(A) Information Security Auditors Module - (Part 1)
Q1
Which areas offer protection under the Copyright Act? [ 1 Mark ]
(a) Original Literary Work
(b) Original Musical Work
(c) Computer Programme
(d) All of the above.
(e) I am not attempting the question
Q2
Which of the following describes a structured walk-through test? [ 1 Mark ]
(a) All departments receive a copy of the disaster recovery plan and walk through it.
(b) Representatives from each department come together and go through the test collectively.
(c) It is performed to ensure that critical systems will run at the alternate site.
(d) Normal operations are shut down.
(e) I am not attempting the question
Q3
Why is cascading revoke not always desirable? [ 1 Mark ]
(a) Because it compromises the system security.
(b) Because it leads to unnecessary revokes.
(c) Because it hampers the system performance
(d) Because it violates database rules.
(e) I am not attempting the question
Q4
Which access control technique secures information by assigning sensitivity levels to data? [ 1 Mark ]
(a) RBAC
(b) MAC
(c) DAC
(d) Biba
(e) I am not attempting the question
Q5
Which of the following is TRUE about primary markets? [ 1 Mark ]
(a) Primary markets is the place where public can buy and sell securities with one another.
(b) Primary markets are places where only short term instruments are traded
(c) Primary markets are markets where commodities are sold.
(d) Primary markets refer to the direct solicitation of funds from the public by companies.
(e) I am not attempting the question
Q6
The _________issued by SEBI aim to secure fuller disclosure of the relevant information about the issuer and the nature of issue so that the investors can take informed decision. [ 1 Mark ]
(a) Disclosure and Investor Protection Guidelines
(b) SC(R)A
(c) SEBI (Stock Brokers and Sub brokers) Rules
(d) SEBI (Prohibition of Fraudulent and Unfair Trade Practices Relating to Securities Markets) regulations
(e) I am not attempting the question
Q7
Stock Broker as per the SEBI (Stock Brokers and Sub-brokers) Rules, 1992 means __________. [ 2 Marks ]
(a) a member of the Board
(b) a member of the Clearing Corporation
(c) a member of the Stock Exchange
(d) a member of the Clearing House
(e) I am not attempting the question
Q8
Business continuity does not replace _____________. [ 1 Mark ]
(a) Facilities
(b) Insurance
(c) Interruption
(d) Product
(e) I am not attempting the question
Q9
According to IT Act what is/are offences pertaining to computer, computer network or computer program? [ 1 Mark ]
(a) Securing access to somebody else's computer.
(b) Intentionally concealing the computer source code
(c) Intentionally altering the data
(d) All of the above
(e) I am not attempting the question
Q10
Which of the following is not true about offer of shares through normal public issue? [ 2 Marks ]
(a) In normal Public issue, investors bid for shares at the floor price or above and after the Closure of the process the price is determined for allotment of shares.
(b) In case of the normal public issue the demand for an issue is known at the close of the issue.
(c) In case of offer of shares through normal public issue price at which securities will be allotted is known to an investor in advance.
(d) None of the above
(e) I am not attempting the question
Q11
Under copyright act, a copyright office for this purpose is a must [ 1 Mark ]
(a) Also requestions[ires a secluded location.
(b) And can have more then one offices if requestions[ired.
(c) FALSE
(d) TRUE
(e) I am not attempting the question
Q12
Which Risk Management methodology uses the exposure factor multiplied by the asset value to determine its outcome? [ 1 Mark ]
(a) Information Risk Management
(b) Annualized Loss Expectancy
(c) Single Loss Expectancy
(d) Annualized Rate of Occurrence
(e) I am not attempting the question
Q13
On NSE's options market, until the buyer pays in the premium, the premium due is deducted from the available _________ on a real time basis. [ 1 Mark ]
(a) cash deposit
(b) liquid net worth
(c) cash and non-cash deposit
(d) effective deposit
(e) I am not attempting the question
Q14
Find the odd one [ 1 Mark ]
(a) GRANT
(b) CASCADE
(c) REVOKE
(d) INSERT
(e) I am not attempting the question
Q15
Which of the following best describes what a disaster recovery plan should contain? [ 1 Mark ]
(a) Software, media interaction, people, hardware, management issues.
