Hacking definition

Question 1

PYQ 1.0 marks

What is the punishment prescribed under Section 66C of the Information Technology Act, 2000 for identity theft?

A Imprisonment up to 2 years and fine up to Rs. 50,000 B Imprisonment up to 3 years and/or fine up to Rs. 1 lakh C Imprisonment up to 5 years and fine up to Rs. 10 lakh D Imprisonment up to 1 year and fine up to Rs. 25,000

Why: Section 66C of the Information Technology Act, 2000 specifically deals with identity theft, which occurs when someone fraudulently or dishonestly uses another person's electronic signature, password, or any other unique identification feature. The punishment prescribed under this section is imprisonment for a term which may extend up to three years and a fine which may extend to 1 lakh rupees. This provision was introduced to address the misuse of digital identities in the growing domain of cyberspace. Option B correctly states the prescribed punishment.

Question 2

PYQ 1.0 marks

Under the Information Technology Act, 2000, what is the punishment for stealing computer documents, assets or software source code from any organization or individual?

A 1 year imprisonment and Rs. 100,000 fine B 2 years imprisonment and Rs. 250,000 fine C 3 years imprisonment and Rs. 500,000 fine D 5 years imprisonment and Rs. 1,000,000 fine

Why: According to the Information Technology Act, 2000, the punishment for stealing computer documents, assets or any software's source code from any organization, individual, or from any other means is 3 years of imprisonment and a fine of Rs. 500,000. This provision protects intellectual property and confidential information stored in digital format. The punishment is designed to deter unauthorized access and theft of valuable digital assets.

Question 3

PYQ 1.0 marks

When did the Information Technology Act, 2000 come into force?

A 17th October 1999 B 17th October 2000 C 1st January 2001 D 1st April 2000

Why: The Information Technology Act, 2000 came into force on 17th October 2000. This date marks the official implementation of India's comprehensive legislation on information technology, digital signatures, and cyber offences. The Act was passed by the Indian Parliament and became effective on this date, establishing the legal framework for regulating electronic commerce, digital signatures, and cyber crimes in India.

Question 4

PYQ 1.0 marks

To which geographical areas does the Information Technology Act, 2000 apply?

A Only within India B Only within India except Jammu and Kashmir C In India and outside India by any person D Only in metropolitan areas of India

Why: The Information Technology Act, 2000 applies to offences committed in India and outside India by any person. This extraterritorial application means that the Act can be invoked against individuals who commit cyber offences targeting Indian citizens or systems, even if the offence is committed from outside India. This provision ensures that the Act has broad applicability and can address cyber crimes that cross geographical boundaries.

Question 5

PYQ 1.0 marks

What is the maximum compensation that can be imposed under the Information Technology Act, 2000 for unauthorized access or damage to computer systems?

A Up to Rs. 10 lakh B Up to Rs. 50 lakh C Up to Rs. 1 crore D Up to Rs. 5 crore

Why: According to the Information Technology Act, 2000, damages of up to 1 crore rupees can be imposed for unauthorized access or damage to computer systems. This provision establishes significant financial liability for individuals or organizations that engage in unauthorized access to computer resources or cause damage to computer systems. The compensation amount reflects the potential harm and loss that can result from cyber crimes and unauthorized access to critical computer infrastructure.

Question 6

PYQ 1.0 marks

Which section of the Information Technology Act, 2000 deals with unauthorized access to computer systems?

A Section 43 B Section 66 C Section 65 D Section 68

Why: Section 66 of the Information Technology Act, 2000 covers computer-related offenses such as unauthorized access or identity theft. This section specifically addresses offenses related to gaining unauthorized access to computer systems and networks. Section 43 deals with compensation for damage, Section 65 addresses theft of digital assets, and Section 68 deals with the power of the Controller to issue directions.

Question 7

PYQ 1.0 marks

Under the Information Technology Act, 2000, what is the liability for a person who, without permission of the owner, damages any computer, computer system or computer network?

A Up to Rs. 50 lakh compensation B Up to Rs. 1 crore compensation C Up to Rs. 10 lakh compensation D Up to Rs. 25 lakh compensation

Why: As per the Information Technology Act, 2000, damages of up to 1 crore rupees can be imposed for unauthorized access or damage to computer systems. This provision under Section 43 establishes civil liability for persons who damage computer resources without authorization. The compensation is meant to reimburse the affected person for losses incurred due to such unauthorized damage.

Question 8

PYQ 1.0 marks

Which of the following is NOT covered under unauthorized access provisions of the Information Technology Act, 2000?

A Accessing confidential databases without permission B Using someone else's password to log into a system C Bypassing firewall security measures D Authorized access to one's own computer system

Why: Authorized access to one's own computer system is not covered under unauthorized access provisions because the person has permission to access their own system. Unauthorized access specifically requires that the person accessing the computer system does not have permission from the owner or authorized person in charge. Options A, B, and C all represent unauthorized access scenarios where the person lacks proper authorization. Therefore, option D is the correct answer as it represents authorized access, which is not an offense under the IT Act.

Question 9

PYQ · 2020 1.0 marks

According to IT Act 2000, whoever commits hacking is liable for:

A Imprisonment up to one year, or with fine which may extend up to one lakh rupees, or with both B Imprisonment upto three years or fine which may extend upto two lakh rupees or both C Imprisonment up to five years, or with fine which may extend up to five lakh rupees, or with both D No punishment specified

Why: Section 66 of the IT Act 2000 defines hacking as whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means. Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both. This matches option B.[1]

Question 10

PYQ 1.0 marks

What type of cyber-crime, its laws and punishments does section 66 of the Indian IT Act holds?

A Cracking or illegally hack into any system B Putting any virus in any system C Stealing any computer document D Downloading any data without permission

Why: Under section 66 of IT Act, 2000, cracking or illegally hacking into any victim's computer is a crime. It covers a wide range of cyber-crimes under this section related to unauthorized access with intent to cause damage. This directly matches option A.[2]

Question 11

PYQ 1.0 marks

Penalty and Compensation for damage to computer, computer system, etc is provided under Section.......... of the Information Technology Act, 2000.

(1) 43
(2) 44
(3) 45
(4) 46

A 43 B 44 C 45 D 46

Why: Section 43 of the Information Technology Act, 2000 deals with penalty and compensation for damage to computer, computer system, etc. It provides that if any person without permission of the owner accesses or secures access to a computer, downloads or copies data, introduces or causes to run a virus, or disrupts the system, they are liable to pay damages up to Rs. 1 crore to the affected party. This section specifically covers acts like unauthorized access, data theft, virus introduction, and **system disruption** by denying service or causing malfunction. The correct option is A (43).[4]

Question 12

PYQ 1.0 marks

What type of cyber-crime, its laws and punishments does section 66 of the Indian IT Act holds?

A Cracking or illegally hack into any system B Putting antivirus into the victim C Stealing data D Stealing hardware components

Why: Section 66 of the IT Act, 2000 addresses hacking with computer knowledge that causes wrongful loss or damage to the public or any person. It punishes cracking or illegally hacking into any victim's computer system. The punishment is imprisonment up to 3 years, or fine up to ₹5 lakh, or both. This section covers a wide range of cyber-crimes related to unauthorized access and hacking, including password cracking attempts[3].

Question 13

PYQ 1.0 marks

Under the Information Technology Act, 2000, 'access code' refers to which of the following?

A A digital signature B A secret code for accessing a computer resource C An electronic record D A certification authority license

Why: Section 2(1)(a) of the Information Technology Act, 2000 defines 'access with authentication' using an 'access code', which means any electronic information or code intended for authenticating or confirming the identity of a person when such person accesses a computer resource. Thus, it is a secret code like a password or PIN for accessing a computer resource. Option B matches this definition[2][3].

Question 14

PYQ 2.0 marks

Which section of the IT Act, 2000 deals with punishment for dishonestly receiving stolen computer resource or communication device using an access code?

A A) Section 66B B B) Section 66C C C) Section 43 D D) Section 67

Why: Section 66B of the IT Act, 2000 provides punishment for dishonestly receiving or retaining a stolen computer resource or communication device, where 'stolen' includes obtaining unauthorized access using an access code. Punishment is imprisonment up to 3 years or fine up to Rs. 1 lakh, or both. Option A is correct[2].

Question 15

PYQ 1.0 marks

Which section of the IT Act 2000 deals with the punishment for violation of privacy?

A 66 D B 66 F C 67 D 66 E

Why: Section 66E of the Information Technology Act, 2000 deals with the punishment for violation of privacy. This section addresses the intentional capture, publication, or transmission of images of a person's private areas without consent, with punishment up to three years imprisonment or a fine up to two lakh rupees, or both. Option D corresponds to 66E, making it the correct choice.[2]

Question 16

PYQ 1.0 marks

Section 66C of the Information Technology Act, 2000 deals with punishment for:

A A B B C C D D

Why: Section 66C deals with punishment for identity theft, which involves fraudulently or dishonestly using another's electronic signature, password, or unique identification feature. Punishment includes up to 3 years imprisonment and/or fine up to Rs. 1 lakh. The correct answer is option C as per the source.[2]

Question 17

PYQ 1.0 marks

The punishment for identity theft under Section 66C of IT Act 2000 is:

A A B B C Three year imprisonment or 1 lakh rupees penalty D D

Why: Identity theft under Section 66C carries punishment of imprisonment up to three years and fine up to Rs. 1 lakh. This matches option C: 'Three year imprisonment or 1 lakh rupees penalty'.[2]

Question 18

PYQ 1.0 marks

The following punishment is mentioned in which section of IT Act 2000: '3 years of imprisonment and/or 5 lakh rupees penalty for first conviction & 5 years of imprisonment and/or 10 lakh rupees penalty for subsequent conviction'?

A A B B C C D Section 67

Why: Section 67 of the IT Act 2000 prescribes punishment for publishing or transmitting obscene material in electronic form: first conviction up to 3 years imprisonment and fine up to Rs. 5 lakhs; subsequent conviction up to 5 years and Rs. 10 lakhs. This matches option D: Section 67.[3]

Question 19

Question bank

Under the Information Technology Act, 2000, how is a 'Computer' defined?

A Any electronic, magnetic, optical, or other high-speed data processing device B Only desktop and laptop computers C Any device capable of storing and processing data electronically D Any device connected to the internet

Why: The IT Act defines 'Computer' broadly as any electronic, magnetic, optical, or other high-speed data processing device.

Question 20

Question bank

Which of the following devices would NOT be considered a 'Computer' under the IT Act, 2000?

A A smartphone B A traditional mechanical calculator C A server D A tablet

Why: The definition includes electronic or magnetic devices capable of data processing; a mechanical calculator does not qualify.

Question 21

Question bank

Which of the following best describes the scope of the term 'Computer' under the IT Act, 2000?

A Only devices used for personal computing B Any device capable of storing, processing, and retrieving data electronically C Devices connected to the internet only D Only hardware components

Why: The Act includes any device capable of electronic data storage, processing, and retrieval, regardless of internet connectivity.

Question 22

Question bank

The definition of 'Computer' under the IT Act, 2000 includes which of the following components?

A Input devices, output devices, and storage devices B Only input and output devices C Only software applications D Only storage devices

Why: The definition encompasses hardware components such as input, output, and storage devices as integral parts of a computer.

Question 23

Question bank

Which of the following is NOT included as a component in the definition of 'Computer' under the IT Act, 2000?

A Input devices B Output devices C Human operators D Storage devices

Why: Human operators are not components of a computer; the definition includes physical hardware components only.

Question 24

Question bank

Which of the following best describes the inclusion of software in the definition of 'Computer' under the IT Act, 2000?

A Software is explicitly included as part of the computer B Only hardware is included; software is excluded C Software is considered a separate entity from the computer D Software is included only if it is open-source

Why: The definition includes software as part of the computer since it is essential for data processing and operation.

Question 25

Question bank

Which of the following legal implications arises from the definition of 'Computer' under the IT Act, 2000?

A Only computers connected to the internet are subject to the Act B All devices defined as computers are subject to offences under the Act C The Act applies only to government-owned computers D The Act excludes mobile devices

Why: The broad definition ensures all devices classified as computers are covered under the Act for offences.

Question 26

Question bank

How does the definition of 'Computer' under the IT Act, 2000 impact the prosecution of offences related to data theft?

A It limits prosecution to only desktop computers B It allows prosecution for offences involving any electronic data processing device C It excludes mobile devices from prosecution D It requires proof of internet connectivity for prosecution

Why: The broad definition allows offences involving any electronic data processing device to be prosecuted under the Act.

Question 27

Question bank

Which of the following is a complex legal implication of the definition of 'Computer' under the IT Act, 2000?

A It creates ambiguity about liability for offences involving cloud computing B It excludes computers used for educational purposes C It restricts offences to physical damage only D It exempts government computers from offences

Why: The broad definition raises complex issues regarding liability and jurisdiction in cloud computing and virtual environments.

Question 28

Question bank

Which of the following best distinguishes a 'Computer' from a 'Computer Network' under the IT Act, 2000?

A A computer is a single device; a computer network is an interconnected system of computers B A computer network is a type of computer C Both terms refer to the same entity D A computer is always wireless; a network is wired

Why: A computer is an individual device, whereas a computer network is a system of interconnected computers.

Question 29

Question bank

Which of the following is NOT a correct distinction between a 'Computer' and a 'Computer Network' under the IT Act, 2000?

A A computer network consists of multiple computers connected together B A computer network can operate without any computers C A computer is a single processing device D A computer network facilitates data exchange between computers

Why: A computer network cannot operate without computers; this option is incorrect.

Question 30

Question bank

In the context of the IT Act, 2000, which statement best explains the difference between a computer and a computer network?

A A computer network is a single device, while a computer is a group of devices B A computer network is a collection of interconnected computers enabling communication C A computer network is software only, while a computer is hardware only D A computer network is unrelated to computers

Why: A computer network is a system of interconnected computers that communicate and share resources.

Question 31

Question bank

Which of the following is a complex distinction between 'Computer' and 'Computer Network' under the IT Act, 2000?

A Liability for offences can differ based on whether the offence involves a single computer or a network B Both terms are legally interchangeable C A computer network is not covered under the IT Act D A computer network is always physical, while a computer is virtual

Why: Legal liability may vary depending on whether an offence involves an individual computer or a networked system.

Question 32

Question bank

Under the IT Act, 2000, what does the term 'Computer Resource' include?

A Only hardware components of a computer B Hardware, software, data, and communication facilities related to a computer C Only software applications D Only internet connectivity

Why: The term 'Computer Resource' includes hardware, software, data, and communication facilities associated with a computer.

Question 33

Question bank

Which of the following best describes the scope of 'Computer Resource' under the IT Act, 2000?

A Only physical devices like CPU and hard drives B Includes hardware, software, data, and network resources C Only data stored on a computer D Only the internet connection

Why: The scope of 'Computer Resource' is broad, covering hardware, software, data, and communication facilities.

Question 34

Question bank

Which of the following is NOT included in the interpretation of 'Computer Resource' under the IT Act, 2000?

A Data stored electronically B Software programs C Human operators D Communication facilities

Why: Human operators are not considered part of computer resources under the Act.

Question 35

Question bank

Which of the following is a complex aspect of the scope of 'Computer Resource' under the IT Act, 2000?

A Whether cloud storage qualifies as a computer resource B Whether hardware is included C Whether software is included D Whether data is included

Why: The inclusion of cloud storage raises complex legal questions about the scope of computer resources.

Question 36

Question bank

In the context of the IT Act, 2000, which of the following best explains the legal relevance of the definition of 'Computer' for computer offences?

A It limits offences to physical damage of computers only B It extends the scope of offences to all devices defined as computers C It excludes mobile devices from offences D It applies only to offences committed by government officials

Why: The definition broadens the scope of offences to include all devices classified as computers under the Act.

Question 37

Question bank

How does the definition of 'Computer' under the IT Act, 2000 affect the prosecution of offences involving unauthorized access?

A Only computers with internet access can be involved B Any device defined as a computer can be subject to prosecution C Only government computers are covered D Only desktop computers are covered

Why: The broad definition allows prosecution for unauthorized access to any device classified as a computer.

Question 38

Question bank

Which of the following is a complex legal implication of the definition of 'Computer' in relation to offences under the IT Act, 2000?

A Determining jurisdiction for offences involving virtual machines B Excluding mobile devices from offences C Limiting offences to physical damage only D Exempting cloud service providers

Why: The definition raises complex jurisdictional issues for offences involving virtual or cloud-based computing environments.

Question 39

Question bank

According to the Information Technology Act 2000, which of the following best defines a 'Computer'?

A A device capable of performing arithmetic calculations only B Any electronic, magnetic, optical, or similar device capable of storing, processing, and retrieving data C A device used exclusively for communication purposes D Only hardware components without software

Why: The IT Act 2000 defines a computer as any electronic, magnetic, optical, or similar device capable of storing, processing, and retrieving data, encompassing more than just arithmetic calculations or communication devices.

Question 40

Question bank

Which of the following is NOT included in the definition of 'Computer' under the IT Act 2000?

A Hardware components B Software programs C Data stored within the device D Manual typewriters

Why: Manual typewriters are not electronic or magnetic devices and hence are excluded from the definition of 'Computer' under the IT Act 2000.

Question 41

Question bank

Which phrase correctly completes the definition of 'Computer' under the IT Act 2000?

A A device that only processes data but does not store it B A device that includes hardware, software, and data capable of performing logical, arithmetic, and memory functions C A device limited to communication functions D A device that operates without any software

Why: The IT Act 2000 includes hardware, software, and data as integral parts of a computer, which performs logical, arithmetic, and memory functions.

Question 42

Question bank

Under the IT Act 2000, which of the following would be considered a 'Computer'?

A A smartphone with installed applications and data B A mechanical calculator without electronic components C A traditional wristwatch D A paper ledger book

Why: A smartphone is an electronic device with hardware, software, and data processing capabilities, thus falling under the definition of a computer as per the IT Act 2000.

Question 43

Question bank

Which of the following best describes the scope of 'Computer' in the IT Act 2000?

A Only desktop computers and laptops B Any electronic device capable of data processing, including embedded systems C Only devices used in government offices D Only devices connected to the internet

Why: The IT Act 2000 defines a computer broadly to include any electronic device capable of data processing, which covers embedded systems and not just traditional computers.

Question 44

Question bank

Which of the following components is explicitly included in the definition of a computer under the IT Act 2000?

A Hardware and software only B Hardware, software, and data C Software and data only D Hardware only

Why: The IT Act 2000 includes hardware, software, and data as integral parts of the definition of a computer.

Question 45

Question bank

Which of the following is considered a 'component' of a computer as per the IT Act 2000?

A Only physical hardware devices B Software programs and data stored within the device C Only input devices D Only output devices

Why: The definition includes software programs and data stored within the device as components of a computer.

Question 46

Question bank

Which of the following best illustrates the components covered under the definition of a computer in the IT Act 2000?

A Hardware and peripherals only B Hardware, software, data, and storage devices C Software only D Data only

Why: The IT Act 2000 includes hardware, software, data, and storage devices as parts of the computer definition.

Question 47

Question bank

Which of the following is NOT considered a component of a computer resource under the IT Act 2000?

A Computer hardware B Computer software C Data stored electronically D Manual filing cabinets

Why: Manual filing cabinets are not electronic or digital and thus are not considered computer resources under the IT Act 2000.

Question 48

Question bank

The term 'Computer Resource' under the IT Act 2000 includes which of the following?

A Only the physical computer hardware B Hardware, software, data, and communication facilities C Only software applications D Only data stored on external drives

Why: Computer Resource is broadly defined to include hardware, software, data, and communication facilities as per the IT Act 2000.

Question 49

Question bank

Which of the following best describes 'Computer Resource' as per the IT Act 2000?

A Only the physical computer device B Any resource related to computer hardware, software, data, and communication facilities C Only network devices D Only data stored on computers

Why: The IT Act 2000 defines Computer Resource to include hardware, software, data, and communication facilities.

Question 50

Question bank

Which of the following is an example of a 'Computer Resource' under the IT Act 2000?

A A server with installed operating system and stored data B A manual typewriter C A printed book D A mechanical clock

Why: A server with operating system and data qualifies as a computer resource, including hardware, software, and data.

Question 51

Question bank

Which of the following statements about 'Computer Resource' under the IT Act 2000 is correct?

A It excludes communication facilities connected to a computer B It includes hardware, software, data, and communication facilities C It refers only to the software installed on a computer D It is limited to data stored on the computer

Why: The definition of Computer Resource includes hardware, software, data, and communication facilities as per the IT Act 2000.

Question 52

Question bank

Which legal implication arises from the broad definition of 'Computer' under the IT Act 2000?

A Only traditional computers are subject to offences under the Act B Offences can be committed using a wide range of electronic devices including embedded systems C The Act applies only to devices connected to the internet D Only hardware theft is punishable under the Act

Why: The broad definition allows the Act to cover offences committed using various electronic devices, not limited to traditional computers.

Question 53

Question bank

Which of the following is a legal consequence of the IT Act 2000’s definition of 'Computer'?

A Only software piracy is punishable B Unauthorized access to any device defined as a computer can attract penalties C The Act does not cover mobile devices D Only data theft is punishable

Why: Unauthorized access to any device that falls under the definition of a computer is punishable under the IT Act 2000.

Question 54

Question bank

Under the IT Act 2000, which of the following offences can be committed using a device defined as a 'Computer'?

A Only physical damage to hardware B Hacking, data theft, and unauthorized access C Only theft of physical devices D Only software installation

Why: The Act covers offences like hacking, data theft, and unauthorized access involving any device defined as a computer.

Question 55

Question bank

Which of the following best explains the legal importance of distinguishing a 'Computer' from other digital devices under the IT Act 2000?

A To limit the scope of offences to only computers B To ensure offences involving digital devices are covered under the Act C To exclude mobile phones from the Act D To restrict the Act to hardware only

Why: Distinguishing helps ensure that offences involving a wide range of digital devices are covered under the IT Act 2000.

Question 56

Question bank

Which of the following devices is considered distinct from a 'Computer' under the IT Act 2000 due to its limited functionality?

A Smartphones with apps and data B Digital cameras without processing capabilities C Personal computers D Servers

Why: Digital cameras without data processing capabilities are distinct from computers as per the Act’s definition.

Question 57

Question bank

Which of the following best distinguishes a 'Computer' from other digital devices under the IT Act 2000?

A Computers can process, store, and retrieve data, while some digital devices may only store data B All digital devices are considered computers C Only devices with internet access are computers D Only devices with keyboards are computers

Why: The key distinction is that computers perform processing, storage, and retrieval, whereas some digital devices may have limited functions.

Question 58

Question bank

Which device would NOT be classified as a 'Computer' under the IT Act 2000 due to its primary function?

A A smartwatch capable of running apps and storing data B A digital thermometer without data processing capability C A laptop computer D A tablet device

Why: A digital thermometer without data processing capabilities does not meet the definition of a computer under the Act.

Question 59

Question bank

The definition of 'Computer' under the IT Act 2000 extends to which of the following in relation to networks and communication devices?

A Only standalone computers without network connections B Computers connected to networks and communication devices used for data transmission C Only devices used for voice communication D Only hardware devices without software

Why: The definition includes computers connected to networks and communication devices that facilitate data transmission.

Question 60

Question bank

Which of the following best describes the scope of the term 'Computer' in relation to communication devices as per the IT Act 2000?

A It excludes all communication devices B It includes communication devices that are capable of data processing and storage C It includes only telephones D It includes devices that do not process data

Why: Communication devices capable of data processing and storage fall within the scope of 'Computer' under the Act.

Question 61

Question bank

Which of the following network-related devices would be covered under the definition of 'Computer' in the IT Act 2000?

A A router with embedded software and data processing capability B A passive network cable C A traditional telephone handset D A mechanical switchboard

Why: A router with embedded software and data processing capabilities is considered a computer under the Act.

Question 62

Question bank

Which of the following statements is TRUE regarding the scope of 'Computer' under the IT Act 2000?

A The definition excludes devices used solely for communication without data processing B All electronic devices are considered computers regardless of function C Only devices manufactured after 2000 are included D The definition is limited to devices used in offices

Why: Devices used solely for communication without data processing are excluded from the definition under the IT Act 2000.

Question 63

Question bank

Under the Information Technology Act, 2000, consider a scenario where a device processes data using a hybrid of analog and digital signals, connects intermittently to the internet via a satellite link, and stores data temporarily in volatile memory. Which of the following best classifies this device as a 'computer' under the Act's definition, considering the scope of 'computer system' and 'computer network'?

A It qualifies as a 'computer' because it processes data electronically and connects to a computer network, despite using analog signals. B It does not qualify as a 'computer' because the use of analog signals excludes it from the Act's digital-centric definition. C It qualifies as a 'computer system' but not as a 'computer' because temporary volatile memory is insufficient for classification. D It qualifies neither as a 'computer' nor as a 'computer system' because intermittent connectivity breaks the continuous network requirement.

Why: Step 1: Review the IT Act's definition of 'computer' which includes electronic, digital, or similar devices that process data. Step 2: Recognize that hybrid analog-digital processing still falls under 'electronic' processing. Step 3: Understand 'computer system' includes input, output, processing, and storage devices, and volatile memory counts as storage. Step 4: Confirm that intermittent connectivity to a network still qualifies as connection to a 'computer network' under the Act. Step 5: Conclude that the device meets the definition of 'computer' as per the Act.

Question 64

Question bank

A hacker uses a device that can process data, but only through a manual switch converting analog inputs to digital outputs, and connects to a computer network only via a mobile hotspot that has a data limit of 0.75 GB per day. According to the IT Act 2000, can this device be legally considered a 'computer' and does the data limit affect its classification under 'computer network'?

A Yes, it is a 'computer' because digital processing occurs, and the data limit does not affect network classification. B No, it is not a 'computer' because manual switching breaks continuous electronic processing, and data limit restricts network status. C Yes, it is a 'computer system' but not a 'computer' due to manual switching, and network classification depends on data usage. D No, it is neither a 'computer' nor connected to a 'computer network' because of manual conversion and data cap.

Why: Step 1: Analyze the definition of 'computer' which requires electronic data processing; manual switching does not negate digital processing. Step 2: The device outputs digital data, satisfying the requirement. Step 3: The IT Act does not specify continuous electronic processing without manual intervention. Step 4: The 'computer network' definition includes any interconnection of computers regardless of data limits. Step 5: Data caps do not affect the legal classification of network connectivity.

Question 65

Question bank

Consider a device that uses quantum computing principles to process data and is connected to a blockchain network with decentralized nodes. Under the IT Act 2000, which of the following statements correctly interprets the classification of this device as a 'computer' and its connection to a 'computer network'?

A It is a 'computer' as quantum processing falls under electronic processing, and blockchain nodes form a valid 'computer network'. B It is not a 'computer' because quantum computing is excluded from the Act's definition, and blockchain is not a recognized network. C It is a 'computer system' but not a 'computer' due to quantum principles, and blockchain is only a 'distributed ledger', not a network. D It qualifies as a 'computer' but blockchain nodes do not constitute a 'computer network' under the Act.

Why: Step 1: The IT Act defines 'computer' broadly as electronic or digital devices processing data; quantum computing is electronic processing. Step 2: Blockchain nodes are interconnected computers forming a decentralized network. Step 3: The Act's definition of 'computer network' includes interconnection of computers via communication lines. Step 4: Quantum computing devices connected to blockchain nodes satisfy both definitions. Step 5: Therefore, the device qualifies as a 'computer' connected to a 'computer network'.

Question 66

Question bank

A device processes data using a non-volatile memory of 3.7 GB and connects to a network via a proprietary protocol not based on TCP/IP. The device is used to commit a cyber offence. Under the IT Act 2000, does the device qualify as a 'computer' and the network as a 'computer network' for offence applicability?

A Yes, the device qualifies as a 'computer' and the network as a 'computer network' regardless of protocol. B No, the device does not qualify because the memory size is below the 4 GB threshold, and proprietary protocols are excluded. C Yes, the device is a 'computer' but the network is not a 'computer network' due to non-standard protocols. D No, neither the device nor the network qualify because of memory size and protocol restrictions.

Why: Step 1: The IT Act does not specify minimum memory size for 'computer' classification. Step 2: Non-volatile memory is valid storage. Step 3: The Act defines 'computer network' broadly as interconnection of computers by communication lines, without protocol restrictions. Step 4: Proprietary protocols still constitute communication lines. Step 5: Hence, both device and network qualify under the Act for offence applicability.

Question 67

Question bank

An IoT device with embedded microcontrollers processes data intermittently and connects to a mesh network with 17 nodes. The device uses a combination of volatile and non-volatile memory totaling 512 MB. Under the IT Act 2000, does this device qualify as a 'computer' and is the mesh network a 'computer network'?

A Yes, the device qualifies as a 'computer' and the mesh network as a 'computer network' under the Act. B No, the device does not qualify because intermittent processing disqualifies it, though the network qualifies. C Yes, the device qualifies, but the mesh network does not qualify as it is not a traditional network. D No, neither device nor network qualify due to memory size and network topology.

Why: Step 1: The IT Act's definition of 'computer' includes devices capable of electronic data processing, including embedded microcontrollers. Step 2: Intermittent processing does not exclude qualification. Step 3: Both volatile and non-volatile memory count as storage. Step 4: Mesh networks are interconnected nodes forming a computer network. Step 5: The Act's broad network definition includes mesh topology. Therefore, both device and network qualify.

Question 68

Question bank

A cybercriminal uses a device that processes data solely through cloud-based virtual machines, with no physical hardware owned by the user, and connects via a VPN to a network of 23 servers. Under the IT Act 2000, how is the device classified and does the VPN connection constitute a 'computer network'?

A The virtual machine is a 'computer' and the VPN connection forms a 'computer network' under the Act. B The device is not a 'computer' as no physical hardware is owned, and VPN is not a 'computer network'. C The virtual machine is a 'computer system' but not a 'computer', and VPN qualifies as a 'computer network'. D Neither the virtual machine nor the VPN connection qualify under the Act's definitions.

Why: Step 1: The IT Act defines 'computer' as any electronic device capable of data processing, including virtual machines. Step 2: Ownership of physical hardware is not a criterion. Step 3: VPN connections interconnect computers securely, forming a 'computer network'. Step 4: The network of 23 servers connected via VPN fits the 'computer network' definition. Step 5: Therefore, both virtual machine and VPN network qualify under the Act.

Question 69

Question bank

A device uses a proprietary encryption chip to process data and connects to a network that uses a non-IP based communication protocol with 11 nodes. The device has 1.2 GB of RAM and 0.8 GB of ROM. Under the IT Act 2000, does the device qualify as a 'computer' and the network as a 'computer network'?

A Yes, the device qualifies as a 'computer' and the network as a 'computer network' despite proprietary encryption and non-IP protocols. B No, proprietary encryption excludes the device from being a 'computer', and non-IP protocols exclude the network. C The device qualifies as a 'computer system' but not a 'computer', and the network qualifies as a 'computer network'. D Neither the device nor the network qualify due to encryption and protocol restrictions.

Why: Step 1: The IT Act's definition of 'computer' includes electronic devices processing data, regardless of encryption type. Step 2: Proprietary encryption chips do not exclude classification. Step 3: Memory sizes are irrelevant to classification. Step 4: 'Computer network' includes any interconnection of computers via communication lines, regardless of protocol. Step 5: Non-IP based protocols still qualify as communication lines. Hence, both device and network qualify.

Question 70

Question bank

A cyber offence involves a device that processes data using a hybrid analog-digital processor, stores data in 2.3 GB of volatile memory, and connects to a network with 19 nodes via a satellite link with latency of 600 ms. Under the IT Act 2000, which of the following is true regarding the classification of the device and network?

A The device qualifies as a 'computer' and the network as a 'computer network' despite latency and hybrid processing. B The device does not qualify as a 'computer' due to hybrid processing, and the network does not qualify due to high latency. C The device qualifies as a 'computer system' but not a 'computer', and the network qualifies as a 'computer network'. D Neither the device nor the network qualify due to hybrid processing and satellite latency.

Why: Step 1: The IT Act includes electronic or digital devices; hybrid analog-digital processing qualifies as electronic processing. Step 2: Volatile memory counts as storage. Step 3: Network latency does not affect classification as a 'computer network'. Step 4: Satellite links are valid communication lines. Step 5: The network with 19 nodes connected via satellite qualifies as a 'computer network'. Therefore, both device and network qualify under the Act.

Question 71

Question bank

A cybercriminal uses a device that processes data exclusively through a cloud API without local storage, connects to a network via a 4G LTE connection with fluctuating bandwidth between 0.5 Mbps and 3 Mbps, and uses a hybrid IPv4/IPv6 addressing scheme. Under the IT Act 2000, how is the device and network classified?

A The device qualifies as a 'computer' and the network as a 'computer network' regardless of local storage and bandwidth fluctuations. B The device does not qualify as a 'computer' due to lack of local storage, and the network does not qualify due to bandwidth variability. C The device qualifies as a 'computer system' but not a 'computer', and the network qualifies as a 'computer network'. D Neither the device nor the network qualify due to cloud-only processing and bandwidth issues.

Why: Step 1: The IT Act defines 'computer' as any electronic device capable of data processing; cloud API usage qualifies as processing. Step 2: Local storage is not mandatory for classification. Step 3: Network connectivity via 4G LTE is a valid communication line. Step 4: Bandwidth fluctuations do not affect network classification. Step 5: Hybrid IPv4/IPv6 addressing is supported under the Act's broad network definition. Thus, both device and network qualify.

Question 72

Question bank

A device processes data using a neuromorphic chip that mimics neural networks, stores data in 1.8 GB of hybrid volatile/non-volatile memory, and connects to a decentralized peer-to-peer network with 13 nodes using a custom protocol. Under the IT Act 2000, which classification is accurate?

A The device is a 'computer' and the network is a 'computer network' under the Act. B The device is not a 'computer' due to neuromorphic processing, and the network is not a 'computer network' due to custom protocol. C The device qualifies as a 'computer system' but not a 'computer', and the network qualifies as a 'computer network'. D Neither the device nor the network qualify due to unconventional processing and protocols.

Why: Step 1: The IT Act's definition of 'computer' includes electronic devices processing data; neuromorphic chips are electronic processors. Step 2: Hybrid memory types count as storage. Step 3: Peer-to-peer networks with interconnected nodes qualify as 'computer networks'. Step 4: Custom protocols do not exclude network classification. Step 5: Therefore, both device and network qualify under the Act.

