| Q1 | Which of the following committees is non-mandatory to be constituted by listed company? [ 2 Marks ] (a) Share Transfer Committee (b) Shareholders/Investors Grievance Committee (c) Remuneration Committee (d) Audit Committee (e) I am not attempting the question | |
| Q2 | State which of the following is false? As per the Chapter XI of the SEBI (DIP) Guidelines 2000 specifying the Guidelines for Book Building an issuer company may make an issue of securities to the public through prospectus in the following manner: [ 1 Mark ] (a) 100% of the net offer to the public (b) 100% of the net offer to the public through book building process (c) 75% of the net offer to the public through book building process and 25% at the price determined through book building (d) None of the above (e) I am not attempting the question | |
| Q3 | In case of default in repayment to small depositors, intimation of such fact should be given within ________. [ 1 Mark ] (a) 60 days from the date of default (b) three months from the date of default (c) 15 days from the date of default (d) one month from the date of default (e) I am not attempting the question | |
| Q4 | State which of the following is false? As per Chapter X of the SEBI (DIP) Guidelines 2000 stating the Guidelines for issue of debt instruments, in case of PCDs/NCDs the offer document shall contain ________________. [ 2 Marks ] (a) premium on redemption (b) premium on redemption and Yield on redemption of the PCDs/NCDs (c) period of maturity (d) redemption amount (e) I am not attempting the question | |
| Q5 | As per the SEBI (ESOS and ESPS) Guidelines 1999, ______________________. [ 2 Marks ] (a) an employee who is a promoter or belongs to the promoter group shall not be eligible to participate in the ESPS (b) an employee who is promoter shall be eligible to participate in the ESPS (c) an employee who belongs to the promoter group shall be eligible to participate in the ESPS (d) None of the above (e) I am not attempting the question | |
| Q6 | As per the SEBI (ESOS and ESPS) Guidelines 1999 state which of the following is false? The Board of Directors shall disclose in the Director's Report the following details of the ESPS: [ 2 Marks ] (a) Diluted earnings per share (b) Earnings per share (c) Price at which the shares are issued (d) Number of shares issued in ESPS (e) I am not attempting the question | |
| Q7 | Division of capital is subject to the approval by the Tribunal. [ 2 Marks ] (a) FALSE (b) TRUE (c) I am not attempting the question | |
| Q8 | As per the SEBI (Substantial Acquisition of Shares and Takeovers) Regulations, 1997, for offers which are subject to the minimum level of acceptance and the acquirer does not want to acquire a minimum of 20%, the following percentage of the consideration payable under the public offer in cash shall be deposited in the escrow account: [ 2 Marks ] (a) 90% (b) 25% (c) 75% (d) 50% (e) I am not attempting the question | |
| Q9 | In response to the notice of removal of Mr. D, director of Company X Ltd., he sent a representation. His representation could not be sent alongwith the notice of the Annual General Meeting for want of time. Resolution for his removal was passed at that meeting. Mr. D contended that since his representation was not forwarded to all memers and directors, resolution for his removal stands invalid. Is his contention valid? [ 2 Marks ] (a) Yes, received late is no ground. (b) No, as it was received late. (c) I am not attempting the question | |
| Q10 | State which of the following is False? The Guidelines for Preferential Issues in the SEBI (DIP) Guidelines 2000 is applicable to __________. [ 1 Mark ] (a) All types of financial instruments (b) All financial instruments which would be converted into equity shares at later date (c) All financial instruments which would be exchanged into equity shares at later date (d) All equity shares (e) I am not attempting the question | |
| Q11 | As per the SEBI (DIP) Guidelines 2000, for raising of funds through public issues, the due date for the final post issue monitoring report for all issues shall be ____________. [ 2 Marks ] (a) 3rd day from the date of listing or 80 days from the date of closure of the subscription of the issue whichever is earlier (b) 3rd day from the date of listing or 50 days from the date of closure of the subscription of the issue whichever is earlier (c) 3rd day from the date of listing or 75 days from the date of closure of the subscription of the issue whichever is earlier (d) 3rd day from the date of listing or 78 days from the date of closure of the subscription of the issue whichever is earlier (e) I am not attempting the question | |
| Q12 | A shareholder, Mr. P, holding 550 shares of listed company makes an application to the company for sub-division of its shares. The company charges certain fees from Mr. P. State whether the action of the company is correct? [ 1 Mark ] (a) No (b) Yes (c) Yes, only if the fees are as agreed with the Stock Exchange. (d) Yes, only if the fees are as agreed by the member. (e) I am not attempting the question | |
| Q13 | Omission to send notice of annual General Meeting to member invalidates the resolution passed in that meeting. [ 2 Marks ] (a) FALSE (b) TRUE (c) I am not attempting the question | |
| Q14 | As per the SEBI (Substantial Acquisition of Shares and Takeovers) Regulations, 1997, any person other than an acquirer who has made the first public announcement, shall make a competitive bid within _______. [ 2 Marks ] (a) 45 days of the public announcement of the first offer (b) 21 days of the public announcement of the first offer (c) 30 days of the public announcement of the first offer (d) 14 days of the public announcement of the first offer (e) I am not attempting the question | |
| Q15 | The main object of the Securities Contracts (Regulation) Act 1956 is _________. [ 2 Marks ] (a) to protect the interest of the investors and promote and develop the securities market (b) to control the monopolistic and restrictive trade practices followed by the listed companies (c) to consolidate and amend the law relating to companies and certain other associations (d) to prevent undesirable transactions in securities by regulating the business of dealing therein (e) I am not attempting the question | |
| Q16 | Board of directors may give guarantee without being previously authorised by way of special resolution if ______________. [ 2 Marks ] (a) it has been approved by unanimous resolution of the board (b) it has been approved by the Central Government (c) it has been approved within six months (d) it has been approved within twelve months in general meeting (e) I am not attempting the question | |
| Q17 | Contracts entered into by the company before commencement of business are __________. [ 2 Marks ] (a) valid (b) voidable (c) void (d) not binding till date of commencement (e) I am not attempting the question | |
| Q18 | As per the SEBI (ESOS and ESPS) Guidelines 1999, the amount payable by the employee, if any, at the time of grant of option ____________. [ 1 Mark ] (a) may be refunded by the company if the option is not exercised by the employee within the exercise period (b) may be retained by the company in suspense account if the option is not exercised by the employee within the exercise period (c) may be forfeited by the company if the option is not exercised by the employee within the exercise period (d) None of the above (e) I am not attempting the question | |
| Q19 | As per Chapter X of the SEBI (DIP) Guidelines 2000 stating the Guidelines for issue of debt instruments, where the company desires to rollover the debentures issued by it, it shall file ____________, a copy of the notice of the resolution, to be sent to the debenture-holders for the purpose, through merchant banker, prior to dispatching the same to the debenture-holders. [ 1 Mark ] (a) with SEBI (b) with Registrar of Companies (c) with Debenture Trustees (d) None of the above (e) I am not attempting the question | |
| Q20 | As per Chapter X of the SEBI (DIP) Guidelines 2000 specifying the guidelines for issue of capital by Designated Financial Institutions (DFIs), if a DFI fails to meet the criteria of maintenance of Debt - Equity ratio (DER) and Notional Debt Service Coverage Ratio (NDSCR), no dividend shall be declared by such DFI for the relevant year except with the approval of the trustees and the rate of dividend shall not exceed ____________. [ 2 Marks ] (a) 15% (b) 20% (c) 5% (d) 10% (e) I am not attempting the question | |
| Q21 | Notice of meeting of annual General Meeting need not be issued to the auditor of the company. [ 2 Marks ] (a) TRUE (b) FALSE (c) I am not attempting the question | |
| Q22 | As per the Guidelines for Preferential Issues in the SEBI (DIP) Guidelines 2000, the details of unutilised monies shall be disclosed out of the preferential issue proceeds _____________. [ 2 Marks ] (a) under the head sources of funds (b) need not be disclosed (c) under separate head in the balance sheet (d) as per Schedule VI of the Companies Act 1956 (e) I am not attempting the question | |
| Q23 | As per the SEBI (Substantial Acquisition of Shares and Takeovers) Regulations, 1997, SEBI shall forward the application of exemption to the Takeover Panel within __________. [ 1 Mark ] (a) 15 days of the receipt of the application (b) 10 days of the receipt of the application (c) 5 days of the receipt of the application (d) 20 days of the receipt of the application (e) I am not attempting the question | |
