S No

1
2
3
4
5
6

7
8
9
10
11

12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

27

28
29
30
31
32

33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

49
50
51
52

53
54
55
56
57
58
59
60
61
62

63

64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

97
98
99
100

101
102
103
104
105
106
107
108
109
110
111
112
113
114

115

116

117
118
119
120

121

122
123

124
125
126
127
128
129
130
131
132
133
134
135
136
137

138

139
140
141
142
143
144

145

146

147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187

188
189
190
191
192
193
194
195
Question
What does malware stand for?
What is social media engineering?
Which of the following can enhance mobile security?
A person claiming to be a former employee contacts you via email, asking for access to certain
company resouces due to an emergency. What should you do?
Under the DPDPA 2023, what is a Data Processing Impact Assessment?
An email from what appears to be your company's IT department asks for your password to
complete a system update. What is the safest action?
What deals with the protection of an individual's information which is implemented while using the
internet on any computer or personal device.
Keeping your mobile OS updated help to:
Clear Desk practices primarily help in protecting:
Which of the following is a sign that your mobile device may be compromised?
The mouse on your computer screen starts to move around on its own and click on things on your
desktop. What do you do?

Which of the following is NOT an international recognised standard for information security?
What is a sandbox in cybersecurity?
What is pretexting in social engineering?
What should you do if you find senstive documents left unattended?
What does data encryption do?
Under the DPDPA 2023, what is a Data prinicipal?
Which of the following is not a segmnetation of network
To enhace the security of mobile applications, you should:
What is ketlogger?
Under the DPDPA 2023, which data processing activity requires special attention?
What is the safest way way to download apps on your mobile devices?
What type of malware specifically targets mobile devices?
Computer crime difficult to investigate. Which is not the true reason?
What is the term for the entity that processes personal data on behalf of a data fiduciary?
You receive a call from someone claiming to be from your credit card company, asking you to
confirm recent transactions. What is the best approach?

You get a voicemail from someone claiming to be from you’re your company's HR department,
asking for your personal details to update records. What is the best course of action?

When leaving your desk, you should:

What role does urgency play in social engineering attacks?
The backup process should be centrally monitored by
what you shoud do if you found a security incident
Which of the following is common method to enhance password security

When downloading and installing apps wha should you not always do in order to protect your
device
A deviation from an organisatin wide security policy requires which of the following
A security plan begins with
What is the practice of hiding sensitive information with in other files or data called
Board of directors are not responsible for
What is "phishing" in the context of online banking security
Which of the following statements is not true about VPN architecture
which of the following pieces of informtion can be found in the IP header
Single sign on (SSO) is characterised by which of the following advantage
Does NIST Framework apply only to critical infrastructure companies?
___ Layer is the communication layer that connects the internet of things (IOT) devices
All user ids of "critical' systems should be reviewed at lease once in a
For what purpose users dhould archive important emils in their device or other media
Data encrypted with the Server's Public key can be decrypted with which key
What is the purpose of a Digital Certificate in web security
What should an employee do if he/she observed or suspect information/cyber security events or
weakness in system?
What should an employee do if he/she observed or suspect information/cyber security events or
weakness in system?
Data migration audit should be conducted _____ to ensure the integrity of the data
What is the best practice to avoid phishing attacks
A person has deployed an anti spam solution in his network. Positive detection of non-spam SMTP
is called
What is the term for the internal individuals who deliberately compromise an organisation's
Security?
Which reisk management approach involves using security controls to reuce risk
What is common security measure to protect against SQL igection attacks
How much maximum imprisonment applicable for hacking under IT act 2000
When some unidentified/unknown person/firm sends you mail in a trustworthy /lucrative way
asking for sensitive banks and online payment information, this is a case of _ ?
What does the Term "Zero-day vulnerability" refer to in cyber security?
Cyber attacks on networkconnected smart devices process controller is called
What is the function of an 'Intruder Detection System(IDS)'?
An email claims you've won a prize but needs your personal details toclaim it. What should you do?
The function of a firewall is to prevent a system

You receive an urgent request for confidential information from what seems to be your company's
CEO via email. The email address is slighly different from usual. What is the apprpriate action?

Which of the following in NOT a component of a Clear Desk Policy?

