IT Journey

Wednesday, May 15, 2024

Incident Repsonse Planning

1. Network segregation and isolation procedures should be part of the CSIRT expertiences to:? Pick two reasons

a. Whether to reset password or rapidly recreate account

b. Procedures and criteria for when to clean vs. rebuild

c. Host OS (and Application) rebuild procedures

d. Isolate HVAs from other end points in the production environment (such as compromised workstations and servers), if feasible

e.Block attacker C2 channels at internet egress points

2. Of of five core functions defined in NIST CSF, where would security monitoring fall?

a.Detect

b.Identify

c.Protect

d.Respond

3. To successfully respond to incidents, you must: (Choose two)

a.Minimize risks

b.Notify your legal department

c.Fire the CISO

d.Minimize the number and severity of security incidents

4. When documenting a security incident it is recommended to: (Choose two)

a.Wait till the incident is being reviewed to document it

b.Write up the report by hand in a note book

c.move fast to stop the intruder

d.Make sure to include dates and times

5. If you do not have a robust incident response plan, you should what?

a.Set firm plans to update your incident response plan

b.Treat each event as an incident

c.Search the Internet for a plan you can use

d.Panic

6. An what is a system occurrence that could happen regularly or due to hardware or software malfunction, not necessarily caused by a security compromise

a.Bug

b.Event

c.Activity

d.Incident

7. Performing password resets and C2 channel blocking alone is ineffective without also detecting and removing attacker malware from hosts True or Flase?

a.True

b.False

8. It is possible to stop a hacker attack by removing your systems from the network. You have stopped the attack, but you have essentially done a denial of service attack on yourself. In this case you have taken the wrong steps. what prinicple have you violated?

a.Be Accurate

b.Do no harm

c.Keep calm

d.Implement the response plan

9. A successful CSIRT team consists of several key members Pick three

a.Incident Lead

b.Lead from Legal

c.Sales team

d.External partners

e.Departmental managers

10. In NIST SP 800-61 it recommends four caegories of Incident Serverity(Choose two)

a.Very Low

b.Low

c.Very High

d.None

11. Your companies security incident has been mitigated, to prevent it from happening again, you need to understand what actually happened.

a.The best process to investigate the how, what, when, and why of th eincident is what?

b.Implement Azrue Security Center

c.Post-incident review

d.Review the Pre-incident system status

e.Wait for the security consultants to share their report

12. It is NOT recommendedto try to determine who attacked. NIST in their Computer Security Incident Handling Guide states “Identifying and attacking host can be a time-consuming and futile process that can prevent a team from achieving its primary goal". What should be your primary goal?

a.Notify the government

b.Minimizing the business impact

c.Restoring from backups

d.Enabling two factor authentication

13. Two-thirds of survey respondents ranked cybersecurity as a top five risk management priority, but only x% expressed high confidence in their organization’s ability to manage and respond to a cyber event.What percentage of the surveyed companies had high confidence in their ability to response to a cyber event?

a.35

b.19

c.10

d.3

14. Of of five core functions defined in NIST CSF, where would managment of GDPR fall?

a.Respond

b.Protect

c.Detect

d.Identify

Tuesday, May 7, 2024

Curl Commands

1) Curl Command to download the data from a internet site.

curl -O https://testserver.com.au/file.zip

sometimes if secure option is enabled it will not allow to download the file. We may get error

curl failed the legitimacy of the server and therefore could not establish a secure connection to it. so to fix this we use -k option.

curl -k -O https://testserver.com.au/file.zip

2) to check curl version, below command will be used

curl --version

3) To download the files from Mainframe we can use curl command. First we need to configure netrc file which contains user name and password to connect mainframe file.

curl -netrc --ftp-ssl --use-ascii ftp://mainframeserver.com/"'AB.G.C'" -o /var/opt/sw/Files/output.dat

4) To upload the files to Mainframe we can use curl command. First we need to configure netrc file which contains user name and password to connect mainframe file.

curl -netrc --ftp-ssl --use-ascii -quote "site RDW LRECL=200 RECFM=FB CYLINDERS PRIMARY=4000 SECONDARY=400" --upload-file /var/opt/sw/Files/output.dat ftp://mainframeserver.com/"'AB.G.C'"