| Q24 | The resolution to be passed, in terms of section 81(1A) with respect to pricing of shares arising out of warrants etc., as per the Guidelines for referential Issues in the SEBI (DIP) Guidelines 2000, is required to clearly specify __________. [ 1 Mark ] (a) the specified date (b) the date of the resolution (c) the relevant date (d) the date on which the holder of warrants is entitled to apply for the shares (e) I am not attempting the question | |
| Q25 | What are the functions to be performed by the chairman of the Audit Committee to comply with the provisions of the listing agreement? [ 2 Marks ] (a) To be present at the Board meeting where the minutes of the Audit committee are placed for approval. (b) To be an independent director and to be present at the Annual General meeting. (c) To carry out audit of auditors. (d) I am not attempting the question | |
| Q26 | The information about the transfer of securities in the name of the beneficial owners has to be furnished ______________. [ 1 Mark ] (a) by the depository to the beneficial owner (b) by the depository to the issuer (c) by the beneficial owner to the depository (d) by the issuer to the depository (e) I am not attempting the question | |
| Q27 | From the below mentioned persons, who can become independent director of Tamarind Ltd? [ 2 Marks ] (a) Mr. Lakshman, as he holds 1.5% of the equity shares of the company having voting rights. (b) Mr. Ghanshyam, as he is supplier of the company's major raw material. (c) Mr. Shyam, as he is an executive of the company for last 5 financial years. (d) Mr. Ram, as he is Executive Director of Tamarind Ltd.'s subsidiary. (e) I am not attempting the question | |
| Q28 | A listed company is required to send statement to the Stock Exchange explaining the reasons to the Stock Exchange along with the Review Report in the following case: [ 2 Marks ] (a) No statement is required to be send. (b) If there has been delay in sending the Review Report. (c) If the Review Report has certain qualifications or adverse remarks by the Auditors. (d) If any item in the quarterly unaudited results varies by 20% or more from the respective half yearly results. (e) I am not attempting the question | |
| Q29 | As per the SEBI (Substantial Acquisition of Shares and Takeovers) Regulations, 1997 with respect to bailout takeovers, the company being taken over shall be appraised taking into account the _________. [ 2 Marks ] (a) Financial viability (b) Technical viability (c) None of the above (d) I am not attempting the question | |
| Q30 | State which of the following is false? As per the SEBI (DIP) Guidelines 2000, for raising of funds through public issues, the lead merchant banker shall ensure that the following are complied with in the research reports ___________. [ 2 Marks ] (a) risk factors are not reproduced (b) research report is based on the published information contained in the offer document (c) advertisement code is observed (d) None of the above (e) I am not attempting the question | |
| Q31 | State which of the following is True? The Compensation Committee with respect to ESOS shall frame suitable policies and systems to ensure that there is no violation of __________. [ 1 Mark ] (a) SEBI (Issue of Sweat Equity) Regulations 2002 (b) SEBI (Merchant Bankers) Regulations 1992 (c) SEBI (Substantial Acquisition of Shares and Takeovers) Regulations 1997 (d) SEBI (Prohibition of Insider Trading) Regulations 1992 (e) I am not attempting the question | |
| Q32 | As per the Guidelines on Initial Public Offers through the Stock Exchange on-line system in the SEBI (DIP) Guidelines 2000, the Registrar to the Issue having electronic connectivity with the Stock Exchange through which the securities are offered under the system shall be appointed by _____________. [ 2 Marks ] (a) The Lead Manager (b) The Stock Exchange (c) The Merchant Banker (d) The Company (e) I am not attempting the question | |
| Q33 | Which of the following term is defined under the Depository Act 1996? [ 1 Mark ] (a) Record (b) Certificate (c) Scheme (d) Contract (e) I am not attempting the question | |
| Q34 | As per the Guidelines for Preferential Issues in the SEBI (DIP) Guidelines 2000 in case of allotment of shares and securities convertible into equity shares at later date on preferential basis pursuant to scheme of corporate debt restructuring as per the Corporate Debt Restructuring framework specified by the Reserve Bank of India such preferential issues shall be made fully paid up _________. [ 2 Marks ] (a) at the date of the resolution (b) at the time of their allotment (c) at the time of their issue (d) the guidelines do not apply (e) I am not attempting the question | |
| Q35 | As per the Guidelines for Preferential Issues in the SEBI (DIP) Guidelines 2000 the details of all monies utilised out of the preferential issue proceeds shall be disclosed ________. [ 2 Marks ] (a) under an appropriate head in the balance sheet of the company (b) under the head application of funds (c) need not be disclosed (d) as per Schedule VI of the Companies Act 1956 (e) I am not attempting the question | |
| Q36 | In case of public company member can appoint only one proxy. [ 2 Marks ] (a) FALSE (b) TRUE (c) I am not attempting the question | |
| Q37 | As per the SEBI (ESOS and ESPS) Guidelines 1999, the expected life of ESOSs should not be less than _______________. [ 2 Marks ] (a) quarter of the exercise period of the ESOSs issued (b) three-quarters of the exercise period of the ESOSs issued (c) one and half of the exercise period of the ESOSs issued (d) half of the exercise period of the ESOSs issued (e) I am not attempting the question | |
| Q38 | Securities Appellate Tribunal SAT means ___________. [ 2 Marks ] (a) SAT established under Section 23 of the Securities Contracts (Regulation) Act 1956 (b) SAT established under Section 15K of the SEBI Act 1992 (c) SAT established under Section 22 of the Securities Contracts (Regulation) Act 1956 (d) SAT established under Section 15K of the Securities Contracts (Regulation) Act 1956 (e) I am not attempting the question | |
| Q39 | As per Chapter X of the SEBI (DIP) Guidelines 2000 stating the Guidelines for issue of debt instruments, redemption of debentures shall be made by the issuer company ___________. [ 1 Mark ] (a) as per the decision of the Debenture Trustee (b) as per the offer document (c) as per the debenture trust deed (d) as per the decision of the issuer company (e) I am not attempting the question | |
| Q40 | One of the powers of the SAT is __________. (Strike off the odd one) [ 2 Marks ] (a) delist the securities of any company from the Recognised Stock Exchange (b) review its decisions (c) receive evidence on affidavits (d) issuing Commissions for the examination of witnesses or documents (e) I am not attempting the question | |
| Q41 | As per Chapter X of the SEBI (DIP) Guidelines 2000 specifying the guidelines for issue of capital by Designated Financial Institutions (DFIs), the name of the trustee / agent shall be stated in the offer document and the trust deed or any other documents for the purpose shall be executed ____________. [ 2 Marks ] (a) within two months of the closure of the issue (b) within four months of the closure of the issue (c) within three months of the closure of the issue (d) within six months of the closure of the issue (e) I am not attempting the question | |
| Q42 | As per Chapter X of the SEBI (DIP) Guidelines 2000 specifying the guidelines for issue of capital by Designated Financial Institutions (DFIs), the maximum target amount specified in the prospectus shall not exceed __________. [ 2 Marks ] (a) four times the minimum target amount (b) thrice the minimum target amount (c) twice the minimum target amount (d) five times the minimum target amount (e) I am not attempting the question | |
| Q43 | State which of the following is false? As per the Chapter XI of the SEBI (DIP) Guidelines 2000 specifying the Guidelines for Book Building, the advertisement shall contain the following: [ 1 Mark ] (a) The names and addresses of the syndicate members as well as the bidding terminals for accepting the bids. (b) The method and process of bidding. (c) The net offer to the public. (d) The date of opening and closing of the bidding. (e) I am not attempting the question | |
| Q44 | The concerned Recognised Stock Exchange shall lose its recognition if ________. (Select the odd one) [ 1 Mark ] (a) the scheme of corporatisation and demutualisation has been rejected (b) it fails to submit the scheme of corporatisation or demutualization (c) SEBI so publishes order in the Official Gazette (d) it has not been corporatised or demutualised (e) I am not attempting the question | |
| Q45 | As per the SEBI (DIP) Guidelines 2000, for raising of funds through public issues, ensuring that the basis of allotment is finalized in fair and proper manner is the responsibility of the ____________. [ 2 Marks ] (a) Managing Director of the Designated Stock Exchange (b) Bankers to the issue (c) SEBI (d) Brokers to the issue (e) I am not attempting the question | |
| Q46 | As per Clause 42 of the listing agreement, state whether any condition precedent is required to be complied by a listed company for issue of new securities? [ 2 Marks ] (a) Yes, to deposit with the Stock Exchange the prescribed amount, before opening the subscription list. (b) None (c) Yes, to promptly notify the Stock Exchange. (d) I am not attempting the question | |
| Q47 | The Court shall take cognizance of the offence punishable under the Depository Act 1996 on complaint made by ___________. [ 1 Mark ] (a) Central Government (b) SEBI (c) State Government (d) Any of the above (e) I am not attempting the question | |
