What is the primary objective of cybersecurity in aviation?
A) To enhance in-flight entertainment systems
B) To protect aircraft, passengers, and aviation infrastructure from cyber threats
C) To manage flight schedules and crew assignments
D) To monitor weather conditions
Answer: B) To protect aircraft, passengers, and aviation infrastructure from cyber threats
Which type of cyber attack involves intercepting and altering communication between two parties?
A) Phishing
B) Man-in-the-Middle (MitM)
C) Denial of Service (DoS)
D) Malware
Answer: B) Man-in-the-Middle (MitM)
What is a “zero-day vulnerability” in cybersecurity?
A) A security flaw that is known and patched
B) A vulnerability that is exploited on the same day it is discovered
C) A vulnerability that has existed for years but remains unexploited
D) A type of encryption flaw
Answer: B) A vulnerability that is exploited on the same day it is discovered
Which aviation system is most susceptible to cyber attacks involving data integrity breaches?
A) Air Traffic Management Systems
B) In-flight entertainment systems
C) Airport passenger information systems
D) Aircraft landing gear systems
Answer: A) Air Traffic Management Systems
What does “network segmentation” help achieve in aviation cybersecurity?
A) It improves in-flight communication.
B) It isolates different parts of the network to limit the spread of a cyber attack.
C) It enhances aircraft performance.
D) It increases the speed of data transmission.
Answer: B) It isolates different parts of the network to limit the spread of a cyber attack.
Which protocol is commonly used to secure communications over the internet?
A) HTTP
B) HTTPS
C) FTP
D) SMTP
Answer: B) HTTPS
What is a “phishing” attack?
A) An attack that floods a system with traffic
B) A social engineering attack that tricks users into revealing sensitive information
C) An attack that exploits software vulnerabilities
D) A method of intercepting wireless communications
Answer: B) A social engineering attack that tricks users into revealing sensitive information
What role does encryption play in aviation cybersecurity?
A) It ensures high-speed data transmission.
B) It prevents unauthorized access to sensitive data.
C) It reduces hardware costs.
D) It simplifies software development.
Answer: B) It prevents unauthorized access to sensitive data.
Which system provides real-time data on aircraft positions and movements?
A) Automatic Dependent Surveillance-Broadcast (ADS-B)
B) Flight Management System (FMS)
C) Aircraft Communications Addressing and Reporting System (ACARS)
D) Traffic Collision Avoidance System (TCAS)
Answer: A) Automatic Dependent Surveillance-Broadcast (ADS-B)
What is “ransomware”?
A) A type of malware that encrypts files and demands payment for their release
B) A software that protects against viruses
C) A system for managing flight operations
D) A method of improving aircraft fuel efficiency
Answer: A) A type of malware that encrypts files and demands payment for their release
Which organization provides guidelines and best practices for cybersecurity in aviation?
A) International Civil Aviation Organization (ICAO)
B) International Air Transport Association (IATA)
C) Federal Aviation Administration (FAA)
D) European Union Aviation Safety Agency (EASA)
Answer: A) International Civil Aviation Organization (ICAO)
What is “social engineering” in the context of cybersecurity?
A) A method to engineer more efficient software
B) Manipulating individuals into divulging confidential information
C) A technique to enhance network security
D) A type of encryption algorithm
Answer: B) Manipulating individuals into divulging confidential information
What is the purpose of a “firewall” in cybersecurity?
A) To speed up network connections
B) To block or allow network traffic based on security rules
C) To manage aircraft maintenance schedules
D) To encrypt data transmissions
Answer: B) To block or allow network traffic based on security rules
Which technology helps ensure the authenticity of messages sent within an aviation network?
A) Encryption
B) Firewalls
C) Digital signatures
D) Anti-virus software
Answer: C) Digital signatures
What is “penetration testing”?
A) A method of assessing the physical security of an airport
B) A practice of simulating cyber attacks to find vulnerabilities in a system
C) A technique for improving aircraft software performance
D) A process for encrypting sensitive data
Answer: B) A practice of simulating cyber attacks to find vulnerabilities in a system
What does the acronym “VPN” stand for in cybersecurity?
