1 What is a "keylogger"?

A type of malware that records keystrokes

2 who can file a complaint with the Data Protection Authority? Any Data Principal
3 What does 'data integrity' ensure? that data is accurate and has not been
altered
4 The process that can be used to monitor system access for Auditing
inappropriate or malicious activity is best known as
5 A group of computers that is networked together and used by Botnet
hackers to steal information is called a
6 A msg on social media from a stranger claims to be from a Research the recruitment agency and verify
recruitment agency offering a job opportunity. They ask for your its legitimacy before providing any details
personal information to proceed. What should you do?
7 What role does "emotional manipulation" play in social It leverages emotional responses to gain
engineering attacks? compliance or information from the target
8 What should a Data Fiduciary do if there is a data breach? Inform the affected Data Principal and the
Data Protection Authority
9 Which authority is responsible for overseeing compliance with DPA
the DPDPA 2023?
10 There is a restricted area where you need to swipe your card Advise him Tailgating is not allowed and ask
before entering. Someone enters immediately after you enter? him to authenticate himself.
What do you do?
11 which of the following can enhance mobile security? Enabling automatic updates
12 What is the primary objective of the DPDPA Act 2023 To protect personal data of individuals
13 What is pharming involved in the context of social engineering? Redirecting users from legitimate websites
to fraudulent ones
14 what type of malware specifically targets mobile devices? All of the above
15 Which entity is NOT directly involved in data processing Data Verifier
activities under the DPDPA 2023?
16 How can you verify the legitimacy of an unsolicited request for Contact the requesting party through a
information? known and trusted channel
17 The process of finding vulnerabilities and exploiting them using hacking
exploitable scripts, programs etc is called
18 What is a firewall used for in a network? To block or allow data packets based on
security rules.
19 What is 'DNS Spoofing'? A technique used to redirect traffic from
legitimate sites to malicious ones
20 What is 'social proof' in the context of social engineering? Using the appearance of legitimacy or
authority to convince the target
21 What is shoulder surfing often used for in social engineering? To obtain sensitive information by watching
 over someone's shoulder
22 What is a digital Signature An electronic signature involving Public
Private Key used for integrity and Non-
Repudiation purposes
23 Who controls the network of Bots bot herder
24 Public wi-fi networks are considered Risky for sensitive data
25 What does 'endpoint security' focus on? Protecting individuals devices that connect
to a network
26 What is required from organizations in case of a high risk data conduct a data processing impact
processing activity under the DPDPA 2023? assessment
27 Which setting can you enable to help secure your mobile Automatic updates
device?
28 A caller claims to be from a charitable organization you've never Research the charity to ensure it is
heard of and asks for a dontation over the phone .What should legitimate before making a decision
you do?
29 this is a program in which malicious or harmful code is Trojan Horse
contained inside apparently harmless programming or data
30 what is baiting in social engineering offering something enticing to lure the
target into disclosing information
31 to report suspected fraud communication which online portal [Link] / chakshu
should you visit portal([Link])
32 the mouse on your computer screen starts to move around on Disconnect your computer from the
its own and click on things on your desktop what do you do? network
33 what is data breach an unauthorized access and retrieval of
sensitive information
34 which social engineering attack method involves manipulating pretexting
individuals through social interactions?
35 you receive a call from someone pretending to be from your Verify the caller's identity through official
company's finance department asking for confidential financial company channels
data. What is the safest action?
36 under the DPDPA 2023, what is a data processing impact A report on the impact of data processing
assessment activities on privacy
37 what is a scareware attack scaring users into downloading malicious
softwrare by presenting fake security
threats
38 ___ is a data taken from production environment and then sanitized data
confidential information Like customer information or revenue
information is masked or changed before using in test env
39 if you encounter a scam and need to report it which of the 1930
following numbers should you call
40 how should data fiduciaries handle data transfers outside of the ensure the receiving country has adequate
 country data protection laws
41 what does vulnerability assessment involve? identifying and evaluating security
weaknesses in systems
42 under the DPDPA 2023, which data processing activity requires processing of sensitive personal data
special attention?
43 under the DPDPA 2023, who is primarily responsible for Data Protection Authority
ensuring that personal data is processed according to the law?
44 passwords should contain which of the following configuration? Numbers, special characters, and upper
and lower case text
45 URL Uniform resource locator
46 what does anonymization of data mean under the DPDPA 2023? Removing identifiable information so the
data cannot be traced back to an individual
47 which of the following describes a rogue employeee in social an insider who uses their access for
engineering malicious purposes
48 which of the following is a common tactic used in phishing Sending fraudulent emails that appear to be
attacks? from legitimate sources
49 a supposed new friend on social media messages you, claiming Verify their identity through mutual friends
they need help with a financial emergency. What should you or another trusted method
do?
50 what does reverse social engineering involve? Pretending to be a helpdesk or authority
figure to extract information
51 what does clickjacking refer to in social engineering tricking users into clicking on something
different from what they perceive
52 what is a significant penalty under the DPDPA 2023 for non- monetary fine
compliance?
53 A call from someone claiming to be from your credit card Hang up and call your credit card company
company asks for your PIN to verify recent transactions. What is using the number on the back of your card
the best response?
54 What is a 'Denial of Service' Attack An attack that attempts to overload a
system to make it unavailable
55 What must a Data Fidicuary obtain from the Data Principal Consent
before processing their personal data
56 If you receive a suspicious email on your mobile device, you Delete it and avoid interaction
should:
57 What is the purpose of social engineering in the context of a To manipulate individuals into providing
cyber attack confidential information or access
58 Which of the following is an example of a social engineering sending an email claiming to be from IT
tactic support askign for lgoin credentials
59 An email calims that you need to verify your account due to Go to the official website directly and log in
suspicious activity by clicking a link provided in the email. What to check for any alerts or messages
should you do?
60 your supervisor is busy and asks you to log into her Server using Decline the request and remind your
her user-id and password to retrieve some reports? What supervisor that it is against AUP Policy
should you do?
61 A stranger contacts you through email, claiming to be a foreign Ignore the email and delete it
official needing your assistance to transfer a large sum of
money. What is the safest response?
62 How can individuals protect themselves from social By being cautious with unsolicited requests
engineering attacks? and verifying sources
63 You receive a text msg that appears to be from your bank, Contact your bank using a known phone
asking you to click a link to verify recent transactions. What number to verify the legitimacy of the text.
should you do?
64 Strong passwords should be complex and unique
65 What does 'data encryption' do? Converts data into a format that cannot be
read without a decryption key
66 what is the strongest wireless security WPA3
67 How can organizations train employees to recognize social Conducting a regular security awareness
engineering attacks? training
68 What does anti-virus software do protects against, detects, and removes
viruses and malwares
69 What does spyware do Collects information about users without
their consent
70 What is the term for the entity that processes personal data on Data Processor
behalf of a data fiduciary?
71 Mobile devices should be protected with Strong passwords or biometrics
72 What type of information is typically targeted by social personal identification information
engineers
73 Under the DPDPA 2023, how should personal data be in a fair and transparent manner
processed
74 what is a security policy a set of rules and procedures for protecting
an organization's information systems
75 rootkit a type of malware designed to gain
unauthorized access and hides its presence
76 malware malicious software
77 portal to report suspected fraudulent communication chakshu portal([Link])
78 what does network segmentation involve dividing a network into smaller segments to
improve security and manage traffic
79 vishing voice phishing through phone calls
80 how often should employees review their desk setup for Daily
security compliance?
81 you receive a popup message on your computer claiming your Close the pop-up and run a trusted antivirus
system is infected and asking you to download a program to fix or malware scan
 it. What is the best action?
82 What role does 'Urgency' play in social engineering attacks? In pressures victims to make quick
decisionswitout verifying information
83 Digital certificate use keys. How is the key structured 1 private and 1 public key
84 Which of the following items should NOT be left on a desk? Confidential documents
85 What action should be taken if a Data Principal's request for Provide an explanation for the denial
data access is denied
86 Using a VPN on mobile devices helps to Secure your connection with data flow over
channel
87 Using public Wi-Fi without protection can lead to Data theft
88 Which social enginnering technique involves impersonating a Phishing
trusted individual to gain accessto sensitive information?
89 What does 'authentication' refer to in cybersecurity The process of verifying the identity of a
user or systems
90 What does "clickjacking" refer to in social engineering Tricking users in to clickingon something
different from what they perceive
91 What is the primary goal of social engineering attacks? To exploit human psychology to obtain
confidential information
92 What is the safest way to download apps on your mobile From official/authorized app store only
device?
93 What does the "I" in CIA triad stand for Integrity
94 What 1s "whaling" in the context of social engineering A type of phishing attack targetting high-
profile individuals
95 What is the role of Data Protection Officer(DPO)under the To enforce data protection regulation within
DPDPA2023? an organization
96 _____________ is the data exchanged between an HTTP server Cookies
and a browser (a client of the server) to store state information
on the client side and retrieve it later for server use?
97 What is the purpose of a security patch? To update software to fix vulnerabilities
98 Which setting can you enable to help secure your mobile Automatic updates
device?
99 Which of the following is NOT a component of a Clear Desk Openly displaying sensitive information
policy?
100 What is the 'encryption' used fr in cybersecurity to protect data by converting it into a secure
format
101 What does 'whitelisting' mean in cyber security allowing only known and trusted
applications or entities
102 What is the "social proof" in the context of social engineering? Using the appearance of legitimacy or
authority to convince the target
103 When a hacker penetrates a network, this is a network security
 ________issue
104 The ouse on your computer screen starts to move around on its Disconnect your computer from the
own and clicks the things on your desktop. What do you do? network
105 To enhance the security of mobile applications, you should: review app permissions regularly
106 How often should Data Fiduciaries conduct Data Processing Whenever there is a significant change in
Impact Assessments according to the DPDPA 2023? the data processing activities
107 Which of the following can help protect against social Educating individuals and promoting
enginnering attacks? awareness about common social
engineering tactics
108 When leaving your desk you should: Lock your computer
109 An email from what appears to be your company's IT Verify the request through official company
department asks for your password to complete a system channels
update. What is the safest action?
110 What does 'botnet' refer to in cybersecurity A network of compromised computers
controlled by a central command
111 An email claims you've won a prize but needs upour personal Ignore the mail and delete it
details to claim it. What should you do?
112 Computer crime difficult to investigate. Which is not the true Computer crime investigation
reason requiresspecial techniques and tools
113 As per best IS practice, BIOS should be configured to boot only Primary Harddisk
from the _______only
114 A clear screen policy mandates that screen must be locked
115 You seem to have a weak memory? What is the best way to Write down the password in an encoded
handle this if you have to handle multiple applications? format, that only yoy can understand and
save it in a password protected file so that
you need to remember only one password
116 What does 'patching' refer to in cybersecurity Applying updates to software to fix security
vulnerabilities
117 To support a clear desk environment, employees should Report security incidents
118 What does 'SSL' stand for in cybersecurity? Secure socket layer
119 The importance of mobile app permissions is that they: protect user privacy
120 What must a data fiduciary obtain from the data principal Consent
before processing their personal data?
121 Which of the following is not a good practice for mobile security Sharing password
122 ________is a property of access control of multiple related, yet single signon
independent, software systems
123 Which of the following is a sign that your mobile device may be Unexpected app behaviour
compromised?
124 What is a digital signature An electronic signature involving Public
Private Key used for integrity and non
repudiation purposes
125 Where should you store the encryption passphrase for your Use the password management tool
laptop? supplied/ authorised by your organisation
126 What is the prupose of using a "honeypot" in the social To lure and detect attackersby setting up a
engineeringprevention? decoy system
127 How can you verify the legitimacy of an unsolicited request for Contact the requesting party through a
information known and trusted channel
128 What should you do if you find sensitive documents left Inform a supervisor
unattended?
129 Under the DPDPA 2023, what should be done with data that is It should be deleted or anonymized unless
no longer necessary for its purpose? retention of the same is requiredas per the
compliance of applicable law or regulation
130 In case of a data breach, ypu should Inform your organization immediately
131 What is "email spoofing" ? Sending emails with a gorged sender
address to deceive the recepient
132 what is a ddos attack a denial of service attack using multiple
systems
133 who is responsible for data categorization? Data owner
134 what is credential harvesting collecting user credentials through
deceptive methods
135 which of the following is a risk of not following clear desk data breaches
policies
136 not a common social engineering technique Virus spreading
137 what is public key infrastructure a framework for managing digital keys and
certificates
138 Mobile device management solutions help organizations by providing remote device management
139 What is impersonation in social engineering pretending to be someone else to deceive
the target
140 under the DPDPA 2023, what is a 'Data Principal'? The individual to whom the data relates.
141 keeping your mobile OS updated helps to Protects against vulnerabilities
142 you receive a message from what appears to be a popular Visit the official website directly and check
online service asking you to confirm your identity through a link. for any identity verifcation requests
What should you do?
143 What is the purpose of the 'Data Protection Authority' to oversee and enforce compliance with
established by the DPDPA 2023? data protection laws
144 what is 'two-factor authentication'? A security measure requiring two forms of
verification to access an account
145 What does 'penetration testing' assess? The security vulnerabilities of a system by
simulating attacks.
146 Which of the following will be as per procedure for digital Personnel who has discovered or reported
evidence in Forensics the incident should follow the first
responder guidelines to preserve the
 evidence
147 what is forensics in cybersecurity The process of analyzing data to investigate
and understand cyber incidents.
148 What deals with the protection of an individual's information digital privacy
which is implemented while using the internet on any computer
or personal device
149 in social engineering, what does drilling involve? Repeatedly asking for information until the
target gives in
150 Which of the following is not a segmentation of network vpn
151 which of the following refers to a series of characters used to Password
verify a user's identifty?
152 What is "Trojan Horse" in cyber security ? Aprogram that appears legitimate but is
actually malicious
153 You get an email from a "vendor" claimig they need immediate Verify the invoice with your accounts
payment for an invoice that wasn't expected. What is the safest department or directly with the vendor using
response? known contact details
154 You received a cal from someone pretending to be from your Verify the caller's identity through official
company's finance detarment asking for confidential financial company channels
data. What is the safest action?
155 The best practice for securing sensitive documentsis to: Use a locked drawer to keep the documents
156 What is 'Security Information and event management (SIEM)'? A system for real-time monitoring and
analysisof security events
157 What is the "tailgating" in the context of social engineering? Gaining unauthorised accessto a secure
area by following authorised personnel
158 A common methd of data theft is Phishing attack
159 An email claims that your subscription is about to expireand Visit the official website of the service
asks youto provide your paymentdetails through a link. What provider and check your subscription status
should you do?
160 If you receive a suspicious mail on your mobile device, you delete it and avoid interaction
should
161 Which of the following is NOT a right of Data Principals under Right to free access to all organizational
the DPDPA 2023? data
162 Which feature helps protect a lost mobile device Remote wipe capability

