- How can access be controlled on a logical level in an organization?
- How can you prevent a CSRF attack as a cybersecurity analyst
- What will you do as an auditor if you find that employees of an airlines are storing customer card details on word or notepad.
- What is the right approach towards a Risk Assessment, tell me the chronology
- Telnet should be disabled as it can be vulnerable, but if an organisation has to use it for business requirements then what can you do.
- What protocols run at the Application Layer.
- What are the steps in which you as a Digital Forensic expert you will practise at a crime scene where you have gone to investigate.
- How do you identify the scope of an audit? What makes you conclude what can and what cannot be included in a ISO/PCI audit
- What are the possible risks if you are going to audit a vendor who is about to set up a data centre. What are the things you will look out for.
- If IRCTC is collecting your Card Data for making payments, should IRCTC be PCI DSS compliant.
- What open source softwares can you use to recover deleted data?
- As an auditor if a client is not using firewalls, so what other mechanisms should be there in place to safeguard them from cyber attacks
- Is it mandatory for all organizations to be ISO certified?
- How can you ensure that Segregation of Duties is being implemented in the organization.
- What is your basic understanding of ‘cloud’?
- Which jurisdiction would be applicable if you store data on Cloud?
- Why is ISO 27001:2013 numbered like that?
- What is a firewall?
- How do you determine the scope of ISMS with respect to ISO 27001:2013?
- How do you determine the scope of PIMS with respect to ISO 27701:2019?
- What is Change Management process? Why is approval required in the change management process before applying the changes?
- What is patch management? What are different ways through which patch management can be done in an organisation?
- Why is segregation of duties important in ISMS or PIMS?
- What is the difference between right to be forgotten and right to erasure?
- Is US-EU Privacy shield still in place and valid?
- Difference between personal and sensitive personal data?
- What is the definition of critical personal data under Indian law?
- Is right to privacy a vertical or horizontal right under the Indian
- What is the complaint adjudication system under the present IT Act?
- Does the data protection authority work I capacity of civil court?
- Is surveillance guided by the Indian bill?
- Do you think the Indian bill offers enough protection with respect to child data?
- Is financial data sensitive data under GDPR?
- What are consent managers?
- Difference between anonymization and pseudonymization?
- Is Facebook a processor or a controller?
- Is imprisonment a punishment under the Indian bill?
- Is governing non-personal data under the same bill a good idea?
- How do other legislations govern non-personal data?