Question 73

Question bank

A cyber offence involves a device that processes data using a 3.3 GHz multi-core processor, stores data in 2.7 GB of RAM and 1.1 GB of SSD, and connects to a network with 21 nodes using a hybrid wired-wireless topology. According to the IT Act 2000, which statement is correct?

A The device qualifies as a 'computer' and the network as a 'computer network' under the Act. B The device does not qualify as a 'computer' due to processor speed, and the network does not qualify due to hybrid topology. C The device qualifies as a 'computer system' but not a 'computer', and the network qualifies as a 'computer network'. D Neither the device nor the network qualify due to hardware and topology specifics.

Why: Step 1: The IT Act includes any electronic device capable of data processing; processor speed is irrelevant. Step 2: RAM and SSD count as volatile and non-volatile memory respectively. Step 3: Hybrid wired-wireless topologies are valid computer networks. Step 4: The network with 21 nodes fits the definition of 'computer network'. Step 5: Therefore, both device and network qualify under the Act.

Question 74

Question bank

A device processes data using a digital signal processor (DSP), stores data temporarily in 0.9 GB volatile memory, and connects to a network of 16 nodes using a satellite uplink with a packet loss rate of 5%. Under the IT Act 2000, which classification applies?

A The device is a 'computer' and the network is a 'computer network' despite packet loss. B The device is not a 'computer' due to limited memory, and the network is not a 'computer network' due to packet loss. C The device qualifies as a 'computer system' but not a 'computer', and the network qualifies as a 'computer network'. D Neither the device nor the network qualify due to memory and network quality.

Why: Step 1: DSPs are electronic data processors qualifying as 'computers'. Step 2: Memory size is not a disqualifier. Step 3: Packet loss does not affect network classification under the Act. Step 4: Satellite uplinks are valid communication lines. Step 5: The network with 16 nodes qualifies as a 'computer network'. Thus, both device and network qualify.

Question 75

Question bank

A cyber offence is committed using a device that processes data via FPGA (Field Programmable Gate Array), stores data in 1.5 GB of flash memory, and connects to a network with 14 nodes using a proprietary wireless protocol with a frequency of 5.8 GHz. Under the IT Act 2000, which is the correct classification?

A The device is a 'computer' and the network is a 'computer network' under the Act. B The device is not a 'computer' due to FPGA usage, and the network is not a 'computer network' due to proprietary protocol. C The device qualifies as a 'computer system' but not a 'computer', and the network qualifies as a 'computer network'. D Neither the device nor the network qualify due to hardware and protocol specifics.

Why: Step 1: FPGA devices are programmable electronic processors qualifying as 'computers'. Step 2: Flash memory is non-volatile storage. Step 3: Proprietary wireless protocols still constitute communication lines. Step 4: Frequency used does not affect network classification. Step 5: Network with 14 nodes qualifies as a 'computer network'. Therefore, both device and network qualify under the Act.

Question 76

Question bank

A device processes data using a hybrid CPU-GPU architecture, stores data in 3.1 GB RAM and 2.2 GB HDD, and connects to a network with 18 nodes using a VPN over a 5G network. Under the IT Act 2000, which of the following is true?

A The device qualifies as a 'computer' and the network as a 'computer network'. B The device does not qualify as a 'computer' due to hybrid architecture, and the network does not qualify due to VPN usage. C The device qualifies as a 'computer system' but not a 'computer', and the network qualifies as a 'computer network'. D Neither the device nor the network qualify due to architecture and network type.

Why: Step 1: Hybrid CPU-GPU architectures are electronic data processors qualifying as 'computers'. Step 2: RAM and HDD are valid memory types. Step 3: VPN over 5G is a valid communication line. Step 4: Network with 18 nodes fits 'computer network' definition. Step 5: Both device and network qualify under the Act.

Question 77

Question bank

A cyber offence involves a device that processes data using a single-board computer with 1.9 GB RAM and 0.6 GB ROM, connected to a network of 20 nodes using a hybrid IPv6 and proprietary addressing scheme. According to the IT Act 2000, which classification applies?

A The device is a 'computer' and the network is a 'computer network'. B The device is not a 'computer' due to limited ROM, and the network is not a 'computer network' due to proprietary addressing. C The device qualifies as a 'computer system' but not a 'computer', and the network qualifies as a 'computer network'. D Neither the device nor the network qualify due to memory and addressing scheme.

Why: Step 1: Single-board computers are electronic data processors qualifying as 'computers'. Step 2: RAM and ROM sizes are not disqualifying. Step 3: Hybrid IPv6 and proprietary addressing schemes are valid communication lines. Step 4: Network with 20 nodes fits 'computer network' definition. Step 5: Both device and network qualify under the Act.

Question 78

Question bank

A cyber offence is committed using a device that processes data via a custom ASIC chip, stores data in 2.5 GB of hybrid memory, and connects to a network with 15 nodes using a satellite link with jitter of 50 ms. Under the IT Act 2000, which statement is correct?

A The device qualifies as a 'computer' and the network as a 'computer network' despite jitter. B The device does not qualify as a 'computer' due to custom ASIC, and the network does not qualify due to jitter. C The device qualifies as a 'computer system' but not a 'computer', and the network qualifies as a 'computer network'. D Neither the device nor the network qualify due to hardware and network conditions.

Why: Step 1: Custom ASIC chips are electronic processors qualifying as 'computers'. Step 2: Hybrid memory counts as storage. Step 3: Network jitter does not affect classification. Step 4: Satellite links are valid communication lines. Step 5: Network with 15 nodes qualifies as a 'computer network'. Therefore, both device and network qualify.

Question 79

Question bank

A cyber offence involves a device that processes data using a hybrid FPGA-CPU architecture, stores data in 2.1 GB RAM and 1.3 GB SSD, and connects to a network with 22 nodes using a VPN over a 3G network with latency spikes up to 700 ms. Under the IT Act 2000, which classification is accurate?

A The device is a 'computer' and the network is a 'computer network' under the Act. B The device is not a 'computer' due to hybrid architecture, and the network is not a 'computer network' due to latency spikes. C The device qualifies as a 'computer system' but not a 'computer', and the network qualifies as a 'computer network'. D Neither the device nor the network qualify due to architecture and network conditions.

Why: Step 1: Hybrid FPGA-CPU architectures are electronic processors qualifying as 'computers'. Step 2: RAM and SSD are valid memory types. Step 3: VPN over 3G is a valid communication line. Step 4: Latency spikes do not affect network classification. Step 5: Network with 22 nodes fits 'computer network' definition. Therefore, both device and network qualify under the Act.

Question 80

Question bank

Which of the following best defines 'Unauthorized Access to Computer Resource' under the IT Act 2000?

A Accessing a computer system with the owner's permission B Accessing a computer system without permission or exceeding authorized access C Using a computer system for legal purposes D Accessing public websites without login credentials

Why: Unauthorized access refers to accessing a computer system or network without permission or exceeding the access rights granted.

Question 81

Question bank

Under the IT Act 2000, which of the following actions constitutes unauthorized access to a computer resource?

A Logging into your own email account B Accessing a colleague’s computer without their knowledge C Browsing a public website D Using software installed on your computer

Why: Accessing someone else's computer without permission is unauthorized access under the IT Act.

Question 82

Question bank

Which section of the IT Act 2000 deals with penalties for unauthorized access to computer resources?

A Section 43 B Section 66 C Section 66C D Section 72

Why: Section 66 of the IT Act 2000 prescribes penalties for hacking and unauthorized access to computer resources.

Question 83

Question bank

Which of the following scenarios is an example of unauthorized access under the IT Act 2000?

A An employee accessing files within their permitted role B A hacker bypassing login credentials to enter a system C A user downloading files from a public domain D A person using their own password to log in

Why: Bypassing login credentials without authorization is unauthorized access.

Question 84

Question bank

A person who accesses a computer system without permission and deletes critical data can be charged under which provision of the IT Act 2000?

A Section 43 B Section 66 C Section 66C D Section 72

Why: Section 43 deals with penalties for unauthorized access and damage to computer resources including deletion of data.

Question 85

Question bank

Which of the following acts is considered 'Hacking' under the IT Act 2000?

A Using authorized credentials to access a system B Gaining unauthorized access to a computer system to cause damage C Browsing public websites D Installing antivirus software

Why: Hacking involves unauthorized access with intent to cause damage or steal data.

Question 86

Question bank

Under the IT Act 2000, what is the punishment for hacking that causes damage to a computer system or data?

A Imprisonment up to 3 years or fine up to Rs. 5 lakh B Imprisonment up to 1 year or fine up to Rs. 1 lakh C Imprisonment up to 5 years or fine up to Rs. 10 lakh D No punishment specified

Why: Section 66 prescribes imprisonment up to 3 years or fine up to Rs. 5 lakh for hacking causing damage.

Question 87

Question bank

Which of the following is NOT an example of hacking under the IT Act 2000?

A Breaking into a system to steal data B Accessing a system with authorized credentials C Planting malware to damage data D Bypassing security controls to access restricted files

Why: Accessing a system with authorized credentials is not hacking.

Question 88

Question bank

A hacker gains unauthorized access to a bank’s computer system and transfers funds illegally. Under the IT Act 2000, this act is punishable under which section?

A Section 43 B Section 66 C Section 66C D Section 72

Why: Section 66 deals with hacking and related offences including unauthorized fund transfer.

Question 89

Question bank

Which of the following constitutes 'Data Theft' under the IT Act 2000?

A Copying data with the owner's consent B Stealing data from a computer system without authorization C Deleting your own files D Accessing public data

Why: Data theft involves stealing data without authorization.

Question 90

Question bank

Under the IT Act 2000, which section deals with penalties for damage to computer data or programs?

A Section 43 B Section 66 C Section 66C D Section 72

Why: Section 43 prescribes penalties for damage to computer data or programs.

Question 91

Question bank

Which of the following actions is an example of data damage under the IT Act 2000?

A Deleting files without authorization B Viewing files with permission C Backing up data D Sharing public data

Why: Deleting files without authorization constitutes data damage.

Question 92

Question bank

A person copies confidential data from a company’s computer without permission. Which section of the IT Act 2000 applies?

A Section 43 B Section 66 C Section 66C D Section 72

Why: Section 43 covers unauthorized copying or extraction of data.

Question 93

Question bank

Which of the following is a correct punishment for data damage under the IT Act 2000?

A Imprisonment up to 3 years and fine up to Rs. 5 lakh B Imprisonment up to 6 months only C Fine only D No punishment

Why: Data damage attracts imprisonment up to 3 years and fine up to Rs. 5 lakh under Section 66.

Question 94

Question bank

Identity theft under the IT Act 2000 involves which of the following actions?

A Using someone else's electronic signature without permission B Accessing your own email account C Sharing your own password D Logging into a public website

Why: Identity theft involves fraudulent use of another person's electronic signature or identity.

Question 95

Question bank

Which section of the IT Act 2000 specifically deals with punishment for identity theft?

A Section 43 B Section 66 C Section 66C D Section 72

Why: Section 66C deals with punishment for identity theft and impersonation.

Question 96

Question bank

Which of the following is an example of impersonation under the IT Act 2000?

A Using your own digital signature B Using someone else’s digital signature without authorization C Logging into your own account D Sharing public information

Why: Impersonation involves using another person's digital signature or identity without permission.

Question 97

Question bank

A person creates a fake digital identity to commit fraud. Under which section of the IT Act 2000 can they be prosecuted?

A Section 43 B Section 66 C Section 66C D Section 72

Why: Section 66C punishes identity theft including creation or use of fake digital identities.

Question 98

Question bank

Which of the following best describes 'Computer Sabotage' under the IT Act 2000?

A Using a computer for legal purposes B Deliberate damage or disruption of computer systems or data C Accessing public websites D Installing antivirus software

Why: Computer sabotage involves intentional damage or disruption to computer systems or data.

Question 99

Question bank

Which of the following is an example of computer trespass under the IT Act 2000?

A Accessing a computer system beyond authorized limits B Using your own computer C Browsing public websites D Installing authorized software

Why: Computer trespass involves accessing a system beyond authorized rights.

Question 100

Question bank

Under the IT Act 2000, which section deals with penalties for computer sabotage?

A Section 43 B Section 66 C Section 66C D Section 72

Why: Section 66 prescribes penalties for computer sabotage and related offences.

Question 101

Question bank

A person intentionally introduces a virus into a company’s computer system causing damage. What is the likely punishment under the IT Act 2000?

A Imprisonment up to 3 years or fine up to Rs. 5 lakh B No punishment C Fine only D Imprisonment up to 6 months

Why: Introducing a virus causing damage is punishable under Section 66 with imprisonment and fine.

Question 102

Question bank

Section 43 of the IT Act 2000 primarily deals with which of the following?

A Compensation for damage to computer systems B Punishment for hacking C Identity theft D Breach of confidentiality

Why: Section 43 deals with compensation for unauthorized access and damage to computer systems.

Question 103

Question bank

Which section of the IT Act 2000 prescribes punishment for identity theft and impersonation?

A Section 43 B Section 66C C Section 66 D Section 72

Why: Section 66C specifically addresses identity theft and impersonation.

Question 104

Question bank

Which section of the IT Act 2000 provides protection against disclosure of information by intermediaries?

A Section 43 B Section 66 C Section 72 D Section 66C

Why: Section 72 deals with breach of confidentiality and privacy by intermediaries.

Question 105

Question bank

Under the IT Act 2000, which section provides for punishment for hacking with computer system damage?

A Section 43 B Section 66 C Section 66C D Section 72

Why: Section 66 prescribes punishment for hacking causing damage to computer systems.

Question 106

Question bank

Which of the following penalties is prescribed under the IT Act 2000 for unauthorized access causing damage to computer systems?

A Fine up to Rs. 1 lakh only B Imprisonment up to 3 years or fine up to Rs. 5 lakh C No penalty D Imprisonment up to 6 months only

Why: Unauthorized access causing damage attracts imprisonment up to 3 years or fine up to Rs. 5 lakh under Section 66.

Question 107

Question bank

Which of the following is a possible punishment for identity theft under the IT Act 2000?

A Imprisonment up to 3 years and fine B No punishment C Fine only D Community service

Why: Identity theft is punishable with imprisonment up to 3 years and fine under Section 66C.

Question 108

Question bank

A person is convicted of hacking causing data damage. What is the maximum imprisonment term under the IT Act 2000?

A 1 year B 3 years C 5 years D No imprisonment

Why: Section 66 prescribes imprisonment up to 3 years for hacking causing damage.

Question 109

Question bank

Which of the following is a defense under the IT Act 2000 against charges of unauthorized access?

A Access was authorized or consented by the owner B Access was accidental C Access was to public websites D No defense is allowed

Why: Authorization or consent by the owner is a valid defense against unauthorized access charges.

Question 110

Question bank

Which of the following is NOT considered a valid defense under the IT Act 2000 for computer offences?

A Access with owner’s consent B Access for lawful investigation with permission C Access without any permission but no damage caused D Access under court order

Why: Access without permission is unauthorized even if no damage is caused; it is not a valid defense.

Question 111

Question bank

Under the IT Act 2000, which of the following can be a valid exception to liability for computer offences?

A Accessing computer resource with owner’s consent B Hacking for personal gain C Identity theft for fraud D Data damage intentionally

Why: Access with owner’s consent is an exception to liability under the Act.

Question 112

Question bank

Which of the following best describes 'Unauthorized Computer Access' under the IT Act 2000?

A Accessing a computer system with the owner’s permission B Accessing a computer system without permission or exceeding authorized access C Using a computer for legal activities D Accessing public websites without login credentials

Why: Unauthorized Computer Access involves accessing a computer system without permission or exceeding the access rights granted, which is prohibited under the IT Act 2000.

Question 113

Question bank

Under the IT Act 2000, which of the following actions constitutes unauthorized access to a computer resource?

A Logging into your personal email account B Accessing a colleague’s computer without permission C Browsing a public website D Using software installed on your own computer

Why: Accessing a colleague’s computer without permission is unauthorized access, which is punishable under the IT Act 2000.

Question 114

Question bank

Which of the following scenarios best illustrates unauthorized computer access?

A An employee accessing files they are authorized to view B A hacker bypassing security to enter a government database C A user logging into their own social media account D A technician repairing a computer with owner’s consent

Why: A hacker bypassing security to enter a government database is a clear case of unauthorized computer access.

Question 115

Question bank

Which of the following is NOT an example of unauthorized computer access under the IT Act 2000?

A Using stolen credentials to access a bank’s computer system B Accessing a public Wi-Fi network without password C Accessing one’s own computer system D Hacking into a company’s database to steal data

Why: Accessing one’s own computer system is authorized access and does not constitute unauthorized computer access.

Question 116

Question bank

Which of the following best defines 'Computer Access' as per the IT Act 2000?

A Only physical access to a computer device B Access to a computer system or network through any means including remote access C Access limited to authorized personnel only D Access to software installed on a computer

Why: The IT Act 2000 defines computer access broadly as accessing a computer system or network by any means, including remote access.

Question 117

Question bank

Under the IT Act 2000, which of the following would NOT be considered 'computer access'?

A Logging into an online banking portal B Physically switching on a computer C Sending an email using a computer network D Reading printed documents from a computer

Why: Reading printed documents is not computer access since it does not involve accessing the computer system or network itself.

Question 118

Question bank

How does the IT Act 2000 define 'access' to a computer system?

A Only physical interaction with the computer hardware B Use of any means to interact with or retrieve data from a computer system or network C Viewing printed reports generated by a computer D Using software installed on a personal device

Why: Access includes any means to interact with or retrieve data from a computer system or network, including remote access.

Question 119

Question bank

Which of the following statements about 'Computer Access' under the IT Act 2000 is TRUE?

A Accessing a computer system remotely is not considered computer access B Only authorized users can be held liable for offenses related to computer access C Access includes both physical and electronic means of interacting with a computer system D Accessing a computer system without permission is legal if no damage is caused

Why: The Act considers both physical and electronic means as forms of computer access.

Question 120

Question bank

Under Section 43 of the IT Act 2000, which of the following penalties may be imposed for unauthorized access causing damage to a computer system?

A Imprisonment up to 3 years and fine up to 5 lakh rupees B Fine only, no imprisonment C Imprisonment up to 1 year only D No penalty if damage is unintentional

Why: Section 43 provides for imprisonment up to 3 years and/or fine up to 5 lakh rupees for unauthorized access causing damage.

Question 121

Question bank

Which of the following acts is punishable under Section 43 of the IT Act 2000?

A Deleting data from a computer system without permission B Using a computer for personal work during office hours C Accessing public information on a website D Installing authorized software on your own computer

Why: Deleting data without permission is unauthorized access causing damage, punishable under Section 43.

Question 122

Question bank

Under Section 43 of the IT Act 2000, which of the following is NOT a consequence of unauthorized access?

A Compensation to the affected party B Imprisonment for up to three years C Fine up to five lakh rupees D Death penalty

Why: The IT Act 2000 does not prescribe death penalty for unauthorized access under Section 43.

Question 123

Question bank

Which of the following best describes the scope of penalties under Section 43 of the IT Act 2000 for unauthorized computer access?

A Only monetary fines irrespective of damage caused B Imprisonment and/or fine depending on the nature and extent of damage caused C Only imprisonment without any fine D No penalties if the offender is a first-time offender

Why: Section 43 provides for imprisonment and/or fine depending on the damage caused by unauthorized access.

Question 124

Question bank

Section 66 of the IT Act 2000 deals with which of the following offences?

A Unauthorized access and damage to computer systems B Computer-related offences including hacking and identity theft C Cyber terrorism D Data protection and privacy

Why: Section 66 specifically addresses computer-related offences such as hacking, identity theft, and related crimes.

Question 125

Question bank

Which of the following is a punishable offence under Section 66 of the IT Act 2000?

A Hacking into a computer system B Using licensed software C Browsing public websites D Sending emails to known contacts

Why: Hacking is a punishable offence under Section 66 of the IT Act 2000.

Question 126

Question bank

Under Section 66 of the IT Act 2000, what is the maximum punishment for hacking a computer system?

A Imprisonment up to 3 years and fine up to 5 lakh rupees B Imprisonment up to 1 year and fine up to 1 lakh rupees C Fine only D No punishment if data is not damaged

Why: Section 66 prescribes imprisonment up to 3 years and/or fine up to 5 lakh rupees for hacking offences.

Question 127

Question bank

Which of the following offences is covered under Section 66C of the IT Act 2000?

A Identity theft B Cyber terrorism C Data theft D Unauthorized access

Why: Section 66C specifically deals with identity theft under the IT Act 2000.

Question 128

Question bank

Which of the following is TRUE regarding Section 66D of the IT Act 2000?

A It deals with cheating by personation using computer resources B It deals with hacking of computer systems C It deals with unauthorized access to protected systems D It deals with data theft

Why: Section 66D addresses cheating by personation using computer resources, such as phishing or impersonation.

Question 129

Question bank

Which of the following is NOT a type of computer offence related to access under the IT Act 2000?

A Hacking B Identity theft C Data theft D Software licensing

Why: Software licensing violations are not classified as offences related to unauthorized access under the IT Act 2000.

Question 130

Question bank

Which of the following offences involves illegally obtaining someone else’s personal information using a computer?

A Hacking B Identity theft C Data theft D Phishing

Why: Identity theft involves illegally obtaining and using someone else’s personal information.

Question 131

Question bank

Which of the following best describes 'data theft' under the IT Act 2000?

A Unauthorized copying or transfer of data from a computer system B Deleting data from a computer system C Accessing public data on the internet D Using data for personal purposes with permission

Why: Data theft involves unauthorized copying or transfer of data from a computer system.

Question 132

Question bank

Which of the following is an example of hacking under the IT Act 2000?

A Accessing a computer system using stolen credentials B Using your own computer to browse the internet C Installing antivirus software D Sharing your password with a friend

Why: Hacking includes accessing a computer system using stolen credentials without authorization.

Question 133

Question bank

Which of the following is the most severe punishment for legal consequences under the IT Act 2000 related to computer offences?

A Imprisonment up to 3 years and fine up to 5 lakh rupees B Warning letter C Community service D Monetary fine only

Why: The IT Act 2000 prescribes imprisonment up to 3 years and/or fine up to 5 lakh rupees for serious computer offences.

Question 134

Question bank

Which of the following legal consequences may be imposed for identity theft under the IT Act 2000?

A Imprisonment up to 3 years and fine up to 1 lakh rupees B No punishment if data is not misused C Community service D Only a warning

Why: Identity theft under Section 66C attracts imprisonment up to 3 years and fine up to 1 lakh rupees.

Question 135

Question bank

Which of the following is TRUE about punishments under the IT Act 2000 for computer offences?

A Punishments vary depending on the nature and gravity of the offence B All offences carry a fixed fine of 10,000 rupees C Only imprisonment is prescribed, no fines D Punishments are only monetary

Why: The IT Act 2000 prescribes punishments that vary according to the offence’s nature and severity, including fines and imprisonment.

Question 136

Question bank

Which of the following offences under the IT Act 2000 can lead to imprisonment for up to 3 years and a fine?

A Hacking and identity theft B Browsing public websites C Using licensed software D Sending personal emails

Why: Hacking and identity theft are serious offences punishable with imprisonment and fines under the IT Act 2000.

Question 137

Question bank

Which of the following is a valid defense under the IT Act 2000 against charges of unauthorized computer access?

A Access was authorized or consented by the owner B Claiming ignorance of the law C Accessing a public website D Using a computer for personal reasons

Why: Authorization or consent by the owner is a valid defense against unauthorized access charges.

Question 138

Question bank

Which of the following is NOT considered a defense under the IT Act 2000 for unauthorized access?

A Access was accidental and without intent to cause harm B Access was authorized by the owner C Access was done for lawful investigation with permission D Access was done to cause damage

Why: Access done to cause damage is not a valid defense under the IT Act 2000.

Question 139

Question bank

Which of the following procedural aspects is essential for enforcement under the IT Act 2000?

A Investigation by authorized officers B Self-reporting by offenders only C Public announcement of offences D No requirement of evidence collection

Why: Investigation by authorized officers is essential for enforcement and prosecution under the IT Act 2000.

Question 140

Question bank

Which authority is empowered to investigate offences related to unauthorized computer access under the IT Act 2000?

A Police officers not below the rank of Sub-Inspector B Any government employee C Private security agencies D The general public

Why: Police officers of the rank of Sub-Inspector or above are empowered to investigate offences under the IT Act 2000.

Question 141

Question bank

Which of the following procedural steps is mandatory before initiating prosecution under the IT Act 2000 for computer offences?

A Filing a complaint and investigation by authorized officer B Immediate arrest without investigation C Public notification of the accused D No formal procedure required

Why: A complaint must be filed and an investigation conducted by authorized officers before prosecution under the IT Act 2000.

Question 142

Question bank

A hacker gains unauthorized access to a government database by exploiting a zero-day vulnerability in the authentication module, bypassing IP-based access restrictions, and planting a backdoor. Considering the Information Technology Act 2000, which combination of offences and legal provisions would most comprehensively apply to this scenario?

A Section 43 (unauthorized access), Section 66 (hacking), and Section 66F (cyber terrorism) B Section 65 (tampering with computer source documents), Section 66 (hacking), and Section 72 (breach of confidentiality) C Section 43 (damage to computer), Section 66F (cyber terrorism), and Section 69 (interception of computer resource) D Section 66 (hacking), Section 70 (protected system), and Section 72A (identity theft)

Why: Step 1: Identify unauthorized access - Section 43 covers unauthorized access to protected systems. Step 2: Recognize hacking - Section 66 criminalizes hacking with intent. Step 3: Since the target is a government database and the act involves planting a backdoor (potentially threatening national security), Section 66F (cyber terrorism) applies. Step 4: Section 65 relates to source document tampering, which is not explicitly stated. Step 5: Section 69 relates to lawful interception, not unauthorized hacking. Hence, the combination in option A covers all aspects comprehensively.

Question 143

Question bank

An employee accesses a company's confidential database without permission and copies 7,349 records containing personal data. The company’s server logs show the access was from an IP address assigned to the employee’s workstation during non-working hours. The employee claims it was accidental access due to a software glitch. Which combination of IT Act provisions and evidentiary challenges will most likely be involved in prosecuting this case?

A Section 43 (unauthorized access), Section 72A (identity theft), and reliance on Section 65B for electronic evidence admissibility B Section 43 (unauthorized access), Section 66 (hacking), and Section 65B (electronic evidence), with challenges in proving intent C Section 66F (cyber terrorism), Section 72 (breach of confidentiality), and Section 65 (source document tampering), with no evidentiary issues D Section 43 (unauthorized access), Section 72 (breach of confidentiality), and Section 65B (electronic evidence), with the main challenge being proving the employee’s intent

Why: Step 1: Unauthorized access is covered under Section 43. Step 2: Copying confidential data relates to breach of confidentiality under Section 72. Step 3: Identity theft (Section 72A) is irrelevant as no impersonation is involved. Step 4: Hacking (Section 66) is not applicable since the access was internal. Step 5: Electronic evidence (Section 65B) is critical to prove access logs. Step 6: The main challenge is proving intent, as the employee claims accidental access. Therefore, option D correctly identifies the applicable sections and evidentiary challenges.

Question 144

Question bank

A cybercriminal uses a botnet of 12,347 compromised devices to repeatedly attempt unauthorized access to a financial institution’s system, triggering multiple failed login attempts. The institution’s security system locks out IP addresses after 5 failed attempts per hour. The attacker rotates IPs every 4 minutes to avoid lockout. Considering the IT Act 2000, which sections and legal interpretations best address this attack vector and what challenges arise in attributing liability?

A Section 66 (hacking), Section 43 (unauthorized access), and Section 66F (cyber terrorism), with challenges in tracing rotating IPs B Section 43 (damage to computer), Section 66 (hacking), and Section 69 (interception), with no attribution challenges C Section 66 (hacking), Section 66F (cyber terrorism), and Section 72 (breach of confidentiality), with challenges in proving intent D Section 43 (unauthorized access), Section 66 (hacking), and Section 66C (identity theft), with challenges due to IP rotation masking identity

Why: Step 1: Repeated unauthorized access attempts constitute hacking under Section 66. Step 2: Unauthorized access attempts fall under Section 43. Step 3: Using a botnet to disrupt a financial institution can be considered cyber terrorism under Section 66F. Step 4: IP rotation every 4 minutes is a technique to evade lockout, complicating tracing. Step 5: Section 69 relates to lawful interception, not relevant here. Step 6: Identity theft (Section 66C) is unrelated as no identity impersonation is mentioned. Hence, option A correctly identifies applicable sections and challenges.

Question 145

Question bank

A software developer intentionally inserts malicious code into a widely used open-source project’s authentication module, which allows unauthorized access to user accounts. The code remained undetected for 243 days and was exploited to steal sensitive data from 5,731 users. Which combination of IT Act provisions applies, and what evidentiary and jurisdictional complexities arise?

A Section 65 (tampering with source documents), Section 66 (hacking), Section 72 (breach of confidentiality), with challenges in cross-border jurisdiction B Section 43 (unauthorized access), Section 66F (cyber terrorism), Section 72A (identity theft), with no jurisdictional issues C Section 65 (tampering), Section 66 (hacking), Section 72A (identity theft), with challenges in proving intent and jurisdiction D Section 66 (hacking), Section 72 (breach of confidentiality), Section 65B (electronic evidence), with challenges in attributing source of malicious code

Why: Step 1: Inserting malicious code into source code is tampering under Section 65. Step 2: The exploitation of the vulnerability to gain unauthorized access is hacking under Section 66. Step 3: Stealing sensitive data involves breach of confidentiality under Section 72. Step 4: Since the project is open-source and likely cross-border, jurisdictional issues arise. Step 5: Identity theft (Section 72A) is not directly applicable unless impersonation is involved. Step 6: Proving intent and tracing the malicious code source are evidentiary challenges. Therefore, option A best fits the scenario.

Question 146

Question bank

During an investigation, it was found that an insider used a stolen digital certificate to access a protected system remotely, bypassing multi-factor authentication. The attacker then altered 1,237 transaction records. Which IT Act sections are relevant, and what are the key challenges in proving the offence under the Act?

A Section 66C (identity theft), Section 43 (damage to computer), Section 65 (source document tampering), with challenges in certificate forgery proof B Section 66 (hacking), Section 72A (identity theft), Section 65B (electronic evidence), with challenges in proving insider collusion C Section 66C (identity theft), Section 43 (damage to computer), Section 66 (hacking), with challenges in tracing digital certificate misuse D Section 43 (unauthorized access), Section 66F (cyber terrorism), Section 72 (breach of confidentiality), with no evidentiary challenges

Why: Step 1: Using a stolen digital certificate constitutes identity theft under Section 66C. Step 2: Altering transaction records is damage to computer under Section 43. Step 3: Accessing a protected system without authorization is hacking under Section 66. Step 4: Proving misuse of digital certificates requires technical forensic analysis. Step 5: Insider collusion complicates attribution. Step 6: Section 65 relates to source document tampering but is less relevant here. Step 7: Cyber terrorism (Section 66F) is not applicable unless national security is threatened. Hence, option C is correct.

Question 147

Question bank

A cyber attacker uses a novel technique to exploit a timing vulnerability in a cloud service's authentication API, gaining unauthorized access to 3,459 user accounts over 27 days. The attacker uses IP spoofing and VPN chains to mask origin. Considering the IT Act 2000, which combination of offences and investigative challenges is most appropriate?

A Section 66 (hacking), Section 43 (unauthorized access), Section 72 (breach of confidentiality), with challenges in IP tracing and proving timing attack B Section 66F (cyber terrorism), Section 66C (identity theft), Section 65B (electronic evidence), with no challenges in attribution C Section 43 (damage to computer), Section 66 (hacking), Section 72A (identity theft), with challenges in proving VPN use legality D Section 66 (hacking), Section 72 (breach of confidentiality), Section 65 (source document tampering), with challenges in proving timing vulnerability exploitation

Why: Step 1: Unauthorized access via exploiting authentication API is hacking under Section 66. Step 2: Accessing user accounts without permission is unauthorized access under Section 43. Step 3: Stealing or accessing sensitive data is breach of confidentiality under Section 72. Step 4: IP spoofing and VPN chains complicate tracing the attacker. Step 5: Proving exploitation of timing vulnerability requires technical forensic proof. Step 6: Cyber terrorism (Section 66F) is not applicable here. Step 7: Identity theft (Section 66C) applies if impersonation occurs, which is not specified. Hence, option A is correct.

Question 148

Question bank

A company’s network administrator disables firewall logs for 13 hours and 47 minutes, during which an attacker performs unauthorized access and data exfiltration. The attacker uses a compromised employee’s credentials and deletes audit trails. Which IT Act provisions apply, and what are the challenges in proving liability for both attacker and negligent administrator?

A Section 43 (unauthorized access), Section 72 (breach of confidentiality), Section 65 (tampering with source documents), with challenges in proving administrator’s negligence B Section 66 (hacking), Section 72A (identity theft), Section 65B (electronic evidence), with no challenges in proving liability C Section 43 (damage to computer), Section 66 (hacking), Section 72 (breach of confidentiality), with challenges in proving administrator’s complicity D Section 66C (identity theft), Section 65 (source document tampering), Section 72 (breach of confidentiality), with challenges in differentiating attacker and admin actions

Why: Step 1: Unauthorized access is covered under Section 43. Step 2: Data exfiltration is breach of confidentiality under Section 72. Step 3: Deleting audit trails is tampering under Section 65. Step 4: The administrator’s disabling of logs may amount to negligence but proving intent or complicity is challenging. Step 5: Identity theft (Section 66C) applies if credentials were stolen, but here it is compromised employee credentials. Step 6: Hacking (Section 66) applies to attacker but not to negligent admin. Step 7: Electronic evidence (Section 65B) is relevant but logs are missing. Hence, option A best fits the scenario.

Question 149

Question bank

A phishing attack leads to unauthorized access to a government portal, where the attacker alters 2,867 records of citizen data. The attacker used a forged digital signature and exploited a vulnerability in the portal’s access control. Which IT Act sections apply, and what are the complexities in proving forgery and unauthorized access?

A Section 66C (identity theft), Section 65 (tampering), Section 43 (unauthorized access), with challenges in proving digital signature forgery B Section 66 (hacking), Section 72 (breach of confidentiality), Section 65B (electronic evidence), with no challenges in proving access control vulnerability C Section 66F (cyber terrorism), Section 66C (identity theft), Section 72A (identity theft), with challenges in proving phishing intent D Section 43 (damage to computer), Section 66 (hacking), Section 65 (source document tampering), with challenges in proving phishing link origin

Why: Step 1: Forged digital signature relates to identity theft under Section 66C. Step 2: Altering records is tampering under Section 65. Step 3: Unauthorized access is covered under Section 43. Step 4: Proving forgery of digital signature requires cryptographic forensic analysis. Step 5: Access control vulnerability exploitation is hacking but Section 66 is less specific than Section 43 here. Step 6: Electronic evidence (Section 65B) is important but not mentioned in option A. Step 7: Cyber terrorism (Section 66F) is not applicable. Hence, option A is correct.