(b) Hardware, software, people, emergency procedures, recovery procedures.
(c) People, hardware, offsite facility.
(d) Hardware, emergency procedures, software, identified risk.
(e) I am not attempting the question
Q16
Which term best suits the statement 'tracks what the user did and when they did it'? [ 2 Marks ]
(a) Accounting
(b) Authorization
(c) Authentication
(d) Validation
(e) I am not attempting the question
Q17
An at-the-money option contract would generate __________upon exercise for the buyer. [ 1 Mark ]
(a) positive cash flow
(b) specified amount of cash flow
(c) no cash flow
(d) negative cash flow
(e) I am not attempting the question
Q18
The most risk from a disaster occurs when there is __________. [ 1 Mark ]
(a) Low Probability and High Vulnerability
(b) High Probability and Low Vulnerability
(c) High Probability and High Vulnerability
(d) Low Probability and Low Vulnerability
(e) I am not attempting the question
Q19
To get proper management support and approval of the plan, a business case must be made. Which of the following is least important to this business case? [ 1 Mark ]
(a) How other companies are dealing with these issues.
(b) The impact the company can endure if a disaster hits.
(c) Regulatory and legal requirements.
(d) Company vulnerabilities to disasters and disruptions.
(e) I am not attempting the question
Q20
What factor/s affect the interest rate? [ 1 Mark ]
(a) Supply of money
(b) Government borrowings
(c) Inflation rate
(d) All of the above.
(e) I am not attempting the question
Q21
Which of the following describes a parallel test? [ 1 Mark ]
(a) Normal operations are shut down.
(b) Representatives from each department come together and go through the test collectively.
(c) All departments receive a copy of the disaster recovery plan and walk through it.
(d) It is performed to ensure that some systems will run at the alternate site.
(e) I am not attempting the question
Q22
Which is the principal Act that governs the trading in securities market in India? [ 1 Mark ]
(a) Securities Contracts (Regulation) Act, 1956
(b) SEBI Act, 1992
(c) Depositories Act, 1996
(d) Companies Act, 1956
(e) I am not attempting the question
Q23
Who issues the registration to a Mutual Fund in India? [ 1 Mark ]
(a) Only SEBI
(b) SEBI for all types of Mutual Funds and additional permission from RBI in case of a Mutual Fund being a subsidiary of a bank.
(c) RBI for all types of Mutual Funds and additional permission from SEBI in case of a Mutual Fund being a subsidiary of a bank.
(d) Only RBI.
(e) I am not attempting the question
Q24
What is the Maximum Tolerable Downtime (MTD)? [ 1 Mark ]
(a) Minimum elapsed time requeired to complete recovery of application data.
(b) Maximum elapsed time requeired to move back to primary site after a major disruption.
(c) It is maximum delay businesses can tolerate and still remain viable.
(d) Maximum elapsed time requestions[ired to complete recovery of application data.
(e) I am not attempting the question
Q25
State which of the following is false? The following dealings as per the SEBI (Prohibition of Fraudulent and Unfair Trade Practices relating to Securities Market) Regulations, 2003 are prohibited _________. [ 1 Mark ]
(a) employing any manipulative device to defraud in connection with the issue of securities
(b) buying, selling or otherwise dealing in securities
(c) engaging in any act which would deceive a person in connection with the issue of securities
(d) employing any device to defraud in connection with dealing in any securities listed on a recognized stock exchange
(e) I am not attempting the question
Q26
What are the punishments for a criminal offence under the copyright law? [ 1 Mark ]
(a) Imprisonment for six months with the minimum fine of Rs. 100,000/-.
(b) Imprisonment for ten months with the minimum fine of Rs. 50,000/-.
(c) Imprisonment for six months with the minimum fine of Rs. 50,000/-.
(d) Imprisonment for six years with the minimum fine of Rs. 25,000/-.
(e) I am not attempting the question
Q27
Which of the following statements correctly describes passwords? [ 1 Mark ]
(a) They are the least expensive and most secure.
(b) They are the most expensive and least secure.
(c) They are the most expensive and most secure
(d) They are the least expensive and least secure.
