50 Capgemini Scenario-Based MCQ

Questions
Cloud Computing Service Models (Questions 1-10)
Question 1

Scenario: StartupTech has 20 developers who want to build mobile apps quickly. They don't
want to manage servers, operating systems, or databases, but need development tools, runtime
environments, and deployment capabilities.

Which cloud service model is MOST suitable?

A) IaaS - Rent virtual machines and manage everything

B) PaaS - Get ready development platform without infrastructure worries

C) SaaS - Use ready-made applications

D) Private Cloud - Build own infrastructure

Answer: B - PaaS provides development platform without infrastructure management.

Question 2

Scenario: A law firm wants email, document storage, video conferencing, and case
management software. They want to access these from any device without installing software or
managing servers.

Which approach best meets their needs?

A) Buy physical servers and install software

B) Use SaaS applications like Gmail, Google Drive, Zoom, and legal CRM

C) Rent IaaS and build custom applications

D) Use PaaS to develop their own software

Answer: B - SaaS provides ready-to-use applications accessible from anywhere.

Question 3
Scenario: GameDev Studio needs complete control over their game servers, wants to choose
specific CPU, RAM, and storage configurations, and plans to install custom game engines and
security software.

Which service model provides this flexibility?

A) SaaS - Ready game applications

B) PaaS - Game development platform

C) IaaS - Virtual machines with full control

D) Desktop as a Service (DaaS)

Answer: C - IaaS provides full control over infrastructure configuration.

Question 4

Scenario: MedTech company uses Salesforce for CRM, Google Workspace for email/docs,
Microsoft Azure for app development, and AWS EC2 for data processing.

This represents which cloud strategy?

A) Single SaaS provider approach

B) Multi-cloud strategy using IaaS, PaaS, and SaaS

C) Private cloud only approach

D) Hybrid cloud with on-premises integration

Answer: B - Multiple cloud services across different service models.

Question 5

Scenario: University IT department manages 1000 student computers. They want students to
access the same desktop environment from any location with all software pre-installed and
configured.

Which cloud model addresses this need?

A) IaaS for virtual machines

B) SaaS for individual applications

C) Desktop as a Service (DaaS) - virtual desktops

D) PaaS for application development

Answer: C - DaaS provides virtual desktop environments accessible from anywhere.

Question 6

Scenario: E-commerce company needs: web hosting infrastructure, development tools for
mobile apps, ready-made payment processing, and customer support chat software.

Which combination best fits all requirements?

A) IaaS only for everything

B) SaaS only for all needs

C) IaaS for hosting + PaaS for development + SaaS for payment & chat

D) Private cloud for complete control

Answer: C - Different needs require different service models for optimization.

Question 7

Scenario: DataCorp processes sensitive financial data and needs guaranteed performance,
dedicated resources, and complete isolation from other customers while using cloud benefits.

Which deployment model is most appropriate?

A) Public cloud for cost efficiency

B) Private cloud for security and control

C) Community cloud with other financial companies

D) Hybrid cloud mixing public and private

Answer: B - Private cloud provides dedicated, isolated resources with security.

Question 8

Scenario: RetailChain stores customer data on private cloud for security, uses public cloud for
website hosting and marketing campaigns, and integrates both for unified customer experience.

This describes which deployment model?

A) Public cloud deployment

B) Private cloud deployment​
C) Hybrid cloud deployment combining public and private

D) Community cloud shared resources

Answer: C - Hybrid combines private (sensitive data) with public (marketing) clouds.

Question 9

Scenario: Software company offers their application to customers where each customer sees
only their own data, users, and configurations, but all run on shared cloud infrastructure.

This represents which architecture pattern?

A) Single-tenant architecture

B) Multi-tenant architecture with data isolation

C) Public cloud with no isolation

D) Private cloud for each customer

Answer: B - Multi-tenant shares infrastructure but isolates customer data.

Question 10

Scenario: Government agencies want to share cloud infrastructure for cost efficiency while
maintaining security standards and compliance requirements specific to government operations.

Which deployment model fits this scenario?

A) Public cloud open to everyone

B) Private cloud for single agency

C) Community cloud for government agencies

D) Hybrid cloud with public access

Answer: C - Community cloud serves specific group with shared requirements.

Cryptography & Encryption (Questions 11-20)

Question 11
Scenario: Online banking system needs to securely exchange encryption keys between
customer browsers and bank servers, then encrypt large amounts of transaction data efficiently.