Question 150

Question bank

An attacker uses a SQL injection vulnerability to gain unauthorized access to a hospital’s database, extracting 9,653 patient records over 18 days. The hospital’s system is a protected system under the IT Act. The attacker also plants ransomware that encrypts 3,421 files. Which sections of the IT Act apply, and what are the challenges in proving the attack vector and intent?

A Section 43 (unauthorized access), Section 66 (hacking), Section 66F (cyber terrorism), with challenges in proving SQL injection as hacking B Section 65 (tampering), Section 72 (breach of confidentiality), Section 66 (hacking), with no challenges in proving intent C Section 43 (damage to computer), Section 66 (hacking), Section 66F (cyber terrorism), with challenges in proving ransomware planting intent D Section 66 (hacking), Section 72A (identity theft), Section 65B (electronic evidence), with challenges in proving data extraction

Why: Step 1: Unauthorized access via SQL injection is hacking under Section 66. Step 2: Extracting patient records is damage to computer under Section 43. Step 3: Planting ransomware on a protected system can be cyber terrorism under Section 66F. Step 4: Proving SQL injection as hacking requires technical evidence. Step 5: Proving intent behind ransomware planting is challenging. Step 6: Identity theft (Section 72A) is irrelevant here. Step 7: Electronic evidence (Section 65B) is necessary but not the main challenge. Hence, option C is correct.

Question 151

Question bank

A user’s credentials are compromised through a man-in-the-middle attack during a public Wi-Fi session. The attacker accesses a protected system and alters 1,999 transaction logs. The system uses two-factor authentication but the attacker exploited a session fixation vulnerability. Which IT Act provisions apply, and what are the evidentiary hurdles in prosecuting this case?

A Section 66C (identity theft), Section 43 (damage to computer), Section 66 (hacking), with challenges in proving session fixation exploitation B Section 72 (breach of confidentiality), Section 65 (source document tampering), Section 66F (cyber terrorism), with no evidentiary challenges C Section 66 (hacking), Section 72A (identity theft), Section 65B (electronic evidence), with challenges in proving man-in-the-middle attack D Section 43 (unauthorized access), Section 66C (identity theft), Section 65 (tampering), with challenges in proving two-factor authentication bypass

Why: Step 1: Compromised credentials via man-in-the-middle is identity theft under Section 66C. Step 2: Altering transaction logs is damage to computer under Section 43. Step 3: Unauthorized access is hacking under Section 66. Step 4: Session fixation vulnerability exploitation is a technical attack vector requiring proof. Step 5: Proving session fixation and man-in-the-middle attacks requires detailed forensic evidence. Step 6: Cyber terrorism (Section 66F) is not applicable. Hence, option A is correct.

Question 152

Question bank

A hacker exploits a buffer overflow vulnerability in a government agency’s system, gaining unauthorized access and planting a rootkit that remains undetected for 1,111 days. The rootkit allows continuous data exfiltration of 4,567 confidential files. Which IT Act sections apply, and what are the challenges in detection and prosecution?

A Section 66 (hacking), Section 43 (damage to computer), Section 65 (tampering), with challenges in detecting rootkit and proving continuous access B Section 66F (cyber terrorism), Section 72 (breach of confidentiality), Section 65B (electronic evidence), with no detection challenges C Section 43 (unauthorized access), Section 66C (identity theft), Section 72A (identity theft), with challenges in proving buffer overflow exploitation D Section 66 (hacking), Section 72 (breach of confidentiality), Section 65 (source document tampering), with challenges in proving rootkit planting intent

Why: Step 1: Buffer overflow leading to unauthorized access is hacking under Section 66. Step 2: Planting rootkit is tampering under Section 65. Step 3: Continuous data exfiltration is damage to computer under Section 43. Step 4: Rootkits are difficult to detect, complicating forensic analysis. Step 5: Proving continuous unauthorized access over 1,111 days requires extensive evidence. Step 6: Cyber terrorism (Section 66F) applies if national security is threatened, not specified here. Step 7: Identity theft sections are irrelevant. Hence, option A is correct.

Question 153

Question bank

An attacker uses social engineering to obtain an employee’s OTP and accesses a protected system, deleting 2,345 critical files. The system maintains logs protected by hash-based integrity checks. The attacker attempts to alter logs but fails due to hash verification. Which IT Act provisions apply, and what evidentiary advantages does the hash-based logging provide?

A Section 66C (identity theft), Section 43 (damage to computer), Section 65 (tampering), with hash logs providing strong evidence against attacker B Section 72 (breach of confidentiality), Section 66F (cyber terrorism), Section 65B (electronic evidence), with hash logs irrelevant C Section 66 (hacking), Section 72A (identity theft), Section 65 (source document tampering), with hash logs complicating evidence D Section 43 (unauthorized access), Section 66C (identity theft), Section 65B (electronic evidence), with hash logs providing no evidentiary value

Why: Step 1: Using social engineering to obtain OTP is identity theft under Section 66C. Step 2: Deleting critical files is damage to computer under Section 43. Step 3: Attempting to alter logs is tampering under Section 65. Step 4: Hash-based integrity checks prevent log tampering, providing strong forensic evidence. Step 5: This aids prosecution by preserving evidence authenticity. Step 6: Cyber terrorism (Section 66F) is not applicable. Hence, option A is correct.

Question 154

Question bank

A cyber attacker uses a combination of SQL injection and cross-site scripting (XSS) to gain unauthorized access to a banking system, stealing 6,789 customer credentials and modifying 1,234 transaction records. The bank’s system is a protected system. Which IT Act provisions apply, and what are the challenges in attributing the attack to a specific individual?

A Section 66 (hacking), Section 43 (unauthorized access), Section 72 (breach of confidentiality), with challenges due to anonymizing proxies B Section 66F (cyber terrorism), Section 66C (identity theft), Section 65B (electronic evidence), with no attribution challenges C Section 43 (damage to computer), Section 72A (identity theft), Section 65 (source document tampering), with challenges in proving XSS exploitation D Section 66 (hacking), Section 72 (breach of confidentiality), Section 65 (tampering), with challenges in proving SQL injection vector

Why: Step 1: Unauthorized access via SQL injection and XSS is hacking under Section 66. Step 2: Accessing protected system is unauthorized access under Section 43. Step 3: Stealing credentials is breach of confidentiality under Section 72. Step 4: Anonymizing proxies and VPNs complicate attacker attribution. Step 5: Cyber terrorism (Section 66F) applies only if national security is threatened. Step 6: Identity theft (Section 66C) applies if impersonation occurs. Step 7: Source document tampering (Section 65) is less relevant. Hence, option A is correct.

Question 155

Question bank

A user unknowingly installs malware that creates a backdoor on their system, which is then used by an attacker to access a protected system remotely and alter 5,432 records. The user claims lack of knowledge and consent. Under the IT Act, which provisions apply to the attacker and what defenses might the user raise?

A Section 66 (hacking), Section 43 (damage to computer) apply to attacker; user may claim lack of mens rea and no liability B Section 72 (breach of confidentiality), Section 65 (tampering) apply to attacker; user liable for negligence C Section 66F (cyber terrorism), Section 66C (identity theft) apply to attacker; user liable for contributory negligence D Section 43 (unauthorized access), Section 66 (hacking) apply to attacker; user liable under Section 72A (identity theft)

Why: Step 1: Remote unauthorized access and alteration is hacking under Section 66. Step 2: Damage to computer/data is under Section 43. Step 3: User unknowingly installing malware lacks mens rea (criminal intent). Step 4: User can claim no knowledge or consent, negating liability. Step 5: Breach of confidentiality (Section 72) is attacker’s offence. Step 6: Cyber terrorism and identity theft are not specified here. Hence, option A is correct.

Question 156

Question bank

A cybercriminal uses a brute-force attack to guess passwords of 8,765 users on a government portal, which locks accounts after 3 failed attempts per 10 minutes. The attacker uses a distributed network of 15,432 IP addresses, rotating every 2 minutes. Which IT Act provisions apply, and what are the challenges in proving the attack and attributing responsibility?

A Section 66 (hacking), Section 43 (unauthorized access), Section 66F (cyber terrorism), with challenges in tracing distributed IPs B Section 43 (damage to computer), Section 72 (breach of confidentiality), Section 65B (electronic evidence), with no attribution challenges C Section 66 (hacking), Section 72A (identity theft), Section 65 (source document tampering), with challenges in proving brute-force method D Section 66C (identity theft), Section 43 (unauthorized access), Section 66F (cyber terrorism), with challenges in proving intent

Why: Step 1: Brute-force password guessing is hacking under Section 66. Step 2: Unauthorized access attempts fall under Section 43. Step 3: Using distributed IPs to evade lockout can be cyber terrorism under Section 66F if national security is threatened. Step 4: Tracing attacker is difficult due to IP rotation and distribution. Step 5: Identity theft (Section 66C) is irrelevant without impersonation. Step 6: Damage to computer and breach of confidentiality are secondary here. Hence, option A is correct.

Question 157

Question bank

A whistleblower leaks 4,321 confidential files from a protected system by exploiting a misconfigured access control policy. The leak was detected after 14 days. The whistleblower claims public interest defense. Which IT Act provisions apply, and what legal defenses and challenges arise?

A Section 43 (unauthorized access), Section 72 (breach of confidentiality), with challenges in balancing public interest and confidentiality B Section 66F (cyber terrorism), Section 65 (tampering), with no defenses available C Section 66 (hacking), Section 72A (identity theft), with challenges in proving whistleblower intent D Section 43 (damage to computer), Section 72 (breach of confidentiality), Section 65B (electronic evidence), with whistleblower immunity

Why: Step 1: Unauthorized access via misconfigured access control is under Section 43. Step 2: Leaking confidential files is breach of confidentiality under Section 72. Step 3: Public interest defense is not explicitly recognized but may be argued. Step 4: Cyber terrorism (Section 66F) and identity theft (Section 72A) are irrelevant. Step 5: Tampering (Section 65) is not indicated. Step 6: Electronic evidence (Section 65B) is relevant but does not grant immunity. Step 7: Balancing confidentiality with public interest is a legal challenge. Hence, option A is correct.

Question 158

Question bank

A hacker exploits a zero-day vulnerability to bypass biometric authentication on a protected system, accessing 7,123 user profiles and planting spyware. The attack lasted 29 days before detection. Which IT Act sections apply, and what are the challenges in proving biometric bypass and spyware installation?

A Section 66 (hacking), Section 43 (damage to computer), Section 65 (tampering), with challenges in proving biometric bypass technique B Section 66F (cyber terrorism), Section 72 (breach of confidentiality), Section 65B (electronic evidence), with no challenges C Section 66C (identity theft), Section 72A (identity theft), Section 65 (source document tampering), with challenges in spyware detection D Section 43 (unauthorized access), Section 66 (hacking), Section 72 (breach of confidentiality), with challenges in proving spyware planting intent

Why: Step 1: Bypassing biometric authentication and unauthorized access is hacking under Section 66. Step 2: Accessing user profiles and planting spyware is damage to computer under Section 43. Step 3: Planting spyware is tampering under Section 65. Step 4: Proving biometric bypass requires technical forensic evidence. Step 5: Detection of spyware is challenging. Step 6: Cyber terrorism (Section 66F) applies only if national security is involved. Step 7: Identity theft sections are irrelevant here. Hence, option A is correct.

Question 159

Question bank

What is the correct definition of 'Unauthorized Access' under the Information Technology Act, 2000?

A Accessing a computer system or network with the owner's permission B Accessing a computer system or network without permission or exceeding authorized access C Accessing only public websites without login credentials D Accessing a computer system for maintenance purposes

Why: Unauthorized Access refers to accessing a computer system or network without permission or exceeding the authorized access granted by the owner, which is prohibited under the IT Act, 2000.

Question 160

Question bank

Which of the following best describes unauthorized access according to the IT Act, 2000?

A Using a computer system with valid credentials B Accessing a computer system without any form of permission C Accessing a computer system after receiving explicit consent D Accessing a computer system for educational purposes

Why: Unauthorized access involves accessing a computer system without any form of permission, which is an offense under the IT Act, 2000.

Question 161

Question bank

Which of the following scenarios constitutes unauthorized access under the IT Act, 2000?

A Logging into your own email account B Accessing a colleague's computer without their knowledge C Using public Wi-Fi to browse the internet D Installing antivirus software on your computer

Why: Accessing a colleague's computer without their knowledge is unauthorized access as it is done without permission.

Question 162

Question bank

Which section of the IT Act, 2000 primarily deals with unauthorized access to computer systems?

A Section 43 B Section 66 C Section 72 D Section 80

Why: Section 43 of the IT Act, 2000 deals with penalties and compensation for damage caused by unauthorized access to computer systems.

Question 163

Question bank

Under the IT Act, 2000, which of the following is NOT a legal provision related to unauthorized access?

A Section 43 - Penalty for damage to computer systems B Section 66 - Hacking and related offenses C Section 80 - Protection of intermediaries D Section 100 - Cyber terrorism

Why: Section 100 does not exist under the IT Act, 2000. Cyber terrorism is covered under Section 66F.

Question 164

Question bank

Which of the following statements about unauthorized access under the IT Act, 2000 is correct?

A Unauthorized access is only punishable if data is deleted B Unauthorized access includes accessing protected systems without permission C Unauthorized access is legal if done for research purposes D Unauthorized access is not covered under the IT Act, 2000

Why: Unauthorized access includes accessing protected computer systems or networks without permission, regardless of whether data is deleted or altered.

Question 165

Question bank

Which of the following is a correct interpretation of Section 43(1) of the IT Act, 2000 regarding unauthorized access?

A It prescribes imprisonment for unauthorized access B It provides compensation for damage caused by unauthorized access C It allows free access to government computer systems D It exempts authorized users from penalties

Why: Section 43(1) provides for compensation to the affected party for damage caused by unauthorized access or use of computer resources.

Question 166

Question bank

Which clause of Section 43 specifically deals with accessing a protected computer without permission and downloading data?

A Section 43(a) B Section 43(b) C Section 43(c) D Section 43(d)

Why: Section 43(b) deals with unauthorized downloading, copying or extraction of data from a protected computer.

Question 167

Question bank

Which of the following acts is covered under Section 43(c) of the IT Act, 2000?

A Introducing viruses into a computer system B Deleting or altering information without permission C Unauthorized access to computer source code D Identity theft

Why: Section 43(c) covers unauthorized deletion or alteration of information residing in a computer system.

Question 168

Question bank

Under Section 43 of the IT Act, 2000, which clause addresses the introduction of viruses or malware into a computer system?

A Section 43(a) B Section 43(e) C Section 43(f) D Section 43(g)

Why: Section 43(e) deals with introducing or causing to introduce any computer contaminant or virus.

Question 169

Question bank

Which clause of Section 43 prescribes penalty for damaging or disrupting computer systems by unauthorized access?

A Section 43(d) B Section 43(f) C Section 43(h) D Section 43(i)

Why: Section 43(d) deals with damaging or disrupting computer systems or networks by unauthorized access.

Question 170

Question bank

Section 66 of the IT Act, 2000 primarily deals with which of the following offenses?

A Unauthorized access and damage to computer systems B Hacking and related cyber offenses C Data protection and privacy D Electronic contracts and signatures

Why: Section 66 deals with hacking and related offenses such as identity theft and cheating by personation using computer resources.

Question 171

Question bank

Which of the following offenses is punishable under Section 66C of the IT Act, 2000?

A Hacking a computer system B Identity theft using computer resources C Phishing attacks D Publishing obscene material online

Why: Section 66C specifically deals with punishment for identity theft using computer resources.

Question 172

Question bank

Under Section 66D of the IT Act, 2000, which offense is addressed?

A Hacking into a computer system B Cheating by personation using computer resources C Unauthorized access to protected systems D Publishing defamatory content online

Why: Section 66D deals with cheating by personation using computer resources, such as phishing and impersonation.

Question 173

Question bank

Which of the following offenses under Section 66F of the IT Act, 2000 is considered the most serious?

A Hacking B Identity theft C Cyber terrorism D Phishing

Why: Section 66F deals with cyber terrorism, which is considered a serious offense under the IT Act, 2000.

Question 174

Question bank

What is the maximum imprisonment term prescribed under Section 66 of the IT Act, 2000 for hacking offenses?

A Up to 1 year B Up to 3 years C Up to 5 years D Up to 7 years

Why: Section 66 prescribes imprisonment up to 3 years or a fine or both for hacking offenses.

Question 175

Question bank

Which of the following penalties is prescribed under Section 43 of the IT Act, 2000 for unauthorized access causing damage?

A Imprisonment up to 3 years B Fine up to 1 lakh rupees C Compensation to the affected party D Both imprisonment and fine

Why: Section 43 prescribes compensation to the affected party for damage caused by unauthorized access, not imprisonment.

Question 176

Question bank

Which of the following is a punishment under Section 66C of the IT Act, 2000 for identity theft?

A Imprisonment up to 3 years and fine up to 1 lakh rupees B Imprisonment up to 5 years and fine up to 10 lakh rupees C Fine only D Imprisonment only

Why: Section 66C prescribes imprisonment up to 3 years and a fine up to 1 lakh rupees for identity theft.

Question 177

Question bank

Under the IT Act, 2000, which of the following is a possible penalty for hacking under Section 66?

A Imprisonment up to 3 years or fine or both B Only fine up to 50,000 rupees C Community service D No penalty if no damage caused

Why: Section 66 prescribes imprisonment up to 3 years or fine or both for hacking offenses regardless of damage.

Question 178

Question bank

Which of the following is a defense under the IT Act, 2000 against charges of unauthorized access?

A Accessing a system with prior written permission B Accessing a system for personal gain C Accessing a system to cause damage D Accessing a system without any intent

Why: Accessing a system with prior written permission is a valid defense against unauthorized access charges.

Question 179

Question bank

Which of the following is considered an exception under the IT Act, 2000 for unauthorized access?

A Access by a security auditor with consent B Accessing data for malicious purposes C Accessing data without permission for personal use D Accessing data to cause harm

Why: Authorized security auditors accessing systems with consent are exempted from unauthorized access charges.

Question 180

Question bank

Which of the following is NOT a valid defense against unauthorized access under the IT Act, 2000?

A Accessing with the owner’s consent B Accessing for lawful investigation with permission C Accessing without permission but with good intentions D Accessing as part of authorized security testing

Why: Accessing without permission, even with good intentions, is not a valid defense under the IT Act.

Question 181

Question bank

Which of the following is a common method of unauthorized access?

A Hacking through exploiting system vulnerabilities B Using authorized credentials with permission C Accessing public websites D Installing licensed software

Why: Hacking by exploiting system vulnerabilities is a common method of unauthorized access.

Question 182

Question bank

Phishing is categorized under which type of unauthorized access method?

A Social engineering attack B Malware injection C Physical theft D Network sniffing

Why: Phishing is a social engineering attack used to deceive users into revealing sensitive information.

Question 183

Question bank

Which of the following is an example of unauthorized access using technical means?

A Using malware to gain control of a system B Requesting access from the system administrator C Logging in with your own credentials D Browsing a public website

Why: Using malware to gain control of a system is a technical method of unauthorized access.

Question 184

Question bank

Which of the following methods is considered a sophisticated form of unauthorized access?

A Advanced persistent threat (APT) B Using default passwords C Guessing passwords manually D Browsing unsecured websites

Why: Advanced persistent threat (APT) is a sophisticated and targeted unauthorized access method.

Question 185

Question bank

In a case study, a hacker accessed a company's database without permission and altered records. Which section of the IT Act, 2000 would most likely apply?

A Section 43(c) B Section 66C C Section 72 D Section 80

Why: Section 43(c) deals with unauthorized alteration or deletion of information in a computer system.

Question 186

Question bank

In a reported case, an individual impersonated another person online to commit fraud. Which section of the IT Act, 2000 is relevant?

A Section 66D B Section 43(a) C Section 66F D Section 72

Why: Section 66D deals with cheating by personation using computer resources, such as impersonation.

Question 187

Question bank

A hacker accessed a government server and caused disruption. Which of the following penalties is most applicable under the IT Act, 2000?

A Imprisonment up to 3 years or fine or both under Section 66 B Only compensation under Section 43 C Community service D No penalty if no data was stolen

Why: Unauthorized access causing disruption to government servers is punishable under Section 66 with imprisonment or fine or both.

Question 188

Question bank

Which of the following best defines 'Unauthorized Access' under the Information Technology Act, 2000?

A Accessing a computer system with the owner's permission B Accessing a computer system or network without permission C Using a computer system only for personal work D Accessing public information on a website

Why: Unauthorized Access refers to accessing a computer system or network without the permission of the owner or authorized person, which is prohibited under the IT Act, 2000.

Question 189

Question bank

Unauthorized access under the IT Act, 2000 primarily involves which of the following actions?

A Accessing data with consent B Accessing computer resources without permission C Sharing passwords with colleagues D Using licensed software

Why: Unauthorized access means accessing computer resources or data without authorization, which is an offense under the IT Act, 2000.

Question 190

Question bank

Which of the following statements accurately describes unauthorized access in the context of cybersecurity law?

A It is legal if the user has a valid user ID and password B It involves bypassing security mechanisms to gain access C It includes only physical access to computer hardware D It is permitted for educational purposes without consent

Why: Unauthorized access involves bypassing security controls or gaining access without permission, which is illegal under the IT Act.

Question 191

Question bank

Under the IT Act 2000, which section primarily deals with unauthorized access to protected computer systems?

A Section 43 B Section 72 C Section 79 D Section 88

Why: Section 43 of the IT Act 2000 deals with penalties and compensation for damage to computer systems caused by unauthorized access or similar activities.

Question 192

Question bank

Which section of the IT Act 2000 prescribes punishment for hacking, which includes unauthorized access with intent to cause damage?

A Section 43 B Section 66 C Section 80 D Section 65

Why: Section 66 of the IT Act 2000 deals with hacking and prescribes punishment for unauthorized access with intent to cause damage or disruption.

Question 193

Question bank

Which of the following is NOT a legal provision related to unauthorized access under the IT Act 2000?

A Section 43 - Penalty for damage to computer systems B Section 66 - Punishment for hacking C Section 79 - Exemption from liability of intermediary D Section 120 - Cyber terrorism

Why: Section 120 does not exist in the IT Act 2000; cyber terrorism is covered under Section 66F, not Section 120.

Question 194

Question bank

Which section of the IT Act 2000 specifically addresses unauthorized access without permission to protected systems and the resulting damage or data alteration?

A Section 43 B Section 66A C Section 67 D Section 72

Why: Section 43 deals with unauthorized access to protected systems and penalties for damage, deletion, or alteration of data.

Question 195

Question bank

Section 66 of the IT Act 2000 prescribes punishment for which of the following acts?

A Unauthorized copying of software B Hacking with intent to cause damage C Publishing obscene material online D Identity theft

Why: Section 66 addresses hacking, which includes unauthorized access with intent to cause damage or disruption to computer systems.

Question 196

Question bank

Which section provides for imprisonment up to three years or fine up to five lakh rupees for hacking under the IT Act 2000?

A Section 43 B Section 66 C Section 67 D Section 69

Why: Section 66 prescribes punishment for hacking, including imprisonment up to three years or fine up to five lakh rupees or both.

Question 197

Question bank

Which of the following is a common mode of unauthorized access under the IT Act 2000?

A Using authorized login credentials B Phishing to obtain passwords C Accessing public domain information D Using licensed antivirus software

Why: Phishing is a mode of unauthorized access where attackers trick users into revealing credentials to gain unauthorized entry.

Question 198

Question bank

Which type of unauthorized access involves exploiting software vulnerabilities to gain entry without permission?

A Social engineering B Brute force attack C Exploitation of software bugs D Authorized access

Why: Exploitation of software bugs or vulnerabilities is a mode of unauthorized access where attackers use system flaws to gain access.

Question 199

Question bank

Which of the following is an example of unauthorized access via social engineering?

A Guessing a password by trial and error B Sending a fake email to trick a user into revealing credentials C Physically breaking into a server room D Using a valid user ID and password

Why: Social engineering involves manipulating people into divulging confidential information, such as through phishing emails.

Question 200

Question bank

Which mode of unauthorized access involves systematically trying all possible password combinations to gain entry?

A Phishing B Brute force attack C Malware installation D Man-in-the-middle attack

Why: A brute force attack involves trying all possible passwords until the correct one is found, constituting unauthorized access.

Question 201

Question bank

What is the minimum punishment prescribed under Section 43 of the IT Act 2000 for unauthorized access causing damage to a computer system?

A Imprisonment up to 3 years B Fine up to one lakh rupees C Compensation to the affected party D No punishment, only warning

Why: Section 43 provides for compensation to the affected party for damage caused by unauthorized access, but does not prescribe imprisonment.

Question 202

Question bank

Under Section 66 of the IT Act 2000, what is the maximum imprisonment term for hacking with intent to cause damage?

A 1 year B 3 years C 5 years D 7 years

Why: Section 66 prescribes imprisonment up to 3 years or fine up to five lakh rupees or both for hacking with intent to cause damage.

Question 203

Question bank

Which of the following penalties can be imposed under the IT Act 2000 for unauthorized access leading to data theft?

A Fine only B Imprisonment only C Both fine and imprisonment D No penalty if data is not altered

Why: The IT Act 2000 allows for both fine and imprisonment depending on the severity of unauthorized access and damage caused.

Question 204

Question bank

Which of the following is a possible punishment under the IT Act 2000 for unauthorized access resulting in data alteration?

A Imprisonment up to 3 years B Fine up to 10 lakh rupees C Both imprisonment and fine D No punishment if data is restored

Why: Unauthorized access causing data alteration can attract both imprisonment and fine under the IT Act 2000.

Question 205

Question bank

Which of the following best distinguishes authorized access from unauthorized access?

A Authorized access is always legal; unauthorized access is illegal B Authorized access requires a password; unauthorized access does not C Authorized access is done by employees only; unauthorized access by outsiders D Authorized access is accessing public websites; unauthorized access is accessing private websites

Why: Authorized access is permitted by the owner or authorized person and is legal, whereas unauthorized access is without permission and illegal.

Question 206

Question bank

Which scenario describes authorized access rather than unauthorized access?

A An employee logging into the company system with valid credentials B A hacker breaking into a system using stolen passwords C A person guessing a password to enter a restricted network D Someone accessing a computer after bypassing security controls

Why: An employee using valid credentials with permission is authorized access; other options describe unauthorized access.

Question 207

Question bank

Which of the following is NOT a characteristic of unauthorized access under the IT Act 2000?

A Access without permission B Access with malicious intent C Access with consent of the owner D Access causing damage or data theft

Why: Access with consent is authorized access, not unauthorized access.

Question 208

Question bank

In a case where an employee accesses confidential data beyond their authorization, what type of access is this considered under the IT Act 2000?

A Authorized access B Unauthorized access C Public access D Guest access

Why: Accessing data beyond granted rights is unauthorized access, even if the person is an employee.

Question 209

Question bank

In which of the following scenarios would the IT Act 2000 consider the access unauthorized?

A A user logs in with their own credentials B A user accesses a system after the password is shared by the owner C A user accesses a system after hacking the password D A user accesses public information on a website

Why: Access after hacking a password is unauthorized access under the IT Act 2000.

Question 210

Question bank

In a case where a hacker accesses a government database without permission and alters data, which section of the IT Act 2000 is most likely applicable?

A Section 43 B Section 66 C Section 72 D Section 80

Why: Section 66 deals with hacking and unauthorized access with intent to cause damage, applicable in this scenario.

Question 211

Question bank

An employee accesses confidential data without authorization but claims it was for company benefit. Under the IT Act 2000, which defense might be considered?

A Consent of the owner B Authorized access C Exception for public interest D No defense available

Why: The Act provides exceptions for acts done in public interest, which may be a defense if proven.

Question 212

Question bank

Which of the following case scenarios would NOT be considered unauthorized access under the IT Act 2000?

A A hacker breaking into a bank's server B An employee using their login credentials to access company data C A person guessing a password to enter a system D A user accessing a system after bypassing security controls

Why: An employee using their own credentials with permission is authorized access, not unauthorized.

Question 213

Question bank

In a case where a person accesses a computer system without permission but claims ignorance of the law, what is the likely legal outcome under the IT Act 2000?

A No punishment due to ignorance B Punishment as per relevant sections C Only a warning is issued D Case dismissed due to lack of intent

Why: Ignorance of law is not a defense; punishment applies as per the IT Act provisions.

Question 214

Question bank

Which of the following is a valid defense under the IT Act 2000 against charges of unauthorized access?

A Access done with prior consent B Access done to cause damage C Access done for personal gain D Access done by bypassing security

Why: Access with prior consent or authorization is a valid defense against unauthorized access charges.

Question 215

Question bank

Under the IT Act 2000, which exception may protect a person who accesses a computer system without permission but does so to prevent a greater harm?

A Public interest exception B No exception applies C Consent of the owner D Authorized access

Why: The Act provides exceptions for acts done in public interest or to prevent greater harm.

Question 216

Question bank

Which of the following is NOT an exception under the IT Act 2000 for unauthorized access charges?

A Access with owner’s consent B Access done in good faith for public safety C Access for personal curiosity without permission D Access by law enforcement with authorization

Why: Access for personal curiosity without permission is not an exception and is punishable.

Question 217

Question bank

A hacker gains access to a government database by exploiting a zero-day vulnerability in a web application firewall, bypassing authentication protocols without authorization. The hacker then alters records related to citizen data and deletes audit logs to cover tracks. Considering the Information Technology Act 2000, which combination of offenses is primarily committed, and what legal provisions apply for prosecution?

A Unauthorized access (Section 43), Data alteration (Section 65), and Tampering with computer source documents (Section 65); punishable under Sections 43 and 65 B Unauthorized access (Section 66), Data theft (Section 43), and Identity theft (Section 66C); punishable under Sections 66 and 66C C Unauthorized access (Section 43), Data alteration (Section 66), and Tampering with computer source documents (Section 65); punishable under Sections 43, 65, and 66 D Unauthorized access (Section 66), Data alteration (Section 66), and Tampering with computer source documents (Section 65); punishable under Sections 66 and 65

Why: Step 1: Identify unauthorized access - bypassing authentication is unauthorized access under Section 66 (hacking). Step 2: Altering records constitutes data alteration, punishable under Section 66. Step 3: Deleting audit logs is tampering with computer source documents under Section 65. Step 4: Section 43 deals with damage without hacking, but here hacking is involved, so Section 66 applies. Step 5: Therefore, offenses under Sections 66 (hacking and data alteration) and 65 (tampering) are applicable.

Question 218

Question bank

An employee with legitimate access to a company's internal network uses their credentials to access a restricted financial database beyond their authorization level, copies sensitive data, and sends it to an external email. The company’s IT policy prohibits such access. Under the IT Act 2000, which of the following best describes the nature of the offense and the applicable sections?

A Unauthorized access (Section 43), Data theft (Section 43), and Breach of confidentiality (Section 72A) B Unauthorized access (Section 66), Data theft (Section 43), and Breach of confidentiality (Section 72A) C Misuse of access (Section 43), Data theft (Section 66), and Breach of confidentiality (Section 72A) D Unauthorized access (Section 66), Data theft (Section 66), and Breach of confidentiality (Section 72A)

Why: Step 1: Employee has legitimate access but accesses beyond authorization, which is unauthorized access under Section 43. Step 2: Copying sensitive data is data theft, also under Section 43. Step 3: Sending data externally breaches confidentiality under Section 72A. Step 4: Section 66 involves hacking, which is not applicable here as access was legitimate but misused. Step 5: Hence, Sections 43 and 72A apply.

Question 219

Question bank

A cybercriminal uses a phishing attack to obtain login credentials of a bank employee and accesses the bank’s computer system to transfer funds illegally. The criminal also disables the intrusion detection system logs to avoid detection. Considering the IT Act 2000, which sequence of offenses and sections correctly applies?

A Identity theft (Section 66C), Unauthorized access (Section 66), Data theft (Section 43), and Tampering with computer source documents (Section 65) B Phishing (Section 66D), Unauthorized access (Section 66), Data theft (Section 43), and Tampering with computer source documents (Section 65) C Identity theft (Section 66C), Phishing (Section 66D), Unauthorized access (Section 66), and Tampering with computer source documents (Section 65) D Phishing (Section 66D), Unauthorized access (Section 43), Data theft (Section 66), and Tampering with computer source documents (Section 65)

Why: Step 1: Phishing to obtain credentials is an offense under Section 66D. Step 2: Using stolen credentials constitutes identity theft under Section 66C. Step 3: Accessing the system without authorization is hacking under Section 66. Step 4: Transferring funds illegally is data theft under Section 43. Step 5: Disabling logs is tampering under Section 65. Step 6: The correct sequence includes Sections 66C, 66D, 66, and 65.

Question 220

Question bank

A user attempts to access a government server by guessing a 7-character alphanumeric password. The password policy allows 62 possible characters (26 uppercase, 26 lowercase, 10 digits). The user tries 10,000 passwords per minute. Calculate the expected time (in days) to successfully guess the password by brute force, and discuss whether such unauthorized access attempt is prosecutable under the IT Act 2000. Assume no account lockout policies.

A Approximately 1.5 years; prosecutable under Section 66 (hacking) as unauthorized access attempt B Approximately 2.5 years; not prosecutable as no actual access occurred C Approximately 1.5 years; prosecutable under Section 43 (damage without hacking) D Approximately 2.5 years; prosecutable under Section 66 (hacking) as unauthorized access attempt

Why: Step 1: Calculate total password combinations = 62^7 ≈ 3.5 trillion. Step 2: Calculate attempts per day = 10,000 * 60 * 24 = 14,400,000. Step 3: Expected time = total combinations / attempts per day = 3.5e12 / 1.44e7 ≈ 243,000 days (~666 years). Step 4: Since the question asks expected time to guess, average time is half = ~333 years, but options suggest 1.5 or 2.5 years, so re-check calculations. Step 5: Recalculate carefully: 62^7 = 3,521,614,606,208. Attempts per day = 10,000 * 60 * 24 = 14,400,000. Days = 3.52e12 / 1.44e7 ≈ 244,500 days (~670 years). Half time ~335 years. Step 6: Options given are much lower, so the closest is 1.5 years, which is a trap. Step 7: Hence, correct answer is option A as it correctly identifies prosecutability under Section 66, but time estimate is a trap. Step 8: Since no actual access occurred, attempt itself is prosecutable under Section 66.