| Q48 | As per the SEBI (Substantial Acquisition of Shares and Takeovers) Regulations, 1997, no acquirer shall acquire shares or voting rights, through market purchases and preferential allotment pursuant to a resolution passed under section 81 of the Companies Act, 1956 or any other applicable law, which (taken together with shares or voting rights, if any, held by him or by persons acting in concert with him), entitle such acquirer to exercise more than ___________. [ 1 Mark ] (a) fifty five per cent of the voting rights in the company (b) fifty four per cent of the voting rights in the company (c) seventy four per cent of the voting rights in the company (d) fourteen per cent of the voting rights in the company (e) I am not attempting the question | |
| Q49 | State which of the following is true? As per the Chapter XI of the SEBI (DIP) Guidelines 2000 specifying the Guidelines for Book Building, _________. [ 1 Mark ] (a) the book runner is required to enter into an underwriting agreement with the issuer company (b) the book runner is required to enter into an underwriting agreement with SEBI (c) the book runner is required to enter into an underwriting agreement with Stock Exchange (d) None of the above (e) I am not attempting the question | |
| Q50 | As per the listing agreement, the Chairman of which Committees should be present at the Annual General meetings of the company? [ 2 Marks ] (a) Remuneration Committee (b) Audit Committee and Remuneration Committee (c) Shareholders Grievance Committee (d) Only Audit Committee (e) I am not attempting the question | |
| Q51 | Every recognised stock exchange shall furnish copy of Annual Report to ______. [ 1 Mark ] (a) SEBI and Central Government (b) SEBI (c) Central Government (d) State Government (e) I am not attempting the question | |
| Q52 | Recognised Stock Exchange may make rules or amend rules to provide for the following matters: (Select the odd one) [ 2 Marks ] (a) Restriction of voting rights to members only in respect of the matter placed before the Stock Exchange at any meeting (b) Regulation of voting rights in respect of any matter placed before the stock exchange at any meeting (c) Restriction on the right of member to appoint another person as his proxy to attend and vote at meeting of the stock exchange (d) None of the above (e) I am not attempting the question | |
| Q53 | Who has been authorised under the Depository Act 1996 to make Rules? [ 2 Marks ] (a) Securities Appellate Tribunal (b) Central Government (c) SEBI (d) Depositories (e) I am not attempting the question | |
| Q54 | As per the Guidelines for Preferential Issues in the SEBI (DIP) Guidelines 2000 locked in shares/instruments may be transferred __________. [ 2 Marks ] (a) subject to continuation of lock-in, in the hands of transferee(s) for the remaining period (b) subject to continuation of lock-in in the hands of transferee(s) for one year (c) subject to continuation of lock-in in the hands of transferee(s) for four years (d) subject to continuation of lock-in in the hands of transferee(s) for three years (e) I am not attempting the question | |
| Q55 | State which of the following is false? As per the SEBI (DIP) Guidelines 2000, for raising of funds through public issues, any unsubscribed portion in any reserved category ___________. [ 2 Marks ] (a) may not be added back to any other reserved category (b) may be added back to the net offer to the public (c) may be added back to any other reserved category (d) None of the above (e) I am not attempting the question | |
| Q56 | As per the SEBI (Substantial Acquisition of Shares and Takeovers) Regulations, 1997, any person aggrieved by an order of SEBI may prefer an appeal to ______. [ 2 Marks ] (a) Securities Appellate Tribunal (b) High Court (c) Supreme Court (d) None of the above (e) I am not attempting the question | |
| Q57 | For implementation of ESOS and ESPS as per the SEBI (ESOS and ESPS) Guidelines 1999, till the stage of framing the ESOS/ESPS and obtaining the in-principal approval from the stock exchange the company shall appoint a ______________. [ 2 Marks ] (a) registered banker (b) registered merchant banker (c) registered stock broker (d) registered portfolio manager (e) I am not attempting the question | |
| Q58 | State which of the following is false? As per the SEBI (DIP) Guidelines 2000, for raising of funds through public issues 'Qualified Institutional Buyer' shall mean ____________. [ 1 Mark ] (a) provident funds with minimum corpus of Rs. 15 crores (b) scheduled commercial banks (c) mutual funds (d) public financial institution as defined in section 4 of the Companies Act 1956 (e) I am not attempting the question | |
| Q59 | Alongwith the quarterly unaudited financial results the company is required to publish segment wise revenue results and capital employed. In case of segment operations which are primarily of financial nature in such segment results indicate ____________. [ 2 Marks ] (a) profit/loss after tax and after interest and the interest shall not include the interest pertaining to such segment (b) profit/loss before tax and after interest and the interest shall not include the interest pertaining to such segment (c) profit/loss before tax and interest and the interest shall not include the interest pertaining to such segment (d) I am not attempting the question | |
| Q60 | As per the SEBI (DIP) Guidelines 2000, for raising of funds through public issues the outstanding underwriting commitments of merchant banker shall not exceed ___________. [ 1 Mark ] (a) 30 times its net worth at any point of time (b) 25 times its net worth at any point of time (c) 20 times its net worth at any point of time (d) 10 times its net worth at any point of time (e) I am not attempting the question | |
| Information Security Auditors Module - (Part 1) | |||
| Maximum Marks: 100 | Pass Marks: | 60 | |
| Test Duration: 120 minutes | Time Left: | 119:54 minutes | |
| Q1 | Which areas offer protection under the Copyright Act? [ 1 Mark ] (a) Original Literary Work (b) Original Musical Work (c) Computer Programme (d) All of the above. (e) I am not attempting the question | |
| Q2 | Which of the following describes a structured walk-through test? [ 1 Mark ] (a) All departments receive a copy of the disaster recovery plan and walk through it. (b) Representatives from each department come together and go through the test collectively. (c) It is performed to ensure that critical systems will run at the alternate site. (d) Normal operations are shut down. (e) I am not attempting the question | |
| Q3 | Why is cascading revoke not always desirable? [ 1 Mark ] (a) Because it compromises the system security. (b) Because it leads to unnecessary revokes. (c) Because it hampers the system performance (d) Because it violates database rules. (e) I am not attempting the question | |
| Q4 | Which access control technique secures information by assigning sensitivity levels to data? [ 1 Mark ] (a) RBAC (b) MAC (c) DAC (d) Biba (e) I am not attempting the question | |
| Q5 | Which of the following is TRUE about primary markets? [ 1 Mark ] (a) Primary markets is the place where public can buy and sell securities with one another. (b) Primary markets are places where only short term instruments are traded (c) Primary markets are markets where commodities are sold. (d) Primary markets refer to the direct solicitation of funds from the public by companies. (e) I am not attempting the question | |
| Q6 | The _________issued by SEBI aim to secure fuller disclosure of the relevant information about the issuer and the nature of issue so that the investors can take informed decision. [ 1 Mark ] (a) Disclosure and Investor Protection Guidelines (b) SC(R)A (c) SEBI (Stock Brokers and Sub brokers) Rules (d) SEBI (Prohibition of Fraudulent and Unfair Trade Practices Relating to Securities Markets) regulations (e) I am not attempting the question | |
| Q7 | Stock Broker as per the SEBI (Stock Brokers and Sub-brokers) Rules, 1992 means __________. [ 2 Marks ] (a) a member of the Board (b) a member of the Clearing Corporation (c) a member of the Stock Exchange (d) a member of the Clearing House (e) I am not attempting the question | |
| Q8 | Business continuity does not replace _____________. [ 1 Mark ] (a) Facilities (b) Insurance (c) Interruption (d) Product (e) I am not attempting the question | |
| Q9 | According to IT Act what is/are offences pertaining to computer, computer network or computer program? [ 1 Mark ] (a) Securing access to somebody else's computer. (b) Intentionally concealing the computer source code (c) Intentionally altering the data (d) All of the above (e) I am not attempting the question | |
| Q10 | Which of the following is not true about offer of shares through normal public issue? [ 2 Marks ] (a) In normal Public issue, investors bid for shares at the floor price or above and after the Closure of the process the price is determined for allotment of shares. (b) In case of the normal public issue the demand for an issue is known at the close of the issue. (c) In case of offer of shares through normal public issue price at which securities will be allotted is known to an investor in advance. (d) None of the above (e) I am not attempting the question | |
| Q11 | Under copyright act, a copyright office for this purpose is a must [ 1 Mark ] (a) Also requestions[ires a secluded location. (b) And can have more then one offices if requestions[ired. (c) FALSE (d) TRUE (e) I am not attempting the question | |
