1.

Which of the following known as the

a. HTML Injection
oldest phone hacking techniques used
by hackers to make free calls?
b. Cross Site Request Forgery (XSRF)

a. Spraining
c. SQL injection

b. Phishing
d. Cross Site Scripting (XSS)

c. Phreaking 6. Which of the following refers to

exploring the appropriate, ethical
d. Cracking behaviours related to the online
environment and digital media
2. What is meant by Electronic
platform?
Commerce?
a. Cyber ethics
a. Commerce which depends on
electronics
b. Cyber safety

b. Commerce which is based on the

c. Cyber low
use of internet
d. Cyber security
c. Commerce of electronic goods
7. For which is used by Aircrack-ng?
d. Commerce which is based on
transactions using computers connected a. Packet filtering
by telecommunication network
b. System password cracking
3. Which form of e‐commerce currently
accounts for about 97% of all e‐
c. Firewall bypassing
commerce revenues?

d. Wi-Fi attacks
a. C2C
8. Amazon.com is well known for which
b. C2B E-Commerce marketing technique?

c. B2B a. Pop-up ads

d. B2C b. Affiliated Programs

4. Which one is a client level threat?
c. Viral Marketing
a. Anti virus
d. Banner ads
b. Active contents 9. What is Stuxnet?

c. Virus a. Trojan

d. Malicious code b. Virus

5. This attack can be deployed by
c. Worm
infusing a malicious code in a website’s
comment section. What is “this” attack
d. Antivirus
referred to here?
10. Which is a popular IP address and
b. Risk expense
port scanner?
c. Risk evaluation
a. Snort
d. Related expense
b. Cain a nd Abel
15. Which of the following is not
c. Angry IP S canner considered to be one of the three phases
of e-commerce?
d. Etterca p
a. Preservation
11. What are called by the materials
used in the normal operation of a
b. Innovation
business but not related to primary
business operations?
c. Consolidation

a. Daily stuff
d. Reinvention

b. Indirect materials 16. Which one is not an encryption

technique?
c. Supplies
a. FTP
d. Direct materials
b. AES
12. Most individuals are familiar with
which form of e‐commerce?
c. DES

a. B2B
d. RSA

b. C2C 17. What is the use of EDI?

c. B2C a. can be done on internet

d. C2B b. requires value added network

13. Which of the following is an Internet‐

c. requires an extranet
based company that makes it easy for
one person to pay another over the
d. requires a corporate intranet
Internet?
18. What is risk?
a. electronic check
a. Negative consequence that must
b. conversion rates occur

c. electronic bill presentment and b. Negative consequence that could

payment occur

d. financial cybermediary c. Negative consequence that shall

occur
14. What is RE represents?
d. Negative consequence that will
a. Risk exposure
occur
19. Which of the following is not
b. bank loans
considered to be one of the three phases
of e-commerce?
c. venture capital funds

a. Preservation
d. large retail firms

b. Innovation 24. Which of the following is not one of

the benefits of e-commerce to sellers?
c. Reinvention
a. E-commerce can help to reduce
d. Consolidation costs

20. Which one of the following is a type

b. E-commerce offers greater
of antivirus program?
flexibility in meeting customer needs

a. All of these
c. E-commerce increases the net cost
per contact
b. Quick heal
d. E-commerce is a powerful tool for
c. Mcafee
customer relationship building

d. Kaspersky 25. What is the name for direct

computer‐to‐computer transfer of
21. Which of the following is just
transaction information contained in
opposite to the Open Design principle?
standard business documents?

a. Least common mechanism

a. transaction information transfer

b. Work factor
b. internet commerce

c. Security through obscurity

c. e‐commerce

d. Least privileges
d. electronic data interchange
22. What is called by a combination of
26. Which of the following factor of the
software and information designed to
network gets hugely impacted when the
provide security and information for
number of users exceeds the network's
payment?
limit?

a. pop up ad
a. Security

b. encryption
b. Performance

c. digital wallet
c. Longevity

d. shopping cart
d. Reliability
23. What was the primary source of
27. When there is an excessive amount
financing during the early years of e-
of data flow, which the system cannot
commerce?
handle, which attack takes place?