Which cryptographic approach is optimal?

A) Symmetric encryption (AES) for everything B) Asymmetric encryption (RSA) for everything C)
RSA for key exchange + AES for bulk data encryption D) Hashing algorithms for all
communications

Answer: C - RSA secures key exchange, AES efficiently encrypts bulk data.

Question 12

Scenario: Social media platform stores user passwords and needs to verify login attempts. If
their database is breached, actual passwords must remain unrecoverable.

Which approach ensures password security?

A) Store passwords in plain text for easy comparison B) Use symmetric encryption (AES) to
encrypt passwords C) Use asymmetric encryption (RSA) for password storage D) Use hashing
(SHA-256) with salt for password storage

Answer: D - Hashing is one-way, making password recovery impossible even with database
access.

Question 13

Scenario: Email system needs to ensure that emails haven't been tampered with during
transmission and verify the sender's identity without encrypting the email content.

What cryptographic technique accomplishes this?

A) Symmetric encryption of email content B) Asymmetric encryption of email content C) Digital

signatures using private keys D) Hashing email content without signatures

Answer: C - Digital signatures provide integrity verification and sender authentication.

Question 14

Scenario: File sharing service wants to verify file integrity - ensuring downloaded files haven't
been corrupted or modified during transmission without storing the original file for comparison.

Which technique provides this verification?

A) Encrypt files with AES before transmission B) Generate hash checksums (like SHA-256) for
files C) Use RSA encryption for all file transfers D) Compress files to detect changes
Answer: B - Hash checksums detect any changes to file content during transmission.

Question 15

Scenario: Company needs to distribute software updates securely. Users should be able to
verify that updates come from the legitimate company and haven't been modified by attackers.

Which security mechanism ensures this?

A) Encrypt updates with symmetric keys B) Use digital certificates and code signing C) Rely on
HTTPS downloads only D) Use password-protected zip files

Answer: B - Digital certificates verify publisher identity, code signing ensures integrity.

Question 16

Scenario: IoT devices with limited processing power need to communicate securely with cloud
servers. The devices can't handle complex encryption algorithms due to hardware constraints.

Which encryption strategy balances security and performance?

A) Use RSA encryption for all communications B) Use lightweight symmetric encryption (AES)
with pre-shared keys C) Use no encryption due to performance constraints D) Use complex
hashing for all data

Answer: B - Lightweight symmetric encryption provides security within performance constraints.

Question 17

Scenario: Legal firm needs to ensure that signed contracts cannot be repudiated - parties
cannot deny they agreed to the terms. The solution must provide legal proof of agreement.

Which cryptographic method provides non-repudiation?

A) Symmetric encryption of contracts B) Hashing contract content C) Digital signatures with

timestamp certificates D) Password protection of documents

Answer: C - Digital signatures with timestamps provide legally binding non-repudiation.

Question 18

Scenario: Two companies want to securely communicate but have never met to exchange
secret keys. They need to establish secure communication over an untrusted network.

Which key exchange method enables this?

A) Meet in person to exchange keys B) Send keys via regular email C) Use Diffie-Hellman key
exchange protocol D) Use the same password for encryption

Answer: C - Diffie-Hellman allows secure key exchange over untrusted networks.

Question 19

Scenario: Database stores customer credit card information. Regulations require that even
database administrators cannot view actual card numbers, but the system must process
payments.

Which encryption approach meets these requirements?

A) No encryption for performance B) Application-level encryption with keys stored separately

from database C) Database-level encryption with admin access to keys D) Hashing credit card
numbers

Answer: B - Application-level encryption keeps keys separate from database access.

Question 20

Scenario: Cloud storage service wants to encrypt user files but also enable features like
search, deduplication, and sharing without decrypting files on their servers.

Which advanced encryption technique enables this?

A) Standard AES encryption B) RSA encryption C) Homomorphic encryption allowing

computation on encrypted data D) No encryption to enable features

Answer: C - Homomorphic encryption allows operations on encrypted data without decryption.

Cyber Attacks & Threats (Questions 21-30)

Question 21

Scenario: Employees receive emails claiming to be from IT support, asking them to click a link
and enter their network credentials to "verify their account security." The emails look official with
company logos.

What type of attack is this?

A) Malware distribution B) Phishing attack using social engineering C) Denial of Service attack
D) SQL injection attempt

Answer: B - Phishing uses deceptive emails to steal credentials through social engineering.
Question 22

Scenario: E-commerce website becomes completely inaccessible during Black Friday sales.
Network analysis shows millions of requests coming from 50,000 different IP addresses
worldwide, overwhelming their servers.