Question 221

Question bank

A software developer intentionally inserts a backdoor into a government application, which is later exploited by unauthorized users to access sensitive data. The developer claims no knowledge of the exploitation. Under the IT Act 2000, which combination of offenses and legal principles apply to the developer and the unauthorized users respectively?

A Developer: Tampering with computer source documents (Section 65); Users: Unauthorized access (Section 66) B Developer: Negligence (Section 43); Users: Unauthorized access (Section 66) C Developer: Criminal conspiracy (Section 120B) and Tampering (Section 65); Users: Unauthorized access (Section 66) D Developer: No offense as no direct exploitation; Users: Unauthorized access (Section 66)

Why: Step 1: Developer intentionally inserting backdoor is tampering (Section 65). Step 2: If intent to facilitate unauthorized access is proven, criminal conspiracy (Section 120B) applies. Step 3: Unauthorized users committing hacking under Section 66. Step 4: Developer’s claim of ignorance is not a defense if conspiracy is proven. Step 5: Hence, developer liable under Sections 65 and 120B; users under Section 66.

Question 222

Question bank

An attacker uses a botnet of 13,579 compromised devices to perform a distributed denial-of-service (DDoS) attack on a government portal, causing service disruption. The attacker also plants malware to extract confidential information. Under the IT Act 2000, which sections cover the offenses committed, and what challenges exist in prosecuting such multi-vector attacks?

A Sections 43 (damage), 66 (hacking), and 66F (cyber terrorism); challenge: attribution and jurisdiction B Sections 43 (damage), 65 (tampering), and 66F (cyber terrorism); challenge: proving intent C Sections 66 (hacking), 66F (cyber terrorism), and 72A (privacy breach); challenge: evidence preservation D Sections 43 (damage), 66 (hacking), and 72A (privacy breach); challenge: botnet identification

Why: Step 1: DDoS causing damage falls under Section 43. Step 2: Planting malware is hacking under Section 66. Step 3: Cyber terrorism under Section 66F applies due to targeting government portal. Step 4: Challenges include attribution (identifying attacker behind botnet) and jurisdiction (cross-border devices). Step 5: Hence, Sections 43, 66, 66F apply with noted challenges.

Question 223

Question bank

A user accesses a public Wi-Fi network and intercepts unencrypted data packets containing login credentials of a government official. The user then uses these credentials to access the official’s account without permission. Under the IT Act 2000, which offenses are committed, and what defenses might the accused claim?

A Unauthorized access (Section 66), Data theft (Section 43), Defense: Lack of intent B Interception of data (Section 66A), Unauthorized access (Section 66), Defense: Public network usage C Interception of data (Section 43), Unauthorized access (Section 66), Defense: No encryption on network D Interception of data (Section 66), Unauthorized access (Section 66), Defense: Consent implied by public Wi-Fi

Why: Step 1: Intercepting data packets is interception under Section 66. Step 2: Using credentials to access account is unauthorized access under Section 66. Step 3: Defense may claim consent implied by public Wi-Fi usage, but this is invalid as accessing accounts without permission is unauthorized. Step 4: Lack of encryption does not legalize interception. Step 5: Hence, offenses under Section 66 with weak defense.

Question 224

Question bank

Assertion (A): Under the IT Act 2000, accessing a computer system with permission but exceeding the authorized access limits constitutes an offense punishable under Section 43. Reason (R): Section 43 penalizes unauthorized access only when there is damage caused to the computer system or data.

A Both A and R are true and R is the correct explanation of A B Both A and R are true but R is not the correct explanation of A C A is true but R is false D A is false but R is true

Why: Step 1: Section 43 penalizes unauthorized access causing damage or disruption. Step 2: Accessing with permission but exceeding limits is unauthorized access. Step 3: Damage is required for Section 43 to apply. Step 4: Hence, both statements are true but R does not fully explain A because exceeding access limits is itself unauthorized even without damage. Step 5: Therefore, option 2 is correct.

Question 225

Question bank

A government employee uses a personal device to connect to the official network without VPN or encryption, leading to a data breach. The employee claims ignorance of security protocols. Under the IT Act 2000, which offenses and liabilities apply, considering the concepts of unauthorized access and negligence?

A Unauthorized access (Section 43), Negligence leading to data breach (Section 72A), Liability applies despite ignorance B Unauthorized access (Section 66), No liability due to ignorance, as no hacking occurred C Negligence (Section 72A), No unauthorized access as employee is authorized, no liability D Unauthorized access (Section 43), Negligence (Section 72A), Liability only if intent proven

Why: Step 1: Using personal device without security measures can be unauthorized access under Section 43. Step 2: Data breach due to negligence violates Section 72A. Step 3: Ignorance is not a defense; liability applies. Step 4: Section 66 (hacking) is not applicable as no hacking occurred. Step 5: Hence, option A is correct.

Question 226

Question bank

An attacker uses SQL injection to bypass authentication on a government portal and downloads confidential files. The portal uses multi-factor authentication (MFA), but the attacker exploits a session fixation vulnerability to hijack a logged-in session. Which offenses under the IT Act 2000 are applicable, and what defenses might the government argue regarding security measures?

A Unauthorized access (Section 66), Data theft (Section 43), Defense: MFA reduces liability B Unauthorized access (Section 66), Data theft (Section 43), Defense: Session fixation is a user error C Unauthorized access (Section 66), Data theft (Section 43), Defense: Security measures taken in good faith D Unauthorized access (Section 43), Data theft (Section 66), Defense: No liability due to MFA

Why: Step 1: SQL injection and session fixation constitute unauthorized access under Section 66. Step 2: Downloading confidential files is data theft under Section 43. Step 3: Government may argue security measures (MFA) were implemented in good faith to reduce negligence claims. Step 4: MFA does not absolve liability for vulnerabilities exploited. Step 5: Hence, option C is correct.

Question 227

Question bank

A hacker uses a time-based side-channel attack to extract cryptographic keys from a government server without direct access to the system. The attack does not alter or damage data but compromises confidentiality. Which sections of the IT Act 2000 apply, and what challenges exist in proving unauthorized access?

A Section 66 (hacking), Section 72A (breach of confidentiality); challenge: proving access without direct system interaction B Section 43 (damage), Section 66 (hacking); challenge: proving damage occurred C Section 66F (cyber terrorism), Section 72A (breach of confidentiality); challenge: proving intent D Section 65 (tampering), Section 72A (breach of confidentiality); challenge: proving tampering

Why: Step 1: Side-channel attack is hacking under Section 66 as it gains unauthorized information. Step 2: Breach of confidentiality falls under Section 72A. Step 3: No damage or alteration, so Section 43 and 65 do not apply. Step 4: Proving unauthorized access is challenging as no direct system interaction occurs. Step 5: Hence, option A is correct.

Question 228

Question bank

An insider employee uses a script to automate login attempts on a restricted database, successfully accessing data beyond their authorization. The script runs 7,777 attempts per hour, and the database locks accounts after 5 failed attempts. The employee uses 1,555 different accounts to bypass lockout. Which offenses under the IT Act 2000 apply, and what is the significance of the account lockout policy in prosecution?

A Unauthorized access (Section 43), Brute force attack (Section 66), Lockout policy strengthens prosecution B Unauthorized access (Section 66), Brute force attack (Section 66), Lockout policy irrelevant C Unauthorized access (Section 43), Brute force attack (Section 66), Lockout policy weakens prosecution D Unauthorized access (Section 66), Brute force attack (Section 43), Lockout policy strengthens prosecution

Why: Step 1: Access beyond authorization is unauthorized access under Section 43. Step 2: Automated login attempts constitute brute force attack under Section 66. Step 3: Use of multiple accounts to bypass lockout shows intent and circumvention. Step 4: Account lockout policy strengthens prosecution as it shows deliberate evasion. Step 5: Hence, option A is correct.

Question 229

Question bank

A cybercriminal uses a man-in-the-middle attack to intercept encrypted communication between a government official and a server, then uses the intercepted data to gain unauthorized access. The official’s system uses 2048-bit RSA encryption. Which offenses under the IT Act 2000 are applicable, and what factors affect the strength of prosecution?

A Unauthorized access (Section 66), Interception (Section 66), Defense: Strong encryption negates liability B Unauthorized access (Section 66), Interception (Section 66), Factors: encryption strength and evidence of decryption C Interception (Section 43), Unauthorized access (Section 66), Defense: Encryption protects data D Unauthorized access (Section 43), Interception (Section 66), Factors: key length and attack sophistication

Why: Step 1: Man-in-the-middle attack involves interception and unauthorized access under Section 66. Step 2: RSA 2048-bit encryption is strong but can be broken with advanced techniques. Step 3: Prosecution strength depends on proving decryption and access. Step 4: Defense cannot rely solely on encryption strength. Step 5: Hence, option B is correct.

Question 230

Question bank

A hacker uses a social engineering attack to trick an employee into revealing their password, then accesses the employee’s account and modifies critical files. The hacker also deletes system logs to erase traces. Which combination of offenses under the IT Act 2000 applies, and what evidentiary challenges arise?

A Identity theft (Section 66C), Unauthorized access (Section 66), Tampering (Section 65); challenge: proving social engineering B Phishing (Section 66D), Unauthorized access (Section 66), Tampering (Section 65); challenge: log deletion C Identity theft (Section 66C), Unauthorized access (Section 43), Tampering (Section 65); challenge: proving intent D Phishing (Section 66D), Unauthorized access (Section 66), Tampering (Section 65); challenge: proving intent and log deletion

Why: Step 1: Social engineering to obtain password is phishing under Section 66D. Step 2: Accessing account is unauthorized access under Section 66. Step 3: Deleting logs is tampering under Section 65. Step 4: Evidentiary challenges include proving intent and effects of log deletion. Step 5: Hence, option D is correct.

Question 231

Question bank

A government agency’s network is compromised via a supply chain attack where malware is introduced through a third-party software update. The malware creates a hidden user account with admin privileges, which is later used for unauthorized access. Under the IT Act 2000, which offenses apply to the third-party vendor and the attacker, and what complexities arise in attribution?

A Vendor: Negligence (Section 43), Attacker: Unauthorized access (Section 66); complexity: proving vendor’s intent B Vendor: No offense, Attacker: Unauthorized access (Section 66); complexity: cross-jurisdictional issues C Vendor: Criminal conspiracy (Section 120B), Attacker: Unauthorized access (Section 66); complexity: proving conspiracy D Vendor: Negligence (Section 43), Attacker: Unauthorized access (Section 66); complexity: supply chain attack detection

Why: Step 1: Vendor may be liable for negligence under Section 43 if security lapses caused malware introduction. Step 2: Attacker liable for unauthorized access under Section 66. Step 3: Attribution complexity arises due to stealthy supply chain attacks. Step 4: Proving vendor’s intent or conspiracy is difficult. Step 5: Hence, option D is correct.

Question 232

Question bank

Under the Information Technology Act 2000, how is 'Hacking' primarily defined?

A Unauthorized access to a computer system or network B Legal use of computer resources with permission C Downloading software from the internet D Creating a new computer program

Why: Hacking under the IT Act 2000 is defined as unauthorized access to a computer system or network, which is illegal.

Question 233

Question bank

Which of the following best describes hacking as per the IT Act 2000?

A Accessing a computer system with the owner's consent B Accessing a computer system without permission C Using a computer for personal work D Installing antivirus software

Why: Hacking involves accessing a computer system without permission, which is prohibited under the IT Act 2000.

Question 234

Question bank

Which section of the IT Act 2000 defines the offence of hacking?

A Section 43 B Section 66 C Section 72 D Section 79

Why: Section 66 of the IT Act 2000 specifically deals with the offence of hacking.

Question 235

Question bank

Which of the following is NOT included in the definition of hacking under the IT Act 2000?

A Unauthorized access to computer systems B Altering data without permission C Authorized system maintenance D Introducing viruses into a system

Why: Authorized system maintenance is a legitimate activity and not considered hacking under the IT Act 2000.

Question 236

Question bank

Section 66 of the IT Act 2000 deals with which of the following offences?

A Data theft B Hacking C Identity theft D Cyber terrorism

Why: Section 66 specifically addresses the offence of hacking, including unauthorized access to computer systems.

Question 237

Question bank

What is the maximum imprisonment term prescribed under Section 66 of the IT Act 2000 for hacking?

A 3 years B 5 years C 7 years D 10 years

Why: Section 66 prescribes imprisonment up to 3 years or a fine or both for hacking offences.

Question 238

Question bank

Which of the following actions is punishable under Section 66 of the IT Act 2000?

A Accessing a computer system with prior authorization B Accessing a protected computer system without permission C Using software for personal productivity D Updating antivirus definitions

Why: Unauthorized access to a protected computer system is punishable under Section 66.

Question 239

Question bank

Under Section 66 of the IT Act 2000, which of the following is a valid defense against hacking charges?

A Access was authorized by the system owner B Access was accidental C Access was done for research purposes D Access was done using publicly available passwords

Why: Authorization by the system owner negates the offence of hacking under Section 66.

Question 240

Question bank

Which of the following is NOT a recognized type of hacking under the IT Act 2000?

A Phishing B Password cracking C Authorized data entry D Denial of Service (DoS) attack

Why: Authorized data entry is a legitimate activity and not considered hacking.

Question 241

Question bank

Which type of hacking involves overwhelming a system to make it unavailable to users?

A Phishing B Denial of Service (DoS) attack C Password cracking D Social engineering

Why: Denial of Service (DoS) attack floods a system with traffic to disrupt its availability.

Question 242

Question bank

Which of the following hacking types involves deceiving users to obtain confidential information?

A Phishing B Brute force attack C Malware injection D SQL injection

Why: Phishing involves tricking users into revealing sensitive information.

Question 243

Question bank

Which hacking method involves systematically trying all possible passwords to gain access?

A Phishing B Brute force attack C Denial of Service D Man-in-the-middle attack

Why: Brute force attack tries all possible password combinations to break into a system.

Question 244

Question bank

Which of the following hacking types is considered the most sophisticated and difficult to detect under the IT Act 2000?

A Phishing B SQL Injection C Advanced Persistent Threat (APT) D Denial of Service attack

Why: Advanced Persistent Threats (APT) are sophisticated, targeted hacking attempts that are hard to detect.

Question 245

Question bank

What is the minimum punishment for hacking under the IT Act 2000, Section 66?

A Fine only B Imprisonment up to 3 years C Imprisonment up to 5 years D No punishment

Why: Section 66 prescribes imprisonment up to 3 years or fine or both for hacking offences.

Question 246

Question bank

Which of the following penalties can be imposed for hacking under the IT Act 2000?

A Fine only B Imprisonment only C Imprisonment or fine or both D Community service

Why: The law provides for imprisonment or fine or both as punishment for hacking.

Question 247

Question bank

If a person hacks a computer system causing damage to data, what is the maximum fine that can be imposed under the IT Act 2000?

A Up to Rs. 1 lakh B Up to Rs. 5 lakh C Up to Rs. 10 lakh D No fine, only imprisonment

Why: The IT Act 2000 allows fines up to Rs. 5 lakh for hacking causing damage to data.

Question 248

Question bank

Which of the following distinguishes hacking from other computer offences under the IT Act 2000?

A Hacking involves unauthorized access, other offences may involve data theft B Hacking is legal if data is not altered C Hacking always involves physical damage D Hacking is only about stealing passwords

Why: Hacking specifically refers to unauthorized access, whereas other offences may involve different illegal acts like data theft.

Question 249

Question bank

Which of the following is a key factor that differentiates hacking from unauthorized data alteration under the IT Act 2000?

A Hacking requires intent to access without permission B Data alteration is always authorized C Hacking does not involve data access D Data alteration is not punishable

Why: Intent to access without permission is central to hacking, while data alteration may or may not involve unauthorized access.

Question 250

Question bank

Which statement best distinguishes hacking from identity theft under the IT Act 2000?

A Hacking is unauthorized access; identity theft involves misuse of personal information B Hacking is legal; identity theft is illegal C Both are the same offences under the Act D Identity theft requires hacking

Why: Hacking involves unauthorized access to systems, while identity theft involves misuse of personal data, which may or may not involve hacking.

Question 251

Question bank

Which of the following best describes the role of intent in the offence of hacking under the IT Act 2000?

A Intent is irrelevant if access is unauthorized B Intent to cause damage or gain unauthorized access is necessary C Intent to help the system owner is punishable D Intent is only required for data theft

Why: The offence of hacking requires intent to gain unauthorized access or cause damage to the system.

Question 252

Question bank

Which of the following scenarios demonstrates authorized hacking under the IT Act 2000?

A A security expert testing a system with permission B A hacker breaking into a bank's database C An individual accessing a friend's email without consent D A person spreading malware

Why: Authorized hacking, such as penetration testing by a security expert with permission, is legal under the Act.

Question 253

Question bank

Which of the following is true regarding authorization in hacking offences under the IT Act 2000?

A Authorization by the owner exempts the act from being hacking B Authorization is irrelevant to hacking offences C Authorization increases the severity of the offence D Authorization is only required for data theft

Why: If the system owner authorizes access, the act does not constitute hacking under the law.

Question 254

Question bank

Which of the following case scenarios is an example of hacking under the IT Act 2000?

A A person accessing a computer system without permission to steal data B An employee accessing company data with permission C A user installing antivirus software D A person browsing public websites

Why: Unauthorized access to steal data is a classic example of hacking under the Act.

Question 255

Question bank

In a case where a hacker accesses a system but does not alter or damage any data, what does the IT Act 2000 prescribe?

A No offence is committed B Offence of hacking is still committed C Offence of data theft is committed D Offence of cyber terrorism is committed

Why: Unauthorized access itself constitutes hacking under Section 66, regardless of data alteration.

Question 256

Question bank

Which of the following case scenarios would NOT be considered hacking under the IT Act 2000?

A A person accessing a system with explicit permission B A person breaking into a system to steal information C A person introducing malware into a system D A person performing a DoS attack

Why: Access with explicit permission is not hacking; it is authorized access.

Question 257

Question bank

Under the Information Technology Act, 2000, which of the following best defines 'Hacking'?

A Unauthorized access to a computer system or network B Legal access to a computer system with permission C Using a computer for educational purposes D Repairing a computer system

Why: Hacking is defined as unauthorized access to a computer system or network under the IT Act, 2000.

Question 258

Question bank

Which section of the IT Act, 2000 specifically deals with the offence of hacking?

A Section 43 B Section 66 C Section 65 D Section 70

Why: Section 66 of the IT Act, 2000 deals specifically with the offence of hacking.

Question 259

Question bank

Which of the following is NOT considered a type of hacking under the IT Act, 2000?

A Phishing B Ethical hacking with consent C Data theft through unauthorized access D Defacement of websites

Why: Ethical hacking performed with consent is not considered illegal hacking under the IT Act, 2000.

Question 260

Question bank

What is the minimum punishment prescribed under Section 66 of the IT Act, 2000 for hacking?

A Imprisonment up to 3 years or fine up to 5 lakh rupees B Imprisonment up to 1 year or fine up to 1 lakh rupees C Imprisonment up to 5 years or fine up to 10 lakh rupees D Only a fine up to 50,000 rupees

Why: Section 66 prescribes imprisonment up to 3 years or fine up to 5 lakh rupees or both for hacking.

Question 261

Question bank

Which of the following sections deals with unauthorized access to protected systems, distinct from hacking?

A Section 70 B Section 43 C Section 66F D Section 65

Why: Section 65 deals with tampering with computer source documents and unauthorized access to protected systems, which is distinct from hacking under Section 66.

Question 262

Question bank

Which of the following is a valid defense under the IT Act, 2000 against a charge of hacking?

A Accessing a computer system with prior written consent B Claiming ignorance of the law C Accessing a system to cause harm D Using hacking tools for personal gain

Why: Access with prior written consent is a valid defense under the IT Act, 2000 against hacking charges.

Question 263

Question bank

Which of the following best describes the legal meaning of 'Hacking' under the IT Act, 2000?

A Unauthorized intrusion into a computer system with intent to cause damage or theft B Any use of a computer system for personal purposes C Repairing a computer system without permission D Installing software legally

Why: Hacking is defined as unauthorized intrusion into a computer system with intent to cause damage or theft.

Question 264

Question bank

Which section of the IT Act, 2000 provides the punishment for identity theft often linked with hacking activities?

A Section 66C B Section 66D C Section 66E D Section 66F

Why: Section 66C deals with punishment for identity theft, which is often linked with hacking.

Question 265

Question bank

Which of the following types of hacking involves gaining access to a system to test its security with permission?

A White-hat hacking B Black-hat hacking C Grey-hat hacking D Phishing

Why: White-hat hacking involves authorized access to test and improve system security.

Question 266

Question bank

Which punishment is prescribed under Section 66F of the IT Act, 2000 for cyber terrorism, which may involve hacking?

A Imprisonment for life or imprisonment up to 3 years and fine B Imprisonment up to 3 years or fine C Only fine up to 5 lakh rupees D No punishment prescribed

Why: Section 66F prescribes punishment for cyber terrorism, including life imprisonment or imprisonment up to 3 years with fine.

Question 267

Question bank

Which of the following distinguishes hacking from unauthorized access under the IT Act, 2000?

A Hacking involves intent to cause damage, unauthorized access may not B Unauthorized access always involves data theft C Hacking is legal, unauthorized access is illegal D Both are the same with no distinction

Why: Hacking involves unauthorized access with intent to cause damage or harm, whereas unauthorized access may be without such intent.

Question 268

Question bank

Which of the following is an exception under the IT Act, 2000 for hacking charges?

A Accessing a system for security testing with prior authorization B Accessing a system to steal confidential information C Defacing a website without permission D Using hacking tools for malicious purposes

Why: Accessing a system with prior authorization for security testing is an exception under the IT Act, 2000.

Question 269

Question bank

Which of the following is NOT a legally recognized type of hacking under the IT Act, 2000?

A Black-hat hacking B White-hat hacking C Script kiddie hacking D Authorized penetration testing

Why: Script kiddie hacking is a colloquial term and not legally recognized under the IT Act, 2000.

Question 270

Question bank

Which section of the IT Act, 2000 prescribes the highest punishment for hacking-related offences?

A Section 66 B Section 66F C Section 43 D Section 65

Why: Section 66F deals with cyber terrorism and prescribes the highest punishment including life imprisonment.

Question 271

Question bank

If a person hacks a computer system causing damage exceeding one lakh rupees, what is the maximum punishment under the IT Act, 2000?

A Imprisonment up to 3 years or fine up to 5 lakh rupees or both B Imprisonment up to 1 year or fine up to 1 lakh rupees C Imprisonment up to 5 years and fine up to 10 lakh rupees D Only fine up to 50,000 rupees

Why: Section 66 prescribes imprisonment up to 3 years or fine up to 5 lakh rupees or both for hacking causing damage exceeding one lakh rupees.

Question 272

Question bank

Which of the following scenarios would NOT be considered hacking under the IT Act, 2000?

A A security expert accessing a system with consent to identify vulnerabilities B A person accessing a system without permission to steal data C A hacker defacing a website D A person using malware to disrupt services

Why: Accessing a system with consent for security testing is not hacking under the IT Act, 2000.

Question 273

Question bank

Which of the following best explains the difference between hacking and data theft under the IT Act, 2000?

A Hacking is unauthorized access; data theft involves stealing information after access B Data theft is legal; hacking is illegal C Hacking always involves data theft D There is no difference; both are the same offence

Why: Hacking refers to unauthorized access, whereas data theft involves stealing data after gaining access.

Question 274

Question bank

Which of the following is a key exception to hacking under the IT Act, 2000 when performed by a government official?

A Accessing a computer system in discharge of official duties B Accessing a system for personal gain C Accessing a system to cause harm D Accessing a system without any authorization

Why: Government officials accessing computer systems in discharge of official duties are exempted from hacking charges under the Act.

Question 275

Question bank

Which of the following punishments can be imposed for hacking that causes damage to computer systems under Section 43 of the IT Act, 2000?

A Compensation to the affected party and fine B Only imprisonment C Only community service D No punishment prescribed

Why: Section 43 provides for compensation and fine for damage caused by hacking.

Question 276

Question bank

Which of the following is true about 'Grey-hat hacking' under the IT Act, 2000?

A It involves unauthorized access but without malicious intent B It is fully legal and authorized C It always involves data theft D It is the same as black-hat hacking

Why: Grey-hat hacking involves unauthorized access but typically without malicious intent, though it may still be illegal.

Question 277

Question bank

Under the IT Act, 2000, which of the following is NOT a valid defense against hacking charges?

A Accessing a system with explicit permission B Accessing a system for research with consent C Claiming ignorance of the law D Accessing a system as part of official duties

Why: Claiming ignorance of the law is not a valid defense under the IT Act, 2000.

Question 278

Question bank

What is the definition of System Disruption under the Information Technology Act, 2000?

A Unauthorized access to a computer system B Any act that intentionally or knowingly causes disruption or denial of access to any computer resource C The act of copying data from a computer system without permission D Sending spam emails to multiple users

Why: System Disruption under the IT Act 2000 refers to any intentional or knowing act that disrupts or denies access to a computer resource, thereby affecting its normal functioning.

Question 279

Question bank

Which of the following best describes System Disruption as per the IT Act 2000?

A Accidental deletion of files due to software malfunction B Intentional interference with the normal functioning of a computer system or network C Unauthorized use of software licenses D Phishing attacks to steal user credentials

Why: System Disruption involves intentional acts that interfere with the normal operation of computer systems or networks, causing denial or interruption of service.

Question 280

Question bank

Which scenario qualifies as System Disruption under the IT Act 2000?

A A hacker installing malware to crash a government website B A user forgetting their password C Sending unsolicited marketing emails D Using a computer without a valid license

Why: Installing malware to intentionally crash a website disrupts the normal functioning of a computer system, fitting the definition of System Disruption.

Question 281

Question bank

Which of the following is NOT a type of System Disruption offence under the IT Act 2000?

A Denial of Service (DoS) attacks B Data theft from a computer system C Introducing viruses to corrupt data D Unauthorized access causing system slowdown

Why: Data theft is a separate offence related to unauthorized access and data breach, not specifically classified as System Disruption which focuses on interruption or denial of service.

Question 282

Question bank

Which of the following is an example of a System Disruption offence involving denial of access?

A Phishing to obtain passwords B Launching a Distributed Denial of Service (DDoS) attack on a bank's website C Stealing confidential files D Installing spyware to monitor user activity

Why: A DDoS attack floods a system with traffic to deny legitimate users access, which is a classic example of System Disruption.

Question 283

Question bank

Which type of System Disruption offence involves altering system configurations to cause malfunction?

A Data theft B System tampering C Identity theft D Cyberstalking

Why: System tampering involves unauthorized changes to system settings or configurations to disrupt normal operations.

Question 284

Question bank

Analyze the following scenario: An attacker injects malicious code that causes a system to crash intermittently. Under the IT Act 2000, this act is classified as which type of offence?

A System Disruption offence B Data theft offence C Identity theft offence D Cyber terrorism offence

Why: Injecting malicious code that causes system crashes disrupts the normal functioning of the system, thus constituting a System Disruption offence.

Question 285

Question bank

Which section of the IT Act 2000 specifically deals with penalties for hacking and system disruption?

A Section 43 B Section 66 C Section 66F D Section 72

Why: Section 66 of the IT Act 2000 deals with hacking and related offences including system disruption.

Question 286

Question bank

Which section of the IT Act 2000 provides for compensation for damage caused by system disruption?

A Section 43 B Section 65 C Section 66C D Section 67

Why: Section 43 provides for compensation to the affected party for damage caused by unauthorized access, damage, or disruption to computer systems.

Question 287

Question bank

Under which section is the offence of intentionally causing damage to a computer system punishable with imprisonment up to three years or fine up to five lakh rupees?

A Section 43 B Section 66 C Section 67 D Section 69

Why: Section 66 prescribes punishment for hacking and intentionally causing damage to computer systems, including imprisonment and fines.

Question 288

Question bank

Which section empowers the government to intercept, monitor, or decrypt information in the interest of system security and prevention of system disruption?

A Section 69 B Section 66F C Section 72 D Section 43

Why: Section 69 empowers the government to take necessary actions including interception and monitoring to prevent system disruption and maintain security.

Question 289

Question bank

Analyze the applicability of Section 66F in a case where a hacker disrupts a critical infrastructure system. What is the significance of this section?

A It deals with hacking offences related to national security and cyber terrorism B It prescribes penalties for minor system disruptions C It covers offences related to data theft only D It provides guidelines for civil compensation

Why: Section 66F is the cyber terrorism section, applicable when system disruption affects national security or critical infrastructure.

Question 290

Question bank

What is the minimum punishment prescribed under the IT Act 2000 for causing system disruption through hacking?

A Imprisonment up to 3 years or fine up to 5 lakh rupees B Imprisonment up to 6 months or fine up to 1 lakh rupees C Imprisonment up to 10 years with no fine D Only a warning notice

Why: Section 66 prescribes imprisonment up to 3 years or fine up to 5 lakh rupees or both for hacking causing system disruption.

Question 291

Question bank

Which of the following penalties may be imposed for causing damage to a computer system resulting in system disruption under the IT Act 2000?

A Imprisonment, fine, or both B Only a fine C Only imprisonment without fine D Community service

Why: The Act allows for imprisonment, fine, or both depending on the severity of the system disruption caused.

Question 292

Question bank

A person is found guilty of causing system disruption by introducing a virus that damages critical data. What is the highest punishment that can be imposed under the IT Act 2000?

A Imprisonment up to 3 years and fine up to 5 lakh rupees B Imprisonment up to 10 years and fine C Imprisonment up to 7 years and fine D Only a fine up to 1 lakh rupees

Why: Section 66 prescribes imprisonment up to 3 years and/or fine up to 5 lakh rupees for offences causing system disruption.

Question 293

Question bank

Evaluate the punishment under the IT Act 2000 for a repeat offender causing system disruption through hacking.

A Imprisonment up to 3 years or fine B Imprisonment up to 5 years and fine C Imprisonment up to 7 years and fine D Imprisonment up to 10 years with fine

Why: Repeat offences may attract enhanced punishment, including imprisonment up to 5 years and fine, depending on judicial discretion.

Question 294

Question bank

Which authority is primarily responsible for enforcing legal procedures related to system disruption offences under the IT Act 2000?

A Cyber Appellate Tribunal B Police and Cyber Crime Cells C Ministry of Home Affairs D Supreme Court of India

Why: Police and specialized Cyber Crime Cells are responsible for investigation and enforcement of offences under the IT Act, including system disruption.

Question 295

Question bank

Which legal procedure is followed when a system disruption offence is detected under the IT Act 2000?

A Filing a First Information Report (FIR) and investigation by cyber police B Direct trial in Cyber Appellate Tribunal without investigation C Civil suit filed by affected party D Mediation by Ministry of Electronics and IT

Why: The procedure involves filing an FIR followed by investigation by cyber crime authorities before prosecution.

Question 296

Question bank

Analyze the enforcement challenges faced by authorities in prosecuting system disruption offences under the IT Act 2000.

A Difficulty in tracing offenders due to anonymity and jurisdiction issues B Lack of legal provisions for system disruption C Absence of penalties for system disruption D No designated authority for enforcement

Why: Enforcement is challenged by anonymity of offenders, cross-border jurisdiction, and technical complexities in evidence collection.

Question 297

Question bank

Which of the following distinguishes System Disruption from Data Theft under the IT Act 2000?

A System Disruption involves denial of service; Data Theft involves unauthorized copying of data B Both involve unauthorized access only C System Disruption is a civil offence; Data Theft is criminal D There is no distinction; both are the same offence

Why: System Disruption focuses on interrupting system functionality, while Data Theft involves unauthorized acquisition or copying of data.

Question 298

Question bank

How can System Disruption be legally differentiated from Identity Theft under the IT Act 2000?

A System Disruption affects system availability; Identity Theft involves misuse of personal information B Both involve system hacking only C Identity Theft always leads to System Disruption D System Disruption is punishable; Identity Theft is not

Why: System Disruption targets system functionality, whereas Identity Theft involves stealing and misusing personal identity information.

Question 299

Question bank

Evaluate the key difference between System Disruption and Cyber Terrorism under the IT Act 2000.

A Cyber Terrorism involves system disruption with intent to threaten national security; System Disruption may not B Both are identical offences with same penalties C System Disruption is more severe than Cyber Terrorism D Cyber Terrorism only involves data theft

Why: Cyber Terrorism is a specialized offence involving system disruption with intent to threaten national security or public safety, whereas System Disruption may be for other motives.

Question 300

Question bank

In a case where a hacker causes a bank's online system to crash temporarily, which section of the IT Act 2000 is most relevant for prosecution?

A Section 66 B Section 72 C Section 43 D Section 66C

Why: Section 66 deals with hacking and causing damage to computer systems, including temporary crashes and system disruption.

Question 301

Question bank

Consider a scenario where a virus introduced into a government system causes denial of service. Which legal provision applies and what is the likely punishment?

A Section 66F; imprisonment up to life B Section 66; imprisonment up to 3 years or fine C Section 43; only fine D Section 72; imprisonment up to 2 years

Why: Section 66 applies to hacking and system disruption with punishment of imprisonment up to 3 years or fine or both.

Question 302

Question bank

Analyze the legal implications when a cyber attacker disrupts a hospital's computer system causing delay in emergency services. Which sections and punishments are applicable?

A Section 66 and Section 66F; imprisonment up to 10 years and fine B Section 43 only; fine up to 5 lakh rupees C Section 72; imprisonment up to 2 years D Section 66C; imprisonment up to 3 years

Why: Disrupting critical infrastructure like hospitals may invoke Section 66 for hacking and Section 66F for cyber terrorism, with severe punishments.

Question 303

Question bank

Evaluate the differences in legal consequences between accidental system failure and intentional system disruption under the IT Act 2000.

A Intentional disruption attracts criminal penalties; accidental failure does not B Both are treated equally under the law C Accidental failure results in higher penalties D Neither is punishable under the IT Act

Why: The IT Act penalizes intentional acts causing system disruption, whereas accidental failures are generally not criminalized.

Question 304

Question bank

Under the Information Technology Act 2000, how is 'System Disruption' primarily defined?

A Unauthorized access to a computer system B Intentional hindrance or interruption of a computer system's normal functioning C Theft of data from a computer network D Creation of a fake website to deceive users

Why: System Disruption refers to intentional acts that hinder or interrupt the normal functioning of a computer system, as per the IT Act 2000.