A) Virtual Private Network
B) Very Protected Network
C) Variable Protocol Node
D) Verified Public Network
Answer: A) Virtual Private Network
Which type of attack involves overwhelming a system with excessive requests to disrupt its operation?
A) Phishing
B) Denial of Service (DoS)
C) Man-in-the-Middle (MitM)
D) SQL Injection
Answer: B) Denial of Service (DoS)
Which aviation system could be targeted by an attacker to disrupt communication between the cockpit and air traffic control?
A) Flight Management System (FMS)
B) Aircraft Communications Addressing and Reporting System (ACARS)
C) Traffic Collision Avoidance System (TCAS)
D) Electronic Flight Instrument System (EFIS)
Answer: B) Aircraft Communications Addressing and Reporting System (ACARS)
What is a “botnet” in the context of cybersecurity?
A) A network of compromised computers controlled by a cybercriminal
B) A system for managing airline bookings
C) A type of firewall used in aviation networks
D) A method for encrypting network traffic
Answer: A) A network of compromised computers controlled by a cybercriminal
Which cybersecurity principle involves ensuring that only authorized users have access to certain data or systems?
A) Availability
B) Integrity
C) Confidentiality
D) Non-repudiation
Answer: C) Confidentiality
What does “multi-factor authentication” involve?
A) Using multiple passwords to access a system
B) Requiring multiple forms of verification to access a system
C) Encrypting data using multiple algorithms
D) Applying several layers of firewall protection
Answer: B) Requiring multiple forms of verification to access a system
Which term describes software that is designed to damage or disrupt computer systems?
A) Malware
B) Firewall
C) Anti-virus
D) Encryption
Answer: A) Malware
What does “patch management” refer to in cybersecurity?
A) Updating software to fix vulnerabilities and improve security
B) Creating new software features
C) Managing physical security of hardware
D) Developing encryption algorithms
Answer: A) Updating software to fix vulnerabilities and improve security
Which of the following is a common method to detect and respond to potential security incidents?
A) Security Information and Event Management (SIEM)
B) In-flight entertainment systems
C) Aircraft maintenance logs
D) Passenger boarding systems
Answer: A) Security Information and Event Management (SIEM)
What is a “security breach”?
A) A system update that improves security
B) Unauthorized access to or disclosure of sensitive information
C) A scheduled security audit
D) A type of encryption technique
Answer: B) Unauthorized access to or disclosure of sensitive information
Which type of cyber attack manipulates web forms to execute unauthorized commands on a server?
A) SQL Injection
B) Cross-Site Scripting (XSS)
C) Phishing
D) Man-in-the-Middle (MitM)
Answer: A) SQL Injection
What is “cyber hygiene”?
A) The practice of maintaining basic cybersecurity measures and good practices
B) The process of cleaning physical computer hardware
C) The regulation of online communication
D) The management of network traffic
Answer: A) The practice of maintaining basic cybersecurity measures and good practices
What does the term “cyber resilience” refer to?
A) The ability to recover from a cyber attack and continue operations
B) The capability to prevent all cyber attacks
C) The speed of network data transmission
D) The strength of encryption algorithms
Answer: A) The ability to recover from a cyber attack and continue operations
Which aviation system provides real-time data about weather conditions?
A) Weather Radar
B) Aircraft Communications Addressing and Reporting System (ACARS)
C) Traffic Collision Avoidance System (TCAS)
D) Flight Management System (FMS)
Answer: A) Weather Radar
What is “social engineering” often used to exploit in cybersecurity attacks?
A) Software vulnerabilities
B) Human psychology and behavior
C) Network hardware
D) Encryption algorithms
Answer: B) Human psychology and behavior
What does “incident response” involve in the context of cybersecurity?
A) The process of preparing and reacting to a security breach or attack
B) The implementation of physical security measures
C) The development of new software applications
D) The configuration of network hardware
Answer: A) The process of preparing and reacting to a security breach or attack
Which technology helps secure wireless communications in aviation?
A) WPA2 (Wi-Fi Protected Access 2)
B) Ethernet
C) Bluetooth
D) TCP/IP
Answer: A) WPA2 (Wi-Fi Protected Access 2)
Which term refers to a network of devices that have been infected and controlled by malware?