[Link] PARTICULAR ANSWAR MATCH

An Email from what appears to be a well-known D. Go directly to the
on line retaller offers a lagre discount if you reailers website and
1 update your payment details by clicking a link . check for any
 What should you do ? promotion or alerts.

C. A network of
compronited
computers controlled
2 What does ' botnet ' refer to in cybersecurity? by a central command
the best practice for handling suspicious links on D. delete them
3 mobile devices is to immediately
What should you do if you find sensitive
4 documents left unattended B. Inform a supervisor
Who can file a complaint with the data
5 protection authority B. Any data Principal
C. Pretending to be
someone else to
6 What is "impersonation " in social engineering ? deceive the target
Which of the following items should NOT be left D. Confidential
7 on a desk ? documents
C. A secure
enviroment for testing
8 What is a ' sandbox ' in cybersecurity software
D. Secure Sockets
9 What does 'SSL' stand for in cybersecurity ? Layer
Which of the following is NOT a common B. Using technical
10 characteristic of social engineering attacks? vulnerabilities
A. inform the affected
data principals and the
What should a data fiduciary do if there is a data data protection
11 breach? Authourity
Which of the following is a comman mobile
12 security threat ? D. Phishing attacks
------ is the data exchanged between an HTTP
server and a browser to store state information
on the cllent side and retrieve it later foe server
13 use A. Cookies
A. Ensure the
recovery country has
How should data Fiduclaries handle data adequate data
14 transfers outside of the protection laws.
 You receive an email from an unfamlliar address
claiming you"ve won a large sum of money but
need to provide your bank details to claim it. B. Ignore the email
15 What is the safest respone ? and delete it
You get a phone call from someone pretending B. Contact your IT
to be a techician from your company"s IT deparment directly
department, askingfor your computer"s using a known phone
password to perform a security check . What is number to verfiy the
16 the best response? request
Mobile device management (MDM) solution A. Enabling user
17 help organization by access
D. A vulnerability
that is unknown to the
18 what is a "zero-day-exploit"? software vendor
Digital certifficate use Keys. How is the key C. 1 Public and 1
19 structured ? Private key
C. Visit the official
An email claims that your subscription is about website of the sevice
to expire and asks you to provide your payment provider and check
20 details through a link. What should you do ? your subscription staus
B. A report on the
impect of data
Under the DPDPA 2023, what is a 'Data processing activaties on
21 Processing Impact Assessment'? privacy. T
A supposed company recruiter contacts you on A. Verify the
Linkedia offering a job opportunlty and asking recuiter's identity and
for your personal details . What is the best the job offer through
22 course of action company channels.
As per best IS practice . BIOS should be
23 configured to boot only from the ---- only C. Primary Hard Disk
D. A type of malware
designed to gain
unauthoried access and
24 What is a 'rootkit' ? hide its presence
A stranger claiming to be from your health
insurance company asks you to confirm your
policy number and personal details . What D. Hang up and report
25 should you do ? the call
 Under the DPDPA 2023, who is primarily
responsible for ensuring that personal data is
26 processed according to the law? B. Data fiduciary T
D. Tricking users into
clicking on something
what does "clickjacking" refer to in social different from what
27 engineering ? they perceive
D. Protect sensitive
28 The primary purpose of mobile security is to data
What type of malware specifically targets mobile
29 devices ? D. All the above
30 Using public WI-FI without proiection can lead to C. Data theft
A. A type of phishing
What is "Whaling" in the context of social attack targeting high-
31 engineering profile individuals.
B. Protect against
32 Keeping your mobile OS updated helps to vulnerabilities
C. It should be deleted
or anonymized unless
retention of the same
compliance of
Uner the DPDPA 2023, what should be done with applicable law or
33 data that is no longer uecessary for the purpose regulation T
B. To block or allow
data packets based on
34 What is 'firewall' used for in a nework? security rules.
D. A set of rules and
procedures for procting
an organization's
35 What is a 'security policy'? information system
D. Ignoring unsolicited
Which of the following is a preventive measure requests for
36 against social engineering attacks ? information.
D. Atechnique used to
redirect traffic from
legitimate sites to
37 What is 'DNS' spoofing' ? malicious ones.
What is the term for the entity that proceses
38 personal data on behalf of a data fiduciary ? A. Data controller
 What should you do if your mobile device is lost B. Report it
39 or stolen ? immediately
B. To make it hard for
anti-phishing filters to
detect text commonly
Filter evasion is the techniques used by phishers used in phishing e-
40 to use images instead of text mails.
A. It pressures victims
to mak quick decisions
What role does "urgency" play in social without verifying
41 engineering attacks? information
C. To lure and detect
What is the purpose of using a "honeypot " in attackers by setting up
42 social engineering prevention ? a decoy system
The process of finding vulnerabilities and
exploiting them usingexploitable scripts,
43 programs etc is calld B. Exploitation
Which portal should you use to report suspected B. Chakshu portal (
44 fraudulent communication ? [Link])
45 Clear desk practices primarily help in protecting D. Digital files
C. Asecurity measure
requiring two forms of
verification to access
46 Whaqt is "two-factor authentication'? an account
You receive a message from what appears to be D. Visit the official
a popular online service asking you to confirm website directly and
your identity through a link. What should yoy do. checkfor any identity
47 ? verification requests.
B. a denial-of-sevice
attack using multipl
48 What is a 'DDoS attack'? systems.
D. Use the password
management tool
Where should you store the encryption supplied authorised by
49 passphrase for your laptop ? your organisation
Which term refers to a malicious software
50 designed to replicate and spread itself B. Worm
Which of the following is NOTa typical signof a B. An email with proper
51 social engineering attack? grammar and verified
 sender

The mouse on your computer screen starts to B. Disconnect your

move around on its own and click on things on computer from the
52 your [Link] do you do ? network.
D. Gathering
information about a
target's network or
How does "footprinting " relate to social system to facilitate an
53 enginneering ? attack
C. Strong passwords or
54 Mobile devices should be protected with biometrics
A. The process of
obscuring sensitive
information within a
55 What is data masking ? database
A. To convince users to
download malicious
software by creating a
56 what is a common goal of "scareware" attacks. sense of urgency
A. Observing
someone's screen or
keyboard to gain
57 What is "shoulder surfing" ? information
if yoy nencounter a scam and need to report it,
58 which of the following numbers should you call ? C. 1930
What is a significant penalty under DPDPA 2023
59 for non compliance ? B. Monetary fine T
C. Number, special
Password dhoud contain which of the following characters and uper
60 " configuration" ? and lower case text
What should not be condsidered while defining D. Cost of preserving
61 the retention period of data ? th data
C. To oversee and
enforce compliance
What is the purpose of the data protection with data protection
62 authority established by the DPDPA 2023? laws. T
confidental information like customer
information or revenue information is masked or
63 changed before using environment A. Private data
 Accuracy and
INTEGRITY of information implies completeness of
64 information
…........ Is famous technological medium for the
spread of malware, facing problems of spam & Email
65 phising attacks
Yes, there are policies
Do we have policies on how/what you can and limiting what email I
cannot use email for? can and cannot send
66 while at work
If you get a suspicious phone call at work from a Hang up and contact
representative at SBI claiming that your your supervisior
67 computer is infected with virus, you sohould immediately
…........... Is a scenario when information is
Data Breach
68 accessed without authorization
Which of the following is the best way to
Patching a system
69 mitigation zero-day exploits
…............... Is the technique used for tricking
users to disclose their username and passwords Phising
70 through fake pages
71 ….......Masks your IP Address VPN
72 Keylogger is a Spyware
…...... Is the practice and precautions taken to
protect valuable information from unauthorised Information Security
73 access, recording, disclosure or destruction
You've inadvertently opened a web link
You need to update
contained in a supicious email and now your
and run your antivirus
computer is behaving strangely what should
software
74 course of action should you follow next?
Using the method
Which one of the following describe how a listed in the
breach in IT security should be reported organization's security
75 policy
Information being
available when
Availability of information implies
required a bussiness
76 process
Who or what is the weakest link in the security
Human beings
77 chain
 Which is last line of defense in a physical security
Employee
78 sense
What is the following is way to avoid malware on Only install trusted
79 a mobile device application
80 Information security is the responsibilty of Everyone in the Bank
Spywares can be used to steal …........ From the
Browsing History
81 attackes's browser
User may subscribe to
any mailing
According to acceptable usages policy, what user list/internet newsgroup
should not do discussion board using
the bank's offical email
82 account
83 When is it ok to reuse a password Never
Which of the following is the effective way to
Encrypting the hard
mitigate the risk of data loss in the event of a
drive
84 stolen laptop
Identifying the
Which of them is not scanning methodology
85 malwarein the system
Which of the following should be the PRIMARY
input when defining the desired state of security accptable risk level
86 within an organization
…....... Is a social engineering attack by using
false promise like offer users free music or Baiting
87 movies downloads, to lure victims
A Web of connected
What is Computer network?
88 computers or devices
Which of the following is an example of a
All of the Above
89 "Phising" Attack?
90 Lack of Access Control Policy is? Vulnerability
The violation involves
What is the breach of integrity unauthorized
91 modification of data
Fraudulent email mesasges are some fake email
messages that seem legitimate which asks for
Credit card, Login ID
your confidential bank details such
92 as…................details….........and passwords
….......is the practice and precautions taken to
Information security
93 protect valuable information from unauthorized
 access, recording, disclouser or destruction

