The draft regulations require vendors to provide a Software Bill of Materials for what purpose?

To outline the software components used in critical applications

To track financial expenditures

To define maintenance schedules

What should the Cyber Security Policy address in terms of data protection?

Data encryption and privacy protocols

Data sharing across international borders

What is the main purpose of the Cyber Crisis Management Plan (CCMP)?

To manage cyber incidents and ensure coordinated responses

To regulate financial practices during crises

To set guidelines for employee conduct

To ensure compliance with power generation protocols

What are 'Critical Assets' as defined in the CEA Cyber Security Regulations?

Systems necessary for the reliable operation of the power system

Non-essential systems in the organization

Under the CEA Cyber Security Regulations, what specific responsibility does the Information Security Division (ISD) have concerning Cyber Security audits?

Review audit reports and ensure implementation of audit recommendations

Conduct quarterly audits of employee performance

Prepare financial reports related to cyber security

Develop marketing strategies for cyber security tools

What is required from vendors regarding security patches under the CEA Cyber Security in Power Sector Regulations?

Vendors must make patches available for all system components during the contract duration

Vendors must provide patches only at the start of the contract

Vendors need to ensure patches are applied automatically

Vendors are not responsible for patches according to the regulations

What is the main purpose of Perfect Forward Secrecy (PFS) in cryptographic communications?

Ensuring that encrypted data remains secure even if the server’s private key is compromised

Allowing symmetric keys to be reused for faster decryption

Maintaining long-term storage of cryptographic keys for auditing purposes

Encrypting data at rest to prevent unauthorized access

What is the stipulated process for remote access in the Responsible Entities' Cyber Security Policy?

Multi-factor authentication and least-privilege access should be ensured

Remote access should be allowed only for international users

Remote access is to be granted on a temporary basis without authentication

No specific access controls are mentioned

What is the minimum cybersecurity course requirement for CISO and ISD members per the regulations?

Ten person-days per year or as directed by the authority

At least five person-days per year

Only one training session per year

No mandatory training requirement specified

According to the regulations, what is the role of CSIRT-Power in collaborating with CERT-In and NCIIPC?

To resolve cyber incidents and develop incident response procedures

To enhance financial transparency in the power sector

To streamline supply chain logistics

To manage power distribution systems directly

What type of separation is required between IT and OT systems if physical separation is not possible?

Logical separation with hardened security measures must be implemented

The two systems must be connected via public networks

No separation is required if they are in the same location

Use of basic firewall protocols suffices for separation

What does the Cyber Security Policy mandate regarding outdated or obsolete cyber assets?

A phase-out plan must be defined, with secure disposal procedures in place

They must be discarded immediately upon reaching end-of-life

They should be repurposed for non-critical functions

No action is required until they are non-operational

What are the responsibilities of the ISD concerning inventory management as outlined in the regulations?

ISD must keep an updated inventory of IT and OT assets with network architecture documentation

ISD should manage physical assets only, excluding cyber assets

ISD should outsource inventory management to third parties

ISD should periodically update inventory every 5 years

In terms of incident reporting, within what timeframe must incidents involving cyber sabotage in Critical Systems be reported to CSIRT-Power?

Immediately, or within 24 hours

Only after a formal investigation is complete

What is the primary function of an Electronic Security Perimeter in the context of the Draft CEA Cyber Security Regulations?

To logically isolate networks connected to cyber systems of the power system

To define the physical boundary of critical assets

To facilitate controlled public access to critical systems

To manage vendor communications for IT systems

Which of the following is not a stipulated responsibility of CSIRT-Power?

Conducting financial audits for cybersecurity expenditures

Implementing Cyber Crisis Management Plans

Developing SOPs in consultation with CERT-In and NCIIPC

Sharing cyber threat intelligence within the power sector

What specific feature must firewalls used in critical systems include as per the draft regulations?

Capability to identify behavioral anomalies

A user-friendly interface for employee training

Integration with physical access systems

Auto-updates without administrator intervention

What is a Software Bill of Materials (SBOM), and why is it mandated in the draft regulations?

A list detailing supply chain components of software to ensure security

A cost estimate document for software procurement

An operational guide for system maintenance

A document outlining software vendor terms

What is the minimum required frequency for updating firmware and software in critical systems as per the regulations?

Quarterly, with digitally signed OEM patches only

Biannually, during audit periods

Only when vulnerabilities are discovered

What critical requirement is stipulated for all control and operation of power system elements?

Control must occur entirely within national boundaries

They must use public networks for efficient communication

Operators must have remote access capabilities at all times

Real-time operational data must be shared with international entities

What is the main purpose of the Cyber Supply Chain Risk Management (CSCRM) plan under the regulations?

To include cybersecurity requirements in outsourcing and NDA in SLA agreements

To identify budget constraints in the procurement process

To enhance vendor operational efficiency

To optimize delivery timelines of equipment

Which of the following represents the correct order of actions in a certification scheme?

Selection → Determination → Review → Decision → Certification

Selection → Determination → Decision → Review → Certification

Review → Selection → Certification → Determination → Decision

Certification → Selection → Decision → Review → Determination

What is explicitly prohibited regarding data related to grid operations?

