[Week 12] NPTEL Cyber Security and Privacy Assignment Answers 2023

NPTEL Cyber Security and Privacy Assignment Answers

NPTEL Cyber Security and Privacy Week 12 Assignment Answer 2023

1. The Aadhaar project is the world’s largest national identity project, launched by the government of India, which seeks to collect the following data about residents and store these in a centralized database.

• Biometric data
• Demographic data of residents
• Life style data of citizens
• All of these

Answer :- a

2. Personal Data Protection Bill 2019 had the following provision.
(1) Provide for the protection of the privacy of individuals relating to their personal data,
(2) Specify demerits of the flow and usage of personal data,
(3) Create a mysterious relationship of trust between persons and entities processing personal data,
(4) Protect the fundamental rights of individuals whose personal data are processed

Choose which of the options listed above are false?
1,2,3
2,3
1,4
1,2

Answer :- b

3. The Aadhaar Act attempts to create a method for————— of individuals so as to provide services, subsidies and other benefits to the residents of the country.

• Identification
• Authentication
• Authorization
• Accountability

[ihc-hide-content ihc_mb_type=”show” ihc_mb_who=”1,2,3″ ihc_mb_template=”1″ ]

Answer :- a

4. ——————- gathers personally identifying information from Aadhaar holders, prepares the data for transmission, and receives the authentication.

• System Terminal
• Barcode reader
• Authentication device
• RFID

Answer :- c

5. According to standard notions of digital authentication, a security principal (a user or a computer), while requesting access to a service, must provide two independent pieces of information, which are:

• Identity and Authentication.
• Verification and Authentication
• Validation and Authorization
• Validation and Authentication

Answer :- a

6. Identity provides an answer to the question —————— Anonymity is when nobody knows who you are but potentially, they know —————————

• how are you? & how you do
• who are you? & what you do
• how are you feeling? & what you do
• who are you? & what you know about others

Answer :- b

7. Which of the following is odd about Aadhaar authentication?

• It enables authentication using a One-Time-Password (OTP) issued to the resident’s listed email address or cellphone number in the CIDR.
• It enables authentication combining OTP, fingerprint, and iris authentication for residents.
• It offers a 2-factor authentication with OTP as one factor and multimodal biometric as the second factor for authenticating residents.
• It enables Aadhaar authentication by matching Aadhaar numbers and demographic attributes of residents.

Answer :- d

8. Personal Data Protection Bill sought to ensure privacy rights of the individual. Select the odd option

• Obtain confirmation from the fiduciary on whether their personal data has been processed
• Seek correction of inaccurate, incomplete, or out-of-date personal data
• Have personal data transferred to any other data fiduciary in certain circumstances
• Restrict continuing disclosure of their personal data by a fiduciary, if it is no longer necessary Or consent is withdrawn
• Provide advice on security safeguards like data encryption

Answer :- d

9. Which of the following act enforces individual privacy in online space, after scrapping a similar bill:

• Digital Personal Data Protection Bill 2023
• PDP Bill 2018
• GDPR
• IT Act, 2000

Answer :- a

[/ihc-hide-content]

Course Name	Cyber Security and Privacy
Category	NPTEL Assignment Answer
Home	Click Here
Join Us on Telegram	Click Here

NPTEL Cyber Security and Privacy Week 11 Assignment Answer 2023

Q1. The area of philosophy that examines the basis for moral judgment, as well as its nature, standards, sources, and logic, is called ——————
Moral principle
Moral value
Ethics
Law

Answer:- c

Q2. Choose the correct option that represents HIPAA’s fundamental principle
Producer control of medical information
No restrictions on how medical data may be used
Accountability to maintain the privacy of specified types of information
Balance of public responsibility for the use of medical information for the greater good measured against no impact on the individual
Security of health information

Answer:- c

Q3. True or False:
The cornerstone of many current computer-related criminal laws in the US is the Computer Fraud and Abuse Act of 1986.
True
False

Answer:- a

Q4. Which one of these activities falls outside the scope of the GDPR?
processing for marketing purposes
processing for domestic and household purposes
processing for the purposes of crime and investigations
processing for the purposes of journalism literature and art

Answer:- b

Q5. What types of information are covered by the GDPR?