This scenario describes which attack?

A) Single-point Denial of Service (DoS) B) Distributed Denial of Service (DDoS) C)

Man-in-the-Middle attack D) SQL injection attack

Answer: B - DDoS uses multiple sources to overwhelm target systems.

Question 23

Scenario: Security audit reveals that an attacker has been monitoring company network traffic
for months without altering any data. The attacker collected information about communication
patterns and timing.

What type of attack occurred?

A) Active attack modifying data B) Passive attack - traffic analysis C) Malware infection D)
Phishing campaign

Answer: B - Traffic analysis is a passive attack that monitors without modification.

Question 24

Scenario: User downloads what appears to be a legitimate antivirus program, but after
installation, it secretly logs keystrokes, steals passwords, and sends data to external servers.

This malware type is classified as:

A) Computer virus B) Network worm​

C) Trojan horse D) Ransomware

Answer: C - Trojan disguises itself as legitimate software while performing malicious actions.

Question 25

Scenario: Hospital's computer systems are encrypted by attackers who demand Bitcoin
payment for decryption keys. Patient records, medical equipment, and administrative systems
are all affected.

This attack is classified as:

A) Phishing attack B) Ransomware attack C) SQL injection D) Social engineering

Answer: B - Ransomware encrypts data and demands payment for recovery.

Question 26

Scenario: Web application allows users to search products. An attacker enters "'; DROP TABLE
users; --" in the search box, which causes the application to delete the entire user database.

What vulnerability was exploited?

A) Cross-site scripting (XSS) B) SQL injection vulnerability C) Buffer overflow D) Denial of

Service

Answer: B - SQL injection exploits improper input validation to manipulate database queries.

Question 27

Scenario: Corporate WiFi appears to be working normally, but an attacker has positioned
themselves between employees' devices and the real access point, intercepting and potentially
modifying all communications.

This describes which attack type?

A) Passive eavesdropping B) Active Man-in-the-Middle attack C) Denial of Service D) Phishing

attack

Answer: B - MITM attack intercepts and can modify communications between parties.

Question 28

Scenario: Attacker tries thousands of password combinations against user accounts:

"password123", "123456", "qwerty", etc., until successfully gaining access to several accounts.

This attack method is called:

A) Social engineering B) Phishing C) Brute force attack D) SQL injection

Answer: C - Brute force systematically tries password combinations until successful.

Question 29

Scenario: Software vulnerability is discovered that has no available patch yet. Cybercriminals
immediately begin exploiting this vulnerability before developers can create and distribute a fix.

This type of attack is known as:

A) Phishing attack B) Zero-day attack C) Social engineering D) Denial of Service

Answer: B - Zero-day attacks exploit unknown vulnerabilities with no available patches.

Question 30

Scenario: Attacker calls employees pretending to be from IT support, creates urgency by

claiming their accounts will be suspended, and tricks them into revealing passwords over the
phone.

This technique is primarily:

A) Technical hacking B) Social engineering attack C) Network intrusion D) Malware distribution

Answer: B - Social engineering manipulates people psychologically to reveal information.

Network Security & Defense (Questions 31-40)

Question 31

Scenario: Company network needs protection from unauthorized external access while
allowing legitimate business traffic. The solution should examine each data packet and block
suspicious communications.

Which security device is most appropriate?

A) Router for basic connectivity B) Switch for internal networking C) Firewall for traffic filtering
and access control D) Hub for network expansion

Answer: C - Firewall monitors and filters network traffic based on security rules.

Question 32

Scenario: IT team wants to detect when attackers are scanning their network or attempting
unauthorized access, but they don't want to block traffic automatically as it might disrupt
business operations.

Which security system fits this requirement?

A) Firewall that blocks all suspicious traffic B) Intrusion Detection System (IDS) that monitors
and alerts C) Intrusion Prevention System (IPS) that blocks threats D) Antivirus software on
individual computers

Answer: B - IDS monitors and alerts without automatically blocking traffic.

Question 33

Scenario: Remote employees need secure access to company resources while working from
coffee shops, airports, and home networks that may not be trustworthy.

What technology provides secure remote access?

A) Use public WiFi with strong passwords B) Install antivirus software on all devices C)
Implement VPN (Virtual Private Network) connections D) Access company resources only
during business hours

Answer: C - VPN creates encrypted tunnels for secure remote access.

