Sunday, February 15, 2026

cdti course file assessment plan on cyber crime investigation course under new criminal laws

 

INTERMEDIATE level MCQs – CYBER CRIME INVESTIGATION COURSE

(For Police Investigating Officers)

Section A — Course Framework & Investigation Orientation

1. The specialised cybercrime course emphasises what ratio between investigation skills and legal provisions?
A. 50:50
B. 60:40
C. 70:30
D. 80:20
Answer: C

sample Training Manual On Inves…

2. The primary aim of the course is to equip officers with:
A. Programming skills
B. Ethical hacking certification
C. Skills for investigation and handling digital evidence under new criminal laws
D. Cybersecurity policy drafting
Answer: C

sample Training Manual On Inves…

3. Which of the following is NOT a course objective?
A. Ensuring admissibility of electronic evidence
B. Avoiding investigation errors leading to acquittals
C. Developing malware tools
D. Coordinating with forensic laboratories
Answer: C

sample Training Manual On Inves…

4. The course training style mainly uses:
A. Pure lectures only
B. Adult-learning and participant-centric approach
C. Online self-learning modules only
D. Research methodology workshops
Answer: B

sample Training Manual On Inves…

5. Which learning unit deals with “Hashing & Chain of Custody”?
A. LU-4
B. LU-5
C. LU-6
D. LU-7
Answer: D

sample Training Manual On Inves…

Section B — Cybercrime Typology

6. Cybercrime is best defined as:
A. Crime committed only using computers
B. Any unlawful act using computer/network to commit or facilitate crime
C. Hacking only
D. Online banking fraud only
Answer: B

sample Training Manual On Inves…

7. Cybercrime categories include crimes against:
A. Persons only
B. Property only
C. Government only
D. Persons, property and government
Answer: D

sample Training Manual On Inves…

8. Which is an example of cybercrime against property?
A. Cyber stalking
B. Cyber terrorism
C. Software piracy
D. Online harassment
Answer: C

sample Training Manual On Inves…

9. SIM swap fraud primarily enables criminals to:
A. Install malware
B. Access OTPs for financial transactions
C. Launch DDoS attacks
D. Mine cryptocurrency
Answer: B

sample Training Manual On Inves…

10. Cryptojacking refers to:
A. Stealing passwords
B. Illegal cryptocurrency mining using victim’s resources
C. Crypto trading fraud
D. Blockchain hacking
Answer: B

sample Training Manual On Inves…

11. Cyber grooming involves:
A. Email spam
B. Building online relationship to exploit minors sexually
C. Website defacement
D. Identity theft
Answer: B

sample Training Manual On Inves…

12. Smishing uses:
A. Emails
B. SMS messages
C. Phone calls
D. Websites only
Answer: B

sample Training Manual On Inves…

Section C — Cybercriminals & Motivation

13. A hacker becomes a cybercriminal when hacking is:
A. Ethical
B. Educational
C. Malicious
D. Experimental
Answer: C

sample Training Manual On Inves…

14. Cybercriminals conducting targeted attacks are called:
A. White hat hackers
B. Threat actors
C. System analysts
D. Ethical testers
Answer: B

sample Training Manual On Inves…

15. The most common motivation behind cybercrime is:
A. Revenge
B. Fame
C. Financial gain
D. Political ideology
Answer: C

sample Training Manual On Inves…

Section D — BNS Cyber Offences

16. Cyberstalking is covered under BNS Section:
A. 75
B. 77
C. 78
D. 79
Answer: C

sample Training Manual On Inves…

17. Voyeurism under BNS applies to:
A. Financial fraud
B. Unauthorized recording of private images
C. Identity theft
D. Data breach
Answer: B

sample Training Manual On Inves…

18. Section 152 BNS relates to:
A. Cyber fraud
B. Cyber terrorism threatening sovereignty
C. Obscenity
D. Data breach
Answer: B

sample Training Manual On Inves…

19. Spreading fake news harming public order falls under:
A. Section 196 BNS
B. Section 292 BNS
C. Section 353 BNS
D. Section 111 BNS
Answer: C