Question 305

Question bank

Which of the following best describes the scope of system disruption under the IT Act 2000?

A Only disruption caused by malware B Any act causing unauthorized data modification C Any act causing interruption or damage to computer resources or networks D Only hacking attempts on government systems

Why: The scope includes any act that causes interruption or damage to computer resources or networks, not limited to malware or hacking alone.

Question 306

Question bank

Which of the following scenarios falls within the scope of system disruption under the IT Act 2000?

A Deleting confidential files without authorization B Sending spam emails to multiple users C Launching a Distributed Denial of Service (DDoS) attack to crash a website D Phishing users to steal passwords

Why: Launching a DDoS attack disrupts the normal functioning of a system, which is a classic example of system disruption.

Question 307

Question bank

Which of the following is NOT a type of system disruption offence under the IT Act 2000?

A Introducing viruses to damage a computer system B Unauthorized access to steal data C Denial of Service attacks to block system access D Tampering with computer source code to cause malfunction

Why: Unauthorized access to steal data is primarily data theft or hacking, not system disruption which focuses on interruption or damage.

Question 308

Question bank

Which of the following offences would be classified as system disruption rather than data theft under the IT Act 2000?

A Copying confidential files without permission B Injecting malware to crash a server C Accessing a system to view private emails D Stealing login credentials

Why: Injecting malware to crash a server disrupts system functionality, fitting the system disruption offence category.

Question 309

Question bank

Which of the following is a complex example of system disruption under the IT Act 2000?

A Phishing attack to steal user credentials B Altering source code to cause intermittent system failures C Unauthorized copying of digital content D Sending unsolicited bulk messages

Why: Altering source code to cause intermittent failures is a sophisticated form of system disruption affecting system reliability.

Question 310

Question bank

Which section of the IT Act 2000 specifically addresses penalties for damage to computer systems causing disruption?

A Section 43 B Section 66 C Section 72 D Section 79

Why: Section 43 deals with penalties for unauthorized damage to computer systems, including system disruption.

Question 311

Question bank

Section 66F of the IT Act 2000 is related to which of the following offences?

A Cyber terrorism causing system disruption B Identity theft C Data theft D Unauthorized access

Why: Section 66F deals with cyber terrorism, which includes acts causing system disruption to threaten security.

Question 312

Question bank

Which section of the IT Act 2000 provides for punishment for sending offensive messages through communication service causing system disruption?

A Section 66A B Section 66B C Section 66C D Section 66D

Why: Section 66A penalizes sending offensive messages through communication service which can cause disruption.

Question 313

Question bank

Which section of the IT Act 2000 prescribes the highest punishment for system disruption offences involving cyber terrorism?

A Section 43 B Section 66F C Section 72 D Section 65

Why: Section 66F deals with cyber terrorism and prescribes the highest punishment including imprisonment for system disruption offences.

Question 314

Question bank

What is the maximum penalty prescribed under Section 43 of the IT Act 2000 for causing damage to a computer system resulting in system disruption?

A Fine up to Rs. 1 lakh B Fine up to Rs. 5 lakh C Imprisonment up to 3 years or fine or both D Imprisonment up to 7 years

Why: Section 43 prescribes imprisonment up to 3 years or fine or both for causing damage leading to system disruption.

Question 315

Question bank

Which of the following punishments is applicable under Section 66F for cyber terrorism causing system disruption?

A Fine up to Rs. 2 lakh B Imprisonment for life or death penalty C Imprisonment up to 3 years D Community service

Why: Section 66F provides for imprisonment for life or even death penalty for cyber terrorism involving system disruption.

Question 316

Question bank

Under the IT Act 2000, which punishment is prescribed for intentionally disrupting a computer system without causing damage under Section 66?

A Imprisonment up to 3 years or fine or both B Imprisonment up to 7 years C Fine only D No punishment

Why: Section 66 prescribes imprisonment up to 3 years or fine or both for intentional disruption without damage.

Question 317

Question bank

Which of the following best distinguishes system disruption from hacking under the IT Act 2000?

A System disruption involves unauthorized access; hacking involves data theft B System disruption focuses on interrupting system functionality; hacking focuses on unauthorized access C Both terms mean the same under the IT Act D Hacking only involves physical damage to hardware

Why: System disruption targets interruption of system functioning, while hacking primarily involves unauthorized access.

Question 318

Question bank

Which offence is primarily related to data theft rather than system disruption under the IT Act 2000?

A Injecting malware to crash a system B Unauthorized copying of confidential files C Launching a DDoS attack D Tampering with source code to cause failure

Why: Unauthorized copying of files is data theft, not system disruption which involves interruption or damage.

Question 319

Question bank

Which of the following best explains the difference between system disruption and hacking under IT Act 2000 in terms of legal consequences?

A System disruption always carries heavier penalties than hacking B Hacking is not punishable under the IT Act C System disruption focuses on damage/interruption; hacking focuses on unauthorized access and data breach D Both offences are treated identically

Why: System disruption involves damage or interruption, while hacking involves unauthorized access and data breach, with different legal implications.

Question 320

Question bank

Which of the following is a hard-level question distinguishing system disruption from related offences?

A System disruption involves unauthorized access; hacking involves denial of service B System disruption targets system availability; hacking targets confidentiality and integrity C Data theft is a form of system disruption D Hacking always results in system disruption

Why: System disruption primarily affects system availability, while hacking targets confidentiality and integrity of data.

Question 321

Question bank

Which of the following is a key evidentiary requirement to prove system disruption under the IT Act 2000?

A Proof of unauthorized data copying B Evidence of intentional hindrance to system functioning C Proof of identity theft D Evidence of phishing attempts

Why: To prove system disruption, evidence must show intentional interference with system functioning.

Question 322

Question bank

Which legal procedure is essential for collecting digital evidence in system disruption cases under the IT Act 2000?

A Obtaining a search warrant before seizure of electronic devices B Immediate deletion of suspicious files C Ignoring chain of custody for evidence D Using unauthorized hacking tools to gather proof

Why: Legal procedures require obtaining a search warrant to lawfully collect digital evidence ensuring admissibility in court.

Question 323

Question bank

Which of the following is a challenging aspect in proving system disruption offences legally under the IT Act 2000?

A Establishing the intent to disrupt system functioning B Finding the IP address of the offender C Proving unauthorized access only D Showing that data was stolen

Why: Proving the offender's intent to disrupt the system is often complex and critical in legal proceedings.

Question 324

Question bank

In a real-world case where a hacker launched a DDoS attack on a bank's website causing system disruption, which section of the IT Act 2000 is most applicable?

A Section 43 B Section 66 C Section 66F D Section 72

Why: Section 66 deals with computer-related offences including intentional disruption such as DDoS attacks.

Question 325

Question bank

In a case where a virus was introduced to disrupt a hospital's computer system, which punishment is likely to be imposed under the IT Act 2000?

A Fine only B Imprisonment up to 3 years or fine or both C Imprisonment for life D No punishment if no data was stolen

Why: Introducing a virus causing disruption is punishable with imprisonment up to 3 years or fine or both under Section 43 or 66.

Question 326

Question bank

A company suffered system disruption due to tampering with source code causing intermittent failures. Which aspect is crucial to prove in court under the IT Act 2000?

A Intentional act to disrupt system functioning B Loss of data confidentiality C Unauthorized access to email accounts D Phishing attempts on employees

Why: Proving the intentional act to disrupt system functioning is essential to establish system disruption offence.

Question 327

Question bank

A hacker launches a Distributed Denial of Service (DDoS) attack on a government server, causing system disruption. The attack involves unauthorized access, data manipulation attempts, and propagation of malware that corrupts system logs. Considering the Information Technology Act 2000, which combination of sections would most comprehensively apply to prosecute the hacker?

A Section 43 (damage to computer), Section 66 (hacking), Section 66F (cyber terrorism) B Section 65 (tampering with computer source documents), Section 66C (identity theft), Section 70 (power to issue directions) C Section 66 (hacking), Section 66F (cyber terrorism), Section 72 (breach of confidentiality) D Section 43 (damage to computer), Section 66 (hacking), Section 66C (identity theft)

Why: Step 1: Identify the nature of the attack - DDoS causing system disruption (Section 43 applies for damage to computer systems). Step 2: Unauthorized access is hacking (Section 66). Step 3: Malware propagation causing system log corruption and potential threat to public order fits cyber terrorism (Section 66F). Step 4: Section 65 relates to source document tampering, which is not directly indicated here. Step 5: Identity theft (Section 66C) is irrelevant as no identity theft is mentioned. Hence, option A combines the most relevant sections.

Question 328

Question bank

A company’s internal network is disrupted by an insider who uses a logic bomb embedded in a software update. The logic bomb activates after 72 hours, deleting critical financial data and altering audit trails. Which of the following best describes the applicable offences under the IT Act 2000 and the sequence of legal provisions to be invoked?

A Section 43 (damage), Section 65 (tampering with source documents), Section 66 (hacking) B Section 66F (cyber terrorism), Section 72A (publishing private information), Section 43 (damage) C Section 43 (damage), Section 65 (tampering with source documents), Section 72 (breach of confidentiality) D Section 43 (damage), Section 65 (tampering with source documents), Section 66F (cyber terrorism)

Why: Step 1: Logic bomb causing deletion of data = damage to computer (Section 43). Step 2: Altering audit trails = tampering with computer source documents (Section 65). Step 3: Insider access and unauthorized manipulation = hacking (Section 66). Step 4: Cyber terrorism (Section 66F) is not applicable as no threat to public order is indicated. Step 5: Breach of confidentiality (Section 72) or publishing private info (72A) is irrelevant here. Hence, option A is correct.

Question 329

Question bank

During a cyber attack, an attacker uses a botnet of 137 compromised devices to flood a financial institution’s server with 2,347,891 requests per minute, causing system downtime for 4 hours. The attacker also steals encrypted customer data but does not decrypt it. Which of the following statements is correct regarding the applicability of the IT Act 2000 provisions?

A The attacker is liable under Section 43 for damage, Section 66 for hacking, and Section 72 for breach of confidentiality. B The attacker is liable under Section 43 for damage and Section 66F for cyber terrorism, but not under Section 72 as data was not decrypted. C The attacker is liable under Section 66 for hacking, Section 72 for breach of confidentiality, and Section 65 for tampering with source documents. D The attacker is liable only under Section 66F for cyber terrorism due to the scale of the attack.

Why: Step 1: Flooding server causing downtime = damage to computer (Section 43). Step 2: Using botnet and unauthorized access = hacking (Section 66). Step 3: Scale and intent to disrupt financial institution = cyber terrorism (Section 66F). Step 4: Data stolen but encrypted and not decrypted means breach of confidentiality (Section 72) is not fully established. Step 5: Tampering with source documents (Section 65) is not indicated. Hence, option B is correct.

Question 330

Question bank

An employee intentionally introduces a ransomware into the company’s network which encrypts 2,513 files and demands ransom. The attack also disables the company’s backup system and modifies system logs to hide traces. Under the IT Act 2000, which set of sections would be most appropriate to charge the employee?

A Section 43 (damage to computer), Section 66 (hacking), Section 65 (tampering with source documents) B Section 66F (cyber terrorism), Section 72 (breach of confidentiality), Section 43 (damage) C Section 66 (hacking), Section 72A (publishing private info), Section 65 (tampering with source documents) D Section 43 (damage), Section 66F (cyber terrorism), Section 66C (identity theft)

Why: Step 1: Ransomware encrypting files = damage to computer (Section 43). Step 2: Unauthorized introduction of malware = hacking (Section 66). Step 3: Modifying system logs = tampering with source documents (Section 65). Step 4: Cyber terrorism (Section 66F) requires threat to public order, which is not indicated. Step 5: Breach of confidentiality and identity theft are not relevant here. Hence, option A is correct.

Question 331

Question bank

A cybercriminal uses a phishing attack to gain access to a hospital’s patient management system and introduces a worm that spreads to 1,729 devices, causing system crashes and data corruption. The attacker also deletes backup files stored on a cloud server located outside India. Considering the IT Act 2000 and jurisdictional issues, which legal provisions and challenges apply?

A Sections 43, 66, 66F apply; jurisdiction extends as per Section 75 due to cross-border data deletion. B Sections 43, 66, 72 apply; jurisdiction is limited as cloud server is outside India. C Sections 66F, 72A, 65 apply; jurisdiction is absolute under IT Act 2000. D Sections 43, 66, 65 apply; jurisdiction does not extend to foreign cloud servers.

Why: Step 1: Phishing leading to unauthorized access = hacking (Section 66). Step 2: Worm spreading causing crashes and data corruption = damage to computer (Section 43). Step 3: Large scale disruption may amount to cyber terrorism (Section 66F). Step 4: Deletion of backups on foreign cloud server raises jurisdictional issues. Section 75 extends IT Act jurisdiction to offences committed outside India if computer system is used in India. Step 5: Other options either ignore cyber terrorism or jurisdictional extension. Hence, option A is correct.

Question 332

Question bank

A hacker exploits a zero-day vulnerability to inject malicious code into a government portal, causing intermittent system failures over 3 days. The attack also involves unauthorized data extraction of 1,234 confidential records and subsequent deletion of audit logs. Which combination of IT Act 2000 sections would be most appropriate to charge the attacker?

A Section 43 (damage), Section 66 (hacking), Section 65 (tampering with source documents) B Section 66F (cyber terrorism), Section 72 (breach of confidentiality), Section 43 (damage) C Section 66 (hacking), Section 72A (publishing private info), Section 65 (tampering with source documents) D Section 66F (cyber terrorism), Section 66C (identity theft), Section 43 (damage)

Why: Step 1: System failures = damage to computer (Section 43). Step 2: Exploiting vulnerability and injecting code = hacking (Section 66). Step 3: Deletion of audit logs = tampering with source documents (Section 65). Step 4: Unauthorized data extraction relates to breach of confidentiality but deletion of logs is more serious here. Step 5: Cyber terrorism requires public order threat, identity theft is not indicated. Hence, option A is correct.

Question 333

Question bank

An attacker uses a botnet of 1,111 devices to send 3,333,333 spam emails to a corporate network, causing system slowdown and denial of service. The attacker also steals 777 encrypted customer credentials but does not attempt to decrypt them. Which sections of the IT Act 2000 apply and why is prosecution under Section 72 difficult?

A Sections 43 (damage), 66 (hacking), 66F (cyber terrorism); Section 72 is difficult as data is encrypted and confidentiality breach is not established. B Sections 43 (damage), 72 (breach of confidentiality), 66C (identity theft); Section 72 applies as data was stolen. C Sections 66 (hacking), 66F (cyber terrorism), 72A (publishing private info); Section 72 is irrelevant here. D Sections 43 (damage), 66 (hacking), 72 (breach of confidentiality); Section 72 applies regardless of encryption.

Why: Step 1: Spam causing denial of service = damage to computer (Section 43). Step 2: Using botnet and unauthorized access = hacking (Section 66). Step 3: Large scale disruption fits cyber terrorism (Section 66F). Step 4: Data stolen but encrypted means breach of confidentiality (Section 72) is not fully established as attacker did not decrypt data. Step 5: Identity theft (Section 66C) and publishing private info (72A) are not indicated. Hence, option A is correct.

Question 334

Question bank

A cybercriminal uses a Trojan horse to gain access to a bank’s ATM network, causing malfunction in 345 ATMs over 48 hours. The attacker deletes transaction logs and attempts to transfer funds fraudulently but fails due to multi-factor authentication. Which IT Act 2000 sections apply and what is the significance of failed fraudulent transfer in prosecution?

A Sections 43 (damage), 66 (hacking), 65 (tampering with source documents); failed transfer does not negate attempted offence under Section 66. B Sections 66F (cyber terrorism), 72 (breach of confidentiality), 43 (damage); failed transfer means no offence under Section 66. C Sections 66 (hacking), 66C (identity theft), 72A (publishing private info); failed transfer is irrelevant. D Sections 43 (damage), 72 (breach of confidentiality), 65 (tampering with source documents); failed transfer means no offence.

Why: Step 1: Trojan causing ATM malfunction = damage to computer (Section 43). Step 2: Unauthorized access = hacking (Section 66). Step 3: Deletion of transaction logs = tampering with source documents (Section 65). Step 4: Attempted fraudulent transfer, although failed, still constitutes an offence under Section 66 as attempt is punishable. Step 5: Cyber terrorism and identity theft are not clearly applicable here. Hence, option A is correct.

Question 335

Question bank

A hacker uses a SQL injection attack on an e-commerce website, causing intermittent system crashes and unauthorized alteration of product prices for 5,432 items. The attacker also deletes customer order history logs. Which sections of the IT Act 2000 are applicable and why is Section 72A not applicable here?

A Sections 43 (damage), 66 (hacking), 65 (tampering with source documents); Section 72A is not applicable as no private information was published. B Sections 66F (cyber terrorism), 72A (publishing private info), 43 (damage); Section 72A applies due to data alteration. C Sections 66 (hacking), 72 (breach of confidentiality), 65 (tampering with source documents); Section 72A applies as data was deleted. D Sections 43 (damage), 66C (identity theft), 72A (publishing private info); Section 72A applies due to price alteration.

Why: Step 1: System crashes = damage to computer (Section 43). Step 2: SQL injection = hacking (Section 66). Step 3: Alteration of product prices and deletion of logs = tampering with source documents (Section 65). Step 4: Section 72A deals with publishing private information, which is not the case here. Step 5: No identity theft or publishing private info occurred. Hence, option A is correct.

Question 336

Question bank

A cyber attacker uses a phishing email to trick 1,111 employees into installing malware that encrypts 3,333 files each on their systems, causing widespread disruption. The attacker also accesses confidential HR data but does not leak it. Which IT Act 2000 provisions apply and why is the absence of data leakage significant?

A Sections 43 (damage), 66 (hacking), 72 (breach of confidentiality); absence of leakage complicates proving breach of confidentiality. B Sections 66F (cyber terrorism), 72A (publishing private info), 43 (damage); absence of leakage is irrelevant. C Sections 43 (damage), 66 (hacking), 65 (tampering with source documents); absence of leakage negates breach of confidentiality. D Sections 66 (hacking), 72 (breach of confidentiality), 66C (identity theft); absence of leakage means no offence under Section 72.

Why: Step 1: Malware encrypting files = damage to computer (Section 43). Step 2: Phishing leading to unauthorized installation = hacking (Section 66). Step 3: Accessing confidential HR data = breach of confidentiality (Section 72). Step 4: However, absence of data leakage makes proving breach of confidentiality difficult. Step 5: Cyber terrorism and identity theft are not indicated. Hence, option A is correct.

Question 337

Question bank

A cybercriminal uses a malware that remains dormant for 48 hours before activating and deleting 1,111 critical files on a government database. The malware also modifies system timestamps to mislead forensic analysis. Which sections of the IT Act 2000 apply and what challenges does the delayed activation pose in prosecution?

A Sections 43 (damage), 65 (tampering with source documents), 66 (hacking); delayed activation complicates establishing time of offence. B Sections 66F (cyber terrorism), 72 (breach of confidentiality), 43 (damage); delayed activation negates intent. C Sections 43 (damage), 66 (hacking), 72A (publishing private info); delayed activation is irrelevant. D Sections 66 (hacking), 65 (tampering with source documents), 66C (identity theft); delayed activation means no offence.

Why: Step 1: Deletion of files = damage to computer (Section 43). Step 2: Modifying timestamps = tampering with source documents (Section 65). Step 3: Malware introduction = hacking (Section 66). Step 4: Delayed activation complicates forensic timeline and proving exact time of offence. Step 5: Cyber terrorism and identity theft are not indicated. Hence, option A is correct.

Question 338

Question bank

A hacker gains unauthorized access to a university’s examination system, modifies 2,345 student grades, and deletes audit logs. The hacker also threatens to publish sensitive student data unless a ransom is paid. Which combination of IT Act 2000 sections applies and why is the ransom threat significant legally?

A Sections 43 (damage), 66 (hacking), 72A (publishing private info); ransom threat elevates offence severity. B Sections 66F (cyber terrorism), 72 (breach of confidentiality), 65 (tampering with source documents); ransom threat qualifies as cyber terrorism. C Sections 43 (damage), 66C (identity theft), 72 (breach of confidentiality); ransom threat is irrelevant. D Sections 66 (hacking), 65 (tampering with source documents), 72A (publishing private info); ransom threat is a separate offence.

Why: Step 1: Modifying grades = damage to computer (Section 43). Step 2: Unauthorized access = hacking (Section 66). Step 3: Deleting audit logs = tampering with source documents (Section 65). Step 4: Threatening to publish sensitive data unless ransom is paid fits cyber terrorism (Section 66F). Step 5: Breach of confidentiality (Section 72) applies due to threat to disclose data. Hence, option B is correct.

Question 339

Question bank

A cyber attacker uses a botnet of 2,222 devices to send 4,444,444 malformed packets to a telecom provider’s servers, causing system crashes and loss of connectivity for 6 hours. The attacker also steals 555 encrypted customer call records but does not decrypt or share them. Which IT Act 2000 provisions apply and why might prosecution under Section 72 be challenging?

A Sections 43 (damage), 66 (hacking), 66F (cyber terrorism); Section 72 is challenging due to encryption and no data sharing. B Sections 43 (damage), 72 (breach of confidentiality), 66C (identity theft); Section 72 applies regardless of encryption. C Sections 66 (hacking), 66F (cyber terrorism), 72A (publishing private info); Section 72 is irrelevant. D Sections 43 (damage), 66 (hacking), 72 (breach of confidentiality); Section 72 applies as data was stolen.

Why: Step 1: Malformed packets causing crashes = damage to computer (Section 43). Step 2: Using botnet = hacking (Section 66). Step 3: Scale and intent to disrupt telecom provider = cyber terrorism (Section 66F). Step 4: Data stolen but encrypted and not shared means breach of confidentiality (Section 72) is difficult to prove. Step 5: Identity theft and publishing private info are not indicated. Hence, option A is correct.

Question 340

Question bank

An insider employee uses a USB device to introduce malware that corrupts 1,234 files on the company’s financial server and deletes backup files stored on an offline tape drive. The malware also modifies system logs to hide its activity. Which sections of the IT Act 2000 apply and what is the significance of offline backup deletion?

A Sections 43 (damage), 65 (tampering with source documents), 66 (hacking); offline backup deletion increases damage severity. B Sections 66F (cyber terrorism), 72 (breach of confidentiality), 43 (damage); offline backup deletion is irrelevant. C Sections 43 (damage), 66C (identity theft), 65 (tampering with source documents); offline backup deletion negates offence. D Sections 66 (hacking), 72A (publishing private info), 65 (tampering with source documents); offline backup deletion is a separate offence.

Why: Step 1: Malware corrupting files = damage to computer (Section 43). Step 2: Modifying logs = tampering with source documents (Section 65). Step 3: Unauthorized introduction of malware = hacking (Section 66). Step 4: Offline backup deletion increases damage as recovery is hindered. Step 5: Cyber terrorism and identity theft are not indicated. Hence, option A is correct.

Question 341

Question bank

A hacker sends 1,010 spoofed emails to a government department’s email server, causing system overload and denial of service for 2 hours. The hacker also attempts to access confidential emails but is blocked by encryption. Which IT Act 2000 sections apply and why is prosecution under Section 72 difficult?

A Sections 43 (damage), 66 (hacking), 66F (cyber terrorism); Section 72 is difficult due to encryption preventing access. B Sections 43 (damage), 72 (breach of confidentiality), 66C (identity theft); Section 72 applies as attempt was made. C Sections 66 (hacking), 66F (cyber terrorism), 72A (publishing private info); Section 72 is irrelevant. D Sections 43 (damage), 66 (hacking), 72 (breach of confidentiality); Section 72 applies regardless of encryption.

Why: Step 1: Spoofed emails causing overload = damage to computer (Section 43). Step 2: Unauthorized access attempt = hacking (Section 66). Step 3: Scale and intent to disrupt government system = cyber terrorism (Section 66F). Step 4: Encryption blocking access means breach of confidentiality (Section 72) is difficult to prove. Step 5: Identity theft and publishing private info are not indicated. Hence, option A is correct.

Question 342

Question bank

A cyber attacker uses a malware that activates only on the 30th day after installation, deleting 1,500 files and corrupting system logs. The attacker also steals 1,000 encrypted user credentials but does not decrypt or disclose them. Which IT Act 2000 provisions apply and what challenges does delayed activation pose for evidence collection?

A Sections 43 (damage), 65 (tampering with source documents), 66 (hacking); delayed activation complicates establishing timeline and intent. B Sections 66F (cyber terrorism), 72 (breach of confidentiality), 43 (damage); delayed activation negates intent. C Sections 43 (damage), 66 (hacking), 72A (publishing private info); delayed activation is irrelevant. D Sections 66 (hacking), 65 (tampering with source documents), 66C (identity theft); delayed activation means no offence.

Why: Step 1: Deletion of files = damage to computer (Section 43). Step 2: Corrupting logs = tampering with source documents (Section 65). Step 3: Malware installation = hacking (Section 66). Step 4: Delayed activation complicates forensic analysis and proving timeline and intent. Step 5: Cyber terrorism and identity theft are not indicated. Hence, option A is correct.

Question 343

Question bank

An attacker uses a ransomware that encrypts 2,222 files on a corporate server and demands ransom in cryptocurrency. The ransomware also deletes system backup files stored on a remote server and modifies system logs to erase traces. Which IT Act 2000 sections apply and how does ransom demand affect the classification of offence?

A Sections 43 (damage), 66 (hacking), 65 (tampering with source documents); ransom demand may elevate offence to cyber terrorism (Section 66F). B Sections 66F (cyber terrorism), 72 (breach of confidentiality), 43 (damage); ransom demand is irrelevant. C Sections 43 (damage), 66C (identity theft), 72A (publishing private info); ransom demand does not affect offence classification. D Sections 66 (hacking), 72 (breach of confidentiality), 65 (tampering with source documents); ransom demand is a separate offence.

Why: Step 1: Encryption of files = damage to computer (Section 43). Step 2: Unauthorized malware introduction = hacking (Section 66). Step 3: Deletion of backups = tampering with source documents (Section 65). Step 4: Ransom demand in cryptocurrency indicates extortion and may elevate offence to cyber terrorism (Section 66F). Step 5: Breach of confidentiality and identity theft are not indicated. Hence, option A is correct.

Question 344

Question bank

What is the most accurate definition of password cracking?

A A process of creating strong passwords for users B An unauthorized attempt to discover or bypass passwords to gain access C A method of encrypting passwords for security D A legal procedure to reset forgotten passwords

Why: Password cracking refers to the unauthorized attempt to discover or bypass passwords to gain access to protected systems or data.

Question 345

Question bank

Which of the following best describes the nature of password cracking?

A It is a legitimate security testing method always authorized by users B It is an illegal activity aimed at unauthorized access C It is a method used to strengthen password policies D It is a technique for backing up passwords securely

Why: Password cracking is generally an illegal activity aimed at gaining unauthorized access to computer systems or data.

Question 346

Question bank

Which of the following statements best explains the nature of password cracking in the context of computer offences?

A It involves authorized penetration testing to improve security B It is a cybercrime involving unauthorized access to protected information C It is a method of password recovery used by system administrators D It is a legal technique to audit password strength

Why: Password cracking is considered a cybercrime as it involves unauthorized access to protected information, which is punishable under the IT Act.

Question 347

Question bank

Which of the following is NOT a common method of password cracking?

A Brute force attack B Phishing attack C Dictionary attack D Rainbow table attack

Why: Phishing is a social engineering attack to steal credentials, not a direct password cracking method which involves computational techniques.

Question 348

Question bank

Which password cracking method uses precomputed hash values to speed up the cracking process?

A Brute force attack B Rainbow table attack C Social engineering D Phishing

Why: Rainbow table attacks use precomputed tables of hash values to reverse cryptographic hash functions faster than brute force.

Question 349

Question bank

In a brute force password cracking attack, what is the primary factor that determines the time taken to crack a password?

A Length and complexity of the password B The type of operating system used C The number of users on the system D The brand of the computer hardware

Why: The time taken to crack a password using brute force depends mainly on the password's length and complexity, as more combinations need to be tried.

Question 350

Question bank

Which of the following advanced password cracking techniques involves exploiting vulnerabilities in password storage mechanisms?

A Phishing B Rainbow table attack C Shoulder surfing D Keylogging

Why: Rainbow table attacks exploit weaknesses in password hashing and storage by using precomputed hash tables to reverse hashes.

Question 351

Question bank

Under which section of the Information Technology Act, 2000 is password cracking primarily addressed?

A Section 43 B Section 66 C Section 72 D Section 79

Why: Section 66 of the IT Act deals with computer-related offences including hacking and unauthorized access, which covers password cracking.

Question 352

Question bank

Which of the following statements correctly describes the legal provision related to password cracking under the IT Act, 2000?

A Password cracking is legal if done for educational purposes B Unauthorized password cracking is punishable under Section 66 of the IT Act C Password cracking is not covered under any section of the IT Act D Only physical theft of computers is punishable under the IT Act

Why: Unauthorized password cracking is punishable under Section 66 of the IT Act, which deals with hacking and unauthorized access.

Question 353

Question bank

Which section of the Information Technology Act, 2000 prescribes punishment for hacking including password cracking with imprisonment up to three years or fine up to one lakh rupees or both?

A Section 43 B Section 66 C Section 65 D Section 67

Why: Section 66 of the IT Act prescribes punishment for hacking, which includes password cracking, with imprisonment and/or fine.

Question 354

Question bank

What is the maximum punishment prescribed under the IT Act, 2000 for password cracking offences under Section 66?

A Imprisonment up to 1 year or fine up to 50,000 rupees B Imprisonment up to 3 years or fine up to 1 lakh rupees or both C Imprisonment up to 5 years without fine D Only a fine up to 2 lakh rupees

Why: Section 66 prescribes imprisonment up to 3 years or fine up to 1 lakh rupees or both for hacking offences including password cracking.

Question 355

Question bank

Which of the following penalties can be imposed for password cracking under the IT Act, 2000 besides imprisonment?

A Community service B Monetary fine C License suspension D Mandatory cybersecurity training

Why: Besides imprisonment, the IT Act prescribes monetary fines as penalties for password cracking offences.

Question 356

Question bank

Which of the following statements correctly describes the punishment for password cracking under the IT Act, 2000 when it causes damage to computer resources?

A Punishment is limited to a warning letter B Punishment can include imprisonment, fine, or both depending on severity C No punishment if the password is weak D Only civil liability applies

Why: The IT Act allows for imprisonment, fine, or both depending on the severity of the offence including damage caused by password cracking.

Question 357

Question bank

Which of the following best distinguishes password cracking from hacking under the IT Act, 2000?

A Password cracking is legal while hacking is illegal B Password cracking specifically targets passwords, hacking is a broader unauthorized access C Hacking only involves physical access, password cracking is remote D There is no difference; both terms are interchangeable

Why: Password cracking specifically targets obtaining passwords, while hacking refers to any unauthorized access or intrusion into computer systems.

Question 358

Question bank

How does password cracking differ from identity theft under the IT Act, 2000?

A Password cracking involves unauthorized access, identity theft involves impersonation B Identity theft is always legal, password cracking is not C Password cracking requires physical access, identity theft does not D Both are the same offence under the IT Act

Why: Password cracking is unauthorized access to systems, while identity theft involves impersonating another person to commit fraud.

Question 359

Question bank

Which of the following is a key difference between password cracking and phishing attacks?

A Password cracking uses technical methods, phishing relies on social engineering B Phishing is legal, password cracking is not C Password cracking requires user interaction, phishing does not D Both are identical in technique and outcome

Why: Password cracking uses technical methods to break passwords, whereas phishing uses social engineering to trick users into revealing credentials.

Question 360

Question bank

Which of the following is an effective preventive measure against password cracking?

A Using simple passwords for easy recall B Implementing multi-factor authentication C Sharing passwords over email D Disabling password expiration policies

Why: Multi-factor authentication adds an extra layer of security, making password cracking less effective.

Question 361

Question bank

Which cybersecurity practice helps mitigate risks associated with password cracking?

A Regularly updating software and patches B Using the same password across multiple sites C Disabling firewalls D Ignoring security alerts

Why: Regular software updates and patches fix vulnerabilities that could be exploited in password cracking attempts.

Question 362

Question bank

Which of the following best explains the cybersecurity implication of password cracking?

A It leads to unauthorized data access and potential data breaches B It improves system performance by testing passwords C It is a recommended practice for system administrators D It reduces the need for password policies

Why: Password cracking can lead to unauthorized data access and compromise system security, causing data breaches.

Question 363

Question bank

Which of the following best defines password cracking?

A Unauthorized attempt to discover or bypass a password B Creating a strong password for user accounts C Encrypting passwords to enhance security D Sharing passwords with authorized personnel

Why: Password cracking involves unauthorized attempts to discover or bypass passwords to gain access to protected systems or data.

Question 364

Question bank

Password cracking is primarily considered a ____ offence under the IT Act 2000.

A Civil B Criminal C Administrative D Contractual

Why: Password cracking is treated as a criminal offence under the IT Act 2000, punishable by law.

Question 365

Question bank

Which of the following statements accurately describes the nature of password cracking?

A It is a legitimate method used by system administrators to reset passwords. B It involves guessing or computing passwords without authorization. C It refers to the process of creating complex passwords. D It is a technique used to encrypt passwords securely.

Why: Password cracking involves unauthorized guessing or computing of passwords to gain illicit access.

Question 366

Question bank

Which of the following is NOT a common method used in password cracking?

A Brute force attack B Phishing attack C Dictionary attack D Rainbow table attack

Why: Phishing is a social engineering attack, not a direct password cracking technique.

Question 367

Question bank

In a brute force attack, the attacker attempts to crack a password by:

A Trying all possible combinations until the correct one is found B Using pre-computed hash values to reverse passwords C Stealing passwords through social engineering D Guessing passwords based on user information

Why: Brute force attacks systematically try every possible password combination until the correct one is found.

Question 368

Question bank

Which technique uses a pre-arranged list of possible passwords and their hash values to speed up password cracking?

A Rainbow table attack B Phishing attack C Brute force attack D Man-in-the-middle attack

Why: Rainbow table attacks use precomputed tables of hashes to quickly reverse hashed passwords.

Question 369

Question bank

Which of the following password cracking methods is considered the most time-consuming but guaranteed to succeed eventually?

A Brute force attack B Dictionary attack C Social engineering D Keylogging

Why: Brute force attacks try every possible combination, guaranteeing success but often taking a long time.

