Module I: Introduction to Information Security – MCQs

1. Which of the following is not a basic principle of Information Security?

a) Confidentiality
b) Integrity
c) Availability
d) Redundancy

2. What does the CIA triad in Information Security stand for?

a) Communication, Integrity, Access
b) Confidentiality, Integrity, Availability
c) Control, Identification, Audit
d) Confidentiality, Information, Access

3. Which of the following best describes the purpose of implementing security in SDLC?
a) To improve user interface
b) To protect against malware
c) To integrate security early in development
d) To reduce power consumption

4. Which component is NOT part of an Information System?

a) Hardware
b) Software
c) Procedures
d) Entertainment

5. Why is balancing security and accessibility important in IT systems?

a) To make the system expensive
b) To avoid legal issues
c) To ensure usability while maintaining protection
d) To allow full freedom for users

6. Who is responsible for overseeing security implementation in an organization?

a) Network engineer
b) Security professional
c) Software tester
d) Web developer

7. What is the primary goal of Information Security?

a) Minimize network load
b) Increase revenue
c) Protect data and systems from threats
 d) Develop applications

8. Which phase of SDLC focuses on analyzing the security requirements?

a) Testing
b) Design
c) Planning
d) Requirements analysis

9. What is the function of a security policy in an organization?

a) Monitor user activities
b) Define rules and procedures for protection
c) Reduce software costs
d) Promote marketing

10. Which of these is a critical concept in Information Security?

a) Currency
b) Confidentiality
c) Circulation
d) Conformity

11. What is risk in the context of Information Security?

a) The number of employees
b) The potential for data loss or damage
c) Cost of hardware
d) Size of a database

12. How can an organization ensure continuous security improvement?

a) Increase internet speed
b) Conduct regular audits and assessments
c) Install new monitors
d) Use strong passwords only

13. What does SDLC stand for?

a) Secure Development Lifecycle
b) System Development Life Cycle
c) Software Design Logical Chain
d) Security Data Logging Control

14. Which role is responsible for monitoring compliance in IT security?

a) Software developer
b) Compliance officer
c) Customer support
d) Business analyst
 15. What type of control is a firewall considered as?
a) Detective
b) Preventive
c) Corrective
d) Administrative

10 Marks Questions (5)

1. Explain the basic principles of Information Security with examples.

2. Describe the evolution of Information Security from the 1980s to today.

3. Discuss the importance of balancing Information Security with user accessibility.

4. Explain the role of a Security Professional in an organization.

5. Describe how Information Security is implemented in the System Development Life Cycle.

15 Marks Questions (5)

1. Describe the components of an Information System and their relevance to Information

Security.

2. Critically analyze the challenges faced by organizations in implementing effective Information

Security policies.

3. Discuss the System Development Life Cycle and how security is integrated at each phase.

4. Explain the critical concepts of Information Security and how they are applied in real-world
scenarios.

5. Evaluate the roles and responsibilities of different IT security professionals within an

organization.

Module II: Network Security – MCQs

1. What distinguishes a trusted network from an untrusted one?

a) Length of cable
b) Ownership and control
c) Type of hardware
 d) Speed of connection

2. Which of the following is NOT a form of computer network protection?

a) Encryption
b) Antivirus
c) Cookie
d) Firewall

3. What is the primary purpose of a VPN?

a) Track user data
b) Increase download speed
c) Secure remote communication
d) Provide public access

4. Which is an example of a network attack?

a) DDoS
b) SQL Injection
c) Phishing
d) All of the above

5. What is tunneling in VPN used for?

a) Creating network holes
b) Encrypting the transmitted data
c) Detecting viruses
d) Speeding up the network

6. Which is a software-based security measure?

a) Firewall
b) Modem
c) Cable
d) Router

7. Why do enterprises use VPNs?

a) Reduce internet bills
b) Secure internal communications
c) Spy on users
d) Track web usage

8. What role does authentication play in VPN security?

a) Blocks ads
b) Verifies user identity
c) Encrypts files
d) Increases speed
9. Which of the following is a type of VPN?
a) SSL VPN
b) FTP VPN
c) DNS VPN
d) TCP VPN

10. What are the vulnerabilities associated with open networks?

a) Enhanced privacy
b) Risk of unauthorized access
c) High speed
d) None

11. What is the best practice for securing Wi-Fi networks?

a) Disable firewall
b) Use open access
c) Enable WPA2 encryption
d) Share password

