Get Latest Exam Updates, Free Study materials and Tips

[MCQ’s] Cyber Security Law

Exit Intent

Module 01

1. Which of the following is not a type of cyber crime?
a) Data theft
b) Forgery
c) Damage to data and systems
d) Installing antivirus for protection
Answer: d
Explanation: Cyber crimes are one of the most threatening terms that is an evolving phase. It is said that major percentage of the World War III will be based on cyber-attacks by cyber armies of different countries.

2. Cyber-laws are incorporated for punishing all criminals only.
a) True
b) False
Answer: b
Explanation: Cyber-laws were incorporated in our law book not only to punish cyber criminals but to reduce cyber crimes and tie the hands of citizens from doing illicit digital acts that harm or damage other’s digital property or identity.

3. Cyber-crime can be categorized into ________ types.
a) 4
b) 3
c) 2
d) 6
Answer: c
Explanation: Cyber crime can be categorized into 2 types. These are peer-to-peer attack and computer as weapon. In peer-to-peer attack, attackers target the victim users; and in computer as weapon attack technique, computers are used by attackers for a mass attack such as illegal and banned photo leak, IPR violation, pornography, cyber terrorism etc.

4. Which of the following is not a type of peer-to-peer cyber-crime?
a) Phishing
b) Injecting Trojans to a target victim
c) MiTM
d) Credit card details leak in deep web
Answer: d
Explanation: Phishing, injecting Trojans and worms to individuals comes under peer-to-peer cyber crime. Whereas, leakage of credit card data of a large number of people in deep web comes under computer as weapon cyber-crime.

5. Which of the following is not an example of a computer as weapon cyber-crime?
a) Credit card fraudulent
b) Spying someone using keylogger
c) IPR Violation
d) Pornography
Answer: b
Explanation: DDoS (Distributed Denial of Service), IPR violation, pornography are mass attacks done using a computer. Spying someone using keylogger is an example of peer-to-peer attack.

6. Which of the following is not done by cyber criminals?
a) Unauthorized account access
b) Mass attack using Trojans as botnets
c) Email spoofing and spamming
d) Report vulnerability in any system
Answer: d
Explanation: Cyber-criminals are involved in activities like accessing online accounts in unauthorized manner; use Trojans to attack large systems, sending spoofed emails. But cyber-criminals do not report any bug is found in a system, rather they exploit the bug for their profit.

7. What is the name of the IT law that India is having in the Indian legislature?
a) India’s Technology (IT) Act, 2000
b) India’s Digital Information Technology (DIT) Act, 2000
c) India’s Information Technology (IT) Act, 2000
d) The Technology Act, 2008
Answer: c
Explanation: The Indian legislature thought of adding a chapter that is dedicated to cyber law. This finally brought India’s Information Technology (IT) Act, 2000 which deals with the different cyber-crimes and their associated laws.

8. In which year India’s IT Act came into existence?
a) 2000
b) 2001
c) 2002
d) 2003
Answer: a
Explanation: On 17th Oct 2000, the Indian legislature thought of adding a chapter that is dedicated to cyber law, for which India’s Information Technology (IT) Act, 2000 came into existence.

9. What is the full form of ITA-2000?
a) Information Tech Act -2000
b) Indian Technology Act -2000
c) International Technology Act -2000
d) Information Technology Act -2000
Answer: d
Explanation: Information Technology Act -2000 (ITA-2000), came into existence on 17th Oct 2000, that is dedicated to cyber-crime and e-commerce law in India.

10. The Information Technology Act -2000 bill was passed by K. R. Narayanan.
a) True
b) False
Answer: b
Explanation: The bill was passed & signed by Dr. K. R. Narayanan on 9th May, in the year 2000. The bill got finalised by head officials along with the Minister of Information Technology, Dr. Pramod Mahajan.

11. Under which section of IT Act, stealing any digital asset or information is written a cyber-crime.
a) 65
b) 65-D
c) 67
d) 70
Answer: a
Explanation: When a cyber-criminal steals any computer documents, assets or any software’s source code from any organization, individual, or from any other means then the cyber crime falls under section 65 of IT Act, 2000.

12. What is the punishment in India for stealing computer documents, assets or any software’s source code from any organization, individual, or from any other means?
a) 6 months of imprisonment and a fine of Rs. 50,000
b) 1 year of imprisonment and a fine of Rs. 100,000
c) 2 years of imprisonment and a fine of Rs. 250,000
d) 3 years of imprisonment and a fine of Rs. 500,000
Answer: d
Explanation: The punishment in India for stealing computer documents, assets or any software’s source code from any organization, individual, or from any other means is 3 years of imprisonment and a fine of Rs. 500,000.

13. What is the updated version of the IT Act, 2000?
a) IT Act, 2007
b) Advanced IT Act, 2007
c) IT Act, 2008
d) Advanced IT Act, 2008
Answer: c
Explanation: In the year 2008, the IT Act, 2000 was updated and came up with a much broader and precise law on different computer-related crimes and cyber offenses.

14. In which year the Indian IT Act, 2000 got updated?
a) 2006
b) 2008
c) 2010
d) 2012
Answer: b
Explanation: In the year 2008, the IT Act, 2000 was updated and came up with a much broader and precise law on different computer-related crimes and cyber offenses.

15. What type of cyber-crime, its laws and punishments does section 66 of the Indian IT Act holds?
a) Cracking or illegally hack into any system
b) Putting antivirus into the victim
c) Stealing data
d) Stealing hardware components
Answer: a
Explanation: Under section 66 of IT Act, 2000 which later came up with a much broader and precise law says that cracking or illegally hacking into any victim’s computer is a crime. It covers a wide range of cyber-crimes under this section of the IT Act.

16. Accessing computer without prior authorization is a cyber-crimes that come under _______
a) Section 65
b) Section 66
c) Section 68
d) Section 70
Answer: b
Explanation: Under section 66 of IT Act, 2000 which later came up with a much broader and precise law says that without prior authorization or permission, if any individual access any computer system, it is a cyber-crime.

17. Cracking digital identity of any individual or doing identity theft, comes under __________ of IT Act.
a) Section 65
b) Section 66
c) Section 68
d) Section 70
Answer: b
Explanation: Under section 66 of IT Act, 2000 which later came up with a much broader and precise law (as IT Act, 2008) says that if any individual steals the identity or misuse any victim’s identity for his/her own profit, it is a cyber-crime.

18. Accessing Wi-Fi dishonestly is a cyber-crime.
a) True
b) False
Answer: a
Explanation: Under section 66 of IT Act, 2000 which later came up with a much broader and precise law (as IT Act, 2008) says that if any individual access anyone’s Wi-Fi network without the permission of the owner or for doing a malicious activity, it is a cyber-crime.

19. Download copy, extract data from an open system done fraudulently is treated as _________
a) cyber-warfare
b) cyber-security act
c) data-backup
d) cyber-crime
Answer: d
Explanation: Download copy, extract data from an open system done fraudulently is treated as according to section 66 of the Indian IT Act.

20. Any cyber-crime that comes under section 66 of IT Act, the accused person gets fined of around Rs ________
a) 2 lacs
b) 3 lacs
c) 4 lacs
d) 5 lacs
Answer: d
Explanation: Any cyber-crime that comes under section 66 of the Indian IT Act, the person accused of such cyber-crime gets fined of around five lacs rupees.

21. How many years of imprisonment can an accused person face, if he/she comes under any cyber-crime listed in section 66 of the Indian IT Act, 2000?
a) 1 year
b) 2 years
c) 3 years
d) 4 years
Answer: c
Explanation: Any cyber-crime that comes under section 66 of the Indian IT Act, the person accused of such cyber-crime gets fined of around five lacs rupees and 3 years of imprisonment.

22. Any digital content which any individual creates and is not acceptable to the society, it’s a cyber-crime that comes under _________ of IT Act.
a) Section 66
b) Section 67
c) Section 68
d) Section 69
Answer: b
Explanation: Any digital content which is either lascivious is not acceptable by the society or viewers or that digital item corrupts the minds of the audience, then the creator of such contents falls under the cyber-crime of section 67 of the Indian IT Act.

23. IT Act 2008 make cyber-crime details more precise where it mentioned if anyone publishes sexually explicit digital content then under ___________ of IT Act, 2008 he/she has to pay a legitimate amount of fine.
a) section 67-A
b) section 67-B
c) section 67-C
d) section 67-D
Answer: a
Explanation: IT Act 2008 makes cyber-crime details more precise where it mentioned if anyone publishes sexually explicit digital content then under section 67 – A he/she has to pay a legitimate amount of fine.

24. If anyone publishes sexually explicit type digital content, it will cost that person imprisonment of _________ years.
a) 2
b) 3
c) 4
d) 5
Answer: d
Explanation: IT Act 2008 make cyber-crime details more precise where it mentioned if anyone publishes sexually explicit digital content then under section 67 – A he/she has to pay a legitimate amount of fine and imprisonment of five years.

25. Using spy cameras in malls and shops to capture private parts of any person comes under _______ of IT Act, 2008.
a) Section 66
b) Section 67
c) Section 68
d) Section 69
Answer: b
Explanation: Using of spy cameras in malls and shops to capture private parts of any person, without the concern of that victim, then it comes under section 67 of IT Act, 2008 as a punishable offense.

26. Using spy cameras in malls and shops to capture private parts of any person comes under section 67 of IT Act, 2008 and is punished with a fine of Rs. 5 Lacs.
a) True
b) False
Answer: a
Explanation: Using of spy cameras in malls and shops to capture private parts of any person, without the concern of that victim, then it comes under section 67 of IT Act, 2008 where the person doing such crime is punished with a fine of Rs. 5 Lacs.

27. Using of spy cameras in malls and shops to capture private parts of any person comes under section 67 of IT Act, 2008 and is punished with imprisonment of ___________
a) 2 years
b) 3 years
c) 4 years
d) 5 years
Answer: b
Explanation: Using of spy cameras in malls and shops to capture private parts of any person, without the concern of that victim, then it comes under section 67 of IT Act, 2008 where the person doing such crime is punished with imprisonment of 3 years.

28. Misuse of digital signatures for fraudulent purposes comes under __________ of IT Act.
a) section 65
b) section 66
c) section 71
d) section 72
Answer: d
Explanation: Cyber-criminals and black hat hackers do one common form of cyber-crime that is a misuse of digital signatures. The law for this fraudulent act comes under section 72 of the Indian IT Act.

29. Sending offensive message to someone comes under _____________ of the Indian IT Act ______
a) section 66-A, 2000
b) section 66-B, 2008
c) section 67, 2000
d) section 66-A, 2008
Answer: d
Explanation: Sending an offensive message, emails o any digital content through an electronic medium to your recipient is a punishable offense that comes under section 66 – A of the Indian IT Act, 2008.

30. Stealing of digital files comes under __________ of the Indian IT Act.
a) section 66-A
b) section 66-B
c) section 66-C
d) section 66-D
Answer: c
Explanation: Stealing of digital files, e-documents from any system or cloud or electronic device is a punishable offense that comes under section 66 – C of the Indian IT Act.

31. Section 79 of the Indian IT Act declares that any 3rd party information or personal data leakage in corporate firms or organizations will be a punishable offense.
a) True
b) False
Answer: a
Explanation: Section 79 of the Indian IT Act covers some of the corporate and business laws circulating technologies and cyberspace; declares that any 3rd party information or personal data leakage in corporate firms or organizations will be a punishable offense.

32. The full form of Malware is ________
a) Malfunctioned Software
b) Multipurpose Software
c) Malicious Software
d) Malfunctioning of Security
Answer: c
Explanation: Different types of harmful software and programs that can pose threats to a system, network or anything related to cyberspace are termed as Malware. Examples of some common malware are Virus, Trojans, Ransomware, spyware, worms, rootkits etc.

33. Who deploy Malwares to a system or network?
a) Criminal organizations, Black hat hackers, malware developers, cyber-terrorists
b) Criminal organizations, White hat hackers, malware developers, cyber-terrorists
c) Criminal organizations, Black hat hackers, software developers, cyber-terrorists
d) Criminal organizations, gray hat hackers, Malware developers, Penetration testers
Answer: a
Explanation: Criminal-minded organizations, groups and individuals cyber-terrorist groups, Black hat hackers, malware developers etc are those who can deploy malwares to any target system or network in order to deface that system.

34. _____________ is a code injecting method used for attacking the database of a system / website.
a) HTML injection
b) SQL Injection
c) Malicious code injection
d) XML Injection
Answer: b
Explanation: SQLi (Structured Query Language Injection) is a popular attack where SQL code is targeted or injected; for breaking the web application having SQL vulnerabilities. This allows the attacker to run malicious code and take access to the database of that server.

35. XSS is abbreviated as __________
a) Extreme Secure Scripting
b) Cross Site Security
c) X Site Scripting
d) Cross Site Scripting
Answer: d
Explanation: Cross Site Scripting is another popular web application attack type that can hamper the reputation of any site.

