Cyber Security Test-1

Description

Quiz on Cyber Security Test-1, created by Bishal Jena on 05/10/2023.
Bishal Jena
Quiz by Bishal Jena, updated more than 1 year ago
Bishal Jena
Created by Bishal Jena about 1 year ago
105
1

Resource summary

Question 1

Question
Security is a state or quality of being secure to be free from--------------.
Answer
  • Vulnerability
  • Attack
  • Threat
  • Danger

Question 2

Question
Which term among the following is correct?
Answer
  • Cybersecurity
  • Cyber-security
  • cyber security
  • All are correct

Question 3

Question
What does “cyber” meanin the context of Information Technology?
Answer
  • Software
  • Hardware
  • Network
  • Online World

Question 4

Question
Cyber security affects individuals, organizations, society and --------------------
Answer
  • Government
  • Institution
  • Department
  • Firms

Question 5

Question
Choose the odd one
Answer
  • Phishing attack
  • Denial of Service attack
  • SQL Injection
  • Man in the middle attack
  • Importing data

Question 6

Question
Restricting unauthorized access and misuse of physical assets helps in achieving physical security of an organization.
Answer
  • True
  • False

Question 7

Question
Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment , organization and
Answer
  • users’ cyber assets
  • user personal information
  • cyberspace
  • resource

Question 8

Question
The general security objectives comprise -------------------,Availability and Integrity
Answer
  • Confidentiality
  • Accountability
  • Authorization
  • Authentication

Question 9

Question
Network security involves protection of items, objects, or facilities.
Answer
  • True
  • False

Question 10

Question
What term describes the quality or state of ownership or control of information?
Answer
  • confidentiality
  • possession
  • authenticity
  • integrity

Question 11

Question
Fill in the blanks The McCumber Cube has -------------------dimensions with -------cells representing areas that must be addressed to secure today’s information systems.
Answer
  • 7 and 21
  • 4 and 27
  • 3 and 18
  • 3 and 27

Question 12

Question
------------------is a weakness or fault in a system or protection mechanism that opens it to attack or damage.
Answer
  • Threat
  • Vulnerability
  • Risk
  • Attack

Question 13

Question
Which of the following is not a component of an organization’s Information System? (1) Software (2) Vendors (3) People (4) Government (5) ISPs
Answer
  • 1&3
  • 1,2 &4
  • 4 & 5
  • 2,4, & 5

Question 14

Question
True or False: The person responsible for the storage, maintenance, and protection of information is the data custodian.
Answer
  • True
  • False

Question 15

Question
Biometric data collected from users is used for-------------------------------------------- process.
Answer
  • Authentication
  • Authorization
  • Accountability
  • Privacy

Question 16

Question
Select the right options of the C.I.A. triad (1) Assurance that information is shared only among authorized people or organizations (2) Assurance that the information is complete and uncorrupted (3) Assurance that information systems and the necessary data are not available for use when needed
Answer
  • (1) True (2) False (3) True
  • (1) False (2) False (3) True
  • (1) True (2) True (3) True
  • (1) True (2) True (3) False

Question 17

Question
Match the following:
Answer
  • A-1, B-3, C-4, D-2, E-5
  • A-3, B-4, C-5, D-1, E-2
  • A-5, B-4, C-3, D-2, E-1
  • A-1, B-2, C-3, D-4, E-5

Question 18

Question
Who are responsible for the security and use of a particular set of information?
Answer
  • Data users
  • Data exporter
  • Data custodians
  • Data owner

Question 19

Question
True or False: If information has a state of being genuine or original and is not a fabrication, it has the characteristic of authenticity.
Answer
  • True
  • False

Question 20

Question
Which of the following terms best describe the specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls?
Answer
  • Blueprint
  • NIST handbook
  • An information security framework
  • Security plan

Question 21

Question
True or False: SP 800-18, Guide for Developing Security Plans, is considered the foundation for a comprehensive security blueprint and framework.
Answer
  • True
  • False

