1) Which of the term is not a feature of the information security policy? a) Confidentiality b) Integrity c) Availability d) Attainability 2) Which attack is aimed at 'Identity Threat'? a) Phishing b) Spoofing c) Spamming d) All of the Above 3) In Cloud Computing, one common mechanism for providing the separation of data and services is a) Virtualization b) Integration c) Sensitization d) All of the Above 4) An Attack used to monitor and potentially modify communication between client and server a) Injection Attacks b) DDOS c) Man in the Middle d) All of the Above 5) Facility provided by multi-user information system, which enables the user to override system or application access controls a) Authentication Bypass b) Virtualization c) Privilege Escalation d) All of the Above 6) To spot a phishing e-mail, recipient should check for these indicators in e-mail message. a) Greed b) Urgency c) Fear d) All of the Above 7) Employees using unlicensed software shall be held liable for which violation? a) Patent Laws b) Proprietary Laws c) Copyright Laws d) Infringement Laws 8) What is full form of BCP? a) Business Crisis Plan b) Big Continuity Plan c) Business Continuity Package d) Business Continuity Plan 9) What does the acronym IAM stand for in cloud security? a) Identity and Access Model b) Identity and Access Management c) Identity and Access Method d) Identity and Availability Management 10) In a cloud context, what is the primary purpose of data encryption at rest? a) To ensure fast retrieval of data b) To prevent data from unauthorized user c) To improve cloud storage performance d) To enable efficient data backups 11) Which cloud security control focuses on safeguarding the access points into the network? a) Data Masking b) Perimeter Security c) Elastic Compute Security d) All of the Above 12) What is the full form of “GDPR”? a) General Document Protection Regulation b) General Data Privacy Regulation c) General Data Protection Rule d) General Data Protection Regulation 13) What is the primary goal of data masking? a) To remove data for security b) To delete sensitive data during the testing or development c) To ensure data privacy during testing or development d) To generate synthetic data 14) What is the key difference between data masking and encryption? a) Encryption is used only for sensitive data, while data masking is used for all data types b) Data masking hides data but keeps it usable for testing, while encryption secures data by making it unreadable without a decryption key. c) Data masking is irreversible, while encryption is reversible. d) All of the Above 15) What is the primary purpose of data hashing? a) To encrypt data for security by symmetric key b) To convert sensitive data into an irreversible fixed-length value c) To encrypt data for security by Asymmetric key d) To compress data for storage efficiency 16) Which characteristic makes hash functions ideal for verifying data integrity? a) Hash values are available in public domain b) Hash functions are fast to compute and easy to read c) Small changes in the input lead to large, unpredictable changes in the hash value d) All of the Above 17) Which of the following is true about a good cryptographic hash function? a) The hash function should always be reversible. b) The hash function should produce shorter hash values for larger inputs. c) The hash function should produce a unique hash value for each unique input. d) All of the Above 18) What does DPDPA stand for in the context of data privacy? a) Data Protection and Data Privacy Act b) Digital Protection and Data Privacy Act c) Data Protection and Data Privacy Authority d) Data Privacy and Data Protection Act 19) The DPDPA is primarily concerned with: a) CyberSecurity and threat prevention b) Protecting digital data and individuals' privacy rights c) Regulating online advertising and threat prevention d) Promoting digital marketing strategies 20) Which of the following is not an example of PII (Personal Identifiable Information)? a) Email address b) Physical address c) A person’s gender d) Salutation 21) Which of the following data elements would qualify as sensitive PII under data protection laws like GDPR or CCPA? a) Social Security Number (SSN) b) IP address c) Date of birth d) Phone number 22) Under the DPDPA, which of the following activity requires explicit consent of the user? a) Data collection and processing b) Data structure c) Data masking d) Data anonymization 23) Which of the following is a primary responsibility of the cloud service provider in IaaS model? a) Data encryption b) Physical security of data centers c) Managing application users d) application security 24) CASB stands for __________? a) Cloud Access Security Breach b) Cloud Access security Break c) Cloud Access Security Broker d) Cloud Access Security Brand 25) What is the primary objective of a Privilege Escalation attack? a) To gain access to sensitive data on the target system b) To prevent users from accessing their accounts c) To acquire higher-level