sample Training Manual On Inves…

20. Which BNS section covers organised cybercrime?
A. Section 111
B. Section 112
C. Section 196
D. Section 353
Answer: A

sample Training Manual On Inves…

Section E — IT Act & Procedural Aspects

21. Extraterritorial jurisdiction of IT Act is provided under:
A. Section 43
B. Section 66
C. Section 75
D. Section 69
Answer: C

sample Training Manual On Inves…

22. Phishing is punishable under IT Act Section:
A. 66C
B. 66D
C. 66F
D. 67C
Answer: B

sample Training Manual On Inves…

23. Cyber terrorism punishment under IT Act Section 66F can extend to:
A. 3 years
B. 5 years
C. 7 years
D. Life imprisonment
Answer: D

sample Training Manual On Inves…

24. CERT-In primarily handles:
A. Cybercrime trials
B. Cyber incident response and coordination
C. Data protection litigation
D. Criminal sentencing
Answer: B

sample Training Manual On Inves…

Section F — Evidence, Investigation & Compliance

25. The first responder in cybercrime must primarily prevent:
A. Data encryption
B. Evidence contamination
C. Arrest delays
D. Media leaks
Answer: B

sample Training Manual On Inves…

26. Hashing in digital forensics ensures:
A. Data encryption
B. Data integrity verification
C. Faster investigation
D. Evidence deletion
Answer: B

sample Training Manual On Inves…

27. CERT-In reporting is mandatory for incidents like:
A. Office network slowdown
B. DoS/DDoS attacks
C. Employee resignation
D. Password change
Answer: B

sample Training Manual On Inves…

28. Under DPDPA, organisations must notify individuals when:
A. Any cyber attack occurs
B. Data breach poses risk to rights and freedoms
C. Website crashes
D. Network downtime occurs
Answer: B

sample Training Manual On Inves…

29. NCIIPC is responsible for protecting:
A. Private companies only
B. Critical Information Infrastructure
C. Cybercrime courts
D. Digital payments only
Answer: B

sample Training Manual On Inves…

30. Honeypots are used to:
A. Encrypt networks
B. Trap cyber attackers in a fake environment
C. Store digital evidence
D. Block internet access
Answer: B

sample Training Manual On Inves…


here are Advanced / Scenario-based Case MCQs for Day-10 Assessment (Court-oriented, procedure-heavy, evidence-focused).
These test legal application + investigation judgement, exactly as intended in the course design.

sample Training Manual On Inves…

ADVANCED SCENARIO-BASED MCQs

CYBER CRIME INVESTIGATION – FINAL ASSESSMENT

SCENARIO 1 — FIRST RESPONDER ERROR

Police reach a cyber fraud suspect’s house. An officer switches ON the laptop to “check emails quickly” before seizure.

1. The biggest evidentiary risk created is:
A. Device overheating
B. Loss of jurisdiction
C. Contamination and alteration of digital evidence
D. Violation of IT Act
Answer: C

2. The correct first responder action should have been to:
A. Check social media accounts immediately
B. Disconnect power and preserve device state
C. Arrest suspect first
D. Browse recent files
Answer: B

3. In court, defence may challenge evidence primarily on:
A. Lack of motive
B. Chain of custody break
C. Non-registration of FIR
D. Lack of witnesses
Answer: B

SCENARIO 2 — SOCIAL MEDIA CYBERSTALKING

A woman complains that a man repeatedly creates fake social media accounts to track and message her after she blocked him.

4. Correct BNS section applicable:
A. Sec 75
B. Sec 77
C. Sec 78
D. Sec 353
Answer: C

5. The most crucial digital evidence to collect first:
A. Victim phone purchase bill
B. IP logs and platform data preservation request
C. Suspect bank statement
D. Local CCTV footage
Answer: B

SCENARIO 3 — PHISHING GANG OPERATING FROM MULTIPLE STATES

Victims across India report phishing emails from a gang operating in another state.

6. FIR should be registered as:
A. Only where accused resides
B. Only where server located
C. Zero FIR at nearest police station
D. FIR only by Cyber Cell HQ
Answer: C

7. This case demonstrates which investigation challenge?
A. Evidence storage problem
B. Cross-jurisdiction cybercrime
C. Data encryption issue
D. Cloud storage issue
Answer: B

SCENARIO 4 — RANSOMWARE ATTACK ON HOSPITAL

Hospital systems are encrypted and attackers demand cryptocurrency ransom.