Information security awareness training should

All of the Above
94 be imparted
The Web address start
Which of these is an indicator that a website is
with https:// and have
secure
95 padlock sign
to mark a copy of
official communication
The facility of CC (carbon Copy) in email is
to the controlling
provided for
authority i.e your
96 manager
Which of the following password is considered
Wth!Z$157
97 as secure
…........... Is the protection of smart-phones,
phablets, tabletes , and other portable tech-
Mobile security
devices, & the networks to which they connect
98 to, form threats & Bugs.
Ava needs to leave her workstation to ask her Lock her workstation
coworker a question what should she do before by pressing
99 leave her workstation? CTRL/ALT/Delete- Lock
SBI developed a strategy to share a customer data sharing complies
information data base between offices in two with local laws and
countries this situation, it is most important regulations at both
100 ensure. locations
In case miuse of internet facility is detected ,
Both a & b
101 Bank reserves the right to
Which of the following is the effective way to
Implement role-based
mitigate the risk of confidential data leakage to
access controls
102 unauthorized stakeholders?
protecting information
Confideniality of information implies from unauthorised
103 disclouser
Protect the
confidentality ,
integrity and
What is the goal of information security
availability of
information and
104 information system
 Which of the following combination is Username, Fingerprint
105 considered as multi -factore authentication & Pin Number
Which one of the following describe why you
to ensure the secure
should follow guidelines and procedures while
use of it resources
106 using IT resources in an organization.
Activate _____________ when you're required it
Bluetooth
107 to use, otherwise turn it off for security purpose
Password should be
Which of the following one should not follow in
kept in written copy to
order to keep password secure?
108 remember.
Information being
available when
AVAILABILITY of information implies
required by a business
109 process
Every Internet Banking user should know that
the SBI or RBI or Government of India will never All of the above
110 ask for
_____________ are essential because they
frequently comprises of critical patches to Software updates
111 security holes
_____________ is the technique used for
tricking users to disclose their username and Phishing
112 passwords through fake pages
Which is not classified under the three (3) factor
Something you can do
113 categories used in multi factor authentication
__________is a social engineering attack by
using false promise like offer users free music or Baiting
114 movie downloads, to lure victims
115 _____________ = voice + phishing. Vishing
Segregation of duties is a security control
Avoid collusion
116 PRIMARILY used to
If a user knows that his internet banking account
credentials is stolen, he can protect his account Either (a) or (b)
117 by
B. Any organization or
Who are the targets of modern-day hackers? individual is liable to be
118 the victim of hackers
Which of the following statements best
Security professional
119 describes a white-hat hacker
 Which of the following combination is
fingerprint,pin number
120 considered as multi-factor authentication
A Type of malware that
121 What is Keylogger records keystroks
Which of the following is a preventive measure Ignoring unsolicited
122 against social engineering attacks request for information
C. an insider who uses
Which of the following describe a "rogue their access for
123 employee" in social engineering malicious purpose
A. To manipulate
individuals into
what is the purpose of "social engineering" in providing confidential
124 the contect of a cyber attacks information or access
C. The process of
analyzing data to
investigate and
understand cyber
125 What is 'forensics' in cybersecurtiy incidents
126 What does 'malware' stands for Malicious software
The process of finding vulnerabilities and
exploting them using exploitable script,
127 programme etc is called exploitation
B. The individual to
128 Under DPDPA 2023, what is tha Data Principal whom the data relates T
using the appreance of
ehat is social proof in the contect of social legitimacy or authority
129 engineering to convince the target
Whenever there is a
How oftern shoulf data fiduciaries conduct data significant change in
processing impact assessments according to data processing
130 DPDPA 2023. activities T
The importance of mobile app permission is that A. Enhance user
131 they experience
A stranger contacys you through email,claiming
to be foreign official needing your assistance to
transfer a large sum of money what is the safest which of yhe following
132 response practices supp

You receive a call from someone pretending to Verify the caller's

133 be form your company's finance department identity through official
 asking for confidemtial financial data. What is company channels
the safest action?

An attack that attempts

to overload a system to
134 What is s 'Denial of Service(DoS)' attack make it unavilable
Which of the following is a right granted to data Right to delete data
135 principals under the DPDPA 2023? upon request T
Malicious software that
encrypt data and
demand a ransome to
136 What is Ransomware decrypt it
Which social engineering attacks method
involves mainpulating individuals through social
137 engineering Phising
You get a call from your technincal support Refuse and contatct
helpdesk saying they are performing an urgent your manager or
server upgrade. They askyou for your password information security
138 what should you do team
strong password or
139 Mobile device should be protected with biometric
A. Dividing a network
into smaller segments
to improve security and
140 What does 'network segmentation' involve maange traffic
B. Secure your
connection and data
141 Using a VPN on mobile devices help to flow over channel
B. Protect against
142 Keeping your mobile OS updated helps to vulnerabilities
A type of cyberattack
where attackers
impersonate legitimate
entities to steal
143 What is Phising information
A methord for
managing network
144 What is DNS Spoofing traffic
to Block or allow data
145 What is a firewall used for in a network packets based on
 security rules
A type of Phishing
What is "whaling" in contect of social of social attack trageting high
146 engineering profile individuals
Which social engineering technique involves
impersonating a trusted individuals to gain
147 access to sensitive information Impersonation
Numbers, special
Password should contain which of the following characters, and upper
148 " configuration and lower case text
The process of
obscuring sensitive
information within a
149 What is data masking database
150 Who control the network of Bots? BOT-HERDERS
A. An unathourized
access abd retrival of
151 wHat is data breach sensitive information
What is the term for the entitiy that process
152 personal data on behalf of data fiduciary data processor
the mouse on your computer screen starts to dissconnect your
move around on its own and click on things on computer form the
153 your desktop. What do you do networks
your receive an urgent request for confidential
information from what seems to be your
company's CEO via email. The email address is
slightly different from usual. What is the B. Ignore the email and
154 appropriate actions? report it as spam
C. a security measure
requiring two form of
verification to access
155 What is two factor authentication an account
B. Using social media
plateforms to gather
personal information
156 What is "social media engineering" for attacks
Which of the following is not a component of a openly displaying
157 clear desk policy sensitive information

158 which of the following is not a principal of data D. Data T

 processing under the DPDPA2023 Commodification

To enforce data
What is the role of data protection officers(DPO) protection regulation
159 under the DPDPA 2023 within an organization T
Decline the request
Your supervisor is very busy and ask you to log and remind your
into her server using her userID and password to supervisor that it is
160 retrive some report. What shoulf you do? against AUP policy
A. Redirecting user
from Legitimate
What is pharming involved in the context of website to fradulate
161 social engineering ones
What should you do if your mobile device is lost
162 or stolen report it immedialty
A. an electornic
signature involving
public and private key
used for integrity and
ono repudatation
163 What is digital signature purpose
An email from an unfamiliar sender claims you
owe money and provides a link for payment Ignore the email and
164 what should you do do nothing
B. unsolicited requests
Which of the following is a red flag of a social for sensitive
165 engineering attacks information
A. Applying updation
to software to fix
166 What does 'patching' refer to in cybersecurity ? security vulnerabilities
What is the maximum duration for which
personal data can be retained under the DPDPA
167 2023 ? C. Indefinitely T
D. Hang up and call
your credit card
A call from someone claming to be from your company using the
credit card company asks for your PIN to verify number on the back of
168 recent transactions. What is the best response ? your card
Which authority is responsible for overseeing B. Data Protection
169 compliance with the DPDPA 2023? Authority (DPA) T
 What type of data processing requires explicit
consent from the data principal under the A. Data for marketing
170 DPDPA 2023 ? purposes T
C. Manipulating
individuals to divulge
confidential
171 What is social engineering information
C. Educating individuals
and promoting
awareness about
Which of the following can help protect against common social
172 social engineering attacks? engineering tactics
Which of the following can enhance mobile B. Enabling automatic
173 security ? updates.
What is the primary objective of the digital B. To protect personal
174 personal data protection act DPDPA 2023 ? data of individuals. T
What deals with the protection of an individual's
information which is implemented while using
175 the internet on any computer or personal device B. Digital privacy
D. Personal
What type of information is typically targeted by identification
176 social engineers? information (PII)
A. Contact your bank
you receive a text message that appears to be using a known phone
from your bank, asking you to click a link to number to verify the
177 verify recent transactions . What should you do ? legitimacy of the text
D. Right to free access
Which of the following is NOT a right of data to all organizational
178 principals under the DPDPA 2023 ? data T
D. Conducting regular
How can organization train employees to security awareness
179 recognize social engineering attacks ? training
Which of the following is not a comman social
180 engineering technique C. Virus spreading
A. the process of
applying updates to
181 What is 'patch management '? software
Which entity is not directly involved in data
182 processing activities under the DPDPA 2023 D. Data verifier T
 Whichof the following is not a segmnetation of
183 network A. VPN
B. A targeted phishing
attack aimed at a
specific individual or
184 what is :spear phishing " ? organization
which of the following is a risk of not following
185 clear desk policies ? C. Data breaches.
B. Removing
identifiable information
so the data can not be
What does anonymization of data mean under traced back to an
186 the DPDPA 2023 indival T
C. Protecting
individuals devices that
187 What does 'endpoint security' focus on connect to a network
A. A System for real-
time monitoring and
What is 'securiyt information and event analysis of security
188 management (SIEM)? events
Removing identifiable
information so the data
What does 'anonymization' of data mean under cannot be traced back
189 the DPDPA 2023 to an individual
Which of the following is a risk of not following
190 Clear Desk policies? Data Breach
An unauthorized access
and retrival of sensitive
191 What is data breach information
What should not be considered while definnig Cost of preserving the
192 the retention period of data data
which of the following is a common mobile
193 security threat Phishing attacks
…......is a property of access control of multiple
194 related, yet independent , software systems Single Sign on
Verify their identity
A supposed new friend on social media through mutual friends
messages you, claiming they need help with a or another trusted
195 financial emergency. What should you do? method
 …...... is a data taken from production
environment and then confidential information
like customer information or revenue
information is masked or changed before using
196 in test enviornment? A. Private Data
An email from what appers to be your
company's IT department asksfor your password
to complete a system update. What is the safest D. Ignore the email and
197 action? do nothing
Verify the invoice with
your accounts
you get a email from a"Vendor" claiming they department or directly
need immediate payment for an invoice that with the vendorusing
198 wasn't expected. What is the safest response? known contact details
Which of the following is not a good practice for
199 mobile security Sharing Password
Which of the following passwords is
200 recommended? c. UcSc4Evr!
Which of the following is not a segmnetation of
201 network VPN
Collecting user
credentials through
202 What is Credential Harvesting deceptive methods
A targeted phishing
attack aimed at a
specific individuals or
203 What is "spear Phishing"? orgnization
Which of the following is not a common social
204 engineering technique Virus spreading
Which entity is not directly involved in data
205 processing activities under the DPDPA 2023? Dataa Verifier
To exploit human
psychology to obtain
What is the primary goal of social engineering confidential
206 attacks? information
The process of applying
updates to software to
207 What is 'patch management fix vulnerabilities