What does 'spyware' do?
What role does "urgency" play in social engineering attacks?
Who control the network of Bots?
Where should you store the encryption passphrase for your Laptop?
What is the maximum duration for which personal data can be retained under the DPAP 2023?
What is a significant penaltyunder the DPDA 2023 for non compliance?
What is the primary goal of social engineering attacks?
Which of the following in NOT a typical sign of a social engineering attack?
Who are the targets of modern day hackers?
This is a program in which malicious or harmful code is contained inside apparently harmless
programmeing or data
A common method of data theft is
What does 'botnet' refer to in cybersecurity?
Using a VPN on Mobile device helps to
What does 'anti-virus software' do?
The iportance of mobile app permission is that they :
Which of the following is a right granted to Data Principals under the DPDPA 2023?
What is "shoulder surfing" often used for in social engineering?
What is 'public key infrastructure (PKT)'?
Which of the following is a sign that your mobile device may be compromised?
What does 'URL' stand for?
You receive a call from someone claiming to be from your credit card company, asking you to
confirm recent transactions. What is thebest approach?
What should you do if you find sensitive documents left unattended?
Keeping your mobile OS updted helps to
What is "vishing"?
What is "credential harvesting"
An email claims that you need to verify your account due to suspicios activity by clicking a link
provided in the mail. What should you do?
To support a Clear Desk environment, employee should:
What does 'IP address' stands for
Which of the following is NOT a typical sign of a social engineering attack?
An email from what appears to be your company's IT department asks for your password to
complete a system update. What is the safest action?
What should not be considered while defining the retention period od data?
What is digital signature

An email claims that your subscription is about to expire and asks you toprovide your payment
details through a link. What should you do?
What does the acronym "VPN" stand in cybersecurity
What action should be taken if aData Principal's request for data access is denied?
Which of the following will be as per procedure for digital evidence in Forensics?

You get an email from a "Vendor" claiming they need immediate payment for an invoice that
wasn't expected. What is the safest response?
What is the purpose of the 'Data Protection Authority' establised by the DPDPA 2023?
As per Best IS practice, BIOS should be configured to boot ony from the ____ Only?
What does 'authentication' refers to in cybersecurity?
What does 'vulnerability assessment' involve?
Which of the following is NOT an international recognised standardfor information Security?
Which of the following practices supports Clear Desk security?
What does 'whitelisting' means in sybersecurity?
What type of data processing requires explicit concent from the Data Principal under the DPDPA
2023?
Which setting can you enable to help secure your mobile device?
If you encounter a scam and need to report it, which of the following number should you call?
Uwhich feature helps protect data on a lost mobile device?
What is 'social engineering'?
There is a restricted area where you need to swipe your card before entering. Some one enters
immediately after you enter? What do you do?
A stanger contacts you through email, claiming to be a foreign official needing your assistance to
transfer a large sum of money.What is the safest response?
You get a phone call from someone pretending to be a technician from your company's IT
department, asking for your computer's password to perform a security check.What is the best
response?
Which type of social engineering attck is specially targetted at individuals with in a specific
organization?
How can organization train employees to recognise social engineering attacks?
What is a key defence strategy against social engineering attacks?
What is 'DNS spoofing'?

___ is a data taken from production environment and then confidential information like customer
information or revenue information is masked or changed before using in test environment?

Which of the following is NOT a common characteristic of social engineering attacks?

A supposed company recruiter contacts you on LinkedIn offering a job opportunity and asking for
your personal details. What is the best course of action?
You receive a message on social media from someone claiming to be a former colleague asking for
money for a charity event. What should you do?
Which entity is NOT directly involved in data processing activities under the DPDPA 2023?
What is a 'Denial of Service (DoS)' attack?
What is "impersonation" in social engineering?
Public Wi-Fi networks are considerd :
Your supervisor is very busy and asks you to log into her server using user-id and password to
retrieve some reports. What should you do?
Which of the following is a red flag of a social engineering attack?
What does 'anonymization' of data mean under the DPDPA 2023?
Which Feature helps protect data on a lost mobile device?
You receive a message from what appears to be a popular online service asking you to confirm your
identity through a link. What should you do?
The importance of mobile app permission is that they :
What is Phishing?
________ is a propert of access control of multiple related, yet independent, software systems.
What should not be considered while defining the retention period odf data?

You receive a cvoice mail from someone claiming to be from your company's HR department,
asking for your personal details to update records. What is the best course of action?

What is a 'DDoS attack'?

What does 'anti-virus software' do?
What must be included in a Data Fiduciary's privacy policy under the DPDPA 2023?
Which of the following refers to a series of characters used to verify a user's identity?
What is "vishing??
Under the DPDPA 2023, what should be done with data that is no longer necessary for its purpose

