1Which of the following statements best describes the relationship between laws and ethics in Information Security?
A.Ethics are enforced by police agencies, while laws are enforced by professional organizations.
B.Laws are formally enforced rules mandated by the state, while ethics are socially acceptable behaviors based on cultural norms.
C.Laws always supersede ethics in every international jurisdiction.
D.Laws and ethics are identical concepts.
Correct Answer: Laws are formally enforced rules mandated by the state, while ethics are socially acceptable behaviors based on cultural norms.
Explanation:
Laws are rules adopted and enforced by governments (external), whereas ethics define socially acceptable behavior and moral principles (internal/social).
Incorrect! Try again.
2In the context of organizational policy versus law, what is a primary requirement for a policy to be legally enforceable within an organization?
A.The policy must be reviewed by the United Nations.
B.The policy must be disseminated, read, understood, and agreed to by the employee.
C.The policy must be written in Latin.
D.The policy must be strictly verbal to avoid paper trails.
Correct Answer: The policy must be disseminated, read, understood, and agreed to by the employee.
Explanation:
For a policy to hold up in a legal dispute or termination hearing, the organization must prove the employee was aware of it and understood it.
Incorrect! Try again.
3What is the legal concept known as 'Vicarious Liability'?
A.Liability that applies only to hardware manufacturers.
B.An organization can be held legally responsible for the actions of its employees performed within the course of their employment.
C.An employee is liable for the mistakes of the CEO.
D.An organization is never liable for the actions of its employees.
Correct Answer: An organization can be held legally responsible for the actions of its employees performed within the course of their employment.
Explanation:
Vicarious liability allows a court to hold an employer responsible for the wrongful acts of an employee if those acts occur within the scope of employment.
Incorrect! Try again.
4Which of the following best defines 'Due Care' in information security?
A.Performing background checks on all customers.
B.Ensuring a 100% guarantee of security.
C.Taking the measures that a reasonable and prudent person would take to prevent harm.
D.The process of hiring a lawyer.
Correct Answer: Taking the measures that a reasonable and prudent person would take to prevent harm.
Explanation:
Due care is the standard of conduct expected of a reasonable person/organization to prevent harm. It is the action taken.
Incorrect! Try again.
5What is the distinction between 'Due Care' and 'Due Diligence'?
A.They are synonymous and can be used interchangeably.
B.Due Care is optional; Due Diligence is mandatory.
C.Due Care applies to hardware; Due Diligence applies to software.
D.Due Care is the action; Due Diligence is the management and tracking of that action.
Correct Answer: Due Care is the action; Due Diligence is the management and tracking of that action.
Explanation:
Due care is doing the right thing (implementing controls), while due diligence is verifying and documenting that the right things are being done (ongoing maintenance and review).
Incorrect! Try again.
6Which specific Act provides the legal framework for electronic commerce and cyber crime in India?
A.The Indian Penal Code, 1860
B.The Consumer Protection Act, 1986
C.The Companies Act, 2013
D.The Information Technology Act, 2000
Correct Answer: The Information Technology Act, 2000
Explanation:
The IT Act, 2000 is the primary law in India dealing with cybercrime and electronic commerce.
Incorrect! Try again.
7Under the IT Act 2000, which entity acts as the root authority for regulating Digital Signature Certificates in India?
A.Controller of Certifying Authorities (CCA)
B.NASSCOM
C.Reserve Bank of India
D.CERT-In
Correct Answer: Controller of Certifying Authorities (CCA)
Explanation:
The CCA is the authority appointed under the IT Act to license and regulate the working of Certifying Authorities.
Incorrect! Try again.
8What is a 'Salami Attack' in the context of financial cyber crimes?
A.Stealing physical server racks.
B.Hacking a system using a brute force dictionary attack.
C.A denial of service attack using food delivery apps.
D.Removing small amounts of money from many accounts, such that the loss is unnoticed by individual victims.
Correct Answer: Removing small amounts of money from many accounts, such that the loss is unnoticed by individual victims.
Explanation:
Salami slicing refers to a series of many small actions (like skimming fractions of cents) that accumulate to a large result, often used in financial fraud.
Incorrect! Try again.
9In a project management context, if a Project Manager discovers a security flaw right before the product launch, what is the most ethical course of action?