5) Curl Command to use verbose mode a internet site.

curl -verbose -O https://testserver.com.au/file.zip

6)Curl Command to use ntlm for download file and place in specific directory

curl -k -ntlm -netrc https://testserver.com.au/file.zip -o /var/opt/sw/Files/output.dat

orapki utility commands

1) Create a wallet using below command

orapki wallet create -wallet client_wallet -auto_login -pwd "wallet password"

2) change permission for wallet

chmod 664 ewallet.p12

chmod 664 cwallet.sso

3) Convert jks file into wallet

orapki wallet jks_to_pcks12 -wallet client_wallet -pwd "wallet password" -keystore key.jks -jkspwd "wallet password"

3) Add Trust certificate into exisitng wallet

orapki wallet add -wallet "walletlocation" -pwd "wallet password" -trusted_cert -cert "certificatename.crt"

4) To display the certificates in wallet. Summary option means it will display onlycertificate details.

orapki wallet display -wallet "walletlocation" -pwd "wallet password" -summary

4) To display the certificates in wallet. Complete option means it will display complete certificate details.

orapki wallet display -wallet "walletlocation" -pwd "wallet password" -complete

5) To Remove the certificate from wallet

ikeycmd commands for kdb database files

1) Below command will display certificate details like expiry date in the kdb file keystore.kdb

ikeycmd -cert -details -label "Certificate name in KDB" -db keystore.kdb -pw "password of kdb file"

2) Below command will display list of certificates in kdb file

ikeycmd -cert -list -db keystore.kdb -pw "password of kdb file"

3) Below command will display ca certificates in kdb file

ikeycmd -cert -list ca -db keystore.kdb -pw "password of kdb file"

4) Below command will display personal certificates in kdb file

ikeycmd -cert -list personal -db keystore.kdb -pw "password of kdb file"

5) Below command will validate given certificate in kdb file

ikeycmd -cert -validate -label "Certificate name we need to validate in KDB file" -db keystore.kdb -pw "password of kdb file"

6) Below command will display the default certificate in kdb file

ikeycmd -cert -getdefault -db keystore.kdb -pw "password of kdb file"

7) Below command will set the default certificate in kdb file. This will help to set default personal certificate if there are multiple certificates

ikeycmd -cert -setdefault -db keystore.kdb -label "personal certificate name in KDB file" -pw "password of kdb file"

8) Below command will import certificate into kdb file.

ikeycmd -cert -import -file "Certificate file" -pw "password of the certificate file" -type pkcs12 -label "personal certificate name to be in KDB file"

-target_pw "password of kdb file" -target_type CMS

9) Below command will help to delete certificate from kdb file.

ikeycmd -cert -delete -label "Certificate name we need to delete from KDB file" -db keystore.kdb -pw "password of kdb file"

10) Below command will display expiry of ca certificate from kdb file

ikeycmd -cert -list ca -db keystore.kdb -pw "password of kdb file" -expiry

11) Below command will add the certificate to the exisitng kdb file

ikeycmd -cert -add -file "Filename.crt" -db keystore.kdb -pw "password of kdb file"

Sunday, May 5, 2024

Incident Planning Response

1. Which law or regulation requires government agencies and other organizations that operate systems on behalf of government agencies to create an incident response plan?

Ans : FISMA (Federal Information Security Management Act of 2002)

2. You are working as a cybersecurity analyst in a Security Operations Center. You received an alert from your SIEM that a workstation might be infected with a piece of malware. Which phase of the incident response lifecycle would you be in when this occurs?

Ans : Detection and Analysis

3. Which of the following NIST Special Publications is titled as the Computer Security Incident Handling Guide?

Ans : SP 800-61

4. Which of these is included in a policy?

Ans : objectives

5. Which of these is included in a plan?

Ans : measurements and metrics

6. Which of these is included in a procedure?

Ans : forms

7. Which structure would allow an organization to hire a managed security service provider (MSSP) to conduct their 24/7 monitoring but would still rely on the organization’s own employees to conduct an incident response if a serious breach was detected?

