Cyber fraud and management:: preventions
1.
Who Coordinates with Interpol in India ? - CBI
2. Which department was designated as Nodal Agency for Cyber Crime prevention - CERT-IN
3. What is the difference between Virus and Worm - Virus need human intervention to activate or multiply whereas worm automatically get multiplied
4. Worms are mainly used by hackers to - Occupy more space in the system/heavy usage of bandwidth in the network
5. One of the employee carefully watching the password entered by the Manager. What type of threat it is - Shoulder Surfing
6. Leaving a Logged in Computer by an employee - is human negligence
7. Hackers scans the computer pre attack to identify - Vulnerability in the system
8. Hackers inject worms/virus into the network to reach the target system and it - exploits the Vulnerability
9. Non updation of antivirus is - one of the major vunerability
10. One customer recieved a call in his mobile phone and the person posing himself as a bank manager collected the card credentials from him.This type is called - Phising
11. Online Banking sites are borne to what risk - Phising/IP spoofing
12. Data transfer between systems vide Network can be secured by - PKI
13. Customers can make sure that they deal with the authenticated website - by checking the Lock icon near the address bar
14.In https, S denotes - Secured/Security
15.This kind of worms directly attacks the root directory - Rootkits
16. This worms are really hard to detuct and delete - Rootkits
17. The compromised systems in the network are commonly termes as - Zombies
18. Customer security credentials were compromised by way of fraudulent SMS is called - smishing
19. The employees who try to hack their own company's site/find the vulnerabilities are called - White hat hackers
20.DDos - Distributed Denial of Service
21.Ransomware which blocks the access to the website demanding ransom for the same is - Denial of Service attack
22. Using same method for both encryption and decryption is called - symmetric encryption
23. Providing Last Login detail in Internet banking site is to - to detect any unauthorised usage earlier
24.Limits for retrying the passwords is - to avoid the unauthorised access
25. To safeguard from the Key Loggers attack - Use Virtual Key board to enter passwords
26.UTM stands for - Unified Threat Management
27.Setting up smoke detectors in the branch is - Detective Method
28.Placing Security guard in system room to avoid - Physical damage/attack on systems
29. Following the authorised person to enter into system room and making entry into the room is - Tailgatting
30.Dumbster Driving is a method - Searching for vulnerability in deleted files and data
31.FIrewall is - Intrusion Detection System
32.Authentication of electronic data/document can be assertained by - Digital Signature
33. When two or more persons illegally tries to enter into a critical room with single id/same id - Masquerading
34.Detection is normally - Post incedent
35. Post incident study mainly for the purpose of - study the impact of the attack and lessons for future prevention
36. Indian Agency working on Digital Forensics and Cyber security - C-DAC
37. OLTP refers to - On line Transaction Processing
38. OLTP is also termed as - Payment Gateway
39. Payment Gateway the Acquiring Bank to - Issuing bank through the Card Scheme to complete the transaction
40.Security Concerns arise in Payment Gateways are - At the User Level, Bank level and Merchant POS
41. Credit Card data theft through POS is falls under - Merchant PoS Security
42.Data encrypted using Private key can be decrypted by the public key available with - the Receiver
43. Cross verifying the Signature on the Slip against the Signature in the back side of the ATM card is doen by - the Merchant
44.Data should be secured in the following stages - Saved, Transit and Retrival
45.Intruder software in a network which attacks the data while in trnasit and thus commits data theft - Man in the Middle Attack
46. Captures a widows sessio for the purpose of data theft before it reaches the recipient is - Session Hijacking
47. Limits set for retrying of password is to avoid - Brute Force attack
48. ISSP stands for - Information System Security Policy
49.ICANN stands for - International Corporation for Assigned Names and Numbers
50.TLD stands for - Top Level Domain
51.Globally recognized set of rules defined for electronic records is - e-UCP
52.Technique used to redirect traffic from the infected device is called - Sinkholding