12. Which protocol is commonly used in VPNs for encryption?

a) HTTP
b) IPsec
c) DNS
d) SMTP

13. Why is network security important for enterprises?

a) To monitor employee work hours
b) To prevent data breaches and cyberattacks
c) To install software remotely
d) To increase screen brightness

14. Which is a hardware-based network security solution?

a) Router
b) Browser
c) Firewall
d) Keyboard

15. What is the function of an enterprise firewall?

a) Increase Wi-Fi range
b) Block unauthorized access
c) Manage cloud backups
d) Send bulk emails
10 Marks Questions (5)

1. Describe the key concepts of computer and network security.

2. Explain the difference between trusted and untrusted networks with examples.

3. Discuss the different forms of protection used in network security.

4. What is a VPN and how does it enhance network security?

5. Explain the role of tunneling and authentication in VPNs.

15 Marks Questions (5)

1. Discuss various types of VPNs and their applications in enterprises.

2. Evaluate the network vulnerabilities and outline best practices for securing networks.

3. Analyze the importance of hardware and software in network protection.

4. Describe unknown and known network attacks with real-world examples.

5. Discuss the major network security issues faced by modern enterprises.

Module III: Network Security Controls – MCQs

1. What is the function of an Intrusion Detection System (IDS)?

a) Store logs
b) Prevent spam
c) Monitor and detect malicious activity
d) Repair software

2. Which of these is a characteristic of an IDS?

a) Authentication
b) Signature detection
c) Data backup
d) File sharing

3. Why is router configuration important in IDS implementation?

a) It improves internet speed
b) It enables packet inspection
 c) It disables monitoring
d) It saves memory

4. Which is NOT a type of firewall?

a) Packet filtering
b) Stateful inspection
c) Proxy-based
d) Analog

5. What is the future trend in IDS technology?

a) Manual logging
b) AI-driven detection
c) Static rules
d) Print logs

6. What is a signature in IPS context?

a) Encryption method
b) Pattern of known threats
c) User password
d) Audit report

7. Why is IDS implementation challenging in dynamic networks?

a) High performance
b) Constant topology changes
c) Strong encryption
d) Wired connection

8. How does a firewall help in intrusion prevention?

a) It speeds up the system
b) It filters incoming and outgoing traffic
c) It compresses files
d) It encrypts memory

9. Which is a configuration step for a firewall?

a) Installing antivirus
b) Setting access rules
c) Updating MS Office
d) Plugging in a printer

10. What distinguishes IDS from IPS?

a) IDS blocks traffic
b) IPS detects traffic
c) IDS monitors only
 d) IPS repairs data

11. Which IDS methodology uses baseline activity?

a) Signature-based
b) Anomaly-based
c) Hybrid
d) None

12. What is the role of firewalls in layered network security?

a) Improve download speed
b) Act as gatekeepers
c) Clean temporary files
d) Manage databases

13. Which tool helps detect internal threats in a network?

a) DHCP
b) IDS
c) DNS
d) Proxy

14. What type of detection does an anomaly-based IDS perform?

a) Known threats only
b) Unusual behavior
c) IP scanning
d) Email phishing

15. Which device examines packet headers for security enforcement?

a) Switch
b) Router
c) Firewall
d) Server

10 Marks Questions (5)

1. Explain the types of network attacks and how they impact organizations.

2. Describe various methodologies used in Intrusion Detection Systems.

3. How do firewalls and IDS complement each other in network defense?

4. Explain the challenges in implementing IDS in enterprise environments.

5. Discuss the categories of Intrusion Prevention Systems and their configurations.

15 Marks Questions (5)

1. Analyze the differences between IDS and IPS with examples.

2. Describe the role and types of firewalls in detail.

3. Discuss the implementation steps and best practices for IDS deployment.

4. Evaluate the effectiveness of modern IDS and IPS technologies.

5. Explain how routers play a critical role in IDS configurations

Module IV: Introduction to Cryptography – MCQs

1. What is cryptanalysis?
a) Encrypting data
b) Breaking encryption
c) Creating algorithms
d) Deleting logs

2. Which is a classical encryption method?

a) AES
b) DES
c) Substitution
d) RSA

3. What is the purpose of a one-time pad?

a) Store passwords
b) Encrypt messages with unbreakable security
c) Reset encryption keys
d) Delete history

4. Which is an asymmetric encryption algorithm?

a) DES
b) RSA
c) RC4
d) AES

5. How does the transposition technique work?

a) Replace letters
b) Shuffle position of characters
 c) Use hashes
d) Compress files

