Internal Security·Prelims Questions

Critical Information Infrastructure — Prelims Questions

Constitution VerifiedUPSC Verified

Version 1Updated 7 Mar 2026

Explore This Topic

Definition Detailed Explanation Legal Precedents Security Framework Legal Reforms UPSC Importance Prelims Strategy Mains Strategy Prelims MCQs Mains Questions MCQ Practice Predicted 2026 Revision Notes Current Affairs

Q1medium

Which of the following statements about Critical Information Infrastructure (CII) in India is/are correct? 1. NCIIPC is the nodal agency for CII protection under the Ministry of Electronics and Information Technology. 2. Section 70 of the IT Act, 2000, explicitly defines 'Critical Information Infrastructure'. 3. The power grid and telecommunication networks are considered key sectors of CII. Select the correct answer using the code given below:

Q2medium

Consider the following statements regarding the National Critical Information Infrastructure Protection Centre (NCIIPC): 1. It is mandated to protect Critical Information Infrastructure from cyber threats. 2. It works independently of other cyber security agencies like CERT-In. 3. Its establishment was enabled by the Information Technology (Amendment) Act, 2008. Which of the statements given above is/are correct?

Q3easy

Which of the following is NOT typically considered a Critical Information Infrastructure (CII) sector by NCIIPC?

Q4hard

With reference to cyberattacks on Critical Information Infrastructure, consider the following statements: 1. SCADA/ICS systems are particularly vulnerable due to their often legacy nature and direct control over physical processes. 2. Ransomware attacks primarily target data confidentiality and have limited impact on operational technology (OT) systems. 3. Supply chain compromises are a growing threat, exploiting vulnerabilities in third-party vendors to infiltrate critical networks. Which of the statements given above is/are correct?

Q5easy

Which of the following international frameworks provides a risk-based approach to managing cybersecurity risk, often influencing national strategies for CII protection?

Q6easy

Which of the following bodies is primarily responsible for issuing advisories and alerts on cyber threats and vulnerabilities to all Indian internet users, including CII entities?

Q7medium

The 2020 Mumbai power grid cyberattack highlighted vulnerabilities primarily in which type of systems?

Q8medium

Which of the following is a key challenge in protecting Critical Information Infrastructure in India?

Q9medium

The term 'Advanced Persistent Threat' (APT) is most commonly associated with which of the following characteristics when targeting CII?

Q10medium

Which of the following is a key provision of the Information Technology (Amendment) Act, 2008, relevant to Critical Information Infrastructure?