36. This attack can be deployed by infusing a malicious code in a website’s comment section. What is “this” attack referred to here?
a) SQL injection
b) HTML Injection
c) Cross Site Scripting (XSS)
d) Cross Site Request Forgery (XSRF)
Answer: c
Explanation: XSS attack can be infused by putting the malicious code (which gets automatically run) in any comment section or feedback section of any webpage (usually a blogging page). This can hamper the reputation of a site and the attacker may place any private data or personal credentials.

37. When there is an excessive amount of data flow, which the system cannot handle, _____ attack takes place.
a) Database crash attack
b) DoS (Denial of Service) attack
c) Data overflow Attack
d) Buffer Overflow attack
Answer: d
Explanation: The Buffer overflow attack takes place when an excessive amount of data occurs in the buffer, which it cannot handle and lead to data being over-flow into its adjoined storage. This attack can cause a system or application crash and can lead to malicious entry-point.

38. Compromising a user’s session for exploiting the user’s data and do malicious activities or misuse user’s credentials is called ___________
a) Session Hijacking
b) Session Fixation
c) Cookie stuffing
d) Session Spying
Answer: a
Explanation: Using session hijacking, which is popularly known as cookie hijacking is an exploitation method for compromising the user’s session for gaining unauthorized access to user’s information.

39. Which of this is an example of physical hacking?
a) Remote Unauthorised access
b) Inserting malware loaded USB to a system
c) SQL Injection on SQL vulnerable site
d) DDoS (Distributed Denial of Service) attack
Answer: b
Explanation: If a suspicious gain access to server room or into any confidential area with a malicious pen-drive loaded with malware which will get triggered automatically once inserted to USB port of any employee’s PC; such attacks come under physical hacking, because that person in gaining unauthorized physical access to any room or organization first, then managed to get an employee’s PC also, all done physically – hence breaching physical security.

40. Which of them is not a wireless attack?
a) Eavesdropping
b) MAC Spoofing
c) Wireless Hijacking
d) Phishing
Answer: d
Explanation: Wireless attacks are malicious attacks done in wireless systems, networks or devices. Attacks on Wi-Fi network is one common example that general people know. Other such sub-types of wireless attacks are wireless authentication attack, Encryption cracking etc.

41. An attempt to harm, damage or cause threat to a system or network is broadly termed as ______
a) Cyber-crime
b) Cyber Attack
c) System hijacking
d) Digital crime
Answer: b
Explanation: Cyber attack is an umbrella term used to classify different computer & network attacks or activities such as extortion, identity theft, email hacking, digital spying, stealing hardware, mobile hacking and physical security breaching.

42. Which method of hacking will record all your keystrokes?
a) Keyhijacking
b) Keyjacking
c) Keylogging
d) Keyboard monitoring
Answer: c
Explanation: Keylogging is the method or procedure of recording all the key strokes/keyboard button pressed by the user of that system.

43. _________ are the special type of programs used for recording and tracking user’s keystroke.
a) Keylogger
b) Trojans
c) Virus
d) Worms
Answer: a
Explanation: Keyloggers are surveillance programs developed for both security purpose as well as done for hacking passwords and other personal credentials and information. This type of programs actually saves the keystrokes done using a keyboard and then sends the recorded keystroke file to the creator of such programs.

44. These are a collective term for malicious spying programs used for secretly monitoring someone’s activity and actions over a digital medium.
a) Malware
b) Remote Access Trojans
c) Keyloggers
d) Spyware
Answer: d
Explanation: Spyware is professional malicious spying software that is hard to detect by anti-malware or anti-virus programs because they are programmed in such a skillful way. These types of software keep on collecting personal information, surfing habits, surfing history as well as credit card details.

45. Stuxnet is a _________
a) Worm
b) Virus
c) Trojan
d) Antivirus
Answer: a
Explanation: Stuxnet is a popular and powerful worm that came into existence in mid 2010, which was very powerful as it was accountable for the cause of huge damage to Iran’s Nuclear program. It mainly targets the PLCs (Programmable Logic Controllers) in a system.

46. ___________ is a violent act done using the Internet, which either threatens any technology user or leads to loss of life or otherwise harms anyone in order to accomplish political gain.
a) Cyber-warfare
b) Cyber campaign
c) Cyber-terrorism
d) Cyber attack
Answer: c
Explanation: Cyber- terrorism is the term used to describe internet terrorism, where individuals and groups are anonymously misusing ethnicities, religions as well as threaten any technology user, which may lead to even loss of life.

Module 02

1. In general how many key elements constitute the entire security structure?
a) 1
b) 2
c) 3
d) 4
Answer: d
Explanation: The 4 key elements that constitute the security are: confidentiality, integrity, authenticity & availability. Authenticity is not considered as one of the key elements in some other security models, but the popular CIA Triad eliminates this as authenticity at times comes under confidentiality & availability.

2. According to the CIA Triad, which of the below-mentioned element is not considered in the triad?
a) Confidentiality
b) Integrity
c) Authenticity
d) Availability
Answer: c
Explanation: According to the CIA triad the three components that a security need is the Confidentiality, Integrity, Availability (as in short read as CIA).cyber-security-questions-answers-elements-security-q2

3. This is the model designed for guiding the policies of Information security within a company, firm or organization. What is “this” referred to here?
a) Confidentiality
b) Non-repudiation
c) CIA Triad
d) Authenticity
Answer: c
Explanation: Various security models were being developed till date. This is by far the most popular and widely used model which focuses on the information’s confidentiality, integrity as well as availability and how these key elements can be preserved for a better security in any organization.

4. CIA triad is also known as ________
a) NIC (Non-repudiation, Integrity, Confidentiality)
b) AIC (Availability, Integrity, Confidentiality)
c) AIN (Availability, Integrity, Non-repudiation)
d) AIC (Authenticity, Integrity, Confidentiality)
Answer: b
Explanation: This approach of naming it CIA Triad as AIC (Availability, Integrity, Confidentiality) Triad because people get confused about this acronym with the abbreviation and the secret agency name Central Intelligence Agency.

5. When you use the word _____ it means you are protecting your data from getting disclosed.
a) Confidentiality
b) Integrity
c) Authentication
d) Availability
Answer: a
Explanation: Confidentiality is what every individual prefer in terms of physical privacy as well as digital privacy. This term means our information needs to be protected from getting disclose to unauthorised parties, for which we use different security mechanisms like password protection, biometric security, OTPs (One Time Passwords) etc.

6. ______ means the protection of data from modification by unknown users.
a) Confidentiality
b) Integrity
c) Authentication
d) Non-repudiation
Answer: b
Explanation: A information only seems valuable if it is correct and do not get modified during its journey in the course of arrival. The element integrity makes sure that the data sent or generated from other end is correct and is not modified by any unauthorised party in between.

7. When integrity is lacking in a security system, _________ occurs.
a) Database hacking
b) Data deletion
c) Data tampering
d) Data leakage
Answer: c
Explanation: The term data tampering is used when integrity is compromised in any security model and checking its integrity later becomes costlier. Example: let suppose you sent $50 to an authorised person and in between a Man in the Middle (MiTM) attack takes place and the value has tampered to $500. This is how integrity is compromised.

8. _______ of information means, only authorised users are capable of accessing the information.
a) Confidentiality
b) Integrity
c) Non-repudiation
d) Availability
Answer: d
Explanation: Information seems useful only when right people (authorised users) access it after going through proper authenticity check. The key element availability ensures that only authorised users are able to access the information.

9. Why these 4 elements (confidentiality, integrity, authenticity & availability) are considered fundamental?
a) They help understanding hacking better
b) They are key elements to a security breach
c) They help understands security and its components better
d) They help to understand the cyber-crime better
Answer: c
Explanation: The four elements of security viz. confidentiality, integrity, authenticity & availability helps in better understanding the pillars of security and its different components.

10. This helps in identifying the origin of information and authentic user. This referred to here as __________
a) Confidentiality
b) Integrity
c) Authenticity
d) Availability
Answer: c
Explanation: The key element, authenticity helps in assuring the fact that the information is from the original source.

11. Data ___________ is used to ensure confidentiality.
a) Encryption
b) Locking
c) Deleting
d) Backup
Answer: a
Explanation: Data encryption is the method of converting plain text to cipher-text and only authorised users can decrypt the message back to plain text. This preserves the confidentiality of data.

12. Which of these is not a proper method of maintaining confidentiality?
a) Biometric verification
b) ID and password based verification
c) 2-factor authentication
d) switching off the phone
Answer: d
Explanation: Switching off the phone in the fear of preserving the confidentiality of data is not a proper solution for data confidentiality. Fingerprint detection, face recognition, password-based authentication, two-step verifications are some of these.

13. Data integrity gets compromised when _____ and _____ are taken control off.
a) Access control, file deletion
b) Network, file permission
c) Access control, file permission
d) Network, system
Answer: c
Explanation: The two key ingredients that need to be kept safe are: access control & file permission in order to preserve data integrity.

14. ______ is the latest technology that faces an extra challenge because of CIA paradigm.
a) Big data
b) Database systems
c) Cloud storages
d) Smart dust
Answer: a
Explanation: Big data has additional challenges that it has to face because of the tremendous volume of data that needs protection as well as other key elements of the CIA triad, which makes the entire process costly and time-consuming.

15. One common way to maintain data availability is __________
a) Data clustering
b) Data backup
c) Data recovery
d) Data Altering
Answer: b
Explanation: For preventing data from data-loss, or damage data backup can be done and stored in a different geographical location so that it can sustain its data from natural disasters & unpredictable events.

16. ___________ is a special form of attack using which hackers’ exploit – human psychology.
a) Cross Site Scripting
b) Insecure network
c) Social Engineering
d) Reverse Engineering
Answer: c
Explanation: Using social engineering techniques, hackers try to exploit the victim’s mind to gain valuable information about that person such as his/her phone number, date of birth, pet name etc.

17. Which of the following do not comes under Social Engineering?
a) Tailgating
b) Phishing
c) Pretexting
d) Spamming

18. _________ involves scams where an individual (usually an attacker) lie to a person (the target victim) to acquire privilege data.
a) Phishing
b) Pretexting
c) Spamming
d) Vishing
Answer: b
Explanation: In the pretexting technique of social engineering, the attacker pretends in need of legitimate information from the victim for confirming his/her identity.

19. Which of the following is the technique used to look for information in trash or around dustbin container?
a) Pretexting
b) Baiting
c) Quid Pro Quo
d) Dumpster diving
Answer: d
Explanation: In the technology world, where information about a person seems everywhere; dumpster diving is the name of the technique where the attacker looks for information in dustbins and trashes. For example, after withdrawing money from ATM, the user usually throw the receipt in which the total amount and account details are mentioned. These type of information becomes helpful to a hacker, for which they use dumpster diving.

20. Which of the following is not an example of social engineering?
a) Dumpster diving
b) Shoulder surfing
c) Carding
d) Spear phishing
Answer: c
Explanation: Carding is the method of trafficking of bank details, credit cards or other financial information over the internet. Hence it’s a fraudulent technique used by hackers and does not comes under social engineering.

21. In a phishing, attackers target the ________ technology to so social engineering.
a) Emails
b) WI-FI network
c) Operating systems
d) Surveillance camera
Answer: a
Explanation: In a phishing attack, the attacker fraudulently attempts to obtain sensitive data (such as username & passwords) of the target user and use emails to send fake links which redirect them to a fake webpage which looks legitimate.

22. Tailgating is also termed as ___________
a) Piggybacking
b) Pretexting
c) Phishing
d) Baiting
Answer: a
Explanation: Piggybacking is the technique used for social engineering, as the attacker or unauthorized person/individual follows behind an authorized person/employee & gets into an authorized area to observe the system, gain confidential data or for a fraudulent purpose.

23. Physical hacking is not at all possible in hospitals, banks, private firms, and non-profit organizations.
a) True
b) False
Answer: b
Explanation: Physical hacking, like other types of hacking, is possible in any institutions, organizations, clinics, private firms, banks or any other financial institutions. Hence, the above statement is false.

24. Stealing pen drives and DVDs after tailgating is an example of lack of _______ security.
a) network security
b) physical security
c) database security
d) wireless security
Answer: b
Explanation: When cyber-criminal gain access to an authorized area and steal pen drives and DVDs which contain sensitive information about an employee or about the organization, then it can be said that the physical security of the organization is weak.

25. ________ is the ability of an individual to gain physical access to an authorized area.
a) Network accessing
b) Database accessing
c) Remote accessing
d) Physical accessing
Answer: d
Explanation: Physical accessing without prior security checking is the ability of a person to gain access to any authorized area. Physical accessing is done using piggybacking or any other suspicious means.

26. Which of the following is not considering the adequate measure for physical security?
a) Lock the drawers
b) Keep strong passwords for corporate laptops and mobile phones
c) Keep confidential organization’s document file open in the desk
d) Hide your hand against camera while inserting the PIN code
Answer: c
Explanation: Keeping confidential files left open in the desk is not an adequate way of maintaining physical security; as anyone can pick these up and perform physical hacking.

27. Which of the following is not a physical security measure to protect against physical hacking?
a) Add front desk & restrict unknown access to the back room
b) Create a phishing policy
c) Analyze how employees maintain their physical data and data storage peripheral devices
d) Updating the patches in the software you’re working at your office laptop.
Answer: d
Explanation: Updating the patches in your working software does not come under security measures for physical hacking. Updating the patches will help your software get free from bugs and flaws in an application as they get a fix when patches are updated.