53. The technique which can intercept unencrypted data transit of mobile apps is called - Wi FI Snifing
54. This is one type of malware which doesnot affect the system/network - Ad-ware
55. This usually comes as a Pop up/add on screen which carries link for dubious websites - Ad-ware
56.EMV cards follow standard of - ISO/IEC No 7816
57. EMV cards follow this standard for Contactless card - ISO/IEC 14443
58. NFC is the technique used in contactless cards - Near Field Communication
59.PCI - DSS stands for - Plastic Card Industries - Data Security Standards
60. NFC cards works under - RFID Technology
61. Providing Access controls to employess based on roles/need is - Risk based Authentication
62. Seeking PIN to complete a transaction in PoS is - 2FA
63.SSL - Secure Socket Layering
64.SSL ensures - Encrypted link between a web server and a browser
65. Sending annoying messages to a person causing irritation/nuisance - Cyber Stalking
66. Black mailing a person using Computer/or network is - Cyber Extortion
67. Ransomware is type of - Cyber Extortion
68. Disputes on Domain names and protest are redressed globally by - UDRP
69. Phising/Vishing is type of - Cyber Cheating
70. Group of people attacks a Computer/ group of computers for propagating a objective - Cyber Terrorists
71. Hackers with common interest attack rival government's department site and database are - Cyber terrorists
72. ____ refers to the quality of secrecy associated with the data and the state of keeping an information asset secret - Confidentiality
73.____ refers to the state of remaining in the same format and not allowing for any tampering/manipulation - Integrity
74. ____ refers to the state o confirmation that the user has the authority to issue the command to the system - Authorisation
75. Quality of non denial, the stake holders are not permitted to denythe particular act of doing the act is - Non-repudiation
76. CAPTCHA refers to - Completely Automated Public Turing test to Tell Computers and Humans Apart
77. Placing letters in different sizes and styles which is hard to read by systems/robots is called - CAPTCHA
78. _______ is an important component for study and analysis to under the modus operandi of a Cyber Attack - Threat Vector
79. In cyber Crime, Threat landscape is denoted as - Study of entire overview of the network which was attacked
80. Conventional Crimes are - Physical crimes that involve thet of systems and hardware devices
81.Cyber Crimes are - System Crimes that involves data theft or tampering
82.Insider Attack Threat is - attack on the system/network by own employee without any permission/authentication
83.______ is the most dangerous attack in cyber crimes - Insider Attack
84. An employee copied and sold the sensitive information to a competitor concern is an example of - Insider Attack
85. Hackers scan the port/system and develop worm or codes to attack the same based on this - Vulnerability
86. ____ doesnot wait for any executable file to run for getting activated in the target system - Worm
87.____ refers to small piece of programs injected into the target system to spy on the activities - Spyware
88. Drones are classified as - Spying Devices
89. UAV stands for - Unmanned Aerial Vehicle
90. Most of the UAV used by the polic/defence authorities for - Survelliance purposes
91.The persons who are hired by companies to hack their own website/to identify the Vulnerability are - Blue Hat Hackers
92. System of effectively taking care of URL filterig, web-filtering, anti-virus, as all in one solution is referred as - Unified Threat Management
93. Force Log out option in Internet banking after certain time of Idleness is to guard the system against - Session Hijacking
94. Installing anti virus into the system is - Preventive Method
95.A statement used to create, alter, drop objects in a database is called - Data Definition Language
96. Fault Detection, isolation nad recovery are closely associated wiht - Detection Control
97. Installing Bio Metric devices to check unauthorised entry is - Physical Control
98. Unless properly logged, straightaway accessing the database through a SQL is termed as - Back end Access
99.IT Act 2008 describes the activity of hacking as a criminal activity in section no 66
100. IT Act 2000 came in force on - 17 October 2000
101. IT Amendment Act came into force on - 27 October 2009
101. IT Act consists of - 13 Chapters and 90 Sections
102. The Section which deals with cyber crimes as civil offence - Section 43
