UNIT 2

1. Which layer of cybersecurity focuses on protecting software applications from

security threats?
A) Network Layer
B) Data Link Layer
C) Application Layer
D) Transport Layer

2. What is the primary purpose of Application Layer Security?

A) Protecting hardware devices
B) Protecting software applications
C) Ensuring physical security
D) Preventing network congestion

3. Which of the following is NOT a consideration of Data Security in the context of

backups, archival storage, and data disposal?
A) Data encryption during transit
B) Secure data deletion methods
C) Data retention policies
D) Data integrity verification

4. What technology is commonly used to protect network perimeters and control access
between internal and external networks?
A) Antivirus software
B) Intrusion Detection Systems (IDS)
C) Firewalls
D) Virtual Private Networks (VPNs)

5. Which security technology is designed to detect and prevent unauthorized access to

a network?
A) VPNs
B) Firewalls
C) Encryption
D) Authentication

6. What type of security technology is used to monitor network traffic and identify
suspicious behavior or patterns?
A) Firewalls
B) VPNs
C) Intrusion Detection Systems (IDS)
D) Access Control Lists (ACLs)

7. Security threats in the context of e-commerce can include:

A) Phishing attacks
B) Physical theft of goods
C) Natural disasters
D) Software updates

8. What is a common security threat to electronic payment systems?

A) Firewalls
B) Data breaches
C) Biometric authentication
D) Secure Socket Layer (SSL) encryption

9. Which of the following is a characteristic of e-cash as a form of electronic payment?

A) Requires physical presence for transactions
B) Provides anonymity for users
C) Relies on credit card networks
D) Subject to chargeback disputes

10. How are credit/debit cards vulnerable to security threats in e-commerce?

A) They are immune to hacking attacks
B) Card skimming devices can steal card information
C) They are not accepted for online transactions
D) They are secured with physical keys

11. Which security measure is commonly used to protect sensitive information during
online transactions?
A) SSL encryption
B) Public key infrastructure (PKI)
C) Digital signatures
D) Virtual private networks (VPNs)

12. What is a potential security threat associated with archival storage of data?
A) Loss of data due to hardware failure
B) Unauthorized access to historical records
C) Data corruption during transmission
D) Lack of storage capacity

13. How can access control mechanisms help mitigate security threats in data storage?
A) By encrypting data at rest
B) By restricting access based on user roles
C) By providing physical barriers to storage devices
D) By automatically deleting old data

14. What technology can help prevent unauthorized access to archived data?
A) Intrusion Detection Systems (IDS)
B) Access Control Lists (ACLs)
C) Virtual Private Networks (VPNs)
D) Secure Sockets Layer (SSL)

15. How does data encryption contribute to data security in archival storage?
A) By preventing unauthorized access to data in transit
B) By ensuring data integrity during storage
C) By protecting data from physical theft
D) By making data unreadable without proper decryption keys

Label the process of setting up of fake access points in high-traffic public locations.
a)Unsecured Wi-Fi b)Phishing Attacks
b)Network Spoofing c)Spyware

Recognize the cheapest form of Authentication.

a)Password based Authentication b)Encryption
c)Biometric based Authentication d)Smart cards

Identify the activity that occurs due to malware in Cloud Services.

a)Trojans b)Worms
c)Macro viruses d)Data Exfiltration

Which is the most common risk in social media?

a)Third-party apps b) Spams
c)Privacy settings d)Human error

Point out the security methods applied against man-in-the-middle attacks.

a)Biometrics b)Cryptography
c)Digital signature d)Access control list

Data can be disposed of by:

a)Handing over the storage devices to anyone
b)Shutting down the system that uses the storage device
c)Thrashing the storage devices into metal scrap
d) None of the above

Firewalls are used to:

a) Provide data backup facilities
b) Prevent hackers from accessing your computer through the Internet by
blocking back doors or open ports that connect your computer to the Internet
c) Provide network integration facilities
d) All of the above

Quote the cryptographic type used by Digital Signatures for validating the authenticity and
integrity of a message
a) Private key
b) Public key
c) Digital key
d) Digital Certificates
Fill the right options:
Management console, attack signatures, Sensors, malicious packet, match
An IDS comprises ___________and sensors
It has a database of ________
_________detect any malicious activity
It also matches the ___________against the database
If found a _____, the sensor reports the malicious activity to the management console

Here are the completed sentences with the correct options:

1. An IDS comprises **management console** and sensors.

2. It has a database of **attack signatures**.
3. **Sensors** detect any malicious activity.
4. It also matches the **malicious packet** against the database.
5. If found a **match**, the sensor reports the malicious activity to the management
console.

Let me know if you need further assistance!