a. initial public offerings

a. Data overflow Attack
 b. Buffer Overflow attack d. Risk characterization

32. What do you need to create after

c. DoS (Denial of Ser vice) attack
you performed qualitative risk analysis?
d. Database crash a ttack
a. List of risk for additional analysis
28. Which of the following malware's and investigation
type allows the attacker to access the
administrative controls and enables b. A prioritized list of risks
his/or her to do almost anything he
wants to do with the infected c. List of urgent risks
computers?
d. All of these
a. Worms
33. Which decides which services are
sensitive for the regular operations to
b. Rootkits
continue?
c. Botnets
a. BCP
d. RATs
b. MTD
29. The need of the solution for all
business? c. RTO

a. ERP d. DRP

34. What is the main goal of risk

b. EDI
management?
c. None of these
a. Pathway analysis
d. SCM
b. Transportation
30. What are the best products to sell in
B2C e‐commerce? c. Calculate probability of adverse
effect on individual and population
a. Digital products
d. Estimation
b. Fresh products
35. A combination of the probability of
an event and its consequence (ISO
c. Specialty products
27000) and an exception to loss
expressed as the probability that a
d. Small products
particular threat will exploit a particular
31. What is the final stage of risk vulnerability with a particular harmful
assessment? result (RFC 2828)?

a. Exposure Assessment a. Copyright

b. Hazard identification b. Risk

c. Toxicity assessment c. Breach

 d. Patent a. Analysis

36. Loss of data availability” helps

b. Mitigation
determine which of the following?
c. Avoidance
a. None of these
d. Acceptance
b. Identification of risk
41. Why does Sensitivity Analysis can be
c. The likelihood of a risk used in risk analysis?

d. The impact of a given risk a. Estimate the level of risk aversion

adopted by management
37. By using Project Risk Management
techniques project managers can
b. Substitute for uncertainty
develop strategies that do all but which
analysis in risk quantification
of the following
c. None of these
a. Significantly reduce project risks
d. Estimate the effect of change of
b. Provide a rational basis for better
one project variable on the overall
decision making
project

c. Eliminate project risks 42. what is the one document that

should always be used to help identify
d. Identifying risks, their impact(s), risk?
and any appropriate responses
a. Scope Statement
38. Which is the most famous tool of risk
management?
b. Contingency Plan

a. Certainty Risk
c. Project Charter

b. Uncertainty risk
d. Risk Management Plan

c. Insurance 43. What assess the risk and your plans

for risk mitigation and revise these when
d. Loss prevention you learn more about the risk?

39. What is the sixth process in the risk

a. Risk monitoring
management process?
b. Risk Planning
a. Qualitative risk analysis
c. Risk Analysis
b. Risk response
d. Risk Identification
c. Risk monitoring and controlling
44. Which refers to a document you use
d. Quantitative risk analysis to capture all known risks?

40. Deflection or transfer of a risk to

a. Risk List
another party is part of which of the
following risk response categories?
 b. Risk Register
c. Risk Log
d. Risk Dairy
45. What risks to the project through a
formal process and provide the
resources to meet the risk events meant
by Contingency planning?
a. classify
b. resolve
c. address
d. assign
46. Which identifies and quantifies
pathway of exposure?
a. Exposure assessment
b. Risk avoidance
c. Toxicity assessment
d. Risk assessment
47. What consists of the identification of
risks or threats, the implementation of
security measures, and the monitoring
of those measures for effectiveness?
a. Risk assessment
b. Risk avoidance
c. Risk management
d. Security
48. Which Controls that substitute for
the loss of primary controls and mitigate
risk down to an acceptable level?
a. Administrative controls
b. Integrity
c. Compensating controls
d. Risk transfer
49. Which is not involved in the strategy
of Risk Management?
a. Risk Response planning
b. Test new products before
deployment
c. Evaluate change against your risk
policy
d. Perform vulnerability assessment
50. When should risk identification be
performed?
a. During Implementation Phase
b. During Development Phase
c. Risk identification should be
performed on a regular basis throughout
the project
d. During Concept Phase
51. When should a risk be avoided?
a. When the risk event is
unacceptable -- generally one with a
very high probability of occurrence and
high impact
b. When the risk event has a low
probability of occurrence and low impact
c. A risk event can never be avoided
d. When it can be transferred by
purchasing insurance
52. Risks can be divided into two basic
types: business risk and pure (or
insurable risk). Of the following, which
one(s) fall(s) under business risk?
a. Personnel-related loss
b. Profit loss
 c. Direct property loss a. Study of exposure duration,
frequency, and magnitude
d. Liability Loss
b. Study of pathways and receptors
53. Which job is important one in risk
Management?
c. Study of toxicity values