208 What does ' vulnerability assessment' involve ? A. Identifying and

 evaluating security
weaknesses in system s
D . Repeatedly asking
In Social engineering . What does drilling invove for information until
209 ? the target gives in
A. Converts data into a
format that cannot be
read without a
210 What does ' data encryption' do ? decryption key.
211 What does the "I" in the CIA Triad stand for ? B. Integrity
A. Inform your
organization
212 In case of a data breach you should ? immediately
The best practice for securing sensitive B. Use a Locked drawer
213 documents is to : to keep the documents
Which type of attack involves manipulating the
target into disclosing information through a fake
214 technical support scenario ? B. Pretexting
A. Contact the
company a support
An email with a subject line about a critical team through offical
update from a well know company asks you to channels to verify the
215 download an update file . What should you do email.
C. Uniform Resource
216 What does URL stad for Locator
B. Research the charity
A caller calaims to be from a charitable to ensure it is
organization you've never heard of and asks for a legitimate befor
217 donation over the phone . What should you do making a donation
A. Sending emails with
a forged sender
address to deceive the
218 What is email spoofing recipient
219 Strong passwords should be B. Complex and unique
A. internet protocol
220 what does ip address stand for address
A. Gaining
What is tailgating in the context of social unauthorised to a
221 engineering secure area by
 following authorized
personn….....
A. To obtain sensitive
information by
what is shoulder surfing often used for in social watching over
222 engineering someone's shoulder
A person claiming to be a former employee C. Verify the identity of
contacts you via email,asking for access to the foemer employee
certain company resoures due to an emergency . through official
223 What should yoy do ? company channels.
C. Redirecting users to
fraudulent websites to
224 What is pharming often used to achieve ? steal their information.
C. Go to the official
an email claims that you need to verify your webside directly and
accountdue to suspicious activity by clicking a log in to check for any
225 link provided in the email . What should you do alerts or messages
B. Enhance data
226 What is the primary goal of clear desk policy security
An email claims you've won a prize but needs
your personal details to claim it. What should B. Ignore the email and
227 you do delete it
A. Properly disposing
228 which of the following practices supports of outdated documents
D. A program that
appears legitime but is
229 what is a trojan horse in cybersecurity actually maliiciou….
you get a voicemail from someone claiming to be C. Contact your H r
from your company's HR department, asking for Deaprtment directly
your personal details to update records. What is using a verified phone
230 the best course of action number
D. protects against ,
detects and removes
231 What does anti virus software do ? viruses and malware
what must a data fiduciary obtain the data
232 principal …............. B. consent
there is a restricted area where you need to B. Advice him
swipte …. Someone enters immediately after you tailgating is not allowed
233 enter ? and ask him to
 authentical …...............

C. offering something
enticing to lure the
target into disclosing
234 what is baiting in social engineering information
A. A framework for
managing digital keys
235 what is public key infrastructure and certificates

1. Where should you store the encryption passphrase for your laptop?
D. Use the password management tool supplied/authorized by your organization.+

2. A___ attack one of the simplest processes of gaining access to any password protected
system.
B. Brute Force

3. Full form of BYOD:C. Bring your Own Device

4. Which of the following statements is True? C. Users should not subscribe to any…..

5. The latest version of TLS is C. TLS 1.3

6. If a user knows that his internet banking account credentials is stolen, he can protect his
account by C. Either A or B

7. Internet may be used for personal purpose within organization? B. False

8. What is the existence of weakness in a system or network is known as? C. Vulnerability

9. By using ___ you can diminish the chance of data leakage. D. Steganography

10. How should be the PII/ Sensitive details stored in Bank’s asset B. Stored using secure
password protected form

11. Store room should have C. Both A & B

12. URL address of Bank’s internet banking site is [Link] Letter ‘S’ in the
https denotes B. Secure

13. User should disclose any information about any customer of Bank including their personal
details on any internet site or social media. B. Never

14. Cracking digital identity of any individual or doing identity theft, comes under ____ of IT Act.
B. Section 66
15. The sensitivity of a system can be improved by A. Threat monitoring

16. What type of passwords one can choose? A. one should always use…

17. _____ allow its users to attach to the internet via a remote or virtual server which preserves
privacy B. VPNs

18. Which of the following is the least strong security encryption standard? A. WEP

19. Which of the following is the strongest security encryption standard? [Link] 3

20. Availability of information implies A. Information being available when required by a

business process

21. Which of the following is not recommended as per bank’s password security policy?
B. Password should be kept written copy to remember

22. Which of the following is not a cybercrime? D. AES

23. Assets entering into bank premises which can be electronic storage devices, camera, laptops
shall be recorded by___ with proper approval and authorization of the electronic devices. A.
Bank’s security team and system

24. All access to internet should be authenticated and may be restricted only to C. business
related sites

25. Which of the following is a good practice? C. Grant limited permissions to specific
account

26. Which is not a threat modelling methodology? B. TOGAF

27. Which of them is not a scanning tool? C. Meltego

28. X is an algorithm on a computer system that bypasses security controls. Generally, this is
added by the original developer for some legitimate access, which may also be used by a hacker
in a malicious way. What is the form of vulnerability called? B. Backdoor

29. What all policies are available to the end users to report security violations. C. Both

30. What is/are primary goals and objects of the security infrastructure? D. All of the above

31. In which phase, the hackers install backdoors so that his/her ownership with the victim’s
system can be retained later? C. maintaining access

32. If an email promises a lottery of USD 25 million on payment of 1% charges as processing fee,
we should D. Do not respond to such mains as these are bogus mails

33. For the verification OF Digital Signature you should check: C. Both a or b
34. Technology no longer protected by copyright ,available to everyone, is considered to be A.
Proprietary

35. Which of the following is a type of cyber attack? D. all of the above

36. Data __ is used to ensure confidentiality. A. Encryption

37. Undertaking for eWaste to be submitted by vendors to DC & C, GITC in what intervals? C.
Annually

38. Which platform is used to record CSR activities conducted by ISD in the bank C. CSR
lifecycle

39. Sending offensive message to someone comes under __ of the Indian IT act. D. Section
66A, 2008

40. Attackers commonly target __ for fetching IP address of a target or victim user. A. Websites

41. Users should maintain an updated copy of certificate revocation list to avoid: D. All of the
above

42. Users should __their desktop and laptop screens before leaving them unattended for short
duration. A. Lock

43. Employees should access intranet only through Bank’s A. Centralized proxy

44. ____ is the entity for issuing digital certificates. A. Certificate Authority (CA)

45. _____is a device which secretly collects data from credit/debit cards. A. Card skimmer

46. All assets should be registered in ITAM before usage? A. True

47. You have a highly sensitive document which you need to email to a trusted third party . What
is the safest way to send this? C. Encrypt the document first. Then send the password to the
third party …

48. Which of the following DDoS in mobile systems wait for the owner to trigger the cyber attack?
A. Botnets

49. ____ means the protection of data from modification by unknown users. B. Integrity

50. Which of the following is defined as an attempt to steal, spy, damage or destroy computer
systems, networks or their associated information ? A. Cyber Attack

51. Which of the following refers to the technique used for verifying the integrity of the message?
D. Message Digest

52. What is the most common cause of cyber incidents in organizations ? D. Phishing
53. Who deploy Malwares to s system or network? A. Criminal Organizations, Blackhat
hackers, malware developers, cyber terrorists

54. Which of the following agent is used in the bank for connecting to VPN A. GlobalProtect
Agent

55. Security incidents and violations that an end user is aware of, witness or its informed should
be reported on D. all of the above

56. All of these are good physical security practices except: D. When leaving work , always
wear your security badge…

57. What is the difference between DevOps and DevSecOps C. DevSecOps places security
controls in the CI/CD process of DevOps.

58. Which of the following is the hacking approach where cyber criminals design fake websites or
pages for tricking or gaining additional traffic? B. Pharming

59. What is not the best security practice? D. VA observation closure

60. _________ is a component of the reconnaissance stage that is used to gather possible
information for a target computer system or network. C. Foot Printing

61. Fraudulent email messages are some fake email messages that seem legitimate which asks
for your credential bank details such as ___details and ____ and password. B. Credit card,
Login Id

62. Which of the following technologies is an intermediary server separating end users from the
websites they browse and enforces varying levels of functionality, security, and privacy depending
on use case, needs or company policy. C. Proxy server

63. __is the process of verifying or testing the validity of a claimed identity . B. Authentication

64. You need to access an internet site which is unofficial which is not opening in the Branck
desktop? What will you do? D. Refrain from doing anyone of the above as they are against
Bank policy

65. Which of the following is the least acceptable form of biometric device? B. Retina scan

66. Which of the following is an example of passive attack?

D. Search about target records in online people database

67. What are the activities performed by first responder. D. All of the above

68. Which of the following is not on OWASP’s top 10 web application security risks. C. Non
compliance
69. _____ will encrypt all your system files and will ask you to pay a ransom in order to decrypt all
the files and unlock the system B. Ransomware

70. Can mobile device be used as is to carry business information? A. YES

71. Which of them is not a major way of stealing email information? B. Reverse Engineering

72. Any digital content which any individual creates and is not acceptable to the society. It is a
cyber crime that comes under __ of IT act. C. Section 67

73. Which of the following is applicable in case of third party/external entity integration with Bank’s
Infrastructure. B. 43 Point vendor control checklist

74. What sort of intruders are actually “ Good Guys” doing good things for your network. B.
Ethical hacker

75. Which of the following is true regarding secure password? C. Random Passwords are the
strongest

76. What is a backup? D. all of these

77. What is DDos? C. Distributed Denial of service

78. What are the risk associated with smoking in Bank premises? B. Fire

79. Employees can report incidents to external entities as and when incidents occur B. False

80. ____ is a naming system given to different computers which adapt to human-readable domain
names. [Link]

81. Spywares can be used to steal ____ from the attackers browser. A. browsing history

82. Which of the following is not a spot from where attackers seek information. D. Document
files

83. What is best option of sending confidential data over email ?

A. Attachment should be protected with password

84. Which is a bankwide application available for privileged user password vaulting? [Link]

85. ____ is the illicit transmission of data from inside an organization or personal system to an
external location or recipient. B. Data leakage

86. Malware stands for ? C. Malicious software

87. Deep web is also known as ___ D. Hidden Web

88. Employees visiting other offices should carry and display their __ B. Office ID card
89. To share vulnerability closure report with auditor, manu used public WIFI available in hotel.
Identify the potential security risks in this scenario. D. All of the above are genuine risks
associated in this case

90. This is the conversion of data into a ciphertext that cannot be easily understood by
unauthorized people. [Link]

91. Who is responsible for securing mobile devices. [Link] User

92. Select from the following that will help us for the secure disposal of data C. Obsolete
documents/papers should be destroyed….