UNIT 3
1. Which of the following is a key consideration in developing secure information systems?
A) Maximizing system performance
B) Minimizing user convenience
C) Incorporating robust security measures
D) Ignoring potential security vulnerabilities

2. What aspect of application development focuses on ensuring that software is resistant to

unauthorized access and data breaches?
A) Quality Assurance
B) Secure Coding Practices
C) Performance Optimization
D) User Interface Design

3. Information Security Governance primarily involves:

A) Implementing technical security controls
B) Managing security incidents
C) Establishing policies and procedures
D) Conducting penetration tests

4. Security Architecture & Design aims to:

A) Ensure compliance with legal regulations
 B) Identify potential security vulnerabilities
C) Optimize system performance
D) Define the structure and behavior of secure systems

5. What security issue is associated with hardware, data storage, and downloadable
devices?
A) Data encryption
B) Physical tampering
C) User authentication
D) Software patch management

6. Physical security of IT assets involves measures such as:

A) Encryption algorithms
B) Intrusion Detection Systems (IDS)
C) CCTV surveillance
D) Network firewalls

7. Access control mechanisms are used to:

A) Encrypt data during transmission
B) Monitor network traffic for anomalies
C) Regulate user access to resources
D) Scan for malware infections

8. What technology is commonly used for monitoring and recording activities within a
physical environment?
A) Intrusion Detection Systems (IDS)
B) Virtual Private Networks (VPNs)
C) Closed-circuit television (CCTV)
D) Secure Sockets Layer (SSL)

9. Backup security measures aim to:

A) Ensure high availability of data
B) Minimize data storage costs
C) Prevent unauthorized access to backup data
D) Speed up the data recovery process

10. Secure system development emphasizes the importance of:

A) Ignoring potential security risks
B) Incorporating security as an afterthought
C) Integrating security throughout the software development lifecycle
D) Prioritizing functionality over security concerns

11. Which phase of the software development lifecycle is most critical for addressing security
issues?
A) Planning and Requirements Analysis
B) Design and Architecture
C) Implementation and Coding
 D) Testing and Quality Assurance

12. Risk management in secure system development involves:

A) Eliminating all potential risks
B) Accepting all identified risks
C) Mitigating risks through appropriate controls
D) Ignoring risks and hoping for the best

13. What is the primary goal of secure coding practices?

A) Maximizing system performance
B) Preventing software vulnerabilities
C) Simplifying the development process
D) Ignoring potential security threats

14. Security architecture aims to:

A) Ensure complete isolation of systems
B) Define the structure and behavior of secure systems
C) Complicate system design to deter attackers
D) Ignore potential security vulnerabilities

15. What is a common security measure for protecting data stored on physical devices?
A) Intrusion Detection Systems (IDS)
B) Encryption
C) CCTV surveillance
D) Access Control Lists (ACLs)

Secure information systems are developed by:

a)Integrating security with the system after it has been
developed
b) Never integrating security with the information system
c) Keeping security as a separate action until the last step of
the system development
d) Integrating risk analysis and management activities at
the start of the system development lifecycle and
continuing throughout the cycle

Which of the following is a control gate in the development phase?

a) Authorizing the decision
b) Reviewing the architecture and design
c) Reviewing the confidentiality and availability
d) Reviewing the operational readiness
The risk management process involves:
a) Framing, deciding, executing, and deleting
b) Framing, assessing, monitoring, and responding
c) Monitoring, assessing, executing, and deleting
d)All of the above

Which of the following is used to provide physical security for IT assets?

a) Physical access control technique
b) CCTV surveillance technique
c) IDS technique
d) None

Which of the following is a part of the secure system design?

a) Layering b)Abstraction
c) Security domains d) None

Which of the following is an issue faced by data storage devices?

a) Excessive data mounting
b) Theft, destruction, and damage
c) Too small size
d) All of the above

Express the correct relationship between vulnerabilities, threats and risks.

a) Risk=threat x vulnerability b) Threat=risk x vulnerability
c) Vulnerability=risk +threat d) Risk=threat – vulnerability

Characterize the type of hackers who use their knowledge for good purposes.
a) Black hat b)White hat
c) Gray hat d)Blue hat

Fill the right options:

Intrusion Detection System, NIDS and HIDS, Software Development Life Cycle,
Responding to the risks, CCTV

IDS stands for ____________

2. IDS can be broadly classified as ______ and ______.

3. SDLC stands for _________.

To take preventive or corrective measures so that systems can be kept protected from any
kind of threats, whether internal or external is ________
__________ is used for physical security of an organization.

Here are the correct answers:

1. IDS stands for **Intrusion Detection System**.

2. IDS can be broadly classified as **NIDS (Network Intrusion Detection System)** and
**HIDS (Host Intrusion Detection System)**.

3. SDLC stands for **Software Development Life Cycle**.

4. To take preventive or corrective measures so that systems can be kept protected from any
kind of threats, whether internal or external is **Responding to the risks**.

5. **CCTV** is used for physical security of an organization.

If you have any further questions or need clarification, feel free to ask!