(e) I am not attempting the question
Q28
What is the specialty of RADIUS server? [ 1 Mark ]
(a) System allows multiple logons
(b) User given permanent authentication
(c) Information never sent on network
(d) User friendly
(e) I am not attempting the question
Q29
Which of the following teams should not be included in an organization's contingency plan? [ 1 Mark ]
(a) Damage assessment team
(b) Legal affairs team
(c) Hardware salvage team
(d) Tiger team
(e) I am not attempting the question
Q30
According to IT Act, RBI has prescribed which system for authentication purpose? [ 1 Mark ]
(a) Hash function
(b) Asymmetric crypto system and Hash function
(c) Asymmetric crypto system
(d) Symmetric crypto system and Hash function
(e) I am not attempting the question
Q31
A password is mainly used for what function? [ 1 Mark ]
(a) Authentication
(b) Authorizations
(c) Identity
(d) Registration
(e) I am not attempting the question
Q32
Which one of the offence deems fit to be punished according to IT Act of India? [ 1 Mark ]
(a) Introducing a computer contaminant
(b) Disruption of computer networks
(c) Lascivious material published in electronic form
(d) All of the above.
(e) I am not attempting the question
Q33
Which is a punishable offence according to IT Act of India? [ 1 Mark ]
(a) Digital transmission
(b) Penetration Testing
(c) Hacking
(d) Ethical hacking
(e) I am not attempting the question
Q34
Clark-Wilson model differs from the other models in what way? [ 1 Mark ]
(a) Introducing a third access element-programs.
(b) Introducing a third access element procedures
(c) Is safest among all the models.
(d) Is the only model that focuses on integrity.
(e) I am not attempting the question
Q35
Which can you relate to a disaster? [ 1 Mark ]
(a) Event that results a business going out of business.
(b) Event that results in death.
(c) Event that results serious injury.
(d) None of the above.
(e) I am not attempting the question
Q36
Derivative includes:A) A security derived from a debt instrument, share, loan whether secured or unsecured, risk Instrument or contract for differences or any other form of security.B) A contract which derives its value from the prices, or index or prices, of underlying securities. [ 1 Mark ]
(a) Both (A) and (B)
(b) Only A
(c) Only B
(d) Neither (A) nor (B).
(e) I am not attempting the question
Q37
Which among the following is the Business Recovery Strategy in BCP process? [ 1 Mark ]
(a) Back-Up Recovery
(b) Environment Failure Recovery
(c) Business Functions Recovery
(d) Facility Recovery
(e) I am not attempting the question
Q38
What is the most important biometric system characteristic? [ 1 Mark ]
(a) Acceptability of users
(b) Reliability
(c) Speed and throughput
(d) Enrollment Time
(e) I am not attempting the question
Q39
What does continuity of operations plan focus on? [ 1 Mark ]
(a) Outlining of roles and authorities, orders of succession, and individual role tasks.
(b) Focuses on how to recover various IT mechanisms after a disaster.
(c) Planning for systems, networks, and major applications recovery procedures after disruptions
(d) Establishing personnel safety and evacuation procedures.
(e) I am not attempting the question
Q40
Pertaining to IT Act what rules can central government make with respect of digital signature? [ 1 Mark ]
(a) The type of digital signature.
(b) The manner and format in which the digital signature shall be affixed.
(c) Any other matter which is necessary to give legal effect to digital signatures.
(d) All of the above.
(e) I am not attempting the question
Q41
What is the maximum number of depository accounts that can be opened by an investor? [ 1 Mark ]
(a) Only one account with a particular depository participant.
(b) One account only
(c) There is no restriction on the number of accounts an investor can open.
(d) It depends on his Net Worth.
