CSkey
CSkey
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
Question
What does malware stand for?
What is social media engineering?
Which of the following can enhance mobile security?
A person claiming to be a former employee contacts you via email, asking for access to certain
company resouces due to an emergency. What should you do?
Under the DPDPA 2023, what is a Data Processing Impact Assessment?
An email from what appears to be your company's IT department asks for your password to
complete a system update. What is the safest action?
What deals with the protection of an individual's information which is implemented while using the
internet on any computer or personal device.
Keeping your mobile OS updated help to:
Clear Desk practices primarily help in protecting:
Which of the following is a sign that your mobile device may be compromised?
The mouse on your computer screen starts to move around on its own and click on things on your
desktop. What do you do?
Which of the following is NOT an international recognised standard for information security?
What is a sandbox in cybersecurity?
What is pretexting in social engineering?
What should you do if you find senstive documents left unattended?
What does data encryption do?
Under the DPDPA 2023, what is a Data prinicipal?
Which of the following is not a segmnetation of network
To enhace the security of mobile applications, you should:
What is ketlogger?
Under the DPDPA 2023, which data processing activity requires special attention?
What is the safest way way to download apps on your mobile devices?
What type of malware specifically targets mobile devices?
Computer crime difficult to investigate. Which is not the true reason?
What is the term for the entity that processes personal data on behalf of a data fiduciary?
You receive a call from someone claiming to be from your credit card company, asking you to
confirm recent transactions. What is the best approach?
You get a voicemail from someone claiming to be from you’re your company's HR department,
asking for your personal details to update records. What is the best course of action?
When downloading and installing apps wha should you not always do in order to protect your
device
A deviation from an organisatin wide security policy requires which of the following
A security plan begins with
What is the practice of hiding sensitive information with in other files or data called
Board of directors are not responsible for
What is "phishing" in the context of online banking security
Which of the following statements is not true about VPN architecture
which of the following pieces of informtion can be found in the IP header
Single sign on (SSO) is characterised by which of the following advantage
Does NIST Framework apply only to critical infrastructure companies?
___ Layer is the communication layer that connects the internet of things (IOT) devices
All user ids of "critical' systems should be reviewed at lease once in a
For what purpose users dhould archive important emils in their device or other media
Data encrypted with the Server's Public key can be decrypted with which key
What is the purpose of a Digital Certificate in web security
What should an employee do if he/she observed or suspect information/cyber security events or
weakness in system?
What should an employee do if he/she observed or suspect information/cyber security events or
weakness in system?
Data migration audit should be conducted _____ to ensure the integrity of the data
What is the best practice to avoid phishing attacks
A person has deployed an anti spam solution in his network. Positive detection of non-spam SMTP
is called
What is the term for the internal individuals who deliberately compromise an organisation's
Security?
Which reisk management approach involves using security controls to reuce risk
What is common security measure to protect against SQL igection attacks
How much maximum imprisonment applicable for hacking under IT act 2000
When some unidentified/unknown person/firm sends you mail in a trustworthy /lucrative way
asking for sensitive banks and online payment information, this is a case of _ ?
What does the Term "Zero-day vulnerability" refer to in cyber security?
Cyber attacks on networkconnected smart devices process controller is called
What is the function of an 'Intruder Detection System(IDS)'?
An email claims you've won a prize but needs your personal details toclaim it. What should you do?
The function of a firewall is to prevent a system
You receive an urgent request for confidential information from what seems to be your company's
CEO via email. The email address is slighly different from usual. What is the apprpriate action?
An email claims that your subscription is about to expire and asks you toprovide your payment
details through a link. What should you do?
What does the acronym "VPN" stand in cybersecurity
What action should be taken if aData Principal's request for data access is denied?
Which of the following will be as per procedure for digital evidence in Forensics?
You get an email from a "Vendor" claiming they need immediate payment for an invoice that
wasn't expected. What is the safest response?
What is the purpose of the 'Data Protection Authority' establised by the DPDPA 2023?
As per Best IS practice, BIOS should be configured to boot ony from the ____ Only?
What does 'authentication' refers to in cybersecurity?
What does 'vulnerability assessment' involve?
