CCNA Browser and Application Security Questions

30 questions · Browser and Application Security · All types, answers revealed

1
MCQhard

A technician is troubleshooting a computer that has been infected with ransomware. The ransomware encrypted files and left a note demanding payment. After removing the malware, what is the most important step to prevent future infections?

A.Reinstall the operating system
B.Update all software to the latest versions
C.Implement a strict backup policy and educate users on phishing
D.Disable all browser plugins
AnswerC

Backups mitigate data loss, and user education reduces the likelihood of future infections.

Why this answer

Ransomware often enters via email attachments or malicious downloads. User education on safe browsing and email practices is critical to prevention. This tests understanding of the human factor in security and the limitations of technical controls alone.

2
MCQhard

A company uses a web application for internal communication. A security audit reveals that the application is vulnerable to cross-site scripting (XSS). Which browser security feature can help mitigate the risk for users while the application is being patched?

A.Enable pop-up blocker
B.Configure the browser to use a proxy server
C.Implement Content Security Policy (CSP) headers on the web server
D.Disable JavaScript in the browser
AnswerC

CSP allows the server to specify which scripts are allowed, preventing execution of injected scripts.

Why this answer

Content Security Policy (CSP) is a browser security mechanism that can block malicious scripts, reducing XSS impact. This tests advanced knowledge of browser security features. Other options are either unrelated or less effective against XSS.

3
MCQmedium

A technician is troubleshooting a Windows 10 computer where the user cannot install a legitimate browser extension because the browser displays a warning that extensions from this source are not allowed. What setting is likely blocking the installation?

A.The browser is in private browsing mode.
B.The computer is running Windows 10 in S mode.
C.The user account does not have administrator privileges.
D.The browser's security level is set to high.
AnswerB

S mode only allows apps from the Microsoft Store, which can prevent installation of extensions from outside the store.

Why this answer

Windows 10's S mode restricts app installations to the Microsoft Store, which also affects browser extensions. Disabling S mode or using a different browser that supports the extension is the solution.

4
MCQmedium

A user calls the help desk saying that every time they click a link in an email, their browser opens a page that says 'Your computer is infected! Call this number.' They are unable to close the page normally. What type of attack is this, and what is the first step you should take?

A.Phishing attack; immediately change the user's email password
B.Browser hijacker; run a full antivirus scan immediately
C.Tech support scam; force close the browser using Task Manager, then run a security scan
D.Drive-by download; disconnect the computer from the network
AnswerC

This matches the scenario: a fake alert designed to trick the user into calling a scam number. Force closing stops the attack.

Why this answer

This is a tech support scam using a social engineering tactic to frighten the user. The correct first step is to close the browser forcefully using Task Manager, then run a security scan. This tests the ability to distinguish between different attack types and appropriate response procedures.

5
MCQeasy

A user reports that their browser frequently redirects to a different search engine, and a new toolbar has appeared. After checking the browser settings, you find the homepage has been changed and there are unknown extensions enabled. What is the most likely cause of this issue?

A.A corrupted browser cache
B.A browser hijacker installed via a malicious extension
C.An outdated browser version
D.A misconfigured proxy server
AnswerB

Browser hijackers often install as extensions and modify settings like homepage and search engine.

Why this answer

This scenario describes classic symptoms of a browser hijacker, a type of malware that modifies browser settings without user consent. The correct answer is to remove the malicious extensions and reset the browser settings. This reinforces the importance of managing browser extensions and understanding common malware behaviors.

6
MCQhard

A company policy requires that all web traffic from employee computers be filtered to block known malicious sites. You need to implement this without installing client software on each machine. Which approach should you use?

A.Configure each browser's proxy settings to use a filtering proxy server.
B.Enable Windows Defender SmartScreen on each computer via Group Policy.
C.Implement a DNS-based content filtering service on the network's DNS server.
D.Install a third-party browser extension on all browsers to block malicious sites.
AnswerC

DNS filtering blocks requests to malicious domains at the network level, affecting all devices without client software.

