Information and Security MCQ 2022

Network and Information Security MCQ

Note: The answers are marked in Red Bold.

Question 1: What does “s” on https:// at the beginning of a URL mean vs “http:// without the “S”?

  • That the site has a fast connection (s for speedy)
  • That information entered in this site is encrypted
  • That the site has just been updated
  • That the site is only accessible by people in USA

 

Question 2: What are your responsibilities for the protection of Company/Client information?

  • Protection and proper use of Company/Client information
  • Know the processes to protect Company/Client information
  • Build proper security practices into your day
  • All the above

 

Question 3: You have a project requirement document with you. A known person in the Company called you to share a copy of it for reading and project reference, are you permitted to share it?

  • Yes
  • No

 

Question 4: Which one of the following statements about a password is TRUE?

  • It must be changed only if it is compromised.
  • It cannot contain special character symbols.
  • It must be registered with the system administrator.
  • It should be changed regularly.


Question 5: Your team is working on an important deliverable and you have split the work into different modules. On the day of delivery one team member is on emergency leave, what would have been a best practice to implement to have access to information across the team members:

  • Keep passwords handy within the team
  • Use Company’s OneDrive
  • Request Project Manager to revise the deliverable schedule
  • Option 1 & 3

 

Question 6: You are going on a long leave; do you share your user credentials with the backup resource that you have trained so that they can use it in emergency:

  • Never, I will never share my user credentials
  • Yes, but I will ask not to misuse the credentials
  • I will ask to use it only when there is an issue
  • Option 2 & 3

 

Question 7: If you’re working in your company’s system/laptop and suddenly a pop-up window arises asking you to update your security application, you must ignore it.

  • True
  • False

 

Question 8: You’ve inadvertently opened a web link contained in a suspicious email and now your computer is behaving strangely. What would be your course of action?

  • No action is needed since security software is in place to block malicious code getting into my computer
  • I will update and run anti-virus software.
  • I will contact IT help desk or Information Security team.
  • Keep an eye on the performance of my computer and continue.

 

Question 9: Which of the following is a violation of Company/Client Security guidelines?

  • Sharing user login credentials
  • Posting any of the information pertaining to Client on social media
  • Sharing Client information with anybody who is not related to your project/work.
  • All the above


Question 10: You are planning a holiday to Spain. Using your smartphone, you find a nice hotel, but all the information is only in Spanish. You downloaded a free translation app into English from sources other than Apple App Store/Google Play store or Company recommended Portal. What is the biggest risk here?

  • The app might steal the data from your smartphone, which could lead to the compromise of sensitive data or other applications on the device or in the cloud.
  • The app might corrupt all the data on your smartphone
  • The app might contain viruses.
  • The app might give fraudulent information and might end-up being redirected to a fraudulent site.

 

Question 11: What is the best way to validate a legitimate email vs. a phishing email?

  • Look at the email headers to see where it really came from.
  • Look for poorly replicated logos.
  • Contact the sender on some other medium besides email to verify whether they sent you the email.
  • All the above


Question 12: Two-factor authentication works as an extra step in the security process that will

  • Reconfirm Identity of the user
  • Make attackers' life harder
  • Reduce fraud risks
  • All the above

 

Question 13: Why is it important to have a good understanding of Information Security policies and procedures?

  • Helps protect individuals from being victims of security incidents.
  • Provides an understanding of steps to follow in the event of a security incident
  • Helps to understand levels of responsibility
  • All of the above

 

Question 14: You have a highly sensitive document which you need to email to a trusted third-party. What is the safest way to send this?

  • Make sure you scan the document with your anti-virus software first.
  • Send the document from your work email account.
  • Encrypt the document first. Then send the password to the third-party using a different communication method, such as SMS.
  • Send the document using a file sharing application

 

Question 15: Which one of the following shows right treatment while handling confidential information?

  • Discussing confidential information over the telephone.
  • Disclosing confidential information only to authorized individuals.
  • Uploading confidential information to a shared web site.
  • Emailing confidential information to a colleague.

 

Question 16: When constructing a password, you should:

  • Use your family member name, sports name, pet name and add a number on the end
  • Use phrases or misspelled words with embedded numbers and special characters
  • Use sequenced letters and numbers from your keyboard
  • All the above

 

Question 17: You participate regularly in a technical discussion forum on Internet. What are the things you should do?

  • Provide company or customer confidential information in the message
  • Take prior approval from business head for the company information that you intend to share
  • Share personal solutions or technical ideas which is not relevant to ITC infotech Business
  • Option 2 & 3

 

Question 18: How can you protect your computer against viruses?