a. Production team
d. Chemical analysis

b. Client 58. Risk management can be defined as

the art and science of which risk factors
c. Project manager throughout the life cycle of a project?

d. Investor a. identifying, reviewing, and

avoiding
54. In the risk management context,
mitigation and deflection are both for
b. reviewing, monitoring, and
which the risk to the which objectives?
managing

a. decreasing; corporation's
c. researching, reviewing, and
acting on
b. increasing; project's
d. identifying, analysing, and
c. decreasing; sponsor's
responding to

d. decreasing; project's 59. You must have a written record of

your risk assessment if you employ how
55. Management reserves are used to
many people?
handle which type of risk?
a. 10 or more
a. Unknown unknowns
b. 5 or more
b. pure risks
c. 2 or more
c. Known unknowns
d. 25 or more
d. business risks
60. What is the task of Risk
56. What looks for people on the
Management?
network who shouldn't be there or who
are acting suspiciously?
a. Implementing the management
measures and allocating management
a. Public key encryption
resources

b. Encryption
b. Exposure Assessment

c. Security‐auditing software
c. Toxicity Assessment

d. Intrusion‐detection software
d. Chemical Analysis
57. Which of the following is not a
component of risk characterisation?
61. What is the component of TCP/IP
b. Transfer
that provides the Internet's addressing
scheme and is responsible for the actual
c. Avoidance
delivery of packets?
d. Deflection
a. the Network Layer
66. Which is known as Losses arising due
b. TCP to a risk exposure retained or assured?

c. IP a. Risk Sharing

d. the Application Layer b. Risk Reduction

62. What are the measures aimed at

c. Risk Retention
avoiding, eliminating, or reducing the
chances of loss production is covered?
d. Risk Financing
a. Risk Financing 67. Which one is not used as a security
mechanism?
b. Risk Retention
a. Cryptography
c. Risk Control
b. Wallets
d. Risk Avoidance
c. Encryption
63. Which concept suggests that
different applications and computer
d. Digital signature
systems should be able to communicate
with one another? 68. Which is known by the normal risk of
doing business that carries opportunities
a. Web services for both gain and loss.

b. Scalability a. opportunity risk

c. Interoperability b. favourable risk

d. Integration c. business risk

64. What automates business processes?
d. pure risk
a. Workflow 69. Which of the following does not
come under elements of risk
b. Workflow system characterisation?

c. EIP a. Communication of the results of

risk analysis
d. ASP
b. Chemical analysis
65. What is known by A risk response
which involves eliminating a threat?
c. Presentation of the risk estimate

a. Mitigation
 d. Qualitative description of b. stay informed as to the project's
uncertainty progress

70. Which of the following is to

c. avoid or deny the project's
determine the impact of a given risk
potential risk
except one?
d. interrupt or intervene in the
a. Is there loss of data integrity?
project's management

b. What are the benefits an d/or
motivation for the attacker?
c. Is there an exploit already for this
vulnerability?
d. Is there sensitive data in risk to be
exposed?
71. Which one is not an offline payment
mode?
a. Cash before delivery
b. e‐cheque
74. There are two general categories of
risk areas, internal and external. What
are the examples of external risk areas?
a. natural disasters, regulatory, and
design
b. currency rates, design, and social
impact
c. regulatory, project completion,
and taxation
d. schedule delays, cost overruns,
and changes in technology

c. Demand drafts 75. Which framework made cracking of

vulnerabilities easy like point and click?
d. Cash on delivery
a. Zeus
72. Identify the method not used for
performing a qualitative project risk
b. Metasploit
analysis.
c. Ettercap
a. Risk tolerance
d. .Net
b. Probability impact matrix
76. Secure Sockets Layers does which of
c. Historic records the following?