Question 22

Question
One of the foundations of security architectures is the requirement to implement security in layers. This layered approach is referred to as:
Answer
  • managerial controls
  • security domain
  • redundancy
  • defense in depth

Question 23

Question
Control Objectives for Information and Related Technologies is a framework created by ------ for information technology (IT) management and -------------
Answer
  • HIPPA, & Information officer
  • SO, & Security officer
  • ISACA, & IT governance
  • CISO, & Chief officer

Question 24

Question
Three approaches to cyber security management are 1. Governance-Risk-Compliance (GRC) approach 2. --------------------------------------------------- 3. Organizational planning approach
Answer
  • Information-driven approach
  • Security-driven approach
  • Standards-driven approach
  • Procedure-driven approach

Question 25

Question
SO/IEC 27032:2012 involves guidelines for -----------------
Answer
  • Network security
  • Cyber security
  • Risk Management
  • Governance of information security

Question 26

Question
The five goals of information security governance are 1. -----------------of information security with business strategy to support organizational objectives 2. ---------------- by executing appropriate measures to manage and mitigate threats to information resources 3. -----------------by utilizing information security knowledge and infrastructure efficiently and effectively 4. -----------------by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved 5. -----------------by optimizing information security investments in support of organizational objectives. A. Strategic alignment B. Risk management C. Resource management D. Performance measurement E. Value delivery Match the following
Answer
  • 1-B,2-C,3-D,4-C,5-A,
  • 1-C,2-B,3-A,4-B,5-E
  • 1-E,2-C,3-A,4-B,5-D
  • 1-A,2-B,3-C,4-D,5-E,

Question 27

Question
Match ISO Series with the corresponding topic (A) 27000 (1)Series Overview and Terminology (B) 27003 (2)Information Security Management Systems Implementation Guidelines (C) 27004 (3) Information Security Measurements and Metrics (D) 27005 (4) ISMS Risk Management (E) 27006 (5) Requirements for Bodies Providing Audit and Certification of ISMS
Answer
  • A-1, B-2,C-3, D-4, E-5
  • A-4, B-2, C-3, D-1, E-5
  • A-2,B-1,C-3,D-5,E-4
  • A-3,B-2,C-1,D-5,E-4

Question 28

Question
(1)------------------ is authorized by policy from senior management and is usually carried out by senior IT and information security executives, such as the(2)---------and-(3)-------
Answer
  • 1- ISG 2- CIO, 3- CISO
  • 1-CO,2, 2-CIO,3- CISO
  • 1-CISO, 2-CIO, 3-CO
  • 1-CISO, 2-ISG, 3-CO

Question 29

Question
Which term is used to describe detailed statements of what must be done to comply with policy?
Answer
  • Policies
  • Standards
  • Ethics
  • Governance

Question 30

Question
Management must use -------------------as the basis for all information security planning, design, and deployment.
Answer
  • Standards
  • Procedures
  • Policies
  • Best business practices

Question 31

Question
Which type of planning ensures that critical business functions continue if a catastrophic incident or disaster occurs?
Answer
  • Business continuity planning (BCP)
  • Contingency planning (CP)
  • Business resumption planning (BRP)
  • Disaster recovery planning (DRP)

Question 32

Question
-------------- policy can be separated into two general groups (a) managerial guidance and (b) technical specifications. Select the correct options
Answer
  • Systems-Specific Security
  • Issue-Specific Security
  • Enterprise Information Security
  • None of these

Question 33

Question
The actions taken during and after a disaster falls under ----------------
Answer
  • Impact assessment
  • Risk management
  • Crisis management
  • Both (a) & (b)

Question 34

Question
Special Publication 800-14 of the National Institute of Standards and Technology (NIST) defines three types of security policy and chooses the
Answer
  • Violations of Policy, Business continuity planning, Response planning
  • A disaster recovery, Incident response planning, and Business continuity planning
  • Issue-specific security, Systems-specific security, Enterprise information security
  • Enterprise information security, Violations of Policy, Response planning