The process of finding vulnerabilities and exploiting them using exploitable scripts,programs etc is
called

is a data taken from production environment and then confidential information like customer
information or revenue information is masked or changed before using in test environment
What does the "I" in the CIA Triad stand for?
A stranger claiming to be from your health insurance company asks you to confirm your policy
number and personal details. What should you do?
What is the primary goal of Clear Desk policy?
What is a 'Denial of Service (DoS)' attack?
Which portal should you use to report suspected fraudulent communication?
What is 'patch management'?
To report suspected fraud communication, which online portal should you visit?
A group of computers that is networked together and used by hackers to steal information is called a
What is the role of a Data Protection Officer (DPO) under the DPDPA 2023?
An email claims that you need to verify your account due to suspicious activity by clicking a link
provided in the email. What should you do?
What is 'data breach'?
What does 'network segmentation' involve
Strong passwords should be
is the data exchanged between an HTTP server and a browser (a client of the server) to store state
information on the client side and retrieve it later for server use
What does "reverse social engineering"involve
An urgent message from a "support team"requests your account login details to fix a security issue.
What should you do?
A Clear Screen policy mandates that
Which of the following describes a "rogue employee"in social engineering
What is the maximum duration for which personal data can be retained under the DPDPA 2023?
If you receive a suspicious email on your mobile device, you should:
What is "Whaling" in the context of social engineering
What must be included in Data Fiduciary's privacy policy under the DPDPA 2023 ?
Which of the following refers to a series of characters used to verify a user's identity
What is the purpose of "Social engineering"in the context of acyber attack
What is the significant penalty under the DPDPA 2023 for non compliance ?
What is 'two-factor authentication'?
What should you do if you find sensitive documents left unattended ?
What is the primary goal of social engineering attacks ?
If you receive a suspicious email on your mobile device,you should
Which feature helps protect data on a lost mobile device
Which of the following is an example of a "social engineering"tactic ?
You receive an email from an unfamiliar address claiming you've won a alarge sum of money but
need to provide your bank details to claim it.What is the safest response ?
What is 'forensics' in cybersecurity ?
You receive an email saying your email account will be locked unless you verify your identity by
clicking a link.What should you do ?
What role does "emotional manipulation"play in social engineering attacks ?
Which of the following is NOT a common characteristic of social engineering attacks ?
What action should be taken if a Data Principal's request for data access is denied ?
If you encounter a scam and need to report it,which of the following number should you call ?
What is Keylogger ?
Which of the following is a sign that your mobile device may be compromised ?
Your supervisor is very busy and asks you to log into her server using her user-ID and password to
retrieve some reports.What should you do ?
You seem to have a weak memory ? What is the best way to handle this situation if you hav eto
handle multiple applications ?
What is 'credential harvesting'??
What is "Data breach"?
What does 'malware'stand for ?
What does "reverse social engineering" involve ?
What is "pharming" involve in the context of social engineering ?
What is "tailgetting" in the context of social engineering ?
What is a 'DDoS attack'?
Answer
Malicious Software
Using social media platforms to gather personal infirmation for attacks
Enabling automatic updates
Ignore the request and do nothing
A report on the impact of data processing activities on privacy
Verify the request through official company channels.

Digital privacy
Protect against vulnerabilities
Physical assets
Unexpected app behavior
All of the above

ITSEC
A secure environment for testing software
Creationg a fake scenario to obtain information from a target.
Inform a suspervisor
Convert data into a format that cannot be read without a decryption key.
The individual to whom the data relates.
Subnet
Review app permissions regularly
Can be used by cybercriminals to record every keystroke entered on your computer
Processing of senstive personal data
Form official authorizied app stores only.
All of the above
Privacy laws protect people from being investigated
Data processor
Ask them to send you an email with the details.

Contact your HR department directly using a verified phone number

Lock your computer

It pressures victims to make quick decisions without verifying information
Application Owner/IT Risk
Turn off the system immediately so that no other system infected
Creating Complex passwords with atleast 12 characte with capital letter, special characte and one
number

Allow all permissions asked while installing the app

Risk Acceptance
Risk assessment
Steganography
To approve performance target based on the recommendations of IS & ITRC
A deceptive practice where cyber criminls try to trick individuals into revealing sensitive information.
Whether VPNs are providing site to ste or remote access connection
a & B (Source address of the IP packet and Destination address for he IP packet)
Both (Convenience & Centralised Administration)
No
Internet Layer
Quarter
Record purpose
Server's private key
Identifying the website owner and providing asecure connection.
He should follow Cyber security incident handling and reporting SOP

End user should communicate directly with any regulatory and statutory authorities
As and when the
Verify the senders email address
False Positive detection

Insiders
Mitigation
using prepared statements and parameterised queries
3 years
Phishing
A vulnerbility that is unkoown to the software vendor
IOT attacks
To detect unauthorised access attempts
Ignore the email and delete it.
From unauthorised access to internal resources

Verify the request through anotherknown communication channel with the CEO.

Openly displaying sensitive information.

