CYBER SECURITY

UNIT-V
1. What is one of the essential practices for securing endpoint devices?
A) Avoiding software updates
B) Disabling firewalls
C) Implementing strong authentication
D) Sharing passwords openly
Answer: C) Implementing strong authentication

2. Which practice is recommended for securing mobile phones?

A) Using untrusted sources for app downloads
B) Enabling encryption for stored data
C) Avoiding regular software updates
D) Disabling lock screen security
Answer: B) Enabling encryption for stored data

3. What is a key aspect of a robust password policy?

A) Allowing common passwords
B) Requiring infrequent password changes
C) Implementing multi-factor authentication (MFA)
D) Encouraging password sharing
Answer: C) Implementing multi-factor authentication (MFA)

4. Why is it essential to keep software updated on endpoint devices?

A) To maintain vulnerabilities and security flaws
B) To prevent unauthorized access to the device
C) To ensure compatibility with outdated applications
D) To reduce the need for strong authentication
Answer: A) To maintain vulnerabilities and security flaws

5. What is the purpose of encrypting sensitive data on endpoint devices?

A) To simplify data access
B) To prevent unauthorized access if the device is lost or stolen
C) To increase the risk of data breaches
D) To allow easy data sharing with others
Answer: B) To prevent unauthorized access if the device is lost or stolen

6. Which action is NOT recommended for mobile phone security?

A) Using VPNs on public networks
B) Regularly updating the operating system and apps
C) Jailbreaking or rooting the device
D) Enabling remote wipe/locate features
Answer: C) Jailbreaking or rooting the device

1 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

7. What is the purpose of implementing multi-factor authentication (MFA)?

A) To simplify the login process
B) To add an extra layer of security
C) To encourage password sharing
D) To reduce the need for strong passwords
Answer: B) To add an extra layer of security

8. Why is it essential to avoid jailbreaking or rooting mobile phones?

A) To increase the risk of data breaches
B) To simplify device customization
C) To avoid exposing the device to more risks
D) To enable encryption for stored data
Answer: C) To avoid exposing the device to more risks

9. What is the primary purpose of a password policy?

A) To encourage password sharing
B) To provide guidelines for creating strong passwords
C) To discourage regular password changes
D) To allow unrestricted access to accounts
Answer: B) To provide guidelines for creating strong passwords

10. What is one of the key elements of a robust password policy?

A) Allowing common passwords
B) Prohibiting multi-factor authentication (MFA)
C) Requiring periodic password changes
D) Encouraging password sharing
Answer: C) Requiring periodic password changes

11. Why is it important to review and manage app permissions on mobile phones?
A) To limit what data apps can access
B) To encourage app downloads from untrusted sources
C) To simplify the app installation process
D) To increase the risk of data breaches
Answer: A) To limit what data apps can access

12. What is one of the key practices for securing endpoint devices?
A) Sharing passwords openly
B) Disabling firewalls
C) Regularly backing up important data
D) Allowing unrestricted access to accounts
Answer: C) Regularly backing up important data

2 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

13. What is the purpose of enabling encryption for mobile data?

A) To simplify data access
B) To prevent unauthorized access if the device is lost or stolen
C) To increase the risk of data breaches
D) To allow easy data sharing with others
Answer: B) To prevent unauthorized access if the device is lost or stolen

14. What is the primary purpose of using strong authentication methods?

A) To simplify the login process
B) To add an extra layer of security
C) To encourage password sharing
D) To reduce the need for regular software updates
Answer: B) To add an extra layer of security

15. Why is it important to avoid installing apps from untrusted sources on mobile phones?
A) To simplify the app installation process
B) To increase the risk of data breaches
C) To encourage customization of the device
D) To reduce the risk of installing malicious software
Answer: D) To reduce the risk of installing malicious software

16. What is the first step in security patch management?

A) Testing
B) Acquisition
C) Assessment
D) Identification
Answer: D) Identification

17. What is the purpose of the assessment phase in patch management?

A) Testing the patches
B) Evaluating the severity and impact of vulnerabilities
C) Applying patches to the production environment
D) Monitoring for new vulnerabilities
Answer: B) Evaluating the severity and impact of vulnerabilities

18. Where should patches be obtained from during the acquisition phase?
A) Unverified sources
B) Official sources
C) Social media
D) Online forums
Answer: B) Official sources

3 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

19. Why is testing patches necessary before deployment?

A) To delay the patching process
B) To ensure they work as intended and don’t create conflicts
C) To avoid monitoring and maintenance
D) To minimize documentation requirements
Answer: B) To ensure they work as intended and don’t create conflicts

20. What should be done after deploying patches to the production environment?
A) Stop monitoring
B) Start testing again
C) Verification
D) Acquisition
Answer: C) Verification