28. IT security department must periodically check for security logs and entries made during office hours.
a) True
b) False
Answer: a
Explanation: Checking for security logs and entries made by employees and other outsiders who entered the office can help in identifying whether any suspicious person is getting in and out of the building or not.

29. Which of them is not an example of physical hacking?
a) Walk-in using piggybacking
b) Sneak-in
c) Break-in and steal
d) Phishing
Answer: d
Explanation: Phishing does not come under physical security. Walk-in without proper authorization, sneaking in through glass windows or other means and breaking in and stealing sensitive documents are examples of physical hacking.

30. Physical _________ is important to check & test for possible physical breaches.
a) penetration test
b) security check
c) hacking
d) access
Answer: a
Explanation: Physical penetration test is important in order to check for the possible physical security breaches. Usually corporate firms and organizations stay busy in securing the networks and data and penetration testers are hired for data and network pentesting, but physical security breach can also equally hamper.

31. _________ framework made cracking of vulnerabilities easy like point and click.
a) .Net
b) Metasploit
c) Zeus
d) Ettercap
Answer: b
Explanation: In the year 2003, the Metasploit framework was released which made finding and cracking of vulnerabilities easy and is used by both white as well as black hat hackers.

32. Nmap is abbreviated as Network Mapper.
a) True
b) False
Answer: a
Explanation: Network Mapper (Nmap) is a popular open-source tool used for discovering network as well as security auditing. It can be used for either a single host network or large networks.

33. __________ is a popular tool used for discovering networks as well as in security auditing.
a) Ettercap
b) Metasploit
c) Nmap
d) Burp Suit
Answer: c
Explanation: Network Mapper (Nmap) is a popular open-source tool used for discovering network as well as security auditing. It can be used for either a single host network or large networks.

34. Which of this Nmap do not check?
a) services different hosts are offering
b) on what OS they are running
c) what kind of firewall is in use
d) what type of antivirus is in use
Answer: d
Explanation: Network Mapper (Nmap) is a popular open-source tool used for discovering network as well as security auditing. It usually checks for different services used by the host, what operating system it is running and the type of firewall it is using.

35. Which of the following deals with network intrusion detection and real-time traffic analysis?
a) John the Ripper
b) L0phtCrack
c) Snort
d) Nessus
Answer: c
Explanation: Snort is a network intrusion detecting application that deals with real-time traffic analysis. As the rules are set and kept updated, they help in matching patterns against known patterns and protect your network.

36. Wireshark is a ____________ tool.
a) network protocol analysis
b) network connection security
c) connection analysis
d) defending malicious packet-filtering
Answer: a
Explanation: Wireshark is popular standardized network protocol analysis tools that allow in-depth check and analysis of packets from different protocols used by the system.

37. Which of the below-mentioned tool is used for Wi-Fi hacking?
a) Wireshark
b) Nessus
c) Aircrack-ng
d) Snort
Answer: c
Explanation: Weak wireless encryption protocols get easily cracked using Aircrack WPA and Aircrack WEP attacks that comes with Aircrack-ng tool. Its packet sniffing feature keeps track of all its traffic without making any attack.

38. Aircrack-ng is used for ____________
a) Firewall bypassing
b) Wi-Fi attacks
c) Packet filtering
d) System password cracking
Answer: b
Explanation: Weak wireless encryption protocols get easily cracked using Aircrack WPA and Aircrack WEP. Its packet sniffing feature keeps track of all its traffic without making any attack.

39. _____________ is a popular IP address and port scanner.
a) Cain and Abel
b) Snort
c) Angry IP Scanner
d) Ettercap
Answer: c
Explanation: Angry IP scanner is a light-weight, cross-platform IP and port scanning tool that scans a range of IP. It uses the concept of multithreading for making fast efficient scanning.

40. _______________ is a popular tool used for network analysis in multiprotocol diverse network.
a) Snort
b) SuperScan
c) Burp Suit
d) EtterPeak
Answer: d
Explanation: EtterPeak is a network analysis tool that can be used for multiprotocol heterogeneous networking architecture. It can help in sniffing packets of network traffic.

41. ____________ scans TCP ports and resolves different hostnames.
a) SuperScan
b) Snort
c) Ettercap
d) QualysGuard
Answer: a
Explanation: SuperScan has a very nice user-friendly interface and it is used for scanning TCP ports as well as resolve hostnames. It is popularly used for scanning ports from a given range of IP.

42. ___________ is a web application assessment security tool.
a) LC4
b) WebInspect
c) Ettercap
d) QualysGuard
Answer: b
Explanation: WebInspect is a popular web application security tool used for identifying known vulnerabilities residing in web-application layer. It also helps in penetration testing of web servers.

43. Which of the following attack-based checks WebInspect cannot do?
a) cross-site scripting
b) directory traversal
c) parameter injection
d) injecting shell code

44. ________ is a password recovery and auditing tool.
a) LC3
b) LC4
c) Network Stumbler
d) Maltego
Answer: b
Explanation: LC4 which was previously known as L0phtCrack is a password auditing and recovery tool; used for testing strength of a password and also helps in recovering lost Microsoft Windows passwords.

45. L0phtCrack is formerly known as LC3.
a) True
b) False
Answer: b
Explanation: L0phtCrack is now commonly known as LC4 is a password auditing and recovery tool; used for testing strength of a password and also helps in recovering lost Microsoft Windows passwords.

46. Which of the following attach is not used by LC4 to recover Windows password?
a) Brute-force attack
b) Dictionary attack
c) MiTM attack
d) Hybrid attacks
Answer: c
Explanation: LC4 is a password auditing and recovery tool; used for testing strength of a password and also helps in recovering lost Microsoft Windows passwords using a hybrid attack, brute-force attack as well as using a dictionary attack.

47. ____________ is the world’s most popular vulnerability scanner used in companies for checking vulnerabilities in the network.
a) Wireshark
b) Nessus
c) Snort
d) WebInspect
Answer: b
Explanation: Nessus is a popular and proprietary network vulnerability scanning tool developed by Tenable Network Security. It helps in easily identifying vulnerabilities and fix them, which includes missing patches and software flaws.

48. _____________ is a tool which can detect registry issues in an operating system.
a) Network Stumbler
b) Ettercap
c) Maltego
d) LANguard Network Security Scanner
Answer: d
Explanation: LANguard Network Security Scanner helps in monitoring networks by scanning connected machines to provide information for every node. It can also be used for identifying registry issues.

49. Network Stumbler is a Windows Wi-Fi monitoring tool.
a) True
b) False
Answer: a
Explanation: Network Stumbler is a popular tool that helps in detecting WLANs and helps hackers in finding non-broadcasting wireless networks. It is popularly used as Wi-Fi scanning and monitoring tool for Windows.

50. ToneLoc is abbreviated as __________
a) Tone Locking
b) Tone Locator
c) Tone Locker
d) Tune Locator
Answer: c
Explanation: ToneLoc is a popular and primitive tool written for MS-DOS users. It is basically used by malicious attackers to guess user accounts, finding entry points in modems and locating modems connected in the network.

51. __________ is a debugger and exploration tool.
a) Netdog
b) Netcat
c) Tcpdump
d) BackTrack
Answer: b
Explanation: Netcat is an easy Unix utility that helps in reading and writing data across network connections, using TCP or UDP protocol. It is popularly used as a debugger and exploration tool that is found free for Windows and Mac OS also.

52. __________ is a popular command-line packet analyser.
a) Wireshark
b) Snort
c) Metasploit
d) Tcpdump
Answer: d
Explanation: Tcpdump is a popular command-line network packet analyzer. It allows its user in displaying TCP / IP as well as other data packets being transmitted or received over the computer network.

53. ________________ is a platform that essentially keeps the log of data from networks, devices as well as applications in a single location.
a) EventLog Analyser
b) NordVPN
c) Wireshark
d) PacketFilter Analyzer
Answer: a
Explanation: EventLog Analyser is a tool that basically keeps the log of data from networks, devices as well as applications in a single location. Latest encryption techniques are used for securing its stored data.

54. ______________ is competent to restore corrupted Exchange Server Database files as well as recovering unapproachable mails in mailboxes.
a) Outlook
b) Nessus
c) Mailbox Exchange Recovery
d) Mail Exchange Recovery toolkit
Answer: c
Explanation: Mailbox Exchange Recovery is competent to restore corrupted Exchange Server Database files as well as recovering unapproachable mails in mailboxes. This tool is popularly used by ethical hackers and cyber-forensics investigators in recovering emails, calendars, attachments, contacts from inaccessible mail-servers.

55. ________________ helps in protecting businesses against data breaches that may make threats to cloud.
a) Centrify
b) Mailbox Exchange Recovery
c) Nessus
d) Dashline
Answer: a
Explanation: Centrify helps in protecting businesses against data breaches that may make threats to the cloud. This is done by securing Centrify users by providing internal, external and privileged users.

56. __________ is a popular corporate security tool that is used to detect the attack on email with cloud only services.
a) Cain and Abel
b) Proofpoint
c) Angry IP Scanner
d) Ettercap
Answer: b
Explanation: Proofpoint is a popular corporate security tool that is used to detect an attack on email with cloud-only services. It helps firms detect attack vectors and loopholes in different security systems through which attackers may gain access.

57. _____________ helps in protecting corporate data, communications and other assets.
a) Snort
b) CipherCloud
c) Burp Suit
d) Wireshark
Answer: b
Explanation: CipherCloud helps in protecting corporate data, different communications as well as other assets. This includes anti-virus scanning facility, encryption & traffic monitoring. In addition, it provides mobile security support also.

58. Which of the following is not an appropriate way of targeting a mobile phone for hacking?
a) Target mobile hardware vulnerabilities
b) Target apps’ vulnerabilities
c) Setup Keyloggers and spyware in smart-phones
d) Snatch the phone
Answer: d
Explanation: Snatching is not a type of hacking any smart-phone. Targeting the hardware and application level vulnerabilities and setting some keylogger or spyware in the target mobile can help get valuable info about the victim.

59. Which of the following is not an OS for mobile?
a) Palm
b) Windows
c) Mango
d) Android
Answer: c
Explanation: A mobile/smart-phone operating system is software which allows smart-phones, tablets, phablets & other devices to run apps & programs within it. Palm OS, Windows OS, and Android OS are some of the examples of Mobile OS.

60. Mobile Phone OS contains open APIs that may be _____________ attack.
a) useful for
b) vulnerable to
c) easy to
d) meant for
Answer: b
Explanation: Mobile phone operating systems contain open APIs that or may be vulnerable to different attacks. OS has a number of connectivity mechanisms through which attackers can spread malware.

61. ____________ gets propagated through networks and technologies like SMS, Bluetooth, wireless medium, USBs and infrared to affect mobile phones.
a) Worms
b) Antivirus
c) Malware
d) Multimedia files
Answer: c
Explanation: Malware gets propagated through networks and technologies like SMS, Bluetooth, wireless medium, USBs and infrared to affect mobile phones.

62. ____________ is the protection of smart-phones, phablets, tablets, and other portable tech-devices, & the networks to which they connect to, from threats & bugs.
a) OS Security
b) Database security
c) Cloud security
d) Mobile security
Answer: d
Explanation: Mobile security is the protection of smart-phones, phablets, tablets, and other portable tech-devices, & the networks to which they connect to, from threats & bugs.

63. Mobile security is also known as ____________
a) OS Security
b) Wireless security
c) Cloud security
d) Database security
Answer: b
Explanation: Mobile security also known as wireless security is the protection of smart-phones, phablets, tablets, and other portable tech-devices, & the networks to which they connect to, from threats & bugs.

64. DDoS in mobile systems wait for the owner of the _____________ to trigger the attack.
a) worms
b) virus
c) botnets
d) programs
Answer: c
Explanation: Botnets on compromised mobile devices wait for instructions from their owner. After getting the owner’s instruction it launches DDoS flood attack. This result in a failure in connecting calls or transmitting data.

65. Hackers cannot do which of the following after compromising your phone?
a) Steal your information
b) Rob your e-money
c) Shoulder surfing
d) Spying
Answer: c
Explanation: Shoulder surfing is done before compromising the mobile. So, hackers can steal your information; rob your e-money or do spying after compromising your smart-phone.

66. Hackers cannot do which of the following after compromising your phone?
a) Shoulder surfing
b) Accessing your voice mail
c) Steal your information
d) Use your app credentials
Answer: a
Explanation: Shoulder surfing is done before compromising the mobile. So, hackers can steal your information; accessing your voice mail or use your app credentials after compromising your smart-phone.

67. App permissions can cause trouble as some apps may secretly access your memory card or contact data.
a) True
b) False
Answer: a
Explanation: App permissions can cause trouble as some apps may secretly access your memory card or contact data. Almost all applications nowadays ask for such permission, so make sure you do a proper survey on these apps before allowing such access.

68. Activate _____________ when you’re required it to use, otherwise turn it off for security purpose.
a) Flash Light
b) App updates
c) Bluetooth
d) Rotation
Answer: c
Explanation: Activate Bluetooth when you’re required it to use, otherwise turn it off for security purpose. This is because; there are various tools and vulnerabilities that may gain access to your smart-phone using Bluetooth.