103. The Section deals with cyber crimes as Criminal Offences - Section 66
104. IT Amendment Act included the following which is not in the IT Act 2000 - Electronic Signature
105. Electronic Signature has been dealt in - Section 15
106. Under Section 43A, if any body corporate handling any sensitive personal data is negligent in implementing and maintaining reasonable security the compensation may go upto - five crore rupees
107. Under Section 43, if one found guilty on Data theft/alters/destroys the same the penalty/compensation may go upto - One Crore rupees
108. Tampering with Computer Source Documents - Section 65
109. Punishment under Section 65 may go upto - Three years imprisonment and extend upto Two Lakhs Fine
110. Computer Related offences which were dealt under section 43 can also be dealt as criminal offence under section - 66
111. Punishment under Section 66 may go upto - two three years and/or fine upto five lakhs rupees
112. Crime of Cyber Stalking ( sending electronic messages for the purpose of causing annoyance/inconvenience/decieve/mislead the recipient) may lead to - two three years imprisonment
113. Identity Theft is dealt under Section - 66c
114. Punishment of Identity Theft - may extend to three years term and/or fine upto One lakhs rupees
115. Puishment for Cyber Cheating - may extend to three years term and/or fine upto One lakhs rupees
116. Cyber Cheating is dealt under - Section 66D
117. Punishment for Cyber Terrorism may extend upto - Life time Imprisonment
118. Cyber Terrorism is dealt under - Section 66F
119. Publishing obscene material in electronic form dealt under - Section 67
120. Punishment under Section 67 may extend upto - two three years term and/or five lakhs fine
121. Punishment for Sudsequent conviction of the same crime under section 67 is - 5 years term and/or ten lakhs rupees fine
122. Sexually explicit content in electronic form dealt under - Section 67A
123. Punishment under Section 67A is - Five years term with fine
124.Punishment for Sudsequent conviction of the same crime under section 67A is - 7 years term and/or ten lakhs rupees fine
125. CERT-IN has been designated as Nodal agency for Critical Information Infrastructure Protection under Section - 70B
126. Mispresentation/Suppression of material Fact dealt under - Section 71
127. Penalty under Section 71 - Two years term and/or fine upto One lakh rupees
128. Breach of confidentiality and Privacy dealt under Section - 72
129. Analysing the style of writing or the langauage style for the purpose of Crime Investigation is - Stylometry
130. RBI issues licenses for Payment Banks in India based on approval from - BPSS
131. NTRO stands for - National Technical Research Organisation
132. Netra, the light weight UAV was developed by - DRDO
133.NCIIPC stands for - National Critical Information Infrastructure Protection Centre
134. DSCI - Data Security Council of India
135. Digital Forensic tools used by our Police Department were developed by - C-DAC
136. C-DAC stands for - Centre for Development of ADvanced Computig
137. NTRO works under - Prime Minister's Office
138. Two acts which are mainly handled by ED - FEMA and PMLA
139. Money laundering using banking systems/Internet banking is - Conventional Crime
140. Obtaining an IP address similar to some other and demanding a ransom for forego the same is - Cyber Squatting
141. Data Protection while in transit using non repudiation techniques can be achieved through - Public Key Infrastructure
142. Card Skimming is a technique mostly used th steal the card details and it mostly placed on - ATM manchines
143. Card Skimming Data Theft can be avoided using - Contactless Cards/NFC Cards
144. To avoid the Card Credentials in Online sites these cards were introduced - Virtual Cards
145. Smart Cards which are loaded with Money prior to issue is called - Prepaid Cards
146. Virtual Cards normally comes with a validity of - 24 hours to 48 hours
147. Maximum loading permitted in a Prepaid as per RBI instruction is - 50000/-
148. Hackers try to capture the login credentials by analysing the keys pressed in the Key boards. the worms captures such data is called as - Key Loggers
149. By clicking unauthenticated link, customers may diverted to fake websites to capture the sensitive personal. This is type of - Website spoofing/IP Spoofing
150. Ad wares are used not to harm the computers but to - make a catch by making the user to click on the dubious link to fake websites