8. This incident must be reported to:
A. UIDAI
B. CERT-In
C. TRAI
D. SEBI
Answer: B

9. Failure to report may lead to:
A. Civil liability only
B. No legal consequence
C. Imprisonment or fine under IT Act
D. Departmental warning only
Answer: C

SCENARIO 5 — HASH VALUE ISSUE

During forensic analysis, hash values were not recorded when imaging a hard disk.

10. Court may reject evidence because:
A. Device was old
B. Lack of authenticity and integrity proof
C. No eyewitness present
D. No bank records
Answer: B

SCENARIO 6 — ONLINE HATE CAMPAIGN

A group spreads fake videos inciting communal hatred online.

11. Applicable BNS provision:
A. Section 292
B. Section 196
C. Section 111
D. Section 75
Answer: B

12. If done by organised group repeatedly, additional section:
A. Section 79
B. Section 111
C. Section 353
D. Section 292
Answer: B

SCENARIO 7 — DATA BREACH BY COMPANY

A company hides a personal data breach affecting thousands of users.

13. Under DPDPA, organisation must:
A. Inform media first
B. Notify affected individuals
C. Ignore until complaint
D. Inform police only
Answer: B

14. Possible penalty may extend up to:
A. ₹5 lakh
B. ₹5 crore
C. ₹50 crore
D. ₹250 crore
Answer: D

SCENARIO 8 — CLOUD DATA INVESTIGATION

Evidence is stored on foreign cloud servers.

15. Investigation principle applicable:
A. No jurisdiction
B. Extraterritorial application of IT Act
C. Only Interpol action possible
D. No FIR possible
Answer: B

SCENARIO 9 — EMPLOYEE STEALS COMPANY DATA

Employee copies confidential company data before resigning.

16. Applicable offence:
A. Trespass only
B. Data misappropriation and identity theft
C. Cyber terrorism
D. Sedition
Answer: B

SCENARIO 10 — SALE OF HACKING TOOLS

Accused sells malware kits on dark web.

17. This may amount to:
A. Legal research activity
B. Abetment of cybercrime
C. Ethical hacking
D. Civil breach only
Answer: B

SCENARIO 11 — DDoS ATTACK ON BANK

A botnet floods bank servers causing service outage.

18. Relevant IT Act offence:
A. Sec 66C
B. Sec 66D
C. Sec 66F
D. Sec 65
Answer: C

SCENARIO 12 — INVESTIGATION FAILURE

Officer forgets to document seizure properly.

19. Most likely judicial outcome:
A. Higher punishment
B. Evidence exclusion/acquittal risk
C. Bail cancellation
D. Property seizure
Answer: B

SCENARIO 13 — INSIDER BANK FRAUD

Employee steals OTPs and transfers money.

20. Primary offences:
A. Cheating by personation + identity theft
B. Trespass only
C. Sedition
D. Obscenity
Answer: A

SCENARIO 14 — INTERCEPTION OF COMMUNICATIONS

Agency intercepts emails during investigation.

21. Legal authority comes from:
A. Sec 43 IT Act
B. Sec 65 IT Act
C. Sec 69 IT Act
D. Sec 75 IT Act
Answer: C

SCENARIO 15 — CRYPTOCURRENCY RANSOM TRACE

Investigators trace ransom wallet through blockchain.

22. This falls under learning unit:
A. LU-5
B. LU-6
C. LU-7
D. LU-8
Answer: D

SCENARIO 16 — WEBSITE DEFACEMENT

A government website is hacked and defaced.

23. This can be treated as:
A. Property damage + cyber terrorism (depending intent)
B. Civil dispute only
C. Copyright issue
D. Obscenity only
Answer: A

SCENARIO 17 — FAILURE TO PRESERVE LOGS

ISP deletes logs despite request.

24. Violation relates to:
A. Sec 67C IT Act
B. Sec 66C IT Act
C. Sec 66F IT Act
D. Sec 72 IT Act
Answer: A

SCENARIO 18 — CYBER PROPAGANDA AGAINST INDIA

Fake online campaign encourages secession.