• Personal data
• Data related to the public domain
• All data of a person that can be identified by their identifier, directly or indirectly
• Garbage data

Choose the correct option.
1,2
2,4
1,3
4,3

Answer:- c

Q6. Which of the following are not GDPR fundamental rights?
The right to be informed, the right of access
The ability to learn from mistakes, the freedom to transfer data
The right to object, rights related to automated decision-making
All are correct

Answer:- b

Q7. Match topics of interest to IT Professionals with US Laws

(A) Cryptography (1) Electronic Communications Privacy Act
(B) IP (2) Federal Privacy Act
(C) Encryption and digital signatures (3) No Electronic Theft Act amends
(D) Privacy (4) Security and Freedom through Encryption Act
Choose the correct option
A-4, B-3, C-1, D-2.
A-3, B-1, C-4, D-2.
A-4, B-3, C-1, D-2.
A-1, B-3, C-4, D-2.

Answer:- d

Q8. INDIAN COPYRIGHT ACT was drafted in ——————–by Shalu Gothi and Daisy Jain
2000
1857
1957
1967

Answer:- c

Q9. What is the software that comes hidden in free downloadable software and tracks your online movements, mine the information stored on your computer or use your computer’s CPU and storage for some task you know nothing about?
Weblog
Clickstream
Anonymous web browsing service
None of above

Answer:- d

Q10. What are the primary examples of public law?
Criminal, administrative, and constitutional law
Civil, Legislative and public service
IPC, administrative, service, constitutional law
All are the primary examples of public law.

Answer:- a

NPTEL Cyber Security and Privacy Week 10 Assignment Answer 2023

Q1. GDPR makes provisions for the individual member states to add their own exemptions
True
False

Answer: a

Q2. The GDPR introduces a new data protection principle that requires organizations to
demonstrate compliance with the principles
optional compliance with the privacy regulation
flexibility to report data protection breaches
accept data breaches

Answer: a

Q3. In which of these circumstances could a data subject exercise their right to be forgotten?
Where they have withdrawn consent for data processing
Where the data is no longer necessary for the purposes for which it was collected
Where erasure is necessary to comply with a legal obligation
All are true
All are false

Answer: d

Q4. According to GDPR a group of companies or public authorities may appoint a single data protection officer to represent them all
True
False

Answer: a

Q5. ——————— is a system for publicly sharing information about a dataset by describing the patterns of groups within the dataset while withholding information about individuals in the dataset.
Differential privacy (DP)
Privacy calculus
Privacy paradox
Privacy theory

Answer: a

Q6. A release of data is said to have the k-anonymity property if the information for each person contained in the release cannot be distinguished from at ———individuals whose information also appears in the release
least k−1
least k+1
least k +/- 1
least k*1

Answer: a

Q7. Consider the following diagram:

In the First wave of the economic theory of privacy, work did not consist of formal economic models, but rather general ————around the value or the damage that individuals, and society, may incur when personal information is protected, thereby making potentially useful information unavailable to the marketplace
Choose the correct answer:
information privacy
economic arguments
economic value
economic benefit

Answer: b

Q8. The economics of privacy concerns the tradeoffs associated with the balancing of ——————–spheres between individuals, organizations, and governments.
public and private
internal and external
low and high
individual vs group

Answer: a

Q9. The goal of privacy-preserving data mining is to develop data mining methods without increasing the risk of misuse of the ———
privacy
data
anonymity
Privacy-related content
database

Answer: b

Q10. __________ is a dichotomy between a person’s intention to protect their online privacy versus how they actually behave online and as a result compromise their privacy
Privacy paradox
Privacy calculus
Differential calculus
Coherentism

Answer: a

Q11. The personal data that has been de-identified, —————-but can be used to re-identify a person remains personal data and falls within the scope of the GDPR.
pseudonymized
decrypted
Anonymize
Secrete

Answer: a

NPTEL Cyber Security and Privacy Week 9 Assignment Answer 2023

1. What is the maximum fine for GDPR non-compliance?

• EUR 10mn or 2% global turnover
• EUR 15mn or 3% global turnover
• EUR 20mn or 4% global turnover
• EUR 25mn or 5% global turnover

Answer :- c

2. Richards and Solove (2007) suggest that while the American derivation of general privacy is grounded in one’s ——————–

• inviolate personality
• violate personality
• serious personality
• funny personality

Answer :- a

3. Cohenretism treats privacy as a

• Permission
• Order
• Freedom
• Distinct right

Answer :- d

4. True/ or False?
Confidentiality is concerned with the externalization of restricted but accurate information to a specific entity.