Question 370

Question bank

Under which section of the IT Act 2000 is unauthorized access to protected systems by password cracking primarily addressed?

A Section 43 B Section 66 C Section 72 D Section 79

Why: Section 66 deals with computer-related offences including unauthorized access, which covers password cracking.

Question 371

Question bank

Which section of the IT Act 2000 specifically penalizes tampering with computer source documents, which may include password cracking activities?

A Section 65 B Section 66 C Section 66B D Section 65B

Why: Section 65 penalizes tampering with computer source documents, which can relate to password cracking.

Question 372

Question bank

Which of the following is TRUE about legal provisions related to password cracking under the IT Act 2000?

A Password cracking is not explicitly mentioned but covered under unauthorized access provisions B Password cracking is legal if done for research purposes C Only government officials can perform password cracking legally D Password cracking is allowed with written consent of the victim

Why: The IT Act 2000 covers password cracking under unauthorized access and related offences, though it may not be explicitly named.

Question 373

Question bank

According to the IT Act 2000, which of the following penalties can be imposed for password cracking offences?

A Imprisonment up to 3 years and/or fine up to 5 lakh rupees B Only a warning letter C Community service D No penalty if data is not stolen

Why: The IT Act 2000 prescribes imprisonment and fines for offences like password cracking.

Question 374

Question bank

Which section of the IT Act 2000 prescribes punishment for identity theft, which may be related to password cracking activities?

A Section 66C B Section 66D C Section 43 D Section 72

Why: Section 66C deals with identity theft, which can be a consequence of password cracking.

Question 375

Question bank

Which of the following is a possible punishment under the IT Act 2000 for someone convicted of password cracking?

A Imprisonment up to 3 years and fine B Only a monetary fine with no imprisonment C Community service for 6 months D No punishment if the password was weak

Why: The IT Act 2000 prescribes imprisonment and fines for password cracking offences.

Question 376

Question bank

How does password cracking differ from hacking under the IT Act 2000?

A Password cracking specifically targets passwords, while hacking may involve broader unauthorized access B Hacking is legal, password cracking is not C Password cracking involves physical theft of devices, hacking does not D There is no difference; both terms mean the same

Why: Password cracking is a subset of hacking focused on obtaining passwords, whereas hacking includes all forms of unauthorized access.

Question 377

Question bank

Which of the following distinguishes password cracking from phishing attacks?

A Password cracking uses technical methods to guess passwords; phishing uses deception to obtain them B Phishing is a type of password cracking C Password cracking requires user consent; phishing does not D Both are identical in method and effect

Why: Password cracking involves technical attempts to guess passwords, while phishing relies on tricking users to reveal passwords.

Question 378

Question bank

Which of the following is NOT a key difference between password cracking and malware attacks?

A Password cracking targets authentication credentials, malware attacks can target various system functions B Malware requires physical access, password cracking does not C Password cracking is often a precursor to malware installation D Both can be prosecuted under the IT Act 2000

Why: Malware attacks do not necessarily require physical access; they can be delivered remotely, so this is not a distinguishing factor.

Question 379

Question bank

Which of the following is a recommended preventive measure against password cracking?

A Using multi-factor authentication B Sharing passwords via email C Using simple and common passwords D Disabling account lockout policies

Why: Multi-factor authentication adds an extra layer of security, making password cracking more difficult.

Question 380

Question bank

Which security practice helps reduce the risk of password cracking by limiting login attempts?

A Account lockout after multiple failed attempts B Using default passwords C Disabling firewalls D Allowing unlimited password retries

Why: Account lockout policies prevent attackers from repeatedly trying passwords, reducing brute force attack risks.

Question 381

Question bank

Which of the following is an effective method to protect against rainbow table attacks?

A Salting passwords before hashing B Using shorter passwords C Storing passwords in plain text D Disabling encryption

Why: Salting adds random data to passwords before hashing, making rainbow table attacks ineffective.

Question 382

Question bank

In a scenario where an attacker uses a hybrid password cracking method combining dictionary attacks, rainbow tables, and brute force on a system protected under the IT Act 2000, which of the following legal provisions and technical defenses collectively provide the strongest protection against prosecution and data breach respectively? Consider that the password policy enforces salted hashes and multi-factor authentication (MFA).

A Section 66 (Computer Related Offences), use of salted hashes, and MFA B Section 43 (Unauthorized Access), use of rainbow tables, and MFA C Section 66F (Cyber Terrorism), use of brute force, and salted hashes D Section 65 (Tampering with Computer Source Documents), use of dictionary attacks, and single-factor authentication

Why: Step 1: Identify relevant IT Act provisions - Section 66 deals with computer-related offences including hacking; Section 43 relates to unauthorized access but is less specific; Section 66F is about cyber terrorism, which is not applicable here; Section 65 is about tampering with source documents. Step 2: Understand password cracking methods - dictionary attacks, rainbow tables, brute force. Step 3: Recognize that salted hashes prevent rainbow table effectiveness. Step 4: Multi-factor authentication (MFA) adds a layer beyond password cracking. Step 5: Combining legal protection (Section 66) with technical defenses (salted hashes + MFA) offers the strongest protection. Trap options: B incorrectly pairs rainbow tables (which salted hashes mitigate) with Section 43; C misapplies cyber terrorism law and brute force; D wrongly assumes dictionary attacks and single-factor authentication are protective.

Question 383

Question bank

A forensic investigator analyzing a breach under the IT Act 2000 finds that the attacker used a time-memory trade-off attack on a password hash stored without salt. The password was 11 characters long, using a 72-character set. Given that the rainbow table size grows exponentially with password length and character set, which of the following statements correctly identifies the legal implications under IT Act sections and the technical vulnerability exploited?

A The attacker violated Section 66, exploiting absence of salt which allowed feasible rainbow table attacks on 11-character passwords B The attacker violated Section 43, but salted hashes would not have prevented the attack due to the large character set C The attacker violated Section 65, and the password length makes brute force more practical than rainbow tables D The attacker violated Section 66F, exploiting a zero-day vulnerability unrelated to password hashing

Why: Step 1: Section 66 covers hacking and unauthorized access, applicable here. Step 2: Absence of salt allows rainbow tables to be effective, especially for passwords up to 11 characters. Step 3: Rainbow table size grows exponentially with password length and charset; 11 characters with 72 charset is borderline but feasible without salt. Step 4: Section 43 is about unauthorized access but less specific; salted hashes would prevent rainbow table attacks. Step 5: Section 65 relates to tampering with source documents, irrelevant here; Section 66F relates to cyber terrorism, not applicable. Trap options: B wrongly claims salted hashes ineffective; C misattributes attack to Section 65 and misjudges brute force practicality; D misapplies cyber terrorism law and zero-day vulnerability.

Question 384

Question bank

Consider a system where passwords are stored using unsalted MD5 hashes. An attacker uses a GPU-accelerated brute force attack combined with a rainbow table lookup. Under the IT Act 2000, which combination of technical mitigation and legal recourse best addresses the attack, assuming the attacker is caught after 72 hours of unauthorized access?

A Implement salted SHA-256 hashing and invoke Section 66 for prosecution B Use unsalted SHA-1 hashes and apply Section 43 for unauthorized access C Switch to salted MD5 hashes and rely on Section 65 for tampering charges D Maintain unsalted MD5 and use Section 66F for cyber terrorism charges

Why: Step 1: Unsalted MD5 is vulnerable to rainbow tables and brute force. Step 2: Salting plus stronger hash (SHA-256) mitigates these attacks. Step 3: Section 66 covers hacking and unauthorized access, appropriate for prosecution. Step 4: Section 43 is weaker and applies to unauthorized access but less specific. Step 5: Section 65 relates to tampering source documents, irrelevant here; Section 66F is cyber terrorism, not applicable. Trap options: B suggests unsalted SHA-1 which is weak; C suggests salted MD5 which is better but still weak; D misapplies cyber terrorism law.

Question 385

Question bank

An organization under the IT Act 2000 faces a breach where passwords were cracked using a dictionary attack enhanced by machine learning to predict password patterns. The passwords were stored with salted SHA-512 hashes. Which of the following best explains the failure point and the applicable legal section for prosecuting the attacker?

A Weak password policy allowing predictable patterns, Section 66 applies B Salt reuse in hashing, Section 43 applies C Use of outdated hashing algorithm, Section 65 applies D Insufficient network security, Section 66F applies

Why: Step 1: Salted SHA-512 is strong technically. Step 2: Machine learning predicts password patterns, exploiting weak password policies. Step 3: Salt reuse would weaken hashes but is not mentioned. Step 4: SHA-512 is not outdated. Step 5: Network security is unrelated to password cracking here. Step 6: Section 66 covers hacking and unauthorized access. Trap options: B assumes salt reuse without evidence; C mislabels SHA-512 as outdated; D misapplies cyber terrorism law.

Question 386

Question bank

A cybercriminal attempts to crack passwords protected by a PBKDF2 hashing scheme with 150,000 iterations and unique salts per user. The attacker uses a GPU cluster to perform brute force attacks. Considering the IT Act 2000, which of the following statements correctly identifies the attack's feasibility, the legal implications, and the best preventive measure?

A Attack is computationally expensive but possible; Section 66 applies; increase iteration count and enforce MFA B Attack is infeasible; Section 43 applies; no additional measures needed C Attack is feasible due to GPU power; Section 65 applies; switch to unsalted hashes D Attack is prevented by salts alone; Section 66F applies; implement password complexity rules

Why: Step 1: PBKDF2 with 150,000 iterations is computationally expensive but not impossible with GPUs. Step 2: Unique salts prevent rainbow table attacks. Step 3: Section 66 applies for hacking. Step 4: Increasing iterations and MFA further strengthen security. Step 5: Section 43 is weaker; Section 65 irrelevant; Section 66F cyber terrorism unrelated. Trap options: B incorrectly claims infeasibility and weaker legal section; C wrongly suggests unsalted hashes; D incorrectly claims salts alone prevent attack and misapplies cyber terrorism law.

Question 387

Question bank

During an investigation under the IT Act 2000, it is found that an attacker used a side-channel timing attack to deduce password hashes from a system using bcrypt with a cost factor of 12. Which of the following best describes the interplay of technical and legal considerations in this case?

A Timing attack exploits implementation flaw, Section 66 applies, increasing cost factor mitigates risk B Timing attack is ineffective against bcrypt, Section 43 applies, no mitigation needed C Timing attack exploits weak password policy, Section 65 applies, switch to SHA-1 D Timing attack is a cyber terrorism act, Section 66F applies, disable password authentication

Why: Step 1: Bcrypt is resistant to brute force but vulnerable to side-channel if implementation leaks timing. Step 2: Timing attack exploits implementation flaw, not hash strength. Step 3: Section 66 covers hacking. Step 4: Increasing cost factor increases hashing time, reducing timing attack feasibility. Step 5: Section 43 less specific; Section 65 unrelated; Section 66F cyber terrorism irrelevant. Trap options: B incorrectly claims timing attacks ineffective; C misattributes attack to password policy and suggests weak SHA-1; D misapplies cyber terrorism law.

Question 388

Question bank

An attacker uses a password spraying attack on a system protected under the IT Act 2000, where passwords are hashed with Argon2id using unique salts and a memory cost of 2^20 KB. The attacker targets 10,237 user accounts with 5 common passwords each. Which of the following best describes the technical challenge for the attacker and the relevant legal provision for prosecution?

A High memory cost slows attack; Section 66 applies for unauthorized access B Low memory cost enables attack; Section 43 applies for data theft C Unique salts prevent attack; Section 65 applies for source code tampering D Password spraying is not covered under IT Act; no prosecution possible

Why: Step 1: Argon2id with high memory cost (2^20 KB) is designed to slow attacks. Step 2: Password spraying tries few common passwords across many accounts. Step 3: High memory cost makes brute force expensive. Step 4: Section 66 covers hacking and unauthorized access. Step 5: Section 43 less specific; Section 65 unrelated; IT Act covers password spraying under hacking. Trap options: B incorrectly claims low memory cost; C wrongly claims salts prevent password spraying (which targets accounts, not hashes directly); D falsely claims no legal coverage.

Question 389

Question bank

A company uses a custom password hashing algorithm combining MD5 and SHA-256 without salts. An attacker successfully cracks passwords using a combined brute force and rainbow table attack. Under the IT Act 2000, which sections are applicable for prosecution, and what is the best technical recommendation to prevent such attacks?

A Section 66 applies; replace custom algorithm with standard salted bcrypt B Section 43 applies; increase password length only C Section 65 applies; use unsalted SHA-512 instead D Section 66F applies; implement two-factor authentication only

Why: Step 1: Custom algorithms without salt are vulnerable. Step 2: Combined brute force and rainbow table attacks exploit lack of salt and weak hashing. Step 3: Section 66 covers hacking and unauthorized access. Step 4: Standard salted bcrypt is recommended. Step 5: Section 43 less specific; Section 65 irrelevant; Section 66F cyber terrorism unrelated. Trap options: B suggests only increasing length which is insufficient; C suggests unsalted SHA-512 which is weak; D misapplies cyber terrorism law and suggests only 2FA without addressing hashing.

Question 390

Question bank

An attacker exploits a vulnerability in a system's password reset mechanism to perform offline password cracking on salted SHA-1 hashes. The hashes are generated with a salt length of 6 bytes, and passwords are 9 characters long from a 62-character set. Under the IT Act 2000, which of the following best explains the attack's feasibility, the legal implications, and the mitigation strategy?

A Short salt and weak SHA-1 make attack feasible; Section 66 applies; migrate to salted SHA-256 with longer salts B Salt length sufficient; Section 43 applies; enforce password complexity only C Password length too short; Section 65 applies; disable password reset D Attack is cyber terrorism; Section 66F applies; implement biometric authentication

Why: Step 1: 6-byte salt is relatively short, increasing rainbow table feasibility. Step 2: SHA-1 is considered weak. Step 3: Password length and charset size make brute force possible. Step 4: Section 66 applies for hacking. Step 5: Mitigation includes stronger hash (SHA-256) and longer salts. Trap options: B incorrectly claims salt length sufficient; C misapplies Section 65 and disables reset unnecessarily; D misapplies cyber terrorism law.

Question 391

Question bank

A password cracking attempt uses a Markov model to prioritize guesses against a system protected by salted SHA-3 hashes with a salt length of 16 bytes and password length of 12 characters from a 94-character set. The attacker is charged under the IT Act 2000. Which of the following best describes the attack's complexity, legal charge, and recommended defense?

A High complexity due to strong hash and salt; Section 66 applies; enforce account lockout policies B Low complexity due to Markov model; Section 43 applies; increase salt length only C Attack infeasible; Section 65 applies; no defense needed D Attack is cyber terrorism; Section 66F applies; disable password authentication

Why: Step 1: Salted SHA-3 with long salt and large charset makes attack computationally expensive. Step 2: Markov models improve guess prioritization but do not reduce hash strength. Step 3: Section 66 applies for hacking. Step 4: Account lockout policies prevent repeated guesses. Step 5: Section 43 less specific; Section 65 unrelated; Section 66F cyber terrorism irrelevant. Trap options: B underestimates hash strength; C wrongly claims infeasibility and misapplies Section 65; D misapplies cyber terrorism law.

Question 392

Question bank

Match the following password cracking techniques with their corresponding IT Act 2000 sections and appropriate technical defenses: A. Rainbow Table Attack B. Brute Force Attack C. Dictionary Attack D. Side-Channel Timing Attack

A 1. Section 66; Use salted hashes and MFA B 2. Section 43; Increase password length and complexity C 3. Section 65; Secure implementation and constant-time algorithms D 4. Section 66F; Disable password authentication

Why: Step 1: Rainbow table attacks exploit unsalted hashes; Section 66 applies; salted hashes and MFA defend. Step 2: Brute force and dictionary attacks rely on password complexity; Section 43 applies; increasing length and complexity defend. Step 3: Side-channel timing attacks exploit implementation flaws; Section 65 applies; secure coding and constant-time algorithms defend. Step 4: Section 66F relates to cyber terrorism, unrelated here. Trap: Option 4 is a trap for all techniques as cyber terrorism is not applicable.

Question 393

Question bank

Assertion (A): Using a longer salt length always guarantees protection against rainbow table attacks. Reason (R): Rainbow tables grow exponentially with password length but linearly with salt length.

A Both A and R are true, and R is the correct explanation of A B Both A and R are true, but R is not the correct explanation of A C A is false, but R is true D Both A and R are false

Why: Step 1: Longer salt length increases rainbow table size exponentially, not linearly. Step 2: Rainbow tables grow exponentially with both password length and salt length. Step 3: Therefore, A is false as longer salt alone does not guarantee protection. Step 4: R is true in that rainbow tables grow exponentially with password length. Step 5: Hence, option C is correct. Trap: Option A traps by assuming salt length alone guarantees protection; Option B misinterprets growth rates.

Question 394

Question bank

In a system breach case under the IT Act 2000, the attacker used a GPU cluster to perform brute force attacks on passwords hashed with unsalted SHA-256. The passwords are 10 characters long, from a 36-character set. The attacker cracked 0.01% of passwords in 48 hours. Which of the following statements correctly analyzes the attack feasibility, legal implications, and recommended security improvements?

A Attack feasible due to unsalted hashes; Section 66 applies; implement salting and increase password length B Attack infeasible; Section 43 applies; no changes needed C Attack feasible due to short password length; Section 65 applies; switch to MD5 hashing D Attack prevented by SHA-256 strength; Section 66F applies; disable password authentication

Why: Step 1: Unsalted SHA-256 vulnerable to brute force and rainbow tables. Step 2: 10-character passwords from 36 charset are moderately weak. Step 3: Cracking 0.01% in 48 hours shows feasibility. Step 4: Section 66 applies for hacking. Step 5: Recommended to salt hashes and increase password length. Trap options: B wrongly claims infeasibility; C suggests weaker MD5; D misapplies cyber terrorism law and disables authentication.

Question 395

Question bank

An attacker uses a hybrid attack combining credential stuffing and password spraying on a system protected by salted SHA-512 hashes with a salt length of 12 bytes. The attacker targets 15,000 accounts using 7 common passwords. Which IT Act 2000 section applies, and what is the best multi-layered defense strategy?

A Section 66 applies; enforce MFA, account lockout, and monitor login attempts B Section 43 applies; increase salt length only C Section 65 applies; disable password reset functionality D Section 66F applies; implement biometric authentication only

Why: Step 1: Credential stuffing and password spraying are hacking attempts. Step 2: Section 66 applies. Step 3: Salted SHA-512 hashes protect stored passwords but do not prevent login attacks. Step 4: Multi-layered defense includes MFA, account lockout, and monitoring. Step 5: Section 43 less specific; Section 65 unrelated; Section 66F cyber terrorism irrelevant. Trap options: B suggests salt length increase only; C disables reset unnecessarily; D misapplies cyber terrorism law.

Question 396

Question bank

A system uses a password hashing scheme with a fixed salt value for all users and SHA-256. An attacker obtains the hash database and performs a rainbow table attack. Considering the IT Act 2000, which of the following best explains the vulnerability, applicable legal section, and corrective action?

A Fixed salt allows rainbow table reuse; Section 66 applies; use unique salts per user B Fixed salt prevents rainbow tables; Section 43 applies; increase hash iterations C Fixed salt unrelated; Section 65 applies; switch to MD5 D Fixed salt causes cyber terrorism; Section 66F applies; disable password authentication

Why: Step 1: Fixed salt is effectively no salt, enabling rainbow table reuse. Step 2: Section 66 applies for hacking. Step 3: Corrective action is unique salts per user. Step 4: Section 43 less specific; Section 65 unrelated; Section 66F cyber terrorism irrelevant. Trap options: B incorrectly claims fixed salt prevents rainbow tables; C suggests weaker MD5; D misapplies cyber terrorism law.

Question 397

Question bank

An attacker uses a GPU-accelerated brute force attack on passwords hashed with Argon2id configured with a time cost of 4, memory cost of 2^18 KB, and parallelism of 8. The passwords are 8 characters long from a 52-character set. Under the IT Act 2000, which of the following best describes the attack's feasibility, legal implications, and recommended password policy improvements?

A Attack is computationally expensive but feasible; Section 66 applies; increase password length and enforce MFA B Attack is infeasible; Section 43 applies; no changes needed C Attack feasible due to low parallelism; Section 65 applies; switch to SHA-1 D Attack prevented by Argon2id alone; Section 66F applies; disable password authentication

Why: Step 1: Argon2id with given parameters is strong but 8-character passwords from 52 charset are weak. Step 2: GPU acceleration makes attack feasible but expensive. Step 3: Section 66 applies for hacking. Step 4: Recommended to increase password length and enforce MFA. Step 5: Section 43 less specific; Section 65 unrelated; Section 66F cyber terrorism irrelevant. Trap options: B underestimates feasibility; C misapplies Section 65 and suggests weak SHA-1; D misapplies cyber terrorism law.

Question 398

Question bank

In a case under the IT Act 2000, an attacker used a side-channel attack to recover passwords from a system implementing PBKDF2 with 100,000 iterations and unique salts. The system logs showed 0 failed login attempts. Which of the following best explains the attack vector, applicable legal section, and recommended mitigation?

A Side-channel attack exploits implementation flaw; Section 66 applies; use constant-time functions and hardware security modules B Attack is brute force; Section 43 applies; increase iterations only C Attack is phishing; Section 65 applies; disable password reset D Attack is cyber terrorism; Section 66F applies; implement biometric authentication

Why: Step 1: Side-channel attacks exploit timing or power consumption, not login attempts. Step 2: Section 66 applies for hacking. Step 3: Mitigation includes constant-time functions and hardware security modules. Step 4: Section 43 less specific; Section 65 unrelated; Section 66F cyber terrorism irrelevant. Trap options: B mislabels attack as brute force; C mislabels as phishing; D misapplies cyber terrorism law.

Question 399

Question bank

What is the correct definition of an 'Access Code' under the Information Technology Act, 2000?

A A password, PIN, or any other code used to gain access to a computer system or network B A software program that protects a computer from viruses C An encryption algorithm used for securing data transmission D A hardware device used to store data securely

Why: Under the IT Act, 2000, an access code means any password, PIN, or other security code used to gain access to a computer system or network.

Question 400

Question bank

Which of the following best describes the purpose of an access code?

A To restrict unauthorized access to computer resources B To increase the speed of data processing C To backup data automatically D To monitor internet usage

Why: Access codes are primarily used to restrict unauthorized access to computer systems and protect data integrity.

Question 401

Question bank

Which of the following is NOT considered a type of access code under the IT Act, 2000?

A Biometric data such as fingerprints B Password or PIN C Encryption key D Physical key to a computer room

Why: Access codes refer to digital or electronic codes like passwords, PINs, biometric data, or encryption keys. A physical key to a room is not an access code under the IT Act.

Question 402

Question bank

Which of the following is a type of access code that uses unique biological traits for authentication?

A Password B Biometric code C Encryption key D Access token

Why: Biometric codes use unique biological traits such as fingerprints or retina scans for authentication.

Question 403

Question bank

Which of the following is an example of a cryptographic access code?

A Password B PIN C Encryption key D Biometric scan

Why: Encryption keys are cryptographic access codes used to secure data by encoding it.

Question 404

Question bank

Under which section of the IT Act, 2000 is the unauthorized use of access codes addressed?

A Section 43 B Section 65 C Section 66 D Section 72

Why: Section 43 of the IT Act, 2000 deals with penalties for unauthorized access to computer systems, including misuse of access codes.

Question 405

Question bank

Which section of the IT Act, 2000 prescribes punishment for hacking using access codes?

A Section 66 B Section 43 C Section 69 D Section 72

Why: Section 66 of the IT Act, 2000 prescribes punishment for hacking, which includes unauthorized access using access codes.

Question 406

Question bank

Which provision under the IT Act, 2000 allows the government to intercept or monitor access codes in certain circumstances?

A Section 69 B Section 66C C Section 43 D Section 72

Why: Section 69 empowers the government to intercept, monitor or decrypt any information including access codes for security purposes.

Question 407

Question bank

Which of the following statements about Section 66C of the IT Act, 2000 is correct?

A It deals with identity theft using access codes B It deals with unauthorized destruction of data C It provides immunity for authorized access D It prescribes penalties for data privacy violations

Why: Section 66C specifically addresses identity theft, which often involves misuse of access codes.

Question 408

Question bank

Which of the following constitutes an offence involving access codes under the IT Act, 2000?

A Using someone else's password without permission B Sharing your password with a colleague C Changing your own password regularly D Reporting a security breach to authorities

Why: Unauthorized use of someone else's access code is an offence under the IT Act, 2000.

Question 409

Question bank

Which of the following acts is considered unauthorized access under the IT Act, 2000?

A Accessing a computer system using stolen access codes B Logging into your own account using your password C Resetting your password after forgetting it D Using a public Wi-Fi network

Why: Accessing a computer system using stolen or unauthorized access codes is an offence under the IT Act.

Question 410

Question bank

Which of the following is an example of an offence involving access codes under the IT Act, 2000?

A Hacking into a system using someone else's password B Installing antivirus software C Updating your own password D Backing up your data

Why: Hacking using unauthorized access codes is a punishable offence under the IT Act.

Question 411

Question bank

Which of the following scenarios would be considered a hard-level offence involving access codes under the IT Act, 2000?

A Using an access code obtained by deception to access confidential information B Sharing your password with a trusted friend C Changing your password regularly D Logging into a public computer

Why: Using access codes obtained by deception to gain unauthorized access to confidential information is a serious offence under the IT Act.

Question 412

Question bank

What is the minimum punishment prescribed under Section 66 of the IT Act, 2000 for hacking using access codes?

A Imprisonment up to 3 years and/or fine up to one lakh rupees B Imprisonment up to 6 months only C Fine only D No punishment prescribed

Why: Section 66 prescribes imprisonment up to 3 years and/or fine up to one lakh rupees for hacking offences involving access codes.

Question 413

Question bank

Which of the following penalties can be imposed for unauthorized access using access codes under the IT Act, 2000?

A Imprisonment, fine, or both B Only a warning letter C Community service D No penalty

Why: The IT Act provides for imprisonment, fine, or both for unauthorized access using access codes.

Question 414

Question bank

Under the IT Act, 2000, what is the maximum fine that can be imposed for identity theft involving access codes under Section 66C?

A Two lakh rupees B One lakh rupees C Fifty thousand rupees D No fine prescribed

Why: Section 66C prescribes imprisonment up to three years and/or fine up to two lakh rupees for identity theft involving access codes.

Question 415

Question bank

Which of the following is a valid defense under the IT Act, 2000 against charges of unauthorized access using access codes?

A Access was authorized by the owner or by law B Access was done accidentally without knowledge C Access was done for personal benefit D Access was done to harm the system

Why: Authorized access by the owner or under lawful authority is a valid defense under the IT Act.

Question 416

Question bank

Which of the following is NOT considered a defense under the IT Act, 2000 for unauthorized access using access codes?

A Accidental access without intent B Access authorized by the owner C Access done under lawful authority D Access done to commit fraud

Why: Access done to commit fraud is not a valid defense and is punishable under the IT Act.

Question 417

Question bank

Which of the following best explains the exception clause related to access codes under the IT Act, 2000?

A Access with prior consent or legal authorization is not an offence B Access codes can be shared freely without penalty C Unauthorized access is allowed for research purposes D Access codes are not protected under the law

Why: The Act provides exceptions where access is authorized by the owner or by law, making such access lawful.

Question 418

Question bank

In a case study where an employee used a colleague's access code without permission to alter data, which offence under the IT Act, 2000 is most applicable?

A Unauthorized access and data alteration under Section 43 B Legal access under Section 69 C Identity theft under Section 66C D No offence committed

Why: Using someone else's access code without permission to alter data constitutes unauthorized access and data tampering under Section 43.

Question 419

Question bank

In a reported case, a hacker used stolen access codes to steal confidential information. Which sections of the IT Act, 2000 would be invoked?

A Sections 43 and 66 B Sections 69 and 72 C Sections 65 and 70 D Sections 35 and 36

Why: Sections 43 and 66 deal with unauthorized access and hacking using access codes respectively.

Question 420

Question bank

In a hard-level case, an individual bypassed biometric access controls using fake fingerprints. Which offence and penalty under the IT Act, 2000 would apply?

A Hacking under Section 66 with imprisonment up to 3 years and fine B Legal access under Section 69 C Data privacy breach under Section 72 D No offence as biometrics are not covered

Why: Bypassing biometric access controls is hacking under Section 66, punishable with imprisonment and fine.

Question 421

Question bank

Which of the following best defines an 'Access Code' under the Information Technology Act, 2000?

A A password or any other unique identification used to access a computer resource B A physical key used to open a computer hardware device C A software program that controls access to a network D An encryption algorithm used for data security

Why: Under the IT Act, 2000, an 'Access Code' refers to any password, PIN, or other unique identification used to gain access to a computer resource.

Question 422

Question bank

Which of the following is NOT considered an Access Code under the IT Act, 2000?

A Password B Biometric data like fingerprint C Encryption key D Physical hardware device like a USB drive

Why: Access Code refers to passwords, PINs, or other unique identifiers, including biometric data and encryption keys, but not physical hardware devices themselves.

Question 423

Question bank

How does the IT Act, 2000 legally recognize the importance of Access Codes in computer security?

A By defining Access Codes as public information B By criminalizing unauthorized use or disclosure of Access Codes C By exempting Access Codes from any legal protection D By mandating all Access Codes to be shared with government agencies

Why: The IT Act, 2000 treats Access Codes as sensitive information and penalizes unauthorized use or disclosure to protect computer resources.

Question 424

Question bank

Which section of the IT Act, 2000 specifically deals with punishment for dishonestly using someone else's Access Code?

A Section 43 B Section 66 C Section 66C D Section 72

Why: Section 66C of the IT Act, 2000 deals with punishment for identity theft, including dishonest use of someone else's Access Code.

Question 425

Question bank

Which of the following best describes 'Unauthorized Access' under the IT Act, 2000 in relation to Access Codes?

A Accessing a computer resource with the owner's permission B Accessing a computer resource without permission using valid or invalid Access Codes C Sharing Access Codes with authorized users D Changing Access Codes with the owner's consent

Why: Unauthorized access means accessing a computer resource without permission, often by using Access Codes that are either stolen or guessed.

Question 426

Question bank

Which section of the IT Act, 2000 addresses punishment for hacking that involves tampering with Access Codes?

A Section 66 B Section 66C C Section 66D D Section 67

Why: Section 66 of the IT Act, 2000 deals with hacking, which includes tampering with Access Codes to gain unauthorized access.

Question 427

Question bank

Which of the following actions constitutes an offence under Section 66D of the IT Act, 2000 concerning Access Codes?

A Unauthorised access to a computer system B Identity theft using Access Codes C Cheating by personation using a computer resource D Dishonest use of digital signatures

Why: Section 66D penalizes cheating by personation using a computer resource, which often involves misuse of Access Codes.

Question 428

Question bank

Which section of the IT Act, 2000 prescribes punishment for identity theft involving Access Codes?

A Section 66C B Section 66D C Section 43 D Section 65

Why: Section 66C specifically deals with identity theft, including the dishonest use of someone else's Access Code.

Question 429

Question bank

Under which section of the IT Act, 2000 is the punishment for hacking with computer systems, including misuse of Access Codes, prescribed?

A Section 43 B Section 66 C Section 72 D Section 67

Why: Section 66 prescribes punishment for hacking, which includes unauthorized use or tampering of Access Codes.

Question 430

Question bank

Which of the following sections of the IT Act, 2000 is NOT directly related to offences involving Access Codes?

A Section 66C B Section 66D C Section 66 D Section 75

Why: Section 75 deals with offences by companies and is not directly related to Access Code offences.

Question 431

Question bank

Which section of the IT Act, 2000 provides for penalties related to unauthorized access to protected systems using Access Codes?

A Section 43 B Section 66 C Section 66C D Section 72

Why: Section 43 deals with penalties for unauthorized access to protected systems, including misuse of Access Codes.

Question 432

Question bank

What is the maximum imprisonment term prescribed under Section 66C of the IT Act, 2000 for identity theft involving Access Codes?

A 3 years B 5 years C 7 years D 10 years

Why: Section 66C prescribes imprisonment up to 3 years or a fine up to one lakh rupees or both. However, amendments and judicial interpretations have sometimes extended punishments; the original maximum is 3 years.

Question 433

Question bank

Which of the following punishments can be imposed under Section 66D of the IT Act, 2000 for cheating by personation using Access Codes?

A Imprisonment up to 3 years and fine up to one lakh rupees B Imprisonment up to 5 years and fine up to two lakh rupees C Imprisonment up to 7 years and fine up to five lakh rupees D Only fine up to one lakh rupees

Why: Section 66D prescribes imprisonment up to 3 years and/or fine up to one lakh rupees for cheating by personation using Access Codes.

Question 434

Question bank

Which punishment is prescribed under Section 66 for hacking involving Access Codes under the IT Act, 2000?

A Imprisonment up to 3 years or fine up to one lakh rupees or both B Imprisonment up to 5 years or fine or both C Imprisonment up to 10 years and fine D Only fine

Why: Section 66 prescribes imprisonment up to 3 years or fine or both. However, amendments have increased imprisonment up to 5 years for hacking offences.

Question 435

Question bank

Which of the following is a valid defense under the IT Act, 2000 against charges of unauthorized use of Access Codes?

A Access was obtained with the consent of the owner B Access was obtained by guessing the password C Access was obtained for personal gain D Access was obtained to cause damage

Why: Consent of the owner is a valid defense against unauthorized access charges under the IT Act, 2000.

Question 436

Question bank

Under the IT Act, 2000, which of the following scenarios may NOT be considered an offence related to Access Codes due to exceptions provided in the Act?

A Accessing a computer system with the owner’s permission B Using someone else’s Access Code without permission C Hacking into a government database D Disclosing Access Codes to unauthorized persons

Why: Access with the owner’s permission is an exception and not an offence under the IT Act, 2000.

Question 437

Question bank

Which of the following is a recognized defense under the IT Act, 2000 for an accused charged with misuse of Access Codes?

A The accused was authorized by law to access the computer resource B The accused intended to cause harm C The accused shared the Access Code publicly D The accused altered data without permission

Why: Authorization by law is a valid defense under the IT Act, 2000 against charges of misuse of Access Codes.

Question 438

Question bank

In a landmark case involving misuse of Access Codes, the court held that unauthorized access must be proved beyond reasonable doubt. This principle is an example of which concept under the IT Act, 2000?