Why this answer

A DNS-based content filter (like OpenDNS or a corporate DNS server) can block malicious domains without requiring client software. This is a scalable solution for network-wide filtering.

7
MCQhard

A user reports that their browser crashes every time they visit a particular website. Other websites work fine. The technician tries the same website on another computer and it works normally. What is the most likely cause on the user's computer?

A.The website has been blacklisted by the company's firewall.
B.A browser extension is incompatible with that website.
C.The user's network adapter driver is outdated.
D.The website is using a newer version of TLS that the browser doesn't support.
AnswerB

Extensions can cause conflicts with specific site code, leading to crashes. Testing with extensions disabled can confirm this.

Why this answer

A corrupted browser extension or add-on can cause crashes on specific sites. Since the site works on another computer, the issue is local. Disabling extensions one by one can isolate the problem.

Other causes like malware or outdated drivers are less specific to a single site.

8
MCQmedium

A user reports that after installing a free PDF converter from an advertisement, their browser homepage changed and they see constant pop-ups for antivirus software. A malware scan found PUPs (Potentially Unwanted Programs). What is the best next step to fully remove the unwanted software and restore browser settings?

A.Run System Restore to a point before installation.
B.Use a dedicated adware removal tool and then reset the browser.
C.Manually delete the program from Program Files.
D.Disable the browser's JavaScript and ActiveX.
AnswerB

Adware removal tools are designed to find and remove PUPs that standard antivirus may miss, and resetting the browser cleans up leftover settings.

Why this answer

PUPs like browser hijackers often come bundled with free software. Using a dedicated PUP removal tool or adware cleaner is more effective than a standard antivirus scan. After removal, resetting the browser ensures all changes are reverted.

9
MCQmedium

A technician is investigating a security incident where a user's credentials were stolen. The user says they only logged into their email from a coffee shop Wi-Fi. The technician notices that the browser was not using HTTPS for the login page. What is the most likely attack method used?

A.Cross-site scripting (XSS) attack.
B.Man-in-the-middle attack.
C.DNS spoofing attack.
D.Brute force attack.
AnswerB

An attacker on the same network can intercept unencrypted HTTP traffic and capture login credentials.

Why this answer

On an open Wi-Fi network, an attacker can perform a man-in-the-middle attack to intercept unencrypted HTTP traffic. Without HTTPS, the login credentials are sent in plaintext and can be captured easily. This is a common risk on public Wi-Fi.

10
MCQmedium

A company policy requires that all web traffic be filtered to block known malicious sites. You need to implement this on the network without installing software on each client. What should you configure?

A.Enable Windows Defender Firewall on each workstation
B.Configure a DNS filtering service on the router or DNS server
C.Install a browser extension on all computers
D.Set the browser security level to high
AnswerB

DNS filtering resolves malicious domains to a block page, preventing access at the network level.

Why this answer

DNS filtering is a network-level solution that blocks access to malicious domains without client software. This tests knowledge of different security implementations. Other options are either client-side or not effective for blocking specific sites.

11
MCQmedium

A user receives an email with a link that appears to be from their bank, asking them to verify their account. The link leads to a page that looks exactly like the bank's login page. What type of attack is this?

A.A man-in-the-middle attack.
B.A phishing attack.
C.A ransomware attack.
D.A cross-site scripting (XSS) attack.
AnswerB

Phishing uses social engineering to trick users into revealing sensitive information on fraudulent sites.

Why this answer

This is a phishing attack, where the attacker creates a fake login page to steal credentials. Users should be trained to verify URLs and never enter credentials from email links.

12
MCQeasy

A small business owner wants to ensure that employees cannot install unauthorized browser extensions on company-managed Windows 10 computers. Which method should you use to enforce this restriction?

A.Enable private browsing mode in each browser
B.Configure Group Policy to block extension installation
C.Set the browser homepage to a company-approved site
D.Install an ad-blocker extension
AnswerB

Group Policy allows administrators to enforce browser settings across all domain-joined computers.

Why this answer

Group Policy is the correct tool for centrally managing browser settings and restricting extension installations in a Windows domain environment. This question tests knowledge of enterprise-level browser security controls. The other options are either user-level or not effective for enforcement.

