1.Ravi is doing a password assessment for one of his clients.

He suspects that s
ecurity policies are not in place. He also suspects that weak passwords are prob
ably the norm throughout the company he is evaluating. Ravi is familiar with pas
sword weaknesses and key loggers.
Which of the following options best represents the means that Ravi can adopt t
o
retrieve passwords from his client hosts and servers.
A.Hardware, Software, and Sniffing.
B.Hardware and Software Keyloggers.
C.Passwords are always best obtained using Hardware key loggers.
D.Software only, they are the most effective.
Ans: B
2.IDS and IPS stands for:
A.Intrusion Detective System and Intrusion Preventive System
B.Intrusion Detection System and Intrusion Prevention System
C.Infection Detection System and Infection Prevention System
D.Intruder Detection System and Intruder Prevention System
Ans: B
3. Rohit is planning to gain unauthorized access into the Railway Traffic Contro
l System (Railway Traffic Control System has been declared as a Critical Informa
tion Infrastructure by the Central Government) of the Indian Railways. Prachi is
the System Administrator of the Railway Traffic Control System. She hands over
a list of passwords to Rohit. Using these passwords, Rohit gains the unlawful ac
cess. In such a situation Rohit and Prachi are liable for
A.Unauthorised access
B.Hacking Critical Information Infrastructure
C.Rohit is liable for accessing protected system and Prachi is liable for provid
ing assistance to any person to facilitate access to a computer
D.Both Rohit and Prachi are liable under Section 70 of the IT Act
Ans: D
4.Deepak had an appointment with Mr. Joshi at his plush office in Pune. While wa
iting for Mr. Joshi, Deepak remembered that he had to email a document (that he
was carrying in a Pen Drive) to his office. As he looked around, he realized tha
t there was a computer at the reception desk, which was switched on. However, th
e receptionist was nowhere to be seen.
Deepak immediately inserted the Pen Drive containing the document into the USB d
rive of the computer at the reception desk. Just then, the receptionist entered
and saw Deepak at the computer. She immediately called the security guards and i
ntimated the manager about the incident.
Under which provision of the Information Technology Act action can be taken agai
nst Deepak?
A.Sec.
B.Sec.
C.Sec.
D.Sec.

43
43A
67
66B

Ans: A
5. Vivek is the IT security consultant and system administrator of the Calsoft P

vt. Ltd., a software company who manufactures healthcare industry related softwa
re. To remain ahead in the competitive age, company decided to secure their IT i
nfrastructure. Initially Vivek has installed high end firewalls, network based a
nti-virus and used VPN encryption to secure the infrastructure. Which level of s
ecurity has Vivek implemented?
A.Host
B.Application
C.Perimeter
D.None of the above
Ans: C
6. DMZ stands for:
A.Dematerialized Zone
B.Demilitarized Zone
C.Demitigation Zone
D.Demitilarized Zone
Ans: B
7.Sachin has been hired to perform a penetration exam on Examsheets.net. He begi
ns by loosheets at IP address ranges owned by the company and details of domain
name registration. He then goes to News Groups and financial web sites to see if
they are leasheets any sensitive information of have any technical details onli
ne. Within the context of penetration examing methodology, what phase is sachin
involved with?
A.Passive information gathering
B.Active information gathering
C.Attack phase
D.Vulnerability Mapping
Ans: A
8.Mukesh is going to perform an active session hijack against Examsheets. He ha
s acquired the target that allows session oriented connections (Telnet) and perf
orms sequence prediction on the target operating system. He manages to find an a
ctive session due to the high level of traffic on the network. So, what is Mukes
h most likely to do next?
A.Take over the session.
B.Reverse sequence prediction.
C.Guess the sequence numbers.
D.Take one of the parties offline.
Ans: A
9.Why is Social Engineering considered attractive by hackers and also adopted by
experts in the field?
A.It
B.It
C.It
D.It

is done by well known hackers and in movies as well.

does not require a computer in order to commit a crime.
is easy and extremely effective to gain information.
is not considered illegal.