Which of the following is NOT an international recognised standardfor information Security?
Which of the following practices supports Clear Desk security?
What does 'whitelisting' means in sybersecurity?
What type of data processing requires explicit concent from the Data Principal under the DPDPA
2023?
Which setting can you enable to help secure your mobile device?
If you encounter a scam and need to report it, which of the following number should you call?
Uwhich feature helps protect data on a lost mobile device?
What is 'social engineering'?
There is a restricted area where you need to swipe your card before entering. Some one enters
immediately after you enter? What do you do?
A stanger contacts you through email, claiming to be a foreign official needing your assistance to
transfer a large sum of money.What is the safest response?
You get a phone call from someone pretending to be a technician from your company's IT
department, asking for your computer's password to perform a security check.What is the best
response?
Which type of social engineering attck is specially targetted at individuals with in a specific
organization?
How can organization train employees to recognise social engineering attacks?
What is a key defence strategy against social engineering attacks?
What is 'DNS spoofing'?
___ is a data taken from production environment and then confidential information like customer
information or revenue information is masked or changed before using in test environment?
You receive a cvoice mail from someone claiming to be from your company's HR department,
asking for your personal details to update records. What is the best course of action?
The process of finding vulnerabilities and exploiting them using exploitable scripts,programs etc is
called
is a data taken from production environment and then confidential information like customer
information or revenue information is masked or changed before using in test environment
What does the "I" in the CIA Triad stand for?
A stranger claiming to be from your health insurance company asks you to confirm your policy
number and personal details. What should you do?
What is the primary goal of Clear Desk policy?
What is a 'Denial of Service (DoS)' attack?
Which portal should you use to report suspected fraudulent communication?
What is 'patch management'?
To report suspected fraud communication, which online portal should you visit?
A group of computers that is networked together and used by hackers to steal information is called a
What is the role of a Data Protection Officer (DPO) under the DPDPA 2023?
An email claims that you need to verify your account due to suspicious activity by clicking a link
provided in the email. What should you do?
What is 'data breach'?
What does 'network segmentation' involve
Strong passwords should be
is the data exchanged between an HTTP server and a browser (a client of the server) to store state
information on the client side and retrieve it later for server use
What does "reverse social engineering"involve
An urgent message from a "support team"requests your account login details to fix a security issue.
What should you do?
A Clear Screen policy mandates that
Which of the following describes a "rogue employee"in social engineering
What is the maximum duration for which personal data can be retained under the DPDPA 2023?
If you receive a suspicious email on your mobile device, you should:
What is "Whaling" in the context of social engineering
What must be included in Data Fiduciary's privacy policy under the DPDPA 2023 ?
Which of the following refers to a series of characters used to verify a user's identity
What is the purpose of "Social engineering"in the context of acyber attack
What is the significant penalty under the DPDPA 2023 for non compliance ?
What is 'two-factor authentication'?
What should you do if you find sensitive documents left unattended ?
What is the primary goal of social engineering attacks ?
If you receive a suspicious email on your mobile device,you should
Which feature helps protect data on a lost mobile device
Which of the following is an example of a "social engineering"tactic ?
You receive an email from an unfamiliar address claiming you've won a alarge sum of money but
need to provide your bank details to claim it.What is the safest response ?
What is 'forensics' in cybersecurity ?
You receive an email saying your email account will be locked unless you verify your identity by
clicking a link.What should you do ?
What role does "emotional manipulation"play in social engineering attacks ?
Which of the following is NOT a common characteristic of social engineering attacks ?
What action should be taken if a Data Principal's request for data access is denied ?
If you encounter a scam and need to report it,which of the following number should you call ?
What is Keylogger ?
Which of the following is a sign that your mobile device may be compromised ?
Your supervisor is very busy and asks you to log into her server using her user-ID and password to
retrieve some reports.What should you do ?
You seem to have a weak memory ? What is the best way to handle this situation if you hav eto
handle multiple applications ?
What is 'credential harvesting'??
What is "Data breach"?
What does 'malware'stand for ?
What does "reverse social engineering" involve ?
What is "pharming" involve in the context of social engineering ?
What is "tailgetting" in the context of social engineering ?