Question 35

Question
What are the elements of a business impact analysis? 1. Threat attack identification 2. Business unit analysis 3. Attack success scenario development 4. Potential damage assessment 5. Subordinate plan classification 6. Risk management 7. Disaster management The elements of a business impact analysis are:
Answer
  • 1,2,3,4,5 correct
  • 1,2,3,5,6 correct
  • 2,3,5,6,7 correct
  • All are correct

Question 36

Question
Access control lists (ACLs) that govern the rights and privileges of users consist of the 1. User access lists, 2. Matrices, 3. Capability, and 4. Dedicated hardware Choose the correct answer
Answer
  • 1,2,3,4 are true
  • 1,2,3 are true
  • Only 4 is true
  • All are true

Question 37

Question
The instructions a system administrator codes into a server, networking device, or a device to specify how it operates is called
Answer
  • Administration rule
  • Configuration rules
  • Networking rules
  • Security rule

Question 38

Question
Information security safeguards focus on administrative planning, organizing, leading, and controlling and that are designed by strategic planners and implemented by the organization’s security administration. These safeguards include governance and risk management together known as
Answer
  • Managerial controls
  • Operational controls
  • Technical controls
  • None of these

Question 39

Question
A lattice-based access control with rows of attributes associated with a particular subject such as a user is called
Answer
  • Access control matrix
  • Capabilities table
  • Configuration table
  • All of above

Question 40

Question
What type of policy addresses specific areas of technology, requires frequent updates, and contains a statement on the organization’s position on a specific issue?
Answer
  • Enterprise information security policy (EISP)
  • Systems-specific security policy (SysSP)
  • Automated policy (AP)
  • Issue-specific security policy (ISSP)

Question 41

Question
What are the defence strategies’ three common methods? 1. Application of policy 2. Education and training 3. Business impact analysis 4. Risk management 5. Application of technology Choose the correct answer.
Answer
  • 1,2,3
  • 1,2,4
  • 2,4,5
  • 1,2,5

Question 42

Question
Policy administrator is responsible for ----------- 1. creation, 2. revision, 3. implementation 4. distribution, and 5. storage of policy in an organization. Choose the correct option
Answer
  • 1,2
  • 3
  • 3,4
  • 5

Question 43

Question
Which type of policy is frequently codified as standards and procedures to be used when configuring or maintaining systems?
Answer
  • Enterprise information security policy (EISP)
  • Systems-specific security policy (SysSP)
  • Automated policy (AP)
  • Issue-specific security policy (ISSP)

Question 44

Question
Which of the following is used to direct how issues should be addressed and technologies must be used in an organization?
Answer
  • policies
  • standards
  • ethics
  • governance

Question 45

Question
The boundary in the network within which an organization attempts to maintain security controls for securing information from threats from untrusted network areas is called ----
Answer
  • Security peripheral
  • Security perimeter
  • Security measure
  • Security principle

Question 46

Question
Consider the following statements 1. Statement of Purpose -What the policy is for 2. Information Technology Security Elements – Defines information security 3. Need for Information Technology Security – Justifies the irrelevance of information security in the organization 4. Information Technology Security Responsibilities and Roles - Defines organizational overall business planning and security investment plan. Identify the components of the EISP
Answer
  • 3, 4
  • 2, 3, 4
  • 1, 2
  • all are true

Question 47

Question
Access Control Lists specify 1. who can --------the system 2. what ---------users can access 3. when authorised users can --------the system 4. where authorised users can access the system from Chose the correct words or expressions to fill in the blanks, in sequence:
Answer
  • use, authorised, access
  • authorised, access, create
  • authorised, access, use
  • administer, access, accountable