Ans: C
10.In Host Layer of the Layered Security Approach, _____________________________

__to the host environment allow administrators to quickly identify which device
settings require updating to ensure secure operation.
A.Authentication and Authorization
B.Integrity and confidentiality
C.Accuracy and responsiveness
D.Input validation
Ans: C
11.Which security practice works to safeguard your data, if all other security m
easures fail?
A.Encryption
B.Antivirus
C.Firewall
D.Authentication
Ans: A
12.Perimeter is the area where ________________ ends and ___________________begi
ns.
A.Others Network, your network
B.Internet, your network
C.Internet, Intranet
D.Your network, internet
Ans: D
13.Which is the most common method used by hackers to compromise systems:
A.Social Engineering
B.Guessing
C.Keyloggers
D.Spywares
Ans: C
14.Select the statement that is INCORRECT:
A.The fewer types in your password, the longer it must be.
B.No system support use of the space bar in passwords.
C.If you cannot create a password that contains symbols, you need to make it con
siderably longer to get the same degree of protection.
D.An ideal password combines both length and different types of symbols.
Ans: A
15.Which one of the following is NOT one of the password strategies to avoid?
A.Avoid
B.Avoid
C.Avoid
n.
D.Avoid

sequences or repeated characters.

using look-alike substitutions of numbers or symbols.
any part of your name, birthday, car number plate, or similar informatio
dictionary words in any language.

Ans: B
16.Which is the largest disadvantage of the symmetric Encryption?

A.More complex and therefore more time-consuming calculations.

B.Problem of the secure transmission of the Secret Key.
C.Less secure encryption function.
D.Isn't used any more.
Ans: B
17. In ISO 27001, ISMS means:
A.
B.
C.
D.

Internet Safety Management System

Information Security Management System
Intranet Safety Management System
Information System Management Security

Ans: B
18.Cryptography derived from Greek word where Kryptos means _________________;
and graphy is the __________________.
A.
B.
C.
D>

Secret , art of writing

Hidden , art of hiding
Hidden, secret , art of hiding
Hidden, secret , art of writing

Ans: A
19.Decryption is the process of converting _________________ to ________________
___ with the help of ___________________ by using ____________________.
A.Ciphertext, plaintext,
B.Plaintext, ciphertext,
C.Ciphertext, plaintext,
D.Plaintext, ciphertext,

decryption
decryption
encryption
encryption

algorithm,
algorithm,
algorithm,
algorithm,

shared secret key

shared secret key
its own secret key
its own secret key

Ans: C
20.What is the most common vehicle for social engineering attacks?
A.Phone
B.Email
C.In person
D.P2P Networks
Ans: A
21.John, Hacker, wants to break into Sagar Co.'s computers and obtain their secr
et double fudge cookie recipe. He calls his friend Albert, an accountant in MNC
Sagar Co. pretending to be an administrator from XYZ Company. John tells his fr
iend that there has been a problem with some accounts and asks her to tell him h
er password 'just to double check our records'. believing that Albert is really
, an administrator, and tells him her password. John now has a user name and pas
sword, and can access Sagar Co.'s computers, to find the cookie recipe. This is
an example of what kind of attack?
A.Reverse Psychology
B.Social Engineering
C.Identity Theft
D.Reverse Engineering

Ans: C
22.Which of the following best describes session key creation in SSL?
A.It
B.It
C.It
D.It

is
is
is
is

created
created
created
created

by
by
by
by

the
the
the
the

server
server
client
client

after verifying theuser's identity

upon connection by the client
from the server's public key
after verifying the server's identity