Ans : a partially outsourced model

8. Which role is responsible for the overall success or failure of the technical portions of an incident response?

Ans : team leader

9. Which incident response team member is primarily focused on the creation of an event timeline to show what occurred leading up to the incident?

Ans: forensic analyst

10. Which organization type require an incident responder to send an information request through their manager prior to sending it to an analyst in the human resources department?

Ans : a vertical organization

11. One of your incident response team members is planning to attend the BlackHat information security conference next month and wants to exchange some of the lessons learned from your organization’s latest incident response efforts with a forensic analyst they know at another company. Which type of coordinating relationship best describes this information exchange?

Ans : team to team

12. Which of these is not considered an indicator that could be used during your technical analysis?

Ans : news articles about an incident

13. Which of these is a consideration when asking contract personnel to come in after working hours for an incident, but is not a major consideration when dealing with your own organizational employees?

Ans : incurring additional labor coverages and costs

14. Which type of technical resource could be used to identify if a Windows system file has been modified?

Ans : cryptographic hash

15. Which of these is not considered a method of preventing future incidents?

Ans : Remove a Remote Access Trojan from the organization’s server.

16. Which attack vector would be used to properly categorize a password spraying attack?

Ans : attrition-based

17. Which type of indicator of compromise would best represent the vulnerability and exploit data contained within the Common Vulnerabilities and Exposures database?

Ans : public information

18. Which of these is a prioritization category that is used to measure the effect on the confidentiality, integrity, or availability of an organization’s network or servers?

Ans : information impact

19. Which containment strategy involves disconnecting an infected host from the network to prevent the spread of malware?

Ans : isolation

20. Based on the order of volatility, which type of evidence should be collected first?

Ans : swap files

21. Which of these is not considered a recovery action during an incident response?

Ans : Collect evidence from the affected system.

22. When creating your evidence retention policy, which factor would prevent you from retaining data and evidence for an indefinite amount of time?

Ans : the size of the organization’s budget for data retention

23. What is the most important thing to do during a "Lessons Learned" workshop to get valuable feedback from everyone?

Ans : Avoid assigning blame to anyone.

24. Which of these is not a typical measure or metric collected by the incident handling and incident response team?

Ans : average salary of your incident responders

Saturday, May 4, 2024

Service Management Question and Answers

1. A company is delivering 'Platform (X)' as service of the customer . Who should define the platform as provisioning process and interface protocols?
a. Platform team lead
b. Service manager
c. Service delivery manager
d. Service manager in consultation with consumers, Platform team lead, and service delivery manager.

2. What best explains relationship between incident management and change management?
a. Failed changes cause incidents and failed incident lead to changes
b. Incidents may be caused due to changes and changes may be raised to solve incidents
c. Changes must be cause incidents and changes must be raised to resolve incidents
d. There is no relationship between incident and changes.

3. What are the characterisitcs of facts when determining root cause ?
a. Facts should be non tamperable
      b. Facts are visisble
c. Both Option 1 and Option 2
d. Facts can vary based on individual thinking

4. Under which type of policy does the statement belong to "technology service owner review the root cause for problem record" ?
a. Entitlement policy
b. Organization policy
c. Escalation and communication protocol
d. Emotional quotient

5. When evaluating the root cause, we need to ensure that the quality of the root cause should contain
a. At least task control failures
b. Mandatory Organization control failures
c. At least reason for component failures
d. At least management control failures

6. One of the significant challenges observed during the deployment phase of change is
a. Better alignment of IT service to actual business needs
b. Lack of ownership of impacted service
c. Lack of visibility of communication of changes
d. Time spent in getting changes approved.