A.Blame the development team and fire the lead developer.
B.Release the product but disable the security logging so the flaw isn't recorded.
C.Disclose the risk to stakeholders and delay the launch if the risk is critical.
D.Ignore the flaw to meet the deadline and fix it later if someone notices.
Correct Answer: Disclose the risk to stakeholders and delay the launch if the risk is critical.
Explanation:
Ethical project management requires honesty about risks and prioritizing the safety and security of the users over arbitrary deadlines.
Incorrect! Try again.
10Which of the following is a form of Alternative Dispute Resolution (ADR)?
A.Arbitration
B.Supreme Court Hearing
C.Police Investigation
D.Criminal Litigation
Correct Answer: Arbitration
Explanation:
Arbitration is a form of ADR where a dispute is submitted to one or more arbitrators who make a binding decision outside the court system.
Incorrect! Try again.
11Which tool is widely used for network discovery and security auditing, often referred to as a 'port scanner'?
A.Wordpress
B.Nmap
C.VLC
D.Photoshop
Correct Answer: Nmap
Explanation:
Nmap (Network Mapper) is the industry standard tool for network discovery and security auditing, specifically port scanning.
Incorrect! Try again.
12Wireshark is best described as which type of tool?
A.Password Cracker
B.Antivirus Software
C.Firewall
D.Packet Analyzer / Sniffer
Correct Answer: Packet Analyzer / Sniffer
Explanation:
Wireshark is a network protocol analyzer that lets you capture and interactively browse the traffic running on a computer network.
Incorrect! Try again.
13In the context of the IT Act 2000, what does Section 66F deal with?
A.Cyber Terrorism
B.Sending offensive messages
C.Theft of computer hardware
D.Publishing obscene material
Correct Answer: Cyber Terrorism
Explanation:
Section 66F of the IT Amendment Act 2008 specifically prescribes punishment for Cyber Terrorism.
Incorrect! Try again.
14Identify the type of cyber attack: An attacker sends an email appearing to be from a legitimate bank asking the user to click a link and verify their password.
A.DDoS
B.SQL Injection
C.Phishing
D.Man-in-the-Middle
Correct Answer: Phishing
Explanation:
Phishing is a social engineering attack used to steal user data, including login credentials and credit card numbers, by masquerading as a trusted entity.
Incorrect! Try again.
15What is the primary difference between Arbitration and Mediation?
A.There is no difference.
B.Mediation is binding; Arbitration is not.
C.Arbitration involves a third party making a decision; Mediation involves a third party facilitating a negotiated agreement.
D.Arbitration happens in court; Mediation happens online.
Correct Answer: Arbitration involves a third party making a decision; Mediation involves a third party facilitating a negotiated agreement.
Explanation:
In arbitration, the arbitrator acts like a judge and renders a decision. In mediation, the mediator helps the parties talk to reach their own agreement.
Incorrect! Try again.
16Which open-source framework is used for penetration testing and executing exploit code against a target machine?
A.Outlook
B.GIMP
C.Notepad++
D.Metasploit
Correct Answer: Metasploit
Explanation:
The Metasploit Framework is a tool for developing and executing exploit code against a remote target machine.
Incorrect! Try again.
17Why is 'Ignorance of the Law' generally not a valid defense?
A.Because laws are written in simple English.
B.It is a valid defense if you are a tourist.
C.Because citizens are expected to know the laws of the jurisdiction they reside in.
D.Because lawyers are too expensive.
Correct Answer: Because citizens are expected to know the laws of the jurisdiction they reside in.
Explanation:
The legal principle ignorantia juris non excusat holds that a person who is unaware of a law may not escape liability for violating that law.
Incorrect! Try again.
18What is a 'Zero-Day' vulnerability?
A.A security patch released on Sunday.
B.A virus that deletes data in zero days.
C.A vulnerability known to the vendor for zero days (unknown) before it is exploited.
D.A software that costs zero dollars.
Correct Answer: A vulnerability known to the vendor for zero days (unknown) before it is exploited.
Explanation:
A zero-day vulnerability is a flaw in software that is unknown to the party responsible for patching it, leaving them with zero days to prepare.
Incorrect! Try again.
19Case Study: An employee installs a logic bomb to delete servers if their name disappears from the payroll. What type of threat does this represent?