What is a 'DDoS attack'?
Answer
Malicious Software
Using social media platforms to gather personal infirmation for attacks
Enabling automatic updates
Ignore the request and do nothing
A report on the impact of data processing activities on privacy
Verify the request through official company channels.
Digital privacy
Protect against vulnerabilities
Physical assets
Unexpected app behavior
All of the above
ITSEC
A secure environment for testing software
Creationg a fake scenario to obtain information from a target.
Inform a suspervisor
Convert data into a format that cannot be read without a decryption key.
The individual to whom the data relates.
Subnet
Review app permissions regularly
Can be used by cybercriminals to record every keystroke entered on your computer
Processing of senstive personal data
Form official authorizied app stores only.
All of the above
Privacy laws protect people from being investigated
Data processor
Ask them to send you an email with the details.
End user should communicate directly with any regulatory and statutory authorities
As and when the
Verify the senders email address
False Positive detection
Insiders
Mitigation
using prepared statements and parameterised queries
3 years
Phishing
A vulnerbility that is unkoown to the software vendor
IOT attacks
To detect unauthorised access attempts
Ignore the email and delete it.
From unauthorised access to internal resources
Verify the request through anotherknown communication channel with the CEO.
Visit the official website of the service provider and check your subscription status.
Virtual Private Network
Forward the request to the Data Protection Authority.
Personnel who has discovered or reported the incident should follow the first responder guidelines
to preserve the evidence.
Verify the invoice with your accounts department or directly with the vendor using known contact
details
To oversee and enforce compliance with data protection laws
primary Hard Disk
The process of verifying the identity of a user or system.
Identifying and evaluating security weakness in systems
ITSEC
Properly disposing of outdated documents.
Allowing only known trusted applications or entities
Data for research and development.
Automatic updates
1930
Data Backup
Manipulating individuals to divulge confidential information.
Advise him Tailgating is not allowed and ask him to authenticate himself.
Contact your It Department directly using a known phone number to verify the request.
Spear phishing
Conducting regular security awareness training
Educating individuals and promoting awareness about common social engineering tactics.
A technique used to redirect traffic from legitimate sites to malicious ones.
Sanitized data
exploitation
sanitized data
Integrity
Verify the caller's identity by contacting the insurance company through a known phone number.
Reduce clutter
An attack that attempts to overload a system to make it unavailable
chakshu portal (sancharsaathi.gov.in)
The process of applying updates to software to fix vulnerabilities
cybercrime.gov.in
Botnet
To enforce data protection regulations within an organization
Go to the official website directly and log in to check for any alerts or messages.
An unauthorized access and retrieval of sensitive information
Dividing a network into smaller segments to improve security and manage traffic
Easy to remember
Cookies
Pretending to be a help desk or authority figure to extract information.
Contact the support team using an official contact method to verify the request
Screens must be locked
An insider who uses their access for malicious purposes
10 years
Delete it and avoid interaction
A type of phising attack targetting high-profile individuals
Data Processing purposes,retention period and right of Data Principals
Userid
To manipulate indivisuals into providing confidential information or access
Monetary fine
A security measure requiring two forms of verification to access an account
Inform a supervisor
To exploit human psychology to obtain confidential information
Delete it and avoid interaction
Data backup
Sending an email claiming to be from IT support asking for login credentials.
Ignore the email and delete it
The process of analysing data to investigate and understand cyber incidents.
Log in to your email account directly through the official website to check for any issues
It leverages emotional responses to gain compliance or information from the target.
Using technical vulnerabilities.
Forward the request to the Data Protection Authority
1930
Can be used by cybercriminals to record every key stroke entered on your computer
Unexpected app behaviour.
Decline the request and remind your supervisor that it is against AUP policy.
Write down the password in an encoded format,that only you can understand and save it in
password protected file so that you need to remember only one password.
Collecting user credntials through deceptive methods.
An unauthorised access and retrieval of sensitive information.
Malicious software
Pretending to be a help desk or authority figure to extract information.
Redirecting user from legitimate website to fraudulant ones.
Gaining unauthorized access to a secure area by following authorized personnel.
A denial of service attack using multiple systems.