Cyber crime and fraud management recollected on 28.12.2019
Recollected questions:
Cyber crimes are handled by which orgnanisation in india
Type 1 crime
Preventive control
Detective control
Detterant control
Logical control
Sections and their fine with imprisonment in years
Committes of it security ,it governance, it controls
Netra by which organisation
Fast flux
Stux net
Phising
Shoulder surfing
Digital signature
Oldest agency in india
Few questions on cert in
Passive attack
Active attack
Direct attack
In direct attack
Logic bomb
Zeus
India own operating system boss in under whom
Confidentiality
Availability
Integrity
Conventional crime
Cyber crime
Same features of conv and cyber crime
Tailgating
imp topics are 1differences between viruses and worm
2 it act
3 different types of cyber crimes
4 various types of cards
5 gate way payment
6 prevention and detection control
7 pss act
8 2 tier authentication
9 passive and active attacks
mostly questions from 2 and 3 and 4...units
Cyber terrorism
1. Who Coordinates with Interpol in India ? - CBI
2. Which department was designated as Nodal Agency for Cyber Crime prevention - CERT-IN
3. What is the difference between Virus and Worm - Virus need human intervention to activate or multiply whereas worm automatically get multiplied
4. Worms are mainly used by hackers to - Occupy more space in the system/heavy usage of bandwidth in the network
5. One of the employee carefully watching the password entered by the Manager. What type of threat it is - Shoulder Surfing
6. Leaving a Logged in Computer by an employee - is human negligence
7. Hackers scans the computer pre attack to identify - Vulnerability in the system
8. Hackers inject worms/virus into the network to reach the target system and it - exploits the Vulnerability
9. Non updation of antivirus is - one of the major vunerability
10. One customer recieved a call in his mobile phone and the person posing himself as a bank manager collected the card credentials from him.This type is called - Phising
11. Online Banking sites are borne to what risk - Phising/IP spoofing
12. Data transfer between systems vide Network can be secured by - PKI
13. Customers can make sure that they deal with the authenticated website - by checking the Lock icon near the address bar
14.In https, S denotes - Secured/Security
15.This kind of worms directly attacks the root directory - Rootkits
16. This worms are really hard to detuct and delete - Rootkits
17. The compromised systems in the network are commonly termes as - Zombies
18. Customer security credentials were compromised by way of fraudulent SMS is called - smishing
19. The employees who try to hack their own company's site/find the vulnerabilities are called - White hat hackers
20.DDos - Distributed Denial of Service
21.Ransomware which blocks the access to the website demanding ransom for the same is - Denial of Service attack
22. Using same method for both encryption and decryption is called - symmetric encryption
23. Providing Last Login detail in Internet banking site is to - to detect any unauthorised usage earlier
24.Limits for retrying the passwords is - to avoid the unauthorised access
25. To safeguard from the Key Loggers attack - Use Virtual Key board to enter passwords
26.UTM stands for - Unified Threat Management
27.Setting up smoke detectors in the branch is - Detective Method
28.Placing Security guard in system room to avoid - Physical damage/attack on systems
29. Following the authorised person to enter into system room and making entry into the room is - Tailgatting
30.Dumbster Driving is a method - Searching for vulnerability in deleted files and data
31.FIrewall is - Intrusion Detection System
32.Authentication of electronic data/document can be assertained by - Digital Signature
33. When two or more persons illegally tries to enter into a critical room with single id/same id - Masquerading
34.Detection is normally - Post incedent
35. Post incident study mainly for the purpose of - study the impact of the attack and lessons for future prevention
36. Indian Agency working on Digital Forensics and Cyber security - C-DAC
37. OLTP refers to - On line Transaction Processing
38. OLTP is also termed as - Payment Gateway
39. Payment Gateway the Acquiring Bank to - Issuing bank through the Card Scheme to complete the transaction
40.Security Concerns arise in Payment Gateways are - At the User Level, Bank level and Merchant POS
41. Credit Card data theft through POS is falls under - Merchant PoS Security
42.Data encrypted using Private key can be decrypted by the public key available with - the Receiver
43. Cross verifying the Signature on the Slip against the Signature in the back side of the ATM card is doen by - the Merchant
44.Data should be secured in the following stages - Saved, Transit and Retrival