Question 48

Question
The goals of (A)------------------------------ are: 1.------------------ of information security with business strategy to support organizational objectives 2 ------------------ by executing appropriate measures to manage and mitigate threats to information resources 3. ------------------ by using information security knowledge and infrastructure efficiently and effectively Choose the correct answer:
Answer
  • A-Financial security gov, 1- Tactical alignment, 2- Performance mgmt., 3- Resource mgmt.,
  • A-Information security governance,1-Strategic alignment, 2- Risk mgmt., 3- Resource mgmt.
  • A-Data security gov, 1-Operational management, 2- Resource mgmt., 3- Risk mgmt.,
  • A-Bord of governance,1-Operational alignment, 2- Risk mgmt., 3- Resource mgmt

Question 49

Question
Match 1 & 2 with A& B following 1. Residual risk 2. Risk appetite A: The risk to information assets that remains even after current controls have been applied. B: The quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility. Choose the correct answer:
Answer
  • 1-A, 2-B
  • 1-B, 2-A

Question 50

Question
True or False: The information technology community of interest must assist in risk management by configuring and operating information systems in a secure fashion.
Answer
  • True
  • False

Question 51

Question
The process of examining how each threat will affect an organization is called:
Answer
  • Risk assessment
  • Data classification
  • Threat assessment
  • Vulnerability classification

Question 52

Question
The probability that a specific vulnerability within an organization will be the target of an attack is known as:
Answer
  • Loss Magnitude
  • Manageability
  • Likelihood
  • Practicability

Question 53

Question
The calculation of the value associated with the most likely loss from an attack is called:
Answer
  • Annualised Rate of Occurrence (ARO)
  • Annualised Loss Expectancy (ALE)
  • Cost Benefit Analysis (CBA)
  • Single Loss Expectancy (SLE)

Question 54

Question
----------------------is the formal assessment and presentation of the economic expenditures needed for particular security control, contrasted with its projected value to the organization.
Answer
  • Feasibility analysis
  • Cost-benefit analysis
  • Risk-benefit analysis
  • Economic impact analysis

Question 55

Question
A document that compares the relative importance of prioritised assets to prioritised threats and highlights any weaknesses in the asset/threat pairs.
Answer
  • Threats-Vulnerabilities document
  • Threats-Vulnerabilities-Assets (TVA) worksheet
  • Threats-Vulnerabilities-Assets log file
  • Attack Vulnerability Asset document

Question 56

Question
Match the following: (A) Internal Used for the most sensitive corporate information that must be tightly controlled, even within the company. Access to information with this classification is strictly on a need-to-know basis or as required by the terms of a contract. Information with this classification may also be referred to as “sensitive” or “proprietary.” (B) Confidential Used for all internal information that does not meet the criteria for the confidential category. Internal information is to be viewed only by corporate employees, authorized contractors, and other third parties. (C) External All information that has been approved by management for public release.
Answer
  • A-2, B-1, C-3
  • A-1, B-2, C-3
  • A-3, B-2, C-1
  • A-1, B-3, C-2

Question 57

Question
------------------- varies among organisations because they maintain different balances between the expense of controlling vulnerabilities and the possible losses if the vulnerabilities are exploited. The key for each organisation is to find the proper balance in its decision-making and feasibility analyses, to use experience and facts instead of ignorance or wishful thinking.
Answer
  • Risk appetite
  • Risk control
  • Residual Risk
  • Risk Assessment

Question 58

Question
Malware dictation Software has its own (Asset) internal personnel database behind a firewall. Industry reports indicate a 5 % chance of an attack. The information security and IT departments report that if the organization is attacked, the attack has a 15 % chance of success based on current asset vulnerabilities and protection mechanisms. The asset is valued at a score of 35 on a scale of 0 to 100, and information security and IT staff expect that 60 % of the asset would be lost or compromised by a successful attack, because not all of the asset is stored in a single location. You estimate that the assumptions and data are 90 % accurate. Calculating Risk.
Answer
  • 0.1575
  • 0.1733
  • 0.2887
  • 0.5575

Question 59

Question
xyzbuy.com has an estimated value of Rs 50,00,000, as determined by an asset valuation and a cracker defacement scenario indicates that a deliberate act of sabotage or vandalism could damage 25 per cent of xyzbuy.com, then the single loss expectancy for the xyzbuy.com would be?
Answer
  • 16,50,000
  • 15,20,000
  • 11,11,000
  • 12,50,000