93. ___ is a type of attack where the construction of a fake webpage is done for targeting definite
keyword & waiting for the searcher to land on the fake webpage B. Phishing

94. What are the two main approaches used to determine the likelihood of a threat occurring
D. Qualitative and Quantitative

95. Which of the following is not an example of social engineering? C. Carding

96. Specially for Banking institution, which of the following is crucial to survive in business and
avoid legal suits? B. Confidentiality

97. INTEGRITY of information implies A. Accuracy and completeness of information

98. Which of the following is not a scanning methodology? C. Identifying the malware in the
system

99. Which of the following is not considering the adequate measure for physical security?
C. Keep confidential organization’s document file open in the desk

100. A user use a portable device and it contains some useful information for business. Who is
responsible for the security this information? A. User

101. ____ is a property of access control of multiple related , yet independent , software system
C. Single sign on

102. Which of the following is the best way to prevent shoulder surfing of sensitive information?
A. When viewing sensitive information on a screen, users should be aware…..

103. ____ is the protection of smart-phones, phablets, tablets and other portable tech-devices, &
the networks to which they connect to from threats and bugs. D. Mobile security

104. Any cyber-crime that comes under section 66 of IT act, the accused person gets fined of
around Rs. D.5 lakhs

105. In case misuse of internet facility is detected, Bank reserves the rights to C. Both (a) & (b)
106. What is the best option for AV (Anti Virus) scanning B. Don’t change the settings
configuration by bank’s AV team

107. Employee should ___ all the assets while leaving the organization, given to him/her during
the joining time. A. Handover

108. Which of the below is not used for multi factor authentication A. Something you do

109. Information security is the responsibility of A. everyone in the company

110. How should be the Bank’s information asset be secured while accessing the same.
A. Authentication and authorization should be ensured before accessing

111. What we can store on our PC/ Mobile? D. No. We cannot store PII or any secret in Mobile
PC.

112. The ____ transferred between your device & the server is securely encrypted if you are
using VPNs. A. Data

113. Which of them is not a major way of stealing email information? B. Reverse Engineering

114. ___ is a device which secretly collects data from credit/ debit cards. A. Card skimmer

115. All suspected information security violations, incidents and vulnerabilities ( like data
corruption , changes in user Id/Password, existence of unknown user accounts, abnormal system
behavior, suspected virus attack etc.,) are not recorded and not reported to [Link]@[Link]
immediately in the prescribed template. [Link]

116. Users should ___ their desktop and laptop screens before leaving them unattended for short
duration. A. Lock

117. What are the activities performed by first responder? D. All of the above

118. ___ is the practice and precautions taken to protect valuable information from unauthorized
access, recording, disclosure or destruction. C. Information security

119. Employees can use BYOD and connect them to bank’s network. B. False

120. Which of these email practice/use is considered inappropriate ? D. All of the above

121. ___ Is a scenario when information is accessed without authorization D. Data breach

122. ___has become a popular attack since last few years, and the attacker target board
members, high ranked officials and managing committee members of an organization. B.
Ransomeware

123. Malware, or malicious software, is any program or file that is harmful to a computer user.
Types of malware can include D. all of the above
124. Which platform is being used to raise ISD in-principle approval and final security review In
the Bank. D. Archer portal

125. Why users should not forward/ send business emails to their personal mail IDs. D. all of the
above

126. Clicking a link which is there in your email which came form an unknown source can redirect
you to ___ that automatically installs malware in your system C. malicious site

127. Lack of access control policy is a ___ C. Vulnerability

128. X has been defined as any act that influences a person to take any action that may or may
not be in their best interests. Basically, it is the psychological manipulation of people into
performing actions or divulging confidential information B. Social engineering

129. DNS translates a Domain name into C. IP

130. Malware stands for C. Malicious software

131. Every internet Banking user should know that the SBI or RBI or Government of India will
never ask for D. All of the above

132. The three steps of data loss prevention are Identify, Discover and ____ A. Classify

133. ________important and precious file is a solution to prevent your files from ransomware
B. Keeping backup of

134. Which will be encompassing strong password: D. All of the above

135. What are the authentication methods in MDM (Mobile Device Management) solution? C.
Both A & B

136. Obsolete papers and computer media which are no longer is use should be B. Shredded

137. Which of the following do not comes under social engineering? D. Spamming

138. Which of the following should be part of personnel security policy to ensure and secure off-
boarding of the user? C. Both A & B

139. Identify the element which is not considered in the triad, according to the CIA A.
Authenticity

140. All of these are good social media interaction practices except? D. Users may express
authority using the name of the Bank while expressing any views in any of the internet
sites/social media.
141. What needs to be done for Email accounts of terminated employee? B. Terminate the
email ID of user

142. Power points for ATM in the on-site ATM should B. not be accessible to public

143. Confidentiality of information implies B. Protecting information from unauthorized

disclosures

144. Which of the following refers to a series of characters used to verify a user’s identity? C.
Password

145. ____ is the techniques used for tricking users to disclose their username and passwords
through fake pages. B. Phishing

146. One who disclose information to public of a company, organization, firm, government and
private agency and he/she is the member or employee of that organization; such individuals are
termed as___ D. Whistleblowers

147. Cert-In represents A. Computer Emergency Response Team India

148. What is meant by term spamming. C. unsolicited emails to large number of users

149. Under what circumstances the user should report to Registration Authority/CA: D. all of the
above

150. What is an incremental backup? D. A backup of all changed files since the last full
backup.

151. Which of the following is a security incident? C. All of the above

152. In a forensic investigation Reserve the right to seize and forensically examine any POD
believed to contain or to have contained. Bank’s data where necessary for investigatory control
purposes is TRUE or False B. True

153. System room should have C. Both A &B

154. Which are the security best practices to be followed D. All of the above

155. ___ deals with the protection of an individual’s information which is implemented while using
the internet on any computer or personal device. B. data privacy

156. What is false for portable devices issued by bank to employees? D. In the event a
laptop./device is stolen… Which of the following is not an advantage of cyber security? A. makes
the system slower

157. ___ and ___ are kept in a well-ventilated environment. A. UPS, Batteries
158. __________ involves scams where an individual (usually an attacker) lie to a person (the
target victim) to acquire privilege data. B. pretexting

159. Information security is the responsibility of A. Everyone in the company

160. All of the following are example of real security and privacy risks EXCEPT: B. Spam

161. In port scanning, a______ is always associated with an IP address (usually of the host
system) & the type of protect (UDP or TCP) employed for communication. B. Port

162. Which of this is an example of physical hacking? B. Inserting malware loaded USB to a
system

163. Any of Bank’s information classified as “ secret” or “ Confidential “ Should not be stored on
any POD is TRUE or FALSE? A. TRUE

164. ClearPass NAC agent check compliance for which of the following : D. All of the above

165. Which of the following techniques are used during computer forensics investigations? D. all
of the above

166. Select the phishing Schemes that apply to the following email: From:
no_reply@[Link] Subject: Account Status Dear Valued Customer, Urgent Kind
Attention SBI Bank Customer Due to a recent security check on your account performed by
R.B.I.,we require you to … C. Both a & b

167. Which of the following is NOT the major aspect of protecting information? A. Convenience

168. User’s passwords should be shared. B. This statement is FALSE

169. What are the ways to transmit information securely (including e-mail): C. A&B both are
correct

170. Choose the true statements out of the following : (i) Users should not enable sharing of
folders in their Desktop/Laptops with other users. (ii) User should report to user’s manager on any
virus detected in the system and not cleaned by the anti-virus. (iii) Only licensed or whitelisted
applications should be installed on the desktop/portable devices. C. All the three statements are
true

171. In a forensic investigations what includes reserve the right to control its information. D. all of
the above

172. Back-up and retention schedule should be decided based on D. all of the above

173. Which of the following are best practices to be followed while using bank’s systems A. All
sensitive date should be secured or D. Only A

174. What are the required elements to be present in identity card? D. all of the above
175. In computer security, this describes a non- technical kind of intrusion that relies heavily on
human interaction. D. Social engineering

176. Does Desktop will able to connect SBI network without Antivirus? B. No

177. ____ is a combined term which encompasses 3 sub-pillars; Information privacy, individual
privacy, and communication privacy. C. Digital Privacy

178. IP address of non-ADS machines and machines without anti-virus, if any, should be advised
to____ dept through email addressed to___ A. PE2, dgmit.pe2@[Link]

179. Which policy to be followed for data backup/storage media/ destruction of secondary storage
media A. IT/IS Policy

180. What are the security best practices to be followed. D. all of the above

181. Which of the following is considered as the unsolicited commercial email? C. Spam

182. Which one of the following features is supported by mobile device management (MDM)
solutions? D. all of the above

183. Who is responsible for the physical security of user desktops and portable devices? C. User

184. A software program or a hardware device that filters all data packets coming through the
internet , a network, etc., is known as B. Firewall

185. What are the ways by which security violations can be bought into notice D. All of the
above

186. Systems not having latest antivirus patches should be allowed to be used? B. False

187. Which of the below is not best practice for desktops? C. Desktop may have unapproved
software running

188. What are all the pre requisites for mobile devices to be connected to Bank’s network D. all
of the above

189. Who is responsible for final closure of the incidents. C. Application owner

190. What you should do if you found a security incident?

A. Follow the first responder guidelines to preserve the evidence

191. Which authority provides approval for the email access and the configuration of mailbox
size? [Link]

192. Does additional attachments can be uploaded into the ticket portal? A. Yes

193. Ideally, what characters should you use in a password to make it strong? D. all of the above
194. Users should ensure that certificate is renewed timely keeping in view the ___ A. Expiry
date

195. How should be the Bank’s devices be protected D. All of the above

196. Which of the following is the preventive method against identity theft?
A. Users should set browser security setting to medium/high

197. ____ are deadly exploits where the vulnerability is known and found by cyber criminals but
known and fixed by the owner of that application D. Zeroday exploits

198. _____ provides an isolated tunnel across a public network for sending and receiving data
privately as if the computing devices were directly connected to the private network. D. Virtual
Private Network

199. Download copy, extract data from an open system done fraudulently is treated as ___ D.
Cyber-Crime

200. Which of the following is not a strong security protocol? C. SMTP

201. Users should protect the confidentiality of their credentials though ___ B. Good Password

202. For BYOD, existing users who intended to change or decommission their existing device
should raise the request to which dept? C. IT -RMD

203. Which of the following are best practices to be followed while using Bluetooth? D. all of the
above

204. All bank employees, vendor partners and where appropriate, business associates should
C. A & B Both

205. What should an employee do if he/she observed or suspect information/cyber security

events or weakness in system? C. He/She should follow cyber security incident handling and
reporting SOP

206. Which of the following are best practices while using printers/faxes? D. all of the above

207. Which of the following tools are not used in the bank in order to ensure endpoint security D.
MSteams

208. Information security awareness training should be imparted [Link] of the above

209. At home, you login to social media site and one of your friends asks for your email id?
A. you give your personal email Id

210. Which if the following Is true regarding asset replacement:

A. Employee shall handover the old asset with all accessories given.

211. Regular backup of all assets should be taken as per approved policy. A. True
212. All the devices connecting to Bank’s network is required to follow IS policy. A. True

