Which of the following statements are correct for Clean Desk Policy?
- A . Don’t leave confidential documents on your desk.
- B . Don’t leave valuable items on your desk if you are not in your work area.
- C . Don’t leave highly confidential items.
- D . Don’t leave laptops without cable lock.
Changes on project-managed applications or database should undergo the change control process as documented.
- A . True
- B . False
What type of legislation requires a proper controlled purchase process?
- A . Personal data protection act
- B . Computer criminality act
- C . Government information act
- D . Intellectual property rights act
Which is not a requirement of HR prior to hiring?
- A . Undergo background verification
- B . Applicant must complete pre-employment documentation requirements
- C . Must undergo Awareness training on information security.
- D . Must successfully pass Background Investigation
Information or data that are classified as ______ do not require labeling.
- A . Public
- B . Internal
- C . Confidential
- D . Highly Confidential
What is a repressive measure in case of a fire?
- A . Taking out a fire insurance
- B . Putting out a fire after it has been detected by a fire detector
- C . Repairing damage caused by the fire
What type of measure involves the stopping of possible consequences of security incidents?
- A . Corrective
- B . Detective
- C . Repressive
- D . Preventive
Access Control System, CCTV and security guards are form of:
- A . Environment Security
- B . Access Control
- C . Physical Security
- D . Compliance
————————-is an asset like other important business assets has value to an organization and consequently needs to be protected.
- A . Infrastructure
- B . Data
- C . Information
- D . Security
Implement plan on a test basis – this comes under which section of PDCA
- A . Plan
- B . Do
- C . Act
- D . Check
Why do we need to test a disaster recovery plan regularly, and keep it up to date?
- A . Otherwise the measures taken and the incident procedures planned may not be adequate
- B . Otherwise it is no longer up to date with the registration of daily occurring faults
- C . Otherwise remotely stored backups may no longer be available to the security team
Phishing is what type of Information Security Incident?
- A . Private Incidents
- B . Cracker/Hacker Attacks
- C . Technical Vulnerabilities
- D . Legal Incidents
CEO sends a mail giving his views on the status of the company and the company’s future strategy and the CEO’s vision and the employee’s part in it. The mail should be classified as
- A . Internal Mail
- B . Public Mail
- C . Confidential Mail
- D . Restricted Mail
A member of staff denies sending a particular message.
Which reliability aspect of information is in danger here?
- A . availability
- B . correctness
- C . integrity
- D . confidentiality
What is social engineering?
- A . A group planning for a social activity in the organization
- B . Creating a situation wherein a third party gains confidential information from you
- C . The organization planning an activity for welfare of the neighborhood
What is the goal of classification of information?
- A . To create a manual about how to handle mobile devices
- B . Applying labels making the information easier to recognize
- C . Structuring information according to its sensitivity
You have a hard copy of a customer design document that you want to dispose off.
What would you do
- A . Throw it in any dustbin
- B . Shred it using a shredder
- C . Give it to the office boy to reuse it for other purposes
- D . Be environment friendly and reuse it for writing
You receive the following mail from the IT support team: Dear User, Starting next week, we will be deleting all inactive email accounts in order to create spaceshare the below details in order to continue using your account.
In case of no response,
Name:
Email ID:
Password:
DOB:
Kindly contact the webmail team for any further support. Thanks for your attention.
Which of the following is the best response?
- A . Ignore the email
- B . Respond it by saying that one should not share the password with anyone
- C . One should not respond to these mails and report such email to your supervisor
As a new member of the IT department you have noticed that confidential information has been leaked several times. This may damage the reputation of the company. You have been asked to propose an
organisational measure to protect laptop computers.
What is the first step in a structured approach to come up with this measure?
- A . Appoint security staff
- B . Encrypt all sensitive information
- C . Formulate a policy
- D . Set up an access control procedure
An administration office is going to determine the dangers to which it is exposed.
What do we call a possible event that can have a disruptive effect on the reliability of information?
- A . dependency
- B . threat
- C . vulnerability
- D . risk
A well-executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.
What is not one of the four main objectives of a risk analysis?
- A . Identifying assets and their value
- B . Implementing counter measures
- C . Establishing a balance between the costs of an incident and the costs of a security measure
- D . Determining relevant vulnerabilities and threats
You see a blue color sticker on certain physical assets.
What does this signify?
- A . The asset is very high critical and its failure affects the entire organization
- B . The asset with blue stickers should be kept air conditioned at all times
- C . The asset is high critical and its failure will affect a group/s/project’s work in the organization
- D . The asset is critical and the impact is restricted to an employee only
How are data and information related?
- A . Data is a collection of structured and unstructured information
- B . Information consists of facts and statistics collected together for reference or analysis
- C . When meaning and value are assigned to data, it becomes information
CMM stands for?
- A . Capability Maturity Matrix
- B . Capacity Maturity Matrix
- C . Capability Maturity Model
- D . Capable Mature Model
Who are allowed to access highly confidential files?
- A . Employees with a business need-to-know
- B . Contractors with a business need-to-know
- C . Employees with signed NDA have a business need-to-know
- D . Non-employees designated with approved access and have signed NDA
What is an example of a human threat?
- A . a lightning strike
- B . fire
- C . phishing
- D . thunderstrom
A property of Information that has the ability to prove occurrence of a claimed event.
- A . Electronic chain letters
- B . Integrity
- C . Availability
- D . Accessibility
An employee caught temporarily storing an MP3 file in his workstation will not receive an IR.
- A . True
- B . False
Which reliability aspect of information is compromised when a staff member denies having sent a message?
- A . Confidentiality
- B . Integrity
- C . Availability
- D . Correctness
What type of compliancy standard, regulation or legislation provides a code of practice for information security?
- A . ISO/IEC 27002
- B . Personal data protection act
- C . Computer criminality act
- D . IT Service Management