7. Which of the following is not valid change type ?
a. Normal Change
b. Random Change
c. Emergency Change
d. Standard Change

8. Which of the following artefacts should be considered FIRST during any process practice or procedure definition?
a. Education and communication protocols
b. Service level agreements
c. Criteria and Interface protocols
d. RACI and work flows

9. Which of the following questions and should be asked first when starting to resolve a incident ?
a. What is the priority of the incident
b. Who are the impacted users
c. What is the start time of the incident
d. What is the impact

10. Too many problems has been closed as "root cause not found". What is the best course of action to be taken and by whom?
a. Tower Lead - review vendor contract agreement
b. Problem manager - have a review with team.
c. Team member - under go training on problem management techniques training
d. Service delivery manager - understand the risk of problems with unknown root cause in the environment

11. A large number of problems piled up in a Company queue pending RCA completion. Most of them are awaiting customer response for more than 90 days. What should be your approach?
a. As they are vendor dependent, we do not lose on SLA credit. Ignore them.
b. As the incident have not reoccured for 90 days, take a blanket approval from customer to close all incidents at once.
c. Request customer to corodinate with vendor as vendor owns the contract.
d. SDM creates a technology and operations risk register and evaluates the risk of the open problem records with the customer.

12. Which of the following parameters is NOT a factor for evaluating risk of change ?
a. Capability of team deploying the change
b. Frequency of change
c. Deployment mehtodology adapted
d. Components undergoing change

13. Similar password reset requests are taking 40 minutes to 8 hours to resolve for a customer. The SLA for such requests is 16 hours, What approach should the service manager take?
a. Determine and address the root cause of the variation.
b. Do nothing as SLAs are not impacted
c. Establish standard operating procedure for password reset
d. Automate password reset task as it is routine task

14. Team lead found that too many problems has been closed by this team as "root cause not found". Upon the enquiry he understood that old problem records that are being closed as root cause not found becuase his team does not have bandwidth to perform root cause. As team lead what should he do ?
a. Inform tower lead not to close problem record.
b. Seek advise from the problem manager - have review with the team.
c. Convey the information to customer on behalf of his team.
d. Connect with service delivery manager - understand the risk of problems with unknown root cause in the environment.

15. New team members are joining the project. Who should take care of training them on the customer specific operational processes. ?
a. module/ tower leads
b. service management team.
c. project management office of the account.
d. customer

16. The resolving team is complaining about delays from earlier teams in routing incidents. As a result they are unable to resolve incident in a timely manner.What would be your advise as a consultant ?
a. Create audit log entries for activites performed and generate reports on audit log timestamp.
b. Give resolver teams SLA credit
c. Site the limitations of the tools and live with the problems
d. requests teams to create a new incident each time the issue escalted to new technical team.

17. Which of the following must be dominant attitude of support staff when resolving incidents ?
a. Control bound decision making
b. Risk based decision making
c. Fact based decision making
d. Time bound decision making

18. A KEDB Record and SOP document were created after major incident to guide the team in future. if similar case re-occured. The team successfully followed the SOP 40 similar instamces however on one instance was missed which lead an outage of 24 hours. Should we perform the root cause ?
a. No it is a single instance, ignore it.
b. Yes, understand what caused the SOP execution failure.
c. Yes, redocument the known error.
d. No, as the known error is already documented.

19. To facilitate early releases, quality standards can be reduced to save time. Choose the correct option?
a. Products must be delivered to highest quality hence there should not be any compromise on quality.
b. We need to ensure that products are launched as per the commited dates and hence quality can be compromised.
c. Risk must be thoroughly evaluated and balanced business risk decision must be taken in alignment with business objectives
d. Deploy the changes and incases of any issues immediately redeployed the tested code after 5 days.

20. what is the first step of continual process improvement ?
a. Develop plan for improvement.
b. Review process guides
c. Confirm what is the vision.
d. Assess where you are.

21. VIP user to make changes to the live network firewall. How should support team proceed for with the change?
a. Raise a change record and follow complete approval process before implementing the network firewall change.
b. Raise a change request for the purpose of documentation only.
c. Change request need not to be raised.
d. As the request is from the VIP user, implement the request without approval process.

22. Some of the adhoc tasks performed by the change manager are ?
a. Identifying the change process improvement
b. Publishing change notifications during the deployment.
c. Hosting CAB meetings
d. Identifying the standard changes.