A.Script Kiddie
B.State-sponsored Espionage
C.Advanced Persistent Threat (APT)
D.Insider Threat
Correct Answer: Insider Threat
Explanation:
This is a classic insider threat scenario where an authorized user causes harm to the organization.
Incorrect! Try again.
20Which professional organization is known for its Code of Ethics and Professional Conduct for project managers?
PMI provides the PMP certification and maintains a strict Code of Ethics and Professional Conduct for project managers.
Incorrect! Try again.
21According to typical risk formulas, if is the probability of an event and is the impact, how is Risk () generally calculated?
A.
B.
C.
D.
Correct Answer:
Explanation:
The standard quantitative risk analysis formula is Risk = Probability (Likelihood) Impact (Consequence).
Incorrect! Try again.
22Which of the following is NOT a benefit of Alternative Dispute Resolution (ADR)?
A.It is often less expensive than court trials.
B.It allows for confidentiality.
C.It is generally faster than litigation.
D.It establishes a public legal precedent for future cases.
Correct Answer: It establishes a public legal precedent for future cases.
Explanation:
ADR (especially arbitration) is private and does not set legal precedents in the way that public court judgments do.
Incorrect! Try again.
23What is the primary function of CERT-In (Indian Computer Emergency Response Team)?
A.To teach coding to school children.
B.To provide internet connections to rural areas.
C.To manufacture computer hardware.
D.To act as the national agency for performing functions in the area of cyber security.
Correct Answer: To act as the national agency for performing functions in the area of cyber security.
Explanation:
CERT-In is the national nodal agency for responding to computer security incidents as and when they occur.
Incorrect! Try again.
24Which tool is primarily used for password cracking?
A.Adobe Reader
B.Skype
C.John the Ripper
D.Calculater
Correct Answer: John the Ripper
Explanation:
John the Ripper is a popular open-source password security auditing and password recovery tool.
Incorrect! Try again.
25What is 'Whistle-blowing' in a professional context?
A.The act of an employee exposing information about illegal or unethical activity within their organization.
B.A signaling method used in network protocols.
C.Calling time-out during a project meeting.
D.A method of cooling down server rooms.
Correct Answer: The act of an employee exposing information about illegal or unethical activity within their organization.
Explanation:
Whistle-blowing involves reporting misconduct, fraud, or safety violations within an organization to a higher authority or the public.
Incorrect! Try again.
26Under the IT Act, tampering with computer source documents is an offense under which section?
A.Section 65
B.Section 302
C.Section 420
D.Section 10
Correct Answer: Section 65
Explanation:
Section 65 of the IT Act 2000 deals with the tampering of computer source documents.
Incorrect! Try again.
27Which type of intellectual property protects the expression of an idea (like code or manual text) rather than the idea itself?
A.Copyright
B.Trade Secret
C.Patent
D.Trademark
Correct Answer: Copyright
Explanation:
Copyright protects the original expression of ideas (literary works, software code) but not the underlying functional idea or method.
Incorrect! Try again.
28What is the rise in Cyber Crime primarily attributed to?
A.Strict global laws preventing internet access.
B.People stopped using the internet.
C.The increased digitization of services and interconnectedness of devices.
D.The decrease in computer processing power.
Correct Answer: The increased digitization of services and interconnectedness of devices.
Explanation:
The exponential growth of digital services, IoT, and mobile connectivity expands the attack surface, leading to a rise in cyber crime.
Incorrect! Try again.
29In the context of Cyber Law, what is 'Jurisdiction'?
A.The physical location of a hacker's keyboard.
B.A type of antivirus software.
C.The speed of the internet connection.
D.The power of a court to adjudicate cases and issue orders.
Correct Answer: The power of a court to adjudicate cases and issue orders.
Explanation:
Jurisdiction refers to the official power to make legal decisions and judgments, which is complex in cyber law due to the borderless nature of the internet.
Incorrect! Try again.
30Ethical Dilemma: You are a security consultant. A client asks you to hack a competitor's database to recover 'stolen' intellectual property. What should you do?
A.Do it, but charge triple the rate.
B.Do it, because the competitor started it.
C.Refuse, as 'hacking back' is generally illegal and unethical.
