Cyber Security Exam: Trivia Quiz

The given answer is correct because it accurately explains the meaning of a clear screen and clear desk policy. A clear screen policy means that computers should be locked when the user is away from their desk to prevent unauthorized access. Similarly, a clear desk policy means that confidential documents should be secured and not accessible to unauthorized individuals when the user is not present. Both policies aim to protect sensitive information and maintain security.

Photos cannot be taken in secure areas. You are allowed to take the photos in Development areas, cafeteria, etc.

The security personnel have the right to ask individuals to display their ID badges and check their bags as a part of their duty to maintain safety and security in the area they are responsible for. This is a common practice in many public places, workplaces, and events to ensure that only authorized individuals are present and to prevent any potential threats or illegal activities. It helps in maintaining order and protecting the well-being of everyone present in the area.

Risk is the combination of the probability of an event occurring along with its consequence.

Firewalls are a security measure that helps reduce the vulnerability of outside attacks to our network. They act as a barrier between our internal network and external networks, monitoring and controlling incoming and outgoing network traffic. Firewalls analyze the data packets, determine their legitimacy, and block any unauthorized access attempts. By implementing firewalls, we can effectively filter and block potential threats, thus reducing the vulnerability of outside attacks to our network.

Phishing is the correct answer because it refers to the act of attempting to acquire sensitive information, such as usernames, passwords, and credit card details, by pretending to be a trustworthy entity in an electronic communication. In this scenario, the unknown person is trying to deceive the recipient by claiming to be a representative of their bank and asking for their account number and password. This is a classic example of phishing, where the attacker is trying to trick the victim into revealing their confidential information.

When receiving an email from an unknown contact with an attachment, it is important to prioritize cybersecurity. Opening the attachment can potentially expose your device to malware or viruses. Forwarding the attachment to colleagues and friends can unknowingly spread the threat further. Therefore, the safest course of action is to delete the email without opening it, ensuring the protection of your device and personal information.

Tailgating refers to the act of following closely behind someone through an access door without using one's own access card. This is considered a security breach as it allows unauthorized individuals to gain entry into a restricted area by taking advantage of someone else's access. It is important to prevent tailgating in order to maintain the integrity of access control systems and ensure the safety and security of the premises.

Social engineering is generally a hacker’s clever manipulation of the natural human tendency to trust.

 If a document is confidential or restricted, you need to dispose off it by shredding it. The environmental guidelines for reusing paper specify that only non-confidential paper should be reused.

Availability means the property of being accessible and usable upon demand by the authorized entity. Like Melange should be accessible at all times to MGL employees only.

The different categories of assets in an organization include information and paper assets, physical and application assets, and service assets. Option A, B, C is the correct answer because it includes all three categories of assets mentioned in the question.

The Business Continuity Plan captures the steps to be followed in case a disaster/incident occurs at the primary worksite.

You can report a security incident through HOTS, phone, or email. All of these options are valid methods for reporting a security incident.

In the given example, the threat is the virus. The statement mentions that antiviruses have been installed on individual systems to prevent the attack of the virus. This implies that the virus is a potential harm that needs to be protected against, making it the threat in this scenario.

The act of checking in code is typically associated with ensuring that the changes made to the code are correctly and accurately captured in the version control system, maintaining the integrity of the codebase.

The given correct answer is "Information Security Policy". This is because the policy mentioned in the statement focuses on managing the confidentiality and integrity of organizational and customer information assets, ensuring business continuity in the event of any security incident, and continually improving processes to enhance information security. Therefore, it is clear that the policy being referred to is the Information Security Policy.

The integrity of the data implies that the data should be accurate and complete. For Example: when we back up a database we don't expect only the structure and half the entries to be backed up, we expect the whole database to be backed up.

If a non-familiar face is seen in the access-controlled areas without the required identification tags, the appropriate action would be to escort the person to the security and raise a security incident. This ensures that the person is properly handled by the security personnel and that any potential threat or unauthorized entry is addressed. It is important to prioritize the safety and security of the office premises, and taking immediate action in such situations is necessary.

The financial result of your company being published on the website indicates that it is intended for public access and dissemination. As a public document, it is meant to be accessible to anyone who visits the website, including stakeholders, investors, and the general public. This classification suggests that the company wants to provide transparency and make its financial information readily available to interested parties.

To ensure the integrity of the software, developers can follow multiple steps. Firstly, they can maintain documents and code in a configuration management system, which allows for version control and tracking changes. Secondly, following coding guidelines ensures consistency and readability, reducing the chances of errors. Additionally, doing reviews and testing helps identify and fix any issues or bugs. Therefore, the correct answer is "All the above" as all these practices contribute to maintaining the integrity of the software.

ISO27001:2005 is the correct answer because it is the international standard for implementing an Information Security Management System (ISMS). This standard provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability. ISO27001:2005 sets out the requirements for establishing, implementing, maintaining, and continually improving an ISMS within the context of the organization's overall business risks. It helps organizations identify and address information security risks, protect against potential security breaches, and demonstrate a commitment to information security to stakeholders.

The difference between a restricted and confidential document is that a restricted document is to be shared among named individuals, while a confidential document is to be shared among an authorized group. This means that a restricted document is limited to specific individuals who have been named or identified, while a confidential document can be shared with a larger group of individuals who have been authorized to access it.

The correct answer is "Confidentiality, Integrity, and Availability." CIA of assets refers to the three fundamental principles of information security. Confidentiality ensures that information is accessible only to authorized individuals. Integrity ensures that information is accurate and trustworthy. Availability ensures that information is accessible and usable when needed. These principles are crucial for protecting sensitive data and maintaining the overall security of an organization.

This kind of communication often contains sensitive information and is intended for internal stakeholders, making it classified as confidential.

The correct answer is the first option. According to the given information, the ID badge color code at MGL is as follows: Vendor - Red, Employees - Blue, Visitor - Yellow, and Staff on Visit - Green.

The blue color sticker on certain physical assets signifies that the asset is highly critical and its failure will affect a group project's work in the organization.