  • Make sure you have virus protection on your computer up to date
  • Do not click on the links that get delivered through the mails from unknown sources
  • Never open unsolicited attachments especially from an unknown source
  • All the above

 

Question 19: Ransomware is usually delivered in e-mails from unknown sources or by clicking on the non-reputed web sites. Which file extensions are the most dangerous in such a scenario?

  • .doc, .docx, .xls, .xlsx, .ppt, .pptx.
  • .exe, .zip, .js, .scr
  • All the above

 

Question 20: Company provided system is protected from malwares through the

  • Use of anti-virus software with frequent updates
  • Use of hard-disk encryption on laptops
  • Use of software according to license terms and agreements
  • Download programs without permission of the copyright owner or licensee.

 

Question 21: When you are using Organizational Email facility allocated to you, following actions are allowed

  • Forwarding Chain Mails
  • Use email only for business purposes
  • Use email for personal use
  • Joining mailing lists

 

Question 22: You are a big fan of country music, recently got malware on your computer by clicking on a banner advertisement from a well-known country music website. What type of attack is this an example of?

  • Trojan horse attack
  • Malvertising
  • Worm attack
  • Browser plug-in attack.

 

Question 23: is the technique used for tricking users to disclose their username and passwords through fake pages

  • Social Engineering
  • Phishing
  • Cookie Stealing
  • Banner Grabbing

                     

Question 24: Your colleague sent a chat message telling you that there is an urgent deadline to meet. He/she has forgotten the password to the client database unfortunately. What should you do to help?

  • Go to their computer terminal and login with your user credential in so they can meet their deadline.
  • Suggest to your colleague that they call IT helpdesk for a password reset link.
  • Give them your login credentials in chat message
  • Tell your login credentials in phone

 

Question 25: How do you manage Confidential files?

  • Protect it from unauthorized access
  • Keep it accessible to only authorized people
  • Mark it as Confidential Information. All rights reserved.
  • All the above

MCQ Questions with Answers 2022

 Data Protection Impact Assessment MCQs

Note: The answers are marked in Red Bold.

Question 1: What does DPIA expand as?

  • Data Privacy Impact Assessment
  • Data Protection Impact Assessment
  • Data Privacy Identification Assessment
  • Data Protection Identification Assessment


Question 2: Does GDPR distinguish between B2B and B2C?

  • Yes
  • No, it applies to both
  • May be


Question 3: Processing of personal data is done on behalf of other companies. In this case, ITC Infotech is the:

  • Data Subject
  • Data Controller
  • Data Processor
  • Third Party


Question 4: Who is responsible under the GDPR to make a notification in the event of a data breach to the supervisory authority?

  • Data Subject
  • Data Processor
  • Data Controller
  • Delivery Manager

Question 5: As part of your current project you need to upload code to customer provided code repository on cloud. Which of the following will you NOT do?

  • Inform the Delivery manager and seek advice
  • Will not upload the test data to the cloud repository.
  • Check for appropriate access to the cloud repository folder
  • Upload test data to the cloud repository


Question 6: What is a best practice while dealing with test data? Choose the best option

  • Share test data with your team members for their testing
  • Create your own test data for use and maintain versions for future testing
  • Hard code test data values in code while testing
  • Ask customer for sharing test data and Delete test data after use


Question 7: “Right to be forgotten” is a Data subject right. Which is a correct explanation of this?

  • Entitles the data subject to have the data controller erase his/ her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data
  • Entitles the data controller to keep a copy of the personal data and share the personal data with third parties only based on data subject consent
  • Entitles the data subject to erase his/ her personal data by themselves
  • None of the above


Question 8: Which of the below is true in relation to Privacy Data Breach Incident?

  • A Privacy incident is a theft of an asset
  • A privacy incident results from the loss of personal information through any means. The term encompasses both suspected and confirmed incidents involving PII that raise a reasonable risk of harm.
  • A Privacy Incident is one that may not cause serious injury or harm to the individual and/or involves a few number of affected individuals
  • None of the above


Question 9: As part of your current project you need to upload code to customer provided code repository on cloud. Which of the following will you NOT do?

  • Inform the Delivery manager and seek advice
  • Will not upload the test data to the cloud repository.
  • Check for appropriate access to the cloud repository folder
  • Upload test data to the cloud repository


Question 10: Which of the below is true in relation to Privacy Data Breach Incident?

  • A Privacy incident is a theft of an asset
  • A privacy incident results from the loss of personal information through any means. The term encompasses both suspected and confirmed incidents involving PII that raise a reasonable risk of harm.
  • A Privacy Incident is one that may not cause serious injury or harm to the individual and/or involves a few number of affected individuals
  • None of the above


Question 11: As an employee, for GDPR compliance what is needed from you? Choose the best option

  • Sign the Employee Privacy Notice and Complete the GDPR training and assessment
  • Sign the Data Privacy Policy and Employee Privacy Notice
  • Complete the GDPR training and assessment only
  • Sign the Employee Privacy Notice and Employment Candidate Notice


Question 12: What does GDPR expand as?

  • General Data Privacy Regulation
  • Global Data Protection Regulation
  • General Data Protection Regulation
  • Global Data Privacy Registration


Question 13: Which of the following statements best describes what the General Data Protection Regulation is?

  • An update on the Data Protection Act 1998 which means personal data can only legally be collected and stored by companies that are certified in accordance with the GDPR regulations
  • A legal framework aimed at companies operating online in the EU, stipulating how and when companies are able to collect personal data
  • A legal framework relating to the collection, storage and usage of personal data, which applies to any organization doing business with EU citizens
  • A legal framework relating to the collection, storage and usage of personal data, which applies to any organization based in the UK or doing business with UK citizens


Question 14: In case of a data breach, GDPR requires the notification to be sent to authorities within?

  • 72 hours
  • 42 hours
  • 24 hours
  • 8 hours


Question 15: What are the penalties levied for non-compliance to GDPR for organizations?

  • Higher of EUR 20,000,000 or up to 4% of the worldwide annual turnover
  • Higher of EUR 20,000,000 or up to 2% of the worldwide annual turnover
  • Higher of EUR 40,000,000 or up to 2% of the worldwide annual turnover
  • Higher of EUR 40,000,000 or up to 4% of the worldwide annual turnover


Question 16: What are the types of personal data as defined under GDPR?

  • Personally Identifiable Information.
  • Special Categories of personal data.
  • Personally Identifiable Information & Special Categories of personal data.
  • Sensitive data.


Question 17: GDPR applies to?

  • People of all geographies
  • Every entity that holds or uses European personal data both inside and outside Europe.
  • American entities holding or using Personal Data
  • European entities that holds or uses European personal data both inside and outside Europe.


Question 18: In which scenarios, processing is done in the capacity of data controller?

  • Processing of ITC Infotech employee’s data
  • Processing of ITC Infotech employee's dependent's data
  • Processing of ITC Infotech customer’s data


Question 19: In which scenarios, processing is done in the capacity of data processor?

  • Processing of the employee’s data
  • Processing of the employee's dependent's data
  • Processing of the customer’s data


Question 20: Under the General Data Protection Regulation (GDPR), ‘sensitive personal data’ is referred to as ‘special categories of personal data’. Processing of special categories of personal data is subject to stricter conditions under the GDPR. Which of the following is not an example of a special category of personal data?

  • Ethnicity
  • Religious beliefs
  • Biometric information
  • Date of Birth


Question 21: Which data are NOT considered ‘personal data' under the GDPR?

  • Name
  • Date of Birth
  • Phone number
  • Ethnicity


Question 22: Which of the following is available on the company’s website?

  • Data Privacy Policy
  • Employee Privacy Notice
  • Employment candidate Privacy Notice
  • Website Privacy Policy

A 2022 Guide to Companies Act 2013

Companies Act 2013: While forming a company, there are several questions which a promoter have in his mind: How to establish a company? How the company get regulated? What is the wind-up process for the company? Well, all these questions are answered by the Companies Act 2013.

The Government of India formed Companies Act 2013 on Indian company law which regulates:

  1. Establishment of a company,
  2. Duties & responsibilities of a company,
  3. Directors’ role,
  4. Dismissal of a company

Historically, the act came into full force in 1956, but several amendments amended according to the requirements under Provisions of the Companies Act 2013. The Indian Parliament recently passed The Companies (Amendment) Bill in the year 2020.

Provisions of the Companies Act 2013

It allows relevant provisions to ensure timely compliance by the companies.

Resolution for borrowing more than paid-up capital:  Section 180 of the Act regulates non-borrowing of above paid-up capital. In case of any requirement, it has to be approved by a special resolution. The same applies to a private company.

Associate Company: Section 2 (6) does not allow the associate company as a stakeholder of more than 20% of the total share capital in the host company. Section 2 (76) asks for disclosure or approval if the business is, to begin with, the associate company.

Private Company: Section 2 (68) allows to have a maximum of 200 persons and not to accept deposits from the general public. However, subsection 76 permits the public company to raise funds from the general public.