23. What should be the default practise for "failed changes" in an ideal world ?
a. Retain for fix later
b. Rollback full change
c. Fix forward
d. Rollback failed components

24. Where detailed design of process specific service level agreement (SLA) should be documented ?
a. In respective process guide reference and understandable
b. service level management process guide
c. in document as said by customer

25. What is the bare minimum requirements to be considered while defining a process ?
a. SOX
b. GDPR
c. Law of Land
d. ITIL best practices

Friday, May 3, 2024

Transition Management Question and Answers

1) Transition sets the benchmark by which the client provider relationship is initially measured.

True

False

2) Successful transitions result in better business outcomes only for the Enterprise (Customer) and not to the provider in the long run.

False

True

3) Well-executed transition enables customers to unlock value from outsourcing initiative in quickest possible time.

True

False

4) Transition does not estimate the costs, timing, resources and risks associated with a service.

True

False

5) Transition is new or changed service that satisfies the needs of the customer.

True

False

6) A hostile transition in IT can be defined as when you take over knowledge from another external provider and then in a second step, the responsibility to deliver the work is transferred to us.

True

False

7) Which of the below statement defines the Knowledge Acquisition phase of the Transition?

Understand the existing environment,process ,service scope

Hands on experince with actual env with limited scope

Handle the services in scope with minimal to no support

Satbilizes the environment and try to achieve the target SLAs/KPIs

Provide service independently to SLA and strive for continous improvement

8) Which of the below statement defines the Secondary Support of the Transition?

Understand the existing environment,process ,service scope

Hands on experince with actual env with limited scope

Handle the services in scope with minimal to no support

Satbilizes the environment and try to achieve the target SLAs/KPIs

Provide service independently to SLA and strive for continous improvement

9) Which of the below statement defines the Primary Support phase of the Transition?

Understand the existing environment,process ,service scope

Hands on experince with actual env with limited scope

Handle the services in scope with minimal to no support

Satbilizes the environment and try to achieve the target SLAs/KPIs

Provide service independently to SLA and strive for continous improvement

10) Which of the below statement defines the Stabilization phase of the Transition?

Understand the existing environment,process ,service scope

Hands on experince with actual env with limited scope

Handle the services in scope with minimal to no support

Satbilizes the environment and try to achieve the target SLAs/KPIs

Provide service independently to SLA and strive for continous improvement

11) Which of the below statement defines the Steady phase of the Transition?

Understand the existing environment,process ,service scope

Hands on experince with actual env with limited scope

Handle the services in scope with minimal to no support

Satbilizes the environment and try to achieve the target SLAs/KPIs

Provide service independently to SLA and strive for continous improvement

12) Which of the below tools/applications is used to create and maintain the transition plan?

Service Acquisition Manager (SAM) & Microsoft Project Plan (MPP )

Microsoft Project Plan (MPP )

Service Acquisition Manager (SAM)

None

13) Which of the below features are present in the SAM tool? -- All

I. Plan and Track the Transition

II. Import/Export Reports

III. Task Dependency Mapping

IV. Milestone Alerts/Report Scheduler

14) Which of the below transition scenarios aligns with scale and complexity?

Transition from mutiple Geographies for DC

15) Which of the below tools/applications is a one-stop shop which provides the details of the past and present transitions?

Transition Program Log (TPL)

Contractual Commitments Risk Tracker (CCRT)

Service Acquisition Manager (SAM)

Microsoft Project Plan (MPP )

16) Staff Attrition is a key element during the transition from the in-house customer team.

True

False

17) Personal development and team management is the responsibility of Transition Lead, Manager and Director.

True

False

18) Transparency to the customer helps in successful transition.

True

False

19) Team Building exercise within Company and Client Associates is one of the best practices during the transition.

True

False

20) Which of these are not the focus areas of Transition?

Automation

21) Which one of the below option is related to Rigor in Transition (RIT)?

Ensure that all exisitng operational tools and processes are transitionioned and details are documented

22) Quality gates and Acceptance criteria are not related to each other.

False

True

23) Toll Gates are applicable for all the phases of Transition.

True

False

24) Which one of the below Acceptance criteria is related to Pre Secondary Support Quality gate?