True
False

Answer :- a

5. Being observed, while the subject doesn’t know is

• Panopticon
• Transparency
• Prevention
• Anonymity

Answer :- a

6. Concerns for Information Privacy (CFIP) has four constructs. Which is a construct that is not part of the CFIP?

• Collection
• Unauthorized access
• Autonomy
• Errors

Answer :- c

7. According to ——————— privacy is not a distinct value concept because it could be conceptually reduced to other values, like liberty

• Coherentism
• Reductionism
• Privacy
• Security

Answer :- b

8. ……………… determines the purposes and means of processing personal data

• Data fiduciary
• Data processor
• Data principle
• Data users

Answer :- a

9. A IPL team management contracts a market research specialist team to carry out players satisfaction survey. The IPL team specifies the budget and the deadline, but the market research team determines sample sizes and interview methods. The market research team decides which player to select for the interview, what information will be collected, how the information will be collected, and how the information will be presented to the IPL team management. Who is the data controller in this situation?

• An IPL team management
• Market research firm
• Both a & b are controllers
• None of them are controllers

Answer :- c

10. Fair Information Practice (FIP) principles were developed the United States in response to increasing privacy concerns resulting from massive computerization. What is an issue FIP does not address?

• secret record-keeping systems
• access by data subject to information stored in record keeping systems
• ability by data subject to correct errors in one’s own data
• data localization

Answer :- d

Course Name	Cyber Security and Privacy
Category	NPTEL Assignment Answer
Home	Click Here
Join Us on Telegram	Click Here

NPTEL Cyber Security and Privacy Week 8 Assignment Answer 2023

1. Which of the following terms describes the process of making and using codes to secure the transmission of information?

• Algorithm
• Cryptography
• Steganography
• Cryptanalysis

Answer :- b

2. What is term is used to describe a cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message?

• Private-key encryption
• Symmetric encryption
• Advanced Encryption Standard (AES)
• Asymmetric encryption

Answer :- d

3. A substitution cipher that incorporates two or more alphabets in the encryption process is called——————-

• Monoalphabetic substitution
• Block cipher substitution
• Stream cipher substitution
• Polyalphabetic substitution

Answer :- d

4. The current standard for the encryption of data, as specified by NIST ——— is based on the Rijndael algorithm, which was developed by Vincent Rijmen and Joan Daemen.

• DES
• RSA
• AES
• Message Digest

Answer :- c

5. True or False:
Nonrepudiation means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny.

• True
• False

Answer :- a

6. Limited-use symmetric keys for temporary communications during an online session is called

• Session keys
• One-time padding
• AES
• DES

Answer :- a

7. Match the following

Choose the correct answer

• A-3, B-5, C-4, D-1, E-2
• A-2, B-1, C-4, D-5, E-3
• A-4, B-2, C-3, D-1, E-1
• A-5, B-2, C-3, D-1, E-4

Answer :- b

8. Suppose that everyone in a group of N people wants to communicate secretly with the N-1 others using a symmetric key cryptographic system. Communication between any two persons should not be decodable by others in the group. The number of keys required in the system as a whole to satisfy the confidentiality requirement is

• 2N
• N(N-1)
• N(N–1)/2
• (N-1)2

Answer :- c

9. Decrypt the following message if it was encrypted using a shift cipher with a shift of 3.
Message: NPTELINFORMATION

• Q S W H O L Q I R U P W L R Q
• Q S W H O L Q I T U P W L R Q
• Q S W F O L Q I R V P W L R Q
• Q S W H O L Q I R V P W L R Q

Answer :- a

10. ————security protocols are used to protect e-mail

• SMTP
• HTTPS
• S/MIME, PEM, and PGP
• Telnet

Answer :- c

11. What is the most popular encryption system used over the Web?

• Diffie Hellman key exchange
• RSA
• Block cipher
• DES

Answer :- b

Course Name	Cyber Security and Privacy
Category	NPTEL Assignment Answer
Home	Click Here
Join Us on Telegram	Click Here

NPTEL Cyber Security and Privacy Week 7 Assignment Answer 2023

1. Which VPN technology uses leased circuits from a service provider and conducts packet switching over these leased circuits?