d. Risk avoidance a. All of these

73. High-risk projects are always of

b. sends information over the
concern to senior management and will
internet
receive the most scrutiny. What is the
major concern of the project manager of
c. encrypts information
a high-risk project is the tendency for
senior management to often?
d. creates a secure, private
connection to a web server
a. give low priority to resource
allocation 77. Who is called as the Person whose
risk is insured?
 a. merchandiser c. Site clean-up

b. Agents d. Risk Analysis

82. Which is not a part of response

c. marketer
strategy?
d. Insured
a. Avoidance
78. Which factor is not normally
considered in risk control? b. SWOT analysis

a. Quality c. Acceptance

b. Quantity d. Mitigation

83. Which will not harm computer

c. Effort
resources?
d. Cost
a. Virus
79. What is the primary characteristic
that distinguishes external and internal b. Trojan horse
risk areas?
c. firewall
a. technical nature of the project
d. Anti Virus
b. magnitude of the impact on the
84. Which personnel used by the project
project
manager to make the estimates. During
the assessment of the risk to attempt to
c. project manager's ability to
quantify the probability of failure and
influence the risk
the amount of potential loss?
d. project manager's perception of
a. experienced
risk

80. Which of these is not a source of b. marketing

risk?
c. planning
a. Technology Risk
d. engineering
b. Environmental Risk
85. What is called by the sum of risk of
each individual chemical?
c. Political Risk

a. Total pathway risk

d. Functional Risk

81. What do Section 102 in Title I of the b. Simple pathway risk

NEPA Act requires?
c. Negative pathway risk
a. Risk Assessment
d. Complex pathway risk
b. Incorporate environmental
considerations in their planning
86. Deflection or transfer of a risk to
a. Scalability
another party is part of which of the
following risk response categories?
b. Integration

a. Analysis
c. Web services

b. Mitigation
d. Interoperability

c. Acceptance 91. Firewalls perform in which of the

following functions except one?
d. Avoidance
a. Forbids communications from
87. Which of the following is to
untrustworthy sources
determine the impact of a given risk
except one?
b. Filters traffic based on packet
attributes
a. Is there an exploit already for this
vulnerability?
c. Eliminates viruses and other
malicious attacks
b. Is there loss of data integrity?
d. Allows communications from
c. What are the benefits and/or
trustworthy sources
motivation for the attacker?
92. Which is used to identify mobile
d. Is there sensitive data in risk to be money?
exposed?
a. MCID
88. Identify the method not used for
performing a qualitative project risk
b. RSID
analysis.
c. MSID
a. Risk avoidance
d. MMID
b. Historic records
93. What are malicious hackers who act
c. Probability impact matrix with the intention of causing harm?

d. Risk tolerance a. White hats

89. What automates business processes?
b. Brown hats

a. EIP
c. Grey hats

b. ASP
d. Black hats

c. Workflow system 94. What is using by Smart card is better

protected than other cards?
d. Workflow
a. Worms
90. Which concept suggests that
different applications and computer
b. Firewall
systems should be able to communicate
with one another?
 Select one:
c. Hub

a. hacking
d. Encryption

95. What floods a website with so many b. dumpster diving

requests for service that it slows down
crashes? c. spoofing

a. worm d. cracking

100. What were the enabling

b. computer virus
technologies that laid the ground work
for E commerce?
c. Deniel-of-service attack

a. EDI and EFT

d. None of these

96. What is also known as private key b. SCM and ERP

cryptography?
c. SET and SCL
a. Private key
d. EDI and ERP
b. Public key cryptography
101. What is a detailed process for
recovering information or an IT system
c. Asymmetric cryptography
in the event of a catastrophic disaster
such as a fire or flood?
d. symmetric cryptography

97. Which provides security and privacy a. Hot site

for the use of the web page content?
b. Cold site
a. html
c. Disaster recovery plan
b. FTP
d. Disaster recovery cost curve
c. HTTP
102. Which of the following is not a type
of scanning?
d. XSS

