1 $Which of the following statements best describes the relationship between laws and ethics in Information Security?$

A.

Laws and ethics are identical concepts.

B.

Laws are formally enforced rules mandated by the state, while ethics are socially acceptable behaviors based on cultural norms.

C.

Ethics are enforced by police agencies, while laws are enforced by professional organizations.

D.

Laws always supersede ethics in every international jurisdiction.

2 $In the context of organizational policy versus law, what is a primary requirement for a policy to be legally enforceable within an organization?$

A.

The policy must be written in Latin.

B.

The policy must be reviewed by the United Nations.

C.

The policy must be disseminated, read, understood, and agreed to by the employee.

D.

The policy must be strictly verbal to avoid paper trails.

3 $What is the legal concept known as 'Vicarious Liability'?$

A.

An employee is liable for the mistakes of the CEO.

B.

An organization is never liable for the actions of its employees.

C.

An organization can be held legally responsible for the actions of its employees performed within the course of their employment.

D.

Liability that applies only to hardware manufacturers.

4 $Which of the following best defines 'Due Care' in information security?$

A.

The process of hiring a lawyer.

B.

Taking the measures that a reasonable and prudent person would take to prevent harm.

C.

Ensuring a 100% guarantee of security.

D.

Performing background checks on all customers.

5 $What is the distinction between 'Due Care' and 'Due Diligence'?$

A.

Due Care is the action; Due Diligence is the management and tracking of that action.

B.

Due Care applies to hardware; Due Diligence applies to software.

C.

Due Care is optional; Due Diligence is mandatory.

D.

They are synonymous and can be used interchangeably.

6 $Which specific Act provides the legal framework for electronic commerce and cyber crime in India?$

A.

The Indian Penal Code, 1860

B.

The Information Technology Act, 2000

C.

The Consumer Protection Act, 1986

D.

The Companies Act, 2013

7 $Under the IT Act 2000, which entity acts as the root authority for regulating Digital Signature Certificates in India?$

A.

CERT-In

B.

NASSCOM

C.

Controller of Certifying Authorities (CCA)

D.

Reserve Bank of India

8 $What is a 'Salami Attack' in the context of financial cyber crimes?$

A.

Stealing physical server racks.

B.

A denial of service attack using food delivery apps.

C.

Removing small amounts of money from many accounts, such that the loss is unnoticed by individual victims.

D.

Hacking a system using a brute force dictionary attack.

9 $In a project management context, if a Project Manager discovers a security flaw right before the product launch, what is the most ethical course of action?$

A.

Ignore the flaw to meet the deadline and fix it later if someone notices.

B.

Disclose the risk to stakeholders and delay the launch if the risk is critical.

C.

Blame the development team and fire the lead developer.

D.

Release the product but disable the security logging so the flaw isn't recorded.

10 $Which of the following is a form of Alternative Dispute Resolution (ADR)?$

A.

Criminal Litigation

B.

Arbitration

C.

Police Investigation

D.

Supreme Court Hearing

11 $Which tool is widely used for network discovery and security auditing, often referred to as a 'port scanner'?$

A.

Photoshop

B.

Nmap

C.

Wordpress

D.

VLC

12 $Wireshark is best described as which type of tool?$

A.

Password Cracker

B.

Packet Analyzer / Sniffer

C.

Antivirus Software

D.

Firewall

13 $In the context of the IT Act 2000, what does Section 66F deal with?$

A.

Theft of computer hardware

B.

Sending offensive messages

C.

Cyber Terrorism

D.

Publishing obscene material

14 $Identify the type of cyber attack: An attacker sends an email appearing to be from a legitimate bank asking the user to click a link and verify their password.$

A.

DDoS

B.

Phishing

C.

SQL Injection

D.

Man-in-the-Middle

15 $What is the primary difference between Arbitration and Mediation?$

A.

Mediation is binding; Arbitration is not.

B.

Arbitration involves a third party making a decision; Mediation involves a third party facilitating a negotiated agreement.