(e) I am not attempting the question
Q42
In case of default in repayment to small depositors, intimation of such fact should be given within ________. [ 2 Marks ]
(a) one month from the date of default
(b) 60 days from the date of default
(c) 15 days from the date of default
(d) three months from the date of default
(e) I am not attempting the question
Q43
Exchange Traded Derivatives has been introduced in Indian Financial Market by ________. [ 1 Mark ]
(a) NSCCL
(b) RBI
(c) NSDL
(d) SEBI
(e) I am not attempting the question
Q44
__________ model enables the owner of the resource to specify what subjects can access specific Resources [ 1 Mark ]
(a) Role-based Access Control
(b) Sensitive Access Control
(c) Discretionary Access Control
(d) Mandatory Access Control
(e) I am not attempting the question
Q45
As per the SEBI (ESOS and ESPS) Guidelines 1999, _____________. [ 1 Mark ]
(a) an employee who is a promoter or belongs to the promoter group shall not be eligible to participate in the ESPS
(b) an employee who is promoter shall be eligible to participate in the ESPS
(c) an employee who belongs to the promoter group shall be eligible to participate in the ESPS
(d) None of the above
(e) I am not attempting the question
Q46
Principal officer as per the SEBI (Underwriters) Regulations, 1993 means _________. [ 1 Mark ]
(a) any person connected with the management of the firm where the firm has stated that he is the principal officer
(b) any person connected with the management of the firm upon whom the Board has served a notice of its intention to treat him as principal officer
(c) any person connected with the administration of the firm
(d) any person connected with the administration of the firm where the firm has stated that he is the principal officer
(e) I am not attempting the question
Q47
Which one among these is a access control device? [ 2 Marks ]
(a) NIC
(b) Mouse
(c) Scanner
(d) Smart Card
(e) I am not attempting the question
Q48
Which of the following is an issue with signature-based intrusion detection systems? [ 1 Mark ]
(a) Hackers can circumvent signature evaluations.
(b) Previously defined attack signatures often evolve making the signatures invalid.
(c) Signature databases must be augmented with inferential elements.
(d) Only previously identified attack signatures are detected.
(e) I am not attempting the question
Q49
Premium Margin is levied at _________ level [ 1 Mark ]
(a) clearing member
(b) broker
(c) trading member
(d) client
(e) I am not attempting the question
Q50
What does SEBI do? [ 1 Mark ]
(a) It facilitates a high level of control and in-depth monitoring of security markets.
(b) It enters into dealings in securities in which dealings are not permitted.
(c) It ensures that the integrity of the exchanged data is maintained at all times.
(d) It can frame or issue rules, regulations, directives, guidelines, and norms in respect of primary markets and secondary markets.
(e) I am not attempting the question
Q51
The Court shall take cognizance of the offence punishable under the Depository Act 1996 on complaint made by ___________. [ 1 Mark ]
(a) SEBI
(b) Central Government
(c) State Government
(d) Any of the above.
(e) I am not attempting the question
Q52
Who is responsible to make avoid, mitigate, or absorb risk decisions? [ 1 Mark ]
(a) Management
(b) Damage assessment team
(c) Planner
(d) Security Team
(e) I am not attempting the question
Q53
In Business Continuity Planning, RPO stands for ______________. [ 1 Mark ]
(a) Recovery Point Objective
(b) Random Position Objective
(c) Run Projection Outage
(d) Round Point Objection
(e) I am not attempting the question
Q54
What does disaster recovery plan focus on? [ 1 Mark ]
(a) Establishing personnel safety and evacuation procedures.
(b) Planning for systems, networks, and major applications recovery procedures after disruptions.
(c) Outlining of roles and authorities, orders of succession, and individual role tasks.
(d) Focuses on how to recover various IT mechanisms after a disaster.
(e) I am not attempting the question
Q55
In IT Act what does legal recognition of digital signatures pertains to? [ 1 Mark ]
(a) That information or any other matter shall be authenticated by affixing the signature.
(b) That information or any other matter shall be sent only by email.
(c) That information or any other matter shall be legally assigned.
(d) That data or any other matter shall contain signature.
(e) I am not attempting the question
Q56
A firewall located between the Internet and your organization's private network is called a __________. [ 1 Mark ]
(a) Departmental LAN firewall
(b) VPN gateway
(c) Proxy
(d) Network perimeter firewall
(e) I am not attempting the question
Q57
Profit and Loss account of a company shows __________. [ 1 Mark ]
(a) the revenues and expenses during particular period of time
(b) the revenues and expenses of the company at a particular point of time
(c) the financial position of the company at a particular point of time
(d) None of the above.
(e) I am not attempting the question
Q58
The information about the transfer of securities in the name of the beneficial owners has to be furnished _________. [ 1 Mark ]
(a) by the beneficial owner to the depository
(b) by the issuer to the depository
(c) by the depository to the beneficial owner
(d) by the depository to the issuer
(e) I am not attempting the question
Q59
Which of the following is FALSE about the NEAT system? [ 1 Mark ]
(a) The identity of the trading member is revealed to make the system transparent.