• Secure VPN
• Hybrid VPN
• Trusted VPN
• Transport VPN

Answer :- c

2. The biometric technology criteria that describe the number of legitimate users who are denied access because of a failure in the biometric device in known as

• False reject rate
• False accept rate
• Crossover error rate
• Accountability rate

Answer :- a

3. True or False: All traffic exiting from the trusted network should be filtered.

• True
• False

Answer :- b

4. What term is used to describe decoy systems designed to lure potential attackers away from critical systems?

• Trap
• Honeypot
• Trace
• Sniffer

Answer :- b

5. True or False: Signature-based IDPS technology is widely used because many attacks have clear and distinct signatures.

• True
• False

Answer :- a

6. The method by which systems determine whether and how to admit a user into a trusted area of the organization is known as

• Attribute
• Accountability
• Access control
• Audibility

Answer :- c

7. ——————denotes the rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. This failure is also known as ————–.

• False reject rate, Type I error
• False accept rate, Type 2 error
• False accept rate, Type I error
• False reject rate, Type 2 error

Answer :- b

8. Fill in the blank
——————denotes the rate at which authorised users are denied access to systems or areas as a result of a failure in the biometric device. This failure is also known as ————.

• ZChoose the correct option
• False reject rate, Type I error
• False accept rate, Type 2 error
• False accept rate, Type I error
• False reject rate, Type 2 error

Answer :- d

Answer :- d

10. Choose the right option to fill in the blanks
(1) ————— initiates network traffic to find and evaluate service ports whereas (2) —————- uses traffic from the target network segment to evaluate the service ports available from hosts on that segment.

• 1-active vulnerability scanners, 2-passive vulnerability scanners
• 1-passive vulnerability scanners, 2-active vulnerability scanners

Answer :- a

Course Name	Cyber Security and Privacy
Category	NPTEL Assignment Answer
Home	Click Here
Join Us on Telegram	Click Here

NPTEL Cyber Security and Privacy Week 6 Assignment Answer 2023

1. Match 1 & 2 with A& B following

1. Residual risk
2. Risk appetite

A: The risk to information assets that remains even after current controls have been applied.
B: The quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.
Choose the correct answer:

• 1-A, 2-B
• 1-B, 2-A

Answer :- a

2. True or False:
The information technology community of interest must assist in risk management by configuring and operating information systems in a secure fashion.

• True
• False

Answer :- a

3. The process of examining how each threat will affect an organization is called:

• Risk assessment
• Data classification
• Threat assessment
• Vulnerability classification

Answer :- c

4. The probability that a specific vulnerability within an organization will be the target of an attack is known as:

• Loss Magnitude
• Manageability
• Likelihood
• Practicability

Answer :- c

5. The calculation of the value associated with the most likely loss from an attack is called:

• Annualised Rate of Occurrence (ARO)
• Annualised Loss Expectancy (ALE)
• Cost Benefit Analysis (CBA)
• Single Loss Expectancy (SLE)

Answer :- d

6. ———————-is the formal assessment and presentation of the economic expenditures needed for particular security control, contrasted with its projected value to the organization.

• Feasibility analysis
• Cost-benefit analysis
• Risk-benefit analysis
• Economic impact analysis

Answer :- b

7. A document that compares the relative importance of prioritised assets to prioritised threats and highlights any weaknesses in the asset/threat pairs.

• Threats-Vulnerabilities document
• Threats-Vulnerabilities-Assets (TVA) worksheet
• Threats-Vulnerabilities-Assets log file
• Attack Vulnerability Asset document

Answer :- b

8.

Answer :- a

9. ——————- varies among organisations because they maintain different balances between the expense of controlling vulnerabilities and the possible losses if the vulnerabilities are exploited. The key for each organisation is to find the proper balance in its decision-making and feasibility analyses, to use experience and facts instead of ignorance or wishful thinking.

• Risk appetite
• Risk control
• Residual Risk
• Risk Assessment

Answer :- a

10. Malware dictation Software has its own (Asset) internal personnel database behind a firewall. Industry reports indicate a 5 % chance of an attack. The information security and IT departments report that if the organization is attacked, the attack has a 15 % chance of success based on current asset vulnerabilities and protection mechanisms. The asset is valued at a score of 35 on a scale of 0 to 100, and information security and IT staff expect that 60 % of the asset would be lost or compromised by a successful attack, because not all of the asset is stored in a single location. You estimate that the assumptions and data are 90 % accurate. Calculating Risk.