69. Try not to keep ________________ passwords, especially fingerprint for your smart-phone, because it can lead to physical hacking if you’re not aware or asleep.
a) Biometric
b) PIN-based
c) Alphanumeric
d) Short
Answer: a
Explanation: Try not to keep biometric passwords, especially fingerprint for your smart-phone containing very confidential data, because anyone can do physical hacking if you’re not aware or asleep.

70. Which of the following tool is used for Blackjacking?
a) BBAttacker
b) BBProxy
c) Blackburried
d) BBJacking
Answer: b
Explanation: BBProxy (installed on blackberry phones) is the name of the tool used to conduct blackjacking. What attackers do is they install BBProxy on user’s blackberry and once the tool is activated it opens a covert channel between the hacker and the compromised host.

71. BBProxy tool is used in which mobile OS?
a) Android
b) Symbian
c) Raspberry
d) Blackberry
Answer: d
Explanation: BBProxy (installed on blackberry phones) is the name of the tool used to conduct blackjacking. What attackers do is they install BBProxy on user’s blackberry and once the tool is activated it opens a covert channel between the hacker and the compromised host.

72. Which of the following is not a security issue for PDAs?
a) Password theft
b) Data theft
c) Reverse engineering
d) Wireless vulnerability
Answer: c
Explanation: Reverse engineering is not an issue of PDA (Personal Digital Assistant). Password theft, data theft, wireless vulnerability exploitation, data corruption using virus are some of them.

73. Bit error rate provides the information about the type of error.
a) True
b) False
Answer: b
Explanation: Bit error rate does not provide information about the type of error. However, bit error rate (BER) evaluation gives a good indication of the performance of a particular modulation scheme.

74. Which of the following is specified by a specific number of bit errors occurring in a given transmission?
a) Bit error rate
b) Equally likely event
c) Outage event
d) Exhaustive events
Answer: c
Explanation: Outage event is specified by a specific number of bit errors occurring in a given transmission. Evaluating the probability of outage is one of the means to judge the effectiveness of the signalling scheme in a mobile radio channel.

75. Irreducible BER floor is created in frequency selective channels due to ____________
a) Intersymbol interference
b) Random spectral spreading
c) Time varying Doppler spread
d) Blind speed
Answer: a
Explanation: Frequency selective fading is caused due to multipath delay spread which causes intersymbol interference. It results in an irreducible BER floor for mobile systems.

76. Irreducible BER floor is created in non frequency selective channels due to ____________
a) Intersymbol interference
b) Multipath time delay
c) Time varying Doppler spread
d) Blind speed
Answer: c
Explanation: Even if a mobile channel is not frequency selective, the tie varying Doppler spread due to motion creates an irreducible BER floor. It is caused due random spectral spreading.

77. The performance of BPSK is best is term of BER because _______
a) Symbol offset interference does not exist
b) Existence of cross rail interference
c) No multipath delay
d) Doppler spread
Answer: a
Explanation: BER performance of BPSK is best among all the modulation schemes compared. This is because symbol offset interference does not exist in BPSK. Symbol offset interference is also called cross rail interference due to the fact that the eye diagram has multiple rails.

78. High capacity mobile systems are interference limited.
a) True
b) False
Answer: a
Explanation: High capacity mobile systems are interference limited, but they are not noise limited. It was clearly seen that when carrier to interference ratio (C/I) is large, the errors are primarily due to fading, and interference has very little effect. However, as C/I drops below a certain level, interference dominates the link performance.

79. Which of the following do not impact bit error rate in mobile communication systems?
a) Mobile velocity
b) Channel delay spread
c) Modulation format
d) Base station
Answer: d
Explanation: The mobile velocity, channel delay spread, interference levels and modulation formats all independently impact the raw bit error rate in mobile communication systems. And simulation is a powerful way to design or predict the performance of wireless communication links.

80. Coherence time refers to ____________
a) Time required attaining a call with the busy base station
b) Time required for synchronization between the transmitter and the receiver
c) Minimum time for change in magnitude and phase of the channel
d) None of the mentioned
Answer: b
Explanation: Coherence time is the time required for synchronization between the transmitter and receiver. It is the over which a propagating wave is said to be coherent.

81. Doppler spread refers to _________
a) Signal fading due to Doppler shift in the channel
b) Temporary failure of message transfer
c) Large coherence time of the channel as compared to the delay constraints
d) All of the mentioned
Answer: a
Explanation: Doppler spread refers to signal fading due to Doppler shift in the channel. It is a measure of spectral broadening caused by time rate of change of the mobile radio channel.

82. A rake receiver uses multiple ______
a) Delay circuits
b) Correlators
c) Detectors
d) Flip flops
Answer: b
Explanation: A rake receiver uses multiple correlators to separately detect multiple strongest components. It is designed to counter the effects of multipath fading.

83. ____________________ is the anticipation of unauthorized access or break to computers or data by means of wireless networks.
a) Wireless access
b) Wireless security
c) Wired Security
d) Wired device apps
Answer: b
Explanation: Wireless security is the anticipation of unauthorized access or breaks to computers or data by means of wireless networks. The most widespread types of wireless securities are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 and recently released WPA3.

84. Which among them has the strongest wireless security?
a) WEP
b) WPA
c) WPA2
d) WPA3
Answer: d
Explanation: The most extensive types of wireless securities are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 and WPA3. WPA3 is the strongest and recently released.

85. Which among the following is the least strong security encryption standard?
a) WEP
b) WPA
c) WPA2
d) WPA3
Answer: a
Explanation: A prime branch of cyber-security is wireless security. The most widespread types of wireless securities are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 and WPA3. WEP is notoriously weak encryption standard.

86. _________ is an old IEEE 802.11 standard from the year 1999.
a) WPA2
b) WPA3
c) WEP
d) WPA
Answer: c
Explanation: The most widespread types of wireless securities are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 and WPA3. WEP is an old IEEE 802.11 standard from the year 1999.

87. _______________ is the central node of 802.11 wireless operations.
a) WPA
b) Access Point
c) WAP
d) Access Port
Answer: b
Explanation: The central node of 802.11 wireless operations is the Access Point (AP). It is that interface which acts as an intermediary of a wired & wireless network; and all the associated wireless clients’ use this to exchange data with it.

88. AP is abbreviated as _____________
a) Access Point
b) Access Port
c) Access Position
d) Accessing Port
Answer: a
Explanation: The central node of 802.11 is that interface which acts as an intermediary of a wired & wireless network; and all the associated wireless clients’ use this and exchange data.

89. ___________________ is alike as that of Access Point (AP) from 802.11, & the mobile operators uses it for offering signal coverage.
a) Base Signal Station
b) Base Transmitter Station
c) Base Transceiver Station
d) Transceiver Station
Answer: c
Explanation: Base Transceiver Station (BTS) which is also known as a base station (BS) or radio base station (RBS) is alike as that of Access Point (AP) from 802.11, & the mobile operators use it for offering signal coverage.

90. BTS stands for ___________________
a) Basement Transceiver Server
b) Base Transmitter Station
c) Base Transceiver Server
d) Base Transceiver Station
Answer: d
Explanation: Base Transceiver Station is a section of equipment which facilitates wireless communication from 802.11 & the mobile operators use it for offering signal coverage. Examples are GSM, 3G, 4G etc.

91. There are __________ types of wireless authentication modes.
a) 2
b) 3
c) 4
d) 5
Answer: a
Explanation: There are 2 achievable authentication types or schemes which are implemented in the wireless security. These are Pre-Shared Key – based authentication & Open Authentication.

92. When a wireless user authenticates to any AP, both of them go in the course of four-step authentication progression which is called _____________
a) AP-handshaking
b) 4-way handshake
c) 4-way connection
d) wireless handshaking
Answer: b
Explanation: When a wireless user authenticates to any AP, both of them go in the course of four-step authentication progression which is called 4-way handshake.

93. WPS stands for __________________
a) WiFi Protected System
b) WiFi Protected Setup
c) WiFi Protocol Setup
d) Wireless Protected Setup
Answer: b
Explanation: WPS stands for WiFi Protected Setup began to show up a few years back on wireless access points as a new way of adding or connecting new devices to the network by just pushing a key (within the router) & inserting the password.

94. It is recommended to use WPA2 or WPA3 encryption standard as they are strong and more secure.
a) True
b) False
Answer: a
Explanation: It is recommended to use WPA2 or WPA3 encryption standard as they are strong and more secure. WPA2 & WPA3 characterizes the protocols a router & Wi-Fi client devices use for performing “handshake” securely for communication.

95. ___________ is a process of wireless traffic analysis that may be helpful for forensic investigations or during troubleshooting any wireless issue.
a) Wireless Traffic Sniffing
b) WiFi Traffic Sniffing
c) Wireless Traffic Checking
d) Wireless Transmission Sniffing
Answer: a
Explanation: Wireless Traffic Sniffing is a process of analyzing wireless traffic that may be helpful for forensic investigations or during troubleshooting any wireless issue.

96. Which of the following is a Wireless traffic Sniffing tool?
a) Maltego
b) BurpSuit
c) Nessus
d) Wireshark
Answer: d
Explanation: The process of analyzing wireless traffic that may be helpful for forensic investigations or during troubleshooting any wireless issue is called Wireless Traffic Sniffing. Popular tools used in this case are Wireshark and Kismet.

97. ___________________ began to show up few years back on wireless access points as a new way of adding or connecting new devices.
a) WPA2
b) WPA
c) WPS
d) WEP
Answer: c
Explanation: WiFi Protected Setup (WPS) began to show up a few years back on wireless access points as a new way of adding or connecting new devices to the network by just pushing a key (within the router) & typing an eight-digit password on the client device.

98. Which of the following are forms of malicious attack?
a) Theft of information
b) Modification of data
c) Wiping of information
d) All of the mentioned
Answer: d
Explanation: None.

99. What are the common security threats?
a) File Shredding
b) File sharing and permission
c) File corrupting
d) File integrity
Answer: b
Explanation: Sharing and associated permissions are usual exploits which can compromise the system.

100. From the following, which is not a common file permission?
a) Write
b) Execute
c) Stop
d) Read
Answer: c
Explanation: None.

101. Which of the following is a good practice?
a) Give full permission for remote transferring
b) Grant read only permission
c) Grant limited permission to specified account
d) Give both read and write permission but not execute
Answer: c
Explanation: Limited access is a key method to circumvent unauthorized access and exploits.

102. What is not a good practice for user administration?
a) Isolating a system after a compromise
b) Perform random auditing procedures
c) Granting privileges on a per host basis
d) Using telnet and FTP for remote access
Answer: d
Explanation: Telnet and FTP are not encrypted and can be compromised.

103. Which of the following is the least secure method of authentication?
a) Key card
b) fingerprint
c) retina pattern
d) Password
Answer: d
Explanation: Passwords can be compromised more easily than to replicate a physical thing like key card, fingerprint or retina.

104. Which of the following is a strong password?
a) 19thAugust88
b) Delhi88
c) [email protected]
d) !augustdelhi
Answer: c
Explanation: It has a combination of Alphabet both capital and small along with number and special character. Thus always use complex password with a combination of all these.

105. Why is one time password safe?
a) It is easy to generated
b) It cannot be shared
c) It is different for every access
d) It is a complex encrypted password
Answer: c
Explanation: One time password is safe since it is generated per access and thus cannot be brute forced or deduced.

106. What does Light Directory Access Protocol (LDAP) doesn’t store?
a) Users
b) Address
c) Passwords
d) Security Keys
Answer: b
Explanation: None.

107. What is characteristic of RADIUS system?
a) It is essential for centralized encryption and authentication
b) It works on Network layer to deny access to unauthorized people
c) It provides centralized authentication mechanism via network devices
d) It’s a strong File access system
Answer: c
Explanation: None.

108. Which happens first authorization or authentication?
a) Authorization
b) Authentication
c) Authorization & Authentication are same
d) None of the mentioned
Answer: a
Explanation: None.

109. What are the characteristics of Authorization?
a) RADIUS and RSA
b) 3 way handshaking with syn and fin
c) Multilayered protection for securing resources
d) Deals with privileges and rights
Answer: d
Explanation: None.

110. What forces the user to change password at first login?
a) Default behavior of OS
b) Part of AES encryption practice
c) Devices being accessed forces the user
d) Account administrator
Answer: d
Explanation: Its administrator’s job to ensure that password of the user remains private and is known only to user. But while making a new user account he assigns a random general password to give it to user. Thus even administrator cannot access a particular users account.

111. What is not a best practice for password policy?
a) Deciding maximum age of password
b) Restriction on password reuse and history
c) Password encryption
d) Having change password every 2 years
Answer: d
Explanation: Old passwords are more vulnerable to being misplaced or compromised. Passwords should be changed periodically to enhance security.

112. _______ is the practice and precautions taken to protect valuable information from unauthorised access, recording, disclosure or destruction.
a) Network Security
b) Database Security
c) Information Security
d) Physical Security
Answer: c
Explanation: Information Security (abbreviated as InfoSec) is a process or set of processes used for protecting valuable information for alteration, destruction, deletion or disclosure by unauthorised users.