Question 34

Scenario: Company implements security system that not only detects suspicious network
activity but also automatically blocks threats in real-time to prevent damage.

This describes which type of system?

A) Intrusion Detection System (IDS) - monitoring only B) Intrusion Prevention System (IPS) -
detection and blocking C) Firewall with basic rules D) Antivirus scanner

Answer: B - IPS actively prevents threats by blocking suspicious activity.

Question 35

Scenario: Organization wants employees to use strong authentication but finds that complex
passwords are often written down or forgotten, creating security risks.

Which solution improves both security and usability?

A) Require longer, more complex passwords B) Implement Two-Factor Authentication (2FA) with
phone verification C) Allow simple passwords for convenience D) Change passwords daily

Answer: B - 2FA adds security layer beyond passwords, reducing reliance on password
complexity.

Question 36

Scenario: Network administrator needs to monitor all traffic entering and leaving the corporate
network to identify patterns that might indicate data theft or unauthorized access attempts.

Which approach provides comprehensive network visibility?

A) Install antivirus on all computers B) Use strong firewalls only C) Deploy network monitoring
tools and analyze traffic patterns D) Rely on user reports of suspicious activity

Answer: C - Network monitoring tools provide comprehensive traffic analysis and pattern
detection.

Question 37

Scenario: Company discovers that sensitive data is being accessed from unusual locations and
times. They need to implement controls that verify user identity based on multiple factors.

Which authentication strategy addresses this concern?

A) Require stronger passwords only B) Multi-factor authentication with location and behavior
analysis C) Change passwords more frequently D) Block all remote access

Answer: B - Multi-factor authentication with behavioral analysis detects anomalous access

patterns.

Question 38

Scenario: Organization needs to ensure that security software, operating systems, and
applications are always current with latest security patches across all devices.

What management approach addresses this requirement?

A) Manual updates by individual users B) Automated patch management system with testing C)
Update software only when problems occur D) Avoid updates to maintain stability

Answer: B - Automated patch management ensures timely security updates with proper testing.

Question 39

Scenario: Company wants to segment their network so that if one department's systems are
compromised, the attack cannot easily spread to other departments.

Which network security strategy accomplishes this?

A) Use stronger passwords across all departments B) Install more antivirus software C)
Implement network segmentation with access controls D) Share all resources openly for
collaboration

Answer: C - Network segmentation limits attack spread by isolating network segments.

Question 40
Scenario: Security team needs to respond quickly to incidents but wants to minimize false
alarms that waste time and resources investigating normal activities.

Which approach balances detection accuracy with response efficiency?

A) Set security alerts to maximum sensitivity B) Ignore minor security events C) Tune security
systems to reduce false positives while maintaining threat detection D) Respond only to major
incidents

Answer: C - Proper tuning balances threat detection with manageable false positive rates.

OSI Model & Networking (Questions 41-45)

Question 41

Scenario: Web application experiences slow performance. Investigation shows that while
network connectivity is fine, the web server is overwhelmed by the number of simultaneous user
sessions it needs to maintain.

Which OSI layer is primarily involved in this performance issue?

A) Physical layer - hardware problems B) Network layer - routing issues​

C) Transport layer - connection management D) Application layer - web server software

Answer: C - Transport layer manages connections and sessions between applications.

Question 42

Scenario: Company needs to ensure that data sent between offices is encrypted during
transmission but doesn't want to modify existing applications.

At which OSI layer should encryption be implemented?

A) Application layer - modify each application B) Presentation layer - encrypt data format C)
Transport layer - encrypt connections​
D) Network layer - encrypt packets

Answer: B - Presentation layer handles encryption/decryption transparently to applications.

Question 43

Scenario: Network technician needs to troubleshoot why computers in different buildings

cannot communicate, even though cables and switches are working properly.

Which OSI layer functionality should be examined first?

A) Physical layer - cable connections B) Data Link layer - switch operations C) Network layer -
routing between buildings D) Session layer - connection establishment

Answer: C - Network layer handles routing between different network segments.

Question 44

Scenario: Email system needs to translate between different email formats and character
encodings when communicating with external organizations.

This translation function occurs at which OSI layer?

A) Application layer - email protocols B) Presentation layer - data format translation C) Session
layer - connection management D) Transport layer - reliable delivery

Answer: B - Presentation layer handles format translation and character encoding.

