2018 Security Awareness Compliance Training Assessment
Instructions:
1- Finish the questions in this assessment before 12 PM (noon) on August 13, 2018.
2- You must answer 85% of the questions correctly (17/20).
3- After you complete the assessment, a certificate will appear on your screen showing your score. Take a screenshot of the certificate and send the certificate to Ramtin Taheri (rtaheri@credly. Com).
- 1.
Which one of the following is an example of phishing?
- A.
An email warning the recipient of a computer virus threat.
- B.
An email directing the recipient to forward the email to friends.
- C.
An email directing the recipient to enter personal details on a fake website made to look legitimate.
- D.
An email from your manager about an upcoming meeting.
Correct Answer
C. An email directing the recipient to enter personal details on a fake website made to look legitimate.Explanation
An email directing the recipient to enter personal details on a fake website made to look legitimate is an example of phishing. Phishing is a type of cyber attack where the attacker pretends to be a trustworthy entity in order to deceive individuals into providing sensitive information such as passwords, credit card numbers, or social security numbers. In this case, the email is attempting to trick the recipient into thinking they are entering their personal details on a legitimate website, when in reality, it is a fake website created by the attacker.Rate this question:
-
- 2.
Which of the following is an acceptable password?
- A.
H@ppyHol1dayz
- B.
Doktori23?
- C.
Password123!!
- D.
Kla4%
Correct Answer
A. H@ppyHol1dayzExplanation
The password "H@ppyHol1dayz" is acceptable because it includes a combination of uppercase and lowercase letters, numbers, and special characters. This makes it more secure and harder to guess.Rate this question:
-
- 3.
Where can the Credly Written Information Security Policy be found?
- A.
Www.credly.com
- B.
Www.youracclaim.com
- C.
Intranet.credly.com
- D.
Credly’s AWS (Amazon Web Services) account
Correct Answer
C. Intranet.credly.comExplanation
The Credly Written Information Security Policy can be found on intranet.credly.com. This is the internal website of Credly where employees can access company-specific information and policies.Rate this question:
-
- 4.
Which of the following are possible warning signs of a potential insider threat situation? Select all that apply.
- A.
A coworker is attempting to copy company proprietary data without being authorized to do so.
- B.
A coworker is downloading a large amount of company information.
- C.
Overhearing a coworker constantly expressing their dissatisfaction with working at Credly, and their desire to take adverse actions due to that dissatisfaction.
- D.
Overhearing a coworker discuss working for a competitor of Credly.
Correct Answer(s)
A. A coworker is attempting to copy company proprietary data without being authorized to do so.
B. A coworker is downloading a large amount of company information.
C. Overhearing a coworker constantly expressing their dissatisfaction with working at Credly, and their desire to take adverse actions due to that dissatisfaction.
D. Overhearing a coworker discuss working for a competitor of Credly.Explanation
The possible warning signs of a potential insider threat situation include a coworker attempting to copy company proprietary data without authorization, a coworker downloading a large amount of company information, overhearing a coworker expressing dissatisfaction with working at Credly and their desire to take adverse actions, and overhearing a coworker discussing working for a competitor of Credly. These actions suggest that the coworker may have malicious intentions or may be planning to misuse company resources or confidential information, making them potential insider threats.Rate this question:
-
- 5.
You print a series of documents containing sensitive information for a client meeting. After the meeting is finished, what is the proper way to dispose of these documents?
- A.
Place the documents in the recycling bin.
- B.
Take the documents home and put them in your personal trash can.
- C.
Shred the documents.
- D.
Put the documents in the trash can at the office.
Correct Answer
C. Shred the documents.Explanation
The proper way to dispose of documents containing sensitive information is to shred them. This ensures that the information cannot be accessed or retrieved by anyone else. Placing the documents in the recycling bin, putting them in your personal trash can, or putting them in the trash can at the office leaves the possibility of someone finding and using the information. Shredding provides a higher level of security and protection for the sensitive information.Rate this question:
-
- 6.