213. From the options below, which of them is not a vulnerability to information security? A.
Flood

214. What is the most important aspect of a biometric device? A. Accuracy

215. What is meant by the term spamming C. Unsolicited emails to large number of users

216. Internet can be accessed from your branch/officer desktop through C. Bank’s Centralized
Internet proxy

217. Which of the following is not done in gaining access phase? A. Tunneling

218. Use of ____ can bring external files and worms and virus along with it to the internal
systems. [Link]

219. User should safeguard private key by which of the following method: C. Either A or B

220. In case of any asset replacement, employee shall _____the old asset with all the
accessories given. A. Handover

221. Which is the most appropriate method to prevent unauthorized access to your desktop if you
are leaving your work station for a short duration. A. Lock the desktop using windows key +L

222. No _____ information and mails related to staff/vendor partner/customer/Bank should be put
on office notice board or posted onto Internet or shared without approval from competent
authority B. Confidential

What 223. is ‘S’ in HTTPS: C. Secure

224. What method used by hacker relies on trusting nature of the person being attacked? A.
Social Engineering

225. Key Logger is a/an: [Link]

226. The mail service provided by the bank is for : B. To support bank’s business
communication and …..

227. What all external devices should not be connected to systems connected to bank’s internal
network. D. all of the above

228. License of MS office can be used to activate product in personal desktop? B. False

229. For business purposes, users can install any free wares and sharewares in their desktops
and laptops [Link]
230. Loss of portable devices should be reported to the appropriate authority along with ___ D.
Local Police

231. Which of the following answers describes the best way to protect against ‘tech support’
scams D. all of the above

232. IS Policy aligned to which of the following standards C. all of the above

233. The user logs a ticket for reporting issued related to AVS solution. The user can log a case
or incident in multiple ways: C. All of the above

234. What is not the best security practice ? A. User desktop before migrating to AD for
enabling additional access

S Question Answer
No
1 What is the maximum period of deviation permitted under IS 1 Year
Policy?
2 What is the best password policy? Be vigilant - Never use the 'Remember
password' prompt and have different
complex passwords for each account
3 How does the sender policy framework (SPF) aim to reduce It provides a list of IP address ranges
spoofed email? for a particular domain so that the
senders can be verified

Choose the true statements out of the following;

1) Users should not enable sharing of folders in their

4 All the three statements are true
Desktop/laptops with other users.

2)User should report to user's manager on any

virusdetected in the system and not cleaned by the antivirus
3) Only licensed or whitelisted applications should be
installed on the desktop/portable devices.
5 A message encrypted with a secret key
Which of the following would best define a digital envelope attached with the message. The secret
key is encrypted with the public key of
the receiver
6 Section 73
Which IT act is applicable for publishing false digital
signature certificate

7 Information Security policy and standards owned by the

Bank's Chief General Manager & Group chief information
All employees of the Bank
security officer (CGM & Group CISO). He is responsible for
maintaining versions, ensuring dissemination, and issuing
clarifications whenever required. The primary recipients are
8 Security Policy
A directive from upper management stating that all
 employees must wear an ID badge at all times is an example
of what
9 Encryption
Next-gen email security solution provides solution to block
spam by all means except
10 Cyber Security incident management
All but which of the following is responsibility of Cyber
SOC(C-SOC)
11 Application Owner
Who is responsible for revoking the access to Bank's
Information assets when an employee including third party
is terminated
12 Network Layer
Is the communication layer that connects the Internet of
Things (IOT) devices
13 Change the Service Set Identifier (SSID)
What is an easy way to make your WI-FI security stronger
and make it more difficult for hackers to discover your
wireless network
14 SHA-1
The Digital Signature Standard (DSS Signature) uses which
Hashing Algorithm
15 Both of the Above (Convenience,
Single Sign On (SSO) is characterized by which of the Centralized administration)
following advantage
16 Attract Victims to connect to it
A honeypot is designed to
17 In which environment do admins have the most Control over PaaS-Platform as a service
cloud app Security
18 Information Owner
Who ensure that information is protected in all forms (at
rest, in use, in transit, disposed)
19 Cracking or illegally hack into any
Which type of Cybercrime, its laws and punishments does system
section 66 of the Indian IT Act
20 Hide a wireless network name from
The reason of implementing Service Set Identifier (SSID) unknown computers
masking is to
21 The click may validate the email
Why shouldn't a user click unsubscribe links from SPAM address
messages
22 Which role is a high-level management position responsible Chief Information Security Officer
for the entire (CISO)

computer security department and staff

23 A hacker pretends to be a person of
Which of the following is the best example of reverse social authority in order to get a user to give
enginnering them information
24 TO BYPASS A FIREWALL
HTTP Tunneling is used ?
25 Scan the hard drive on network
Best Trojan and backdoor countermeasure connection and educate users not to
 install unknown Software
26 Non Critical applications
Which data may be suitable for public clouds?
27 Proxies work by transferring a copy of each accepted data Data origin
packet from one network to another thereby masking the
28 Users should not subscribe to any
Which statement is true? mailing lists/internet websites from
official email acc
29 You have been given etoken to sign some documents your You will not share as it amount to
BM asks for your credential sharing your private key and
equivalent to your own signature
30 Read Information from a device
Bluesnarfing is used to perform what type of attack
31 To hide malicious activity on the
Why should a hacker use a proxy server network
32 3 years
Maximum imprisonment is applicable for hacking under IT
Act2000
33 3 WEEKS
What is the period of non usage after which a user id is
considered STALE
34 To keep approved framework to
Which of these is not the responsibility of application owner deploy forensics team when needed
35 CCTV logs should be retained for a
Which of the bellows is recommended for CCTV record? specified period as part of audit trail
36 Loss of Data
Most devastating loss to a company is
37 The practice of forging a return address on an email so that Spoofing
recipient is fooled

into revealing private information

38 Users are responsible for the security
Which of the following is true of their desktops and portable devices
and should take adequate measures
to restrict physical and logical access
39 Creating a user account with higher
What is privilege escalation privileges
40 Creation,maintenance and removal of
Information custodian is not responsible for firewall access
41 Bank’s centralized internet proxy
Internet can be accessed from your branch /office desktop
through
42 data stored on a device
What is data at rest
43 To keep approved framework to
Which is not responsibility of application owner deploy forensics team when needed
44 Which is email authentication technique used to prevent SPF
spam from sending