2. Which department was designated as Nodal Agency for Cyber Crime prevention - CERT-IN
3. What is the difference between Virus and Worm - Virus need human intervention to activate or multiply whereas worm automatically get multiplied
4. Worms are mainly used by hackers to - Occupy more space in the system/heavy usage of bandwidth in the network
5. One of the employee carefully watching the password entered by the Manager. What type of threat it is - Shoulder Surfing
6. Leaving a Logged in Computer by an employee - is human negligence
7. Hackers scans the computer pre attack to identify - Vulnerability in the system
8. Hackers inject worms/virus into the network to reach the target system and it - exploits the Vulnerability
9. Non updation of antivirus is - one of the major vunerability
10. One customer recieved a call in his mobile phone and the person posing himself as a bank manager collected the card credentials from him.This type is called - Phising
11. Online Banking sites are borne to what risk - Phising/IP spoofing
12. Data transfer between systems vide Network can be secured by - PKI
13. Customers can make sure that they deal with the authenticated website - by checking the Lock icon near the address bar
14.In https, S denotes - Secured/Security
15.This kind of worms directly attacks the root directory - Rootkits
16. This worms are really hard to detuct and delete - Rootkits
17. The compromised systems in the network are commonly termes as - Zombies
18. Customer security credentials were compromised by way of fraudulent SMS is called - smishing
19. The employees who try to hack their own company's site/find the vulnerabilities are called - White hat hackers
20.DDos - Distributed Denial of Service
21.Ransomware which blocks the access to the website demanding ransom for the same is - Denial of Service attack
22. Using same method for both encryption and decryption is called - symmetric encryption
23. Providing Last Login detail in Internet banking site is to - to detect any unauthorised usage earlier
24.Limits for retrying the passwords is - to avoid the unauthorised access
25. To safeguard from the Key Loggers attack - Use Virtual Key board to enter passwords
26.UTM stands for - Unified Threat Management
27.Setting up smoke detectors in the branch is - Detective Method
28.Placing Security guard in system room to avoid - Physical damage/attack on systems
29. Following the authorised person to enter into system room and making entry into the room is - Tailgatting
30.Dumbster Driving is a method - Searching for vulnerability in deleted files and data
31.FIrewall is - Intrusion Detection System
32.Authentication of electronic data/document can be assertained by - Digital Signature
33. When two or more persons illegally tries to enter into a critical room with single id/same id - Masquerading
34.Detection is normally - Post incedent
35. Post incident study mainly for the purpose of - study the impact of the attack and lessons for future prevention
36. Indian Agency working on Digital Forensics and Cyber security - C-DAC
37. OLTP refers to - On line Transaction Processing
38. OLTP is also termed as - Payment Gateway
39. Payment Gateway the Acquiring Bank to - Issuing bank through the Card Scheme to complete the transaction
40.Security Concerns arise in Payment Gateways are - At the User Level, Bank level and Merchant POS
41. Credit Card data theft through POS is falls under - Merchant PoS Security
42.Data encrypted using Private key can be decrypted by the public key available with - the Receiver
43. Cross verifying the Signature on the Slip against the Signature in the back side of the ATM card is doen by - the Merchant
44.Data should be secured in the following stages - Saved, Transit and Retrival
45.Intruder software in a network which attacks the data while in trnasit and thus commits data theft - Man in the Middle Attack
46. Captures a widows sessio for the purpose of data theft before it reaches the recipient is - Session Hijacking
47. Limits set for retrying of password is to avoid - Brute Force attack
48. ISSP stands for - Information System Security Policy
49.ICANN stands for - International Corporation for Assigned Names and Numbers
50.TLD stands for - Top Level Domain
51.Globally recognized set of rules defined for electronic records is - e-UCP
52.Technique used to redirect traffic from the infected device is called - Sinkholding