• 0.1575
• 0.1733
• 0.2887
• 0.5575

Answer :- b

11. xyzbuy.com has an estimated value of Rs 50,00,000, as determined by an asset valuation and a cracker defacement scenario indicates that a deliberate act of sabotage or vandalism could damage 25 per cent of xyzbuy.com, then the single loss expectancy for the xyzbuy.com would be?

• 16,50,000
• 15,20,000
• 11,11,000
• 12,50,000

Answer :- d

Course Name	Cyber Security and Privacy
Category	NPTEL Assignment Answer
Home	Click Here
Join Us on Telegram	Click Here

NPTEL Cyber Security and Privacy Week 5 Assignment Answer 2023

1. What type of policy addresses specific areas of technology, requires frequent updates, and contains a statement on the organization’s position on a specific issue?

• Enterprise information security policy (EISP)
• Systems-specific security policy (SysSP)
• Automated policy (AP)
• Issue-specific security policy (ISSP)

Answer :- d

2. What are the defence strategies’ three common methods?

1. Application of policy
2. Education and training
3. Business impact analysis
4. Risk management
5. Application of technology

Choose the correct answer.

• 1,2,3
• 1,2,4
• 2,4,5
• 1,2,5

Answer :- b

3. Policy administrator is responsible for ———–

1. creation,
2. revision,
3. implementation
4. distribution, and
5. storage

of policy in an organization. Choose the correct option

• 1,2
• 3
• 3,4
• 5

Answer :- c

4. Which type of policy is frequently codified as standards and procedures to be used when configuring or maintaining systems?

• Enterprise information security policy (EISP)
• Systems-specific security policy (SysSP)
• Automated policy (AP)
• Issue-specific security policy (ISSP)

Answer :- b

5. Which of the following is used to direct how issues should be addressed and technologies must be used in an organization?

• policies
• standards
• ethics
• governance

Answer :- a

6. The boundary in the network within which an organization attempts to maintain security controls for securing information from threats from untrusted network areas is called ————-

• Security peripheral
• Security perimeter
• Security measure
• Security principle

Answer :- b

7. Consider the following statements

1. Statement of Purpose -What the policy is for
2. Information Technology Security Elements – Defines information security
3. Need for Information Technology Security – Justifies the irrelevance of information security in the organization
4. Information Technology Security Responsibilities and Roles – Defines organizational overall business planning and security investment plan.

• Identify the components of the EISP

3, 4
2, 3, 4
1, 2
all are true

Answer :- c

8. Access Control Lists specify

1. who can ——–the system
2. what ———users can access
3. when authorised users can ——–the system
4. where authorised users can access the system from

Chose the correct words or expressions to fill in the blanks, in sequence:

• use, authorised, access
• authorised, access, create
• authorised, access, use
• administer, access, accountable

Answer :- a

9. The goals of (A)—————————— are:
1.—————— of information security with business strategy to support organizational objectives
2 —————— by executing appropriate measures to manage and mitigate threats to information resources
3. —————— by using information security knowledge and infrastructure efficiently and effectively

Choose the correct answer:

• A-Financial security gov, 1- Tactical alignment, 2- Performance mgmt., 3- Resource mgmt.,
• A-Information security governance,1-Strategic alignment, 2- Risk mgmt., 3- Resource mgmt.,
• A-Data security gov, 1-Operational management, 2- Resource mgmt., 3- Risk mgmt.,
• A-Bord of governance,1-Operational alignment, 2- Risk mgmt., 3- Resource mgmt.

Answer :- b

Course Name	Cyber Security and Privacy
Category	NPTEL Assignment Answer
Home	Click Here
Join Us on Telegram	Click Here

NPTEL Cyber Security and Privacy Week 4 Assignment Answer 2023

1. Which term is used to describe detailed statements of what must be done to comply with policy?

• Policies
• Standards
• Ethics
• Governance

Answer :- b

2. Management must use ——————-as the basis for all information security planning, design, and deployment.

• Standards
• Procedures
• Policies
• Best business practices

Answer :- c

3. Which type of planning ensures that critical business functions continue if a catastrophic incident or disaster occurs?