message on behalf of your domain

45 Section 66.1
Which IT act is imposed on hacking attempts
46 Encryption
The best defense against any type of sniffing is
47 Protecting information from
Confidentiality of information implies unauthorized disclosuers
48 Third party personnel are properly briefed on their Yes they should know the bank’s
information security roles acceptable usage policy to protect
Bank’s
and responsibilities information asset
49 User access to info asset to review to ensure that privileges 6 months
are maintained in
50 Not security concern for BYOD SIGNAL STRENGTH
51 Backup and retention scheduled be decided based on All
52 Which are undectable by virus detected because they change Polymorphic virus
their own code
53 IoT attack that effected the TWITTER,CNN Mirai Botnet attack
54 How is IP address Spoofing detected Comparing the TTL values of actual
and spoofed address
55 For secure connection Remote Access VPN rely on IPSec and SSL
56 You have inadvertenly open a web link what should be You need to contact IT help desk or
followed antivirus team
57 Firewall performs all function except Eliminate virus
58 What are the Two reasons of VLAN BC
59 To Protect systems from buffer overflows errors you can use Data Execution prevention
60 Which does not help with mobile devices data security Website Blacklisting
61 Email bombing attacks a specific entity by Sending high volumes of email
62 Best Practice that can be followed to secure there IoT Restrict access to required sensitive
Systems data
63 Security plan begins with Risk Assesment
64 What are three examples of factors reguired for multi factor CDE (fingerprint,pwd challenge
auth. question,pin number)
65
Which of following not an information source over internet Youtube
for target attack
66 when hacker flood a website with useless traffic to
overwhelm network it is Denial of Service
called
67 which is usually targetted by nature where emails are used to
target any exact Spear Phishing
user
68 Which is not proper method for email security click on unknown links to explore
69 Data migration audit should be conducted as and when migration activity is
completed
70 All external facing URL should use MINIMUM VERSION TLS 1.2
71 Which is most benefit from encryption in Cryptogropghy Confidentiality
72 Default classification label given to documents that are not Internal
classified
73 which is not correct in user id creation policy none of above
74 what do you do if come across incident/fraud happening in use the whistle blower facility
bank provided by bank
75 Which rootkit will patch,hook,replace the version of system Library Level Rootkits
call
76 which of these is violated if computer system is not accessible availability
77 what is wrapper a program used to combine a Trojan
and legitimate software into single exe
78 to hide information insid a picture which technique is used Steganography
79 windows mobile application can now be digitally signed what
is advantage of To help users distinguish bt legitimate
this feature program and malware
80 whenever you receive a mail and need to consult outside Draft a new mail mentioning only
81 you should implement a wireless intrusion prevention system Prevent rogue wireless access point
to
82 The Technical standards for storage and transmission of
encrypted and ISD
hashed data should be defined by
83 Logical errors ---(DOES on incorrect
Black box testing attempts to find errors in following functions,behavior performance
categories except errors,interface
errors)
84 of the multiple methods of handling risks which we must
undertake to carry out business operation,which one
involves using controls to reduce risk Mitigation
85 These ar Cyber risk in IoT except Lack of compliance on the part of IoT
manufacturers
86 which control can not be done by end user completely in Security of Data stored on external
context of mobile
storage like SD card
device security
87 which type of tools are used to convert logs into standardized Log Normalization tool
format
88 Who is responsible for information asset classification as per Information Owner
IS policy
89 which is not an information source over the internet for Youtube
target attacks
90 all user ids of critical systems should be reviewed once at Quarter
least
91 Evil Twin attack Fraudulent Wi-Fi access point
92 Five framework core functions of NIST A. identify,protect,detect,respond,and
recover
93
Which of follwing is a device used to perform a DoS on Wi-Fi Jammer
wireless network
94 Which best define a digital envelope C. a message encrypted with a secret
key attached with [Link] key
is encrypted with public key of
receiver
95 network sniffer is software or hardware that captures and analyzes network
communication
96 you need to prevent unauthorized user from reading specific
file in portable D. Bitlocker
computer what would you do
97 Which describe why you should follow procedures polciy
 while using IT B. to Ensure secure use of IT resources
resources in an organisation
98 A deviation from an organisation wide security policy requires B. Risk Assignment
99 Board of directors are not responsible for D. None of the above
100 Which is not example of physical data leak [Link]
101 All( altered control system,tampered
Rogue robots are usually affected from business logic,altered user perceived
robot
state)
102 which is popular tool to block social media website to track
your browsing Ad-Blocker
activities
103
who is responsible for background verification of user manager
contractors/ consultant
104 What type of malware allows an attacker to bypass
authentication to gain Backdoor
access to compromised system
105 Snort A. IDS and Packet Sniffer
106 Eclipse attack on Bitcoin Peer to Peer Network
107 Name of Wireless LAN that broadcast SSID
108 D. none ( To obtain firewall
Which is no responsibility of application owner accewss,ensure compliance of bank's
info sec policy, to
ensure availabilty of technical business
and process document)
109 The Cryptographic inventory should be reviewed at least A. Year
once in a
110 Who own that a centralized mechanism should be
implemented for secure IT Infrastructure Team
system imaging of all types of operating system
111 IS policy is aligned to which of following ISO27001
112 which one is not one of five core function of NIST Framework Implement
113 A network where device outside the
Which describe a public network network can see and communicatie
directly with
computer on network
114 Unauthorized movement of data Data Exfiltration
115
in case misuse of internet facility is detected bank reserve the C(both , tereminate the user internet
right to account and take other deisciplinary
action)
116 Why do most VPN use to protect transmitted data Encryption
117 You ar BM and see an AOF lying uattended on employee desk
what would you Advise the concerned employee to
do? ensure safekeeping as AOF contains PII
118 Which of following statement is not true? B. employee may disclose any
information about any emp------------
119 Device used to perform a DoS on wireless network [Link]-Fi Jammer
120
When downloading and installing apps what you do to D. all of above
protect your device
121 what type of malware is triggered by a specific condition A. Logic bomb
122 which is not Email protocol PGP
123 which action can be taken while filtering SMTP spam traffic C.1,2,4(Delete spam mail, redirect It to
spam mail box,tag the spam mail)
124 which is related to bluetooth hacking Blue snarfing, bluesbugging,Bluejacking
125 which virus use encryption to hide its presence armored Virus
126 is malicious method used by cyber criminal to trick a user
into clicking on something different from what the user Clickjaking
wants
127 which is not classified under the three factor categories used
in multi factor authentication A. Something user can do
128 The backup process should be centrally monitored by Application Owner/IT Risk
you get a pop-up message on your screen telling you that
129 highly confidential company files have been downloaded and
made public what type of ransomware it is Crypto
130 Antivirus signature should be updated Periodically
131 Punishment in indie for stealing computer document asset of B. 1 year of imprisonment and fine of
any software. source code 100,000
132 Which is not component of NIST Threat
133 Which of the following is not a cybercrime? AES
134 In the event a laptop/device is stolen or lost, the concerned FALSE
staff shall no
135 is the device which secretly collects data from Card skimmer
credit/debit cards
136 is the protection of Smart phones, Phablets, Tablets Mobile Security
another portable tech-devices & the network to which the
connect to, from threats & Bugs
137 will encrypt all your system files and will ask you to
pay a ransom in order to decrypt all the files and unlock the Ransomeware
system.
138 All of the following are examples of real security and privacy Spam
risks EXCEPT:
139 Any Bank's information classified as "secret" or "confidential" TRUE
should not
be stored on any POD is True or False ?
140 At Home you login to Social Media site and one of your You give your personal email id
friend asks email
id ?
141 AVAILABILITY of information implies Information being available when
required by a
business process
142 Clicking a link which is there in your email which came from Malicious site
an unknown source can redirect you to that automatically
installs malware in your system
143 Cracking digital identity of any individual or doing identity Section 66
 theft, comes under of IT act
144 Data is used to ensure confidentiality Encryption
145 Employees visiting other offices should carry and display office Id Card
their .
146 End Point protection primarily focused around deployment All the above (
on Desktop/Laptop/Phones)
147 Every Internet Banking user should know that the SBI or RBI All of the above
or Government
148 Information security is the responsibility of everyone
149 Internet may be used for personal purpose with in No
organisation
150 Lack of access control policy is a Vulnerabiity
151 License of MS office can be used to activate product in TRUE
personal desktop?
152 Malware or malicious software is any program or file is All the above ( Computer Virus/
harmful to a Worms/ Trojan
computer user. Types of malware can include ? horse)
153 Malware stands for? Malicious software
154 mobile computing devices must not be tagged to reveal that TRUE
the device be
155 The function of firewall is to prevent a system from unauthorized access
156 The Three steps of data loss prevention are ? Identity, Classify
Discover and
157 To share Vulnarability closure report with auditor, Manu All the abobe
used public WIFI available in hotel. Identify the potential
security risk in this scenarios
158 User should their desktop and laptop screens before Lock
leaving
them unattended for short duration
159 What are the e-mail archiving best practices? All the above ( Good performance and
user experience / high fidelity and
data quality/ Data security)
28 What is an incremental backup? A backup of all changed files since the
last full backup
29 What is primary goal and objective of Cyber Infrastructure CIA - All the above
30 Which are the Security best practices to be followed ? All the above
31 Which authority provide approval for e-mailaccess ansd DGM
configuration of Mail Box Size
32 Which is Bank wide application available for privileged user PIMS
password vaulting?
Which method used by hacker relies on trusting nature of Social Engineering
33 the person being attacked
Which of the below is not best practice for desktops Desktop may have un-approved
34 software
running
35 Which of the below is not used for Multi-factor Something you do
authentication
36 Which of the following is an example of passive attack? Search about target records in online
people
database
 Which of the following is not a spot from where attackers Document files
37 seek information.
Which of the following is the hacking approach where cyber Phishing
criminals design fake website or pages for tricking or gaining
38 additional traffic?
39 Which of the following is the preventive method against User should set browser Security
identity theft setting to
medium/high
40 Which of the following refers to a series of characters used to Password
verify a user's identity?
X has been defined as ? Any act that influencesa person to Social Engineering
take any action that may or may not be in their best
interests? Basically it is the psychological manipulation of
people into performing actions or divulging confidential
41 information. What is X ?
42 Which of them is not a scanning methodology? Identifying of services
43 What is DDoS? Distributed Denial of Service
44 A attack one of the simplest processes of gaining access to Brute Force
any password protected system
45 Which of the following is true regarding secure password? Random passwords are the strongest
46 Which will be encompassing Strongest Password? All
47 deals with the protection of an individual’s information Digital privacy
which is implemented while using the Internet on any
computer or personal device
48 Which of the following is not recommended as per bank’s Password should be kept in written
password security policy? copy to
remember
49 For the verification of Digital Signature you should check Both A or B
50 Internet may be used for personal pupose within FALSE
organization?
51 We should Maintain a count of the physical security incidents TRUE
on critical areas TRUE or False?
52 Which of the following are the best practises to be followed All sensitive data should be secured
while using bank's systems
Which of the following statements is True? Users should not subscribe to any
53 mailing lists/ internet websites/
Internet newsgroup/ discussion board
using the Bank?s official email
account.
Identify the element which is not considered in the triad, Authenticity
54 according to the CIA.
55 What type of passwords one can choose ? One should always use strong
passwords (combination of alphabets,
numbers and special characters ) and
very easy to remember.
56 A user use a portable device and it contains some useful User
information for business. Who is reponsible for the security
this information?
57 Which of the below is not used for Multi-factor Something you do
authentication
means the protection of data from modification by Confidentiality
58 unknown users.
59 Which of the following is not a strong security protocol? SMTP
60 If an email promises a lottery of USD 25 million on payment Do not respond to such mails as these
of 1 % charges as processing fee, we should are bogus
emails.
61 Security Incidents can be logged into which portal? Archer Portal
In case misuse of Internet facility is detected, Bank reserves Both (a) & (b)
62 the right to
63 Use of can bring external files and worms and virus pen drive
along with it to the internal systems.
64 Which of the following tools are not used in the Bank in MS Teams
order to ensure endpoint security
The transferred between your device & the server is data
65 securely encrypted if you are using VPNs.
While browsing news website, golu was tricked to click on a Both B and C
benign link to vote on winning prediction of Indian team.
After few days, important information of company was got
leaked which was available on golu?s system. In cyber
investigation, it was found that it was a succesful Cross- Site
Scripting (XSS) attacks in which malicious scripts got
downloaded on golu?s system and that led to data
66 exfiltration. The best way(s) to avoid this can be ?
67 Technology no longer protected by copyright, available to proprietary
everyone, is considered to be:
68 License of MS office can be used to activate product in TRUE
personal desktop?
Sending offensive message to someone comes under of Section 67,2000
69 the Indian IT Act.
Which of the following is not on OWASP’s top 10 web Noncompliance
70 application security risks?
71 Power points for ATM in the onsite ATM should Not be accessible to public
72 eWaste generated by branches/RBO’s/LHOs/Corporate All of the above
Center/C.C. establishments should be channelized through
73 The security of a system can be approved by both a & b
Why it is important for the employeed to intercept or All of the above
74 monitor email usage of the employee?
75 How should be the PII/sensitive details stored in Bank’s asset Stored using secure password
protected form
76 X is an algorithm on a computer system that bypass security Backdoor
controls. Generally,this is added by the original developer for
some legitimate [Link] may also used by a hacker in a
malicious [Link] is this form of vulnerability called?
77 Which of them is not a scanning tool? Nexpose
78 Internet can be accessed from your branch/office desktop Bank’s Centralized internet proxy
through
79 Which one of the following refers to the technique used for Message digest
verifying the integrity of the message
80 Which are the security best practices to be followed All of the above
One who disclosed information to public of a company, Whistleblower
organisation form govt and private agencies and He/ She is
81 the member of employee of that organisation
82 What is meant by term spamming Unsolicited emails to large number of
users
83 Key logger is a/an Spyware
84 Clear pass NAC agent check compliance for which of the All of the above
following
is a naming given to different computers which adapt DNS
85 to human readable domain names.
86 If a user knows that is internet banking account credentials is Either a or b
stolen, he can protect his account by
87 What is S’ in HTTPS Secure
88 Which of the following are valid class of file Class A,B,C,D,K
89 CERT-In represents Computer emergency response team
India
90 In a forensic investigation reserves the right to seize and TRUE
forensically examine any POD believed to contain, or to have
contained , bank’s data where necessary for investigatory or
regulatory control purposes is true or false?
91 Spywares can be used to steal from the attacker’s browser Browsing history
92 Any digital content which any individual creates and is not Section 67
acceptable to
the society,it? a cyber crime that comes under
93 INTEGRITY of information implies Accuracy and completeness of
information
94 To share vulnerability closure report with auditor,Manu used All of the above are the genuine risks
public WiFi available in [Link] the potential security associated in this case
risk in this scenarios
95 Which will be encompassing strongest password All of the above together
96 Authorization for multiple applications using one set of Single Sign-on
credentials is best
described by which of the following
All of these are good social media interaction practices [Link] may express authority using
except? the name of the Bank while
expressing any views in any of the
97 internet sites/social media.
In a forensic investigation what includes Reserve te Right to All of the above
98 control its
information?
99 Which of the following is true regarding secure password? None of the above
100 What type of passwords one can choose? One should always use strong
paswords(combination of
alphabet,numbers,and special
characters)and very easy to
remember
This is the conversion of data into a ciphertext that cannot be encryption
101 easily
understood by unauthorized people
Who deploy Malwares to a system or network? Criminal organization,Black hat
hackers,malware developers,cyber-
102 terrorists
103 In which phase,the hackers install backdoors so that his,her Covering tracks
owners with
 the victim?system canbe retained later?
104 For the visit of vendors what are the preferable documents Both A or B
are requested for him/her to enter the premises(Select most
appropriate)
105 Back up and retention should be decided based on All of the above
is the practice and precaution taken to protect Information security
valuable information from unauthorised
106 access,recording,disclosure ordestruction
107 Any cyber-crime that comes under section 66 of IT Act,the 5 lakhs
person gets
fined of amount Rs
108 Which of the following is not an advantage of cyber security? Protects system against viruses
109 Physical security is provided for Both a and b
110 Which of the following is not done in gaining access phase? Buffer overflow/Tunnelling
111 Which of the following is a good practice? Grant limited permission to specified
account
112 Ideally,what characters should you use in a password to All of the above
make it strong?
113 The security of a system can be improved by Both a and b
114 By using you can diminish the chance of data leakage Cryptography
115 User should safeguard private key by which of the following Either a or b
method
116 Which of the following is the hacking approach where cyber- Pharming
criminals design fake websites or pages for tricking or gaining
additional traffic?
The user logs a ticket for reporting issues related to AVS All of the above
117 solution. The user can log a case or incident in multiple ways:
. involves scams where an individual(usually an Pretexting
attacker)lie for a person(the target victim) to acquire
118 privilege data
119 Mr.A is a bank officer and he is often browsing malicious Unauthorized copying of files is a
websites downloading from p2p file sharing networks. What threat as it may lead to loss of
is the risk and What action bank can take? confidential information.
Downloading unauthorized software
or using p2p programs may introduce
malware into the organization,
leading to theft of information or loss
of system availability. Bank reserves
the right to terminate/disable any
email account within its purview
under suspicion of in case it detects
potential misuse of the account.
120 Which of these answers describes the best way to protect All of the above
against 'tech
support' scams
What is the difference between DevOps and DevSecOps DevSecOps places security controls in
121 the CI/CD
process of DevOps
IP Address of non-ADS machines and machines without anti- PE2,dgmit.pe2@[Link]
virus, if any should be advised to dept through email
122 addressed to
123 Which of the following is not a strong security protocol? SMTPs
124 Which of the following is the least strong security encryption WEP
standard?
125 and are kept in a well ventilated environment UPS Batteries
126 Which of the following do not come under social Tailgating
engineering?
127 Which is the most appropriate method to prevent Lock the desktop using Windows
unauthorized access to your desktop if you are leaving your key+L
work station for a short duration
128 is the combined term which encompasses 3 sub- Digital privacy
pillars; information privacy, individual privacy and
communication privacy
You need to access an internet site which is unofficial which Refrain from doing anyone of the
129 is not opening in the branch desktop? What will you do? above as they
are against Bank Policy
are deadly exploits where the vulnerability is known Zero-day exploits
and founf by cyber but not known and fixed by the owner of
130 that application?
131 User should protect their password from unauthorized TRUE
access. The statement is
132 Attackers commonly target for fetching IP Address of a Websites
target or victim user
License of MS office can be used to activate product in TRUE
133 personal desktop?
134 Which is not a threat modeling methodology? TOGAF
135 Technology no longer protected by copyright,available to In the public domain
everyone,is
considered to be:
136 What are the required elements to be present in identity All of the above
card?
From the options below,which of them is not a vulnerability Flood
137 to
information technology?
Which platform is being used to raise ISD In-principle CSR Portal
138 approval and final
security review in the bank
139 is a property of access control of multiple related,yet Single Sign-on
independent,software systems.
140 Which of the following is NOT the major aspect of protecting Convenience
information?
Which authority provides approval for the e-mail access and DGM
141 configuration of mailbox size?
Select from the following that will help us for the secure Obsolete documents/papers should
disposal of data?(question incomplete) be destroyed/shredded using secure
measures and preparing and keeping
142 a list of such documents.
143 Obselete papers and computer media which are no longer is Shredded
use(question incomplete)
144 is a component of the reconnaissance stage that used Footprinting
to gather possible information for a target computer system
or network.
 What are the two main approaches used to determine the Qualitative and quantitative
145 likelihood
threat occuring(question incomplete)
146 You have a highly sensitive document which you need to Encrypt the document [Link] send
email to a trusted [Link] is the safest way to send the password to the third-party using
this? a different communication
method,such as SMS(INCOMPLETE)
147 provides an isolated tunnel across a public network Virtual Private Network
for sending and receiving data privately as if the computing
devices were directly connected to the private network.
148 Undertaking for eWaste to be submitted by vendors to Annualy
DC&C, what intervals(incomplete)
URL address of Bank's Internet banking site is Secure
149 [Link] S in the 'https' denotes
150 Which of the following is the strongest security encryption WPA2
standard?
151 Where should you store the encryption passphrase for your Use the password management tool
laptop? supplied/authorosed by your
organisation
152 is the illicit transmission of data from inside an Data leakage
organisation or personal system to an external location or
recipient.
153 Information Security awareness training should be imparted All of the above
What all policies are available to the end users to report Both A&B
154 security
violations
155 is a scenario when information is accessed without Data breach
authorization.
156 Select the Phishing Schemes that apply to the following Both option A and B
email: From:no_reply@[Link]
Subject:Account Status Dear Valued customer,Urgent Kind
Attention SBI Bank Customer Due to a recent security check
on your account porformed by R.B.I,we require you to
confirm [Link] to do so within 24 hours will lead to
account [Link] for the inconvenience. Click here
to confirm your ACCOUNT Regards, SBI Online Customer
Service This email has been sent by SBI Bank
1 A category of software programs that scan a computer or anti-malware software
network for known viruses, Trojans, worms, and other
malicious software.
2 The right of a human individual to control the distribution of Privacy
information about him or herself.
3 A virus that can conceal its location or otherwise render itself armored virus
harder to detect by anti-malware programs.
4 Anti virus software is the most effective FALSE
product/service/practice against malicious code.
5 Which of the following is not an example of social Shoulder surfing
engineering?
6 In a phishing, attackers target the ________ technology to so Emails
social engineering.
7 Tailgating is also termed as ___________ Piggybacking
8 Physical hacking is not at all possible in hospitals, banks, FALSE
private firms, and non-profit organizations.
9 Stealing pen drives and DVDs after tailgating is an example of physical security
lack of _______ security.
10 Which of the following is not considering the adequate Keep confidential organization’s
measure for physical security? document file open in the desk
11 Which of the following is not a strong security protocol? SMTP
12 HTTPS is abbreviated as _________ Hyper Text Transfer Protocol Secure
13 Performing a shoulder surfing in order to check other’s a bad
password is ____________ ethical practice.
14 Leaking your company data to the outside network without TRUE
prior permission of senior authority is a crime.
15 _____________ is the technique used in business Ethical hacking
organizations and firms to protect IT assets.
16 ATM Skimmers are used to take your confidential data from TRUE
your ATM cards.
17 _____________ will encrypt all your system files and will ask Ransomware
you to pay a ransom in order to decrypt all the files and
unlock the system.
18 ______________ are special malware programs written by Spyware
elite hackers and black hat hackers to spy your mobile
phones and systems.
19 The antivirus or PC defender software in a system helps in TRUE
detecting virus and Trojans.
20 An attacker may use automatic brute forcing tool to password
compromise your ____________
21 _____________ is a malicious method used by cyber- Clickjacking
criminals to trick a user into clicking on something different
from what the user wants.
22 Every employee of the firm must need to have some basic TRUE
knowledge of cyber-security and types of hacking and how
they are done.
23 _______________ has become a popular attack since last Ransomware
few years, and the attacker target board members, high-
ranked officials and managing committee members of an
organization.
24 If you’re working in your company’s system/laptop and FALSE
suddenly a pop-up window arise asking you to update your
security application, you must ignore it.
25 Which of them is not a proper method for email security? Click on unknown links to explore
26 If a website uses a cookie, or a browser contains the cookie, TRUE
then every time you visit that website, the browser transfers
the cookie to that website.
27 _____________ is the technique used for tricking users to Phishing
disclose their username and passwords through fake pages.
28 Unsolicited Bulk E-mails (UBI) are called __________ Spam emails
29 Once the email is compromised, all other sites and services TRUE
online associated with this email can be compromised.
30 BIOS is abbreviated as _______________ Basic Input Output System
31 Which of the following is not an appropriate way of targeting Snatch the phone
a mobile phone for hacking?
32 App permissions can cause trouble as some apps may TRUE
secretly access your memory card or contact data.
33 Activate _____________ when you’re required it to use, Bluetooth
otherwise turn it off for security purpose.
34 A computer ________ is a malicious code which self- virus
replicates by copying itself to other programs.
35 A ___________ is a small malicious program that runs hidden Trojan
on infected system.
36 ____________ works in background and steals sensitive Trojan
data.
37 _____________ is an internet scam done by cyber-criminals Phishing attack
where the user is convinced digitally to provide confidential
information.
38 Phishers often develop ______________ websites for tricking illegitimate
users & filling their personal data.
39 Which of the following type of data, phishers cannot steal apps installed in the mobile
from its target victims?
40 ____________ are unwanted software intended to pitch Adware
advertisements upon the user’s screen, most often within a
web browser.
a) Shareware
41 Which of the following activity is not done by spyware? steal signature of the different virus
42 ___________ are tiny files which get downloaded to Cookies
your system when you visit a website.
43 Which of the following is the most viral section of the Social networking sites
internet?
44 ______________ is populating the inbox of any target victim Spamming
with unsolicited or junk emails.