Which is not an acceptable method for locking a workstation?
- A.
Press Windows Key + L
- B.
Type LOCK on your keyboard, then press enter
- C.
Press Command + Option + Power
- D.
Press Command + Option + Eject
Correct Answer
B. Type LOCK on your keyboard, then press enterExplanation
Typing "LOCK" on the keyboard and then pressing enter is not an acceptable method for locking a workstation. This is because there is no standard keyboard shortcut or command to lock a workstation by typing "LOCK" and pressing enter. The other options listed are valid methods for locking a workstation on different operating systems such as Windows and Mac.Rate this question:
-
- 7.
What should you do AS SOON AS you discover that a Security Incident occurred (or you have reason to believe one might have)?
- A.
Fix the problem on your own.
- B.
Notify a member of the Security Council.
- C.
Inform local and national media outlets.
- D.
Contact the hackers or entities that performed the attack.
Correct Answer
B. Notify a member of the Security Council.Explanation
As soon as you discover a security incident or have reason to believe one might have occurred, the appropriate action is to notify a member of the Security Council. This is important because the Security Council is responsible for handling security incidents and has the expertise to assess the situation, investigate the incident, and take necessary actions to mitigate the impact and prevent further damage. Fixing the problem on your own may not be sufficient or effective, and contacting the hackers or entities that performed the attack is not recommended as it can compromise the investigation and potentially escalate the situation. Informing local and national media outlets is not the immediate priority and should be done only after the incident is properly addressed.Rate this question:
-
- 8.
How frequently must you change your password?
- A.
Every 30 days.
- B.
Every 90 days.
- C.
Once Per Year.
- D.
Passwords need not be changed if they are automatically generated by a password manager such as “LastPass.”
Correct Answer
B. Every 90 days.Explanation
Passwords should be changed every 90 days to ensure security. This time frame strikes a balance between ensuring that passwords are regularly updated to prevent unauthorized access and minimizing the inconvenience of frequently changing passwords. Changing passwords regularly helps protect against password guessing, brute force attacks, and unauthorized access to accounts. Additionally, it reduces the risk of compromised passwords being used for an extended period of time.Rate this question:
-
- 9.
What is NOT considered sensitive information under the Credly Written Information Security Policy?
- A.
An earner’s profile information.
- B.
A proposal sent to a client.
- C.
Your social media posts.
- D.
A document describing a client’s credential issuing strategy.
Correct Answer
C. Your social media posts.Explanation
According to the Credly Written Information Security Policy, social media posts are not considered sensitive information. This implies that the information shared on social media platforms is not considered confidential or private. The policy likely classifies social media posts as public information that can be accessed and viewed by anyone, rather than sensitive data that needs to be protected.Rate this question:
-
- 10.
Which of the following should you report to a member of the Security Council?
- A.
Theft of your company issued laptop.
- B.
Intentionally clicking a link in a phishing email.
- C.
Accidentally sending sensitive client information to the wrong person.
- D.
All of the above.
Correct Answer
D. All of the above.Explanation
All of the mentioned incidents should be reported to a member of the Security Council because they all pose potential security risks. The theft of a company-issued laptop can result in unauthorized access to sensitive information. Intentionally clicking a link in a phishing email can lead to malware installation or unauthorized access to personal or company data. Accidentally sending sensitive client information to the wrong person can result in a data breach and compromise client confidentiality. Reporting these incidents allows for appropriate actions to be taken to mitigate the risks and prevent further security breaches.Rate this question:
-
- 11.
Which of the following security practices requires all Credly employees to take a screenshot when completed?
- A.
Locking your screen when stepping away from the computer.
- B.
Securely handling sensitive information.
- C.
Reporting security incidents.
- D.
Installing antivirus software.
Correct Answer
D. Installing antivirus software.Explanation
Installing antivirus software is a security practice that requires all Credly employees to take a screenshot when completed. This is because taking a screenshot provides evidence that the antivirus software has been successfully installed on the computer. This practice ensures that all employees have the necessary protection against malware and other security threats.Rate this question:
-
- 12.