Ans: D
23.How does a denial-of-service attack work?
A.A hacker tries to decipher a password by using a system, which subsequent cras
hes the network
B.A hacker attempts to imitate a legitimate user by confusing a computer or even
another person
C.A hacker prevents a legitimate user (or group of users) from accessing a servi
ce
D.A hacker uses every character, word, or letter he or she can think of to defea
t
Authentication
Ans: C
24.One day your friend got a mail that you have won prize of Rs.50,000/- from co
co cola company just click on a link and get the prize. If your friend wants to
open a link then which web server will help him to scan the link?
A.Trend Micro Web Reputation Query
B.Web Of Trust
C.Trusted Source
D.Norton Safe Web
Ans: D
25.If you are a hacker and you want to know the details of the other person s comp
uter. Which virus you can send which can be easily installed in his/her computer
without his/her information?
A.Worms
B.Bots
C.Bug
D.Trojans
Ans: D
26. Which of the following is NOT an example of computer virus?
A.
B.
C.
D.

Melissa
I Luv U
Boot Sector
HIV

Ans: D
27.If you are a security administrator and you want to secure your computer from
the harmful viruses like Trojans which can affect your computer through which y
our personal detail can be leaked out. What should you install in your computer

to protect your computer ?

A.Firewall
B.Anti Virus
C.Anti Spyware
D.Anti Rootkit
Ans: C
28. Which of the following is NOT a type of Firewall?
A.
B.
C.
D.

Application Layer
Network Layer
Boot Layer
Packet Filtering

Ans: C
29. In layered approach, Which of the following is NOT included in Perimeter lay
er?
A.
B.
C.
D.

Firewall
VPN Encryption
Network based Anti-virus
OS Security

Ans: D
30.System passwords are of two types:
A.Administrative password and user password
B.Guest user password and limited user password
C.Administrator password and user password
D.BIOS password and administrator password
Ans: C
31. Mohammad is carrying his laptop in his car. While driving he receives a call
from his friend Salma and they both decides to go for a coffee. Mohammad is not
sure where to keep the laptop safe in his car. You are requested to choose the
MOST correct option out of the following:
A.
B.
C.
D.

in the trunk of the car

Under the seat
in the gap between the back sit and front sit
On the handbreak

Ans: A
32. Identification is done in which of the following phase?
A.
B.
C.
D.

Identification and Authorization

Identification and Authentication
Authentication and Authorization
Authorization and Authentication

Ans: B
33.If you open a website and you see the pad lock icon at the bottom area of the
navigator. What is installed on a website?

A.SSL
B.SSL
C.SSL
D.SSL

Signature
Encryption
Digital Certificate
Digital Signature

Ans: C
34. Which of the following is NOT a back-up method:
A.
B.
C.
D.

Incremental
Full
Differential
Parallel

Ans: D
35. Which one of the following Algorithms does not belong to symmetric encryptio
n?
A.DES
B.RSA
C.RC4
D.IDEA
Ans: B
36.In an asymmetric-key cryptography, the sender uses ________________ key and t
he receiver uses__________________ key.
A.his own pubic key, its own private key
B.his own public key, sender s private key
C.Receiver s public key, sender s private key
D.Receiver s public key, his own private key
Ans: D
37.If you receive a mail from XYZ company that you have been selected for the jo
b in XYZ company and they asked you to deposite the amount of Rs. 10,000/- throu
gh online payment. You take a step to verify any company which make you job offe
r their contact details etc you are making yourself prevention from ____________
___________
A.Phishing
B.Money Mule
C.Virus
D.Financial Fraud
Ans: B
38.Objective of computer security professional is
A.To protect the information/data from potential misuse
B.To make sure information is available to authorised people at appropriate time
s
C.To preserve integrity of the information/data
D.All of the above
Ans: D

39. Under ISMS, PDCA means:

A.
B.
C.
D.

Prevent, Defend, Confidential & Available

Plan, Do, Check & Act
Preserve, Delete, Check & Acknowledge
None of the above

Ans: B
40. Residual Risk means:
A.
B.
C.
D.

Risk before applying a control

Risk after identifying a threat
Risk which still remains after applying a control
All of the above

Ans: C
41. Which of the following is the CORRECT meaning of SLA?
A.
B.
C.
D.