RAID Log

25) What is the possible mitigation plan when there is a delay in getting the ODC and network connectivity during the transition?

connect through alternative vpn

26) Transition Governance/Review takes place in 3 levels to achieve smooth and risk free transition.

True

False

Concepts

------------

ETVX Model and Phases - Entry,Task, validation, exit

Transitional plannin (ETVX) -- First Phase

Knowledge Acquisition (ETVX) -- Second Phase

Secondary Support (ETVX) Third Phase

Primary Support (ETVX) Fourth Phase

Stabilization (ETVX) Fifth Phase

Steady State (ETVX) Fifth Phase

The following tools and applications will be used during a transition:

Service Acquisition Manager (SAM) -- Plan and track, Reports, Import/ Export, Trackers, Acceptance Criteria and Dependecies, Task Dependecies feature, Report Scheduler

Microsoft Project Plan (MPP ) -- Task administration, resource management, Transition scheduling and tracking , Reporting

Phases : startup, Initition, transition execution, closing the transition

Task administration -- Task, summary task, milestone administration

Contractual Commitments Risk Tracker (CCRT) --

Contract Commitment Tracker is a very useful asset that helps the engagements to track the commitment clauses, specified in the customer contracts, MSAs, SOWs and so on. This tracker enables the project to capture the commitment against the following parameters, apart from other additional commitments.

Transition Program Log (TPL) --

Focus areas in transition management

Planning and Goveranance

Oboarding and resource rampup

Execution

Trnasperancy

Process Quality

Knowledge Quality

Risk and Issues Management

SLA Report Development

Third-Party Contracts

Delivery Readliness and OCM

Tools Integration

Security and Complaince

Transition best practices

Customer Focus

Process Focus

People Focus

Automation and Enablers

Reponsibilites and keyfactors For sucessful transitions

Transition Lead

Transition Manager

Transition Director

Monday, April 29, 2024

Keytool Commands

which keytool
The will display the default keytool path.

1) keytool -list -cacerts
This will show cacerts in the server.

2) keytool -list -keystore cacerts

This will show keystore file. It will prompt for keystore password. You need to provide the password for keystore.

3) keytool --v list -keystore cacerts -storepassword "password"

This will show the certificate in verbose mode.

4) keytool --importcert -trustcacerts -noprompt -file "certificatename.cer" -cacerts -alias "certificatelabelname" -storepass "password of the file"
This will import the certificate into cacerts

5) keytool --importkeystore -srckeystore "file.pfx" -srcstoretype pkcs12 -destkeystore "file.jks"-deststoretype JKS -srcstorepass "source keystore password" -deststorepass "destination key store password"
This will import pcks12 certificate that contains root and intermediate into jks format.

5) keytool --importcert -alias "certificatename in targetfile" -file "file.crt" -keystore "file.jks" -storepass "password of store key password"
This will import new ca certificate into the jks file.

6) keytool -printcert -file certificate.crt

This will print the certificate of the file with certificate name , its validitiy and finger print.

7) keytool -showinfo -tls

This will show the TLS version of the environment and chipers available in this.

8) keytool -v -list -cacerts -alias "certificatename"

This will show the alias certificate name.

9) keytool -list -keystore -storetype pkcs12 -storepass "keystore password"

This will show the keystore in the server.

10) keytool -import -trustcacerts -alias "certificate alias name "-file C:\temp\mdeCert.cer -keystore cacerts

This will import the certificate into keystore

11. keytool -v -list -keystore wallet.p12

This command will show the certificate in pcks12 format

12. keytool -changealias -keystore keystore.jks -alias 'old name' -destalias 'new aliasname'

This command will help to change alias for the certificate names.

13. To delete the certificate from key store

keytool -delete -alias "alias name" -keystore keystore.jks

Sunday, April 28, 2024

CopyRight Question and Answers

1. Where is the indian copyright offices located in india ?

a. New Delhi
b. Kolkata
c. Chennai
d. Mumbai
e. Bengaluru

2. We can get the following freedom using copy left ?
a. The freedom to use the work.
b. The freedom to study the work.
c. The freedom to copy the work.
d. The freedom to modify the work.
e. The freedom to share the work with others.