| Q12 | Which Risk Management methodology uses the exposure factor multiplied by the asset value to determine its outcome? [ 1 Mark ] (a) Information Risk Management (b) Annualized Loss Expectancy (c) Single Loss Expectancy (d) Annualized Rate of Occurrence (e) I am not attempting the question | |
| Q13 | On NSE's options market, until the buyer pays in the premium, the premium due is deducted from the available _________ on a real time basis. [ 1 Mark ] (a) cash deposit (b) liquid net worth (c) cash and non-cash deposit (d) effective deposit (e) I am not attempting the question | |
| Q14 | Find the odd one [ 1 Mark ] (a) GRANT (b) CASCADE (c) REVOKE (d) INSERT (e) I am not attempting the question | |
| Q15 | Which of the following best describes what a disaster recovery plan should contain? [ 1 Mark ] (a) Software, media interaction, people, hardware, management issues. (b) Hardware, software, people, emergency procedures, recovery procedures. (c) People, hardware, offsite facility. (d) Hardware, emergency procedures, software, identified risk. (e) I am not attempting the question | |
| Q16 | Which term best suits the statement 'tracks what the user did and when they did it'? [ 2 Marks ] (a) Accounting (b) Authorization (c) Authentication (d) Validation (e) I am not attempting the question | |
| Q17 | An at-the-money option contract would generate __________upon exercise for the buyer. [ 1 Mark ] (a) positive cash flow (b) specified amount of cash flow (c) no cash flow (d) negative cash flow (e) I am not attempting the question | |
| Q18 | The most risk from a disaster occurs when there is __________. [ 1 Mark ] (a) Low Probability and High Vulnerability (b) High Probability and Low Vulnerability (c) High Probability and High Vulnerability (d) Low Probability and Low Vulnerability (e) I am not attempting the question | |
| Q19 | To get proper management support and approval of the plan, a business case must be made. Which of the following is least important to this business case? [ 1 Mark ] (a) How other companies are dealing with these issues. (b) The impact the company can endure if a disaster hits. (c) Regulatory and legal requirements. (d) Company vulnerabilities to disasters and disruptions. (e) I am not attempting the question | |
| Q20 | What factor/s affect the interest rate? [ 1 Mark ] (a) Supply of money (b) Government borrowings (c) Inflation rate (d) All of the above. (e) I am not attempting the question | |
| Q21 | Which of the following describes a parallel test? [ 1 Mark ] (a) Normal operations are shut down. (b) Representatives from each department come together and go through the test collectively. (c) All departments receive a copy of the disaster recovery plan and walk through it. (d) It is performed to ensure that some systems will run at the alternate site. (e) I am not attempting the question | |
| Q22 | Which is the principal Act that governs the trading in securities market in India? [ 1 Mark ] (a) Securities Contracts (Regulation) Act, 1956 (b) SEBI Act, 1992 (c) Depositories Act, 1996 (d) Companies Act, 1956 (e) I am not attempting the question | |
| Q23 | Who issues the registration to a Mutual Fund in India? [ 1 Mark ] (a) Only SEBI (b) SEBI for all types of Mutual Funds and additional permission from RBI in case of a Mutual Fund being a subsidiary of a bank. (c) RBI for all types of Mutual Funds and additional permission from SEBI in case of a Mutual Fund being a subsidiary of a bank. (d) Only RBI. (e) I am not attempting the question | |
| Q24 | What is the Maximum Tolerable Downtime (MTD)? [ 1 Mark ] (a) Minimum elapsed time requeired to complete recovery of application data. (b) Maximum elapsed time requeired to move back to primary site after a major disruption. (c) It is maximum delay businesses can tolerate and still remain viable. (d) Maximum elapsed time requestions[ired to complete recovery of application data. (e) I am not attempting the question | |
| Q25 | State which of the following is false? The following dealings as per the SEBI (Prohibition of Fraudulent and Unfair Trade Practices relating to Securities Market) Regulations, 2003 are prohibited _________. [ 1 Mark ] (a) employing any manipulative device to defraud in connection with the issue of securities (b) buying, selling or otherwise dealing in securities (c) engaging in any act which would deceive a person in connection with the issue of securities (d) employing any device to defraud in connection with dealing in any securities listed on a recognized stock exchange (e) I am not attempting the question | |
| Q26 | What are the punishments for a criminal offence under the copyright law? [ 1 Mark ] (a) Imprisonment for six months with the minimum fine of Rs. 100,000/-. (b) Imprisonment for ten months with the minimum fine of Rs. 50,000/-. (c) Imprisonment for six months with the minimum fine of Rs. 50,000/-. (d) Imprisonment for six years with the minimum fine of Rs. 25,000/-. (e) I am not attempting the question | |
| Q27 | Which of the following statements correctly describes passwords? [ 1 Mark ] (a) They are the least expensive and most secure. (b) They are the most expensive and least secure. (c) They are the most expensive and most secure (d) They are the least expensive and least secure. (e) I am not attempting the question | |
| Q28 | What is the specialty of RADIUS server? [ 1 Mark ] (a) System allows multiple logons (b) User given permanent authentication (c) Information never sent on network (d) User friendly (e) I am not attempting the question | |
| Q29 | Which of the following teams should not be included in an organization's contingency plan? [ 1 Mark ] (a) Damage assessment team (b) Legal affairs team (c) Hardware salvage team (d) Tiger team (e) I am not attempting the question | |
| Q30 | According to IT Act, RBI has prescribed which system for authentication purpose? [ 1 Mark ] (a) Hash function (b) Asymmetric crypto system and Hash function (c) Asymmetric crypto system (d) Symmetric crypto system and Hash function (e) I am not attempting the question | |
| Q31 | A password is mainly used for what function? [ 1 Mark ] (a) Authentication (b) Authorizations (c) Identity (d) Registration (e) I am not attempting the question | |
| Q32 | Which one of the offence deems fit to be punished according to IT Act of India? [ 1 Mark ] (a) Introducing a computer contaminant (b) Disruption of computer networks (c) Lascivious material published in electronic form (d) All of the above. (e) I am not attempting the question | |
| Q33 | Which is a punishable offence according to IT Act of India? [ 1 Mark ] (a) Digital transmission (b) Penetration Testing (c) Hacking (d) Ethical hacking (e) I am not attempting the question | |
| Q34 | Clark-Wilson model differs from the other models in what way? [ 1 Mark ] (a) Introducing a third access element-programs. (b) Introducing a third access element procedures (c) Is safest among all the models. (d) Is the only model that focuses on integrity. (e) I am not attempting the question | |
| Q35 | Which can you relate to a disaster? [ 1 Mark ] (a) Event that results a business going out of business. (b) Event that results in death. (c) Event that results serious injury. (d) None of the above. (e) I am not attempting the question | |
| Q36 | Derivative includes:A) A security derived from a debt instrument, share, loan whether secured or unsecured, risk Instrument or contract for differences or any other form of security.B) A contract which derives its value from the prices, or index or prices, of underlying securities. [ 1 Mark ] (a) Both (A) and (B) (b) Only A (c) Only B (d) Neither (A) nor (B). (e) I am not attempting the question | |
| Q37 | Which among the following is the Business Recovery Strategy in BCP process? [ 1 Mark ] (a) Back-Up Recovery (b) Environment Failure Recovery (c) Business Functions Recovery (d) Facility Recovery (e) I am not attempting the question | |
| Q38 | What is the most important biometric system characteristic? [ 1 Mark ] (a) Acceptability of users (b) Reliability (c) Speed and throughput (d) Enrollment Time (e) I am not attempting the question | |
| Q39 | What does continuity of operations plan focus on? [ 1 Mark ] (a) Outlining of roles and authorities, orders of succession, and individual role tasks. (b) Focuses on how to recover various IT mechanisms after a disaster. (c) Planning for systems, networks, and major applications recovery procedures after disruptions (d) Establishing personnel safety and evacuation procedures. (e) I am not attempting the question | |
| Q40 | Pertaining to IT Act what rules can central government make with respect of digital signature? [ 1 Mark ] (a) The type of digital signature. (b) The manner and format in which the digital signature shall be affixed. (c) Any other matter which is necessary to give legal effect to digital signatures. (d) All of the above. (e) I am not attempting the question | |
| Q41 | What is the maximum number of depository accounts that can be opened by an investor? [ 1 Mark ] (a) Only one account with a particular depository participant. (b) One account only (c) There is no restriction on the number of accounts an investor can open. (d) It depends on his Net Worth. (e) I am not attempting the question | |
| Q42 | In case of default in repayment to small depositors, intimation of such fact should be given within ________. [ 2 Marks ] (a) one month from the date of default (b) 60 days from the date of default (c) 15 days from the date of default (d) three months from the date of default (e) I am not attempting the question | |
| Q43 | Exchange Traded Derivatives has been introduced in Indian Financial Market by ________. [ 1 Mark ] (a) NSCCL (b) RBI (c) NSDL (d) SEBI (e) I am not attempting the question | |
| Q44 | __________ model enables the owner of the resource to specify what subjects can access specific Resources [ 1 Mark ] (a) Role-based Access Control (b) Sensitive Access Control (c) Discretionary Access Control (d) Mandatory Access Control (e) I am not attempting the question | |
| Q45 | As per the SEBI (ESOS and ESPS) Guidelines 1999, _____________. [ 1 Mark ] (a) an employee who is a promoter or belongs to the promoter group shall not be eligible to participate in the ESPS (b) an employee who is promoter shall be eligible to participate in the ESPS (c) an employee who belongs to the promoter group shall be eligible to participate in the ESPS (d) None of the above (e) I am not attempting the question | |
| Q46 | Principal officer as per the SEBI (Underwriters) Regulations, 1993 means _________. [ 1 Mark ] (a) any person connected with the management of the firm where the firm has stated that he is the principal officer (b) any person connected with the management of the firm upon whom the Board has served a notice of its intention to treat him as principal officer (c) any person connected with the administration of the firm (d) any person connected with the administration of the firm where the firm has stated that he is the principal officer (e) I am not attempting the question | |
| Q47 | Which one among these is a access control device? [ 2 Marks ] (a) NIC (b) Mouse (c) Scanner (d) Smart Card (e) I am not attempting the question | |
| Q48 | Which of the following is an issue with signature-based intrusion detection systems? [ 1 Mark ] (a) Hackers can circumvent signature evaluations. (b) Previously defined attack signatures often evolve making the signatures invalid. (c) Signature databases must be augmented with inferential elements. (d) Only previously identified attack signatures are detected. (e) I am not attempting the question | |
| Q49 | Premium Margin is levied at _________ level [ 1 Mark ] (a) clearing member (b) broker (c) trading member (d) client (e) I am not attempting the question | |
| Q50 | What does SEBI do? [ 1 Mark ] (a) It facilitates a high level of control and in-depth monitoring of security markets. (b) It enters into dealings in securities in which dealings are not permitted. (c) It ensures that the integrity of the exchanged data is maintained at all times. (d) It can frame or issue rules, regulations, directives, guidelines, and norms in respect of primary markets and secondary markets. (e) I am not attempting the question | |
| Q51 | The Court shall take cognizance of the offence punishable under the Depository Act 1996 on complaint made by ___________. [ 1 Mark ] (a) SEBI (b) Central Government (c) State Government (d) Any of the above. (e) I am not attempting the question | |
| Q52 | Who is responsible to make avoid, mitigate, or absorb risk decisions? [ 1 Mark ] (a) Management (b) Damage assessment team (c) Planner (d) Security Team (e) I am not attempting the question | |
| Q53 | In Business Continuity Planning, RPO stands for ______________. [ 1 Mark ] (a) Recovery Point Objective (b) Random Position Objective (c) Run Projection Outage (d) Round Point Objection (e) I am not attempting the question | |
| Q54 | What does disaster recovery plan focus on? [ 1 Mark ] (a) Establishing personnel safety and evacuation procedures. (b) Planning for systems, networks, and major applications recovery procedures after disruptions. (c) Outlining of roles and authorities, orders of succession, and individual role tasks. (d) Focuses on how to recover various IT mechanisms after a disaster. (e) I am not attempting the question | |
| Q55 | In IT Act what does legal recognition of digital signatures pertains to? [ 1 Mark ] (a) That information or any other matter shall be authenticated by affixing the signature. (b) That information or any other matter shall be sent only by email. (c) That information or any other matter shall be legally assigned. (d) That data or any other matter shall contain signature. (e) I am not attempting the question | |
| Q56 | A firewall located between the Internet and your organization's private network is called a __________. [ 1 Mark ] (a) Departmental LAN firewall (b) VPN gateway (c) Proxy (d) Network perimeter firewall (e) I am not attempting the question | |
| Q57 | Profit and Loss account of a company shows __________. [ 1 Mark ] (a) the revenues and expenses during particular period of time (b) the revenues and expenses of the company at a particular point of time (c) the financial position of the company at a particular point of time (d) None of the above. (e) I am not attempting the question | |
| Q58 | The information about the transfer of securities in the name of the beneficial owners has to be furnished _________. [ 1 Mark ] (a) by the beneficial owner to the depository (b) by the issuer to the depository (c) by the depository to the beneficial owner (d) by the depository to the issuer (e) I am not attempting the question | |
| Q59 | Which of the following is FALSE about the NEAT system? [ 1 Mark ] (a) The identity of the trading member is revealed to make the system transparent. (b) This system enables members from across the country to trade simultaneously with enormous ease and efficiency (c) A member punches into the computer questions[antities of securities and the price at which he wants to transact. (d) The transaction is executed through the mainframe computer of the exchange as soon as the order punched by the user finds a matching sale or buy order from a counter party. (e) I am not attempting the question | |
| Q60 | Name the team/s that should be properly trained and available if a disaster hits? [ 2 Marks ] (a) Relocation team (b) Legal team (c) Security team (d) All of the above. (e) I am not attempting the question | |
| Q61 | Which access control model is also called non-discretionary access control? [ 2 Marks ] (a) Role-based access control (b) Mandatory access control (c) Rule-based access control (d) Label-based access control (e) I am not attempting the question | |
| Q62 | The goal of business continuity and disaster recovery is to __________. [ 1 Mark ] (a) mitigate business impact (b) mitigate operational impact (c) mitigate financial impact (d) All of the above. (e) I am not attempting the question | |
| Q63 | Which access control technice restricts information based on the authorization granted to a particular user? [ 2 Marks ] (a) DAC (b) RBAC (c) MAC (d) Biba (e) I am not attempting the question | |
| Q64 | SEBI administers the provisions of the Companies Act, 1956 in respect of __________. [ 1 Mark ] (a) inter corporate loans and investments (b) holding of the annual general meeting (c) issue and transfer of securities and non-payment of dividend (d) acceptance of deposits (e) I am not attempting the question | |
| Q65 | Which of the following are the two most well known access control models? [ 2 Marks ] (a) Bell LaPadula and Biba (b) Bell LaPadula and Chinese war (c) Lattice and Biba (d) Bell LaPadula and Info Flow (e) I am not attempting the question | |
| Q66 | Which of the following is not a SSO access approach? [ 1 Mark ] (a) The clients (b) Kerberos (c) Discretionary (d) Scripts (e) I am not attempting the question | |
| Q67 | Which of the following is not an advantage of a hot site? [ 1 Mark ] (a) Offers many hardware and software choices. (b) Is readily available. (c) Annual testing is available. (d) Can be up and running in hours. (e) I am not attempting the question | |
| Q68 | With respect to Copyright, what is adaptation? [ 1 Mark ] (a) The preparation of a new work in the same or different form based upon an already existing work. (b) A member of copyright board getting familiar to his new role. (c) The migration procedure of registrar and chairman of copyright board. (d) None of the above (e) I am not attempting the question | |
| Q69 | _________ is a sequence of characters that is usually longer than the allotted number for a password. [ 1 Mark ] (a) Passphrase (b) Anticipated phrase (c) Real phrase (d) Congnitive phrase (e) I am not attempting the questions | |
| Q70 | What does authentication mean? [ 1 Mark ] (a) Validating a user (b) Registering a user (c) Identifying a user (d) Authorizing a user (e) I am not attempting the question | |
| Q71 | Any bank encountering security breaches or failure of security system's should ________. [ 1 Mark ] (a) report to Reserve Bank of India (b) close all its online transaction's (c) assign the recovery process to third party (d) inform all its branches (e) I am not attempting the question | |
| Q72 | A client/server, single sign-on is a session/user authentication where in ______. [ 1 Mark ] (a) permits a user to enter many usernames and password in order to access multiple applications (b) permits a user to enter one username and password in order to access multiple applications (c) permits a user to enter many usernames and password in order to access single application (d) permits a user to enter one username and password in order to access single application (e) I am not attempting the question | |
| Q73 | After identifying risks to the critical business functions the planners do which of the following? [ 1 Mark ] (a) Absorb Risk (b) Avoid Risk (c) Mitigate Risk (d) All of the above. (e) I am not attempting the question | |
| Q74 | As per the listing agreement, the Chairman of which Committees should be present at the Annual General meetings of the company? [ 1 Mark ] (a) Remuneration Committee (b) Only Audit Committee (c) Shareholders Grievance Committee (d) Audit Committee and Remuneration Committee (e) I am not attempting the question | |
| Q75 | Consider the following scenario: A person builds a house on an ocean beach. A storm washes away the beach. The house collapses. Disaster recovery would suggest that ___________. [ 1 Mark ] (a) rebuild the house in time for the next storm (b) building a barrier reef or moving the house farther inland (c) a storm will come ashore and damage the house (d) make sure there is someplace to live while the house is rebuilt (e) I am not attempting the question | |
| Q76 | In discretionary access control security, who has delegation authority to grant access to data? [ 1 Mark ] (a) Owner (b) User (c) Security office (d) Security policy (e) I am not attempting the question | |
| Q77 | In IT Act what is of utmost importance? [ 1 Mark ] (a)Reliable communication (b)Secure transmission (c)High degree of availability (d)Use of digital certificates (e)I am not attempting the question | |
| Q78 | Which of the following describes a cold site? [ 1 Mark ] (a)Fully equipped and operational in a few hours. (b)Partially equipped with data processing equipment. (c)Provides environmental measures but no equipment. (d)Expensive and fully configured. (e)I am not attempting the question | |
| Q79 | All members of the audit committee shall be _________ literate [ 1 Mark ] (a)financially (b)educationally (c)technologically (d)All of the above (e)I am not attempting the question | |
| Q80 | The SEBI Committee on derivatives has recommended that the exposure limits for brokers should be linked to the __________. [ 1 Mark ] (a)deposits kept by the broker with the Exchange/Clearing corporation (b)satisfactory margin payment track record of the broker (c)networth of the broker (d)daily turnover of the broker (e)I am not attempting the question | |
| Q81 | What is the reason for enforcing the separation of duties? [ 1 Mark ] (a)It induces an atmosphere for collusion. (b)It increases dependence on individuals. (c)No one person can complete all the steps of a critical activity. (d)It makes critical tasks easier to accomplish. (e)I am not attempting the question | |
| Q82 | Which instrument among these is considered the most challenging and rewarding investment option, when compared to other investment options? [ 1 Mark ] (a)Treasury Bill (b)Equity (c)Bonds (d)Fixed Deposit (e)I am not attempting the question | |
| Q83 | Every recognised stock exchange shall furnish copy of Annual Report to _______. [ 1 Mark ] (a)State Government (b)SEBI (c)Central Government (d)SEBI and Central Government (e)I am not attempting the question | |
| Q84 | In MAC, what is Labeling at finer granularity? [ 1 Mark ] (a)Individual attributes of each row is labeled. (b)Individual row of each relation is labeled. (c)Individual column of each relation is labeled. (d)Individual field of each column is labeled. (e)I am not attempting the question | |
| Q85 | Firewall helps detection of virus or malicious intrusion in __________. [ 1 Mark ] (a)Real time (b)Logging (c)No alert just deny the attacker (d)All of above. (e)I am not attempting the question | |
| Q86 | Of all business process interruptions, the most devastating are ones resulting from ________. [ 1 Mark ] (a)loss of applications (b)loss of data (c)loss of hardware/software (d)loss of communication links (e)I am not attempting the question | |
| Q87 | During development, testing, and maintenance of the continuity plan, a high degree of interaction and communications is crucial to the process. Why? [ 2 Marks ] (a)This is a regulatory requirement of the process. (b)This is not crucial to the plan and should not be interactive because it will most likely affect operations. (c)The more people that talk about it and are involved, the more awareness will increase. (d)Management will more likely support it. (e)I am not attempting the question | |
| Q88 | Primarily IT Act wants digital certificates to ______________. [ 1 Mark ] (a)uniquely identify a subscriber (b)uniquely identify a certification authority (c)uniquely identify a digital signature (d)All of the above (e)I am not attempting the question | |
| Q89 | Users might have different usernames and passwords, sometimes to remember all of that is very difficult for purpose of e-commerce. Which solution is the best for this kind of scenario? [ 1 Mark ] (a)Smart Card (b)Single sign-on (c)PDA (d)Kerberos (e)I am not attempting the question | |
| Q90 | The audit committee of the holding company shall review the investments made by ________ [ 1 Mark ] (a) unlisted subsidiary companies (b) material subsidiary companies (c) subsidiary companies (d) listed subsidiary companies (e) I am not attempting the question | |
| NCFM MODEL TEST PAPER | |||
|---|---|---|---|
| Information Security Auditors Module - (Part 2) | |||
| Maximum Marks: 100 | Pass Marks: | 60 | |
| Test Duration: 120 minutes | Time Left: | 119:54 minutes | |
| Q1 | The security functionality defines the expected activities of a security mechanism, and assurance defines __________. [ 1 Mark ] (a) the confidence of the security the mechanism is providing (b) cost/benefit relationship (c) the data classification after the security mechanism has been implemented (d) the controls the security mechanism will enforce (e) I am not attempting the question | |
| Q2 | A cipher lock uses a keypad and is ___________. [ 1 Mark ] (a) Expensive (b) Programmable (c) Reliable (d) Portable (e) I am not attempting the question | |
| Q3 | What is vulnerability? [ 1 Mark ] (a) Can be leaky policy. (b) A security hole (c) An accessing data. (d) A weakness that could be exploited. (e) I am not attempting the question | |
| Q4 | __________ are objects, in form of credit cards, size memory cards or smart cards, or those resembling small calculators, that are used to supply static and dynamic passwords. [ 1 Mark ] (a) Tokens (b) Token passing network (c) Coupons (d) Token ring (e) I am not attempting the question | |
| Q5 | What will be Annualized Rate of Occurrence (ARO) of the treat 'user input error', in the case that company employs 100 data entry clerks and every one of them make one input error each month? [ 1 Mark ] (a) 1200 (b) 120 (c) 1 (d) 100 (e) I am not attempting the question | |
| Q6 | What is the formula for total risk? [ 1 Mark ] (a) {(Threats X Vulnerability ) + asset value} (b) (Threats X Vulnerability X asset value) (c) Threats + vulnerability - asset value) X controls gap (d) (Threats X vulnerability X asset value) X controls gap (e) I am not attempting the question | |
| Q7 | What is true about a transponder? [ 1 Mark ] (a) It is a passive proximity device. (b) It is a card that a user swipes through a card reader to gain access to a facility. (c) It is a card that can be read without sliding it through a card reader. (d) It exchanges tokens with an authentication server. (e) I am not attempting the question | |
| Q8 | Which type of encryption would be considered the more secured encryption method across a single link? [ 1 Mark ] (a) Link encryption (b) Transport encryption (c) End-to-end encryption (d) Tunnel encryption (e) I am not attempting the question | |
| Q9 | Although the words 'Threat' , 'Vulnerability', 'risk' and 'exposure' sounds similar which one best describes the probability of threat materializing? [ 1 Mark ] (a) Risk (b) Threat Agent (c) Vulnerability (d) Exposure (e) I am not attempting the question | |
| Q10 | Which one does not fall in Risk Assessment activity? [ 1 Mark ] (a) Treatment options (b) Reduction and Acceptance (c) Selection of security controls and risk (d) None of the above. (e) I am not attempting the question | |
| Q11 | Which of the following would not be considered an operations media control task? [ 2 Marks ] (a) Compressing and decompressing storage materials. (b) Controlling access to media and logging activities. (c) Storing backup information in a protected area. (d) Erasing data when its retention period is over. (e) I am not attempting the question | |
| Q12 | In business company's terms what is the other word for intellectual data? [ 1 Mark ] (a) Forecast information (b) Information data (c) Company profile (d) Procedure (e) I am not attempting the question | |
| Q13 | In portable computer environment, what kind of attacks are common to compromise data integrity? [ 1 Mark ] (a) Phishing (b) Virus attacks (c) Terrorist attacks (d) Physical alteration of data (e) I am not attempting the questions | |
| Q14 | What is an advantage of content-dependent access control in databases? [ 1 Mark ] (a) Ensures concurrency (b) Disallows data locking (c) Processing overhead (d) Granular control (e) I am not attempting the question | |
| Q15 | In finger scan biometric, what is the average processing time? [ 1 Mark ] (a) 8 seconds (b) 7 seconds (c) 2 - 3 seconds (d) 10 seconds (e) I am not attempting the question | |
| Q16 | Which best describes a quantitative risk analysis? [ 1 Mark ] (a) A method that assigns monetary values to components in the risk assessment. (b) A method that is based on gut feelings and opinions. (c) Scenario-based analysis to research different security threats. (d) A method used to apply severity levels to potential loss, probability of loss and risks. (e) I am not attempting the question | |
| Q17 | _________ type of lock uses programmable keypads to restrict access [ 2 Marks ] (a) Cipher (b) Preset (c) Device (d) Complex (e) I am not attempting the question | |
| Q18 | Among the following what is a disadvantage of intrusion detection system? [ 1 Mark ] (a) Are expensive to install (b) Can be penetrated (c) Are subject to false alarms (d) All of the above. (e) I am not attempting the question | |