Question 60

Question
Which VPN technology uses leased circuits from a service provider and conducts packet switching over these leased circuits?
Answer
  • Secure VPN
  • Hybrid VPN
  • Trusted VPN
  • Transport VPN

Question 61

Question
The biometric technology criteria that describe the number of legitimate users who are denied access because of a failure in the biometric device in known as
Answer
  • False reject rate
  • False accept rate
  • Crossover error rate
  • Accountability rate

Question 62

Question
True or False: All traffic exiting from the trusted network should be filtered.
Answer
  • True
  • False

Question 63

Question
What term is used to describe decoy systems designed to lure potential attackers away from critical systems?
Answer
  • Trap
  • Honeypot
  • Trace
  • Sniffer

Question 64

Question
True or False: Signature-based IDPS technology is widely used because many attacks have clear and distinct signatures.
Answer
  • True
  • False

Question 65

Question
The method by which systems determine whether and how to admit a user into a trusted area of the organization is known as
Answer
  • Attribute
  • Accountability
  • Access control
  • Audibility

Question 66

Question
------------------denotes the rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. This failure is also known as --------------
Answer
  • False reject rate, Type I error
  • False accept rate, Type 2 error
  • False accept rate, Type I error
  • False reject rate, Type 2 error

Question 67

Question
Fill in the blank ------------------denotes the rate at which authorised users are denied access to systems or areas as a result of a failure in the biometric device. This failure is also known as ------------. Choose the correct option
Answer
  • False reject rate, Type I error
  • False accept rate, Type 2 error
  • False accept rate, Type I error
  • False reject rate, Type 2 error

Question 68

Question
Match the following A. Thresholds 1 Signature-based detection B. Blacklists and whitelists: 2 Anomaly-based detection C. Alert settings: 3 Detection-related related programs D. Code viewing and editing: 4 Specifying which prevention capabilities Choose the correct option
Answer
  • A-2, B-3, C-1, D-4
  • A-2, B-1, C-3, D-4
  • A-1, B-2, C-3, D-4
  • A-2, B-1, C-4, D-3

Question 69

Question
Choose the right option to fill in the blanks (1) --------------- initiates network traffic to find and evaluate service ports whereas (2) ---------------- uses traffic from the target network segment to evaluate the service ports available from hosts on that segment.
Answer
  • 1-active vulnerability scanners, 2-passive vulnerability scanners
  • 1-passive vulnerability scanners, 2-active vulnerability scanners

Question 70

Question
Which of the following terms describes the process of making and using codes to secure the transmission of information?
Answer
  • Algorithm
  • Cryptography
  • Steganography
  • Cryptanalysis

Question 71

Question
What is term is used to describe a cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message?
Answer
  • Private-key encryption
  • Symmetric encryption
  • Advanced Encryption Standard (AES)
  • Asymmetric encryption

Question 72

Question
A substitution cipher that incorporates two or more alphabets in the encryption process is called-------------------
Answer
  • Monoalphabetic substitution
  • Block cipher substitution
  • Stream cipher substitution
  • Polyalphabetic substitution

Question 73

Question
The current standard for the encryption of data, as specified by NIST --------- is based on the Rijndael algorithm, which was developed by Vincent Rijmen and Joan Daemen.
Answer
  • DES
  • RSA
  • AES
  • Message Digest

Question 74

Question
True or False: Nonrepudiation means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny.
Answer
  • True
  • False

Question 75

Question
Limited-use symmetric keys for temporary communications during an online session is called
Answer
  • Session keys
  • One-time padding
  • AES
  • DES

Question 76

Question
Match the folowing
Answer
  • A-3, B-5, C-4, D-1, E-2
  • A-2, B-1, C-4, D-5, E-3
  • A-4, B-2, C-3, D-1, E-1
  • A-5, B-2, C-3, D-1, E-4