C.

Arbitration happens in court; Mediation happens online.

D.

There is no difference.

16 $Which open-source framework is used for penetration testing and executing exploit code against a target machine?$

A.

Metasploit

B.

Notepad++

C.

GIMP

D.

Outlook

17 $Why is 'Ignorance of the Law' generally not a valid defense?$

A.

Because laws are written in simple English.

B.

Because citizens are expected to know the laws of the jurisdiction they reside in.

C.

It is a valid defense if you are a tourist.

D.

Because lawyers are too expensive.

18 $What is a 'Zero-Day' vulnerability?$

A.

A virus that deletes data in zero days.

B.

A vulnerability known to the vendor for zero days (unknown) before it is exploited.

C.

A software that costs zero dollars.

D.

A security patch released on Sunday.

19 $Case Study: An employee installs a logic bomb to delete servers if their name disappears from the payroll. What type of threat does this represent?$

A.

Advanced Persistent Threat (APT)

B.

Insider Threat

C.

State-sponsored Espionage

D.

Script Kiddie

20 $Which professional organization is known for its Code of Ethics and Professional Conduct for project managers?$

A.

FIFA

B.

PMI (Project Management Institute)

C.

WHO

D.

UNESCO

21 $According to typical risk formulas, if is the probability of an event and is the impact, how is Risk () generally calculated?$

A.

B.

C.

D.

22 $Which of the following is NOT a benefit of Alternative Dispute Resolution (ADR)?$

A.

It is generally faster than litigation.

B.

It is often less expensive than court trials.

C.

It establishes a public legal precedent for future cases.

D.

It allows for confidentiality.

23 $What is the primary function of CERT-In (Indian Computer Emergency Response Team)?$

A.

To manufacture computer hardware.

B.

To act as the national agency for performing functions in the area of cyber security.

C.

To provide internet connections to rural areas.

D.

To teach coding to school children.

24 $Which tool is primarily used for password cracking?$

A.

John the Ripper

B.

Adobe Reader

C.

Skype

D.

Calculater

25 $What is 'Whistle-blowing' in a professional context?$

A.

A signaling method used in network protocols.

B.

The act of an employee exposing information about illegal or unethical activity within their organization.

C.

A method of cooling down server rooms.

D.

Calling time-out during a project meeting.

26 $Under the IT Act, tampering with computer source documents is an offense under which section?$

A.

Section 65

B.

Section 302

C.

Section 420

D.

Section 10

27 $Which type of intellectual property protects the expression of an idea (like code or manual text) rather than the idea itself?$

A.

Patent

B.

Copyright

C.

Trademark

D.

Trade Secret

28 $What is the rise in Cyber Crime primarily attributed to?$

A.

The decrease in computer processing power.

B.

The increased digitization of services and interconnectedness of devices.

C.

People stopped using the internet.

D.

Strict global laws preventing internet access.

29 $In the context of Cyber Law, what is 'Jurisdiction'?$

A.

The speed of the internet connection.

B.

The power of a court to adjudicate cases and issue orders.

C.

A type of antivirus software.

D.

The physical location of a hacker's keyboard.

30 $Ethical Dilemma: You are a security consultant. A client asks you to hack a competitor's database to recover 'stolen' intellectual property. What should you do?$

A.

Do it, because the competitor started it.

B.

Refuse, as 'hacking back' is generally illegal and unethical.

C.

Do it, but charge triple the rate.

D.

Post the request on social media immediately.

31 $What is 'Ransomware'?$

A.

Software that speeds up your computer.

B.

Malware that encrypts the victim's data and demands payment for the decryption key.

C.

Free software distributed by the government.

D.

Hardware used to secure server rooms.

32 $Which of the following is an example of 'Social Engineering'?$

A.

Tailgating (following an authorized person through a secure door).

B.

Writing a Python script to scan ports.

C.

Installing a firewall.

D.

Updating Windows.

33 $Why is it important for an organization to consult legal counsel when drafting security policies?$

A.