(b) This system enables members from across the country to trade simultaneously with enormous ease and efficiency
(c) A member punches into the computer questions[antities of securities and the price at which he wants to transact.
(d) The transaction is executed through the mainframe computer of the exchange as soon as the order punched by the user finds a matching sale or buy order from a counter party.
(e) I am not attempting the question
Q60
Name the team/s that should be properly trained and available if a disaster hits? [ 2 Marks ]
(a) Relocation team
(b) Legal team
(c) Security team
(d) All of the above.
(e) I am not attempting the question
Q61
Which access control model is also called non-discretionary access control? [ 2 Marks ]
(a) Role-based access control
(b) Mandatory access control
(c) Rule-based access control
(d) Label-based access control
(e) I am not attempting the question
Q62
The goal of business continuity and disaster recovery is to __________. [ 1 Mark ]
(a) mitigate business impact
(b) mitigate operational impact
(c) mitigate financial impact
(d) All of the above.
(e) I am not attempting the question
Q63
Which access control technice restricts information based on the authorization granted to a particular user? [ 2 Marks ]
(a) DAC
(b) RBAC
(c) MAC
(d) Biba
(e) I am not attempting the question
Q64
SEBI administers the provisions of the Companies Act, 1956 in respect of __________. [ 1 Mark ]
(a) inter corporate loans and investments
(b) holding of the annual general meeting
(c) issue and transfer of securities and non-payment of dividend
(d) acceptance of deposits
(e) I am not attempting the question
Q65
Which of the following are the two most well known access control models? [ 2 Marks ]
(a) Bell LaPadula and Biba
(b) Bell LaPadula and Chinese war
(c) Lattice and Biba
(d) Bell LaPadula and Info Flow
(e) I am not attempting the question
Q66
Which of the following is not a SSO access approach? [ 1 Mark ]
(a) The clients
(b) Kerberos
(c) Discretionary
(d) Scripts
(e) I am not attempting the question
Q67
Which of the following is not an advantage of a hot site? [ 1 Mark ]
(a) Offers many hardware and software choices.
(b) Is readily available.
(c) Annual testing is available.
(d) Can be up and running in hours.
(e) I am not attempting the question
Q68
With respect to Copyright, what is adaptation? [ 1 Mark ]
(a) The preparation of a new work in the same or different form based upon an already existing work.
(b) A member of copyright board getting familiar to his new role.
(c) The migration procedure of registrar and chairman of copyright board.
(d) None of the above
(e) I am not attempting the question
Q69
_________ is a sequence of characters that is usually longer than the allotted number for a password. [ 1 Mark ]
(a) Passphrase
(b) Anticipated phrase
(c) Real phrase
(d) Congnitive phrase
(e) I am not attempting the questions
Q70
What does authentication mean? [ 1 Mark ]
(a) Validating a user
(b) Registering a user
(c) Identifying a user
(d) Authorizing a user
(e) I am not attempting the question
Q71
Any bank encountering security breaches or failure of security system's should ________. [ 1 Mark ]
(a) report to Reserve Bank of India
(b) close all its online transaction's
(c) assign the recovery process to third party
(d) inform all its branches
(e) I am not attempting the question
Q72
A client/server, single sign-on is a session/user authentication where in ______. [ 1 Mark ]
(a) permits a user to enter many usernames and password in order to access multiple applications
(b) permits a user to enter one username and password in order to access multiple applications
(c) permits a user to enter many usernames and password in order to access single application
(d) permits a user to enter one username and password in order to access single application
(e) I am not attempting the question
Q73
After identifying risks to the critical business functions the planners do which of the following? [ 1 Mark ]
(a) Absorb Risk
(b) Avoid Risk
(c) Mitigate Risk
(d) All of the above.