45.Intruder software in a network which attacks the data while in trnasit and thus commits data theft - Man in the Middle Attack
46. Captures a widows sessio for the purpose of data theft before it reaches the recipient is - Session Hijacking
47. Limits set for retrying of password is to avoid - Brute Force attack
48. ISSP stands for - Information System Security Policy
49.ICANN stands for - International Corporation for Assigned Names and Numbers
50.TLD stands for - Top Level Domain
51.Globally recognized set of rules defined for electronic records is - e-UCP
52.Technique used to redirect traffic from the infected device is called - Sinkholding
53. The technique which can intercept unencrypted data transit of mobile apps is called - Wi FI Snifing
54. This is one type of malware which doesnot affect the system/network - Ad-ware
55. This usually comes as a Pop up/add on screen which carries link for dubious websites - Ad-ware
56.EMV cards follow standard of - ISO/IEC No 7816
57. EMV cards follow this standard for Contactless card - ISO/IEC 14443
58. NFC is the technique used in contactless cards - Near Field Communication
59.PCI - DSS stands for - Plastic Card Industries - Data Security Standards
60. NFC cards works under - RFID Technology
61. Providing Access controls to employess based on roles/need is - Risk based Authentication
62. Seeking PIN to complete a transaction in PoS is - 2FA
63.SSL - Secure Socket Layering
64.SSL ensures - Encrypted link between a web server and a browser
65. Sending annoying messages to a person causing irritation/nuisance - Cyber Stalking
66. Black mailing a person using Computer/or network is - Cyber Extortion
67. Ransomware is type of - Cyber Extortion
68. Disputes on Domain names and protest are redressed globally by - UDRP
69. Phising/Vishing is type of - Cyber Cheating
70. Group of people attacks a Computer/ group of computers for propagating a objective - Cyber Terrorists
71. Hackers with common interest attack rival government's department site and database are - Cyber terrorists
72. ____ refers to the quality of secrecy associated with the data and the state of keeping an information asset secret - Confidentiality
73.____ refers to the state of remaining in the same format and not allowing for any tampering/manipulation - Integrity
74. ____ refers to the state o confirmation that the user has the authority to issue the command to the system - Authorisation
75. Quality of non denial, the stake holders are not permitted to denythe particular act of doing the act is - Non-repudiation
76. CAPTCHA refers to - Completely Automated Public Turing test to Tell Computers and Humans Apart
77. Placing letters in different sizes and styles which is hard to read by systems/robots is called - CAPTCHA
78. _______ is an important component for study and analysis to under the modus operandi of a Cyber Attack - Threat Vector
79. In cyber Crime, Threat landscape is denoted as - Study of entire overview of the network which was attacked
80. Conventional Crimes are - Physical crimes that involve thet of systems and hardware devices
81.Cyber Crimes are - System Crimes that involves data theft or tampering
82.Insider Attack Threat is - attack on the system/network by own employee without any permission/authentication
83.______ is the most dangerous attack in cyber crimes - Insider Attack
84. An employee copied and sold the sensitive information to a competitor concern is an example of - Insider Attack
85. Hackers scan the port/system and develop worm or codes to attack the same based on this - Vulnerability
86. ____ doesnot wait for any executable file to run for getting activated in the target system - Worm
87.____ refers to small piece of programs injected into the target system to spy on the activities - Spyware
88. Drones are classified as - Spying Devices
89. UAV stands for - Unmanned Aerial Vehicle
90. Most of the UAV used by the polic/defence authorities for - Survelliance purposes
91.The persons who are hired by companies to hack their own website/to identify the Vulnerability are - Blue Hat Hackers
92. System of effectively taking care of URL filterig, web-filtering, anti-virus, as all in one solution is referred as - Unified Threat Management
93. Force Log out option in Internet banking after certain time of Idleness is to guard the system against - Session Hijacking
94. Installing anti virus into the system is - Preventive Method
95.A statement used to create, alter, drop objects in a database is called - Data Definition Language
96. Fault Detection, isolation nad recovery are closely associated wiht - Detection Control
97. Installing Bio Metric devices to check unauthorised entry is - Physical Control
98. Unless properly logged, straightaway accessing the database through a SQL is termed as - Back end Access