113. From the options below, which of them is not a threat to information security?
a) Disaster
b) Eavesdropping
c) Information leakage
d) Unchanged default password
Answer: d
Explanation: Disaster, eavesdropping and information leakage come under information security threats whereas not changing the default password of any system, hardware or any software comes under the category of vulnerabilities that the user may pose to its system.

114. From the options below, which of them is not a vulnerability to information security?
a) flood
b) without deleting data, disposal of storage media
c) unchanged default password
d) latest patches and updates not done
Answer: a
Explanation: Flood comes under natural disaster which is a threat to any information and not acts as a vulnerability to any system.

115. _____ platforms are used for safety and protection of information in the cloud.
a) Cloud workload protection platforms
b) Cloud security protocols
c) AWS
d) One Drive
Answer: a
Explanation: Nowadays data centres support workloads from different geographic locations across the globe through physical systems, virtual machines, servers, and clouds. Their security can be managed using Cloud workload protection platforms which manage policies regarding security of information irrespective of its location.

116. Which of the following information security technology is used for avoiding browser-based hacking?
a) Anti-malware in browsers
b) Remote browser access
c) Adware remover in browsers
d) Incognito mode in a browser
Answer: b
Explanation: Cyber-criminals target browsers for breaching information security. If a user establishes a remote browsing by isolating the browsing session of end user, cyber-criminals will not be able to infect the system along with browser with malware, ultimately reducing the attack surface area.

117. The full form of EDR is _______
a) Endpoint Detection and recovery
b) Early detection and response
c) Endpoint Detection and response
d) Endless Detection and Recovery
Answer: c
Explanation: It is a collective name for tools that monitor networks & endpoints of systems and record all the activities for further reporting, analysis & detection in a central database. Analyzing the reports generated through such EDR tools, loopholes in a system or any internal, as well as external breaching attempts can be detected.

118. _______ technology is used for analyzing and monitoring traffic in network and information flow.
a) Cloud access security brokers (CASBs)
b) Managed detection and response (MDR)
c) Network Security Firewall
d) Network traffic analysis (NTA)
Answer: d
Explanation: Network traffic analysis (NTA) is an approach of information security for supervising the traffic in any network, a flow of data over the network as well as malicious threats that are trying to breach the network. This technological solution also helps in triage the events detected by Network Traffic Analysing tools.

119. Compromising confidential information comes under _________
a) Bug
b) Threat
c) Vulnerability
d) Attack
Answer: b
Explanation: Threats are anything that may cause damage or harm to a computer system, individual or any information. Compromising of confidential information means extracting out sensitive data from a system by illegal manner.

120. Lack of access control policy is a _____________
a) Bug
b) Threat
c) Vulnerability
d) Attack
Answer: c
Explanation: Access control policies are incorporated to a security system for restricting of unauthorised access to any logical or physical system. Every security compliance program must need this as a fundamental component. Those systems which lack this feature is vulnerable.

121. Possible threat to any information cannot be ________________
a) reduced
b) transferred
c) protected
d) ignored
Answer: d
Explanation: When there lies a threat to any system, safeguards can be implemented, outsourced, distributed or transferred to some other system, protected using security tools and techniques but cannot be ignored.

Module 03

1. System hacking involves password hacking as one of the major hacking methodologies.
a) True
b) False
Answer: a
Explanation: System hacking, which is of four types involves password hacking as one of the major hacking methodologies. It is used to crack the security of a system and gain access for stealing data.

2. Password cracking in system hacking is of ________ types.
a) 2
b) 3
c) 4
d) 5
Answer: c
Explanation: System hacking involves password hacking as one of the major hacking methodologies. It is of 4 types. These are passive online attack, active online attack, offline attack, and non-electronic attack.

3. There are ________ major types of passwords.
a) 4
b) 5
c) 6
d) 7
Answer: d
Explanation: There are seven major types of passwords. These are a password containing only letters, a password containing only number, a password containing only special characters, a password containing only alpha-numeric characters, a password containing letters, numbers as well as special symbols or password containing any two combinations of the three.

4. In _______________ attacks an attacker do not contact with authorizing party for stealing password.
a) passive online
b) active online
c) offline
d) non-electronic
Answer: a
Explanation: In passive online attacks, the attacker do not contact with an authorized party to steal the password, rather the attacker attempts to grab password hacking without communicating with the victim or his/her victim account.

5. Which of the following is an example of passive online attack?
a) Phishing
b) Social Engineering
c) Spamming
d) Wire sniffing
Answer: d
Explanation: Attacker do not contact with an authorized party to steal the password in the passive online attack, rather the attacker attempts to grab password hacking without communicating with the victim or his/her victim account. Examples of passive online attacks include wire sniffing, Man in the middle attack and reply attack.

6. Which of the following is not an example of a passive online attack?
a) MiTM
b) Reply Attack
c) Phishing
d) Wire sniffing
Answer: c
Explanation: Phishing is not an example of a passive online attack. In passive online attacks, the attacker does not contact with an authorized party to steal the password. Types of passive online attacks include wire sniffing, Man in the middle attack and reply attack.

7. Which of the following do not comes under hurdles of passive online attack for hackers?
a) Hard to perpetrate
b) Computationally complex
c) Time taking, so patience has to be there
d) Tools not available
Answer: d
Explanation: Tools for doing a passive offline attack on passwords is widely available so it doesn’t come under disadvantage or hurdles of passive offline attack. But passive offline attacks are computationally complex, hard to perpetrate and may take time.

8. Which of the following case comes under victims’ list of an active online attack?
a) Strong password based accounts
b) Unsecured HTTP users
c) Open authentication points
d) Logged in systems and services
Answer: c
Explanation: Systems with bad or weak passwords & with open authentication points often becomes the victim of an active online attack where the attacker directly tries different passwords 1-by-1 against victim’s system/account.

9. In _______________ password grabbing attack the attacker directly tries different passwords 1-by-1 against victim’s system/account.
a) passive online
b) active online
c) offline attack
d) non-electronic
Answer: b
Explanation: Users with open authentication points and bad or weak passwords often becomes the victim of an active online attack where the attacker directly tries different passwords 1-by-1 against victim’s system/account.

10. Which of them is not a disadvantage of active online attack?
a) Takes a long time
b) Easily and automatically detected
c) Need high network bandwidth
d) Need the patience to crack
Answer: b
Explanation: In an active online attack, the attacker directly tries different passwords 1-by-1 against victim’s system/account. It has some disadvantages as it takes a long time, hence a lot of patience & high network bandwidth also.

11. _________________ can be alternatively termed as password guessing attack.
a) passive online
b) active online
c) offline attack
d) non-electronic
Answer: b
Explanation: Users with open authentication points and bad or weak passwords often becomes the victim of the active online attack. It is alternatively termed as password guessing attack where the attacker directly tries different passwords 1-by-1 against victim’s system/account.

12. ________________ attacks are carried out from a location other than the real computer where the password reside or was used.
a) passive online
b) active online
c) offline password
d) non-electronic
Answer: c
Explanation: For this cyber-criminal needs to have physical access to the system and so offline password attacks are carried out from a location other than the real computer where the password reside or was used. They are common examples of physical data breaching & hacking.

13. _______________ attacks always need physical access to the system that is having password file or the hacker needs to crack the system by other means.
a) online
b) offline
c) password
d) non-electronic
Answer: b
Explanation: Offline password attacks are carried out from a location other than the real computer where the password resides or was used. They need physical access to the system that is having a password file or the hacker needs to crack the system by other means.

14. Which of the following is not an example of offline password attack?
a) Dictionary attack
b) Rainbow attacks
c) Brute force attack
d) Spamming attack
Answer: d
Explanation: The offline attack needs physical access to the system that is having a password file or the hacker needs to crack the system by other means. A dictionary attack, rainbow, and brute force come under offline attack.

15. Passwords need to be kept encrypted to protect from such offline attacks.
a) True
b) False
Answer: a
Explanation: Physical access is needed in offline attack to the system that is having a password file or the hacker needs to crack the system by other means. Hence, even if hackers gain physical access to the system, if the passwords are in the encrypted mode, it will be almost impossible to steal passwords.

16. ________________ are unnecessary software which infiltrates user’s system, spy on user’s activities, stealing internet usage data & sensitive information of that user.
a) Shareware
b) Spyware
c) Ransomware
d) Freeware
Answer: b
Explanation: Spyware is preventable software that spy on user’s activities, stealing internet usage data & sensitive information of that user. Spyware is categorized as a sub-type of malware intended to spy & gain access to or damage the system data, without your acquaintance.

17. They spy on our digital habits and spy on which data is more sensitive or useful for its creator. Who are ‘they’ referring to here?
a) Shareware
b) Ransomware
c) Spyware
d) Freeware
Answer: c
Explanation: Here ‘they’ refer to spyware which is an unnecessary software which infiltrates user’s system, spy on user’s activities, stealing internet usage data & sensitive information of that user.

18. Spyware collects user’s personal data & spreads it to______________ data-firms, or its creator.
a) advertisers
b) dark-market
c) antivirus company
d) share market
Answer: a
Explanation: Spyware is unnecessary software which infiltrates user’s system, spy on the user’s activities, stealing internet usage data & sensitive information of that user. Spyware collects user’s personal data & spreads it to advertisers, data-firms, or its creator.

19. Which of the following activity is not done by spyware?
a) sell internet usage data
b) capture credit card details
c) user’s personal identity
d) steal signature of the different virus
Answer: d
Explanation: Spyware are harmful programs intended to spy & gain access to or damage the system data, without your acquaintance. It captures credit card details, user’s personal identity, sells internet usage data etc.

20. Which of the following activity is not done by spyware?
a) Monitors your internet activity
b) Track user’s login details and passwords
c) Uninstalls your mobile browser
d) Spy on sensitive information
Answer: c
Explanation: Spyware is harmful software which infiltrates user’s system, spy on user’s activities, stealing internet usage data & sensitive information of that user. It monitors your internet activity, track login credentials and spy on user’s sensitive information.

21. Spyware is not a powerful & one of the most widespread threats on the internet.
a) True
b) False
Answer: b
Explanation: Spyware is one of the most powerful & widespread threats on the internet. Spyware is categorized as a sub-type of malware intended to spy & gain access to or damage the system data, without your acquaintance.

22. It actually infects your device easily & makes it hard to _____________
a) delete
b) identify
c) modify
d) copy
Answer: b
Explanation: The most powerful & widespread threats for users are the spyware. It actually infects your device easily & makes it hard to detect. Once detected, we need specific tools and antivirus programs to delete them.

23. There are __________ main types of spyware.
a) 2
b) 3
c) 4
d) 5
Answer: c
Explanation: Spyware actually infects your device easily & makes it hard to detect. There are 4 major types of spyware. These are adware, tracking cookies, spy-trojans & system monitoring spyware.

24. _____________ track the user’s online activities like search queries, history pages & downloads, for selling purposes.
a) Ad-based spyware
b) System Monitors
c) Spy-trojans
d) Tracking cookies
Answer: d
Explanation: There are 4 major types of spyware. One of them is the tracking cookies which track the user’s online activities like search queries, history pages & downloads, for selling purposes.

25. _____________ tracks your data and displays those products as ads for promotions.
a) Ad-based spyware
b) System Monitors
c) Spy-trojans
d) Tracking cookies
Answer: a
Explanation: Spyware are of four major types. One of them is adware. Adware or ad-based spyware tracks your data and displays those products as ads for promotions.

26. _________________ disguises them as legitimate software & appear as Java or Flash Player updates. They will periodically collect your system data and send it to its creator.
a) Ad-based spyware
b) System Monitors
c) Spy-trojans
d) Tracking cookies
Answer: c
Explanation: There are four major types of spyware. One of them is the spy-trojans which disguise them as legitimate software & appear as Java or Flash Player updates. They will periodically collect your system data and send it to its creator.

27. ____________ records all your key-strokes, chat-room dialogs, program run in your system, and system details.
a) Ad-based spyware
b) System Monitors
c) Spy-trojans
d) Tracking cookies
Answer: b
Explanation: One of the types of spyware is the system monitoring spyware which records all your key-strokes, chat-room dialogs, a program run in your system, and system details.

28. Which of the following do not lead you to invite spyware into your system?
a) Accepting fishy prompt or pop-ups
b) Downloading apps from an unreliable source
c) Opening unknown attachments
d) Installing antivirus patches
Answer: d
Explanation: Some of the largest possible ways your system can become contaminated with spyware is when you accept fishy prompts and pop-ups, download apps from unreliable sources or opening unknown attachments from mailing services.

29. As you sense your device has been infected with spyware, you should run a scan with your existing security software/AV for making sure it has cleaned up all malicious contents.
a) True
b) False
Answer: a
Explanation: As you sense your device has been infected with spyware, you should run a scan with your existing security software/AV for making sure it has cleaned up all malicious contents. In this manner, you can protect your system before the spyware takes away all your sensitive data.