Question 45

Scenario: Network device needs to forward data packets based on IP addresses and determine
the best path through multiple routers to reach destinations.

This device primarily operates at which OSI layer?

A) Data Link layer - MAC addresses B) Network layer - IP routing C) Transport layer - port
numbers D) Session layer - connections

Answer: B - Network layer handles IP addressing and routing decisions.

Business Continuity & Compliance (Questions 46-50)

Question 46

Scenario: Hospital's computer systems are hit by ransomware, but they had been backing up
critical patient data to encrypted cloud storage every 2 hours with offline copies stored
separately.

What is the best recovery strategy?

A) Pay the ransom to quickly restore access B) Restore systems from clean backups and
rebuild from there C) Try to negotiate with attackers for lower payment D) Start completely fresh
without any data

Answer: B - Clean backups provide recovery path without paying criminals or losing data.
Question 47

Scenario: Global company must comply with GDPR (Europe), HIPAA (US healthcare), and
local banking regulations across 15 countries, each with different data residency requirements.

Which cloud strategy best addresses these compliance needs?

A) Single global cloud provider for simplicity B) Avoid cloud services due to complexity C)
Multi-region cloud deployment with compliance-specific configurations D) Store all data in
company headquarters only

Answer: C - Multi-region approach allows compliance with various local regulations and data
residency.

Question 48

Scenario: E-commerce company's main data center floods during hurricane season. Their
disaster recovery plan calls for Recovery Time Objective (RTO) of 2 hours and Recovery Point
Objective (RPO) of 30 minutes.

Which disaster recovery setup meets these requirements?

A) Weekly backups stored off-site with manual restoration

B) Real-time data replication to secondary site with automated failover

C) Monthly backups with 24-hour restoration process

D) Daily backups with 8-hour manual recovery process

Answer: B - Real-time replication and automated failover can meet aggressive RTO/RPO
targets.

Question 49

Scenario: Financial services firm needs to demonstrate to regulators that they can account for
all data access, modifications, and system changes over the past 7 years.

Which combination of controls addresses this requirement?

A) Strong passwords and firewalls only

B) Comprehensive audit logging with tamper-proof storage and retention policies

C) Encryption of all data

D) Regular security training for employees

Answer: B - Comprehensive audit trails with secure retention meet regulatory accountability
requirements.

Question 50

Scenario: Manufacturing company needs to ensure business operations continue even if

primary systems fail, but they cannot afford duplicate infrastructure for all systems.

Which business continuity approach balances cost and availability?

A) Duplicate everything for maximum availability

B) Accept downtime as acceptable business risk

C) Prioritize critical systems for redundancy, use cloud bursting for others

D) Rely on manual processes as backup

Answer: C - Risk-based approach prioritizes critical systems while using cost-effective cloud
bursting for non-critical workloads.

Complete Answer Key:

Cloud Service Models (1-10):

1.​ B - PaaS, 2. B - SaaS, 3. C - IaaS, 4. B - Multi-cloud, 5. C - DaaS

2.​ C - Mixed models, 7. B - Private cloud, 8. C - Hybrid, 9. B - Multi-tenant, 10. C -
Community

Cryptography (11-20): 11. C - RSA + AES, 12. D - Hashing, 13. C - Digital signatures, 14. B -
Hash checksums, 15. B - Digital certificates 16. B - Lightweight symmetric, 17. C - Digital
signatures with timestamps, 18. C - Diffie-Hellman, 19. B - Application-level encryption, 20. C -
Homomorphic encryption

Cyber Attacks (21-30): 21. B - Phishing, 22. B - DDoS, 23. B - Traffic analysis, 24. C - Trojan,
25. B - Ransomware 26. B - SQL injection, 27. B - MITM, 28. C - Brute force, 29. B - Zero-day,
30. B - Social engineering

Network Security (31-40): 31. C - Firewall, 32. B - IDS, 33. C - VPN, 34. B - IPS, 35. B - 2FA
36. C - Network monitoring, 37. B - Multi-factor authentication, 38. B - Automated patch
management, 39. C - Network segmentation, 40. C - Tuned security systems

OSI Model (41-45): 41. C - Transport layer, 42. B - Presentation layer, 43. C - Network layer, 44.
B - Presentation layer, 45. B - Network layer
Business Continuity (46-50): 46. B - Backup restoration, 47. C - Multi-region compliance, 48.
B - Real-time replication, 49. B - Audit logging, 50. C - Prioritized redundancy