Information security paper

1. Technology no Longer protected by Copyright,

available : in the public domain.

2. Undertaking for e waste to be submitted. GITC in

what : 180 Day’s

3. Systems not having latest antivirus : FALSE

4. Is Policy is aligned to which of the following: NIST

ISO200 : Both

5. --- is a component of the reconnaissance stage :

foot printing
6. --- is the protection of smart phones phablets tables:
Mobile security

7. --- is a property of access control of multiple related

: active directory

8. ----- is a naming system given to different computers :

DNS

9. -----is a combined term with encompasses 3 subpiller :

Digital privacy

10. – is the practice and precontion : information

 Security

11. --- is the entity for issuing digital certificates :

Certificate Authority (CA)

12. --- is the technique used for tricking users :

Phishing

--- is a type of attack where the construction :

Phishing

13. --- is the process of verifying or testing the validity :

Authentication

14. Attackers commonly target ---------------------- :

Websides

15. The security of a system can be improved by :

Threat / audit Log both

16. BYOD : Bring your own device

17. Lack of access control Policy is a : Vulnerability

18. It act Provides Indian CERT-IN : Section 70 B

19. Digital Signature : all the above

20. Not the major as per of protecting information :

convenience

21. Considered as the unsolicited commercial email :

Virus , Malware Spam

22. Steal Spy Damage or destroy computer : Cyber

attack

23. All the device connecting to bank’s network - IS

POLICY : true

24. What is the last option for AVC ( Anti Virus ) :

Don?t Change

25. Key Logger is a/an : SPYWARE

26. Cyber crime that comes under of IT ACT : Section

66

27. Security in idents combe Logged into which Portal :

Archer Portal

28. Obsolete Papers and computer media which are No

 Longer : Shreded

29. Which section in IT act deals with obscenity as

offence : Section 67

30. Hacking approach where cyber Criminals : Phishing

31. A user use a portable device and -------- who is

respond : User

32. Download copy extract data frogman open system

done : Cyber Crime

Sh shailesh ji

33. Who is responsible for the Physical and logical :

end user

34. Which of them is not a scanning tool : mattego

35. User should protect the confidentiality : Good

Password

36. What is the difference between Devops and

Devsecops : Devsecops place security control in the
CI/CD process

37. What is ‘S’ in https : Secure

38. Which of the following is not an example of Social

Engineeing : carding

39. E mail access and configuration of mail box : DGM

40. End point protection primarily focused around : all

the above

41. NO – information and mails related : Confidential

42. In Which phase the hackers install : Maintaining

access

43. Information security is the responsibility of : Every

one in the company

44. User should ensure that certificate is renewed :

Expiry date

45. Integrity of informating implies : Accuracy and

completeness of information

46. The mail service provided by the bank is for : to

 support bank’s business communication

47. In a forensice investigation : True

48. Which of the following agent is used in the bank for

connecting to VPN : Global Protect agent

49. Which of the following are best practices related to

passwords : al the above

50. What is the process of challenging a user to prove

their identity: Authentication

51. What is the most common cause of cyber incidents

in organisations : Social Engineering

52. In case misuse of interest facility is detected bank :

Both (A) & (B)

53. Which is not a threat modelling methodology :

TOGAF

54. Data Encryption is used to ensure : Confidentiality

55. Coming through the internet , a network etc, : Fire

wall

56. All of these are good physical security : when

Leaving work

57. In port scanning a------------Port

58. Specially for banks institution : integrity

59. Employees can report incidents to external : false

60. User can obtain and exchange cert : All of the

above

61. Who have responsibility : all user