Question 77

Question
Suppose that everyone in a group of N people wants to communicate secretly with the N-1 others using a symmetric key cryptographic system. Communication between any two persons should not be decodable by others in the group. The number of keys required in the system as a whole to satisfy the confidentiality requirement is
Answer
  • 2N
  • N(N-1)
  • N(N-1)/2
  • (N-1)2

Question 78

Question
Decrypt the following message if it was encrypted using a shift cipher with a shift of 3. Message: NPTELINFORMATION
Answer
  • Q S W H O L Q I R U P W L R Q
  • Q S W H O L Q I T U P W L R Q
  • Q S W F O L Q I R V P W L R Q
  • Q S W H O L Q I R V P W L R Q

Question 79

Question
------------security protocols are used to protect e-mail
Answer
  • SMTP
  • HTTPS
  • S/MIME, PEM, and PGP
  • Telnet

Question 80

Question
What is the most popular encryption system used over the Web?
Answer
  • Diffie Hellman key exchange
  • RSA
  • Block cipher
  • DES

Question 81

Question
What is the maximum fine for GDPR non-compliance?
Answer
  • EUR 10mn or 2% global turnover
  • EUR 15mn or 3% global turnover
  • EUR 20mn or 4% global turnover
  • EUR 25mn or 5% global turnover

Question 82

Question
Richards and Solove (2007) suggest that while the American derivation of general privacy is grounded in one's --------------------
Answer
  • inviolate personality
  • violate personality
  • serious personality
  • funny personality

Question 83

Question
Cohenretism treats privacy as a
Answer
  • Permission
  • Order
  • Freedom
  • Distinct right

Question 84

Question
True/ or False? Confidentiality is concerned with the externalization of restricted but accurate information to a specific entity.
Answer
  • True
  • False

Question 85

Question
Being observed, while the subject doesn’t know is
Answer
  • Panopticon
  • Transparency
  • Prevention
  • Anonymity

Question 86

Question
Concerns for Information Privacy (CFIP) has four constructs. Which is a construct that is not part of the CFIP?
Answer
  • Collection
  • Unauthorized access
  • Autonomy
  • Errors

Question 87

Question
According to --------------------- privacy is not a distinct value concept because it could be conceptually reduced to other values, like liberty
Answer
  • Coherentism
  • Reductionism
  • Privacy
  • Security

Question 88

Question
……………… determines the purposes and means of processing personal data
Answer
  • Data fiduciary
  • Data processor
  • Data principle
  • Data users

Question 89

Question
A IPL team management contracts a market research specialist team to carry out players satisfaction survey. The IPL team specifies the budget and the deadline, but the market research team determines sample sizes and interview methods. The market research team decides which player to select for the interview, what information will be collected, how the information will be collected, and how the information will be presented to the IPL team management. Who is the data controller in this situation?
Answer
  • An IPL team management
  • Market research firm
  • Both a & b are controllers
  • None of them are controllers

Question 90

Question
Fair Information Practice (FIP) principles were developed the United States in response to increasing privacy concerns resulting from massive computerization. What is an issue FIP does not address?
Answer
  • secret record-keeping systems
  • access by data subject to information stored in record keeping systems
  • ability by data subject to correct errors in one’s own data
  • data localization

Question 91

Question
GDPR makes provisions for the individual member states to add their own exemptions
Answer
  • True
  • False

Question 92

Question
The GDPR introduces a new data protection principle that requires organizations to
Answer
  • demonstrate compliance with the principles
  • optional compliance with the privacy regulation
  • flexibility to report data protection breaches
  • accept data breaches

Question 93

Question
In which of these circumstances could a data subject exercise their right to be forgotten?
Answer
  • Where they have withdrawn consent for data processing
  • Where the data is no longer necessary for the purposes for which it was collected
  • Where erasure is necessary to comply with a legal obligation
  • All are true
  • All are false

Question 94

Question
According to GDPR a group of companies or public authorities may appoint a single data protection officer to represent them all
Answer
  • True
  • False