Session
Service
Session
None of

Layer Analysis
Level Agreement
Location Analysis
the above

Ans: B
42. Khalid is an administrator of a Giant Software company and his office contai
ns high valued Computer appliances and peripherals. Which policy do you think is
required to be prepared first to protect these assets?
A.
B.
C.
D.

Acceptable Use Policy

Internet Usage Policy
Physical Security Policy
All of the above.

Ans: D
43. Punishment for Cyber Terrorism under Indian Information Technology Act is gi
ven under Section:
A.
B.
C.
D.

66 F
43
67 A
70

Ans: A
44. Which of the following is a NOT a Natural threat to be called as disaster if
it takes place:
A.
B.
C.
D.

Disease
Flood
Earth quake
Riots

Ans: D
45.Neelam is confused about advantages of using hardware firewall. Kavita, her f
riend has told her following advantages. She has approached you for your advice

on the same, so chose the advantages of the hardware

A.It uses very less system resources
B.It enhances security control
C.It can be easily enabled or disabled
D.It is more reliable if dedicated for a particular computer
E.All of the above
Ans: E
46. Which of the following is the CORRECT bluetooth range?
A.
B.
C.
D.

5 meters
8 meters
10 meters
12 meters

Ans: 10 meters
47.Vivek is the IT security consultant and system administrator of the Calsoft P
vt. Ltd., a software company who manufactures healthcare industry related softwa
re. To remain ahead in the competitive age, company decided to secure their IT i
nfrastructure. Initially Vivek has installed high end firewalls, network based a
nti-virus and used VPN encryption to secure the infrastructure. Which level of s
ecurity has Vivek implemented?
A.Host
B.Application
C.Perimeter
D.None of the above
Ans: C
48. Which of the following is NOT a Risks associated with improper implementatio
n of physical security are
A.Unauthorised entry
B.Devices getting corrupt due to viruses
C.Illegal physical access
D.All of the above
Ans: B
49. Hash is a __________ function:
A.
B.
C.
D.

Two way
Multiple way
One way
Three way

Ans: C
50. Alok took a laptop with a wi-fi connectivity. When he turned on the wi-fi co
nnection, he found lot of open connection in his locality. He took his laptop in
hand and started walking through few blocks. This act of Alok of taking a compu
ter and finding open wi-fi networks is called as:
A. Wi-fi scanning
B. Wi-fi finding
C. Wi-fi connecting

D. War driving
Ans: D
51. In terms of digital evidence, which of the following is NOT a type of eviden
ce:
A.
B.
C.
D.

Direct
Real
Hear-say
Documentary

Ans: C
52. Which of the following sequence is CORRECT in Incidence handling:
A.
B.
C.
D.

Preparation, Identification, Containment, Eradication,Recovery & Follow-up

Identification, Preparation, Eradication, Containment, Recovery & Follow-up
Recovery, Identification, Preparation, Containment, Eradication & Follow-up
Containment, Preparation, Identification, Eradication, Recovery & Follow-up.

Ans: A
53. SSL stands for
A.Secure Socket List
B.Security Socket Layer
C.Secure Socket Layer
D.Secure Socket Level
Ans: C
54.Which one is not a method of email hacking?
A.Using Spyware
B.Social engineering
C.Sending Viruses
D.Using Phishing
Ans: C
55.Which of the following can be said to be a strong password?
A.Apple
B.abc123
C.@Pple321$#!
D.Passw0rd
Ans: C
56.Recently, Priya is receiving lot of SPAM and unsolicited emails. She wants to
know how to prevent these SPAM emails. Following are some of the steps, identif
y the correct one
A.Keep one's
B.Use a spam
C.Notice the
D.All of the
Ans: D

