QUIZ - I

Instructions:
 Read each question carefully.
 Choose the best answer/answers for each question.
 Read each scenario carefully and answer the questions to the best possibility.
 Your answers should be based on the information provided in the scenario and concept
/knowledge of the relevant topics.

MCQs (1.5)
1- Which of the following options accurately identifies the states of data?? (0.5)

A. Data at rest
B. Data in motion
C. Data in use
D. Data in storage

2- Which of the following is the state of data when it is being transmitted over a network? (0.5)

A. Data at rest
B. Data in motion
C. Data in use
D. Data in storage

3- Which of the following is the principle of least privilege? (0.5)

A. Users should only have access to the resources they need to do their job.
B. Users should have access to all resources, regardless of their job role.
C. Users should have access to more resources than they need, in case they need them in the
future.
D. None of the above.
Questions:
1. A large company has recently experienced a cyberattack that resulted in the theft of sensitive
customer data. The company's information security team is responsible for investigating the
incident and developing a plan to mitigate the risks and prevent future attacks. (4.5)

Using the concepts of information security, IT security, cybersecurity, the CIA triad, IAAA,
privacy, risk and incident management, and access control, discuss the following:

a) What are the key differences between information security, IT security, and
cybersecurity? 1.5
b) Define and discuss How a company's information security team uses the CIA triad and
IAAA to develop a plan to mitigate the risks and prevent future attacks? - 1

c) What is the risk and incident management? - 1

d) What are the best practices for access control, and how can the company use them to
protect its sensitive data? – 1

2. Difference between SCA and BCP? (1)

3. A large financial institution is developing a new mobile banking app. The app will allow
customers to access their accounts, transfer money, and make payments. The financial
institution wants to ensure that the app is secure and that customer data is protected from
unauthorized access. (4.5)

Using the concepts of cryptography, steganography, context of cryptography, cryptography

primitives, cryptosystems, PKIs, and cryptographic attacks, discuss the following:

a) What cryptographic techniques can the financial institution use to protect the mobile
banking app and customer data? - 1
b) How can the financial institution use steganography to hide sensitive data in the mobile
banking app with example? -1
c) What are the benefits and drawbacks of using cryptography and steganography to
protect mobile banking apps and customer data? – 1.5
d) List down some of the cryptographic attacks that the financial institution should be
aware of? -1

4. Difference between Symmetric & Asymmetric? (1)

5. Encrypt the message “meet me at the usual place at ten rather than eight” using the Caesar
cipher with the specific key. Show your calculations and the result. Show the calculations for the
corresponding decryption of the cipher text to recover the original plaintext. (2.5)