25. Applicable BNS section:
A. Sec 196
B. Sec 152
C. Sec 111
D. Sec 292
Answer: B

SCENARIO 19 — ORGANISATIONAL SECURITY FAILURE

Bank fails to implement reasonable security.

26. Example enforcement case:
A. Amit Jani case
B. ICICI v RBI
C. HDFC Bank v Nikhil Kothari
D. State v Gupta
Answer: C

SCENARIO 20 — ETHICAL HACKER WITHOUT CONSENT

Researcher tests company system without permission.

27. Offence may fall under:
A. Ethical hacking exemption
B. Sec 66 IT Act (unauthorised access)
C. No offence
D. Civil negligence
Answer: B

SCENARIO 21 — NATIONAL INFRASTRUCTURE ATTACK

Power grid cyberattack occurs.

28. Must be reported to:
A. SEBI
B. UIDAI
C. NCIIPC
D. TRAI
Answer: C

SCENARIO 22 — CYBER FRAUD USING OTP PHISHING

Fraudster calls victim posing as bank official.

29. Crime classification:
A. Vishing + cheating by personation
B. Cyber terrorism
C. Espionage
D. Sedition
Answer: A

SCENARIO 23 — BEST PRACTICE FOR DIGITAL SEIZURE

Which ensures evidentiary integrity?

30.
A. Quick browsing of files
B. Imaging + hashing + documentation
C. Copying files to pen drive
D. Email forwarding
Answer: B




Below are case-study based descriptive questions designed for Day-10 Final Assessment of the course.
These questions test legal application + investigation procedure + digital evidence handling + court presentation, aligned with the course learning units and objectives.

sample Training Manual On Inves…

CASE STUDY – DESCRIPTIVE QUESTIONS

Investigation of Cyber Crime Cases (Final Assessment)

CASE STUDY 1 — RANSOMWARE ATTACK ON HOSPITAL

A private hospital reports that all patient records have been encrypted. A ransom note demands cryptocurrency within 48 hours. Emergency services are affected.

Questions

  1. Identify the possible offences under BNS and IT Act.

  2. List the immediate first responder actions at the cyber crime scene.

  3. Explain the steps to preserve digital evidence in this case.

  4. Which agencies must be informed and why?

  5. Discuss how you will coordinate with digital forensic experts.

  6. What mistakes during investigation may lead to acquittal?

CASE STUDY 2 — CYBERSTALKING & FAKE SOCIAL MEDIA PROFILES

A woman files a complaint that an ex-colleague is repeatedly creating fake accounts to monitor her, send threatening messages, and publish morphed photos.

Questions

  1. Identify relevant BNS provisions applicable.

  2. Explain the procedure to obtain data from social media platforms.

  3. Describe how you will prove identity of the accused.

  4. Explain the role of electronic evidence under BSA.

  5. Draft a brief investigation plan.

CASE STUDY 3 — PHISHING FRAUD ACROSS MULTIPLE STATES

Several victims report bank fraud after clicking phishing emails. Money is routed through mule accounts across states.

Questions

  1. Explain how Zero FIR applies in this case.

  2. Outline the inter-state coordination process.

  3. What financial trail evidence must be collected?

  4. Discuss challenges in tracing digital footprints.

  5. Suggest strategies to prevent future offences.

CASE STUDY 4 — INSIDER DATA THEFT

An employee resigns and later a competitor launches identical software. Investigation reveals large data transfers before resignation.

Questions

  1. Identify relevant offences under IT Act and BNS.

  2. Explain search and seizure of office computers under BNSS.

  3. How will you establish dishonest intention?

  4. Discuss forensic examination steps.

  5. What evidence will help in court prosecution?

CASE STUDY 5 — WEBSITE DEFACEMENT OF GOVERNMENT PORTAL

A government department website is defaced with anti-national messages.

Questions

  1. Discuss cyber terrorism and national security implications.

  2. Identify relevant legal provisions.

  3. Explain log preservation and forensic analysis.

  4. Describe international cooperation requirements.

  5. Suggest preventive cybersecurity measures.

CASE STUDY 6 — DATA BREACH BY E-COMMERCE COMPANY

An e-commerce company hides a breach affecting 2 lakh customers.