Experts: According to Section 2 (38), an expert is a person who has the authority to issue a certificate, for example, Company Secretary. Furthermore, the company is liable to pay for damages if any stakeholder claims it from the expert under the act.

The above mentioned are the most important provisions of the Companies Act 2013 under the Companies Act 2013 applied on 12th September 2013.

What is Management? Is Management Art or Science? What is Future Value of Money?

Question: What is management?

Answer: Management is a process of utilizing business resources to achieve the organizational goals effectively and efficiently. It consists of human, financial, physical, and information resources.

Question: Is management art or science?

Answer: Management is both art and science. There are several principles to prove management as art and science.

Management as Science

Management behaves as Science in several parameters that contain general facts which explain a phenomenon. Moreover, management principles developed through the scientific method of observation and verification through testing.

The identical features of management and science are:

  1. Universally acceptance principles: Management principles can be applied universally.
  2. Experimentation & Observation: The principles are based on logics.
  3. Cause & Effect Relationship: It can have “cause and effect” relationship between various variables.
  4. Test of Validity & Predictability: The principles can be tested several times.

Management as Art

Management acts as an Art by application of knowledge & skill to trying about desired results. The definition of art is the application of general theoretical principles to attain optimum results.

The identical features of management and art are:

  1. Practical Knowledge: There is practical application of theoretical principles.
  2. Personal Skill: Each one has its own style of work.
  3. Creativity: It is a combination of human & non-human resources to obtain optimum results.
  4. Perfection through practice: Application of management principles can train managers to become perfect in their jobs.
  5. Goal-Oriented: Accomplishment of desired goals through various resources.
  6. Work by effectively: Handle every problem of organization in every environment.

Management as Art & Science

Yes, management indeed beholds the characteristics of both art and science. There is an old saying: “Managers are born”, which is regarded as outdated as a new expression has come into existence: “Managers are Made”. Many management scholars admit that management is the oldest of art and the youngest of science.

Question: Explain forecasting with help of an example?

Answer: Forecasting is a technique used to generate predictions from the past and present data for the future. Everyone uses forecasting according to their requirements. Several businesses use it to set a limit for budgets and anticipated expenses to incur in the future. Forecasting acts as a relevant benchmark for businesses, which need a long-term perspective of operations. Furthermore, investors utilize it to check several events surrounding a company; for example, how much sales would this company make? What are the expansion plans of this company? So, forecasting assists the investor in deciding whether they want to stay invested in the company or not.

Example of forecasting

Forecasting is helpful when a manufacturer decides the appropriate time to purchase raw material for the production team. The manufacturer has two choices in this situation: he can buy the raw material and store it, or buy the raw material when there is an actual requirement of it.

Forecasting has two approaches:

Qualitative Models: These models are for short-term predictions, where the scope of the forecast has a limit. This approach requires precision as it is based on the market with an informed consensus, so it is developed by experts. It assists in generating predictive results for the short-term of companies, products, and services. The main setback of this approach is its reliance on opinion over measurable data.

Qualitative models include:

  1. Market Research
  2. Delphi Method

Quantitative Models: These models do not include expert opinions; and are used for long term planning, such as months or years. It is majorly used in predicting variables such as sales, gross domestic product, housing prices, and share price, etc.

Quantitative models include:

  1. The Indicator Approach
  2. Econometric Modelling
  3. Time Series

Question: Time Value of Money with example

The time value of money dictates that money received today has more value than money received in the future due to its potential earning capacity. Furthermore, this concept holds that provided money can earn interest; any amount of money is worth more the sooner it is received. In simpler terms, your yesterday money was more valuable than today, and your today money is more valuable than tomorrow.

Quick Fact: The other name of Time Value of Money is Present Discounted Value.

For example, you have two options with you. The first option is to receive Rs 10,000 now and the other option is to receive Rs 10,000 in two years. A rational mind would go with receiving Rs 10,000 now, because it has more value, and you can earn more interest on it by investing it.

Question: Future Value of Money with example

Future Value of Money is a projection of the value of an asset at a particular date. It is based on an assumed rate of growth. It is relevant for investors and financial planners as they are pertinent stakeholders in the company. They want to know the real value of the asset at a specified date. And then make sound investment decisions based on their anticipated requirements. However, inflation can adversely deteriorate the future value of the asset by eroding its value.

For example, the money accumulated in a savings account with a fixed interest rate enables to calculate the future value accurately. However, money invested in share prices with the volatile rate of return can present greater difficulty.