30. Which of the following is not an anti-spyware tool?
a) MalwareBytes Anti-Malware tool
b) SpyBot Search and Destroy
c) Emsisoft Emergency Kit
d) MS Firewall Defender
Answer: d
Explanation: MS Firewall Defender is not used for detecting & removing spyware. MalwareBytes Anti-Malware tool, SpyBot Search and Destroy & Emsisoft Emergency Kit are some of the anti-spyware tools.

31. If you’ve accidentally clicked any pop-up which seems malicious, it is recommended to take steps to remove it and proactively change your ________ and delete browsing activities from web browser.
a) passwords
b) email ID
c) name
d) address
Answer: a
Explanation: If you’ve accidentally clicked any pop-up which seems malicious, it is recommended to take steps to remove it and proactively change your passwords, and delete browsing activities from a web browser.

32. There are _________ types of computer virus.
a) 5
b) 7
c) 10
d) 12
Answer: c
Explanation: There are a total of 10 types of virus. These are categorized based on their working and characteristics. These are System or Boot Sector Virus, Direct Action Virus, Resident Virus, Multipartite Virus, Polymorphic Virus, Overwrite Virus, Space-filler Virus, File infectors, Macro Virus, Rootkit virus.

33. Which of the following is not a type of virus?
a) Boot sector
b) Polymorphic
c) Multipartite
d) Trojans
Answer: d
Explanation: Types of viruses are System or Boot Sector Virus, Direct Action Virus, Resident Virus, Multipartite Virus, Polymorphic Virus, Overwrite Virus, Space-filler Virus, File infectors, Macro Virus, Rootkit virus. Trojan does not come under types of virus.

34. A computer ________ is a malicious code which self-replicates by copying itself to other programs.
a) program
b) virus
c) application
d) worm
Answer: b
Explanation: A computer virus is a malicious code which self-replicates by copying itself to other programs. The computer virus gets spread by itself into other executable code or documents. The intention of creating a virus is to infect vulnerable systems.

35. Which of them is not an ideal way of spreading the virus?
a) Infected website
b) Emails
c) Official Antivirus CDs
d) USBs
Answer: c
Explanation: The ideal means of spreading computer virus are through emails, USB drives that are used portable and injected and ejected in different systems as well as from infected websites. Antivirus selling vendors do not place a virus in their CDs and DVDs.

36. In which year Apple II virus came into existence?
a) 1979
b) 1980
c) 1981
d) 1982
Answer: c
Explanation: In mid-1981, the 1st virus for Apple computers with the name Apple II came into existence. It was also called Elk Cloner, which resided in the boot sectors of a 3.3 floppy disk.

37. In mid-1981, the 1st virus for Apple computers with the name _________ came into existence.
a) Apple I
b) Apple II
c) Apple III
d) Apple Virus
Answer: b
Explanation: In mid-1981, the 1st virus for Apple computers with the name Apple II came into existence. It was also called Elk Cloner, which resided in the boot sectors of a 3.3 floppy disk.

38. The virus hides itself from getting detected by ______ different ways.
a) 2
b) 3
c) 4
d) 5
Answer: b
Explanation: The virus hides itself from getting detected in three different ways. These are by encrypting itself, by altering the disk directory with additional virus bytes or it uses stealth algorithm to redirect disk data.

39. _______________ infects the master boot record and it is challenging and a complex task to remove this virus.
a) Boot Sector Virus
b) Polymorphic
c) Multipartite
d) Trojans
Answer: a
Explanation: Boot Sector Virus infects the master boot record & it is a challenging & a complex task to remove such virus. Mostly such virus spreads through removable devices.

40. ________________ gets installed & stays hidden in your computer’s memory. It stays involved to the specific type of files which it infects.
a) Boot Sector Virus
b) Direct Action Virus
c) Polymorphic Virus
d) Multipartite Virus
Answer: b
Explanation: Direct Action Virus gets installed & stays hidden in your computer’s memory. Such type of virus stays involved to the specific type of files which it infects.

41. Direct Action Virus is also known as ___________
a) Non-resident virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus
Answer: a
Explanation: Direct Action Virus is also known as a non-resident virus which gets installed & stays hidden in your computer’s memory. Such type of virus stays involved to the specific type of files which it infects.

42. ______________ infects the executables as well as the boot sectors.
a) Non-resident virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus
Answer: d
Explanation: Multipartite Virus infects the executables as well as the boot sectors. It infects the computer or get into any system through multiple mediums and are hard to remove.

43. ______________ are difficult to identify as they keep on changing their type and signature.
a) Non-resident virus
b) Boot Sector Virus
c) Polymorphic Virus
d) Multipartite Virus
Answer: c
Explanation: Polymorphic Virus is difficult to identify as they keep on changing their type and signature. They’re not easily detectable by traditional antivirus. It usually changes the signature pattern whenever it replicates itself.

44. ____________ deletes all the files that it infects.
a) Non-resident virus
b) Overwrite Virus
c) Polymorphic Virus
d) Multipartite Virus
Answer: b
Explanation: Overwrite virus deletes all files that it infects. It can be removed by only deleting those infected files. Mostly, it gets spread via emails.

45. _____________ is also known as cavity virus.
a) Non-resident virus
b) Overwrite Virus
c) Polymorphic Virus
d) Space-filler Virus
Answer: d
Explanation: Space-fillers are a special type of virus which usually does not cause any serious harm to the system except it fills up the empty space in memory and codes leading to wastage of memory.

46. Which of the below-mentioned reasons do not satisfy the reason why people create a computer virus?
a) Research purpose
b) Pranks
c) Identity theft
d) Protection
Answer: d
Explanation: Computer virus is not created for protection. Virus writers may have other reasons like for research purpose, pranks, vandalism, financial gain, identity theft, and some other malicious purposes.

47. _____________ is another data hiding technique which can be used in conjunction with cryptography for the extra-secure method of protecting data.
a) Cryptography
b) Steganography
c) Tomography
d) Chorography
Answer: b
Explanation: Steganography is the technique of hiding data in another raw data. Steganography is another data hiding technique which can be used in conjunction with cryptography for an extra-secure method of protecting data.

48. _____________ is hiding of data within data, where we can hide images, text, and other messages within images, videos, music or recording files.
a) Cryptography
b) Tomography
c) Steganography
d) Chorography
Answer: c
Explanation: Steganography helps in hiding any form of data within data, where we can hide images, text, and other messages within images, videos, music or recording files.

49. Steganography follows the concept of security through obscurity.
a) True
b) False
Answer: a
Explanation: Hiding of data within another data through obscurity is called steganography. It is another data hiding technique which can be used in conjunction with cryptography for an extra-secure method of protecting data.

50. The word ________________is a combination of the Greek words ‘steganos’ which means “covered or concealed”, and ‘graphein’ which means “writing”.
a) Cryptography
b) Tomography
c) Steganography
d) Chorography
Answer: c
Explanation: The word steganography is a combination of the Greek words ‘steganos’ which means “covered or concealed”, and ‘graphein’ which means “writing”. Steganography is hiding of data within data, where we can hide images, text, and other messages within images, videos, music or recording files.

51. A ________________ tool permits security professional or a hacker to embed hidden data within a carrier file like an image or video which can later be extracted from them.
a) Cryptography
b) Tomography
c) Chorography
d) Steganography
Answer: d
Explanation: A steganography tool is a software tool that permits a security professional or a hacker to embed hidden data within a carrier file like an image or video which can later be extracted from them.

52. Which of the following is not a steganography tool?
a) Xaio steganography
b) Image steganography
c) ReaperExploit
d) Steghide
Answer: c
Explanation: ReaperExploit is not a steganography tool that permits security through obscurity. Xaio steganography, image steganography, Steghide etc are examples of such tools.

53. Which of the following is not a steganography tool?
a) Crypture
b) SteganographX Plus
c) rSteg
d) Burp Suite
Answer: d
Explanation: There are some software tools that helps hackers to embed hidden data within a which can later be extracted from them. SSuite Picsel, rSteg, SteganographX Plus, and crypture are examples of such tools.

53. The main motive for using steganography is that hackers or other users can hide a secret message behind a ______________
a) special file
b) ordinary file
c) program file
d) encrypted file
Answer: b
Explanation: The main motive for using steganography is that hackers or other users can hide a secret message behind ordinary files. Some steganography tools are SSuite Picsel, rSteg etc.

54. People will normally think it as a normal/regular file and your secret message will pass on without any _______________
a) suspicion
b) decryption
c) encryption
d) cracking
Answer: a
Explanation: Steganography techniques help hackers or other users to conceal covert message behind regular files. People will normally think it as a normal/regular file and your secret message will pass on without any suspicion.

55. By using ______________ you can diminish the chance of data leakage.
a) Cryptography
b) Tomography
c) Chorography
d) Steganography
Answer: d
Explanation: Hackers or other cyber criminals target ordinary files to hide different data or information within another data file. By using steganography, you can diminish the chance of data leakage.

56. A ______________ tries to formulate a web resource occupied or busy its users by flooding the URL of the victim with unlimited requests than the server can handle.
a) Phishing attack
b) DoS attack
c) Website attack
d) MiTM attack
Answer: b
Explanation: A DoS attack tries to formulate a web resource occupied or busy to its users by flooding the URL of the victim with unlimited requests than the server can handle.

57. During a DoS attack, the regular traffic on the target _____________ will be either dawdling down or entirely interrupted.
a) network
b) system
c) website
d) router
Answer: c
Explanation: Using of DoS attack put together web resource by flooding its users with unlimited requests. During a DoS attack, the regular traffic on the target website will be either dawdling down or entirely interrupted.

58. The intent of a ______________ is to overkill the targeted server’s bandwidth and other resources of the target website.
a) Phishing attack
b) DoS attack
c) Website attack
d) MiTM attack
Answer: b
Explanation: Web resource gets occupied or busy as it floods its users performing DoS attack. The intent of this attack is to overkill the targeted server’s bandwidth and other resources of the target website.

59. DoS is abbreviated as _____________________
a) Denial of Service
b) Distribution of Server
c) Distribution of Service
d) Denial of Server
View Answer

Answer: a
Explanation: A Denial of Service attack targets its victim by flooding the URL of the victim with unlimited requests. The intent of this attack is to overkill the targeted server’s bandwidth and other resources of the target website.

60. A DoS attack coming from a large number of IP addresses, making it hard to manually filter or crash the traffic from such sources is known as a _____________
a) GoS attack
b) PDoS attack
c) DoS attack
d) DDoS attack
Answer: d
Explanation: A DoS attack coming from a large number of IP addresses, making it hard to manually filter or crash the traffic from such sources is known as a Distributed Denial of Service (DDoS) attack.

61. DDoS stands for _________________
a) Direct Distribution of Server
b) Distributed Denial of Service
c) Direct Distribution of Service
d) Distributed Denial of Server
Answer: b
Explanation: When a DoS attack comes from a large number of IP addresses, this makes it hard to manually filter or crash the traffic from such sources and the attack is known as a Distributed Denial of Service (DDoS) attack.

62. Instead of implementing single computer & its internet bandwidth, a ____________ utilizes various systems & their connections for flooding the targeted website.
a) GoS attack
b) PoS attack
c) DDoS attack
d) DoS attack
Answer: c
Explanation: DDoS is another leading attack type. Instead of implementing single computer & its internet bandwidth, a DDoS utilizes various systems & their connections for flooding the targeted website.

63. There are ______ types of DoS attack.
a) 2
b) 3
c) 4
d) 5
Answer: a
Explanation: With the help of DoS attack attackers try to busy its users by flooding the URL of the victim with limitless requests. There are two types of DoS attack. These are Application Layer Attacks and Network Layer DoS attacks.

64. Application layer DoS attack is also known as _______________
a) Layer4 DoS attack
b) Layer5 DoS attack
c) Layer6 DoS attack
d) Layer7 DoS attack
Answer: d
Explanation: A DoS attack is a very dangerous threat for users who have their services running via the internet. The Application Layer DoS is also known as Layer-7 DoS attack.

65. ___________ is a type of DoS threats to overload a server as it sends a large number of requests requiring resources for handling & processing.
a) Network Layer DoS
b) Physical Layer DoS
c) Transport Layer DoS
d) Application Layer DoS
Answer: d
Explanation: DoS attacks are of two types. These are Application Layer Attacks and Network Layer DoS attacks. Application Layer DoS is a type of DoS threats to overload a server as it sends a large number of requests requiring resources for handling & processing.

66. Which of the following is not a type of application layer DoS?
a) HTTP flooding
b) Slowloris
c) TCP flooding
d) DNS query flooding
Answer: c
Explanation: In application Layer DoS, its threats to overload a server as it sends a large quantity of requests requiring resources for handling & processing. This category includes HTTP flooding, slow-flooding attack and DNS query flooding.

67. Network layer attack is also known as ________________
a) Layer3-4 DoS attack
b) Layer5 DoS attack
c) Layer6-7 DoS attack
d) Layer2 DoS attack
Answer: a
Explanation: Denial of Service attack becomes dangerous because it floods the target service over the internet. There are two types of DoS attack. The Network Layer DoS is also known as the Layer 3-4 DoS attack.