Transferring real-time operational data across national borders

Sharing grid operational data with domestic entities

Using encrypted communication channels for data sharing

Storing operational data on cloud systems

Which entity is responsible for approving the Cyber Security Policy of a Responsible Entity?

Board of Directors of the Responsible Entity

What action must a Responsible Entity take if a CISO position becomes vacant?

Assign the role to the alternate CISO immediately

Suspend all cybersecurity operations until the role is filled

Leave the role vacant temporarily

Outsource the CISO responsibilities to a third-party consultant

Who is responsible for implementing the Cyber Crisis Management Plan (CCMP) in a Responsible Entity?

Chief Information Security Officer (CISO)

External cybersecurity consultants

What is a key characteristic of an Advanced Persistent Threat (APT)?

Persistent and covert operations over a long period

Immediate and large-scale impact on systems

Focus on financial gain through ransomware

Solely targeting end-user devices

What does the principle of "least privilege" entail in access control?

Assigning minimal permissions necessary for a user to perform their job

Allowing full access to senior employees regardless of their role

Periodically rotating user credentials to prevent breaches

Denying access to all users by default

What is the main purpose of a honey pot in cybersecurity?

To trap attackers and study their tactics without affecting actual systems

To secure critical data using encryption

To scan the network for vulnerabilities

To protect against Distributed Denial of Service (DDoS) attacks

Which of the following represents an example of a buffer overflow attack?

Overwriting adjacent memory locations due to excessive data input

Flooding a server with traffic to exhaust resources

Injecting malicious SQL queries into a database

Stealing session cookies for user impersonation

What is the primary difference between symmetric and asymmetric encryption?

Symmetric encryption uses one key for both encryption and decryption, while asymmetric uses a pair of keys

Symmetric encryption uses two keys, while asymmetric uses one key

Asymmetric encryption is faster than symmetric encryption

Asymmetric encryption is less secure than symmetric encryption

In the context of cybersecurity, what is a "zero-day" vulnerability?

A vulnerability unknown to the software vendor and unpatched at the time of exploitation

A vulnerability that is detected during system testing

A vulnerability exploited by attackers on the same day it is patched

A vulnerability introduced on the first day of system deployment

What does Multi-Factor Authentication (MFA) typically combine?

Something the user knows, something the user has, and something the user is

Encrypted data and session tokens

Which of the following is a characteristic of a polymorphic virus?

It modifies its code to avoid detection by antivirus software

It hides in the boot sector of a hard drive

It self-replicates without user interaction

It targets only specific file types like .exe files

Which of the following is an example of social engineering?

A person poses as IT support to obtain user credentials

A user clicks on a malicious email link that installs malware

An attacker exploits a software vulnerability

A network is flooded with traffic to cause a denial of service

Cyber Security Quiz

Authored by Nishant Mishra

Information Technology (IT)

Professional Development

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

55 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the role of the CISO according to the CEA Cyber Security Regulations 2024?

Monitoring physical security of facilities

Overseeing cyber security initiatives and reporting to the CEO

Managing financial aspects of the organization

Designing electrical infrastructure

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which document must be reviewed and approved by the board of an entity?

Cyber Crisis Management Plan (CCMP)

Employee Training Plan

Vendor Selection Protocol

Power Supply Audit

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

According to the draft regulations, who must complete cyber security training courses?

All employees of the entity

Only IT department personnel

Personnel operating IT and OT systems

Board members only

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

CSIRT-Power is primarily responsible for which of the following?

Financial auditing

Creating SOPs for incident response activities

Monitoring physical access to OT systems

Managing human resources

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The Cyber Security Policy of an entity must include which of the following elements?

Physical layout of facilities

Access control and vulnerability management processes

Budget allocation for each department

Supply chain logistics

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the minimum retention period for cybersecurity incident logs as per the regulations?

30 days

60 days

90 days

180 days

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which certificate should Responsible Entities acquire according to the draft regulations?

ISO/IEC 27001

ISO 9001

IEEE 1588

ANSI Z10

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

60 questions

Đề 4

Quiz

•

Professional Development

59 questions

AI sp1

Quiz

•

Professional Development

54 questions

Digital Overload and Professionalism Quiz

Quiz

•

Professional Development

50 questions

RSS Commerce

Quiz

•

Professional Development

60 questions

Common Quiz 04

Quiz

•

Professional Development

51 questions

MQBC 4

Quiz

•

Professional Development

60 questions

Information and Communication Technology Quiz

Quiz

•

Professional Development

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

22 questions

School Wide Vocab Group 1 Master

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Discover more resources for Information Technology (IT)

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

20 questions

NCAA Logo Quiz

Quiz

•

Professional Development

20 questions

Easter trivia

Quiz

•

12th Grade - Professi...

Cyber Security Quiz

What is the role of the CISO according to the CEA Cyber Security Regulations 2024?

Which document must be reviewed and approved by the board of an entity?

According to the draft regulations, who must complete cyber security training courses?

CSIRT-Power is primarily responsible for which of the following?

The Cyber Security Policy of an entity must include which of the following elements?

What is the minimum retention period for cybersecurity incident logs as per the regulations?

Which certificate should Responsible Entities acquire according to the draft regulations?

The draft regulations require vendors to provide a Software Bill of Materials for what purpose?

What should the Cyber Security Policy address in terms of data protection?

According to the draft, how frequently should an IT system cyber security audit occur?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)