53. The technique which can intercept unencrypted data transit of mobile apps is called - Wi FI Snifing
54. This is one type of malware which doesnot affect the system/network - Ad-ware
55. This usually comes as a Pop up/add on screen which carries link for dubious websites - Ad-ware
56.EMV cards follow standard of - ISO/IEC No 7816
57. EMV cards follow this standard for Contactless card - ISO/IEC 14443
58. NFC is the technique used in contactless cards - Near Field Communication
59.PCI - DSS stands for - Plastic Card Industries - Data Security Standards
60. NFC cards works under - RFID Technology
61. Providing Access controls to employess based on roles/need is - Risk based Authentication
62. Seeking PIN to complete a transaction in PoS is - 2FA
63.SSL - Secure Socket Layering
64.SSL ensures - Encrypted link between a web server and a browser
65. Sending annoying messages to a person causing irritation/nuisance - Cyber Stalking
66. Black mailing a person using Computer/or network is - Cyber Extortion
67. Ransomware is type of - Cyber Extortion
68. Disputes on Domain names and protest are redressed globally by - UDRP
69. Phising/Vishing is type of - Cyber Cheating
70. Group of people attacks a Computer/ group of computers for propagating a objective - Cyber Terrorists
71. Hackers with common interest attack rival government's department site and database are - Cyber terrorists
72. ____ refers to the quality of secrecy associated with the data and the state of keeping an information asset secret - Confidentiality
73.____ refers to the state of remaining in the same format and not allowing for any tampering/manipulation - Integrity
74. ____ refers to the state o confirmation that the user has the authority to issue the command to the system - Authorisation
75. Quality of non denial, the stake holders are not permitted to denythe particular act of doing the act is - Non-repudiation
76. CAPTCHA refers to - Completely Automated Public Turing test to Tell Computers and Humans Apart
77. Placing letters in different sizes and styles which is hard to read by systems/robots is called - CAPTCHA
78. _______ is an important component for study and analysis to under the modus operandi of a Cyber Attack - Threat Vector
79. In cyber Crime, Threat landscape is denoted as - Study of entire overview of the network which was attacked
80. Conventional Crimes are - Physical crimes that involve thet of systems and hardware devices
81.Cyber Crimes are - System Crimes that involves data theft or tampering
82.Insider Attack Threat is - attack on the system/network by own employee without any permission/authentication
83.______ is the most dangerous attack in cyber crimes - Insider Attack
84. An employee copied and sold the sensitive information to a competitor concern is an example of - Insider Attack
85. Hackers scan the port/system and develop worm or codes to attack the same based on this - Vulnerability
86. ____ doesnot wait for any executable file to run for getting activated in the target system - Worm
87.____ refers to small piece of programs injected into the target system to spy on the activities - Spyware
88. Drones are classified as - Spying Devices
89. UAV stands for - Unmanned Aerial Vehicle
90. Most of the UAV used by the polic/defence authorities for - Survelliance purposes
91.The persons who are hired by companies to hack their own website/to identify the Vulnerability are - Blue Hat Hackers
92. System of effectively taking care of URL filterig, web-filtering, anti-virus, as all in one solution is referred as - Unified Threat Management
93. Force Log out option in Internet banking after certain time of Idleness is to guard the system against - Session Hijacking
94. Installing anti virus into the system is - Preventive Method
95.A statement used to create, alter, drop objects in a database is called - Data Definition Language
96. Fault Detection, isolation nad recovery are closely associated wiht - Detection Control
97. Installing Bio Metric devices to check unauthorised entry is - Physical Control
98. Unless properly logged, straightaway accessing the database through a SQL is termed as - Back end Access
99.IT Act 2008 describes the activity of hacking as a criminal activity in section no 66
100. IT Act 2000 came in force on - 17 October 2000
101. IT Amendment Act came into force on - 27 October 2009
101. IT Act consists of - 13 Chapters and 90 Sections
102. The Section which deals with cyber crimes as civil offence - Section 43
103. The Section deals with cyber crimes as Criminal Offences - Section 66