(e) I am not attempting the question
Q74
As per the listing agreement, the Chairman of which Committees should be present at the Annual General meetings of the company? [ 1 Mark ]
(a) Remuneration Committee
(b) Only Audit Committee
(c) Shareholders Grievance Committee
(d) Audit Committee and Remuneration Committee
(e) I am not attempting the question
Q75
Consider the following scenario: A person builds a house on an ocean beach. A storm washes away the beach. The house collapses. Disaster recovery would suggest that ___________. [ 1 Mark ]
(a) rebuild the house in time for the next storm
(b) building a barrier reef or moving the house farther inland
(c) a storm will come ashore and damage the house
(d) make sure there is someplace to live while the house is rebuilt
(e) I am not attempting the question
Q76
In discretionary access control security, who has delegation authority to grant access to data? [ 1 Mark ]
(a) Owner
(b) User
(c) Security office
(d) Security policy
(e) I am not attempting the question
Q77
In IT Act what is of utmost importance? [ 1 Mark ]
(a)Reliable communication
(b)Secure transmission
(c)High degree of availability
(d)Use of digital certificates
(e)I am not attempting the question
Q78
Which of the following describes a cold site? [ 1 Mark ]
(a)Fully equipped and operational in a few hours.
(b)Partially equipped with data processing equipment.
(c)Provides environmental measures but no equipment.
(d)Expensive and fully configured.
(e)I am not attempting the question
Q79
All members of the audit committee shall be _________ literate [ 1 Mark ]
(a)financially
(b)educationally
(c)technologically
(d)All of the above
(e)I am not attempting the question
Q80
The SEBI Committee on derivatives has recommended that the exposure limits for brokers should be linked to the __________. [ 1 Mark ]
(a)deposits kept by the broker with the Exchange/Clearing corporation
(b)satisfactory margin payment track record of the broker
(c)networth of the broker
(d)daily turnover of the broker
(e)I am not attempting the question
Q81
What is the reason for enforcing the separation of duties? [ 1 Mark ]
(a)It induces an atmosphere for collusion.
(b)It increases dependence on individuals.
(c)No one person can complete all the steps of a critical activity.
(d)It makes critical tasks easier to accomplish.
(e)I am not attempting the question
Q82
Which instrument among these is considered the most challenging and rewarding investment option, when compared to other investment options? [ 1 Mark ]
(a)Treasury Bill
(b)Equity
(c)Bonds
(d)Fixed Deposit
(e)I am not attempting the question
Q83
Every recognised stock exchange shall furnish copy of Annual Report to _______. [ 1 Mark ]
(a)State Government
(b)SEBI
(c)Central Government
(d)SEBI and Central Government
(e)I am not attempting the question
Q84
In MAC, what is Labeling at finer granularity? [ 1 Mark ]
(a)Individual attributes of each row is labeled.
(b)Individual row of each relation is labeled.
(c)Individual column of each relation is labeled.
(d)Individual field of each column is labeled.
(e)I am not attempting the question
Q85
Firewall helps detection of virus or malicious intrusion in __________. [ 1 Mark ]
(a)Real time
(b)Logging
(c)No alert just deny the attacker
(d)All of above.
(e)I am not attempting the question
Q86
Of all business process interruptions, the most devastating are ones resulting from ________. [ 1 Mark ]
(a)loss of applications
(b)loss of data
(c)loss of hardware/software
(d)loss of communication links
(e)I am not attempting the question
Q87
During development, testing, and maintenance of the continuity plan, a high degree of interaction and communications is crucial to the process. Why? [ 2 Marks ]
(a)This is a regulatory requirement of the process.
(b)This is not crucial to the plan and should not be interactive because it will most likely affect operations.
(c)The more people that talk about it and are involved, the more awareness will increase.
(d)Management will more likely support it.
(e)I am not attempting the question
Q88
Primarily IT Act wants digital certificates to ______________. [ 1 Mark ]
(a)uniquely identify a subscriber
(b)uniquely identify a certification authority
(c)uniquely identify a digital signature
(d)All of the above
(e)I am not attempting the question
Q89
Users might have different usernames and passwords, sometimes to remember all of that is very difficult for purpose of e-commerce. Which solution is the best for this kind of scenario? [ 1 Mark ]
(a)Smart Card
(b)Single sign-on
(c)PDA
(d)Kerberos
(e)I am not attempting the question
Q90
The audit committee of the holding company shall review the investments made by ________ [ 1 Mark ]
(a) unlisted subsidiary companies
(b) material subsidiary companies
(c) subsidiary companies
(d) listed subsidiary companies
(e) I am not attempting the question
--------------------------------------------------------------------------------
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment