Cybersecurity Awareness Quiz

Part 3: Questions 31–50

  1. Which of the following best describes a zero-day exploit?
    • a) An attack that occurs on the first day of a software release
    • b) A vulnerability unknown to the software vendor, exploited by attackers
    • c) A phishing attack targeting new employees
    • d) A ransomware attack with no recovery option
  2. What is the primary purpose of penetration testing in a global firm?
    • a) To develop new software applications
    • b) To simulate cyberattacks and identify system weaknesses
    • c) To train employees in coding skills
    • d) To reduce hardware costs
  3. Which of the following is a requirement under India’s CERT-In guidelines for incident reporting?
    • a) Report all incidents within 6 months
    • b) Report cybersecurity incidents within 6 hours of detection
    • c) Report only incidents affecting hardware
    • d) No mandatory reporting requirement
  4. What is the significance of ISO 27001 in cybersecurity?
    • a) It is a standard for employee training programs
    • b) It provides a framework for information security management systems
    • c) It regulates internet speed for secure connections
    • d) It governs software development processes
  5. Which of the following is a key challenge in managing cross-border data transfers under GDPR?
    • a) Ensuring adequate data protection in the recipient country
    • b) Reducing the number of employees in overseas offices
    • c) Eliminating all cloud-based storage
    • d) Increasing data collection to meet compliance
  6. What is a common indicator of a phishing attack?
    • a) Improved system performance
    • b) Emails with urgent requests and suspicious links
    • c) Regular software updates
    • d) Increased employee productivity
  7. Which emerging technology is expected to enhance threat detection but also increase attack sophistication?
    • a) Blockchain
    • b) Artificial Intelligence
    • c) Virtual Reality
    • d) Internet of Things
  8. What is the role of a Data Protection Officer (DPO) under GDPR?
    • a) To develop software for data encryption
    • b) To oversee compliance with data protection regulations
    • c) To manage employee payroll systems
    • d) To conduct hardware maintenance
  9. Which of the following is a key component of a business continuity plan in cybersecurity?
    • a) Reducing office space
    • b) Ensuring operational recovery after a cyber incident
    • c) Increasing marketing budgets
    • d) Eliminating all third-party vendors
  10. What is a potential consequence of non-compliance with data privacy laws like GDPR?
    • a) Improved customer trust
    • b) Significant financial penalties and reputational damage
    • c) Increased data storage capacity
    • d) Reduced need for employee training
  11. Under GDPR, what is the maximum fine for a serious data breach?
    • a) €1,000 or 1% of annual global turnover
    • b) €20 million or 4% of annual global turnover, whichever is higher
    • c) €100,000 with no turnover-based penalty
    • d) No financial penalties apply
  12. What is a key contractual consideration when selecting a cyber insurance policy?
    • a) Ensuring coverage for employee salaries
    • b) Verifying coverage for regulatory fines and third-party liabilities
    • c) Limiting coverage to hardware damage
    • d) Excluding data breach notification costs
  13. Which technology is critical for securing data in transit across global offices?
    • a) Virtual Private Network (VPN)
    • b) Customer Relationship Management (CRM) software
    • c) Word processing software
    • d) Graphic design tools
  14. What legal obligation does India’s IT Act, 2000, impose on organizations handling sensitive data?
    • a) No obligation for data protection
    • b) Implement reasonable security practices and procedures
    • c) Share all data with government agencies
    • d) Store all data in physical formats
  15. Which of the following is a common exclusion in cyber insurance contracts?
    • a) Data breach notification costs
    • b) Losses due to willful negligence or non-compliance
    • c) Ransomware recovery costs
    • d) Business interruption losses
  16. What is a key benefit of multi-factor authentication (MFA) in a professional services firm?
    • a) Reduced need for data backups
    • b) Enhanced security by requiring multiple verification methods
    • c) Increased software development speed
    • d) Elimination of compliance requirements
  17. Which contractual clause is essential in vendor agreements to mitigate cyber risks?
    • a) A clause limiting vendor office hours
    • b) A clause requiring vendor compliance with cybersecurity standards
    • c) A clause reducing vendor payment terms
    • d) A clause eliminating vendor access to data
  18. What is a potential legal consequence of failing to notify a data breach under GDPR within 72 hours?
    • a) No consequences if the breach is minor
    • b) Regulatory fines and increased scrutiny
    • c) Improved customer loyalty
    • d) Reduced operational costs
  19. Which technology can help detect insider threats in a global firm?
    • a) User Behavior Analytics (UBA)
    • b) Enterprise Resource Planning (ERP) software
    • c) Video conferencing tools
    • d) Project management software
  20. What is a key consideration when drafting a cyber incident response plan for compliance with India’s PDP Bill?
    • a) Excluding employee involvement
    • b) Including procedures for timely breach notification
    • c) Limiting the plan to hardware recovery
    • d) Avoiding third-party consultation

This Concludes the Quiz

Pages: 1 2 3 4