98. Which type of add appears on a web a. Xmas Tree Scan

page?
b. SYN Stealth
a. Discount ad
c. Cloud scan
b. pop‐under ad
d. Null Scan
c. Pop‐up ad
103. When a transaction is processed
online, how can the merchant verify the
d. Banner ad
customer's identity?
99. The practice of forging a return
address on an e‐mail so that the a. use electronic data interchange
recipient is fooled into revealing private
information. What is it termed as? b. use secure sockets layers
 108. What is the term that describes
c. use secure electronic transactions
uncertainties in a way that provides the
decision maker with a useful insight into
d. use financial electronic data
the nature?
interchange

104. Which of this Nmap do not check? a. Computation Analysis

a. what kind of firewall is in use b. Risk Analysis

b. services different hosts are c. Data Analysis

offering
d. Flow Analysis
c. on what OS they are running
109. What is the most prevalent online
payment method?
d. What type of antivirus is in use

105. What is an internal organizational a. checks

Internet that is guarded against outside
access by a special security feature b. PayPal
called a firewall (which can be software,
hardware, or a combination of the two)? c. credit cards

a. Client/server network d. debit

110. Which of them is not a wireless

b. Extranet
attack?
c. Intranet
a. Eavesdropping
d. Thin client
b. MAC Spoofing
106. Which of the following is not a type
of cybercrime? c. Phishing

a. Data theft d. Wireless Hijacking

111. Who protects system from external

b. Forgery
threats?
c. Damage to data and systems
a. firewall
d. Installing antivirus for protection
b. Script kiddies
107. On what does an encryption do?
c. ERP
a. only on ASCII coded data
d. EDI
b. on any bit string
112. Which security event that
compromises the confidentiality,
c. only on mnemonic data
integrity, or availability of an
information asset.
d. only on textual data

a. Breach
 117. Which of the following are
b. Due care
technologies used to gather information
about you online except one?
c. Incident

a. cookies
d. Trademark

113. In Which the e-commerce may be a b. spy ware

holder of a payment card such as credit
card or debit card from an issuer? c. Gmail

a. Merchant d. anonymizers

118. What is the process of making

b. Customer
information unintelligible to the
unauthorized user?
c. Acquirer

a. Spoofing
d. Issuer

114. With what does a security plan b. Snooping

begins?
c. Cryptography
a. security organization
d. Sniffing
b. implementation plan
119. Which one of the following usually
used in the process of Wi-Fi-hacking?
c. risk assessment

a. Wireshark
d. security policy

115. Which one of the following refers to b. Aircrack-ng

the technique used for verifying the
integrity of the message? c. Norton

a. Digital signature d. Firewall

120. Which is not altering, then there is

b. Protocol
no way to solve uncertainty?
c. Message Digest
a. Cash flow of the problem
d. Decryption algorithm
b. Nature of the problem
116. What is the unauthorized use,
duplication, distribution or sale of c. Decision making abilities
copyrighted software?
d. Data flow of the problem
a. Counterfeit software
121. What is the name for direct
computer-to-computer transfer of
b. Privacy
transaction information contained in
standard business documents?
c. Fair Use Doctrine