6. What makes RSA secure?

a) Short keys
b) Prime factorization
c) Base64 encoding
d) Time stamp

7. What is the full form of AES?

a) Advanced Encryption Standard
b) Auto Encryption Scheme
c) Active Encrypting System
d) Automatic Encoding Security

8. Which technique is used in DES?

a) Stream cipher
b) Block cipher
c) Hashing
d) Substitution

9. What distinguishes symmetric from asymmetric encryption?

a) Key size
b) Use of same vs different keys
c) Application type
d) Number of users

10. Which algorithm is best suited for secure communication?

a) RC4
b) RSA
c) Shift Cipher
d) Atbash Cipher

11. Why is key management critical in encryption?

a) To reduce cost
b) To ensure data confidentiality
c) To track users
d) To compress data

12. Which cryptographic method ensures non-repudiation?

a) Hashing
b) Symmetric encryption
c) Digital signatures
 d) Encoding

13. What is the key feature of Diffie-Hellman algorithm?

a) Hashing speed
b) Key exchange
c) File compression
d) Randomization

14. How many rounds are used in Triple DES?

a) 2
b) 3
c) 12
d) 16

15. What is the primary goal of cryptography?

a) Speed
b) Confidentiality and integrity
c) Access
d) Compatibility

10 Marks Questions (5)

1. Define cryptography and differentiate it from cryptanalysis.

2. Describe classical encryption techniques with examples.

3. Explain the working of RSA and its use in secure communication.

4. Discuss the strengths and weaknesses of DES and AES.

5. Explain the concept and security of one-time pad encryption.

15 Marks Questions (5)

1. Compare and contrast symmetric and asymmetric encryption techniques.

2. Describe the RSA algorithm and explain how it ensures security.

3. Explain Diffie-Hellman key exchange protocol in detail.

4. Discuss modern encryption techniques used in enterprise networks.

5. Analyze the evolution of cryptographic methods from classical to modern.

Module V: Access Control – MCQs

1. What is the goal of access control?

a) Enhance hardware performance
b) Ensure authorized access
c) Encrypt emails
d) Reduce costs

2. Which is NOT a component of access control?

a) Authentication
b) Authorization
c) Accounting
d) Compilation

3. What does privilege management ensure?

a) Guest access to all data
b) Appropriate levels of access
c) External backups
d) Faster connections

4. How is system access monitored?

a) Firewalls
b) Event logging
c) Email scanning
d) Application updates

5. What is the function of event logging?

a) Monitor disk space
b) Track user activity
c) Increase RAM
d) Backup files

6. What is the principle of least privilege?

a) Give users access to everything
b) Grant minimum required permissions
c) Allow read-only access
d) Disable all passwords

7. How is physical security maintained in organizations?

a) By setting passwords
b) By perimeter defenses and asset disposal
c) By firewalls
 d) Through encryption

8. What is PGP used for?

a) File sharing
b) Email encryption
c) Logging activities
d) IP routing

9. What ensures perimeter security?

a) Firewalls and locks
b) Routers
c) Browsers
d) Backups

10. How is email security enhanced?

a) Using MIME and PGP
b) Turning off antivirus
c) Using open ports
d) Avoiding attachments

11. Which protocol is used in IP security?

a) SSL
b) IPsec
c) FTP
d) TCP

12. What is the purpose of safe disposal of physical assets?

a) Sell to competitors
b) Prevent data leakage
c) Free up storage
d) Save electricity

13. How do IDS tools relate to access control?

a) Enable open access
b) Detect unauthorized access
c) Encrypt passwords
d) Log keystrokes

14. What is user identity management?

a) Creating usernames only
b) Managing user authentication and profiles
c) Encrypting files
d) Logging network packets
 15. Which access control model is based on roles?
a) DAC
b) MAC
c) RBAC
d) DBMS

10 Marks Questions (5)

1. Explain the role of access and privilege management in network security.

2. Describe how operating system access controls work.

3. Discuss the techniques used for physical security in organizations.

4. Explain how email security is implemented using PGP and MIME.

5. What is IP security and how is it applied in networks?

15 Marks Questions (5)

1. Discuss user identity and access control systems with real-world applications.

2. Describe the security measures for physical asset protection and disposal.

3. Evaluate intrusion detection systems for monitoring access control violations.

4. Explain perimeter and internal security controls in an enterprise network.

5. Analyze email and IP security protocols and their applications.