D.Post the request on social media immediately.
Correct Answer: Refuse, as 'hacking back' is generally illegal and unethical.
Explanation:
Vigilante justice or 'hacking back' is illegal in most jurisdictions. The ethical path is to refuse and advise the client to seek legal counsel.
Incorrect! Try again.
31What is 'Ransomware'?
A.Software that speeds up your computer.
B.Hardware used to secure server rooms.
C.Free software distributed by the government.
D.Malware that encrypts the victim's data and demands payment for the decryption key.
Correct Answer: Malware that encrypts the victim's data and demands payment for the decryption key.
Explanation:
Ransomware denies access to a computer system or data until a ransom is paid.
Incorrect! Try again.
32Which of the following is an example of 'Social Engineering'?
A.Writing a Python script to scan ports.
B.Updating Windows.
C.Tailgating (following an authorized person through a secure door).
D.Installing a firewall.
Correct Answer: Tailgating (following an authorized person through a secure door).
Explanation:
Tailgating exploits human behavior (politeness) to gain physical access, which is a form of social engineering.
Incorrect! Try again.
33Why is it important for an organization to consult legal counsel when drafting security policies?
A.To increase the length of the document.
B.Lawyers are good at checking spelling.
C.To ensure the policies comply with applicable local, state, and federal laws.
D.To make the document look expensive.
Correct Answer: To ensure the policies comply with applicable local, state, and federal laws.
Explanation:
Policies that violate laws are unenforceable and can expose the organization to liability. Legal counsel ensures compliance.
Incorrect! Try again.
34What is a 'Botnet'?
A.A net used for fishing.
B.A new social media platform.
C.A network of private computers infected with malicious software and controlled as a group.
D.A robot network used for manufacturing cars.
Correct Answer: A network of private computers infected with malicious software and controlled as a group.
Explanation:
Botnets are collections of compromised computers (zombies) often used to launch DDoS attacks.
Incorrect! Try again.
35Which tool is a wireless network security cracker?
A.Paint
B.Excel
C.Norton Ghost
D.Aircrack-ng
Correct Answer: Aircrack-ng
Explanation:
Aircrack-ng is a suite of tools to assess WiFi network security, focusing on monitoring, attacking, testing, and cracking.
Incorrect! Try again.
36Case Study: The 2017 'WannaCry' attack is an example of which type of cyber crime?
A.DDOS
B.Phishing Campaign
C.SQL Injection
D.Global Ransomware Attack
Correct Answer: Global Ransomware Attack
Explanation:
WannaCry was a worldwide cyberattack by the WannaCry ransomware cryptoworm.
Incorrect! Try again.
37In the context of ethics, what constitutes a 'Conflict of Interest'?
A.When a project is delayed.
B.When an individual's personal interests clash with their professional duties.
C.When a computer creates a conflict in IP addresses.
D.When two employees argue.
Correct Answer: When an individual's personal interests clash with their professional duties.
Explanation:
A conflict of interest occurs when a person is in a position to derive personal benefit from actions or decisions made in their official capacity.
Incorrect! Try again.
38Section 43 of the IT Act 2000 imposes penalties for which activity?
A.Damage to computer systems without permission
B.Murder
C.Traffic violations
D.Not paying taxes
Correct Answer: Damage to computer systems without permission
Explanation:
Section 43 deals with penalties for damage to computers, computer systems, etc., without the permission of the owner.
Incorrect! Try again.
39What is the 'Prudent Man Rule'?
A.A rule that says men are smarter than computers.
B.A legal standard requiring fiduciaries to manage assets with the same care a prudent person would use for their own.
C.A rule strictly for banking software.
D.A rule preventing men from working in HR.
Correct Answer: A legal standard requiring fiduciaries to manage assets with the same care a prudent person would use for their own.
Explanation:
This rule often dictates the level of security and care senior management must exercise over organizational assets.
Incorrect! Try again.
40What is 'Steganography'?
A.Stealing data.
B.Encrypting a hard drive.
C.The study of dinosaurs.
D.Hiding data within other files (like hiding a text file inside an image).
Correct Answer: Hiding data within other files (like hiding a text file inside an image).
Explanation:
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video.
Incorrect! Try again.
41Which of the following is a key advantage of Arbitration over Litigation in international disputes?