a. transaction information transfer

d. Pirated software
 b. internet commerce
c. e-commerce
d. electronic data interchange
122. Which includes a list of responsible
people who will perform the steps for
recovery, inventory for the hardware
and software, and steps to recover from
a disaster?
a. DRP
b. Mitigation
c. Transference
d. Response strategy
123. Which of the following data is not
required for hazard identification?
a. Affected population
b. Contaminant levels
c. Estimation of risk
d. Land use
124. Which service encompasses all
technologies used to transmit and
process information on an across a
network?
a. Web services
b. Scalability
c. Benchmarking
d. Interoperability
125. What is an intranet that is
restricted to an organization and certain
outsiders, such as customers and
suppliers?
a. client/server network
b. thin client
c. extranet
d. intranet
126. Which includes a list of responsible
people who will perform the steps for
recovery, inventory for the hardware
and software, and steps to recover from
a disaster?
a. Mitigation
b. Transference
c. DRP
d. Response strategy
127. What is a separate facility that does
not have any computer equipment but is
a place where the knowledge workers
can move after the disaster?
a. Cold site
b. Disaster recovery plan
c. Hot site
d. Disaster recovery cost curve
128. What do we call the process of
seeking out and studying practices in
other organizations that one’s own
organization desires to duplicate?
a. Benchmarking
b. Due diligence
c. Best practices
d. Baselining
129. Incremental backup is a backup
taken from Last back up . Here what
kind of backup could be the “Last
Backup”?
a. Full back or Incremental back up
b. differential backup
 c. Full back up or differential back
up
d. Full back up
130. What is a detailed process for
recovering information or an IT system
in the event of catastrophic disaster
such as a fire or flood?
a. cold site
b. disaster recovery plan
c. hot site
d. disaster recovery cost curve
131. Which of the following qualifies as
best DR (Disaster Recovery) site?
a. DR site in the same country
b. DR site in the same campus
c. DR site in the same city
d. DR site in a different country
132. What is the main objective of risk
assessment?
a. Hazard management
b. To evaluate hazard and minimize
the risks
c. To know source of pollutants
d. Remediation of contaminated
sites
133. What is a separate facility that does
not have any computer equipment but is
a place where the knowledge workers
can move after the disaster?
a. hot site
b. cold site
c. old site
d. disaster recovery plan
134. When identifying risks of disruptive
incidents, how are single points of
failure (SPOF), inadequacies in fire
protection, electrical resilience, staffing
levels, IT security and IT resilience
considered?
a. Impacts
b. Threats
c. Vulnerabilities
d. Risks
135. Which increases the frequency of
loss?
a. Hazard
b. Objective risk
c. Peril
d. Subjective risk
136. Which process determines whether
exposure to a chemical can increase the
incidence of adverse health effect?
a. Exposure assessment
b. Toxicity assessment
c. Risk characterization
d. Hazard identification
137. Which of the following method
reduces the chance of loss to zero?
a. Risk reduction
b. Risk Transferring
c. Risk Avoidance
d. Risk retention
138. What is a separate and fully
equipped facility where the company
can move immediately after the disaster
and resume business?
a. disaster recovery plan
b. disaster recovery cost curve
c. hot site
d. cold site
139. Which of the following statements
best describes risk?
142. DRP ranks a given disaster and acts
based on its rank. Which one of the
following is of the highest priority?
a. None of these
b. Long term
c. Mid term
d. Short term
143. Who breaks into other people's
computer systems and steals and
destroys information?

a. Certainly of not suffering harm or a. Hacktivists

loss
b. Script kiddies
b. Uncertainty when looking at the
past c. softwares

c. Clarity in future decisions d. Hackers

144. Which of the following is a method

d. Uncertainty when looking to the
of transferring money from one person's
future
account to another?
140. Which part is in BIA?
a. electronic check
a. Information Collection process of
BCM b. e-transfer

b. Development process of BCM c. credit card

c. Strategy process of BCM d. debit card

145. Which of the following is the

d. Management process of BCM
141. What floods a Web site with so
many requests for service that it slows
down or crashes?
primary characteristic of an intranet?
a. People inside the organization can
access it

a. Denial‐of‐service attack b. People outside the organization

can't access it
b. Worm
c. People outside the organization
c. Firewall can access it

d. Computer virus d. People inside the organization

can't access it
146. Scope of E-Commerce is 150. Which Alternative processing
facility is most efficient to support
a. Global processing?

b. within own state a. Warm site

c. local b. Cold site

d. Within own country c. Reciprocal agreement

147. An effective risk management plan

d. Hot Site
will not include which of the following?

a. Risk response planning

b. Risk monitoring

c. Risk avoidance

d. Priority

148. Which is developed by Visa and

Master card to handle credit card
transactions on internet?

a. encryption

b. SAT

c. SET

d. SSL

149. What is not one of the outcomes

indicative of an effective Business
Continuity program?

a. The impact of a disruption on the

organization’s key services is limited.

b. The period of disruption is

shortened

c. The organization’s supply chain

record is secured

d. The impact of a disruption on the

organization’s key services is limited.