Question 95

Question
--------------------- is a system for publicly sharing information about a dataset by describing the patterns of groups within the dataset while withholding information about individuals in the dataset.
Answer
  • Differential privacy (DP)
  • Privacy calculus
  • Privacy paradox
  • Privacy theory

Question 96

Question
A release of data is said to have the k-anonymity property if the information for each person contained in the release cannot be distinguished from at ---------individuals whose information also appears in the release
Answer
  • least k−1
  • least k+1
  • least k +/- 1
  • least k*1

Question 97

Question
consider the diagram: In the First wave of the economic theory of privacy, work did not consist of formal economic models, but rather general ------------around the value or the damage that individuals, and society, may incur when personal information is protected, thereby making potentially useful information unavailable to the marketplace Choose the correct answer:
Answer
  • information privacy
  • economic arguments
  • economic value
  • economic benefit

Question 98

Question
The economics of privacy concerns the tradeoffs associated with the balancing of --------------------spheres between individuals, organizations, and governments.
Answer
  • public and private
  • internal and external
  • low and high
  • individual vs group

Question 99

Question
The goal of privacy-preserving data mining is to develop data mining methods without increasing the risk of misuse of the ---------
Answer
  • privacy
  • data
  • anonymity
  • Privacy-related content
  • database

Question 100

Question
___________ is a dichotomy between a person’s intention to protect their online privacy versus how they actually behave online and as a result compromise their privacy
Answer
  • Privacy paradox
  • Privacy calculus
  • Differential calculus
  • Coherentism

Question 101

Question
The personal data that has been de-identified, ----------------but can be used to re-identify a person remains personal data and falls within the scope of the GDPR.
Answer
  • pseudonymized
  • decrypted
  • Anonymize
  • Secrete

Question 102

Question
The area of philosophy that examines the basis for moral judgment, as well as its nature, standards, sources, and logic, is called ------------------
Answer
  • Moral principle
  • Moral value
  • Ethics
  • Law

Question 103

Question
Choose the correct option that represents HIPAA’s fundamental principle
Answer
  • Producer control of medical information
  • No restrictions on how medical data may be used
  • Accountability to maintain the privacy of specified types of information
  • Balance of public responsibility for the use of medical information for the greater good measured against no impact on the individual
  • Security of health information

Question 104

Question
True or False: The cornerstone of many current computer-related criminal laws in the US is the Computer Fraud and Abuse Act of 1986.
Answer
  • True
  • False

Question 105

Question
Which one of these activities falls outside the scope of the GDPR?
Answer
  • processing for marketing purposes
  • processing for domestic and household purposes
  • processing for the purposes of crime and investigations
  • processing for the purposes of journalism literature and art

Question 106

Question
What types of information are covered by the GDPR? 1. Personal data 2. Data related to the public domain 3. All data of a person that can be identified by their identifier, directly or indirectly 4. Garbage data Choose the correct option.
Answer
  • 1,2
  • 2,4
  • 1,3
  • 4,3

Question 107

Question
Which of the following are not GDPR fundamental rights?
Answer
  • The right to be informed, the right of access
  • The ability to learn from mistakes, the freedom to transfer data
  • The right to object, rights related to automated decision-making
  • All are correct

Question 108

Question
Match topics of interest to IT Professionals with US Laws (A) Cryptography (1) Electronic Communications Privacy Act (B) IP (2) Federal Privacy Act (C) Encryption and digital signatures (3) No Electronic Theft Act amends (D) Privacy (4) Security and Freedom through Encryption Act Choose the correct option
Answer
  • A-3, B-1, C-4, D-2.
  • A-4, B-3, C-1, D-2.
  • A-1, B-3, C-4, D-2.