email address as secret as possible

filter
several spelling errors in the body of the "official looking" email
above

57. Pankaj, a ninth standard school student having basic IT skills has recently
attended a session on IT security and ethical hacking in his school. Inspired by
the session, Pankaj came back home and started exploring few techniques demonst
rated by the speaker. It can be said that Pankaj is a
A.Black hat hacker
B.White hat hacker
C.Script kiddies
D.None of the above
Ans: C
58.What is the data transfer rate of Bluetooth?
A.1.5 Mbps
B.2 Mbps
C.1 Mbps
D.2.5 Mbps
Ans: C
59.Raj is a hacker and he want to hack a Network to steal username, password, im
plementing trojan and gain the system access and also remove all the logs after
completed hacking process. For these things how many phases are involved in this
process?
A.3
B.2
C.5
D.4
Ans: C
60.______________ensures your organization's preparation for unforeseen risks to
continue its business operations.
A.Information System Contingency Planning
B.Vulnerability assessment and penetration testing
C.Computer forensics
D.IT security policies
Ans: A
61.Which of the following is a type of cryptography?
A.Asymmetric
B.SSL
C.HTTPS
D.MD5
Ans: A
62. Computer Forensics is
A.the practice of lawfully establishing evidence and facts
B.the science involving legal evidence that is found in digital storage mediums
and in computers
C.a process of applying scientific and analytical techniques to computer Operati
ng Systems and File Structures to determining the potential legal evidence

D.all of the above

Ans: D
63.ARP stand for---A.Address
B.Address
C.Address
D.Address

Reservation Protocol
Registration Protocol
Revolution Protocol
Resolution Protocol

Ans: D
64.______________ is part of the preparatory pre-attack phase and involves accum
ulating data regarding a target s environment and architecture. It is also the pro
cess of creating a blueprint or map of an organization s network and systems.
A.Google Hacking
B.Footprinting
C.Gaining Access
D.Scanning
Ans: B
65.You are a hacker and you want to view hidden Bluetooth devices, so which soft
ware helps you to find out all hidden Bluetooth devices?
A.BlueScanner
B.BlueSnarfing
C.BlueSniff
D.BlueBugger
Ans: C
66.What is the full form of URL?
A.Universe Resource Locator
B.Uniform Resource Locator
C.Unified Resource Locator
D.Unity Resource Locator
Ans: B
67.WEP Stand forA.Wireless Encryption Protocol
B.Wire Encryption Privacy
C.Wireless Extended Protocol
D.Wired Equivalent Privacy
Ans: D
68.You are a Network Administrator and you have lot Mobile devices in your netwo
rk. Now you want to reduce the threats of mobile malware, so which step is suita
ble for your network?
A.Keeping the device in non-discoverable
B.Installing an antivirus
C.Upgrade the Firmware
D.Installing IDS

Ans: C
69.Hacker can plug a laptop into a hub and use _______________ software to captu
re data traveling across the network.
A.Sniffer
B.Scanner
C.IDS
D.IPS
Ans: A
70.Jai and her team have been going through tons of garbage, recycled paper, and
other rubbish in order to find some information about the target they are attem
pting to penetrate. How would you call this type of activity?
A.Dumpster Diving
B.Scanning
C.CI Gathering
D.Garbage Scooping
Ans: A
71.A document encrypted by a public key can only be decrypted by using__________
_______.
A.Private key
B.Corresponding private key of that public key
C.Hash function
D.None of the above
Ans: B
72. Types of Security Audit are
A.Vulnerability scan
B.Penetration testing
C.Security checklist review
D.Security policy review
E.Physical security audit
F.All of the above
Ans: F
73. Under ISO 27001, Asset can be defined as:
A.
B.
C.
D.

anything that has value to the organization

anythaing that has value to an outsider
anything that has value to a competitor
anything that has value to the Taxing Authorities

Ans: A
74.How many layers are there in the Layered-security approach?
A.Six
B.Five
C.Eight
D.Ten