13
MCQmedium

A user's browser is displaying a warning that the website's certificate is not trusted, even though the URL is correct. The technician checks the date and time on the computer and finds it is set to 2019. What is the most likely cause of the certificate warning?

A.The website's SSL certificate has been revoked.
B.The browser's certificate store is corrupted.
C.The system date is incorrect, causing certificate validation to fail.
D.The user is connected to a malicious proxy.
AnswerC

SSL certificates rely on accurate date/time; a mismatch causes the browser to reject the certificate as invalid.

Why this answer

SSL certificates are time-sensitive; if the system date is far in the past or future, the browser cannot verify the certificate's validity. Synchronizing the system clock with a time server resolves this issue without needing to install a new certificate.

14
MCQmedium

During a security audit, you discover that a user's browser has multiple pop-up windows appearing, even when no websites are open. The user denies installing any software. Which tool should you use to identify and remove the underlying cause?

A.Reset the browser settings to default
B.Run a full scan with Windows Defender or another anti-malware tool
C.Disable JavaScript in the browser
D.Clear the browser cache and cookies
AnswerB

Anti-malware tools can detect and remove adware and PUPs that cause pop-ups.

Why this answer

Pop-ups appearing without a browser suggest adware or a potentially unwanted program (PUP) running as a background process. Using Windows Defender or an anti-malware scanner is the correct approach. This tests understanding of adware behavior and removal tools.

15
MCQhard

During a security incident response, you discover that a user's browser has a rogue extension that exfiltrates data to a remote server. The extension was installed after the user clicked a fake update prompt on a website. What vulnerability was exploited?

A.A zero-day vulnerability in the browser.
B.An insecure direct object reference (IDOR) vulnerability.
C.Social engineering.
D.A cross-site request forgery (CSRF) attack.
AnswerC

The user was manipulated into installing the extension by a deceptive prompt, which is a classic social engineering technique.

Why this answer

This is a social engineering attack where the user was tricked into installing malicious software. No technical vulnerability was exploited; the user's trust was manipulated.

16
MCQeasy

A user reports that their web browser frequently redirects to an unfamiliar search engine and displays pop-up ads even when no tabs are open. What is the most likely cause of this behavior?

A.The browser needs to be updated to the latest version.
B.The user has accidentally enabled a malicious browser extension.
C.The internet connection is unstable and causing DNS errors.
D.The browser cache is full and needs to be cleared.
AnswerB

A malicious extension can hijack browser settings, redirect searches, and inject ads. This is a common vector for browser hijackers.

Why this answer

This scenario describes classic symptoms of a browser hijacker, a type of malware that modifies browser settings without permission. The correct action is to scan and remove the malicious software using an anti-malware tool, as simply resetting settings or clearing caches may not remove the underlying infection.

17
MCQeasy

During a security audit, you find that a user's browser has an outdated version of Adobe Flash Player installed. What is the primary security risk associated with this finding?

A.The browser will run slower and may crash frequently.
B.The user will be unable to view some web content.
C.Attackers can exploit known vulnerabilities in the plugin to install malware.
D.The browser will automatically disable the plugin.
AnswerC

Outdated plugins have unpatched security holes that attackers frequently target to compromise systems.

Why this answer

Outdated plugins like Flash Player are common attack vectors because they contain known vulnerabilities that malware can exploit. Keeping software updated is a fundamental browser security practice.

18
MCQeasy

A customer says that when they click a link in an email, it opens a website that looks exactly like their bank's login page, but the URL starts with 'http://' instead of 'https://'. What is the most likely security concern?

A.The website is using an expired SSL certificate.
B.The user's browser is infected with adware.
C.The email contains a phishing link.
D.The user's DNS server has been compromised.
AnswerC

The combination of a lookalike page and HTTP instead of HTTPS is classic phishing, designed to steal login credentials.