• Business continuity planning (BCP)
• Contingency planning (CP)
• Business resumption planning (BRP)
• Disaster recovery planning (DRP)

Answer :- a

4. ————– policy can be separated into two general groups (a) managerial guidance and (b) technical specifications. Select the correct options

• Systems-Specific Security
• Issue-Specific Security
• Enterprise Information Security
• None of these

Answer :- a

5. The actions taken during and after a disaster falls under —————-

• Impact assessment
• Risk management
• Crisis management
• Both (a) & (b)

Answer :- c

6. Special Publication 800-14 of the National Institute of Standards and Technology (NIST) defines three types of security policy and chooses the

• Violations of Policy, Business continuity planning, Response planning
• A disaster recovery, Incident response planning, and Business continuity planning
• Issue-specific security, Systems-specific security, Enterprise information security
• Enterprise information security, Violations of Policy, Response planning

Answer :- c

7. What are the elements of a business impact analysis?

1. Threat attack identification
2. Business unit analysis
3. Attack success scenario development
4. Potential damage assessment
5. Subordinate plan classification
6. Risk management
7. Disaster management

The elements of a business impact analysis are:

1,2,3,4,5 correct
1,2,3,5,6 correct
2,3,5,6,7 correct
All are correct

Answer :- a

8. Access control lists (ACLs) that govern the rights and privileges of users consist of the

1. User access lists,
2. Matrices,
3. Capability, and
4. Dedicated hardware

Choose the correct answer

1,2,3,4 are true
1,2,3 are true
Only 4 is true
All are true

Answer :- b

9. The instructions a system administrator codes into a server, networking device, or a device to specify how it operates is called

• Administration rule
• Configuration rules
• Networking rules
• Security rule

Answer :- b

10. Information security safeguards focus on administrative planning, organizing, leading, and controlling and that are designed by strategic planners and implemented by the organization’s security administration. These safeguards include governance and risk management together known as

• Managerial controls
• Operational controls
• Technical controls
• None of these

Answer :- a

11. A lattice-based access control with rows of attributes associated with a particular subject such as a user is called

• Access control matrix
• Capabilities table
• Configuration table
• All of above

Answer :- a

Course Name	Cyber Security and Privacy
Category	NPTEL Assignment Answer
Home	Click Here
Join Us on Telegram	Click Here

NPTEL Cyber Security and Privacy Week 3 Assignment Answer 2023

1. Which of the following terms best describe the specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls?

1. Blueprint
2. NIST handbook
3. An information security framework
4. Security plan

Answer :- An information security framework

2. True or False: SP 800-18, Guide for Developing Security Plans, is considered the foundation for a comprehensive security blueprint and framework.

1. True
2. False

Answer :- True

3. One of the foundations of security architectures is the requirement to implement security in layers. This layered approach is referred to as:

1. managerial controls
2. security domain
3. redundancy
4. defense in depth

Answer :- defense in depth

4. Control Objectives for Information and Related Technologies is a framework created by —— for information technology (IT) management and ————-

1. HIPPA, & Information officer
2. ISO, & Security officer
3. ISACA, & IT governance
4. CISO, & Chief officer

Answer :- ISACA, & IT governanc

5. Three approaches to cyber security management are

• Governance-Risk-Compliance (GRC) approach
• —————————————————
• Organizational planning approach

1. Information-driven approach
2. Security-driven approach
3. Standards-driven approach
4. Procedure-driven approach

Answer :- Standards-driven approach

6. ISO/IEC 27032:2012 involves guidelines for —————–

1. Network security
2. Cyber security
3. Risk Management
4. Governance of information security

Answer :- Cyber security

7. The five goals of information security governance are

1. —————–of information security with business strategy to support organizational objectives
2. —————- by executing appropriate measures to manage and mitigate threats to information resources
3. —————–by utilizing information security knowledge and infrastructure efficiently and effectively
4. —————–by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved
5. —————–by optimizing information security investments in support of organizational objectives.

A. Strategic alignment
B. Risk management
C. Resource management
D. Performance measurement
E. Value delivery

Match the following

• 1-B,2-C,3-D,4-C,5-A,
• 1-C,2-B,3-A,4-B,5-E
• 1-E,2-C,3-A,4-B,5-D
• 1-A,2-B,3-C,4-D,5-E,

Answer :- c. 1-E,2-C,3-A,4-B,5-D

8. Match ISO Series with the corresponding topic

(A) 27000 (1)Series Overview and Terminology
(B) 27003 (2)Information Security Management Systems Implementation Guidelines
(C) 27004 (3) Information Security Measurements and Metrics
(D) 27005 (4) ISMS Risk Management
(E) 27006 (5) Requirements for Bodies Providing Audit and Certification of ISMS