Ans: B
75.This describes a non-technical kind of password theft that relies on people's
willingness to help strangers who are in trouble.
A.Social networking
B.Keylogging
C.Dumpster diving
D.Social engineering
Ans: D
76.Anti-virus software should be used regularly to check:
A.Floppy disks and hard drives
B.Files downloaded from the Internet, emails
C.Any new floppy disk inserted into a computer
D.Email attachments, all disks and rewritable CDs
Ans: D
77.Smoke detector placement is important to ensure that all types of fires in di
fferent parts of the building can be quickly identified. Which of the following
locations is not necessarily a good place for a smoke detector?
A.Raised flooring
B.Dropped ceiling
C.Exterior rear doorway
D.Air ducts or vents
Ans: C
78.One of the following describes what you should do if you receive a chain lett
er email?
A.Forward the email.
B.Download it onto your system.
C.Delete the email.
D.Send a read receipt.
Ans: C
79.Which one of the following is an example of phishing?
A.An
B.An
C.An
D.An

email
email
email
email

warning the recipient of a

directing the recipient to
directing the recipient to
directing the recipient to

computer virus threat.

forward the email to friends.
enter personal details on a fake website.
download an attachment.

Ans: C
80.Which one of the following describes why you should follow guidelines and pro
cedures while using IT resources in an organization?
A.To
B.To
C.To
D.To

ensure
ensure
ensure
ensure

Ans: B

easy access to information on your computer

the secure use of IT resources
the IT Department is able to monitor all activity
the Finance Department is able to monitor the costs of IT resources

81. Which one of the following statements related to workstations

orrect?

security is inc

A.Hackers can use any unsecured computer that s connected to the network to access
or delete information that s important to your business
B.There is no need to disconnect computers that aren t being used otherwise the fu
nctioning of the network may hamper
C.Lock the doors of empty offices, including those that are temporarily empty wh
ile an employee is at lunch or out sick.
D.Equip computers that must remain in open areas, sometimes out of view of emplo
yees, with smart card or biometric readers so that it s more difficult for unautho
rized persons to log on.
Ans: B
82.Which one of the following process uses system components as audit trails or
records and logs to associate a subject with its actions and the information rec
orded should be sufficient to map the subject to a controlling user?
A.Authentication
B.Authorization
C.Accountability
D.Availability
Ans: C
83. Under Sec. 43A of the IT Act which of the following type of information is c
onsidered to be sensitive personal information
A.Password
B.Healthcare information
C.Financial information
D.Sexual orientation related information
E.All of the above
Ans: E
84. This describes a non-technical kind of password theft that relies on people'
s willingness to help strangers who are in trouble.
A.Social networking
B.Keylogging
C.Dumpster diving
D.Social engineering
Ans: D
85. Which of the following is a Computer Forensic Tool?
A.
B.
C.
D.

Snot
Wireshark
Cain and Able
Winhex

Ans: D
86. Checking a website certificate can tell you:
A.How much you could save by shopping online

B.Whether the site is on the world wide web

C.Who operates the site, and if their security status is up to date
D.Whether all rights of the content of the site are reserved
Ans: C
87. Different organizations have different physical security protection requirem
ents, thus they require different types of controls and countermeasures. Which
of the following is NOT a legitimate justification for using security guards at
a facility?
A.They
B.They
C.They
D.They

are one of the best deterrents for potential intruders.

are flexible and can be positioned randomly.
provide judgment and understanding of different situations.
are cheaper than most automated detection systems.

Ans: D.
88. Which of the following is NOT a source of Digital Evidence:
A.
B.
C.
D.

Recycle Bin
Finger prints on Mouse
Event Logs
Registry

Ans: B
89. Bob sent an email to Robby mentioning dinner invite and a link of hotel for
dinner. The moment Robby clicked on that link, he found his laptop got formatted
. This is an example of:
A.
B.
C.
D.

DNS redirect
Phishing attack
Logic Bomb
SPAM

Ans: C
90. Why should I lock my computer while leaving my desk?
A.To
B.To
C.To
D.To

prevent
prevent
prevent
prevent

unauthorised access to data

a waste of electricity
data from getting corrupted
the computer from malfunctioning

Ans: A
91. Which of the following is not the disadvantage of Private key cryptography:
A.The
B.The
C.Key
D.Key

key exchange problem

trust problem
management
selection problem

Ans: D
92. While drafting final investigation report, Computer Forensics expert should
make sure

A.that all the steps taken by the investigator are mentioned in detail
B.that it should be clear, complete and concise
C.that it should be signed by at least two third party independent witnesses
D.all of the above
Ans: D
93.Which one of the following would prevent the theft of a laptop?
A.Anti-virus software
B.Spyware
C.A security cable
D.A webcam
Ans: C
94._________attack is performed with tools that cycle through many possible char
acters, numbers and symbol combinations to get a password.
A.Brute force attack
B.Social engineering attack
C.Dictionary attack
D.Dumpster diving
Ans: A
95. Which one of the following options applies to the DDoS (Distributed Denial o
f Service) attack?
A.Prevention access to resources by users authorized to use those resources
B.Use of multiple computers to attack a single organization
C.Placing a computer system between the sender and receiver to capture informati
on
D.Listening or overhearing parts of a conversation
Ans: B
96. __________ is simply software that displays popup ads or other ad related sc
reens in your web browser or on your desktop. It arrives on your PC without your
consent, sometimes it may contain malware.
A.Spyware
B.Keyloggers
C.Adware
D.Trojan
Ans: C
97. _________ is non-self-replicating malware that appears to perform a desirabl
e function for the user but instead facilitates unauthorized access to the user'
s computer system.
A.Key Loggers
B.Worms
C.Virus
D.Trojan
Ans: D
98. A _________ firewall will examine the information contained in the header of

a packet of information which is attempting to pass through the network.

A.Packet Filtering
B.Stateful
C.Circuit Level
D.Hybrid
Ans: A
99. A _______ can run completely independently and spread itself through network
connections.
A.Virus
B.BOT
C.Trojans
D.Worm
Ans: D
100. The __________ review employs published or publicly available checklists fo
r specific types of platforms, applications, or services to make sure that softw
are is up to date, configurations locked down, and potential points of attack cl
osed.
A.Audit Policy Checklist
B.Penetration Checklist
C.Security Checklist
D.Physical Security Checklist
Ans: C
101. After an attacker has successfully compromised a computer, what would be on
e of the last steps that would be taken to ensure that the compromise is not tra
ced back to the source of the problem?
A.Install patches
B.Setup a backdoor
C.Cover your tracks
D.Install a zombie for DDOS
Ans: C
102. VPN stands for
A.Virtual
B.Virtual
C.Virtual
D.Virtual

Page Number
Private Network
Private Networking
Public Network

Ans: B
103. ___________feature of Google adds a layer of security to your Google Accoun
t by requiring access to your phone as well as your username and password when y
ou sign in. If someone steals or guesses your password, that person can t sign in
to your account because they don t have your phone.
A.2-step verification
B.Sign-in-seal
C.Multiple sign-in
D.Filters

Ans: A
104. ISO/IEC 27001 requires that management A.Systematically examine the organization's information security risks, taking a
ccount of the threats, vulnerabilities and impacts;
B.Design and implement a coherent and comprehensive suite of information securit
y controls and/or other forms of risk treatment (such as risk avoidance or risk
transfer) to address those risks that are deemed unacceptable; and
C.Adopt an overarching management process to ensure that the information securit
y controls continue to meet the organization's information security needs on an
ongoing basis.
D.All of the above
Ans: D
105. Basic skills required to become ethical hacker are
A.Criminal mindset
B.Thorough knowledge about computer programming, networking and operating system
s, etc.
C.Patience, persistence, and immense perseverance
D.All of the above
Ans: D
106.Which is the best source to collect the Evidence?
A.Event Logs
B.Registry
C.Slack Free
D.E-Mail
Ans: B
107.A document encrypted by a public key can only be decrypted by using_________
________.
A.Private key
B.Corresponding private key of that public key
C.Hash function
D.None of the above
Ans: B
108.Most of the computer may be a target when they are
A.Sending the mail
B.Connected to the Internet
C.Playing online games
D.Sending data
Ans: B
109. Which one of the following is the recommended action to prevent the risk of
access to a wi-fi network by other users?
A.Disconnect the computer from the network
B.Complain to the System Administrator

C.Change the default WEP or WPA access key to one that only you know
D.Adjust the Internet security settings
Ans: C
110.Password is a protected word or string of characters which serves as _______
________ of a person s identity.
A.Authorization
B.Authentication
C.Authentication and Authorization
D.Identification
Ans: B
111. In Investigation stage, Data Collection is _______________________.
A. accumulation of facts and clues that should be considered during your forensi
c analysis.
B. Reconnissance
C. Active Reconnissance
D. None of the above
Ans: A
112. Which of the following is NOT an Enumeration Tool:
A.
B.
C.
D.

DumpSec
Hyena
Nmap
Enum

Ans: C
113. Network based evidence does NOT include ________
A.
B.
C.
D.

IDS Logs
Router Logs
Firewall Logs
any other information found on a system

Ans: D
114. Which of the following is NOT a wireless cracking tool?
A.
B.
C.
D.

NetStumbler
Kismet
Aircrack
Wireshark

Ans: D
115.Which of the following is NOT a Policy for General Users?
A.
B.
C.
D.

USB Policy
Password
Security Policy for Access Control
Physical Safety Policy

Ans: C

116. Under Risk Assessment, which is the FIRST step?

A.
B.
C.
D.

Identify the risks

Apply the Controls
Identify the Assets
Identify the Vulnerabilities

Ans: C
117. Neha is a Director of a company and have recently attended a workshop on Bu
siness Continuity and Disaster Recovery. After listening to the session, she was
a bit confused on the sequence told by the Speaker for Risk Treament. You being
an expert is requested to advice the correct sequence out of the following:
A.
B.
C.
D.

Apply Control, Accept the risk, Transfer the risk & Avoid the risk
Avoid the risk, Apply Control, Avoid Risk & Transfer the risk
Accept the risk, Transfer the risk, Avoid the risk & apply control
Transfer the risk, Avoid the risk, Apply the control & accept the risk

Ans: A
118. Which of the following is the FIRST step if you find a Cyber Incident in yo
ur organization?
A.
B.
C.
D.

Collection & Identification of Evidence

Preserving the scene/site of incidence
Reporting it to the Highest level of Management
None of the above.

Ans: B
119. Which of the following is NOT a kind of scanning?
A.
B.
C.
D.

Port Scanning
Network Scanning
OS Scanning
Vulnerability Scanning

Ans: C
120. Gaining unauthorized access to a bluetooth enabled device for the purpose o
f accessing or stealing information or files is called as:
A.
B.
C.
D.

Bluejacking
Bluesniff
Bluesnarfing
Bluebugger

Ans: C
121. Which of the following is NOT a scanning tool:
A.
B.
C.
D.

Nmap
Nessus
Netscan
Hyena

Ans: D

122. Richa has recent joined XYZ Infotech Inc. Dolley, HR, has kept all the pers
onnel records in a safe. It has been observed by Dolley that Joe, one of the pro
gramer, has gone through Richa's personnel record. As per the HR Policies, Joe i
s supposed to be charged under WHICH SECTION of Indian Information Technology Ac
t for Violation of Privacy?
A.
B.
C.
D.

66 E
43 (c)
70
67 B

Ans: A
123. Which of the following is the exact definition of Integrity?
A.
B.
C.
D.

the
the
the
the

property
property
property
property

of
of
of
of

safeguarding
safeguarding
safeguarding
safeguarding

accuracy and completeness of assets.

accuracy of an asset
completeness of an asset
availability of an asset.

Ans: A
124. Which of the following is the CORRECT sequence in the following options:
A.
B.
C.
D.

Generator, UPS, Battery Back-up

Battery Back-up, UPS, Generator
UPS, Battery Back-up, Generator
Generator, Battery Back-up, UPS

Ans: C
125. Which of the following is NOT a Computer Security Incident Response Team (C
SIRT)?
A.
B.
C.
D.

IRT
SIRT
SERT
PERT

Ans: D