A Legal significance of Access Code B Exceptions and defenses under the Act C Punishments and penalties for Access Code offences D Sections of IT Act relevant to Access Code offences

Why: The requirement to prove unauthorized access beyond reasonable doubt relates to exceptions and defenses under the Act.

Question 439

Question bank

In a recent case, an individual was convicted under Section 66C for using another person’s Access Code to commit fraud. Which of the following best illustrates the real-world application of Access Code offences under the IT Act, 2000?

A Unauthorized use of passwords leading to identity theft B Physical theft of computer hardware C Illegal downloading of copyrighted software D Spreading computer viruses

Why: Unauthorized use of passwords or Access Codes leading to identity theft is a typical real-world application of Access Code offences.

Question 440

Question bank

Which of the following cases would most likely be prosecuted under Section 66D of the IT Act, 2000 involving Access Codes?

A Using someone else’s Access Code to impersonate them and cheat B Deleting data from a computer without permission C Sending offensive messages through a computer D Unauthorized access to government servers

Why: Section 66D deals with cheating by personation using a computer resource, often involving misuse of Access Codes.

Question 441

Question bank

In a complex cybercrime case, an accused argued that the Access Code was obtained accidentally and no harm was done. Which aspect of the IT Act, 2000 is being tested here?

A Definition of Access Code B Punishments and penalties for Access Code offences C Exceptions and defenses under the Act D Sections of IT Act relevant to Access Code offences

Why: The argument relates to exceptions and defenses under the Act, where intent and harm are considered.

Question 442

Question bank

Under the Information Technology Act 2000, how is 'Criminal Liability' primarily defined?

A Liability arising from breach of civil contracts related to computers B Liability imposed for commission of offences punishable under the IT Act C Liability for damages caused by negligence in computer operations D Liability for unauthorized use of software licenses

Why: Criminal liability under the IT Act 2000 refers to the legal responsibility for offences punishable under the Act, involving commission of computer-related crimes.

Question 443

Question bank

Which of the following best describes criminal liability under the IT Act 2000?

A Responsibility for civil wrongs related to computer misuse B Legal accountability for offences involving computer resources C Obligation to pay compensation for data loss D Duty to comply with software licensing agreements

Why: Criminal liability under the IT Act 2000 involves legal accountability for offences committed using computer resources, distinct from civil liabilities.

Question 444

Question bank

Which of the following elements is essential to establish criminal liability under the IT Act 2000?

A Existence of a contract between parties B Proof of mens rea or intent to commit offence C Negligence causing data loss D Violation of civil regulations

Why: Mens rea, or the guilty mind/intent, is a fundamental element to establish criminal liability under the IT Act 2000.

Question 445

Question bank

Which of the following is NOT a type of computer offence attracting criminal liability under the IT Act 2000?

A Hacking into protected systems B Identity theft using computer resources C Breach of contract for software purchase D Publishing obscene material online

Why: Breach of contract is a civil matter and does not attract criminal liability under the IT Act 2000, unlike hacking, identity theft, or publishing obscene material.

Question 446

Question bank

Which of the following offences is covered under the IT Act 2000 as a criminal offence?

A Unauthorized access to protected computer systems B Failure to pay software license fees C Violation of website terms and conditions D Non-disclosure of personal data

Why: Unauthorized access (hacking) to protected computer systems is a criminal offence under the IT Act 2000.

Question 447

Question bank

Which of the following computer offences under the IT Act 2000 involves fraudulent use of electronic signatures or passwords?

A Section 66C - Identity Theft B Section 65 - Tampering with Computer Source Documents C Section 66D - Cheating by Personation by Using Computer Resource D Section 66F - Cyber Terrorism

Why: Section 66C deals with identity theft, which includes fraudulent use of electronic signatures or passwords.

Question 448

Question bank

Which of the following offences under the IT Act 2000 is considered the most serious and involves acts threatening the sovereignty and integrity of India using computer resources?

A Section 66 - Computer Related Offences B Section 66F - Cyber Terrorism C Section 66E - Violation of Privacy D Section 65 - Tampering with Computer Source Documents

Why: Section 66F deals with cyber terrorism, which involves serious offences threatening national security using computer resources.

Question 449

Question bank

Which section of the IT Act 2000 deals with tampering with computer source documents and attracting criminal liability?

A Section 65 B Section 66C C Section 66D D Section 66F

Why: Section 65 specifically deals with tampering with computer source documents and prescribes punishment for it.

Question 450

Question bank

Section 66D of the IT Act 2000 pertains to which of the following offences?

A Identity theft B Cheating by personation using computer resources C Violation of privacy D Cyber terrorism

Why: Section 66D deals with cheating by personation by using computer resources.

Question 451

Question bank

Which section of the IT Act 2000 prescribes punishment for violation of privacy by capturing images or videos without consent?

A Section 66E B Section 66C C Section 65 D Section 66F

Why: Section 66E deals with violation of privacy, including capturing images of private areas without consent.

Question 452

Question bank

Which of the following sections prescribes the highest punishment under the IT Act 2000 for cyber terrorism offences?

A Section 66 B Section 66F C Section 66C D Section 65

Why: Section 66F prescribes the highest punishment, including imprisonment for life, for cyber terrorism offences.

Question 453

Question bank

Which section of the IT Act 2000 deals with hacking and provides punishment for it?

A Section 65 B Section 66 C Section 66C D Section 66D

Why: Section 66 deals with computer-related offences including hacking and prescribes punishment.

Question 454

Question bank

Under Section 66C of the IT Act 2000, what is the maximum punishment for identity theft?

A Imprisonment up to 3 years and fine up to Rs. 1 lakh B Imprisonment up to 5 years and fine up to Rs. 1 lakh C Imprisonment up to 3 years and fine up to Rs. 5 lakh D Imprisonment up to 7 years and fine up to Rs. 5 lakh

Why: Section 66C prescribes imprisonment up to 3 years and fine up to Rs. 1 lakh for identity theft.

Question 455

Question bank

What is the punishment prescribed under Section 66E of the IT Act 2000 for violation of privacy?

A Imprisonment up to 3 years or fine up to Rs. 2 lakh or both B Imprisonment up to 1 year or fine up to Rs. 1 lakh or both C Imprisonment up to 5 years and fine up to Rs. 5 lakh D Imprisonment up to 7 years and fine up to Rs. 10 lakh

Why: Section 66E prescribes imprisonment up to 3 years or fine up to Rs. 2 lakh or both for violation of privacy.

Question 456

Question bank

Which of the following punishments is prescribed under Section 65 of the IT Act 2000 for tampering with computer source documents?

A Imprisonment up to 3 years or fine up to Rs. 2 lakh or both B Imprisonment up to 5 years and fine up to Rs. 5 lakh C Imprisonment up to 7 years and fine up to Rs. 10 lakh D Fine only

Why: Section 65 prescribes imprisonment up to 3 years or fine up to Rs. 2 lakh or both for tampering with computer source documents.

Question 457

Question bank

What is the maximum punishment under Section 66F for cyber terrorism under the IT Act 2000?

A Imprisonment up to 3 years and fine B Imprisonment up to 5 years and fine C Imprisonment for life D Fine only

Why: Section 66F prescribes imprisonment for life for cyber terrorism offences.

Question 458

Question bank

Which of the following is a procedural requirement before prosecution under the IT Act 2000 for certain offences?

A Prior approval of the Central Government B Filing a civil suit first C Obtaining permission from the victim D Mandatory mediation

Why: Certain offences under the IT Act 2000 require prior approval of the Central Government before prosecution.

Question 459

Question bank

Which authority is primarily responsible for investigating offences under the IT Act 2000?

A Police officers not below the rank of Inspector B Any police officer C Cyber Appellate Tribunal D District Magistrate

Why: Investigations under the IT Act 2000 are generally conducted by police officers not below the rank of Inspector.

Question 460

Question bank

Which of the following is true regarding the procedure for prosecution under the IT Act 2000?

A Complaints must be filed within 6 months of the offence B Prosecution can commence only after approval from the Cyber Appellate Tribunal C Certain offences require prior sanction from the Central Government D All offences are cognizable and non-bailable

Why: Certain offences under the IT Act 2000 require prior sanction or approval from the Central Government before prosecution.

Question 461

Question bank

Which of the following procedural aspects is considered 'hard' level under prosecution in IT Act 2000?

A Role of police officers in investigation B Requirement of prior approval for prosecution of certain offences C Time limit for filing complaints D Jurisdiction of Cyber Appellate Tribunal

Why: The requirement of prior approval for prosecution of certain offences is a complex procedural aspect under the IT Act 2000.

Question 462

Question bank

Which of the following best distinguishes criminal liability from civil liability under the IT Act 2000?

A Criminal liability involves payment of damages; civil liability involves imprisonment B Criminal liability requires proof beyond reasonable doubt; civil liability requires preponderance of evidence C Both liabilities require the same standard of proof D Civil liability is punishable by imprisonment

Why: Criminal liability requires proof beyond reasonable doubt, whereas civil liability requires proof on the balance or preponderance of probabilities.

Question 463

Question bank

Which of the following is a key difference between civil and criminal liability under the IT Act 2000?

A Civil liability involves government prosecution; criminal liability involves private parties B Criminal liability involves punishment like imprisonment; civil liability involves compensation C Civil liability is always more severe than criminal liability D Criminal liability does not require mens rea

Why: Criminal liability typically involves punishment such as imprisonment or fine, whereas civil liability involves compensation or damages.

Question 464

Question bank

Which of the following statements is true regarding civil and criminal liability under the IT Act 2000?

A Civil liability requires mens rea; criminal liability does not B Criminal liability is enforced by the state; civil liability is enforced by private parties C Both liabilities are punishable by imprisonment D Civil liability is applicable only to individuals, criminal liability only to companies

Why: Criminal liability is enforced by the state through prosecution, whereas civil liability is enforced by private parties through civil suits.

Question 465

Question bank

In the context of criminal liability under the IT Act 2000, what role does 'mens rea' play?

A It is irrelevant for establishing liability B It refers to the physical act of committing the offence C It denotes the intention or knowledge of wrongdoing D It is a procedural step before prosecution

Why: Mens rea refers to the mental element or intention to commit a crime, which is crucial in establishing criminal liability.

Question 466

Question bank

Which of the following best describes the importance of intent (mens rea) in criminal liability under the IT Act 2000?

A Intent is not required if the act is committed accidentally B Intent is necessary to prove commission of certain offences C Intent is only relevant in civil cases D Intent can be presumed in all cases

Why: Intent or mens rea is necessary to prove the commission of many offences under the IT Act 2000 to establish criminal liability.

Question 467

Question bank

Which of the following scenarios would NOT establish criminal liability under the IT Act 2000 due to lack of mens rea?

A A person unknowingly clicks on a malicious link causing damage B A hacker intentionally accesses a protected system C A person fraudulently uses another's password D A person publishes obscene material online intentionally

Why: Accidental or unintentional acts without mens rea generally do not establish criminal liability under the IT Act 2000.

Question 468

Question bank

Which of the following is a recognized defense under the criminal liability provisions of the IT Act 2000?

A Mistake of fact B Ignorance of law C Accidental commission without intent D All of the above

Why: Accidental commission without intent (lack of mens rea) can be a defense; ignorance of law is generally not a defense.

Question 469

Question bank

Under the IT Act 2000, which of the following exceptions may be used as a defense against criminal liability?

A Consent of the owner for accessing computer resources B Ignorance of the offence C Accidental damage without intention D Both A and C

Why: Consent of the owner and accidental damage without intention are valid defenses; ignorance of law is not.

Question 470

Question bank

Which of the following is NOT considered a valid defense under the criminal liability provisions of the IT Act 2000?

A Accidental commission of offence without mens rea B Consent of the victim C Ignorance of the law D Act done in good faith for public interest

Why: Ignorance of the law is generally not a valid defense under the IT Act 2000 or any criminal law.

Question 471

Question bank

Which of the following best defines 'Criminal Liability' under the Information Technology Act, 2000?

A Legal responsibility for civil wrongs involving computers B Legal responsibility for offences punishable under the IT Act involving computer-related crimes C Obligation to pay compensation for damage caused to computer systems D Responsibility to maintain data privacy in computer networks

Why: Criminal liability under the IT Act, 2000 refers to the legal responsibility for offences punishable under the Act related to computer crimes.

Question 472

Question bank

Under the IT Act 2000, criminal liability arises when a person:

A Accidentally deletes a file from a computer B Intentionally accesses a computer without authorization to commit an offence C Uses a computer for personal data storage only D Shares non-confidential information over email

Why: Criminal liability arises when a person intentionally accesses a computer without authorization to commit an offence under the IT Act.

Question 473

Question bank

Which element is essential to establish criminal liability under the IT Act 2000?

A Proof of negligence B Proof of intent (mens rea) C Proof of civil damage D Proof of breach of contract

Why: Proof of intent or mens rea is essential to establish criminal liability under the IT Act 2000.

Question 474

Question bank

Which of the following is NOT a computer offence attracting criminal liability under the IT Act 2000?

A Hacking into a computer system B Identity theft using electronic means C Sending offensive messages through communication service D Breach of contract for software licensing

Why: Breach of contract is a civil matter and does not attract criminal liability under the IT Act 2000.

Question 475

Question bank

Which offence under the IT Act 2000 involves dishonestly receiving stolen computer resources or communication devices?

A Section 66 - Hacking B Section 66B - Receiving stolen computer resources C Section 66C - Identity theft D Section 66D - Cheating by personation

Why: Section 66B deals with dishonestly receiving stolen computer resources or communication devices.

Question 476

Question bank

Which of the following offences under the IT Act 2000 involves tampering with computer source documents?

A Section 65 B Section 66 C Section 66B D Section 66F

Why: Section 65 of the IT Act 2000 deals with tampering with computer source documents.

Question 477

Question bank

Which section of the IT Act 2000 prescribes punishment for identity theft?

A Section 66C B Section 66D C Section 66E D Section 66F

Why: Section 66C of the IT Act 2000 prescribes punishment for identity theft.

Question 478

Question bank

Which section of the IT Act 2000 deals with punishment for hacking with computer systems?

A Section 43 B Section 66 C Section 67 D Section 69

Why: Section 66 prescribes punishment for hacking under the IT Act 2000.

Question 479

Question bank

Section 67 of the IT Act 2000 primarily deals with offences related to:

A Obscene electronic communication B Tampering with computer source documents C Identity theft D Unauthorized access to protected systems

Why: Section 67 deals with publishing or transmitting obscene material in electronic form.

Question 480

Question bank

Which section empowers the government to intercept, monitor or decrypt any information transmitted through any computer resource for security purposes?

A Section 66F B Section 69 C Section 70 D Section 72

Why: Section 69 empowers the government to intercept, monitor or decrypt information for security reasons.

Question 481

Question bank

Which section of the IT Act 2000 prescribes punishment for cyber terrorism?

A Section 66F B Section 67 C Section 66C D Section 69

Why: Section 66F deals with cyber terrorism and prescribes punishment for it.

Question 482

Question bank

What is the maximum imprisonment term prescribed under Section 66C for identity theft under the IT Act 2000?

A 3 years B 5 years C 7 years D 10 years

Why: Section 66C prescribes imprisonment up to 3 years or a fine or both; however, the maximum term is 3 years, not 5. (Note: Correct answer should be 3 years; options adjusted accordingly.)

Question 483

Question bank

Under the IT Act 2000, what is the punishment for sending offensive messages through communication service as per Section 66A?

A Imprisonment up to 3 years and fine B Imprisonment up to 1 year and fine C Imprisonment up to 6 months and fine D Imprisonment up to 5 years and fine

Why: Section 66A prescribes imprisonment up to 3 years and fine for sending offensive messages through communication service.

Question 484

Question bank

Which of the following penalties is prescribed under Section 65 for tampering with computer source documents?

A Imprisonment up to 3 years or fine up to one lakh rupees or both B Imprisonment up to 5 years or fine up to two lakh rupees or both C Imprisonment up to 1 year or fine up to fifty thousand rupees or both D Imprisonment up to 7 years or fine up to five lakh rupees or both

Why: Section 65 prescribes imprisonment up to 3 years or fine up to one lakh rupees or both for tampering with computer source documents.

Question 485

Question bank

Which punishment is prescribed under Section 66F for cyber terrorism?

A Imprisonment for life or imprisonment up to 3 years B Imprisonment for life or imprisonment up to 10 years C Imprisonment for life or imprisonment up to 5 years D Imprisonment up to 7 years or fine

Why: Section 66F prescribes imprisonment for life or imprisonment up to 10 years for cyber terrorism.

Question 486

Question bank

Which authority is primarily responsible for initiating prosecution under the IT Act 2000?

A Police officer not below the rank of Inspector B Any government official C Magistrate D Cyber Appellate Tribunal

Why: The IT Act 2000 authorizes police officers not below the rank of Inspector to investigate and initiate prosecution.

Question 487

Question bank

Under the IT Act 2000, which of the following is a mandatory step before prosecution for certain offences?

A Obtaining prior approval from the central government B Filing a civil suit C Issuing a public notice D Conducting a mediation session

Why: Certain prosecutions under the IT Act require prior approval from the central government before proceeding.

Question 488

Question bank

Which section of the IT Act 2000 provides for the protection of action taken in good faith during investigation or prosecution?

A Section 79 B Section 80 C Section 81 D Section 82

Why: Section 79 provides immunity to intermediaries for any third-party information or data hosted, provided due diligence is followed.

Question 489

Question bank

Which of the following is a procedural requirement for prosecution under the IT Act 2000?

A Prosecution can be initiated only after a complaint is filed by a victim B Prosecution requires prior sanction from the government in all cases C Prosecution can be initiated suo moto by police without any complaint D Prosecution is only through civil courts

Why: Generally, prosecution under the IT Act requires a complaint by the victim or authorized person.

Question 490

Question bank

Which of the following is a key difference between civil and criminal liability under the IT Act 2000?

A Civil liability involves punishment by imprisonment, criminal liability involves compensation B Civil liability requires proof of mens rea, criminal liability does not C Criminal liability involves punishment such as imprisonment or fine, civil liability involves compensation or damages D Civil liability is always filed by the government, criminal liability by private parties

Why: Criminal liability involves punishments like imprisonment or fines, whereas civil liability generally involves compensation or damages.

Question 491

Question bank

Which of the following statements correctly distinguishes criminal liability from civil liability under the IT Act 2000?

A Criminal liability requires a higher standard of proof than civil liability B Civil liability always results in imprisonment C Criminal liability is resolved through compensation payments only D Civil liability is punishable by imprisonment

Why: Criminal liability requires proof beyond reasonable doubt, which is a higher standard than the balance of probabilities in civil liability.

Question 492

Question bank

Which of the following is NOT a characteristic of criminal liability under the IT Act 2000 compared to civil liability?

A Requires mens rea (intent) B Leads to imprisonment or fine C Can be initiated by the victim only D Requires proof beyond reasonable doubt

Why: Criminal liability can be initiated by the state or victim, but not only by the victim; civil suits are usually initiated by the victim.

Question 493

Question bank

What role does 'mens rea' play in establishing criminal liability under the IT Act 2000?

A It is irrelevant for criminal offences under the IT Act B It refers to the physical act of committing the offence C It denotes the guilty intention or knowledge behind the offence D It is only required for civil liability

Why: Mens rea refers to the guilty intention or knowledge necessary to establish criminal liability.

Question 494

Question bank

Which of the following best illustrates the role of mens rea in IT Act offences?

A Accidental deletion of data leading to liability B Intentional hacking to steal information C Negligent use of computer resources D Unintentional transmission of virus

Why: Intentional hacking demonstrates mens rea, which is required for criminal liability under the IT Act.

Question 495

Question bank

Which statement is true regarding mens rea in IT Act criminal offences?

A Mens rea is presumed in all IT Act offences B Mens rea must be proven unless the offence is strict liability C Mens rea is not required for any offence under the IT Act D Mens rea is only relevant in civil cases

Why: Mens rea must be proven for criminal offences unless the offence is one of strict liability.

Question 496

Question bank

Which of the following scenarios best demonstrates the application of criminal liability under the IT Act 2000?

A A user unknowingly downloads malware that damages their own system B A hacker intentionally accesses a bank's computer system to steal funds C A company breaches a software license agreement D An employee accidentally sends confidential data to the wrong recipient

Why: Intentional unauthorized access to steal funds is a criminal offence under the IT Act.

Question 497

Question bank

In which case would criminal liability NOT be attracted under the IT Act 2000?

A Deliberate hacking of a government server B Accidental deletion of files without intent to harm C Sending offensive messages online intentionally D Identity theft using electronic means

Why: Accidental deletion without intent does not attract criminal liability as mens rea is absent.

Question 498

Question bank

Refer to the scenario: An employee intentionally alters source code to cause damage to the company’s software. Under which section of the IT Act 2000 is the employee liable?

A Section 65 B Section 66 C Section 66C D Section 67

Why: Section 65 deals with tampering with computer source documents, which applies here.

Question 499

Question bank

A hacker gains unauthorized access to a government database and alters sensitive data. The hacker then uses a phishing attack to distribute malware that encrypts data on multiple private sector networks, demanding ransom. Considering the Information Technology Act 2000, which combination of offences and liabilities correctly applies to the hacker's actions?

A Section 66 (Hacking), Section 66F (Cyber Terrorism), and Section 43 (Damage to Computer) with criminal and civil liabilities B Section 65 (Tampering with Computer Source Documents), Section 66E (Violation of Privacy), and Section 72 (Breach of Confidentiality) with only civil liabilities C Section 66C (Identity Theft), Section 66D (Cheating by Personation), and Section 66F (Cyber Terrorism) with criminal liabilities only D Section 43 (Damage to Computer), Section 66 (Hacking), and Section 66F (Cyber Terrorism) with criminal liabilities and possible imprisonment

Why: Step 1: Unauthorized access and alteration of government data constitutes 'Hacking' under Section 66. Step 2: The act targets government infrastructure and uses malware to cause widespread damage, fitting the definition of 'Cyber Terrorism' under Section 66F. Step 3: Encrypting data causing damage to computers/networks falls under Section 43 (damage to computer). Step 4: These offences attract criminal liability, including imprisonment and fines, as per the IT Act. Step 5: Civil liabilities may arise but the question focuses on criminal liability primarily. Options A and D are close, but Section 43 is a civil section; however, combined with 66 and 66F, criminal liability is established. Option B incorrectly applies privacy and confidentiality sections which do not fit the scenario. Option C misapplies identity theft and cheating by personation, which are not relevant here.

Question 500

Question bank

An employee copies proprietary source code from the company's server without authorization and uploads it to a public repository. Later, the employee uses a fake email to impersonate a senior manager to authorize a fraudulent transaction. Under the IT Act 2000, which sections apply and what is the nature of criminal liability?

A Section 65 (Tampering with Computer Source Documents), Section 66D (Cheating by Personation), and Section 72 (Breach of Confidentiality) with imprisonment and fine B Section 66 (Hacking), Section 66C (Identity Theft), and Section 43 (Damage to Computer) with civil liability only C Section 65 (Tampering with Computer Source Documents), Section 66C (Identity Theft), and Section 66D (Cheating by Personation) with criminal liability including imprisonment D Section 43 (Damage to Computer), Section 66F (Cyber Terrorism), and Section 72A (Publishing Obscene Material) with criminal liability

Why: Step 1: Copying proprietary source code without authorization falls under Section 65 (Tampering with Computer Source Documents). Step 2: Using a fake email to impersonate a senior manager is identity theft under Section 66C. Step 3: The fraudulent authorization is cheating by personation under Section 66D. Step 4: These sections attract criminal liability including imprisonment and fines. Step 5: Section 72 (Breach of Confidentiality) is not directly applicable here as the breach is unauthorized copying and impersonation, not mere confidentiality breach. Option A incorrectly includes Section 72 which is more about disclosure of information. Option B wrongly includes Section 66 (Hacking) which requires unauthorized access, not copying after access. Option D includes irrelevant sections like Cyber Terrorism and Publishing Obscene Material.

Question 501

Question bank

A cybercriminal sends a virus that deletes 37.5% of data on a company's server, causing a loss of ₹3,75,000. The company sues for damages under the IT Act 2000. Considering the thresholds for compensation and criminal liability, which of the following statements is correct?

A Since the loss exceeds ₹2,00,000, the cybercriminal is liable under Section 43 with compensation and under Section 66 with imprisonment B Loss below ₹5,00,000 exempts criminal liability, so only civil compensation under Section 43 applies C Loss exceeding ₹3,00,000 triggers both civil and criminal liability under Sections 43 and 66 respectively D The percentage of data deleted is irrelevant; only the monetary loss matters for liability under Section 43

Why: Step 1: Section 43 provides for compensation for damage to computer systems. Step 2: Section 66 deals with hacking and prescribes criminal penalties. Step 3: The IT Act does not specify a ₹5,00,000 threshold exempting criminal liability; criminal liability arises regardless of loss amount if hacking is proven. Step 4: Monetary loss of ₹3,75,000 exceeds ₹2,00,000, so compensation is applicable. Step 5: The percentage of data deleted (37.5%) is relevant to assess damage but monetary loss is primary for compensation. Therefore, Option A correctly combines civil and criminal liabilities. Option B incorrectly assumes a threshold exempting criminal liability. Option C invents a ₹3,00,000 threshold not in the Act. Option D ignores the relevance of data percentage which helps quantify damage.

Question 502

Question bank

A person intercepts electronic communication between two parties without consent, then alters the message content and forwards it to a third party, causing financial loss. Under the IT Act 2000, which combination of offences and liabilities applies?

A Section 66F (Cyber Terrorism), Section 72 (Breach of Confidentiality), and Section 66 (Hacking) with criminal liability B Section 66A (Sending Offensive Messages), Section 72A (Publishing Obscene Material), and Section 43 (Damage to Computer) with civil liability C Section 66B (Identity Theft), Section 66C (Cheating by Personation), and Section 72 (Breach of Confidentiality) with criminal liability D Section 70 (Protected System), Section 66 (Hacking), and Section 72 (Breach of Confidentiality) with criminal liability

Why: Step 1: Intercepting communication without consent is hacking under Section 66. Step 2: Altering message content and forwarding it causes breach of confidentiality under Section 72. Step 3: If the system is a 'Protected System' under Section 70, hacking it attracts higher penalties. Step 4: Sections 66A and 72A are unrelated to interception and alteration of communication. Step 5: Identity theft and cheating by personation do not fit the scenario. Therefore, Option D correctly identifies the applicable sections and liabilities. Option A incorrectly includes Cyber Terrorism which requires intent to threaten the unity or security of India. Option B mixes unrelated sections. Option C misapplies identity theft.

Question 503

Question bank

A software developer intentionally plants a logic bomb in a financial institution's software that triggers after 45 days, deleting 12.5% of transaction records and causing a loss of ₹1,25,000. The developer also leaks confidential client data online. Which sections of the IT Act 2000 apply, and what is the nature of liability?

A Section 66 (Hacking), Section 72 (Breach of Confidentiality), and Section 66F (Cyber Terrorism) with criminal liability and imprisonment B Section 43 (Damage to Computer), Section 72A (Publishing Obscene Material), and Section 65 (Tampering with Source Documents) with civil liability only C Section 66 (Hacking), Section 72 (Breach of Confidentiality), and Section 43 (Damage to Computer) with criminal and civil liabilities D Section 65 (Tampering with Source Documents), Section 66C (Identity Theft), and Section 72 (Breach of Confidentiality) with criminal liability

Why: Step 1: Planting a logic bomb causing damage is hacking under Section 66. Step 2: Deleting transaction records is damage to computer under Section 43. Step 3: Leaking confidential client data is breach of confidentiality under Section 72. Step 4: Cyber Terrorism (Section 66F) requires intent to threaten security or sovereignty, which is not indicated here. Step 5: Sections 65 and 66C do not fit the facts (no tampering with source documents or identity theft). Step 6: Both criminal (Sections 66, 72) and civil (Section 43) liabilities apply. Option C correctly identifies this. Option A incorrectly includes Cyber Terrorism. Option B misapplies publishing obscene material. Option D wrongly includes identity theft.

Question 504

Question bank

An individual sends a fraudulent email pretending to be a bank official to extract login credentials from customers, then uses those credentials to transfer ₹2,34,567 illegally. Which sections of the IT Act 2000 are applicable, and what penalties can be imposed?

A Section 66C (Identity Theft), Section 66D (Cheating by Personation), and Section 43 (Damage to Computer) with imprisonment up to 3 years and fine B Section 66A (Sending Offensive Messages), Section 72 (Breach of Confidentiality), and Section 66F (Cyber Terrorism) with imprisonment up to 7 years C Section 65 (Tampering with Source Documents), Section 66 (Hacking), and Section 72A (Publishing Obscene Material) with fine only D Section 66C (Identity Theft), Section 66D (Cheating by Personation), and Section 66 (Hacking) with imprisonment up to 10 years

Why: Step 1: Sending fraudulent email to extract credentials is identity theft under Section 66C. Step 2: Using those credentials to impersonate a bank official is cheating by personation under Section 66D. Step 3: Unauthorized use of computer resources causing damage falls under Section 43. Step 4: Penalties include imprisonment up to 3 years or fine or both for Sections 66C and 66D. Step 5: Section 66 (Hacking) is not directly applicable as there is no unauthorized access to computer system but use of stolen credentials. Option B misapplies Cyber Terrorism and offensive messages. Option C is irrelevant. Option D wrongly includes hacking with higher imprisonment.

Question 505

Question bank

A hacker accesses a 'Protected System' without authorization and installs ransomware that encrypts 55% of the data, demanding ₹4,50,000 ransom. The victim pays ₹2,00,000 before reporting. Under the IT Act 2000, which statements about the hacker's criminal liability and victim's legal recourse are correct?

A The hacker is liable under Section 66F (Cyber Terrorism) with imprisonment up to life; the victim can claim compensation under Section 43 B The hacker is liable under Section 66 (Hacking) only; victim has no right to compensation after paying ransom C The hacker is liable under Section 43 (Damage to Computer) with civil liability only; victim cannot claim compensation after ransom payment D The hacker is liable under Section 66F (Cyber Terrorism) and Section 43; victim can claim compensation even after partial ransom payment

Why: Step 1: Unauthorized access to a 'Protected System' with intent to threaten security qualifies as Cyber Terrorism under Section 66F. Step 2: Installing ransomware causing damage is covered under Section 43. Step 3: Criminal liability includes imprisonment up to life under Section 66F. Step 4: Victim can claim compensation under Section 43 regardless of ransom payment, as payment does not waive rights. Step 5: Option A is partially correct but misses compensation after ransom. Option B ignores Cyber Terrorism and wrongly denies compensation. Option C incorrectly limits liability to civil only.

Question 506

Question bank

A person intentionally publishes obscene material online targeting minors, and simultaneously hacks into a government server to alter election data. Which sections of the IT Act 2000 apply, and what is the combined penalty?

A Section 67 (Publishing Obscene Material), Section 66F (Cyber Terrorism), with imprisonment up to 7 years and fine B Section 67A (Publishing Obscene Material for Minors), Section 66 (Hacking), with imprisonment up to 5 years and fine C Section 67 (Publishing Obscene Material), Section 66F (Cyber Terrorism), and Section 66 (Hacking), with imprisonment up to 10 years and fine D Section 67A (Publishing Obscene Material for Minors), Section 66F (Cyber Terrorism), with imprisonment up to 10 years and fine

Why: Step 1: Publishing obscene material targeting minors falls under Section 67A. Step 2: Hacking into government servers to alter election data is Cyber Terrorism under Section 66F. Step 3: Both offences attract severe penalties including imprisonment up to 10 years and fine. Step 4: Section 66 (Hacking) is subsumed under Section 66F when cyber terrorism is involved. Step 5: Option D correctly combines the relevant sections and penalties. Option A incorrectly uses Section 67 instead of 67A for minors. Option B underestimates penalties and misapplies Section 66 instead of 66F. Option C redundantly includes Section 66.

Question 507

Question bank

A company employee accesses customer data without authorization, copies 18% of the database, and shares it with a competitor. The employee also tampers with the source code to introduce a backdoor. Which sections of the IT Act 2000 apply, and what liabilities arise?

A Section 43 (Damage to Computer), Section 65 (Tampering with Source Documents), and Section 72 (Breach of Confidentiality) with criminal and civil liabilities B Section 66 (Hacking), Section 66C (Identity Theft), and Section 72A (Publishing Obscene Material) with criminal liability only C Section 65 (Tampering with Source Documents), Section 66D (Cheating by Personation), and Section 72 (Breach of Confidentiality) with civil liability only D Section 43 (Damage to Computer), Section 66 (Hacking), and Section 72 (Breach of Confidentiality) with criminal liability

Why: Step 1: Unauthorized access and copying of customer data is damage to computer under Section 43. Step 2: Tampering with source code to introduce backdoor is under Section 65. Step 3: Sharing confidential data breaches confidentiality under Section 72. Step 4: These offences attract both criminal and civil liabilities. Step 5: Section 66 (Hacking) is not applicable if employee had authorized access but misused it. Step 6: Identity theft and cheating by personation do not fit the facts. Option A correctly identifies applicable sections and liabilities. Option B misapplies identity theft and publishing obscene material. Option C wrongly limits to civil liability. Option D incorrectly includes hacking.

Question 508

Question bank

A cybercriminal uses a botnet to perform a distributed denial-of-service (DDoS) attack on an e-commerce website, causing it to be unavailable for 72 hours. The attack also steals 15,000 customer email addresses. Which sections of the IT Act 2000 apply, and what penalties can be imposed?

A Section 66 (Hacking), Section 72 (Breach of Confidentiality), and Section 66F (Cyber Terrorism) with imprisonment up to 10 years B Section 43 (Damage to Computer), Section 66 (Hacking), and Section 72A (Publishing Obscene Material) with fine only C Section 66D (Cheating by Personation), Section 66C (Identity Theft), and Section 43 (Damage to Computer) with imprisonment up to 3 years D Section 66 (Hacking), Section 72 (Breach of Confidentiality), and Section 43 (Damage to Computer) with imprisonment and fine

Why: Step 1: DDoS attack causing unavailability is damage to computer under Section 43. Step 2: Unauthorized access and control of botnet is hacking under Section 66. Step 3: Theft of customer email addresses breaches confidentiality under Section 72. Step 4: Penalties include imprisonment and fine. Step 5: Cyber Terrorism (Section 66F) requires intent to threaten security or sovereignty, which is not indicated here. Step 6: Publishing obscene material and cheating by personation do not fit the scenario. Option D correctly identifies applicable sections and penalties. Option A incorrectly includes Cyber Terrorism. Option B underestimates penalties. Option C misapplies identity theft and cheating.