To make the document look expensive.

B.

To ensure the policies comply with applicable local, state, and federal laws.

C.

Lawyers are good at checking spelling.

D.

To increase the length of the document.

34 $What is a 'Botnet'?$

A.

A robot network used for manufacturing cars.

B.

A network of private computers infected with malicious software and controlled as a group.

C.

A new social media platform.

D.

A net used for fishing.

35 $Which tool is a wireless network security cracker?$

A.

Aircrack-ng

B.

Paint

C.

Excel

D.

Norton Ghost

36 $Case Study: The 2017 'WannaCry' attack is an example of which type of cyber crime?$

A.

Global Ransomware Attack

B.

Phishing Campaign

C.

SQL Injection

D.

DDOS

37 $In the context of ethics, what constitutes a 'Conflict of Interest'?$

A.

When two employees argue.

B.

When an individual's personal interests clash with their professional duties.

C.

When a computer creates a conflict in IP addresses.

D.

When a project is delayed.

38 $Section 43 of the IT Act 2000 imposes penalties for which activity?$

A.

Murder

B.

Damage to computer systems without permission

C.

Traffic violations

D.

Not paying taxes

39 $What is the 'Prudent Man Rule'?$

A.

A rule that says men are smarter than computers.

B.

A legal standard requiring fiduciaries to manage assets with the same care a prudent person would use for their own.

C.

A rule preventing men from working in HR.

D.

A rule strictly for banking software.

40 $What is 'Steganography'?$

A.

The study of dinosaurs.

B.

Hiding data within other files (like hiding a text file inside an image).

C.

Encrypting a hard drive.

D.

Stealing data.

41 $Which of the following is a key advantage of Arbitration over Litigation in international disputes?$

A.

Arbitration is always free.

B.

Arbitration awards are generally easier to enforce internationally (e.g., via the New York Convention) than court judgments.

C.

Arbitrators do not require any legal knowledge.

D.

Arbitration is public and televised.

42 $What is 'Typosquatting'?$

A.

Sitting on a keyboard.

B.

Registering domain names that are very similar to popular domains (e.g., goggle.com instead of google.com).

C.

Typing very fast.

D.

Deleting system fonts.

43 $Which section of the IT Act was struck down by the Supreme Court of India in the Shreya Singhal case for being unconstitutional?$

A.

Section 66A

B.

Section 66F

C.

Section 43

D.

Section 67

44 $Burp Suite is a tool commonly used for:$

A.

Web application security testing

B.

Graphic Design

C.

Video Editing

D.

Spreadsheet calculation

45 $If an employee creates a software program at work using company resources, who generally owns the Copyright?$

A.

The employee.

B.

The employer.

C.

The public domain.

D.

Microsoft.

46 $What is the primary goal of a Denial of Service (DoS) attack?$

A.

To steal passwords.

B.

To make a machine or network resource unavailable to its intended users.

C.

To encrypt data.

D.

To scan for open ports.

47 $Which of the following represents an ethical dilemma regarding privacy vs. security?$

A.

Installing a firewall to block viruses.

B.

Monitoring employee emails to prevent data leaks vs. respecting employee privacy.

C.

Backing up data to the cloud.

D.

Using strong passwords.

48 $What is 'Conciliation' in the context of ADR?$

A.

A fist fight to settle a dispute.

B.

A process where a third party meets with disputants separately and together to lower tensions and suggest settlements.

C.

A court trial.

D.

Ignoring the problem.

49 $Case Study: The 'Morris Worm' of 1988 is significant because:$

A.

It was the first computer virus.

B.

It resulted in the first conviction under the US Computer Fraud and Abuse Act.

C.

It destroyed the internet permanently.

D.

It stole money from banks.

50 $What is the 'Ten Commandments of Computer Ethics'?$

A.

A set of laws passed by the UN.

B.

A set of ethical standards created by the Computer Ethics Institute.

C.

A biblical text.

D.

A hardware manual.

Unit 6 - Practice Quiz