Unit 6 - Practice Quiz

CSE332 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 Which of the following statements best describes the relationship between laws and ethics in Information Security?

A. Ethics are enforced by police agencies, while laws are enforced by professional organizations.
B. Laws are formally enforced rules mandated by the state, while ethics are socially acceptable behaviors based on cultural norms.
C. Laws always supersede ethics in every international jurisdiction.
D. Laws and ethics are identical concepts.

2 In the context of organizational policy versus law, what is a primary requirement for a policy to be legally enforceable within an organization?

A. The policy must be reviewed by the United Nations.
B. The policy must be disseminated, read, understood, and agreed to by the employee.
C. The policy must be written in Latin.
D. The policy must be strictly verbal to avoid paper trails.

3 What is the legal concept known as 'Vicarious Liability'?

A. Liability that applies only to hardware manufacturers.
B. An organization can be held legally responsible for the actions of its employees performed within the course of their employment.
C. An employee is liable for the mistakes of the CEO.
D. An organization is never liable for the actions of its employees.

4 Which of the following best defines 'Due Care' in information security?

A. Performing background checks on all customers.
B. Ensuring a 100% guarantee of security.
C. Taking the measures that a reasonable and prudent person would take to prevent harm.
D. The process of hiring a lawyer.

5 What is the distinction between 'Due Care' and 'Due Diligence'?

A. They are synonymous and can be used interchangeably.
B. Due Care is optional; Due Diligence is mandatory.
C. Due Care applies to hardware; Due Diligence applies to software.
D. Due Care is the action; Due Diligence is the management and tracking of that action.

6 Which specific Act provides the legal framework for electronic commerce and cyber crime in India?

A. The Indian Penal Code, 1860
B. The Consumer Protection Act, 1986
C. The Companies Act, 2013
D. The Information Technology Act, 2000

7 Under the IT Act 2000, which entity acts as the root authority for regulating Digital Signature Certificates in India?

A. Controller of Certifying Authorities (CCA)
B. NASSCOM
C. Reserve Bank of India
D. CERT-In

8 What is a 'Salami Attack' in the context of financial cyber crimes?

A. Stealing physical server racks.
B. Hacking a system using a brute force dictionary attack.
C. A denial of service attack using food delivery apps.
D. Removing small amounts of money from many accounts, such that the loss is unnoticed by individual victims.

9 In a project management context, if a Project Manager discovers a security flaw right before the product launch, what is the most ethical course of action?

A. Blame the development team and fire the lead developer.
B. Release the product but disable the security logging so the flaw isn't recorded.
C. Disclose the risk to stakeholders and delay the launch if the risk is critical.
D. Ignore the flaw to meet the deadline and fix it later if someone notices.

10 Which of the following is a form of Alternative Dispute Resolution (ADR)?

A. Arbitration
B. Supreme Court Hearing
C. Police Investigation
D. Criminal Litigation

11 Which tool is widely used for network discovery and security auditing, often referred to as a 'port scanner'?

A. Wordpress
B. Nmap
C. VLC
D. Photoshop

12 Wireshark is best described as which type of tool?

A. Password Cracker
B. Antivirus Software
C. Firewall
D. Packet Analyzer / Sniffer

13 In the context of the IT Act 2000, what does Section 66F deal with?

A. Cyber Terrorism
B. Sending offensive messages
C. Theft of computer hardware
D. Publishing obscene material

14 Identify the type of cyber attack: An attacker sends an email appearing to be from a legitimate bank asking the user to click a link and verify their password.

A. DDoS
B. SQL Injection
C. Phishing
D. Man-in-the-Middle

15 What is the primary difference between Arbitration and Mediation?

A. There is no difference.
B. Mediation is binding; Arbitration is not.
C. Arbitration involves a third party making a decision; Mediation involves a third party facilitating a negotiated agreement.
D. Arbitration happens in court; Mediation happens online.

16 Which open-source framework is used for penetration testing and executing exploit code against a target machine?

A. Outlook
B. GIMP
C. Notepad++
D. Metasploit

17 Why is 'Ignorance of the Law' generally not a valid defense?

A. Because laws are written in simple English.
B. It is a valid defense if you are a tourist.
C. Because citizens are expected to know the laws of the jurisdiction they reside in.
D. Because lawyers are too expensive.

18 What is a 'Zero-Day' vulnerability?

A. A security patch released on Sunday.
B. A virus that deletes data in zero days.
C. A vulnerability known to the vendor for zero days (unknown) before it is exploited.
D. A software that costs zero dollars.

19 Case Study: An employee installs a logic bomb to delete servers if their name disappears from the payroll. What type of threat does this represent?

A. Script Kiddie
B. State-sponsored Espionage
C. Advanced Persistent Threat (APT)
D. Insider Threat

20 Which professional organization is known for its Code of Ethics and Professional Conduct for project managers?

A. WHO
B. FIFA
C. UNESCO
D. PMI (Project Management Institute)

21 According to typical risk formulas, if is the probability of an event and is the impact, how is Risk () generally calculated?

A.
B.
C.
D.

22 Which of the following is NOT a benefit of Alternative Dispute Resolution (ADR)?

A. It is often less expensive than court trials.
B. It allows for confidentiality.
C. It is generally faster than litigation.
D. It establishes a public legal precedent for future cases.

23 What is the primary function of CERT-In (Indian Computer Emergency Response Team)?

A. To teach coding to school children.
B. To provide internet connections to rural areas.
C. To manufacture computer hardware.
D. To act as the national agency for performing functions in the area of cyber security.