access or permissions then initially granted d) All of the Above 26) Which of the following best describes the relationship between a public key and a private key in asymmetric encryption? a) The public key is used to encrypt data, and the private key is used to decrypt it b) The private key is used to encrypt data, and the public key is used to decrypt it c) Both keys are used for encryption, but one is faster than the other d) Both keys are used for decryption, but one is more secure than the other 27) Which of the following is true about the public key in asymmetric encryption? a) The public key is kept secret and known only to the recipient. b) The public key is used to sign messages to ensure authenticity. c) The public key is only used to decrypt data. d) The public key can be shared openly and is used for encrypting data. 28) In RSA encryption, what role does the private key play? a) It is used to encrypt the message b) It is used to verify the sender's identity during authentication c) It is used to decrypt the message after it is encrypted with the public key d) All of the Above 29) Which cipher suite component in an SSL/TLS connection is responsible for encryption? a) Cipher algorithm b) Key exchange algorithm c) Hashing function d) Authentication method 30) In OAuth 2.0 authentication, what is the function of the "state" parameter? a) To prevent Cross-Site Request Forgery (CSRF) attacks b) To ensure that only trusted tokens are issued c) To define the scope of permissions for the token d) To securely encrypt the access token 31) What is the primary purpose of Content Security Policy (CSP) in web application security? a) To ensure only trusted content is executed by the browser b) To prevent cross-site request forgery (CSRF) attacks c) To encrypt sensitive data transmitted over the network d) To limit access control for different user roles within the application 32) when does session fixation vulnerability occur? a) When the application stores a session token in a cookie without the HttpOnly flag. b) When the application uses an insecure random number generator to create a session token. c) When the application doesn’t invalidate a session token after the user clicks “Logout” button. d) When application uses the same session token before and after user authentication. 33) What are the dynamic context that could be prone to XSS? a) HTML, JavaScript, CSS b) Web server c) Json, DNS d) Windows OS / Linux OS 34) Which of the options best describes a horizontal Privilege escalation attack? a) An attacker is able to obtain higher privileges in an environment to the ones they currently have. b) An attacker is able to obtain similar privilege in an environment to the ones they currently have, but in a scope or domain that belongs to other users. c) An attacker is able to deploy malicious code to the server. d) All of the Above 35) How would you protect yourself from an XSS attack? a) Encryption of input. b) Encoding of output. c) Disable default configuration d) All of the Above 36) What is the strategy to prevent session fixation vulnerability? a) Change the session ID every hour. b) Issue a new session ID after a user authenticates. c) Invalidate the session ID after a user logs out. d) All of the Above 37) What may an attacker achieve using Reflected XSS? a) The attacker can get control of the server. b) The attacker can bypass the firewall to access the protected resource. c) The attacker can run malicious JavaScript in the user’s browser. d) The attacker can run OS commands on the user’s computer. 38) which of the following is not a type of Cross-Site Scripting? a) Virtual XSS b) Dom XSS c) Persistent XSS d) All of the Above 39) If a web application does not validate authorization of a user for direct references to restricted files. Which threat such a website is vulnerable? a) Injection b) CSRF c) Insecure Direct Object References d) XSS 40) What happens when an application takes user-inputted data. Process that data into server side and sends it to a web browser without proper sanitization. a) XSS b) CSRF c) SQL Injection d) SSRF 41) The change password page should require ____________. a) Two copies of the new password b) One copy of old password and one copy of new password c) Three copies of the new password d) One copy of old password and two copies of the new password. 42) What is the primary goal of a Distributed Denial of Service (DDoS) attack? a) Encrypt files for ransom b) Disrupt services by overwhelming a server with traffic c) Steal sensitive data d) All of the Above 43) Which of the following is a form of social engineering? a) SQL Injection b) Phishing c) Man-in-the-Middle (MitM) d) Cross-Site Scripting (XSS) 44) What is the purpose of a VPN (Virtual Private Network)? a) Filter harmful websites b) Scan for malware c) Encrypt data for secure transmission over an insecure network d) All of the Above

Security Awareness

от
Печат
За вграждане

Табло

Визуален стил

Опции

Шаблон за превключване

Възстановяване на авто-записаната: ?