Security Quiz MCQ Questions And Answers: 50+ Questions And Answers
Answer.: B
Answer.: A
Answer.: A
Answer: D
5.)What are the different information classification categories available in the company?
Answer.: C
Answer.: B
Answer.: All of the above
Answer.: B and C
Answer.: D
Answer.: C
Answer.: A and C
Answer.: A and C
Answer.: B
Answer.: C
15.)You have been working from home on your laptop. What do you need to do when you connect to the Company network?
A.) Ensure that the latest patches are updated.
B.) Restart the machine after patch deployment, if required.
C.) Ensure that the latest antivirus is updated.
D.) None of the above
Answer. : A, B, and C
16.) Due care must be taken for virus check while opening encrypted attachments as compared to unencrypted attachments in e-mail. Is this statement True or False?
A.) TRUE
B.) FALSE
Answer. : A(TRUE)
17.) Where can you find the Company process for Business Continuity Management?
A.) In IQMS wiki
B.) In KNOWMAX
C.) In Integrated Project Management System (IPMS)
D.) In Enterprise Process Web (EPW)
Answer.: A
18.) You have a business need to use a Company-based chat messenger not approved by Company. What should you do?
A.) Download it directly for use as it is a business need
B.) Connect with your ISM to discuss the risks involved and the feasible solution.
C.) Since the client has asked you should expect IS to install it directly.
D.) Get supervisor approval and install it.
Answer.: B
19.)Your college friend shares with your code for an e-mail agent which can auto-respond to specific users with pre-defined content. Is It appropriate for you to Implement this agent in Company for a specific business purpose?
A.) YES
B.) NO
Answer.: B
20.)Tom has joined a project. He has been assigned a desktop. This desktop was used by Jerry who is now released from the project. Upon logging on, Tom found personal non-business data like music and movie files stored in the computer by Jerry. If you were tom, what action would you take?
A.) You must inform the IS team to remove Jerry’s personal files from the desktop.
B.) you must inform Jerry to take copies of his personal files and delete them from the desktop.
C.) You can send Jerry’s personal files through e-mail to Jerry
D.) you should raise an information security incident in the security Incident reporting tool
Answer.: D
21.)You receive an e-mail on your Company ID which has a personal business proposal not related to Company. Is it appropriate to reply?
A.) It is ok since no confidential information is being shared.
B.) It is inappropriate since the e-mail is for personal gain and unrelated to your work.
C.) It is okay to respond to the e-mail after office hours or on a weekend.
D.) No, such activities should be done using personal e-mall IDs only.
Answer.: B and D
22.)When you have to retain the information, which factors should be considered for the retention period?
A.) Company Retention policy
B.) Regulatory requirements
C.) Project duration
D.) Contractual requirements
Answer.: All of the above
23.)You just received an e-mail from your bank asking you to confirm your online activities by logging on to your account within a week. What is the best course of action to take?
A.) If possible, call your bank to confirm the authenticity of the e-mail. If you can’t reach your bank, don’t click the link but visit your account by manually entering the URL of the bank.
B.) Follow the link provided in the e-mail and enter your login information – after all, the e-mail has your bank’s logo and looks legitimate.
C.) Set up my anti-spam software to automatically purge messages received from people not listed in my contacts.
D.) I know It’s phishing, so I will just put false information in to fool the hackers. It is not my information, they cannot do anything to harm me.
Answer.: A
24.)To whom should you express your concerns and suggestions related to information security at your location?
A.) Information Security Manager
B.) Security Guard
C.) Admin Head
D.) HR Manager
Answer.: A
25.) A top government official is coming to visit you in one of the Company offices. This person is a prospective client for Company. Select the appropriate choices to handle the visitor access for such officials.
A.) Since the person is a prospective client and high profile government official, you need not follow the visitor management process.
B.) It is allowed to completely avoid the visitor process for such visitors.
C.) You are busy completing daily tasks and hence should request someone from admin to escort the official.
D.) You should obtain all the details in advance and keep things ready so that minimal time is spent while issuing the visitor ID card, and as a host, you should ensure that the official is escorted.
Answer.: D
26.)The client has sent you some data on a USB stick. What are the mandatory steps that you need to follow?
A.) Need to declare the media at the reception
B.) If media has to be connected to the Company network, it should be scanned by IS for virus
C.) After approval by IS, it should be approved by OU/Sub OU/SSG ISM to copy the required data
D.) IS team will copy the required information onto an appropriate location.
Answer.: All of The Above
27.)While working on an assignment where you are an administrator for the database, your password?
A.) Can be shared with a team member if a need arises
B.) Can be shared with clients if they ask for it
C.) Can be shared with a supervisor only
D.) Should never be disclosed to anyone or shared with anyone
Answer.: D
28.) One day when you log on to your e-mail, you find that there is an unsolicited e-mail having abusive and offensive content in your Inbox. What should you do?