99.IT Act 2008 describes the activity of hacking as a criminal activity in section no 66
100. IT Act 2000 came in force on - 17 October 2000
101. IT Amendment Act came into force on - 27 October 2009
101. IT Act consists of - 13 Chapters and 90 Sections
102. The Section which deals with cyber crimes as civil offence - Section 43
103. The Section deals with cyber crimes as Criminal Offences - Section 66
104. IT Amendment Act included the following which is not in the IT Act 2000 - Electronic Signature
105. Electronic Signature has been dealt in - Section 15
106. Under Section 43A, if any body corporate handling any sensitive personal data is negligent in implementing and maintaining reasonable security the compensation may go upto - five crore rupees
107. Under Section 43, if one found guilty on Data theft/alters/destroys the same the penalty/compensation may go upto - One Crore rupees
108. Tampering with Computer Source Documents - Section 65
109. Punishment under Section 65 may go upto - Three years imprisonment and extend upto Two Lakhs Fine
110. Computer Related offences which were dealt under section 43 can also be dealt as criminal offence under section - 66
111. Punishment under Section 66 may go upto - two three years and/or fine upto five lakhs rupees
112. Crime of Cyber Stalking ( sending electronic messages for the purpose of causing annoyance/inconvenience/decieve/mislead the recipient) may lead to - two three years imprisonment
113. Identity Theft is dealt under Section - 66c
114. Punishment of Identity Theft - may extend to three years term and/or fine upto One lakhs rupees
115. Puishment for Cyber Cheating - may extend to three years term and/or fine upto One lakhs rupees
116. Cyber Cheating is dealt under - Section 66D
117. Punishment for Cyber Terrorism may extend upto - Life time Imprisonment
118. Cyber Terrorism is dealt under - Section 66F
119. Publishing obscene material in electronic form dealt under - Section 67
120. Punishment under Section 67 may extend upto - two three years term and/or five lakhs fine
121. Punishment for Sudsequent conviction of the same crime under section 67 is - 5 years term and/or ten lakhs rupees fine
122. Sexually explicit content in electronic form dealt under - Section 67A
123. Punishment under Section 67A is - Five years term with fine
124.Punishment for Sudsequent conviction of the same crime under section 67A is - 7 years term and/or ten lakhs rupees fine
125. CERT-IN has been designated as Nodal agency for Critical Information Infrastructure Protection under Section - 70B
126. Mispresentation/Suppression of material Fact dealt under - Section 71
127. Penalty under Section 71 - Two years term and/or fine upto One lakh rupees
128. Breach of confidentiality and Privacy dealt under Section - 72
129. Analysing the style of writing or the langauage style for the purpose of Crime Investigation is - Stylometry
130. RBI issues licenses for Payment Banks in India based on approval from - BPSS
131. NTRO stands for - National Technical Research Organisation
132. Netra, the light weight UAV was developed by - DRDO
133.NCIIPC stands for - National Critical Information Infrastructure Protection Centre
134. DSCI - Data Security Council of India
135. Digital Forensic tools used by our Police Department were developed by - C-DAC
136. C-DAC stands for - Centre for Development of ADvanced Computig
137. NTRO works under - Prime Minister's Office
138. Two acts which are mainly handled by ED - FEMA and PMLA
139. Money laundering using banking systems/Internet banking is - Conventional Crime
140. Obtaining an IP address similar to some other and demanding a ransom for forego the same is - Cyber Squatting
141. Data Protection while in transit using non repudiation techniques can be achieved through - Public Key Infrastructure
142. Card Skimming is a technique mostly used th steal the card details and it mostly placed on - ATM manchines
143. Card Skimming Data Theft can be avoided using - Contactless Cards/NFC Cards
144. To avoid the Card Credentials in Online sites these cards were introduced - Virtual Cards
145. Smart Cards which are loaded with Money prior to issue is called - Prepaid Cards
146. Virtual Cards normally comes with a validity of - 24 hours to 48 hours
147. Maximum loading permitted in a Prepaid as per RBI instruction is - 50000/-
148. Hackers try to capture the login credentials by analysing the keys pressed in the Key boards. the worms captures such data is called as - Key Loggers
149. By clicking unauthenticated link, customers may diverted to fake websites to capture the sensitive personal. This is type of - Website spoofing/IP Spoofing
150. Ad wares are used not to harm the computers but to - make a catch by making the user to click on the dubious link to fake websites