Questions

  1. Explain obligations under DPDPA.

  2. Discuss penalties for non-reporting.

  3. What evidence must be collected from the company?

  4. Explain rights of affected individuals.

  5. Discuss corporate liability.

CASE STUDY 7 — CRYPTOCURRENCY INVESTMENT SCAM

Victims are lured into a fake crypto investment platform. Funds move through multiple wallets.

Questions

  1. Explain crypto investigation techniques.

  2. Discuss blockchain tracing methods.

  3. What international legal assistance may be required?

  4. Identify offences and evidentiary challenges.

  5. Suggest steps to prevent evidence tampering.

CASE STUDY 8 — DDoS ATTACK ON BANK

A botnet attack disrupts internet banking services.

Questions

  1. Identify offences under IT Act and BNS.

  2. Explain role of NCIIPC and CERT-In.

  3. Describe technical evidence required.

  4. Discuss critical infrastructure protection.

  5. Explain prosecution challenges.

CASE STUDY 9 — CHILD SEXUAL ABUSE MATERIAL (CSAM)

A tip from Interpol reveals CSAM sharing from an Indian IP address.

Questions

  1. Outline the investigation steps.

  2. Explain search and seizure safeguards.

  3. Discuss handling of sensitive digital evidence.

  4. Explain international cooperation mechanisms.

  5. Describe court presentation issues.

CASE STUDY 10 — FAILURE OF CHAIN OF CUSTODY

During trial, defence claims digital evidence was tampered due to poor documentation.

Questions

  1. Explain the concept of chain of custody.

  2. What documentation should have been maintained?

  3. Discuss importance of hashing.

  4. How can prosecution salvage the case?

  5. Suggest best practices for investigators.

CASE STUDY 11 — ETHICAL HACKER WITHOUT PERMISSION

A cybersecurity researcher hacks a company system to expose vulnerabilities and publishes findings online.

Questions

  1. Is this a cybercrime? Explain legally.

  2. Discuss authorisation vs unauthorised access.

  3. What evidence is required to prove intent?

  4. Discuss defences available.

  5. Suggest policy improvements.

CASE STUDY 12 — SOCIAL MEDIA HATE CAMPAIGN

Fake videos circulate online inciting communal violence.

Questions

  1. Identify relevant BNS provisions.

  2. Explain digital evidence collection.

  3. Discuss role of platform intermediaries.

  4. Explain public order implications.

  5. Suggest preventive policing measures.




MODEL ANSWER KEY – CASE STUDY ASSESSMENT

Course: Investigation of Cyber Crime Cases under New Criminal Laws

CASE 1 — RANSOMWARE ATTACK ON HOSPITAL

1. Possible offences

IT Act

  • Sec 43 – unauthorised access/damage

  • Sec 66 – computer related offences

  • Sec 66F – cyber terrorism (if critical services affected)

BNS

  • Sec 111 – organised crime

  • Sec 318 – cheating

  • Sec 324 – mischief causing damage

2. First responder actions

  • Isolate network immediately

  • Do NOT switch off infected systems abruptly

  • Preserve volatile evidence (RAM, logs)

  • Secure server room and restrict access

  • Document scene

3. Evidence preservation

  • Forensic imaging of servers

  • Log collection (firewall, IDS, email)

  • Preserve ransom note & malware samples

  • Maintain chain of custody

4. Agencies

  • CERT-In (mandatory reporting)

  • NCIIPC (if critical infrastructure)

  • Bank/crypto exchanges (fund tracking)

5. Forensic coordination

  • Malware analysis

  • Timeline reconstruction

  • Attribution support

6. Investigation mistakes

  • Rebooting systems

  • Paying ransom without evidence capture

  • Poor documentation

CASE 2 — CYBERSTALKING

BNS Sections

  • Sec 78 – cyberstalking

  • Sec 77 – voyeurism (morphed images)

  • Sec 79 – outraging modesty

Platform data collection

  • Preservation request

  • IP logs, login records

  • Device fingerprints

Proving identity

  • IP tracing

  • Device seizure

  • Account recovery emails/phones

Electronic evidence (BSA)