A.Arbitration is public and televised.
B.Arbitration is always free.
C.Arbitrators do not require any legal knowledge.
D.Arbitration awards are generally easier to enforce internationally (e.g., via the New York Convention) than court judgments.
Correct Answer: Arbitration awards are generally easier to enforce internationally (e.g., via the New York Convention) than court judgments.
Explanation:
International treaties make arbitration awards enforceable in over 160 countries, whereas court judgments are harder to enforce across borders.
Incorrect! Try again.
42What is 'Typosquatting'?
A.Registering domain names that are very similar to popular domains (e.g., goggle.com instead of google.com).
B.Deleting system fonts.
C.Sitting on a keyboard.
D.Typing very fast.
Correct Answer: Registering domain names that are very similar to popular domains (e.g., goggle.com instead of google.com).
Explanation:
Typosquatting (or URL hijacking) relies on mistakes such as typos made by Internet users when inputting a website address.
Incorrect! Try again.
43Which section of the IT Act was struck down by the Supreme Court of India in the Shreya Singhal case for being unconstitutional?
A.Section 66A
B.Section 66F
C.Section 43
D.Section 67
Correct Answer: Section 66A
Explanation:
Section 66A (Punishment for sending offensive messages) was struck down as it violated the fundamental right to freedom of speech and expression.
Incorrect! Try again.
44Burp Suite is a tool commonly used for:
A.Spreadsheet calculation
B.Web application security testing
C.Video Editing
D.Graphic Design
Correct Answer: Web application security testing
Explanation:
Burp Suite is a leading software for web application security testing, acting as a proxy to intercept traffic.
Incorrect! Try again.
45If an employee creates a software program at work using company resources, who generally owns the Copyright?
A.Microsoft.
B.The employee.
C.The employer.
D.The public domain.
Correct Answer: The employer.
Explanation:
Under the 'work for hire' doctrine, works created by employees within the scope of their employment typically belong to the employer.
Incorrect! Try again.
46What is the primary goal of a Denial of Service (DoS) attack?
A.To encrypt data.
B.To make a machine or network resource unavailable to its intended users.
C.To scan for open ports.
D.To steal passwords.
Correct Answer: To make a machine or network resource unavailable to its intended users.
Explanation:
DoS attacks flood a system with traffic to crash it or prevent legitimate users from accessing it.
Incorrect! Try again.
47Which of the following represents an ethical dilemma regarding privacy vs. security?
A.Installing a firewall to block viruses.
B.Monitoring employee emails to prevent data leaks vs. respecting employee privacy.
C.Using strong passwords.
D.Backing up data to the cloud.
Correct Answer: Monitoring employee emails to prevent data leaks vs. respecting employee privacy.
Explanation:
This is a classic dilemma where the organization's need for security (preventing leaks) conflicts with the individual's expectation of privacy.
Incorrect! Try again.
48What is 'Conciliation' in the context of ADR?
A.A fist fight to settle a dispute.
B.A process where a third party meets with disputants separately and together to lower tensions and suggest settlements.
C.Ignoring the problem.
D.A court trial.
Correct Answer: A process where a third party meets with disputants separately and together to lower tensions and suggest settlements.
Explanation:
Conciliation is less formal than arbitration. The conciliator takes an active role in proposing solutions, unlike a passive mediator.
Incorrect! Try again.
49Case Study: The 'Morris Worm' of 1988 is significant because:
A.It destroyed the internet permanently.
B.It was the first computer virus.
C.It resulted in the first conviction under the US Computer Fraud and Abuse Act.
D.It stole money from banks.
Correct Answer: It resulted in the first conviction under the US Computer Fraud and Abuse Act.
Explanation:
Robert Tappan Morris created the worm, and his conviction highlighted the legal consequences of releasing code that causes damage, even if unintentional.
Incorrect! Try again.
50What is the 'Ten Commandments of Computer Ethics'?
A.A biblical text.
B.A set of ethical standards created by the Computer Ethics Institute.
C.A hardware manual.
D.A set of laws passed by the UN.
Correct Answer: A set of ethical standards created by the Computer Ethics Institute.
Explanation:
The Ten Commandments of Computer Ethics were created by the Computer Ethics Institute to guide moral behavior in computing.