21. What is the purpose of monitoring and maintenance in patch management?

A) To avoid patching systems
B) To ensure all systems are up to date with the latest security patches
C) To avoid documentation
D) To skip the identification phase
Answer: B) To ensure all systems are up to date with the latest security patches

22. Why is documentation essential in patch management?

A) To avoid audits
B) To maintain records of applied patches and any issues encountered
C) To reduce the need for testing
D) To speed up the deployment process
Answer: B) To maintain records of applied patches and any issues encountered

23. Which of the following is NOT a phase in security patch management?

A) Assessment
B) Deployment
C) Ignoring
D) Verification
Answer: C) Ignoring

24. What is the primary goal of effective patch management?

A) To increase the likelihood of security breaches
B) To mitigate the risks associated with security vulnerabilities
C) To delay the deployment of patches
D) To avoid acquiring patches from official sources
Answer: B) To mitigate the risks associated with security vulnerabilities

4 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

25. Which phase involves confirming that patches have been successfully applied?
A) Testing
B) Acquisition
C) Verification
D) Documentation
Answer: C) Verification

26. Why is data backup important?

A) To increase system performance
B) To prevent downloading third-party software
C) To safeguard against data loss
D) To automate system updates
Answer: C) To safeguard against data loss

27. What is a recommended practice for effective data backup?

A) Storing backups in a single location
B) Verifying backups only once a year
C) Using encryption for sensitive data
D) Testing backups only during system crashes
Answer: C) Using encryption for sensitive data

28. Which factor determines the frequency of data backups?

A) The amount of available storage space
B) The importance of the data and its rate of change
C) The speed of the internet connection
D) The number of third-party software installed
Answer: B) The importance of the data and its rate of change

29. What is the purpose of testing the restoration process for backups?
A) To automate the backup process
B) To ensure backups are encrypted
C) To verify that backups are usable
D) To increase system performance
Answer: C) To verify that backups are usable

30. Why should users prioritize important data for backup?

A) To reduce system performance
B) To simplify the backup process
C) To increase the risk of data loss
D) To ensure critical data is protected
Answer: D) To ensure critical data is protected

5 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

31. Where should users obtain software from to ensure safety?

A) Unverified third-party websites
B) Reputable sources such as official websites or trusted app stores
C) Random online forums
D) Social media platforms
Answer: B) Reputable sources such as official websites or trusted app stores

32. What should users check to gauge the reliability of third-party software?
A) The color scheme of the software website
B) The number of advertisements on the website
C) Reviews, ratings, and user feedback
D) The font size used on the software's download page
Answer: C) Reviews, ratings, and user feedback

33. What should users do when installing third-party software?

A) Ignore the permissions requested by the software
B) Install software from any available source
C) Review and consider the permissions requested
D) Install software without reading the license agreement
Answer: C) Review and consider the permissions requested

34. Why is it important to keep all software updated?

A) To increase system vulnerabilities
B) To prevent downloading third-party software
C) To automate the data backup process
D) To patch security vulnerabilities
Answer: D) To patch security vulnerabilities

35. What should users do with unused software?

A) Keep it installed for future use
B) Uninstall it to reduce potential vulnerabilities
C) Share it with friends and family
D) Ignore its presence on the system
Answer: B) Uninstall it to reduce potential vulnerabilities

36. What should users do before downloading third-party software from a website?
A) Verify the authenticity of the website and software
B) Install the software immediately without hesitation
C) Skip reading the license agreement
D) Disable antivirus software
Answer: A) Verify the authenticity of the website and software

6 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

37. Why is it important to read the license agreement before installing third-party software?
A) To increase system performance
B) To understand the terms and conditions of using the software
C) To avoid encryption of data backups
D) To simplify the software installation process
Answer: B) To understand the terms and conditions of using the software

38. What is a recommended practice for managing third-party software?

A) Avoid regular updates to maintain system stability
B) Share downloaded software with others
C) Back up data regularly to mitigate potential issues
D) Download software from unverified sources for variety
Answer: C) Back up data regularly to mitigate potential issues

39. What should users consider using to test potentially risky software?
A) Virtual environments or sandboxes
B) Sharing software with colleagues
C) Ignoring reviews and ratings
D) Installing it directly on the main system
Answer: A) Virtual environments or sandboxes

40. Which action enhances security when managing third-party software?

A) Disabling antivirus software
B) Sharing passwords openly
C) Regularly updating all software
D) Avoiding backups of critical data
Answer: C) Regularly updating all software

41. What is the purpose of establishing device usage guidelines in a device security policy?
A) To restrict all device usage within the organization
B) To specify who can use company devices and for what purposes
C) To encourage unlimited device usage
D) To enforce strict penalties for device misuse
Answer: B) To specify who can use company devices and for what purposes