A.) Forward such e-mails to your colleagues
B.) Report an incident along with the evidence (Header information and copy of e-mail) and then delete such e-mails from your mailbox
C.) Save such e-mails for future use.
D.) Do nothing.
Answer.: B
29.)You are attending an Important telecon with your client manager. All of a sudden, you hear a fire alarm. What should you do?
A.) Continue with the call as these alarms are part of regular drills and your meeting is important.
B.) Inform the client at other ends about the fire alarm and evacuate the building using the closest fire exit along with others.
C.) Contact your ISM and inform them about the situation and take approval to continue with the call.
D.) Drop an email to the Admin about your presence in the building and that you are not evacuating due to an important call with the client.
Answer.: B
30.)What data would you typically select for the backup?
A.) Taking regular backup is just a recommendation; so no backup is really required.
B.) Only a large amount of data
C.) All of your personal data
D.) Data that will Impact the project execution thus impacting Company or its customer
Answer.: D
31.)You are on leave when you receive an urgent call from your supervisor asking for your login credentials so that another team member can log in and complete the pending request. What should you do in such a situation?
A.) You should share your credentials as work is being affected.
B.) You should share your credentials because even If something goes wrong you are not responsible for being on leave.
C.) You should raise a security incident.
D.) You should not share your credentials.
Answer.: C and D
32.)You are not allowed to classify any information as Public without authorization. Is this statement True or False?
A.) TRUE
B.) FALSE
Answer.: A TRUE
33.) Rohit Is a project leader for a team of 30 people. He has to catch an evening flight and so is leaving the office a bit early. He was requested for laptop verification at the security desk while leaving the office. What should Rohit do?
A.) Rohit is a project leader so there is no need for him to give his laptop for verification
B.) As security has checked the laptop while entering the office, there is no need to check while leaving the office
C.) Being a laptop user, Rohit should cooperate with a security person for laptop verification.
D.) Rohit should expect a waiver since he has to catch the flight.
Answer.: C
34.)You are working overseas at a client location and need to use the data when you return to your home country. How will you ensure data availability?
A.) Copy the data to a personal laptop
B.) upload the data on the internet
C.) Copy the data on a personal USB drive and carry it with you
D.) Carry the data with you with client permission
Answer.: D
35.) You receive a call from your friend asking you to leave Immediately as there Is some unrest In a certain part of the city. Which of these is the most appropriate action for you to take?
A.) You will leave immediately without informing anybody.
B.) You will inform ever one about the call and ask them to leave as well
C.) Ask your friends in the office and try to confirm whether they are aware of such unrest.
D.) Inform the Admin/ML about the call and wait for their instructions.
Answer.: D
36.)You are taking a printout of a debugging code you have written. What precautions do you need to take?
A.) Collect the printouts Immediately.
B.) if the paper jams, remove the paper and shred it.
C.) Collect the printout next lime you take a break
D.) Ensure that printout is classified properly
Answer.: A, B, and D
37.)The primary reason for which I am not allowed to store unlicensed music files on Company assets is that:
A.) Company Is against music.
B.) My manager would not like it.
C.) It is a copyright violation.
D.) It occupies hard disk space.
Answer.: C
38.)You were creating some design/flow diagrams on paper for a sensitive project of a client. when suddenly the PL calls you for an urgent meeting in a meeting room which is outside the Offshore Development Center (ODC). What is the appropriate way to handle the papers?
A.) While entering the meeting room, you realize that you are carving the papers and you see your friend from another account passing by, so you send the papers with him to be handed over to
someone in your ODC.
B.) Put all paper inside your desk drawers. Lock it and then go for a meeting.
C.) Leave the papers on the desk since it is a restricted access ODC
D.) None of the above
Answer.: B
39.)You are working on a project and require logging on to the environment managed by the client The client has provided you with a single user ID and your entire team uses the same ID to login to the environment. Which of these statements is correct in this context?
A.) It is not wrong to share credentials since the team has to complete the delivery according to the schedule
B.) The team should present the scenario to the customer and request more IDs. In case the customer declines, connect with your ISM and inform the client before sharing credentials
C.) credentials Smould never be shared. You should consult our OU loM In such scenarios
D.) it is not wrong to share credentials since this has been shared within the team
Answer.: C
40.)You have backed up your project information on media. The project will continue for the next two years. How often should the restorability test be done?
A.) Should be done only once in the lifetime of the media
B.) Should be done immediately after the backup and it is a one-time activity only
C.) Should be done regularly
D.) Depends on client requirements according to the contract
Answer.: C
41.)Which of the following is not true about Information classified as Private and confidential?
A.) Information is not specific to individuals.
B.) Information can be in the custody of the company.
C.) Information always belongs to the company.
D.) Disclosure of such information is not desirable.