  • Authenticity

  • Integrity

  • Reliability

Investigation plan

  • Victim statement

  • Platform data request

  • Digital forensic analysis

  • Arrest & charge sheet

CASE 3 — PHISHING MULTI-STATE FRAUD

Zero FIR

  • Register anywhere → transfer jurisdiction

Inter-state coordination

  • Cyber cells

  • Bank nodal officers

  • NCRP portal

Financial trail

  • Bank accounts

  • Mule accounts

  • Transaction logs

  • KYC records

Challenges

  • VPN use

  • Fake identities

  • Rapid fund movement

Prevention

  • Public awareness

  • Bank alerts

  • Strong KYC

CASE 4 — INSIDER DATA THEFT

Offences

  • IT Act Sec 43, 66

  • BNS Sec 314 – misappropriation

  • Sec 318 – cheating

Search & seizure

  • Office devices imaging

  • Access logs

  • USB usage logs

Dishonest intention

  • Timing before resignation

  • Transfer logs

  • Emails/NDAs

Forensic steps

  • File access analysis

  • Data exfiltration detection

Court evidence

  • Employment contract

  • Forensic report

  • Witness statements

CASE 5 — WEBSITE DEFACEMENT

National security

  • Possible cyber terrorism

  • Threat to sovereignty

Legal provisions

  • IT Act Sec 66, 66F

  • BNS Sec 152

Evidence

  • Server logs

  • Malware/backdoor

  • Hosting provider data

International cooperation

  • MLAT

  • Interpol

Prevention

  • Patch management

  • IDS/IPS

  • Regular audits

CASE 6 — DATA BREACH

DPDPA obligations

  • Notify authority & individuals

  • Mitigation measures

Penalties

  • Up to ₹250 crore

Evidence

  • Security logs

  • Incident reports

  • Internal communications

Rights of individuals

  • Notification

  • Protection steps

Corporate liability

  • Failure of reasonable security

CASE 7 — CRYPTO SCAM

Investigation

  • Wallet tracing

  • Exchange KYC requests

Blockchain

  • Public ledger analysis

  • Transaction mapping

International help

  • MLAT

  • Exchange cooperation

Challenges

  • Anonymity

  • Jurisdiction

Evidence protection

  • Seize devices quickly

  • Preserve wallet keys

CASE 8 — DDoS BANK ATTACK

Offences

  • IT Act Sec 66F

  • Sec 43

  • BNS Sec 111

Agencies

  • CERT-In

  • NCIIPC

Technical evidence

  • Traffic logs

  • Botnet indicators

  • ISP data

Critical infrastructure

  • Banking sector protection

Challenges

  • Attribution difficulty

CASE 9 — CSAM

Investigation

  • Preserve IP logs

  • Immediate search warrant

  • Device seizure

Safeguards

  • Sensitive handling

  • Privacy protection

International cooperation

  • Interpol

  • Mutual legal assistance

Court presentation

  • Expert testimony

  • Chain of custody

CASE 10 — CHAIN OF CUSTODY FAILURE

Concept

  • Continuous documentation of evidence handling

Required documents

  • Seizure memo

  • Evidence log

  • Transfer records

Hashing

  • Integrity verification

Salvaging case

  • Corroborative evidence

  • Expert testimony

Best practices

  • Standard forms

  • Strict documentation

CASE 11 — UNAUTHORISED ETHICAL HACKING

Crime?

  • Yes – Sec 66 IT Act

Authorisation

  • Consent required

Evidence

  • Access logs

  • Communication records

Defences

  • Lack of malicious intent (limited)

Policy

  • Responsible disclosure frameworks

CASE 12 — SOCIAL MEDIA HATE CAMPAIGN

BNS provisions

  • Sec 196 – promoting enmity

  • Sec 353 – false statements

Evidence collection

  • Platform logs

  • Viral content tracking

Intermediaries

  • Must assist investigation

Public order

  • Risk of violence

Preventive policing

  • Monitoring

  • Rapid response

Suggested Marking Scheme (Per Case)

ComponentMarks
Legal provisions3
Investigation steps3
Digital evidence handling2
Analysis / court perspective2
Total per case10 marks





complete end-of-course assessment package ready for police training academies / cyber training centres.