Why this answer

The absence of HTTPS and the lookalike page strongly indicate a phishing attempt. Phishing sites often mimic legitimate sites to steal credentials, and the lack of encryption is a red flag. Users should never enter credentials on non-HTTPS pages, especially from email links.

19
MCQmedium

A technician is configuring a shared kiosk computer in a library. The requirement is that users must not be able to download files or install software. Which browser security setting should be configured?

A.Disable JavaScript in the browser.
B.Enable the browser's private browsing mode.
C.Set the browser to block all downloads and prompt for a save location.
D.Clear the browser cache and cookies daily.
AnswerC

Blocking downloads prevents users from saving files, which is essential for a kiosk environment.

Why this answer

Configuring the browser to prompt for download location and then blocking downloads via Group Policy or registry is effective. The simplest approach is to disable downloads entirely in the browser settings or use a kiosk mode that restricts functionality.

20
MCQeasy

A small business owner asks you to configure their office computers so that employees cannot install unauthorized browser extensions. Which policy setting should you implement?

A.Disable the browser's developer mode in the settings.
B.Set the browser to always use private browsing mode.
C.Use Group Policy to block extension installation and whitelist approved extensions.
D.Install a pop-up blocker on each computer.
AnswerC

Group Policy allows administrators to centrally control browser settings, including blocking extensions and allowing only approved ones.

Why this answer

Group Policy is the correct tool in Windows environments to enforce restrictions on browser extensions across multiple computers. This prevents users from adding potentially malicious or unapproved extensions, enhancing security.

21
MCQmedium

A customer reports that their browser shows a 'Your connection is not private' warning when visiting their online banking site, but other websites work fine. What is the most likely cause?

A.The user's system date and time are incorrect.
B.The bank's SSL certificate has expired or is misconfigured.
C.The user's browser is infected with a man-in-the-middle proxy.
D.The user's anti-virus is blocking the connection.
AnswerB

A single-site certificate error points to a problem with that site's certificate, not the client.

Why this answer

This warning typically indicates a certificate issue, such as an expired or invalid SSL certificate on the banking site itself. It is not a problem with the user's browser or computer.

22
MCQmedium

A technician is configuring a kiosk computer that will be used by the public to access a specific website. The technician wants to prevent users from navigating to other sites or changing browser settings. Which browser feature should be enabled?

A.Enable private browsing mode.
B.Enable parental controls.
C.Enable kiosk mode.
D.Disable the address bar via group policy.
AnswerC

Kiosk mode restricts the browser to a single full-screen application, preventing navigation to other sites and access to browser settings.

Why this answer

Kiosk mode locks the browser to a specific site or set of sites, hides the address bar, and disables settings access. This is ideal for public terminals. Other options like private browsing or parental controls do not provide the same level of restriction.

23
MCQhard

A technician is tasked with securing a legacy web application that only supports HTTP, not HTTPS. The application is critical for internal operations but must be accessible remotely. What is the best way to secure the traffic without modifying the application?

A.Install a self-signed SSL certificate on the server.
B.Use a VPN to access the internal network.
C.Enable HTTP Strict Transport Security (HSTS) on the server.
D.Configure the browser to use a proxy server.
AnswerB

A VPN encrypts all traffic between the remote user and the network, securing the legacy HTTP traffic without changing the app.

Why this answer

Using a VPN encrypts all traffic between the remote user and the internal network, including the unencrypted HTTP traffic from the legacy app. This provides a secure tunnel without requiring changes to the application itself. SSL/TLS termination could also work but requires a reverse proxy setup.

24
MCQeasy

During a software deployment, a technician needs to ensure that a new web application can run in a sandboxed environment to prevent it from accessing other system resources. Which browser feature should be configured?

A.Enable pop-up blocker.
B.Enable private browsing mode.
C.Enable browser sandboxing.
D.Disable JavaScript.
AnswerC

Sandboxing isolates the web application process, preventing it from accessing the system or other tabs, which is exactly what is needed.

Why this answer

Modern browsers use sandboxing to isolate web applications from the operating system and other tabs. This security feature prevents malicious code from affecting the system, and it is often enabled by default but can be configured via browser settings or group policies.