Question 109

Question
INDIAN COPYRIGHT ACT was drafted in --------------------by Shalu Gothi and Daisy Jain
Answer
  • 2000
  • 1857
  • 1957
  • 1967

Question 110

Question
What is the software that comes hidden in free downloadable software and tracks your online movements, mine the information stored on your computer or use your computer’s CPU and storage for some task you know nothing about?
Answer
  • Weblog
  • Clickstream
  • Anonymous web browsing service
  • None of above

Question 111

Question
What are the primary examples of public law?
Answer
  • Criminal, administrative, and constitutional law
  • Civil, Legislative and public service
  • IPC, administrative, service, constitutional law
  • All are the primary examples of public law.

Question 112

Question
The Aadhaar project is the world’s largest national identity project, launched by the government of India, which seeks to collect the following data about residents and store these in a centralized database.
Answer
  • Biometric data
  • Demographic data of residents
  • Life style data of citizens
  • All of these

Question 113

Question
Personal Data Protection Bill 2019 had the following provision. (1) Provide for the protection of the privacy of individuals relating to their personal data, (2) Specify demerits of the flow and usage of personal data, (3) Create a mysterious relationship of trust between persons and entities processing personal data, (4) Protect the fundamental rights of individuals whose personal data are processed Choose which of the options listed above are false?
Answer
  • 1,2,3
  • 2,3
  • 1,4
  • 1,2

Question 114

Question
The Aadhaar Act attempts to create a method for--------------- of individuals so as to provide services, subsidies and other benefits to the residents of the country.
Answer
  • Identification
  • Authentication
  • Authorization
  • Accountability

Question 115

Question
------------------- gathers personally identifying information from Aadhaar holders, prepares the data for transmission, and receives the authentication.
Answer
  • System Terminal
  • Barcode reader
  • Authentication device
  • RFID

Question 116

Question
According to standard notions of digital authentication, a security principal (a user or a computer), while requesting access to a service, must provide two independent pieces of information, which are:
Answer
  • Identity and Authentication.
  • Verification and Authentication
  • Validation and Authorization
  • Validation and Authentication

Question 117

Question
Identity provides an answer to the question ------------------ Anonymity is when nobody knows who you are but potentially, they know ---------------------------
Answer
  • how are you? & how you do
  • who are you? & what you do
  • how are you feeling? & what you do
  • who are you? & what you know about others

Question 118

Question
Which of the following is odd about Aadhaar authentication?
Answer
  • It enables authentication using a One-Time-Password (OTP) issued to the resident's listed email address or cellphone number in the CIDR.
  • It enables authentication combining OTP, fingerprint, and iris authentication for residents.
  • It offers a 2-factor authentication with OTP as one factor and multimodal biometric as the second factor for authenticating residents.
  • It enables Aadhaar authentication by matching Aadhaar numbers and demographic attributes of residents.

Question 119

Question
Personal Data Protection Bill sought to ensure privacy rights of the individual. Select the odd option
Answer
  • Obtain confirmation from the fiduciary on whether their personal data has been processed
  • Seek correction of inaccurate, incomplete, or out-of-date personal data
  • Have personal data transferred to any other data fiduciary in certain circumstances
  • Restrict continuing disclosure of their personal data by a fiduciary, if it is no longer necessary Or consent is withdrawn
  • Provide advice on security safeguards like data encryption

Question 120

Question
Which of the following act enforces individual privacy in online space, after scrapping a similar bill:
Answer
  • PDP Bill 2018
  • Digital Personal Data Protection Bill 2023
  • GDPR
  • IT Act, 2000
Show full summary Hide full summary

Similar

06 PROJECT TIME MANAGEMENT
miguelabascal
River Processes and Landforms
1jdjdjd1
Application of technology in learning
Jeff Wall
AS Unit 2 Physics Flashcard Deck
Callum McClintock
Geography Coastal Zones Flashcards
Zakiya Tabassum
Cold War Causes Revision
Tom Mitchell
Biology AS Level UNIT 1
Valentin Andrei
Geography - Case Studies
jacobhatcher97
Germany 1918-39
Cam Burke
Language Techniques
Anna Wolski
Mapa Mental para Resumir y Conectar Ideas
Rosario Sharline Vilcarromero Saenz