3. What is Copyleft?
a. The exclusive and assignable legal right, given to the originator for fixed number of years, prior to print, publish, perform, film
b. Copyleft is a form of licensing and can be used to maintain copyright conditions for works such as computer software, document
c. The exclusive and assignable legal right, given to the originator to indefinite period.
d. The exclusive right given to person to copy a document, musical work or artistic material.
e. The exclusive right to use a third party software for a certain number of years.

4. Following types of remedies are available for copyright infringement?
a. Civil Remedy
b. Criminal Remedy
c. Quasi-civil remedy
d. Both (1) & (2)
e. None of these

5. Identify the correct statements ?

a. Copyrighted work must be fixed in tangible form of expression

b. Derivative work is known as related right, not copyright

c. Motion pictures and sound recordings cannot be protected under copyright

d. Universal Copyright Convention (UCC) and Berne Convention are the two principal international conventions related to copyright.

e. A copyright gives the owner full and exclusive rights on the work.

6. Can i stop others from using my program under the terms of GPL ?

a. Yes

b. No

c. Yes, if my competitor stop paying the annual license fee.

d. Yes, Once the license get terminated.

e. Yes, once the license get renewal.

7. How does a copyright protected work arrive in public domain ?

a. Copyright has expired.

b. Copyright owner has failed to follow copyright renewal rules (US).

c. Copyright owner deliberately places it in the public domain, known as "dedication".

d. Copyright law does not protect type of work.

e. As per the directive of deputy register of copyright office.

8. Identify the correct statements ? (all wrong)

a. The Berne Convention, says that as soon as you write, the work you create is not automatically copyrighted by copy

b. A copyright gives the owner full exclusive rights on the work as copyright owner, you may state that nobody is

c. Freeware is a software that is made available to the public free.

d. Shareware is a system of marketing software at no change on a trail basis. Later user may need to pay.

e. Open source does not necessarily mean free-to-use. Restriction may apply such as attribution, modification and redistricbute

9. Can you restrict people from using the Open Source licensed program ?

a. Yes, because as it is open source, I can put my terms

b. No

c. Yes, under my defined terms and conditions

d. If OSI (Open Source Initiative ) and FSF (Free software foundations) approve.

e. Yes, without any terms and conditions.

10 What are the characteristics of a free & Open Source Software License?

a. The freedom to run the program for any purpose

b. The freedom to change and modify the program

c. The freedom to copy and share the program

d. The freedom to share improved versions of the program

e. None of these

11. What are incorrect statements ?

a. CopyRight law protects shorts phrases like "make my day".

b. Shareware is a system of marketing software at no charge on trail basis, later user may need to pay.

c. Freeware is a software that is made available to the public for free.

d. CopyRight protection covers facts, ideas, or theories.

e. exclusive gifts on the work.

12. What is the span of CopyRight in India ?

a. Life of author + 40 years

b. Life of author + 60 years

c. Life of author + 70 years

d. Life of author + 90 years

e. Life of author + 20 years

13. Identify the incorrect statements ?

a. Images available in public domain also protected under copyright law. Such work cannot be used without permission.

b. Plagairsm is an act of fraud. It invloves using someone's work and presenting and maintaining as its one's own.

c. When copying from public domain, user should not be careful to avoid plagarism.

d. CopyRight infringement does not occur when someone other than copyright holder copies the "ëxpression" of work.

e. CopyRight infringement may occur if infringing work is "substancially similar" to the copyrighted work.

14. Can you write propietary code that links to a open source shared library?

a. Maybe, Provided Open Source license allows it.

b. No -- wrong

c. Yes

d. Maybe, if Open Source license comes under GPL.

e. Maybe, if Open Source license comes under LGPL.

Friday, April 26, 2024

IP Patent Question and Answers

1. Activites involved in certain interoperability standardisation works would be considered as ------------
a. an IP risk
b. a corporate risk
c. a IP threat
d. an IP vulnerability
e. an IP Infringement

2. What is IP risk tolerance ?
a. Perceived impact on the organization's IP and eventually to business due to IP threat.
b. It is the quantam of type of IP-risk an organization is willing to take in order to meet its strategic objectives.
c. Event/Cicrumstance pertaining to intellectual property with potential to adversely impact the organization.
d. Acceptable level of variation of quantam of type of risk an organization can accept or avoid
e. weakness or gap that exposes the organization to IP threat.

