network of compromised computers controlled by a cybercriminal B) A system for managing airline bookings C) A type of firewall used in aviation networks D) A method for encrypting network traffic Answer: A) A network of compromised computers controlled by a cybercriminal Which cybersecurity principle involves ensuring that only authorized users have access to certain data or systems? A) Availability B) Integrity C) Confidentiality D) Non-repudiation Answer: C) Confidentiality What does “multi-factor authentication” involve? A) Using multiple passwords to access a system B) Requiring multiple forms of verification to access a system C) Encrypting data using multiple algorithms D) Applying several layers of firewall protection Answer: B) Requiring multiple forms of verification to access a system Which term describes software that is designed to damage or disrupt computer systems? A) Malware B) Firewall C) Anti-virus D) Encryption Answer: A) Malware What does “patch management” refer to in cybersecurity? A) Updating software to fix vulnerabilities and improve security B) Creating new software features C) Managing physical security of hardware D) Developing encryption algorithms Answer: A) Updating software to fix vulnerabilities and improve security Which of the following is a common method to detect and respond to potential security incidents? A) Security Information and Event Management (SIEM) B) In-flight entertainment systems C) Aircraft maintenance logs D) Passenger boarding systems Answer: A) Security Information and Event Management (SIEM) What is a “security breach”? A) A system update that improves security B) Unauthorized access to or disclosure of sensitive information C) A scheduled security audit D) A type of encryption technique Answer: B) Unauthorized access to or disclosure of sensitive information Which type of cyber attack manipulates web forms to execute unauthorized commands on a server? A) SQL Injection B) Cross-Site Scripting (XSS) C) Phishing D) Man-in-the-Middle (MitM) Answer: A) SQL Injection What is “cyber hygiene”? A) The practice of maintaining basic cybersecurity measures and good practices B) The process of cleaning physical computer hardware C) The regulation of online communication D) The management of network traffic Answer: A) The practice of maintaining basic cybersecurity measures and good practices What does the term “cyber resilience” refer to? A) The ability to recover from a cyber attack and continue operations B) The capability to prevent all cyber attacks C) The speed of network data transmission D) The strength of encryption algorithms Answer: A) The ability to recover from a cyber attack and continue operations Which aviation system provides real-time data about weather conditions? A) Weather Radar B) Aircraft Communications Addressing and Reporting System (ACARS) C) Traffic Collision Avoidance System (TCAS) D) Flight Management System (FMS) Answer: A) Weather Radar What is “social engineering” often used to exploit in cybersecurity attacks? A) Software vulnerabilities B) Human psychology and behavior C) Network hardware D) Encryption algorithms Answer: B) Human psychology and behavior What does “incident response” involve in the context of cybersecurity? A) The process of preparing and reacting to a security breach or attack B) The implementation of physical security measures C) The development of new software applications D) The configuration of network hardware Answer: A) The process of preparing and reacting to a security breach or attack Which technology helps secure wireless communications in aviation? A) WPA2 (Wi-Fi Protected Access 2) B) Ethernet C) Bluetooth D) TCP/IP Answer: A) WPA2 (Wi-Fi Protected Access 2) Which term refers to a network of devices that have been infected and controlled by malware? A) Botnet B) Firewall C) Intrusion Detection System (IDS) D) Encryption Answer: A) Botnet Which cybersecurity measure involves setting up barriers to protect a network from unauthorized access? A) Firewalls B) Encryption C) Antivirus software D) Passwords Answer: A) Firewalls What is a “security token” used for in cybersecurity? A) To provide an additional layer of authentication for accessing systems B) To encrypt email communications C) To manage network traffic D) To schedule system backups Answer: A) To provide an additional layer of authentication for accessing systems Which of the following is a common method to protect against unauthorized data access? A) Access controls and user permissions B) Increasing network bandwidth C) Regular software updates D) Enhancing flight crew training Answer: A) Access controls and user permissions What is “two-factor authentication” (2FA)? A) A method of using two different passwords for security B) A process requiring two separate forms of identification for accessing systems C) An encryption method using two algorithms D) A firewall with two layers of protection Answer: B) A process requiring two separate forms of identification for accessing systems Which organization is responsible for cybersecurity regulations and standards in the United States aviation industry? A) Federal Aviation Administration (FAA) B) National Security Agency (NSA) C) International Air Transport Association (IATA) D) European Union Aviation Safety Agency (EASA) Answer: A) Federal Aviation Administration (FAA) What is the purpose of an “Intrusion Detection System” (IDS)? A) To detect and alert on unauthorized access or anomalies in a network B) To manage user passwords C) To provide physical security for data centers D) To monitor weather conditions Answer: A) To detect and alert on unauthorized access or anomalies in a network Which security principle ensures that information is not altered or destroyed by unauthorized users? A) Integrity B) Confidentiality C) Availability D) Authentication Answer: A) Integrity What is “endpoint security” in the context of aviation cybersecurity? A) Security measures applied to devices such as laptops and smartphones used in aviation B) Security measures for airport perimeters C) Security for communication between aircraft and ground control D) Security protocols for aircraft maintenance systems Answer: A) Security measures applied to devices such as laptops and smartphones used in aviation Which type of malware is designed to gain unauthorized access to a system and remain undetected? A) Rootkit B) Ransomware C) Worm D) Trojan Horse Answer: A) Rootkit What is a “cybersecurity incident”? A) Any event that compromises the confidentiality, integrity, or availability of information B) A routine software update C) A physical security breach D) An unauthorized system upgrade Answer: A) Any event that compromises the confidentiality, integrity, or availability of information Which of the following is a key component of a cybersecurity risk management strategy? A) Identifying, assessing, and mitigating potential threats B) Developing new flight schedules C) Enhancing aircraft design D) Optimizing passenger services Answer: A) Identifying, assessing, and mitigating potential threats What is the purpose of “vulnerability scanning” in cybersecurity? A) To identify and assess security weaknesses in systems and networks B) To improve software performance C) To manage hardware inventory D) To track user behavior Answer: A) To identify and assess security weaknesses in systems and networks What does “network monitoring” involve in aviation cybersecurity? A) Observing and analyzing network traffic to detect and respond to threats B) Updating flight schedules C) Managing airline reservations D) Enhancing aircraft navigation systems Answer: A) Observing and analyzing network traffic to detect and respond to threats Which security measure involves using unique codes to verify user identities during login? A) Multi-factor authentication B) Password management C) Encryption D) Network segmentation Answer: A) Multi-factor authentication What is “data breach notification”? A) The process of informing affected parties about unauthorized access to their data B) The update of encryption protocols C) The installation of new firewalls D) The training of staff on cybersecurity policies Answer: A) The process of informing affected parties about unauthorized access to their data Which security measure helps ensure that system data is available when needed and protected from disruptions? A) Data redundancy and backups B) Encryption algorithms C) Access control lists D) Firewalls Answer: A) Data redundancy and backups What is “security awareness training”? A) Educating employees and stakeholders about cybersecurity risks and best practices B) Installing new hardware for improved security C) Updating software to fix vulnerabilities D) Enhancing encryption methods Answer: A) Educating employees and stakeholders about cybersecurity risks and best practices