68. Which of the following do not comes under network layer DoS flooding?
a) UDP flooding
b) HTTP Flooding
c) SYN flooding
d) NTP Amplification
Answer: b
Explanation: Network layer DoS attack is set up to congest the “pipelines” that are connecting user’s network. This includes attacks such as NTP amplification, SYN flooding, UDP flooding and DNS amplification.

67. Which of the following do not comes under network layer DoS flooding?
a) DNS amplification
b) UDP flooding
c) DNS query flooding
d) NTP Amplification
Answer: c
Explanation: Network layer DoS attack includes attacks such as NTP amplification, SYN flooding, UDP flooding and DNS amplification. DNS query flooding does not come under the Network layer DoS attack.

68. DDoS are high traffic events that are measured in Gigabits per second (Gbps) or packets per second (PPS).
a) True
b) False
Answer: a
Explanation: At the time of DoS attack, it becomes hard to manually filter or crash the traffic from such sources. DDoS are high traffic events that are measured in Gigabits per second (Gbps) or packets per second (PPS).

69. A DDoS with 20 to 40 Gbps is enough for totally shutting down the majority network infrastructures.
a) True
b) False
Answer: a
Explanation: A DoS attack is very dangerous for any targeted victim because it can seize business and bring loss to a company running on the website. A DDoS with 20 to 40 Gbps is enough for totally shutting down the majority network infrastructures.

70. SQL injection is an attack in which _________ code is inserted into strings that are later passed to an instance of SQL Server.
a) malicious
b) redundant
c) clean
d) non malicious
Answer: a
Explanation: SQL injection is a code injection technique, used to attack data-driven applications.

71. Point out the correct statement.
a) Parameterized data cannot be manipulated by a skilled and determined attacker
b) Procedure that constructs SQL statements should be reviewed for injection vulnerabilities
c) The primary form of SQL injection consists of indirect insertion of code
d) None of the mentioned
Answer: b
Explanation: Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives.

72. Which of the following script is example of SQL injection attack?
a)
var Shipcity;
ShipCity = Request.form (“ShipCity”);
var SQL = “select * from OrdersTable where ShipCity = ‘” + ShipCity + “‘”;
b)
var Shipcity;
ShipCity = Request.form (“ShipCity”);
c)
var Shipcity;
var SQL = “select * from OrdersTable where ShipCity = ‘” + ShipCity + “‘”;
d) All of the mentioned
Answer: a
Explanation: The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user.

73. Any user-controlled parameter that gets processed by the application includes vulnerabilities like ___________
a) Host-related information
b) Browser-related information
c) Application parameters included as part of the body of a POST request
d) All of the mentioned
Answer: d
Explanation: SQL-injection exploit requires two things: an entry point and an exploit to enter.

74. Point out the wrong statement.
a) SQL injection vulnerabilities occur whenever input is used in the construction of an SQL query without being adequately constrained or sanitized
b) SQL injection allows an attacker to access the SQL servers and execute SQL code under the privileges of the user used to connect to the database
c) The use of PL-SQL opens the door to these vulnerabilities
d) None of the mentioned
Answer: c
Explanation: Dynamic SQL (the construction of SQL queries by concatenation of strings) opens the door to many vulnerabilities.

75. Which of the stored procedure is used to test the SQL injection attack?
a) xp_write
b) xp_regwrite
c) xp_reg
d) all of the mentioned
Answer: b
Explanation: xp_regwrite writes an arbitrary value into the Registry (undocumented extended procedure).

76. If xp_cmdshell has been disabled with sp_dropextendedproc, we can simply inject the following code?
a) sp_addextendedproc ‘xp_cmdshell’,’xp_log70.dll’
b) sp_addproc ‘xp_cmdshell’,’xp_log70.dll’
c) sp_addextendedproc ‘xp_cmdshell’,’log70.dll’
d) none of the mentioned
Answer: a
Explanation: Security best practices for SQL Server recommends disabling xp_cmdshell in SQL Server 2000 (in SQL Server 2005 it is disabled by default). However, if we have sysadmin rights (natively or by bruteforcing the sysadmin password, see below), we can often bypass this limitation.

77. Which of the following code can enable xp_cmdshell?
a)
master..sp_configure ‘show advanced options’,1
reconfigure
master..sp_configure ‘xp_cmdshell’,1
reconfigure
b)
master..sp_configure ‘show advanced options’,1
configure
master..sp_configure ‘xp_cmdshell’,1
configure
c)
master..sp_reconfigure ‘show advanced options’,1
reconfigure
master..sp_reconfigure ‘xp_cmdshell’,1
reconfigure
d) All of the mentioned
Answer: a
Explanation: By default xp_cmdshell and couple of other potentially dangerous stored procedures are disabled in SQL Server 2005.

78. Which of the following script is an example of Quick detection in the SQL injection attack?
a) SELECT loginame FROM master..sysprocesses WHERE spid = @@SPID
b) For integer inputs : convert(int,@@version)
c) IF condition true-part ELSE false-part (S)
d) SELECT header, txt FROM news UNION ALL SELECT name, pass FROM members
Answer: b
Explanation: Quick detection attacks should throw conversion errors.

79. _______________ is time based SQL injection attack.
a) Quick detection
b) Initial Exploitation
c) Blind SQL Injection
d) Inline Comments
Answer: c
Explanation: Blind SQL Injection is just like sleep, wait for specified time.

80. A __________ is a sequential segment of the memory location that is allocated for containing some data such as a character string or an array of integers.
a) stack
b) queue
c) external storage
d) buffer
Answer: d
Explanation: A buffer is a sequential segment of the memory location that is allocated for containing some data such as a character string or an array of integers. The buffer can handle data only if limited data is inserted.

81. In a _____________ attack, the extra data that holds some specific instructions in the memory for actions is projected by a cyber-criminal or penetration tester to crack the system.
a) Phishing
b) MiTM
c) Buffer-overflow
d) Clickjacking
Answer: c
Explanation: In a buffer-overflow attack, the extra data that holds some specific instructions in the memory for actions is projected by a cyber-criminal or penetration tester to crack the system.

82. How many types of buffer-overflow attack are there?
a) 4
b) 2
c) 5
d) 3
Answer: b
Explanation: There are two different types of buffer-overflow attack. These are stack-based and heap-based buffer overflow. In both the cases, this type of exploit takes advantage of an application that waits for user’s input.

83. Let suppose a search box of an application can take at most 200 words, and you’ve inserted more than that and pressed the search button; the system crashes. Usually this is because of limited __________
a) buffer
b) external storage
c) processing power
d) local storage
Answer: a
Explanation: In a scenario, where to suppose a search box of an application can take at most 200 words, and you’ve inserted more than that and pressed the search button; the system crashes. Usually, this is because of the limited buffer.

84. ______________ is a widespread app’s coding mistake made by developers which could be exploited by an attacker for gaining access or malfunctioning your system.
a) Memory leakage
b) Buffer-overrun
c) Less processing power
d) Inefficient programming
Answer: b
Explanation: Buffer-overflow, also known as buffer-overrun is a widespread application’s coding mistake made by developers which could be exploited by an attacker for gaining access or malfunctioning your system.

85. Buffer-overflow is also known as ______________
a) buffer-overrun
b) buffer-leak
c) memory leakage
d) data overflow
Answer: a
Explanation: Buffer-overflow, also known as buffer-overrun is a widespread application’s coding mistake made by app developers which could be exploited by an attacker for gaining access or malfunctioning your system.

86. Buffer-overflow may remain as a bug in apps if __________ are not done fully.
a) boundary hacks
b) memory checks
c) boundary checks
d) buffer checks
Answer: c
Explanation: Buffer-overflow may remain as a bug in apps if boundary checks are not done fully by developers or are skipped by the QA (Quality Assurance) testers of the software development team.

87. Applications developed by programming languages like ____ and ______ have this common buffer-overflow error.
a) C, Ruby
b) Python, Ruby
c) C, C++
d) Tcl, C#
Answer: c
Explanation: Applications developed by programming languages like C and C++ have this common buffer-overflow error. The strcat(), strcpy(), sprintf(), gets() etc when called in C and C++ can be exploited because these functions don’t check whether the stack is large enough for storing the data.

88. Why apps developed in languages like C, C++ is prone to Buffer-overflow?
a) No string boundary checks in predefined functions
b) No storage check in the external memory
c) No processing power check
d) No database check
Answer: a
Explanation: The strcat(), strcpy(), sprintf(), gets() etc when called in C and C++ can be exploited because these functions don’t check whether the stack is large enough for storing the data fetched from some other variable holding larger data.

89. Old operating systems like _______ and NT-based systems have buffer-overflow attack a common vulnerability.
a) Windows 7
b) Chrome
c) IOS12
d) UNIX
Answer: d
Explanation: Old operating systems like UNIX and NT-based systems have buffer-overflow attack a common vulnerability. This is because they were developed in old programming languages.

Module 04

1. Which one of the following element is not necessary for a contract ?
A) Competent parties
B) Reasonable terms and conditions.
C) Free consent
D) Lawful concentration .
Answer : B

2. An agreement becomes a contract if :
A) It is by free consent of the parties.
B) Parties are competent.
C) It is enforceable by law.
D) None of the above .
Answer : C

3. In a standardized contract :
A) The individual has no choice but to accept and sign on the dotted line.
B) The individual must be protected in contract.
C) The agreement is without consideration.
D) None of the above.
Answer : A

4. The correct sequence in the formation of a contract is
A) Offer, acceptance, agreement, consideration.
B) Agreement, consideration, offer,acceptance.
C) Offer , Consideration, acceptance, agreement.
D) Offer,acceptance, consideration, agreement.
Answer : D

5. The term e-commerce includes ……………………….
A) Electronic trading of Physical goods and intangibles such as information.
B) The electronic provision of services such as after sales support or online legal advice
C) All the steps involved in trade, such as on-line marketing ordering payment and support for delivery.
D) All of the above.
Answer: D

6. Which of the following is the largest community in classification of e-commerce?
A) Business to Business (B to B)
B) Business to Consumer (B to C)
C) Business to Government (B to G)
D) Government to Government (G to G)
Answer: A

7. Which of the following is not the example of business to consumer (B to C) e-commerce?
A) Amazon.com
B) e-bay.com
C) dell.com
D) lastminute.com
Answer: B

8. The types of Business to Business e-commerce are …………….
A) Direct selling and support to Business
B) Industry portals
C) Information sites about a industry
D) All of the above
Answer: D

9. Which of the following are the benefits of E-marketing?
i) Speed                         
ii) Reach and Penetration
iii) Ease and Efficiency          
iv) Low Cost
v) Targeted audience
A) i, ii, iii and iv only
B) ii, iii, iv and v only
C) i, iii, iv and v only
D) All i, ii, iii, iv and v
Answer: D

10. …………………. is the process of recreating a design by analyzing a final product.
A) Forward Engineering
B)Reverse Engineering
C) Backward Engineering
D) None of the above
Answer: B

11. ……………… is simply the use of electronic means to transfer funds directly from one account to another, rather than by cheque or cash.
A) M-Banking
B) O-Banking
C) E-Banking
D) D-Banking
Answer: C

11. The telephone banking service includes ……………….
i) Automatic balance voice out
ii) Inquiry all term deposit account
iii) Direct cash withdraw          
iv) Utility Bill payments
v) Voice out last five transactions
A) i, ii, iii and v only
B) i, ii, iv and v only
C) ii, iii, iv and v only
D) All i, ii, iii, iv and v
Answer: B

12. Which of the following are the forms of E-banking?
i) Internet Banking                      ii) Telephone Banking
iii) Electronic Check conversion   iv) Electronic Bill Payment
v) Direct Deposit
A) i, ii, iii and iv only
B) ii, iii, iv and v only
C) i, iii, iv and v only
D) All i, ii, iii, iv and v
Answer:D

13. What is the full form of SWIFT?
A) Society for Worldwide Internet Financial Telecommunications.
B) Secret Wide Interbank Financial Telecommunications
C) Society for Worldwide Interbank Financial Telecommunications
D) None of the Above
Answer: C

Module 05

1.As per section 140A(1) any tax due (after allowing credit for TDS, advance tax, etc.) along with interest under section 234A, 234B and 234C (if any) and fee should be paid before filing the return of income. Tax paid as per section 140A(1) is called. .
a. Advance tax
b. Self assessment tax
c. Tax paid at source
d. Corporate tax
Answer : b

2.Section 234E provides for levy of late filing fees for the delay in filing of
a. Return of income
b. TDS return
c. TCS return
d. TDS/TCS return
Answer :d

3.If the taxpayer fails to maintain books of account as per the provisions of section 44AA, then he shall be liable to pay penalty under section of Rs. 25,000.

a. 271B
b. 271A
c.271AA
d. 271AB
Answer :b

4.If a taxpayer, in spite of the requirement of section 44AB, fails to get his accounts audited, then he shall be liable for penalty under section 271B of one-half per cent of total sales, turnover or gross receipts, etc., or _, whichever is less.
a. Rs. 2,00,000
b. Rs. 1,50,000
c. Rs. 1,00,000
d. Rs. 50,000
Answer :b