3. what are typical impact criteria of IP risk?
a. loss of business and financial value.
b. Damage to reputation
c. Exposure to punitive damages
d. Disruption of plans and deadlines
e. none of the above

4. How the IP vulnerability due to "Inadequate or no FTO analysis prior to product launch or gap between FTO analysis and product release" can be mitigated?
a. conduct FTO analysis to every product release
b. conduct Landscape analysis in early stages or product release.
c. Migrate non-FTO analysed customer-deployed version to an FTO analysed version.
d. Ensure IP safety complaince before commercialization of any company assest.
e. Conduct Landscape analysis in final stages of product release.

5. Intellectual property risk management is not a process of identifying, analysing and responding to risk factors related to IP throughout the life of an IP right?
a. True
b. False

6. The organizations which are continously harnessing intellectual property for competitive advantage & market share are also exposed to significant risks emananting from within the organization?
a. True
b. False

7. What is IP Risk ?
a. Risk associated with any knowledge artifacts or an organization
b. Risk associated with any intangilble assests of an organization
c. Risk associated with patents, copyrights, trademarks, trade secrets.
d. Risk associated with products & platforms, solution, concepts, POC/PoT, Frameworks, Components -- Answer
e. Risk associated with software products only

8. What do you mean by IP threat ?
a. Perceived impact on the organization's IP and eventually to business due to IP threat.
b. It is the quantam of type of IP-risk an organization is willing to take in order to meet its strategic objectives.
c. Event/Cicrumstance pertaining to intellectual property with potential to adversely impact the organization.
d. Acceptable level of variation of quantam of type of risk an organization can accept or avoid
e. weakness or gap that exposes the organization to IP threat.

9. Where do IP related risks originate ?
a. Within the organization itself
b. Government entities
c. Independent 3rd parties
d. Illegal entities
e. None of the above

10. Identify the correct statements?
a. Intellectual property Risk Management is a process of identifying, analyzing and responding to risk factors related to IP through out the life of an IP right
b. Intellectual property Risk Management is a process of analyzing exposure to risk and determine how best to handle such exposure
c. IP Risk Management would analyze the business impact for any specific IP threat considering the likelihood of occurrence as well as IP risk Tolerance of a business
d. IP Risk profiling would be performed to identify IP threats & vulnerabilites as well as to nail down the consequence on IP for any specific threat and correspondinng
e. Proper risk management implies control of possible future events and is proactive rather than reactive.

11. Which of the following are IP related threats ?
a. Employees stealing IP from the company
b. Embracing open source software
c. Trade secrets not being propely managed
d. The publishing activities of the business
e. Trademark disputes with 3rd parties

12. A risk register is
a. A description of the IP threat
b. A documented record of the identified risks, their significance or rating, and how they are managed or treated
c. An assessment of IP risk tolerance of a specific OU based on current or existing controls as well as business priority.
d. Any progress updates as the treatments are implemented
e. A register which contains all the future business risk details of an organization.

13. What do you mean by IP vulenability ?
a. Perceived impact on the organization's IP and eventually to business due to IP threat.
   b. It is the quantam of type of IP-risk an organization is willing to take in order to meet its strategic objectives.
   c. Event/Cicrumstance pertaining to intellectual property with potential to adversely impact the organization.
   d. Acceptable level of variation of quantam of type of risk an organization can accept or avoid
   e. weakness or gap that exposes the organization to IP threat.

14. What do you mean by Risk Appetite ?
a. Perceived impact on the organization's IP and eventually to business due to IP threat.
b. It is the quantam of type of IP-risk an organization is willing to take in order to meet its strategic objectives.
c. Event/Cicrumstance pertaining to intellectual property with potential to adversely impact the organization.
d. Acceptable level of variation of quantam of type of risk an organization can accept or avoid
e. weakness or gap that exposes the organization to IP threat.