Answer.: A and C
42.)YOU are searching the Internet for some Information. After clicking a link on one page you become suspicious that it may have triggered a virus or something which is wrong. What should be your immediate reaction?
A.) Isolate the machine from the network. (Disconnect from the network)
B.) Log a ticket on Global Helpdesk and wait for someone to attend. Till then continue to work
C.) Ignore the suspicion and continue to work.
D.) Call up the information security manager and wait for instruction
Answer.: A and D
43.)You are executing a project and you have come to know that project information has to be retained for a period more than the project duration due to regulatory requirements. What should you do?
A.) Just keep the backup of Information as a customer would be aware of the regulatory requirements.
B.) Communicate to the customer that information has to be retained beyond project duration with the reason.
C.) No need to communicate to the customer as it is a regulatory requirement
Answer.: B
44.)Which of the following is most appropriate with regard to an organization’s Business Continuity Planning (BCP) framework?
A.) It is not necessary to have a BCP framework and in the event of a crisis, instant measures can be taken as per the need of the hour.
B.) An organization should implement a BCP framework without doing a cost-benefit analysis.
C.) The organization should carry out cost-benefit analysis with due diligence and then implement a BCP framework that meets the business objectives of all concerned.
D.) None of the above
Answer.: C
45.)The company recommended method of disposing of non-electronic Information in paper form classified as Restricted, Confidential, or Private & Confidential is the same. Is this statement True or False?
A.) TRUE
B.) FALSE
Answer.: A
46.)How should an Information Security Incident be reported?
A.) Through the Incident Management Tool /through Phone/through e-mail/In Person
B.) Only through Incident Management Tool
C.) Only through Phone
D.) Only through e-mail
Answer.: A
47.)You find that your webmail ID is compromised. What could be the possible reasons?
A.) You accessed it from a nearby internet café, and there was a keylogger that captured your ID and password
B.) Company Webmail is vulnerable to such attacks and nothing can be done about it.
C.) You did not change your webmail password in a very long time.
D.) It is impossible to compromise any webmail account due to TOS Security policy,
Answer.: A and C
48.)You are the owner of the information and you have to share it with the client. For some reason, It is not possible to label the information. What should you do while sharing the information?
A.) When you cannot label the information due to technical reasons, you just need to raise a Change Request and then share the document.
B.) You should encrypt the information before sharing it.
C.) While sharing the information with the client, communicate to the client about the protection required for the information.
D.) You should share the information with the client directly since there is a Non-Disclosure and Confidentiality Agreement signed with the customer.
Answer.: C
49.)Which of the following choices should be covered while preparing the information backup schedule?
A.) Details of System/Device/Application Name and Information to be backed up
B.) Type of backup and backup location
C.) Frequency of backup and the time schedule of the backup process
D.) Retention period and restoration requirement
Answer.: All of the above.
50.)You are working on a project at a client site. The client has provided you with an e-mail id on their domain, you are not allowed to access the company e-mail id through the client network. What will you do to access e-mails received on our company ID? Select appropriate choice?
A.) Use client network to access company e-mails as you know that access is not blocked
B.)Use the Auto Forward feature of Les e-mail and forward mails received on your company ID to your client e-mail ID.
C.)Use the Auto Forward feature of company e-mail and forward e-mails received on company ID to your personal e-mail ld like Gmail or Yahoo
D.)Use webmail to access Tes e-mails outside the client network or have louts Notes configured on smartphone and use a network other than client network.
Answer.: D
51.)Where can you find company process for Business Continuity Management?
A.)In iQMS Wik
B.)In KNOWMAX
C.)In Integrated Project Management System (IPMS)
D.)in Enterprise Process Web (EPW)
Answer.: A
52.)What data would you typically select for the backup?
A.) Taking regular backup is just a recommendation; so no backup is really required.
B.) Only a large amount of data
C.) All of your personal data
D.) Data that will impact the project execution thus Impacting the company or its customer
Answer.: D
53.)While working on an assignment where you are an administrator for the database, your password?
A.)Can be shared with team members If a need arises
B.)Can be shared with clients if they ask for it
C.)Can be shared with a supervisor only.
D.)Should never be disclosed to anyone or shared with anyone
Answer.: D
54.)Why do you need Business Continuity Plan?
A.)To be able to continue our critical operations in the event of any crisis/disaster
B.)Because others have it
C.)To minimize the impact of any crisis/disaster to company and our customers
Answer.: A and B
55.)The access-related controls for Confidential classification are more stringent as compared to Internal classification. Is this statement True or False and Why?
A.)TRUE as Confidential information is distributed among a limited number of people
B.)FALSE, as Internal information is stored within the company network
C.)TRUE, as the business impact due to unauthorized disclosure of confidential information is more than internal information.
D.)FALSE, as business impact due to unauthorized disclosure can be the same in both classifications.
Answer.: C
#isecurityquiz #technical #informationTechnology
टिप्पण्या