This includes:
• MCQ paper
• Scenario MCQ paper
• Case study paper
• Viva questions
• Marking rubric
• Suggested evaluation scheme

FINAL ASSESSMENT PACKAGE

Course: Investigation of Cyber Crime Cases under New Criminal Laws
Duration: 3 Hours + Viva

PART A — OBJECTIVE MCQ PAPER (30 MARKS)

Section A — Legal Framework

  1. Cyberstalking is punishable under BNS Section
    a) 77
    b) 78
    c) 79
    d) 196
    Ans: b

  2. Extraterritorial jurisdiction of IT Act →
    a) Sec 43
    b) Sec 69
    c) Sec 75
    d) Sec 66
    Ans: c

  3. Phishing offence →
    a) 66C
    b) 66D
    c) 66F
    d) 67C
    Ans: b

  4. Cyber terrorism punishment may extend to →
    a) 7 yrs
    b) 10 yrs
    c) Life imprisonment
    d) Fine only
    Ans: c

  5. Hashing ensures →
    a) Encryption
    b) Speed
    c) Integrity
    d) Storage
    Ans: c

  6. Zero FIR allows →
    a) Only cyber ← complaint
    b) FIR anywhere
    c) Court filing
    d) Bail
    Ans: b

  7. CERT-In handles →
    a) Trials
    b) Incident response
    c) Arrests
    d) Sentencing
    Ans: b

  8. NCIIPC protects →
    a) Social media
    b) Critical infrastructure
    c) Banking only
    d) Telecom only
    Ans: b

  9. DPDPA breach penalty may extend →
    a) ₹5 crore
    b) ₹50 crore
    c) ₹250 crore
    d) ₹500 crore
    Ans: c

  10. Chain of custody ensures →
    a) Evidence secrecy
    b) Evidence admissibility
    c) Encryption
    d) Storage
    Ans: b

(Continue similar pattern)

Total MCQs: 30

PART B — SCENARIO MCQs (30 MARKS)

(Use the 30 advanced scenario MCQs already prepared)

Evaluation:
• 1 mark each = 30 marks

PART C — CASE STUDY PAPER (40 MARKS)

Attempt ANY FOUR (10 marks each)

  1. Ransomware attack on hospital

  2. Cyberstalking & fake profiles

  3. Multi-state phishing fraud

  4. Insider data theft

  5. Website defacement

  6. Crypto investment scam

(Use full case study set)

PART D — VIVA VOCE QUESTIONS (20 MARKS)

Core Investigation

  1. Explain steps in cyber crime scene management.

  2. Difference between live and dead forensics.

  3. Importance of hashing in digital evidence.

  4. Explain chain of custody with example.

  5. How to obtain social media evidence legally?

Legal & Court

  1. Admissibility of electronic evidence under BSA.

  2. Difference between IT Act and BNS cyber offences.

  3. Role of CERT-In.

  4. What causes acquittals in cybercrime cases?

  5. Role of expert witness.

Technical Awareness

  1. What is blockchain tracing?

  2. Explain DDoS attack.

  3. Difference between phishing, smishing, vishing.

  4. What is malware analysis?

  5. Role of logs in investigation.

Ethics & Challenges

  1. Ethical hacking vs cybercrime.

  2. Cross-border challenges.

  3. Importance of documentation.

  4. Privacy vs investigation balance.

  5. Future cybercrime trends.

MARKING RUBRIC

MCQ Evaluation

ComponentMarks
Objective MCQs30
Scenario MCQs30

Case Study Rubric

CriteriaMarks
Correct legal provisions3
Investigation procedure3
Evidence handling2
Analytical reasoning2
Per case10

Viva Rubric

LevelDescription        Marks
Excellent     Clear, confident, practical         16–20
Good     Minor gaps         11–15
Average     Theoretical only          6–10
Poor     Weak understanding          0–5

FINAL RESULT CALCULATION

Component                Marks
MCQ Paper                 30
Scenario MCQ                  30
Case Study                  40
Viva                   20
TOTAL                  120

Grade Scheme

MarksGrade
90+                Distinction
75–89                First Class
60–74                Pass
<60                 Re-training recommended
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)