25
MCQhard

A user's browser is infected with a malicious extension that steals credentials. The extension was installed via a drive-by download from a compromised website. After removing the extension, what additional step should you take to ensure the credentials are not compromised?

A.Clear the browser cache and cookies
B.Run a full antivirus scan
C.Reset the browser settings to default
D.Change all passwords that were entered while the extension was active
AnswerD

Since credentials may have been captured, changing passwords is essential to prevent unauthorized access.

Why this answer

If a credential-stealing extension was active, passwords may have been captured. The correct step is to force password changes for all accounts used in that browser. This tests understanding of post-infection remediation and the scope of data theft.

26
MCQeasy

A user reports that their browser frequently redirects to a search page they never set, and they see unfamiliar toolbars. After running a malware scan that found nothing, what should the technician do next to resolve the issue?

A.Replace the network cable.
B.Reset the browser settings to default.
C.Update the network adapter driver.
D.Reinstall the operating system.
AnswerB

Resetting the browser removes all add-ons, toolbars, and restores default homepage and search settings, which effectively eliminates browser hijackers.

Why this answer

This scenario describes a browser hijacker, which is often not detected by standard antivirus scans. Resetting the browser removes unwanted extensions, toolbars, and reverts the homepage and search engine settings, solving the problem without reinstalling the OS or replacing hardware.

27
MCQmedium

A small business owner wants to ensure that employees cannot install browser extensions or add-ons without administrator approval. Which method should the technician use to enforce this restriction across all company computers?

A.Configure each browser's settings manually on every computer.
B.Use Group Policy to disable extension installation.
C.Install a third-party firewall to block extension downloads.
D.Set the browser to private browsing mode.
AnswerB

Group Policy provides centralized control to block extension installations across all domain-joined computers.

Why this answer

Group Policy in Windows allows administrators to centrally manage browser settings, including preventing extension installations. This is the standard enterprise approach for enforcing security policies across multiple computers.

28
MCQmedium

A user reports that their browser displays a warning saying 'Your connection is not private' when visiting a frequently used banking site. After checking, you see the certificate error is for a different domain. What is the most likely cause?

A.The user's system date and time are incorrect
B.The website's SSL certificate has expired
C.A malicious proxy or DNS hijacking is redirecting traffic to a fake site
D.The browser needs to be updated to the latest version
AnswerC

A man-in-the-middle attack can present a certificate for a different domain, indicating redirection to a fraudulent site.

Why this answer

A certificate error for a different domain indicates a possible man-in-the-middle attack or DNS hijacking. The correct action is to investigate the network and not proceed to the site. This tests understanding of SSL/TLS certificate warnings and their security implications.

29
MCQeasy

A user calls the help desk complaining that their browser homepage keeps changing to a site they did not set, and they cannot change it back. You remotely check and find no malware. What is the most likely cause?

A.The user's browser profile is corrupted.
B.A recently installed program modified the browser settings during installation.
C.The user's DNS settings are being hijacked by the ISP.
D.The browser's shortcut target is pointing to a different URL.
AnswerB

Many free applications bundle browser modifications; if the user did not uncheck those options, the homepage changes.

Why this answer

Some legitimate software installers include options to change browser settings, and users may inadvertently agree. This is a common cause of homepage changes that are not malware-related.

30
MCQmedium

You are configuring a new Windows 10 computer for a user who frequently downloads files from the internet. To reduce the risk of malware, you want to block the execution of downloaded files from the internet until they are scanned by antivirus. Which Windows feature should you enable?

A.Windows Defender Firewall
B.Windows Defender Application Guard
C.BitLocker Drive Encryption
D.User Account Control (UAC)
AnswerB

Application Guard uses hardware isolation to run untrusted files in a sandbox, preventing harm to the system.

Why this answer

Windows Defender Application Guard is designed to isolate untrusted downloads and prevent execution until scanned. This tests knowledge of Windows security features for browser and file safety. The other options are either not relevant or less effective.

Ready to test yourself?

Try a timed practice session using only Browser and Application Security questions.