| Q19 | Recommendations and general approaches that provide advice and flexibility are called as ________. [ 1 Mark ] (a) Procedure (b) Guideline (c) Standard (d) Policy (e) I am not attempting the question | |
| Q20 | You take a fire insurance policy and give the risk for fire to an insurance company, what kind of risk management technique is this? [ 1 Mark ] (a) Transfer the risk. (b) Risk reduction (c) Acceptance of risk (d) Avoidance of risk (e) I am not attempting this question | |
| Q21 | On what are risk reduction technique based? [ 1 Mark ] (a) The costs of mitigating actions that could be taken. (b) The costs of potential losses. (c) The likelihood that a damaging event will occur. (d) All of the above. (e) I am not attempting this question | |
| Q22 | What does SSL do? [ 1 Mark ] (a) It encrypts the communication between the browser and the web server. (b) It encrypts the communication between the browser and client. (c) It authenticates the browser to the web server. (d) None of the above (e) I am not attempting this question | |
| Q23 | The PRIMARY purpose of operations security is to ________. [ 1 Mark ] (a) establish thresholds for violation detection and logging (b) monitor the actions of vendor service personnel (c) protect the system hardware from environment damage (d) safeguard information assets that are resident in the system (e) I am not attempting this question | |
| Q24 | Which of the following centrally controls the database and manages different aspects of the data? [ 1 Mark ] (a) Database (b) Access control (c) Data dictionary (d) Data storage (e) I am not attempting this question | |
| Q25 | Who is ultimately responsible for making sure data is classified and protected? [ 1 Mark ] (a) Users (b) Management (c) Administration (d) Security analyst (e) I am not attempting this question | |
| Q26 | Inventories are used for maintaining company's ________. [ 2 Marks ] (a) software assets (b) paper assets (c) physical assets (d) All of the above. (e) I am not attempting this question | |
| Q27 | _______ procedures cover the firewalls, routers, switches and operating systems. [ 1 Mark ] (a) Administrative (b) Incident response (c) Auditing (d) Configuration (e) I am not attempting this question | |
| Q28 | How does proximity detector intrusion systems work? [ 1 Mark ] (a) By detecting any sound that is made during a forced entry. (b) By detecting a change or break in a circuit. (c) By monitoring the magnetic field which it produces. (d) By detecting the change in a light beam. (e) I am not attempting this question | |
| Q29 | Which option relates to views? [ 1 Mark ] (a) Allow the data base to be conceptually divided into pieces. (b) Allow users to selectively and dynamically grant privileges to other users. (c) Allows a user access to an object dynamically. (d) None of the above (e) I am not attempting this question | |
| Q30 | What is shared information? [ 1 Mark ] (a) Publicly accessible (b) Restricted to a specific list of people (c) Your internal employees only (d) Shared within groups (e) I am not attempting this question | |
| Q31 | Who should measure the effectiveness of security related controls in an organization? [ 1 Mark ] (a) The local security specialist (b) The central security manager (c) The business manager (d) The system auditor (e) I am not attempting this question | |
| Q32 | Most computer attacks result in violation of which of the following security properties? [ 1 Mark ] (a) Availability (b) Confidentiality (c) Integrity and control (d) All of the above. (e) I am not attempting this question | |
| Q33 | What is the most critical characteristic of a biometric identifying system? [ 1 Mark ] (a) Storage requirements (b) Accuracy (c) Reliability (d) Perceived intrusiveness (e) I am not attempting this question | |
| Q34 | Any compromise in a security policy could lead to ___________. [ 1 Mark ] (a) hamper the company's work flow (b) increase in company's turnover (c) rejection of company's security certification (d) company's loss of sensitive information (e) I am not attempting this question | |
| Q35 | A security policy does not contain _________. [ 1 Mark ] (a) the implementation process of the security (b) the statement of words which concerns security (c) the security goal to be achieved (d) the awareness of security for employees (e) I am not attempting this question | |
| Q36 | What is a protocol? [ 1 Mark ] (a) A set of rules that dictates how computers exchange a service over networks. (b) A set of rules that dictates how computers communicate over networks. (c) It is a de facto standard for transmitting data across the internet. (d) It is the major component of the ping utility. (e) I am not attempting this question | |
| Q37 | Buffer overflow and boundary condition errors are subsets of _________. [ 1 Mark ] (a) exceptional condition handling errors (b) access validation errors (c) race condition errors (d) input validation errors (e) I am not attempting this question | |
| Q38 | Why should employers make sure employees take their vacations? [ 1 Mark ] (a) It is a way that fraud can be uncovered. (b) To ensure that the employee does not get burnt out. (c) They have a legal obligation. (d) It is part of due diligence (e) I am not attempting this question | |
| Q39 | What is a short coming of a firewall? [ 1 Mark ] (a) They do not help to detect if an intrusion occurred and they can also be bypassed. (b) They are not easily upgradeable. (c) They are very costly to implement. (d) They slow down the overall performance of the network. (e) I am not attempting this question | |
| Q40 | Which of the following items is not considered a preventive physical control? [ 1 Mark ] (a) Security dogs (b) Security guard (c) Access log (d) Fencing (e) I am not attempting this question | |
| Q41 | Which of the following fire suppressing agents should not be used in an operations center containing employees? [ 1 Mark ] (a) Water (b) Gas (c) Soda acid (d) CO2 (e) I am not attempting this question | |
| Q42 | What takes place at the session layer? [ 1 Mark ] (a) Packet sequencing (b) Routing (c) Addressing (d) Dialog control (e) I am not attempting this question | |
| Q43 | How is single loss expectancy (SLE) calculated? [ 1 Mark ] (a) Annualized rate of occurrence (ARO) X exposure factor (b) Asset value X exposure factor (c) Annualized rate of occurrence (ARO) X asset value (d) Asset value X asset loss expectancy (ALE) (e) I am not attempting this question | |
| Q44 | A prolonged power supply that is below normal voltage is a _______. [ 1 Mark ] (a) brownout (b) surge (c) blackout (d) fault (e) I am not attempting this question | |
| Q45 | ____________ is the means by which the ability to do something with a computer resource is explicitly enabled or restricted. [ 1 Mark ] (a) System Resources (b) Accesses Control (c) Type Of Accesses (d) Work Permit (e) I am not attempting this question | |
| Q46 | If an access control has a fail-safe characteristic but not a fail-secure characteristic, what does that mean? [ 2 Marks ] (a) It defaults to being locked. (b) It defaults to sounding a remote alarm instead of a local alarm. (c) It defaults to no access. (d) It defaults to being unlocked. (e) I am not attempting this question | |
| Q47 | A deviation from an organization-wide security policy requires which of the following? [ 1 Mark ] (a) Risk containment (b) Risk reduction (c) Risk assignment (d) Risk acceptance (e) I am not attempting this question | |
| Q48 | What do you think the application should do when it fails? [ 1 Mark ] (a) It should stop and mark as bad application. (b) It should go directly to a secure state. (c) It should be still active, so to track the attacker when he jumps in and uses it. (d) It should stop and restart automatically. (e) I am not attempting this question | |
| Q49 | SYN flood attack is what kind of attack? [ 1 Mark ] (a) Dictionary attack (b) Brute force attack (c) Heart attack (d) Denial of service attack (e) I am not attempting this question | |
| Q50 | The preliminary steps to security planning include all of the following EXCEPT _________. [ 1 Mark ] (a) establish objectives (b) establish a security audit function (c) list planning assumptions (d) determine alternate courses of action (e) I am not attempting this question | |
| Q51 | What is the disadvantage of risk assessment technique? [ 1 Mark ] (a) It takes a considerable amount of time. (b) It takes lots of man power. (c) It is expensive (d) It disrupts the work flow of the company. (e) I am not attempting this question | |
| Q52 | Which of the following is NOT a system-sensing wireless proximity card? [ 2 Marks ] (a) Passive device (b) Field-powered device (c) Transponder (d) Magnetically striped card (e) I am not attempting this question | |
| Q53 | In client browser and sever communication, data is passed in form of _______ [ 1 Mark ] (a) Cookies (b) Viruses (c) Applets (d) ActiveX (e) I am not attempting this question | |
| Q54 | Why is user education helpful for portable computing? [ 1 Mark ] (a) To make the users aware of the threats to company shared resources. (b) To train the users so as to make them more efficient while using company's resources. (c) To provide users with remote and mobile computing education. (d) To train users before allowing them to access these portable computers. (e) I am not attempting this question | |
| Q55 | How do you explain Risk Management? [ 1 Mark ] (a) The process which involves identifying, controlling and eliminating the security risks. (b) The process which involves implementing, developing and mitigating security risks. (c) The process which involves isolating, combining and eliminating the security risks. (d) None of above (e) I am not attempting this question | |