24 Which tool is primarily used for password cracking?

A. Adobe Reader
B. Skype
C. John the Ripper
D. Calculater

25 What is 'Whistle-blowing' in a professional context?

A. The act of an employee exposing information about illegal or unethical activity within their organization.
B. A signaling method used in network protocols.
C. Calling time-out during a project meeting.
D. A method of cooling down server rooms.

26 Under the IT Act, tampering with computer source documents is an offense under which section?

A. Section 65
B. Section 302
C. Section 420
D. Section 10

27 Which type of intellectual property protects the expression of an idea (like code or manual text) rather than the idea itself?

A. Copyright
B. Trade Secret
C. Patent
D. Trademark

28 What is the rise in Cyber Crime primarily attributed to?

A. Strict global laws preventing internet access.
B. People stopped using the internet.
C. The increased digitization of services and interconnectedness of devices.
D. The decrease in computer processing power.

29 In the context of Cyber Law, what is 'Jurisdiction'?

A. The physical location of a hacker's keyboard.
B. A type of antivirus software.
C. The speed of the internet connection.
D. The power of a court to adjudicate cases and issue orders.

30 Ethical Dilemma: You are a security consultant. A client asks you to hack a competitor's database to recover 'stolen' intellectual property. What should you do?

A. Do it, but charge triple the rate.
B. Do it, because the competitor started it.
C. Refuse, as 'hacking back' is generally illegal and unethical.
D. Post the request on social media immediately.

31 What is 'Ransomware'?

A. Software that speeds up your computer.
B. Hardware used to secure server rooms.
C. Free software distributed by the government.
D. Malware that encrypts the victim's data and demands payment for the decryption key.

32 Which of the following is an example of 'Social Engineering'?

A. Writing a Python script to scan ports.
B. Updating Windows.
C. Tailgating (following an authorized person through a secure door).
D. Installing a firewall.

33 Why is it important for an organization to consult legal counsel when drafting security policies?

A. To increase the length of the document.
B. Lawyers are good at checking spelling.
C. To ensure the policies comply with applicable local, state, and federal laws.
D. To make the document look expensive.

34 What is a 'Botnet'?

A. A net used for fishing.
B. A new social media platform.
C. A network of private computers infected with malicious software and controlled as a group.
D. A robot network used for manufacturing cars.

35 Which tool is a wireless network security cracker?

A. Paint
B. Excel
C. Norton Ghost
D. Aircrack-ng

36 Case Study: The 2017 'WannaCry' attack is an example of which type of cyber crime?

A. DDOS
B. Phishing Campaign
C. SQL Injection
D. Global Ransomware Attack

37 In the context of ethics, what constitutes a 'Conflict of Interest'?

A. When a project is delayed.
B. When an individual's personal interests clash with their professional duties.
C. When a computer creates a conflict in IP addresses.
D. When two employees argue.

38 Section 43 of the IT Act 2000 imposes penalties for which activity?

A. Damage to computer systems without permission
B. Murder
C. Traffic violations
D. Not paying taxes

39 What is the 'Prudent Man Rule'?

A. A rule that says men are smarter than computers.
B. A legal standard requiring fiduciaries to manage assets with the same care a prudent person would use for their own.
C. A rule strictly for banking software.
D. A rule preventing men from working in HR.

40 What is 'Steganography'?

A. Stealing data.
B. Encrypting a hard drive.
C. The study of dinosaurs.
D. Hiding data within other files (like hiding a text file inside an image).

41 Which of the following is a key advantage of Arbitration over Litigation in international disputes?

A. Arbitration is public and televised.
B. Arbitration is always free.
C. Arbitrators do not require any legal knowledge.
D. Arbitration awards are generally easier to enforce internationally (e.g., via the New York Convention) than court judgments.

42 What is 'Typosquatting'?

A. Registering domain names that are very similar to popular domains (e.g., goggle.com instead of google.com).
B. Deleting system fonts.
C. Sitting on a keyboard.
D. Typing very fast.

43 Which section of the IT Act was struck down by the Supreme Court of India in the Shreya Singhal case for being unconstitutional?

A. Section 66A
B. Section 66F
C. Section 43
D. Section 67

44 Burp Suite is a tool commonly used for:

A. Spreadsheet calculation
B. Web application security testing
C. Video Editing
D. Graphic Design

45 If an employee creates a software program at work using company resources, who generally owns the Copyright?

A. Microsoft.
B. The employee.
C. The employer.
D. The public domain.

46 What is the primary goal of a Denial of Service (DoS) attack?

A. To encrypt data.
B. To make a machine or network resource unavailable to its intended users.
C. To scan for open ports.
D. To steal passwords.

47 Which of the following represents an ethical dilemma regarding privacy vs. security?

A. Installing a firewall to block viruses.
B. Monitoring employee emails to prevent data leaks vs. respecting employee privacy.
C. Using strong passwords.
D. Backing up data to the cloud.

48 What is 'Conciliation' in the context of ADR?

A. A fist fight to settle a dispute.
B. A process where a third party meets with disputants separately and together to lower tensions and suggest settlements.
C. Ignoring the problem.
D. A court trial.

49 Case Study: The 'Morris Worm' of 1988 is significant because:

A. It destroyed the internet permanently.
B. It was the first computer virus.
C. It resulted in the first conviction under the US Computer Fraud and Abuse Act.
D. It stole money from banks.

50 What is the 'Ten Commandments of Computer Ethics'?

A. A biblical text.
B. A set of ethical standards created by the Computer Ethics Institute.
C. A hardware manual.
D. A set of laws passed by the UN.