• A-1, B-2,C-3, D-4, E-5
• A-4, B-2, C-3, D-1, E-5
• A-2,B-1,C-3,D-5,E-4
• A-3,B-2,C-1,D-5,E-4

Answer :- c. A-2,B-1,C-3,D-5,E-4

9. (1)—————— is authorized by policy from senior management and is usually carried out by senior IT and information security executives, such as the(2)———and-(3)——-

1- ISG 2- CIO, 3- CISO
1-CO,2, 2-CIO,3- CISO
1-CISO, 2-CIO, 3-CO
1-CISO, 2-ISG, 3-CO

Answer :- 1- ISG 2- CIO, 3- CISO

Course Name	Cyber Security and Privacy
Category	NPTEL Assignment Answer
Home	Click Here
Join Us on Telegram	Click Here

NPTEL Cyber Security and Privacy Week 2 Assignment Answer 2023

1. What term describes the quality or state of ownership or control of information?

• confidentiality
• possession
• authenticity
• integrity

Answer :- possession

2. Fill in the blanks
The McCumber Cube has ——————-dimensions with ——-cells representing areas that must be addressed to secure today’s information systems.

• 7 and 21
• 4 and 27
• 3 and 18
• 3 and 27

Answer :- 3 and 27

3. ——————is a weakness or fault in a system or protection mechanism that opens it to attack or damage.

• Threat
• Vulnerability
• Risk
• Attack

Answer :- Vulnerability

4. Which of the following is not a component of an organization’s Information System?
(1) Software (2) Vendors (3) People (4) Government (5) ISPs

• 1&3
• 1,2 &4
• 4 & 5
• 2,4, & 5

Answer :- 2,4, & 5

5. True or False:
The person responsible for the storage, maintenance, and protection of information is the data custodian.

• True
• False

Answer :- True

6. Biometric data collected from users is used for—————————- process.

• Authentication
• Authorization
• Accountability
• Privacy

Answer :- Authentication

7. Select the right options of the C.I.A. triad
(1) Assurance that information is shared only among authorized people or organizations
(2) Assurance that the information is complete and uncorrupted
(3) Assurance that information systems and the necessary data are not available for use when needed

• (1) True (2) False (3) True
• (1) False (2) False (3) True
• (1) True (2) True (3) True
• (1) True (2) True (3) False

Answer :- (1) True (2) True (3) False

8. Match the following:

• A-1, B-3, C-4, D-2, E-5
• A-3, B-4, C-5, D-1, E-2
• A-5, B-4, C-3, D-2, E-1
• A-1, B-2, C-3, D-4, E-5

Answer :- A-5, B-4, C-3, D-2, E-1

9. Who are responsible for the security and use of a particular set of information?

• Data users
• Data exporter
• Data custodians
• Data owner

Answer :- Data custodians

10. True or False:
If information has a state of being genuine or original and is not a fabrication, it has the characteristic of authenticity.

• True
• False

Answer :- True

NPTEL Cyber Security and Privacy Week 1 Assignment Answer 2023

1. Security is a state or quality of being secure to be free from–————-.

• Vulnerability
• Threat
• Attack
• Danger

Answer :- d (Danger)

2. Which term among the following is correct?

• Cybersecurity
• Cyber-security
• Cyber security
• All are correct

Answer :- d (All are correct) 

3. What does “cyber” meanin the context of Information Technology?

• Software
• Hardware
• Network
• Online World

Answer :- D (Online World)

4. Cyber security affects individuals, organizations, society and ——————–.

• Government
• Institution
• Department
• Firms

Answer :- a (Government)

5. Choose the odd one

• Phishing attack
• Denial of Service attack
• SQL Injection
• Man in the middle attack
• Importing data

Answer :- e (Importing data)

6. Restricting unauthorized access and misuse of physical assets helps in achieving physical security of an organization.

• True
• False

Answer :- a (True)

7. Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment , organization and

• users’ cyber assets
• user personal information
• cyberspace
• resource

Answer :- a (users’ cyber assets)

8. The general security objectives comprise —––————-,Availability and Integrity

• Confidentiality
• Accountability
• Authorization
• Authentication

Answer :- 8 (Confidentiality)

9. Network security involves protection of items, objects, or facilities.

• True
• False

Answer :- b (False)

Course Name	Cyber Security and Privacy
Category	NPTEL Assignment Answer
Home	Click Here
Join Us on Telegram	Click Here