| Q56 | What do incident logs provide? [ 1 Mark ] (a) A good insight into the vulnerabilities of a system. (b) Throw new challenges to the security professionals. (c) List of assets and their owners. (d) Location of the assets. (e) I am not attempting this question | |
| Q57 | Signs, lighting, environmental design are employed for what kind of control? [ 1 Mark ] (a) preventive (b) access (c) deterrent (d) administrative (e) I am not attempting this question | |
| Q58 | The business processes can be affected by __________. [ 1 Mark ] (a) disgruntled employees (b) industrial espionage (c) hackers (d) all of the above (e) I am not attempting the question | |
| Q59 | How do we better understand policy? [ 1 Mark ] (a) It is a statement of the goals to be achieved by procedures. (b) It is a statement of the goals to be achieved by guidelines. (c) It is a statement of the goals to be achieved by baselines. (d) It is a statement of the goals to be achieved by standards (e) I am not attempting the question | |
| Q60 | Which of the following protocols is considered connection oriented? [ 2 Marks ] (a) IP (b) TCP (c) ICMP (d) UDP (e) I am not attempting the question | |
| Q61 | What is the best description of CHAP (Challenge Handshake Authentication Protocol)? [ 1 Mark ] (a) Password not sent in clear text. (b) It is substandard to PAP. (c) Passwords are sent in clear text. (d) Passwords are not used, a digital signature is used. (e) I am not attempting the question | |
| Q62 | In this information age, which is the most vulnerable asset of an organization? [ 1 Mark ] (a) Employees (b) Data (c) Machinery (d) Finance (e) I am not attempting the question | |
| Q63 | What kind of device requires user to supply user Id plus password plus token and something more? [ 2 Marks ] (a) Biometric (b) Smart cards (c) Dumb cards (d) Challenge-response token (e) I am not attempting the questions | |
| Q64 | Which of the following is not a purpose of doing a risk analysis? [ 1 Mark ] (a) Define the balance between the impact of a risk and the cost of the necessary counter measure (b) Identify risks (c) Delegate responsibility (d) Quantify impact of potential threats (e) I am not attempting the question | |
| Q65 | Which one of the following individuals has PRIMARY responsibility for determining the classification level of information? [ 1 Mark ] (a) Security manager (b) Owner (c) User (d) Auditor (e) I am not attempting the question | |
| Q66 | When security is a high priority, why is fiber cabling used? [ 1 Mark ] (a) It has high data transfer rates and is less vulnerable to EMI (b) It multiplexes data, which can confuse attackers. (c) Data interception is very difficult. (d) It has a high degree of data detection and correction. (e) I am not attempting the question | |
| Q67 | Which of this is a best definition for socket? [ 1 Mark ] (a) An IP address and MAC address (b) A session layer link. (c) An IP address and port number. (d) MAC address and port number. (e) I am not attempting the question | |
| Q68 | Devices that supply power when the commercial utility power system fails are called ________. [ 2 Marks ] (a) uninterruptible power supplies (b) power conditioners (c) power filters (d) power dividers (e) I am not attempting the question | |
| Q69 | What attack is typically used for identifying the topology of the target network? [ 1 Mark ] (a) Assessing (b) Scanning (c) Printing (d) Porting (e) I am not attempting this question | |
| Q70 | Under MAC, a clearance is a ______________. [ 1 Mark ] (a) subject (b) sensitivity (c) privilege (d) object (e) I am not attempting this question | |
| Q71 | Policies are not written to affect ____________. [ 1 Mark ] (a) software access (b) hardware (c) outside entities (d) networks (e) I am not attempting this questions | |
| Q72 | Qualitative risk analysis _____________. [ 2 Marks ] (a) focuses on the costs of potential losses (b) aims to analyze numerically the probability of each risk (c) uses judgment and intuition instead of numbers (d) focuses on the costs of mitigating (e) I am not attempting this questions | |
| Q73 | In proximity identification system what do you understand by the term 'user activated'? [ 1 Mark ] (a) User and system are independent of activation. (b) System is activated mutually by the user and system. (c) Action needs to be taken by the system. (d) Action needs to be taken by a user (e) I am not attempting this questions | |
| Q74 | Which of the following best describes a characteristic of IPsec? [ 1 Mark ] (a) Provides content filtering (b) Works as a proxy. (c) Provides application layer protection. (d) Provides system authentication. (e) I am not attempting this question | |
| Q75 | UDP provides __________ delivery. [ 1 Mark ] (a) distributed (b) connection-oriented (c) best-efficiency (d) best effort (e) I am not attempting this question | |
| Q76 | What is BS ISO/IEC 27001? [ 1 Mark ] (a) Standard that provides a framework for computer to computer communication (b) Standard that provides a specification for handling various controls in BCP (c) International standard that provides a specification for security infrastructure (d) New international standard that provides a specification for ISMS and the foundation for third-party audit and certification (e) I am not attempting this question | |
| Q77 | Database views provide what type of security control? [ 1 Mark ] (a) Administrative (b) Corrective (c) Detective (d) Preventive (e) I am not attempting this question | |
| Q78 | How does data encapsulation and the protocol stack work? [ 1 Mark ] (a) Each protocol or service at each layer in the OSI model adds its own information to the data as it is passed down the protocol stack (b) The packet is encapsulated and grows when it is passed up the protocol stack (c) Each protocol or service at each layer in the OSI model multiplexes other packets to the data as it is passed down the protocol stack (d) The packet is encapsulated and grows as it hops from router to router (e) I am not attempting this question | |
| Q79 | Which software development model is actually a Meta model that incorporates a number of software development models? [ 1 Mark ] (a) The Critical Path Model (b) The modified Waterfall Model (c) The Waterfall Model (d) The Spiral Model (e) I am not attempting this question | |
| Q80 | ___________ best suits for theft protection on portable computers. [ 2 Marks ] (a) Store all the data in password protected drives on portable computer (b) Remove power supply batteries from the computer when in non-operational mode (c) Should have a logon before gaining access to the resources (d) Allow the computer to continue running when unattended (e) I am not attempting this question | |
| Q81 | Before writing a security policy what concerns the security analyst? [ 1 Mark ] (a) How large is the organization's infrastructure (b) What is the annual turnover or revenues of an organization (c) Which systems and processes are important to the company's mission (d) The total number of employees working in an organization. (e) I am not attempting this question | |
| Q82 | Which of the following is an administrative control for physical security? [ 1 Mark ] (a) Lighting (b) Fences (c) Facility construction material (d) Training (e) I am not attempting this question | |
| Q83 | A system file that has been patched numerous times becomes infected with a virus. The anti-virus software warns that disinfecting the file may damage it. What course of action should be taken? [ 1 Mark ] (a) Replace the file with the original version from master media. (b) Proceed with automated disinfections (c) Research the virus to see if it is benign (d) Restore an uninfected version of the patched file from backup media (e) I am not attempting this question | |
| Q84 | A risk assessment approach must fulfill which criteria? [ 1 Mark ] (a) Identifying the impacts of losses of confidentiality, integrity and availability might have on the assets. (b) Identifying the threats and vulnerabilities, and any other applicable security requirements. (c) Identify the assets and owners of these assets. (d) All of the above (e) I am not attempting this question | |
| Q85 | Which of the following best allows risk management results to be used knowledgeably? [ 1 Mark ] (a) A likelihood assessment (b) An uncertainty analysis (c) A threat identification (d) A vulnerability analysis (e) I am not attempting this question | |
| Q86 | Which of the following is currently the most recommended water system for a computer room? [ 1 Mark ] (a) Deluge (b) Preaction (c) Dry pipe (d) Wet pipe (e) I am not attempting this question | |
| Q87 | Which type of control is concerned with avoiding occurrences of risks? [ 1 Mark ] (a) Preventive controls (b) Detective controls (c) Deterrent controls (d) Compensating controls (e) I am not attempting this question | |
| Q88 | Which among these is a risk assessing technique? [ 1 Mark ] (a) Compound (b) Aggregate (c) Monetary (d) Basic (e) I am not attempting this question | |
| Q89 | Which of the following is the backdoor to an application created by a developer? [ 1 Mark ] (a) Trap Door (b) Easter egg (c) Trojan Horse (d) Loop Hole (e) I am not attempting this question | |
| Q90 | The estimated life time of a device or the estimated timeframe until a component within a device gives out is called ___________. [ 1 Mark ] (a) MTBF (b) MTTR (c) UPS (d) MTTB (e) I am not attempting this question. | |
No comments:
Post a Comment