Collect information about users without their consent.
It Pressures victims to make quick decisions without verifying informaton.
Bot-herders
Use the password management tool supplied/authorised by your organsisation
10 years
Monetary fine
To exploit human psychology to obtain confidential information.
An email with proper grammer and verified sender
Any organisation or individualis liable to be the victim of hackers.
Trojan horse
Phishing attacks
A network of compromised computers controlled by a cental command
Secure your connection and data flow over channel.
Protect against, detects and removes viruses and malware.
Protect user privacy.
Right to access information about data processing practices
To obtain sensitive information by watching over someone's shoulder
A framework for managing digital keys and certificates.
Unexpected app behavior
Uniform Resource Locator
Ask them to send you an email with the details.
Inform a supervisor
Protect against vulnerabilities
Voice phishing through phone calls
Collecting user credentials through deceptive methods
Go to the official website directly and log in to check for any alerts or messages
Regularly clutter their desks
Internet Protocol Address
An email with proper grammer and verified sender
Verify the request through Official
Cost of preserving the data
An electronic signature involving Public Private Keyfor integrity and Non repudiation purpose

Visit the official website of the service provider and check your subscription status.
Virtual Private Network
Forward the request to the Data Protection Authority.
Personnel who has discovered or reported the incident should follow the first responder guidelines
to preserve the evidence.
Verify the invoice with your accounts department or directly with the vendor using known contact
details
To oversee and enforce compliance with data protection laws
primary Hard Disk
The process of verifying the identity of a user or system.
Identifying and evaluating security weakness in systems
ITSEC
Properly disposing of outdated documents.
Allowing only known trusted applications or entities
Data for research and development.
Automatic updates
1930
Data Backup
Manipulating individuals to divulge confidential information.
Advise him Tailgating is not allowed and ask him to authenticate himself.

Research the email address and verify the sender claims.

Contact your It Department directly using a known phone number to verify the request.

Spear phishing
Conducting regular security awareness training
Educating individuals and promoting awareness about common social engineering tactics.
A technique used to redirect traffic from legitimate sites to malicious ones.

Sanitized data

Using Technical vulnarabilities.

Verify recruiter's identity and the job offer through official company channel

Verify their identity through mutual connections or official channels

Data Fiduciary
An attack that attempts to overload a system to make it unavailable
pretending to be someone else to deceive the target.
Risky for sensitive data
Decline the request and remind your supervisor that it is against AUP policy
Unsolicitedrequests for sensitive information.
Removing identifiable information so the data cannot be traced back to an individual.
Data Backup
Visit the official website directly and check for any identity verification requests.
Protect your privacy
A type of cyberattack where attckers impersonate legitimate entities to steal information.
Single sign on
Cost of preserving the data.

Contact your HR department directly using a verified phone number.

A denial-of-service attack using multiple systems.

Protects against, detects, and removes viruses and malware
Data processing purposes, retention period, and rights of Data Principals
Userid
Voice phishing through phone calls
It should be deleted or anonymized unless retention of the same is required as per compliance of
applicable law or regulation

exploitation

sanitized data

Integrity
Verify the caller's identity by contacting the insurance company through a known phone number.
Reduce clutter
An attack that attempts to overload a system to make it unavailable
chakshu portal (sancharsaathi.gov.in)
The process of applying updates to software to fix vulnerabilities
cybercrime.gov.in
Botnet
To enforce data protection regulations within an organization
Go to the official website directly and log in to check for any alerts or messages.
An unauthorized access and retrieval of sensitive information
Dividing a network into smaller segments to improve security and manage traffic
Easy to remember
Cookies
Pretending to be a help desk or authority figure to extract information.
Contact the support team using an official contact method to verify the request
Screens must be locked
An insider who uses their access for malicious purposes
10 years
Delete it and avoid interaction
A type of phising attack targetting high-profile individuals
Data Processing purposes,retention period and right of Data Principals
Userid
To manipulate indivisuals into providing confidential information or access
Monetary fine
A security measure requiring two forms of verification to access an account
Inform a supervisor
To exploit human psychology to obtain confidential information
Delete it and avoid interaction
Data backup
Sending an email claiming to be from IT support asking for login credentials.
Ignore the email and delete it
The process of analysing data to investigate and understand cyber incidents.
Log in to your email account directly through the official website to check for any issues
It leverages emotional responses to gain compliance or information from the target.
Using technical vulnerabilities.
Forward the request to the Data Protection Authority
1930
Can be used by cybercriminals to record every key stroke entered on your computer
Unexpected app behaviour.
Decline the request and remind your supervisor that it is against AUP policy.

Write down the password in an encoded format,that only you can understand and save it in
password protected file so that you need to remember only one password.
Collecting user credntials through deceptive methods.
An unauthorised access and retrieval of sensitive information.
Malicious software
Pretending to be a help desk or authority figure to extract information.
Redirecting user from legitimate website to fraudulant ones.
Gaining unauthorized access to a secure area by following authorized personnel.
A denial of service attack using multiple systems.