42. What does an acceptable use policy typically cover in a device security policy?
A) Employee salaries and benefits
B) Browsing certain websites and downloading software
C) Company mission and vision statements
D) Personal hobbies and interests
Answer: B) Browsing certain websites and downloading software

7 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

43. What is recommended for password and authentication in a device security policy?
A) Weak, easily guessable passwords
B) Sharing passwords among colleagues
C) Strong, unique passwords for each device and multi-factor authentication
D) Passwords written on sticky notes attached to devices
Answer: C) Strong, unique passwords for each device and multi-factor authentication

44. Why is data encryption mandated in a device security policy?

A) To make data easier to access
B) To increase the risk of data breaches
C) To prevent unauthorized access to sensitive data
D) To slow down device performance
Answer: C) To prevent unauthorized access to sensitive data

45. What is the purpose of regular updates and patching in a device security policy?
A) To keep devices outdated and vulnerable
B) To reduce device performance
C) To protect against vulnerabilities by installing the latest security updates
D) To increase the risk of security breaches
Answer: C) To protect against vulnerabilities by installing the latest security updates

46. What does access control entail in a device security policy?

A) Allowing unlimited access to all data and systems
B) Limiting access to data and systems based on job roles and responsibilities
C) Providing access to external parties without restrictions
D) Sharing access credentials openly
Answer: B) Limiting access to data and systems based on job roles and responsibilities

47. What protocols are typically defined for secure remote access in a device security policy?
A) Use of outdated and insecure connections
B) Avoiding virtual private networks (VPNs)
C) Secure remote access using VPNs and other secure connections
D) Sharing login credentials openly
Answer: C) Secure remote access using VPNs and other secure connections

48. Why are procedures for handling lost or stolen devices established in a device security
policy?
A) To encourage device theft
B) To avoid reporting lost or stolen devices
C) To mitigate potential data breaches
D) To increase the risk of unauthorized access
Answer: C) To mitigate potential data breaches

8 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

49. What is the purpose of software and application management guidelines in a device
security policy?
A) To install outdated and insecure software
B) To prevent employees from installing any software
C) To specify guidelines for installing, updating, and removing software and applications
D) To encourage employees to install unauthorized software
Answer: C) To specify guidelines for installing, updating, and removing software and applications

50. Why is employee training included in a device security policy?

A) To increase the risk of security incidents
B) To reduce employee awareness of potential threats
C) To educate employees about security best practices and potential threats
D) To encourage employees to share sensitive information
Answer: C) To educate employees about security best practices and potential threats

51. What is the primary function of a host firewall?

A) Scanning for viruses
B) Filtering network traffic
C) Encrypting data in transit
D) Managing user permissions
Answer: B) Filtering network traffic

52. What does antivirus software primarily protect against?

A) Unauthorized network access
B) Phishing attacks
C) Malicious software (malware)
D) Hardware failures
Answer: C) Malicious software (malware)

53. Which best practice involves using complex passwords and multi-factor authentication?
A) Regular backups
B) Secure Wi-Fi networks
C) Host firewall configuration
D) User authentication
Answer: D) User authentication

54. What is the significance of regular software updates in cybersecurity?

A) They prevent hardware failures
B) They minimize the need for backups
C) They patch security vulnerabilities
D) They improve Wi-Fi network speed
Answer: C) They patch security vulnerabilities

9 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

55. How does a host firewall contribute to computer security?

A) By encrypting sensitive data
B) By detecting phishing emails
C) By controlling network traffic
D) By managing user permissions
Answer: C) By controlling network traffic

56. Which measure involves restricting user access to only necessary data and systems?
A) Regular backups
B) Least privilege
C) Encryption of sensitive data
D) Multi-factor authentication
Answer: B) Least privilege

57. What is the primary purpose of antivirus software?

A) Filtering network traffic
B) Encrypting sensitive data
C) Detecting and removing malware
D) Managing user authentication
Answer: C) Detecting and removing malware

58. What is the significance of implementing both host firewalls and antivirus software?
A) They increase Wi-Fi network speed
B) They prevent hardware failures
C) They provide complementary protection
D) They eliminate the need for regular backups
Answer: C) They provide complementary protection

59. What does a host firewall help prevent?

A) Unauthorized network access
B) Malware infections
C) Data breaches
D) Phishing attacks
Answer: A) Unauthorized network access

60. Which practice involves creating duplicate copies of important data?

A) Multi-factor authentication
B) Regular backups
C) Secure Wi-Fi networks
D) Host firewall configuration
Answer: B) Regular backups