5.Section 269SS provides that no person shall take or accept loan or deposit or specified sum exceeding Rs. 50,000 by any mode other than account payee cheque or account payee demand draftor by use of electricity clearing system through a bank account. Contravention of the provisions of section 269SS will attract penalty under section 271D of an amount equal to loan or deposit taken or accepted or specified sum.

a. True
b. False
Answer : (b)

6.Penalty under section 271FA shall be levied for failure to file statement of financial transaction or reportable account (previously called asAnnual Information Return). Penalty under section 271FA is Rs. for every day during which the failure continues.

a. 500
b. 250
c. 100
d. 50
Answer: c

 7. What is the rate of penalty for underreporting of income under Section 270A?
a 100%
b. 200%
c. 300%
d.50%
Answer : b

8.As per section 271H, where a person fails to file the statement of tax deducted/collected at source i.e. TDS/TCS return on or before the due dates prescribed in this regard, then he shall be liable to pay penalty under section 271H. Minimum penalty can be levied of Rs. 10,000 which can go upto Rs. .

a. 1,00,000 b. 2,00,000

c. 3,00,000 d. 3,00,000

Answer : a

9.272B provides penalty in case of default by the taxpayer in complying with the provisions of section 139A or knowingly quoting incorrect PAN in any document referred to in section 139A(5)(c) or intimates incorrect PAN for the purpose of section 139A(5A)/(5C). Penalty under section 272B is Rs. .

a. 1,00,000
b.50,000
c 50,000
d 10,000
Answer :d

10.Section 272BB(1A) provides for penalty for quoting incorrect Tax Deduction Account Number or Tax Collection Account Number (as the case may be). Penalty under section 272BB is Rs. .

a. 75,000
b. 50,000
c. 10,000
d. 5,000
Answer : (c)

11. What is the punishment for hacking of computers

a. Life Imprisonment
b. Three year imprisonment or 10 lakh rupees penalty or both
c. Three year imprisonment or 5 lakh rupees penalty or both
d. Three year imprisonment or 2 lakh rupees penalty or both
Answer: c

12. What is the penalty for destroying computer source code
a. Three year imprisonment or 5 lakh rupees penalty or both
b. Three year imprisonment or 3 lakh rupees penalty or both
c. Two year imprisonment or 2 lakh rupees penalty or both
d. Three year imprisonment or 2 lakh rupees penalty or both
Answer: d

13. Which section of IT Act 2000 propose a punishment of life imprisonment
a. Section 66F
b. Section 66A
c. Section 66C
d. Section 66B
Answer. a

14. What is the proposed punishment for Cyber Terrorism in IT Act

a. I crore rupees penalty
b. Life Imprisonment
c. 6 year imprisonment
d. 10 year imprisonment
Answer:b

15. What is the punishment for identity theft in IT Act

(a) Three year imprisonment or 2 lakh rupees penalty or both
(b) Two year imprisonment or 1 lakh rupees penalty or both
(c) Three year imprisonment or 1 lakh rupees penalty or both
(d) None of the above
Answer:c

16. Which is the appeal court on the orders issued by Cyber appellate tribunal?
a. Supreme Court
b. District Court
c. High Court
d. Munsiff Court
Answer:c

17. What is the term of the office of the presiding officer of Cyber appellate tribunal?
a. 6 years
b. 3 years
c. 4 years
d. 5 years
Answer: d

18. The section deals with the use of electronic records and digital signature in Government and its agencies
a. Section 6
b. Section 5
c. Section 3
d. Section 7
Answer: a

19. The section deals with legal recognition of digital signature
a. Section 3
b. Section 5
c. Section 4
d. Section 6
Answer: b

20. The section deals with legal recognition of electronic records
a. Section 3
b. Section 5
c. Section 4
d. Section 6
Answer: c

21. Major amendments to IT Act 2000 was introduced in the form of IT (amendment) Act 2008, which came into effect on
a. 2009 October 27
b. 2008 October 27
c. 2008 June 1
d. 2009 July 3
Answer: a

22. IT Act 2000 amended various sections of which of the following Acts
a. Indian Penal Code 1860
b. Indian Evidence Act 1872 & Bankers Book Evidence Act 1891
c. Reserve Bank of India Act 1934
d. All the above
Answer – (d)

23. What is the penalty for publishing images of a person’s private parts without consent, as per IT Act 2000?
a. Life imprisonment
b. 5 years imprisonment or 5 lakh rupees penalty or both
c. 3 years imprisonment or 2 lakh rupees penalty or both
d. None of the above
Answer – (c)

24. Which section of IT Act deals with Child pornography
a. Section 67D
b. Section 67F
c. Section 67C
d. Section 67B
Answer – (d)

25. The following punishment is mentioned in which section of IT Act 2000

‘3 years of imprisonment and/or 5 lakh repees penalty for first conviction & 5 years of imprisonment and/or 10 lakh rupees penalty for second conviction’
a. Section 67
b. Section 65
c. Section 66
d. Section 64
Answer – (a)

26. Which are the sections of IT Act applicable for Cyber pornography?
a. 66, 66A, 66B
b. 67, 67A, 67B
c. 67, 67C, 67D
d. None of the above
Answer – (b)

27. Which are the section of the IT Act deals with Credit card fraud?
a. 66, 66C, 66D
b. 42, 67, 67A, 67B
c. 43, 66, 66C, 66D
d. None of the above
Answer: c

28. Which Act in India focuses on data privacy and information technology
a. IT Act 2000
b. Banking Regulation Act 1949
c. Indian Penal Code
d. IT (amendment) Act 2008
Answer: d

29.Which section of IT Act 2000 deals with the punishment for cheating by impersonation by using computer resources?
a. Section 66D
b. Section 66C
c. Section 66F
d. Section 66B
Answer: a

30. What is the time limit for filing appeal against the order of Cyber appellate tribunal?

a. 30 days
b. 60 days
c. 45 days
d. 90 days
Answer: b

Module 06

1. CMM stands for
a) Capability Management Module
b) Conservative Maturity Model
c) Capability Maturity Module
d) Capability Maturity Model
Answer: d
Explanation: The Capability Maturity Model for Software describes the principles and practices underlying software process maturity and is intended to help software organizations improve the maturity of their software processes in terms of an evolutionary path from ad hoc, chaotic processes to mature, disciplined software processes.

2. The ISO 9000 series of standards is a program that can be used for external quality assurance purposes.
a) True
b) False
Answer: b
Explanation: The ISO 9000 series of standards is a set of documents.

3. According to ISO 9001, the causes of nonconforming product should be
a) deleted
b) eliminated
c) identified
d) eliminated and identified
Answer: d
Explanation: ISO 9001 requires that the causes of nonconforming product to be identified. Potential causes of nonconforming product are eliminated.

4. .CO policy in CMM means
a) The leadership practices in Commitment to Perform
b) The organizational structure (groups) practices in Ability to Perform
c) The policy practices in Commitment to Perform
d) The planning practices in Commitment to Perform
Answer: c
Explanation: CMM have certain policy practices covered under .CO policy.

5. ISO 9001 is not concerned with ____________ of quality records.
a) collection
b) maintenance
c) verification
d) dis-positioning
Answer: c
Explanation: The practices defining the quality records to be maintained in the CMM are distributed throughout the key process areas in the various Activities Performed practices.

6. Which of the following is not a maturity level in CMM?
a) Design
b) Repeatable
c) Managed
d) Optimizing
Answer: a
Explanation: The CMM is organized into five maturity levels as namely: Initial, Repeatable, Defined, Managed and Optimizing.

7. In CMM, the life cycle activities of requirements analysis, design, code, and test are described in
a) Software Product Engineering
b) Software Quality Assurance
c) Software Subcontract Management
d) Software Quality Management
Answer: a
Explanation: In CMM planning these activities is described in Software Project Planning, however the life cycle activities of requirements analysis, design, code, and test are described in Software Product Engineering.

8. Which of the following requires design control measures, such as holding and recording design reviews and qualification tests?
a) CMM
b) ISO 9001
c) ISO 9000-3
d) None of the mentioned
Answer: c
Explanation: ISO 9000-3 states that the supplier should carry out reviews to ensure the requirements are met and design methods are correctly carried out.

9. The CMM emphasizes
a) continuous process improvement
b) the need to record information
c) the need to accept quality system
d) none of the mentioned
Answer: b
Explanation: CMM emphasizes the need to record information for later use in the process and for improvement of the process.

10. _______ states that, where appropriate, adequate statistical techniques are identified and used to verify the acceptability of process capability and product characteristics.
a) ISO 9001
b) ISO 9000-4
c) CMM
d) All of the mentioned
Answer: a
Explanation: ISO 9001 states that, where, appropriate adequate statistical techniques are identified and used to verify the acceptability of process capability and product characteristics

11. The PCI follows a set of standards primarily used in _____ PC’s.
a) Intel
b) Motorola
c) IBM
d) SUN
Answer: c
Explanation: The PCI BUS has a closer resemblance to IBM architecture.

12. The ______ is the BUS used in Macintosh PC’s.
a) NuBUS
b) EISA
c) PCI
d) None of the mentioned
Answer: a
Explanation: The NuBUS is an extension of the processor BUS in Macintosh PC’s.

13. The key feature of the PCI BUS is _________
a) Low cost connectivity
b) Plug and Play capability
c) Expansion of Bandwidth
d) None of the mentioned
Answer: b
Explanation: The PCI BUS was the first to introduce plug and play interface for I/O devices.

14. PCI stands for _______
a) Peripheral Component Interconnect
b) Peripheral Computer Internet
c) Processor Computer Interconnect
d) Processor Cable Interconnect
Answer: a
Explanation: The PCI BUS is used as an extension for the processor BUS.

15. The PCI BUS supports _____ address space/s.
a) I/O
b) Memory
c) Configuration
d) All of the mentioned
Answer: d
Explanation: The PCI BUS is mainly built to provide a wide range of connectivity for devices.

16. ______ address space gives the PCI its plug and plays capability.
a) Configuration
b) I/O
c) Memory
d) All of the mentioned
Answer: a
Explanation: The configuration address space is used to store the details of the connected device.

17. _____ provides a separate physical connection to the memory.
a) PCI BUS
b) PCI interface
c) PCI bridge
d) Switch circuit
Answer: c
Explanation: The PCI bridge is a circuit that acts as a bridge between the BUS and the memory.

18. When transferring data over the PCI BUS, the master as to hold the address until the completion of the transfer to the slave.
a) True
b) False
Answer: b
Explanation: The address is stored by the slave in a buffer and hence it is not required by the master to hold it.

19. The master is also called as _____ in PCI terminology.
a) Initiator
b) Commander
c) Chief
d) Starter
Answer: a
Explanation: The Master is also called as an initiator in PCI terminology as it is the one that initiates a data transfer.

20. Signals whose names end in ____ are asserted in the low voltage state.
a) $
b) #
c) *
d) !
Answer: b
Explanation: None.

21. A complete transfer operation over the BUS, involving the address and a burst of data is called _____
a) Transaction
b) Transfer
c) Move
d) Procedure
Answer: a
Explanation: None.

22. The device connected to the BUS are given addresses of ____ bit.
a) 24
b) 64
c) 32
d) 16
Answer: b
Explanation: Each of the devices connected to the BUS will be allocated an address during the initialization phase.

23. The PCI BUS has _____ interrupt request lines.
a) 6
b) 1
c) 4
d) 3
Answer: c
Explanation: The interrupt request lines are used by the devices connected to raise the interrupts.

24. _____ signal is sent by the initiator to indicate the duration of the transaction.
a) FRAME#
b) IRDY#
c) TMY#
d) SELD#
Answer: a
Explanation: The FRAME signal is used to indicate the time required by the device.

25. ______ signal is used to enable commands.
a) FRAME#
b) IRDY#
c) TMY#
d) c/BE#
Answer: d
Explanation: The signal is used to enable 4 command lines.

26. IRDY# signal is used for _______
a) Selecting the interrupt line
b) Sending an interrupt
c) Saying that the initiator is ready
d) None of the mentioned
Answer: c
Explanation: The initiator transmits this signal to tell the target that it is ready.

27. The signal used to indicate that the slave is ready is _____
a) SLRY#
b) TRDY#
c) DSDY#
d) None of the mentioned
Answer: b
Explanation: None.

28. DEVSEL# signal is used _________
a) To select the device
b) To list all the devices connected
c) By the device to indicate that it is ready for a transaction
d) None of the mentioned
Answer: c
Explanation: This is signal is activated by the device after it as recognized the address and commands put on the BUS.

29. The signal used to initiate device select ________
a) IRDY#
b) S/BE
c) DEVSEL#
d) IDSEL#
Answer: d
Explanation: This signal is used to initialization of device select.

30. The PCi BUS allows us to connect _______ I/O devices.
a) 21
b) 13
c) 9
d) 11
Answer: a
Explanation: The PCI BUS allows only 21 devices to be connected as only the higher order 21 bits of the 32 bit address space is used to specify the device.

Prepare For Your Placements: https://lastmomenttuitions.com/courses/placement-preparation/

/ Youtube Channel: https://www.youtube.com/channel/UCGFNZxMqKLsqWERX_N2f08Q

Follow For Latest Updates, Study Tips & More Content!

/lastmomenttuition

/ Last Moment Tuitions

/ lastmomentdost