A) Botnet
B) Firewall
C) Intrusion Detection System (IDS)
D) Encryption
Answer: A) Botnet
Which cybersecurity measure involves setting up barriers to protect a network from unauthorized access?
A) Firewalls
B) Encryption
C) Antivirus software
D) Passwords
Answer: A) Firewalls
What is a “security token” used for in cybersecurity?
A) To provide an additional layer of authentication for accessing systems
B) To encrypt email communications
C) To manage network traffic
D) To schedule system backups
Answer: A) To provide an additional layer of authentication for accessing systems
Which of the following is a common method to protect against unauthorized data access?
A) Access controls and user permissions
B) Increasing network bandwidth
C) Regular software updates
D) Enhancing flight crew training
Answer: A) Access controls and user permissions
What is “two-factor authentication” (2FA)?
A) A method of using two different passwords for security
B) A process requiring two separate forms of identification for accessing systems
C) An encryption method using two algorithms
D) A firewall with two layers of protection
Answer: B) A process requiring two separate forms of identification for accessing systems
Which organization is responsible for cybersecurity regulations and standards in the United States aviation industry?
A) Federal Aviation Administration (FAA)
B) National Security Agency (NSA)
C) International Air Transport Association (IATA)
D) European Union Aviation Safety Agency (EASA)
Answer: A) Federal Aviation Administration (FAA)
What is the purpose of an “Intrusion Detection System” (IDS)?
A) To detect and alert on unauthorized access or anomalies in a network
B) To manage user passwords
C) To provide physical security for data centers
D) To monitor weather conditions
Answer: A) To detect and alert on unauthorized access or anomalies in a network
Which security principle ensures that information is not altered or destroyed by unauthorized users?
A) Integrity
B) Confidentiality
C) Availability
D) Authentication
Answer: A) Integrity
What is “endpoint security” in the context of aviation cybersecurity?
A) Security measures applied to devices such as laptops and smartphones used in aviation
B) Security measures for airport perimeters
C) Security for communication between aircraft and ground control
D) Security protocols for aircraft maintenance systems
Answer: A) Security measures applied to devices such as laptops and smartphones used in aviation
Which type of malware is designed to gain unauthorized access to a system and remain undetected?
A) Rootkit
B) Ransomware
C) Worm
D) Trojan Horse
Answer: A) Rootkit
What is a “cybersecurity incident”?
A) Any event that compromises the confidentiality, integrity, or availability of information
B) A routine software update
C) A physical security breach
D) An unauthorized system upgrade
Answer: A) Any event that compromises the confidentiality, integrity, or availability of information
Which of the following is a key component of a cybersecurity risk management strategy?
A) Identifying, assessing, and mitigating potential threats
B) Developing new flight schedules
C) Enhancing aircraft design
D) Optimizing passenger services
Answer: A) Identifying, assessing, and mitigating potential threats
What is the purpose of “vulnerability scanning” in cybersecurity?
A) To identify and assess security weaknesses in systems and networks
B) To improve software performance
C) To manage hardware inventory
D) To track user behavior
Answer: A) To identify and assess security weaknesses in systems and networks
What does “network monitoring” involve in aviation cybersecurity?
A) Observing and analyzing network traffic to detect and respond to threats
B) Updating flight schedules
C) Managing airline reservations
D) Enhancing aircraft navigation systems
Answer: A) Observing and analyzing network traffic to detect and respond to threats
Which security measure involves using unique codes to verify user identities during login?
A) Multi-factor authentication
B) Password management
C) Encryption
D) Network segmentation
Answer: A) Multi-factor authentication
What is “data breach notification”?
A) The process of informing affected parties about unauthorized access to their data
B) The update of encryption protocols
C) The installation of new firewalls
D) The training of staff on cybersecurity policies
Answer: A) The process of informing affected parties about unauthorized access to their data
Which security measure helps ensure that system data is available when needed and protected from disruptions?
A) Data redundancy and backups
B) Encryption algorithms
C) Access control lists
D) Firewalls
Answer: A) Data redundancy and backups
What is “security awareness training”?
A) Educating employees and stakeholders about cybersecurity risks and best practices
B) Installing new hardware for improved security
C) Updating software to fix vulnerabilities
D) Enhancing encryption methods
Answer: A) Educating employees and stakeholders about cybersecurity risks and best practices