104. IT Amendment Act included the following which is not in the IT Act 2000 - Electronic Signature
105. Electronic Signature has been dealt in - Section 15
106. Under Section 43A, if any body corporate handling any sensitive personal data is negligent in implementing and maintaining reasonable security the compensation may go upto - five crore rupees
107. Under Section 43, if one found guilty on Data theft/alters/destroys the same the penalty/compensation may go upto - One Crore rupees
108. Tampering with Computer Source Documents - Section 65
109. Punishment under Section 65 may go upto - Three years imprisonment and extend upto Two Lakhs Fine
110. Computer Related offences which were dealt under section 43 can also be dealt as criminal offence under section - 66
111. Punishment under Section 66 may go upto - two three years and/or fine upto five lakhs rupees
112. Crime of Cyber Stalking ( sending electronic messages for the purpose of causing annoyance/inconvenience/decieve/mislead the recipient) may lead to - two three years imprisonment
113. Identity Theft is dealt under Section - 66c
114. Punishment of Identity Theft - may extend to three years term and/or fine upto One lakhs rupees
115. Puishment for Cyber Cheating - may extend to three years term and/or fine upto One lakhs rupees
116. Cyber Cheating is dealt under - Section 66D
117. Punishment for Cyber Terrorism may extend upto - Life time Imprisonment
118. Cyber Terrorism is dealt under - Section 66F
119. Publishing obscene material in electronic form dealt under - Section 67
120. Punishment under Section 67 may extend upto - two three years term and/or five lakhs fine
121. Punishment for Sudsequent conviction of the same crime under section 67 is - 5 years term and/or ten lakhs rupees fine
122. Sexually explicit content in electronic form dealt under - Section 67A
123. Punishment under Section 67A is - Five years term with fine
124.Punishment for Sudsequent conviction of the same crime under section 67A is - 7 years term and/or ten lakhs rupees fine
125. CERT-IN has been designated as Nodal agency for Critical Information Infrastructure Protection under Section - 70B
126. Mispresentation/Suppression of material Fact dealt under - Section 71
127. Penalty under Section 71 - Two years term and/or fine upto One lakh rupees
128. Breach of confidentiality and Privacy dealt under Section - 72
129. Analysing the style of writing or the langauage style for the purpose of Crime Investigation is - Stylometry
130. RBI issues licenses for Payment Banks in India based on approval from - BPSS
131. NTRO stands for - National Technical Research Organisation
132. Netra, the light weight UAV was developed by - DRDO
133.NCIIPC stands for - National Critical Information Infrastructure Protection Centre
134. DSCI - Data Security Council of India
135. Digital Forensic tools used by our Police Department were developed by - C-DAC
136. C-DAC stands for - Centre for Development of ADvanced Computig
137. NTRO works under - Prime Minister's Office
138. Two acts which are mainly handled by ED - FEMA and PMLA
139. Money laundering using banking systems/Internet banking is - Conventional Crime
140. Obtaining an IP address similar to some other and demanding a ransom for forego the same is - Cyber Squatting
141. Data Protection while in transit using non repudiation techniques can be achieved through - Public Key Infrastructure
142. Card Skimming is a technique mostly used th steal the card details and it mostly placed on - ATM manchines
143. Card Skimming Data Theft can be avoided using - Contactless Cards/NFC Cards
144. To avoid the Card Credentials in Online sites these cards were introduced - Virtual Cards
145. Smart Cards which are loaded with Money prior to issue is called - Prepaid Cards
146. Virtual Cards normally comes with a validity of - 24 hours to 48 hours
147. Maximum loading permitted in a Prepaid as per RBI instruction is - 50000/-
148. Hackers try to capture the login credentials by analysing the keys pressed in the Key boards. the worms captures such data is called as - Key Loggers
149. By clicking unauthenticated link, customers may diverted to fake websites to capture the sensitive personal. This is type of - Website spoofing/IP Spoofing
150. Ad wares are used not to harm the computers but to - make a catch by making the user to click on the dubious link to fake websites
---------------------------------------------------------