Question 509

Question bank

An individual creates a fake website mimicking a popular bank to collect user credentials and uses those credentials to transfer ₹4,99,999 from multiple accounts. The individual also deletes transaction logs to cover tracks. Which sections of the IT Act 2000 apply, and what is the maximum imprisonment possible?

A Section 66C (Identity Theft), Section 66D (Cheating by Personation), Section 65 (Tampering with Source Documents), with imprisonment up to 3 years B Section 66 (Hacking), Section 66F (Cyber Terrorism), Section 72 (Breach of Confidentiality), with imprisonment up to 7 years C Section 66C (Identity Theft), Section 66D (Cheating by Personation), Section 65 (Tampering with Source Documents), with imprisonment up to 10 years D Section 43 (Damage to Computer), Section 66 (Hacking), Section 72A (Publishing Obscene Material), with imprisonment up to 5 years

Why: Step 1: Creating fake website to collect credentials is identity theft under Section 66C. Step 2: Using credentials to cheat is cheating by personation under Section 66D. Step 3: Deleting transaction logs is tampering with source documents under Section 65. Step 4: Combined offences attract imprisonment up to 10 years. Step 5: Section 66F (Cyber Terrorism) is not applicable as no intent to threaten sovereignty. Step 6: Publishing obscene material is irrelevant. Option C correctly identifies sections and maximum imprisonment. Option A underestimates imprisonment. Option B misapplies cyber terrorism. Option D includes irrelevant sections.

Question 510

Question bank

A hacker accesses a private email server and forwards confidential emails to a competitor. The hacker also modifies the email headers to impersonate the CEO. Which sections of the IT Act 2000 are violated, and what is the nature of liability?

A Section 66 (Hacking), Section 66D (Cheating by Personation), and Section 72 (Breach of Confidentiality) with criminal liability B Section 65 (Tampering with Source Documents), Section 66C (Identity Theft), and Section 43 (Damage to Computer) with civil liability only C Section 66F (Cyber Terrorism), Section 72A (Publishing Obscene Material), and Section 66 (Hacking) with imprisonment up to 7 years D Section 66 (Hacking), Section 66C (Identity Theft), and Section 72 (Breach of Confidentiality) with criminal and civil liabilities

Why: Step 1: Unauthorized access to private email server is hacking under Section 66. Step 2: Modifying email headers to impersonate CEO is cheating by personation under Section 66D. Step 3: Forwarding confidential emails breaches confidentiality under Section 72. Step 4: These offences attract criminal liability including imprisonment and fines. Step 5: Identity theft (Section 66C) is not directly applicable as no identity theft but impersonation is cheating by personation. Option A correctly identifies the sections and liabilities. Option B limits to civil liability incorrectly. Option C misapplies Cyber Terrorism and publishing obscene material. Option D incorrectly includes identity theft.

Question 511

Question bank

An insider installs spyware on company computers to monitor employee activities without consent and transmits the data to an external server. The spyware also deletes 8% of system files over 15 days. Which sections of the IT Act 2000 apply, and what penalties can be imposed?

A Section 66 (Hacking), Section 72 (Breach of Confidentiality), and Section 43 (Damage to Computer) with imprisonment and fine B Section 65 (Tampering with Source Documents), Section 66C (Identity Theft), and Section 72A (Publishing Obscene Material) with civil liability only C Section 66D (Cheating by Personation), Section 66F (Cyber Terrorism), and Section 43 (Damage to Computer) with imprisonment up to 7 years D Section 66 (Hacking), Section 72 (Breach of Confidentiality), and Section 65 (Tampering with Source Documents) with criminal liability

Why: Step 1: Installing spyware without consent is hacking under Section 66. Step 2: Transmitting monitored data breaches confidentiality under Section 72. Step 3: Deleting system files is damage to computer under Section 43. Step 4: These offences attract criminal penalties including imprisonment and fines. Step 5: Tampering with source documents (Section 65) is not directly applicable unless source code is altered. Step 6: Identity theft and publishing obscene material are irrelevant. Option A correctly identifies applicable sections and penalties. Option B limits to civil liability incorrectly. Option C misapplies cheating and cyber terrorism. Option D incorrectly includes tampering.

Question 512

Question bank

A person sends offensive messages via communication service and simultaneously hacks into a telecom provider’s system causing service disruption for 24 hours. Which sections of the IT Act 2000 apply, and what is the maximum punishment?

A Section 66A (Sending Offensive Messages), Section 66 (Hacking), with imprisonment up to 3 years and fine B Section 66A (Sending Offensive Messages), Section 66F (Cyber Terrorism), with imprisonment up to 7 years and fine C Section 66 (Hacking), Section 72 (Breach of Confidentiality), with imprisonment up to 5 years D Section 66A (Sending Offensive Messages), Section 43 (Damage to Computer), with fine only

Why: Step 1: Sending offensive messages via communication service is punishable under Section 66A. Step 2: Hacking into telecom provider’s system causing disruption qualifies as Cyber Terrorism under Section 66F. Step 3: Maximum punishment under Section 66A is imprisonment up to 3 years and fine. Step 4: Under Section 66F, imprisonment can extend up to 7 years and fine. Step 5: Combined maximum punishment is imprisonment up to 7 years and fine. Option B correctly identifies applicable sections and maximum punishment. Option A underestimates punishment by excluding Cyber Terrorism. Option C misapplies breach of confidentiality. Option D limits to fine only incorrectly.

Question 513

Question bank

A person accesses a computer system without permission, downloads 22% of confidential files, and deletes audit logs to hide tracks. The person also publishes some files online. Which sections of the IT Act 2000 apply, and what is the nature of liability?

A Section 66 (Hacking), Section 65 (Tampering with Source Documents), Section 72 (Breach of Confidentiality), with criminal liability B Section 43 (Damage to Computer), Section 66C (Identity Theft), Section 72A (Publishing Obscene Material), with civil liability only C Section 66 (Hacking), Section 66D (Cheating by Personation), Section 72 (Breach of Confidentiality), with criminal liability D Section 65 (Tampering with Source Documents), Section 66F (Cyber Terrorism), Section 72 (Breach of Confidentiality), with imprisonment up to 10 years

Why: Step 1: Unauthorized access is hacking under Section 66. Step 2: Deleting audit logs is tampering with source documents under Section 65. Step 3: Publishing confidential files breaches confidentiality under Section 72. Step 4: These offences attract criminal liability including imprisonment and fines. Step 5: Identity theft and cheating by personation do not fit the facts. Cyber Terrorism is not applicable without intent to threaten security. Option A correctly identifies applicable sections and liabilities. Option B limits to civil liability incorrectly. Option C misapplies cheating by personation. Option D incorrectly includes Cyber Terrorism.

Question 514

Question bank

A person sends an email with a virus that infects 27% of computers in a corporate network, causing a loss of ₹1,85,000. The virus also steals employee passwords. Under the IT Act 2000, which sections apply, and what penalties can be imposed?

A Section 43 (Damage to Computer), Section 66 (Hacking), Section 66C (Identity Theft), with imprisonment and fine B Section 66F (Cyber Terrorism), Section 72 (Breach of Confidentiality), with imprisonment up to 7 years C Section 65 (Tampering with Source Documents), Section 66D (Cheating by Personation), with civil liability only D Section 43 (Damage to Computer), Section 66A (Sending Offensive Messages), with fine only

Why: Step 1: Virus causing damage to computers is damage to computer under Section 43. Step 2: Sending virus via email causing unauthorized access is hacking under Section 66. Step 3: Stealing passwords is identity theft under Section 66C. Step 4: These offences attract criminal penalties including imprisonment and fines. Step 5: Loss amount ₹1,85,000 does not exempt liability. Option A correctly identifies applicable sections and penalties. Option B misapplies Cyber Terrorism and breach of confidentiality. Option C limits to civil liability incorrectly. Option D misapplies sending offensive messages.

Question 515

Question bank

A person accesses a government database without authorization, copies 9% of data, and uses it to blackmail officials. The person also deletes backup files to prevent recovery. Which sections of the IT Act 2000 apply, and what is the maximum punishment?

A Section 66 (Hacking), Section 72 (Breach of Confidentiality), Section 65 (Tampering with Source Documents), with imprisonment up to 3 years B Section 66F (Cyber Terrorism), Section 72 (Breach of Confidentiality), Section 43 (Damage to Computer), with imprisonment up to 10 years C Section 66 (Hacking), Section 66D (Cheating by Personation), Section 72A (Publishing Obscene Material), with imprisonment up to 5 years D Section 43 (Damage to Computer), Section 66C (Identity Theft), Section 72 (Breach of Confidentiality), with fine only

Why: Step 1: Unauthorized access to government database is hacking under Section 66. Step 2: Copying data and blackmailing officials is Cyber Terrorism under Section 66F due to threat to government function. Step 3: Deleting backup files is tampering with source documents under Section 65 and damage under Section 43. Step 4: Breach of confidentiality under Section 72 applies. Step 5: Maximum punishment under Section 66F is imprisonment up to 10 years and fine. Option B correctly identifies applicable sections and maximum punishment. Option A underestimates punishment. Option C misapplies cheating and publishing obscene material. Option D limits to fine only incorrectly.

Question 1

PYQ · 2009 4.0 marks

Distinguish between Computer and Computer Network.

Try answering in your head first.

Model answer

A **computer** is defined under Section 2(1)(i) of the Information Technology Act, 2000 as any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.

A **computer network** means the interconnection of one or more computers.

**Key Differences:**
1. **Meaning:** Computer is a single processing device/system; Computer Network is interconnection of multiple computers.
2. **Components:** Computer includes input/output devices, software, storage; Network connects computers for communication.
3. **Function:** Computer processes data independently; Network enables sharing and communication between systems.

**Example:** A laptop with keyboard and monitor is a computer system. Internet connecting multiple laptops is a computer network.

In conclusion, while a computer focuses on individual data processing, a computer network emphasizes connectivity and resource sharing.

More: The distinction is based on statutory definitions from IT Act 2000. Computer definition from Section 2(1)(i) emphasizes processing capabilities. Network definition from Section 2(1)(j) highlights interconnection. The answer structure provides definition, tabulated/comparative points, example, and conclusion to meet 4-mark criteria (100-150 words).

How did you do?

Question 2

PYQ 4.0 marks

As per Section 43(i) of the Information Technology Act, 2000, what is the liability of a person who without permission destroys, deletes or alters information residing in a computer resource?

Try answering in your head first.

Model answer

According to Section 43(i) of the Information Technology Act, 2000, if any person without the permission of the owner or any other person who is in charge of a computer, computer system or computer network destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, then he shall be liable to pay compensation to the person so affected. This provision creates a civil liability rather than a criminal one, and the compensation is determined based on the extent of damage caused to the computer resource and the information contained within it. The section covers unauthorized access to computer systems and any subsequent harmful actions taken against the data or system functionality.

More: Section 43(i) establishes civil liability for unauthorized access and damage to computer resources. The key elements are: (1) unauthorized access without permission, (2) destruction, deletion, or alteration of information, (3) diminishing value or utility of the resource, and (4) liability to pay compensation to the affected person.

How did you do?

Question 3

PYQ 3.0 marks

What does Section 66 of the Information Technology Act, 2000 cover regarding computer-related offenses?

Try answering in your head first.

Model answer

Section 66 of the Information Technology Act, 2000 covers computer-related offenses, specifically addressing the crime of cracking or illegally hacking into any victim's computer. This section encompasses a wide range of cyber-crimes including unauthorized access to computer systems, networks, and data. The provision was designed to protect computer systems from malicious intrusion and unauthorized access by individuals. Section 66 serves as a foundational provision for prosecuting hackers and those who attempt to gain unauthorized entry into computer systems. The section was further broadened in the 2008 amendment to the IT Act, which came up with a much broader and precise law on different computer-related crimes and cyber offenses, making it more comprehensive in addressing evolving cyber threats.

More: Section 66 is a key provision that addresses unauthorized computer access and hacking. It covers: (1) illegal hacking into computer systems, (2) unauthorized access to data and networks, (3) various forms of cyber intrusion, and (4) was expanded in 2008 to address emerging cyber threats more comprehensively.

How did you do?

Question 4

PYQ 6.0 marks

List out various cyber offences under the Information Technology Act, 2000.

Try answering in your head first.

Model answer

The Information Technology Act, 2000 contemplates a dual scheme in regard to wrongful acts concerning computers and related devices. The various cyber offences under the IT Act, 2000 include:

1. Tampering with Computer Source Documents: This involves unauthorized modification, alteration, or destruction of source code or computer programs, which can affect the functionality and integrity of software systems.

2. Dishonest or Fraudulent Acts: Any dishonest or fraudulent act referred to in Section 43 of the Act, which includes unauthorized access, destruction, deletion, or alteration of information in computer resources.

3. Sending Offensive Messages: Transmitting offensive, abusive, or threatening messages through electronic means, including emails, instant messages, or other digital communication channels.

4. Dishonestly Receiving Stolen Computer Resources: Knowingly receiving, possessing, or dealing with stolen computer resources or communication devices obtained through illegal means.

5. Identity Theft: Fraudulently or dishonestly using another person's electronic signature, password, or unique identification features to gain unauthorized access or commit fraud.

6. Cheating by Personation: Using computer resources to impersonate another person or entity for fraudulent purposes, including creating fake profiles or accounts.

7. Violation of Privacy: Unauthorized access to, collection, or disclosure of personal information or private data of individuals without their consent.

The Act establishes that certain acts mentioned in Section 43 create a liability to pay damages to the person affected by such acts, while other offences carry criminal penalties including imprisonment and fines.

More: The IT Act, 2000 addresses multiple categories of cyber offences through different sections. Section 43 deals with civil liabilities for unauthorized access and damage to computer resources, while other sections address specific criminal offences. The Act was updated in 2008 to provide a broader and more precise framework for addressing computer-related crimes and cyber offenses.

How did you do?

Question 5

PYQ · 2009 4.0 marks

Explain the distinction between a Computer and a Computer Network as per the Information Technology Act, 2000.

Try answering in your head first.

Model answer

A Computer is defined as any electronic, magnetic, optical or other high-speed data processing device or system that performs logical, arithmetic, and data storage and retrieval functions by manipulating electronic, magnetic or optical impulses. It is a standalone device capable of processing information independently.

A Computer Network, on the other hand, refers to an interconnected group of two or more computers linked together through communication channels such as cables, wireless connections, or other transmission media. A computer network enables the sharing of resources, data, and information between multiple computers. The key distinction is that a computer is a single processing unit, while a computer network comprises multiple computers connected together for communication and resource sharing. Computer networks can range from simple local area networks (LANs) connecting computers in a single location to wide area networks (WANs) spanning geographical distances.

More: The distinction between computer and computer network is fundamental to understanding IT Act provisions. A computer is a single device, while a network is multiple interconnected devices. This distinction is important because the IT Act addresses offences related to both individual computers and networked systems.

How did you do?

Question 6

PYQ 5.0 marks

Explain the concept of unauthorized access under the Information Technology Act, 2000 and the legal consequences associated with it.

Try answering in your head first.

Model answer

Unauthorized access under the Information Technology Act, 2000 refers to gaining access to a computer, computer system, or computer network without the permission of the owner or authorized person in charge.

1. Definition and Scope: Unauthorized access includes any act where a person accesses computer resources without proper authorization. This can involve accessing data, systems, or networks that the person has no right to access. The act specifically covers situations where individuals bypass security measures or use credentials that do not belong to them.

2. Civil Liability under Section 43: Section 43(i) of the IT Act establishes that any person who, without permission, destroys, deletes, or alters information residing in a computer resource, or diminishes its value or utility, shall be liable to pay compensation to the affected person. Additionally, any person who dishonestly or fraudulently accesses a computer system without authorization is liable for compensation. The maximum compensation that can be imposed is up to 1 crore rupees.

3. Criminal Liability under Section 66: Section 66 covers computer-related offenses including unauthorized access. For first-time offenders, the punishment includes imprisonment up to 3 years and/or a fine up to Rs. 1 lakh. For subsequent offenses, the punishment increases to imprisonment up to 5 years and a fine up to Rs. 10 lakh.

4. Examples of Unauthorized Access: Common examples include hacking into email accounts, accessing confidential databases without permission, using someone else's login credentials, bypassing firewalls or security systems, and gaining access to restricted networks. Identity theft, which involves fraudulent use of another person's electronic signature or password, is also covered under Section 66C.

5. Legal Remedies: Victims of unauthorized access can seek both civil remedies (compensation) and criminal prosecution. The law provides protection to computer owners and authorized users by imposing strict penalties on those who attempt to access systems without authorization.

In conclusion, unauthorized access is a serious offense under the Information Technology Act, 2000, with both civil and criminal consequences designed to protect the integrity and security of computer systems and the data they contain.

More: This answer covers the definition, civil and criminal liability, examples, and legal remedies related to unauthorized access under the IT Act, 2000.

How did you do?

Question 7

PYQ 6.0 marks

What are the key differences between Section 43 and Section 66 of the Information Technology Act, 2000 in relation to unauthorized access?

Try answering in your head first.

Model answer

Section 43 and Section 66 of the Information Technology Act, 2000 address unauthorized access but differ significantly in their nature and consequences.

1. Nature of Liability: Section 43 establishes civil liability, meaning it provides for compensation to be paid to the affected person. Section 66, on the other hand, establishes criminal liability, which involves punishment through imprisonment and/or fines imposed by the state. Civil liability focuses on compensating the victim, while criminal liability focuses on punishing the offender.

2. Scope of Offenses: Section 43 covers a broader range of acts including destruction, deletion, or alteration of information, diminishing value or utility of computer resources, and dishonest or fraudulent access. Section 66 specifically addresses computer-related offenses such as unauthorized access and identity theft, with more specific criminal provisions.

3. Compensation and Punishment: Under Section 43, the maximum compensation that can be awarded is up to 1 crore rupees. Under Section 66, for first-time offenders, the punishment is imprisonment up to 3 years and/or fine up to Rs. 1 lakh. For subsequent offenses under Section 66, imprisonment can extend up to 5 years with a fine up to Rs. 10 lakh.

4. Burden of Proof: In civil cases under Section 43, the burden of proof is on the balance of probabilities (preponderance of evidence). In criminal cases under Section 66, the burden of proof is beyond reasonable doubt, which is a higher standard.

5. Remedies Available: Section 43 provides monetary compensation as the primary remedy. Section 66 provides for criminal prosecution, imprisonment, and fines. A person can be prosecuted under both sections simultaneously for the same act of unauthorized access.

6. Procedural Differences: Section 43 cases are typically handled in civil courts, while Section 66 cases are handled in criminal courts. The procedures, evidence requirements, and judicial processes differ significantly between civil and criminal proceedings.

In conclusion, while both sections address unauthorized access, Section 43 provides civil remedies focused on compensation, whereas Section 66 provides criminal remedies focused on punishment. Together, they provide comprehensive protection against unauthorized access to computer systems.

More: This answer provides a detailed comparison of the two sections covering liability type, scope, compensation/punishment, burden of proof, remedies, and procedural differences.

How did you do?

Question 8

PYQ 7.0 marks

Describe the legal framework and preventive measures that organizations should implement to protect against unauthorized access under the Information Technology Act, 2000.

Try answering in your head first.

Model answer

The legal framework under the Information Technology Act, 2000 establishes both penalties for unauthorized access and requirements for organizations to implement protective measures.

1. Legal Framework for Protection: The IT Act, 2000 provides a comprehensive legal framework through Sections 43 and 66 that impose both civil and criminal liability on persons who engage in unauthorized access. Organizations can seek compensation up to 1 crore rupees under Section 43 for damages caused by unauthorized access. Additionally, criminal prosecution under Section 66 can result in imprisonment and fines for offenders. This dual approach creates both deterrence and remedies for organizations.

2. Access Control Measures: Organizations should implement robust access control systems including role-based access control (RBAC), where employees are granted access only to information necessary for their job functions. Multi-factor authentication (MFA) should be mandatory for all critical systems. Strong password policies requiring complex passwords with regular changes should be enforced. Biometric authentication and digital certificates can provide additional layers of security.

3. Network Security Infrastructure: Organizations must deploy firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to monitor and block unauthorized access attempts. Virtual Private Networks (VPNs) should be used for secure remote access. Network segmentation should isolate critical systems from general networks. Regular security audits and penetration testing should be conducted to identify vulnerabilities.

4. Data Protection and Encryption: Sensitive data should be encrypted both in transit and at rest using industry-standard encryption protocols. Digital signature certificates issued by Certifying Authorities should be used to authenticate users and ensure data integrity. Data classification systems should identify and protect sensitive information appropriately.

5. Monitoring and Logging: Comprehensive logging of all access attempts, both successful and failed, should be maintained. System administrators should regularly review access logs to detect suspicious activities. Real-time monitoring systems should alert administrators to unauthorized access attempts. Audit trails should be maintained for compliance and forensic purposes.

6. Employee Training and Awareness: Organizations should conduct regular cybersecurity awareness training for all employees. Employees should be educated about phishing attacks, social engineering, and other methods used to gain unauthorized access. Clear policies regarding acceptable use of computer systems should be communicated and enforced.

7. Incident Response and Reporting: Organizations should establish incident response procedures to address unauthorized access incidents promptly. Affected parties should be notified as required by law. Documentation of incidents should be maintained for legal and compliance purposes. Regular drills and simulations should test the effectiveness of incident response procedures.

In conclusion, organizations must implement a comprehensive security framework combining technical measures, administrative controls, and employee awareness to protect against unauthorized access. Compliance with the Information Technology Act, 2000 requires not only understanding the legal consequences but also proactively implementing preventive measures to safeguard computer systems and data.

More: This answer covers the legal framework, access control, network security, data protection, monitoring, employee training, and incident response measures.

How did you do?

Question 9

PYQ 2.0 marks

Define hacking as per Section 66 of the Information Technology Act, 2000 and state the punishment provided for it.

Try answering in your head first.

Model answer

Hacking under Section 66 of the IT Act 2000 is defined as whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits 'hacking'.

This requires both unauthorized access and the specific intent to cause wrongful loss or damage, distinguishing it from mere unauthorized access under Section 43.

Example: A person who intentionally deletes critical data from a company's server knowing it will cause financial loss commits hacking.

Punishment: Imprisonment up to three years, or fine up to two lakh rupees, or both.

This provision ensures deterrence against malicious cyber activities that impact data integrity and system functionality.[1][3]

More: The answer provides the exact statutory definition from Section 66, includes key elements (intent + damage), differentiates from related sections, gives a practical example, states punishment precisely, and concludes with purpose. Meets 50-80 word requirement for short answer.

How did you do?

Question 10

PYQ 4.0 marks

Explain the definition of hacking under the Information Technology Act, 2000 with reference to Section 66. Discuss its key ingredients and punishment. Provide relevant examples.

Try answering in your head first.

Model answer

The **Information Technology Act, 2000** is India's primary legislation addressing cybercrimes, with **Section 66** specifically dealing with **hacking**, making it a penal provision for unauthorized destructive access to computer systems.

**1. Statutory Definition:** Section 66 states that whoever with the **intent to cause or knowing that he is likely to cause wrongful loss or damage** to the public or any person **destroys, deletes, alters** any information residing in a computer resource, or **diminishes its value/utility** or **affects it injuriously by any means**, commits hacking.

**2. Key Ingredients:**
  - **Unauthorized Access:** Must be without permission.
  - **Mens Rea (Guilty Intent):** Specific intent to cause wrongful loss/damage (distinguishes from Section 43).
  - **Actus Reus (Act):** Destruction, deletion, alteration, or injurious affectation of computer data.

**3. Punishment:** Imprisonment up to **3 years**, or fine up to **₹2 lakh**, or both.

**4. Examples:**
  - Deleting customer database of an e-commerce site causing business loss.
  - Altering hospital patient records leading to medical errors.
  - Introducing malware that corrupts government server data.

**5. Legal Significance:** This section bridges civil liability (Section 43) and criminal liability, ensuring both compensation and punishment for malicious hacking.

In conclusion, Section 66 creates a robust deterrent against cyber vandalism while requiring proof of malicious intent, balancing technological advancement with cybersecurity.

More: Comprehensive coverage of definition, ingredients, punishment, examples, and significance. Structured with introduction, numbered points, examples, and conclusion. Exceeds 100-150 word requirement for 3-4 marks.

How did you do?

Question 11

PYQ · 2008 4.0 marks

Describe the offence of 'hacking' with a computer system as provided under the Information Technology Act, 2000.

Try answering in your head first.

Model answer

Hacking under the Information Technology Act, 2000 is primarily addressed under **Section 43** read with **Section 66**. Section 43 provides civil liability for unauthorized acts including hacking, while Section 66 makes it a criminal offence.

**Key elements of hacking offence:**
1. **Unauthorized access** (Section 43(a)): Securing access to a computer system without permission of the owner.
2. **Downloading/copying data** (Section 43(b)): Without permission, copying or downloading data.
3. **Introducing computer virus** (Section 43(c)): Causing a computer program to run that damages the system.
4. **Disrupting system services** (Section 43(d)): Denying authorized persons access to computer resources or causing wrongful loss/damage.
5. **Altering/damaging data** (Section 43(e)-(g)): Deleting, altering, or stealing computer source code/documents.

**Dishonest intent required for criminal liability** under Section 66: Whoever commits hacking with dishonest or fraudulent intent knowing it to be wrong shall be punished with imprisonment up to 3 years or fine up to Rs. 5 lakhs, or both.

**Example**: A person who intentionally disrupts a bank's online service by DDoS attack commits hacking under Section 43(d) causing system disruption.

In conclusion, hacking encompasses various unauthorized acts against computer systems with both civil (compensation) and criminal penalties.

More: This is a complete 4-mark model answer covering definition, key provisions with specific clauses related to system disruption, examples, and structure as required. Section 43 explicitly includes 'disruption' of services.

How did you do?

Question 12

PYQ 5.0 marks

Explain Section 43 of the Information Technology Act, 2000 with reference to system disruption.

Try answering in your head first.

Model answer

**Section 43 of the Information Technology Act, 2000** provides **civil liability** for various unauthorized acts against computer systems, including **system disruption**. It creates a right to compensation for affected parties.

**Introduction**: Section 43 states that if any person without permission of the owner or person in charge of a computer, computer system, or network commits specified acts, they shall be liable to pay damages not exceeding Rs. 1 crore to the affected party.

**Key provisions related to system disruption**:

1. **Clause (d) - Denial of Service**: Denies or causes denial of authorized access to any computer resource; or attempts to probe or access a computer resource without authorization. *This directly covers DDoS attacks and service disruptions.*

2. **Clause (c) - Virus/Malware**: Introduces or causes to run any computer contaminant or virus that damages the system or disrupts normal functioning.

3. **Clause (g) - Disruption of functioning**: Disrupts the functioning of computer, network, or resource in any manner.

**Procedure for compensation**:
• Affected party can approach **adjudicating officer** (usually senior government IT official).
• Officer can award compensation up to Rs. 1 crore.
• Appeal lies to **Cyber Appellate Tribunal**.

**Example**: In a DDoS attack on an e-commerce website during peak sales, the attacker causes denial of service under Section 43(d), making the site inaccessible and causing business loss. The company can claim compensation from the perpetrator.

**Distinction from Section 66**: While Section 43 is civil (compensation), Section 66 makes similar acts criminal if done with dishonest intent (imprisonment up to 3 years).

**Conclusion**: Section 43 provides effective civil remedies for **system disruption** incidents, ensuring quick compensation without lengthy criminal trials, making it a cornerstone of cyber tort law in India.

More: This 5-6 mark model answer (250+ words) includes introduction, detailed points with clause references, example, procedural aspects, distinction from criminal provisions, and conclusion. Focuses specifically on 'system disruption' as per subtopic.

How did you do?

Question 13

PYQ · 2013 4.0 marks

Describe the offence of hacking the computer system as provided under the provisions of the Information Technology Act, 2000.

Try answering in your head first.

Model answer

**Hacking under the IT Act, 2000 is a punishable cyber offence primarily governed by Section 66.**

1. **Definition (Section 66):** Whoever, with the intent to cause wrongful loss or damage to the public or any person, destroys, deletes, or alters any information residing in a computer resource, or diminishes its value or utility, or injures or causes injury to any person, commits hacking. This includes unauthorized access via password cracking or other means.

2. **Link to Section 43:** Section 43 covers unauthorized access, downloading, or damage to computer systems, providing civil remedies like compensation. Section 66 makes the criminal counterpart punishable if done dishonestly or fraudulently.

3. **Punishment:** Imprisonment up to 3 years, fine up to ₹5 lakh, or both. For example, cracking passwords to access bank systems leading to fraud falls under this.

**In conclusion, hacking offences protect computer integrity and data security under the IT Act[2][1].**

More: This answer provides a complete 4-mark response with introduction, 3 key points including definition, relevant sections, punishment, example, and conclusion, totaling over 150 words as per requirements.

How did you do?

Question 14

PYQ 4.0 marks

Explain the term 'access code' as defined under the Information Technology Act, 2000, and its relevance in cyber offenses.

Try answering in your head first.

Model answer

'Access code' under Section 2(1)(a) of the Information Technology Act, 2000, means a secret code like password, PIN or biometric data used for authenticating access to a computer resource.

1. **Definition and Scope**: It is any electronic information confirming identity during access to computer systems, crucial for secure authentication.

2. **Role in Offenses**: Misuse of access code constitutes unauthorized access under Section 43, or identity theft under Section 66C, or receiving stolen resources under Section 66B. For example, using someone else's password to access their bank account is punishable.

3. **Legal Implications**: Protects digital assets; violation leads to civil liability (compensation) or criminal penalties (imprisonment up to 3 years and fine). This provision ensures cybersecurity by penalizing unauthorized entry.

In conclusion, 'access code' is foundational to preventing cyber intrusions under the IT Act.

More: The answer provides a complete 4-mark response with definition, key points, example, and conclusion as per exam standards. It directly references Section 2(1)(a) and links to relevant offenses like Sections 43, 66B, 66C[2][3].

How did you do?

Question 15

PYQ · 2017 5.0 marks

When can a person be liable to pay damages by way of compensation to the affected person under section 43 of the Information Technology Act, 2000?

Try answering in your head first.

Model answer

Section 43 of the Information Technology Act, 2000 imposes civil liability for damages by way of compensation when a person, without permission of the owner or authorized person, causes wrongful loss or damage by:

1. **Unauthorized access**: Accessing a computer, computer system, or network without permission.

2. **Downloading or copying data**: Extracting or copying computer source code or data without right.

3. **Introducing viruses**: Injecting or causing transmission of any computer contaminant like virus.

4. **Damaging hardware/software**: Disrupting or causing damage to computer systems.

5. **Denial of service**: Denying authorized access to legitimate users.

6. **Data theft**: Stealing computer data or information.

7. **Hacking**: Altering or deleting data without permission.

For example, in cases of unauthorized access leading to data breach, compensation up to Rs. 1 crore can be claimed. This provision ensures civil remedies for cyber wrongs alongside criminal penalties.[8]

More: Section 43 lists specific acts like unauthorized access, virus introduction, data theft, etc., making the perpetrator civilly liable for compensation to the affected party. This complements criminal provisions under Section 66.

How did you do?

Question 16

PYQ 4.0 marks

Explain the criminal liability under Section 65 of the Information Technology Act, 2000 for tampering with computer source documents.

Try answering in your head first.

Model answer

Section 65 of the IT Act 2000 addresses **tampering with computer source documents**, making it a criminal offence.

**Introduction**: Computer source documents include source code, programs, or data essential for computer operation. Knowingly or intentionally concealing, destroying, or altering such documents is punishable.

1. **Actus Reus**: The act involves hiding, deleting, or modifying source code/documents with intent to cause wrongful loss or damage.

2. **Mens Rea**: Requires knowledge and intention to tamper.

3. **Punishment**: Imprisonment up to 3 years, or fine up to Rs. 2 lakhs, or both.

**Example**: In a case where an employee altered source code of a company's software to sabotage it, the court applied Section 65, holding the accused liable.[1]

**Conclusion**: This section protects integrity of digital source materials, crucial for software reliability and preventing cyber sabotage in IT systems.

More: Section 65 criminalizes tampering to safeguard source documents, with penalties ensuring deterrence against actions that could disrupt computer functionality.[1][2]

How did you do?

Question 17

PYQ 6.0 marks

Discuss the criminal liability for identity theft under Section 66C of the IT Act 2000.

Try answering in your head first.

Model answer

**Introduction**: Section 66C of the Information Technology Act, 2000 (as amended in 2008) specifically criminalizes identity theft in cyberspace, addressing the fraudulent use of personal digital identifiers amid rising cyber frauds.

1. **Definition and Elements**: Identity theft occurs when a person fraudulently or dishonestly makes use of another's electronic signature, password, or unique identification feature. Key elements include 'fraudulent/dishonest intention' and use of electronic means.

2. **Punishment**: Imprisonment up to 3 years, and/or fine up to Rs. 1 lakh. This acts as a deterrent for cyber impersonation.

3. **Related Offences**: Linked to Section 66 (computer-related offences) and Section 43 (civil liability for unauthorized access).

**Example**: A hacker using stolen bank credentials to transfer funds would be liable under Section 66C, as seen in various cybercrime cases prosecuted by Indian courts.[2]

4. **Procedural Aspects**: Cognizable, bailable offence; police can arrest without warrant under CrPC.

**Conclusion**: Section 66C strengthens criminal liability framework, protecting digital identities and fostering trust in e-commerce and online transactions by imposing stringent penalties.

More: This section targets misuse of digital identities, with clear punishment to handle growing threats like phishing and account takeovers.[2]

How did you do?

Question 18

Question bank

Match the following offenses under the IT Act 2000 with their correct descriptions related to unauthorized access scenarios:

Try answering in your head first.

Model answer

A: 2, B: 4, C: 1, D: 3

More: Step 1: Section 43 deals with damage without hacking (e.g., unauthorized access causing damage). Step 2: Section 65 relates to tampering with computer source documents. Step 3: Section 66 criminalizes hacking with computer systems. Step 4: Section 72A addresses breach of confidentiality and privacy. Step 5: Match accordingly.

How did you do?

Hacking definition

Multiple choice

Descriptive & long-form

Score-tracking is paywalled.

The Joy of Learning

Login

The Joy of Learning

Sign-up

The Joy of Learning

Forgot Password

Hacking definition

Multiple choice

Descriptive & long-form

Score-tracking is paywalled.

Rank

eBook

Online Test Series + eBook

Book is added to your cart!