10 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

61. What is the primary role of a host firewall in cybersecurity?

A) Scanning for viruses
B) Monitoring system activities
C) Filtering network traffic
D) Managing user permissions
Answer: C) Filtering network traffic

62. Why are regular security audits important in cybersecurity?

A) To increase Wi-Fi network speed
B) To identify and address vulnerabilities
C) To manage user authentication
D) To encrypt sensitive data
Answer: B) To identify and address vulnerabilities

63. How does antivirus software protect against malware?

A) By encrypting sensitive data
B) By filtering network traffic
C) By detecting and removing malicious software
D) By managing user permissions
Answer: C) By detecting and removing malicious software

64. What is the significance of multi-factor authentication in cybersecurity?

A) It improves Wi-Fi network speed
B) It prevents hardware failures
C) It adds an extra layer of security
D) It eliminates the need for regular backups
Answer: C) It adds an extra layer of security

65. What is the primary purpose of encrypting sensitive data?

A) To prevent unauthorized network access
B) To detect phishing attacks
C) To minimize the impact of hardware failures
D) To protect data confidentiality
Answer: D) To protect data confidentiality

66. What is the primary purpose of configuring firewall rules based on the principle of least
privilege?
A) To maximize network speed
B) To block all inbound traffic
C) To allow only necessary traffic
D) To disable firewall logging
Answer: C) To allow only necessary traffic

11 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

67. Why is it important to regularly update firewall software?

A) To enhance Wi-Fi security
B) To improve network speed
C) To ensure the latest security patches
D) To enable default deny policy
Answer: C) To ensure the latest security patches

68. What is the purpose of enabling logging and monitoring in firewall management?
A) To block all outbound traffic
B) To track firewall activities
C) To disable real-time protection
D) To hide the network name (SSID)
Answer: B) To track firewall activities

69. What does a default deny policy aim to achieve in firewall management?
A) To allow all traffic by default
B) To block all inbound traffic
C) To minimize the attack surface
D) To enable real-time scanning
Answer: C) To minimize the attack surface

70. What is a key benefit of enabling real-time protection in antivirus management?

A) It speeds up system scans
B) It reduces the need for scheduled scans
C) It monitors files and processes for suspicious behavior
D) It automatically updates virus definitions
Answer: C) It monitors files and processes for suspicious behavior

71. Why is user education an important aspect of antivirus management?

A) To configure firewall settings
B) To ensure router compatibility
C) To prevent malware infections
D) To enable WPA3 encryption
Answer: C) To prevent malware infections

72. Which encryption standard is recommended for Wi-Fi security?

A) WPA2
B) WEP
C) WPA3
D) None of the above
Answer: C) WPA3

12 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

73. What is the purpose of hiding the network name (SSID) in Wi-Fi security?
A) To increase network speed
B) To prevent unauthorized access
C) To enable MAC address filtering
D) To minimize router firmware updates
Answer: B) To prevent unauthorized access

74. How does MAC address filtering contribute to Wi-Fi security?

A) By hiding the network name (SSID)
B) By encrypting network traffic
C) By restricting access to specific devices
D) By enabling guest networks
Answer: C) By restricting access to specific devices

75. What is the purpose of using a VPN in Wi-Fi security?

A) To disable firewall settings
B) To enable WPS
C) To encrypt internet traffic on public networks
D) To monitor network logs
Answer: C) To encrypt internet traffic on public networks

76. What is the first step in creating a basic security policy?

A) Implement Permissions
B) Define Security Policies
C) Conduct a Risk Assessment
D) Employee Training
Answer: C) Conduct a Risk Assessment

77. Which principle advocates giving users only the necessary permissions to perform their
tasks?
A) Least Privilege
B) Separation of Duties
C) Role-Based Access Control
D) Access Control Policies
Answer: A) Least Privilege

78. What is the purpose of defining data encryption policies in a security policy?
A) To enforce password guidelines
B) To specify roles and permissions
C) To determine how often systems should be updated
D) To specify when and where encryption should be applied to sensitive data
Answer: D) To specify when and where encryption should be applied to sensitive data

13 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)

CYBER SECURITY

79. How can access controls be enforced in a security policy?

A) Through regular audits and updates
B) By implementing user roles
C) Through employee training
D) Using tools like access control lists (ACLs) or Role-Based Access Control (RBAC)
Answer: D) Using tools like access control lists (ACLs) or Role-Based Access Control (RBAC)

80. Why is it important to periodically review and update security policies and permissions?
A) To educate employees about security policies
B) To align security policies with relevant regulations and standards
C) To implement data encryption policies
D) To conduct a risk assessment
Answer: B) To align security policies with relevant regulations and standards

14 Prof. Satish Malayi (KLE’s SSMS BCA ATHANI)