SAMPLE QUESTIONS

Q.1) What is Cyber Security?

Ans. Protection of confidentiality, integrity and availability of information in Cyberspace is known
as Cyber Security.

Q.2) Why there is a sudden focus on cyber security in India?

Ans. There is a sudden focus on cyber security in India because of the following reasons:
1. Access to internet is cheap so risk has increased
2. Low cost of mobile devices has led to increase in risk
3. Companies relying on internet for day to day use are now vulnerable

Q.3) In which type of cyber-attack do you have to pay ransom to the hacker to access your files?
Ans. Ransomware attacks

Q.4) What is Data Breach?

Ans. When your data is stolen from your computer without your knowledge then it is known as
Data breach.

Q.5) What are the different types of Ransomware attacks?

Ans. Bad Rabbit, Wannacry & Petya

Q.6) What are the reasons for occurrence of Ransomware attacks?

Ans. Ransomware attack can happen due to the following reasons:
1. Use of pirated version of OS at Government, Small offices & Office homes
2. Not updating security patches/updates of the OS
3. Not updating security patches/updates of the anti-virus

Q.7) What is the full form of SPDI?

Ans. Sensitive Personal Data or Information

Q.8) What is “defacement of website”?

Ans. Attack on a website that changes the visual appearance of the site or a webpage is known
as defacement of website.

Q.9) What is Phishing?

Ans. Attempt to fraudulently obtain sensitive information by tempting you with a sense of
urgency is called Phishing.

Q.10) When many people are sent a common mail with a hope to fraud a few, then such a type
of phishing is called?
Ans. Mass market mail
Q.11) What is Spear phishing?
Ans. Spear phishing is a type of phishing which is a customized attack on a specific employee and
company.

Q.12) A phishing attack specifically targeting a company’s top executives (like CEO, COO etc) is
known as?
Ans. Whaling

Q.13) What is Business Email Communication?

Ans. Business Email Communication resembles official mails asking to remit certain amount to an
account number citing urgency.

Q.14) How can we protect ourselves & others from phishing mails in our organization?
Ans. We can protect ourselves and others from phishing mails in our organization by ensuring
the following:
1. Never click on email links
2. Check the headers before replying to the suspicious mails
3. Report all spam mails to designated support desk through email/phone as per the
company policy

Q.15) What is telephonic version of phishing known as?

Ans. Vishing

Q.16) What is SMS phishing known as?

Ans. Smishing

Q.17) When a fraudster installs malicious code (.exe files) on computer or server then it is known
as?
Ans. Pharming

Q.18) What is a Social engineering attack?

Ans. Social engineering attack is where customer is taken into confidence and is asked to share
their financial details by SMS and phone.

Q.19) When people are stalked by others online, with a purpose to bring harm then such a cyber-
crime is known as?
Ans. Cyber stalking

Q.20) What is Cyber Warfare?

Ans. An attack on the communication and IT infrastructure of a country by another country is
called Cyber Warfare.

Q.21) The type of cyber crime faced by youngsters and takes place from their enemies, school
colleagues or classmates is known as?
Ans. Cyber Bullying

Q.22) When our competition company tries to take product or service information to kill the
competition it is called?
Ans. Cyber Espionage

Q.23) What is Surface Web?

Ans. Surface web is a type of browsing that happens on web when people access or are browsing
common websites which contributes to only 20% of internet traffic.

Q.24) What is Deep Web?

Ans. Deep web is a type of browsing that happens on web when people access or browse
websites where they try keep their identity anonymous but ends up becoming part of cyber-
attack.

Q.25) What are some of the examples for Websites for Deep Web browsing?
Ans. Ghostery, Privacy Badger, TorProject & DuckDuckGo

Q.26) Which is the highest authority and decision-making body in the Cyber Security Ecosystem
in India?
Ans. Ministry of Electronics and Information Technology

Q.27) Which is the only act or law pertaining to cyber security?

Ans. Information Technology Act 2000

Q.28) What is the full form of NCIIPC?

Ans. National Critical Information Infrastructure Protection Center

Q.29) What is the full form of APCERT?

Ans. Asia Pacific Computer Emergency Response Team

Q.30) CERT-in or I-Cert will serve as national agency for incident response is mentioned in which
Section of IT Act?
Ans. Section 70B of IT Act.

Q.31) Does CERT-In has a Cyber Swachhtha Kendra in its website through which they provide
security products?
Ans. Yes, CERT-In has a Cyber Swachhtha Kendra in its website through which they provide
security products.

Q.32) What does Chapter IX of Section 43 talks about or comprises of?

Ans. Chapter IX of Section 43 defines damage to computer, computer system etc and
compensation.
Q.33) What does damage of computer system or network as per Chapter IX of Section 43?
Ans. As per Chapter IX of Section 43, damage of computer system or network happens when
someone:
• accesses the computer without approval
• Introduces or causes to introduce any computer virus
• Downloads, copies or extracts data including information stored in removable storage
medium.

Q.34) What is the penalty charged for not reporting cyber security incident happened in an
organization to CERT-In?
Ans. The penalty charged would be 1 lakh rupees or imprisonment which can extend up to 1
year.

Q.35) A corporate is liable to report how many types of cyber security incidents to CERT-In?
Ans. 8

Q.36) Which all institution work at a global level for Cyber Security, give examples?
Ans. The following institutions work at global level for Cyber Security:
• FIRST
• APWG
• Bank of International Settlement

Q.37) What all are the functions of CERT-In?

Ans. Functions of CERT-In include:
1. Forecast and alerts of cyber security incidents
2. Collection, analysis and dissemination of information on cyber incidents
3. Emergency measures for handling cyber security incidents

Q.38) Which section talks about authority to collect internet traffic data through any computer
resource by the Govt?
Ans. Section 69 of IT Act

Q.39) Which are the 2 additional organizations or institutions that are constituted as per the IT
act?
Ans. CERT-In and NCIIPC

Q.40) A "secured" link starts with http or https?

Ans. https

Q.41) How can we identify a phishing mail?

Ans. We can identify a phishing mail by:
1. Checking whether the return path in message options is back to the sender or not.
2. Checking genuineness of the email ID like spelling mistake, extra alphabets
 3. Checking the "X-apparently To" field in the message options

Q.42) How should we handle youngsters going through cyber bullying?

Ans. Youngsters going through cyber bullying should be mentored, counselled and should be
made understood ill effects of cyber bullying.

Q.43) Security Products like USB Pratirodh and M-Kavach are provided at free of cost by?
Ans. Cyber Swachhta Kendra

Q.44) Give examples of incidents that a corporate should report to CERT-In as per the definition
of IT Act?
Ans. Examples of incidents that a corporate should report to CERT-In include:
1. Unauthorized access of IT systems/data
2. Defacement of websites
3. Attacks on servers and network devices

Q.45) Is it true that reporting of cyber-attacks to CERT-In is optional for home users but
mandatory for corporates.
Ans. Yes, it is true that for home users reporting of cyber-attacks to CERT-In is optional but is
mandatory for corporates.

Q.46) What is the full form of CERT-In or I-CERT?

Ans. Indian Computer Emergency Response Team

Q.47) Can we report a cyber security incident to CERT-In during holidays?

Ans. Yes, we can report cyber security incident to CERT-In during holidays, as CERT-In works 24
hours on all days including government and public holidays

Q.48) In case of cyber-attack, security incident and vulnerability report are to be filled and sent
to which email ID?
Ans. info@CERT-In.org.in

Q.49) What does Section 43A of IT Act states?

Ans. Section 43A of IT Act states that a corporate is liable to pay compensation if it loses
sensitive data of customer due to negligence.