When may you download and store Credly sensitive information on your local computer?
- A.
When the information is encrypted.
- B.
When the information is password protected.
- C.
When the password is in a hidden folder.
- D.
Never.
Correct Answer
D. Never.Explanation
It is not recommended to download and store Credly sensitive information on a local computer, regardless of whether it is encrypted, password protected, or stored in a hidden folder. This is because storing sensitive information on a local computer increases the risk of unauthorized access, data breaches, and potential loss or theft of the information. It is safer to access and handle sensitive information directly through secure online platforms or systems provided by Credly.Rate this question:
-
- 13.
How does a Credly employee determine if information is confidential? Choose the best answer.
- A.
The information is marked confidential AND a reasonable person would consider it to be confidential.
- B.
The information is marked confidential.
- C.
The information is marked confidential OR a reasonable person would consider it to be confidential.
- D.
A reasonable person would consider the information to be confidential.
Correct Answer
C. The information is marked confidential OR a reasonable person would consider it to be confidential.Explanation
A Credly employee determines if information is confidential based on whether it is marked as confidential or if a reasonable person would consider it to be confidential.Rate this question:
-
- 14.
Which three positions make up the Company’s Security Council?
- A.
Chief Privacy Officer, Chief Security Officer, General Counsel
- B.
Chief Security Officer, Chief Privacy Officer, Chief Operating Officer
- C.
Chief Privacy Officer, Chief Security Officer, Software Development Manager
- D.
Vice President Product, General Counsel, Senior Legal Counsel
Correct Answer
C. Chief Privacy Officer, Chief Security Officer, Software Development ManagerExplanation
The correct answer is Chief Privacy Officer, Chief Security Officer, Software Development Manager. These three positions make up the Company's Security Council. The Chief Privacy Officer is responsible for ensuring the company's compliance with privacy laws and regulations. The Chief Security Officer is in charge of implementing and maintaining the company's security measures. The Software Development Manager is involved in ensuring the security of the company's software systems. Together, these three positions work together to address privacy and security concerns within the company.Rate this question:
-
- 15.
Which one of the following statements about a password is TRUE?
- A.
It must be changed only if it is compromised.
- B.
It cannot contain special character symbols.
- C.
It must be registered with the system administrator.
- D.
It must be changed on a quarterly basis.
Correct Answer
D. It must be changed on a quarterly basis.Explanation
The correct answer is that a password must be changed on a quarterly basis. This is a common security practice to ensure that passwords are regularly updated and to minimize the risk of unauthorized access. By changing passwords regularly, it reduces the likelihood of a compromised password being used maliciously.Rate this question:
-
- 16.
Which of the following statements is TRUE?
- A.
A document must be marked as “confidential” to be treated as confidential under the Credly Written Information Security Policy.
- B.
The Credly Written Information Security Policy only applies to information that has never been disclosed to the public.
- C.
The Credly Written Information Security Policy covers non-confidential information belonging to Credly’s clients.
- D.
The Credly Written Information Security Policy only applies to employees who use earner profile Information.
Correct Answer
C. The Credly Written Information Security Policy covers non-confidential information belonging to Credly’s clients.Explanation
The correct answer is that the Credly Written Information Security Policy covers non-confidential information belonging to Credly's clients. This means that the policy applies to information that is not marked as confidential, but still belongs to Credly's clients.Rate this question:
-
- 17.
Sending email via Credly’s Gmail system means that the email is encrypted in transit.
- A.
True
- B.
False
Correct Answer
A. TrueExplanation
When sending an email via Credly's Gmail system, the email is encrypted in transit. This means that the email message is converted into a secret code during transmission, making it difficult for unauthorized individuals to intercept and read the content of the email. Encryption ensures the privacy and security of the email, protecting sensitive information from being accessed by malicious actors during the transfer process. Therefore, the statement is true.Rate this question:
-
- 18.
Which one of the following statements about wireless networks is TRUE?
- A.
They cannot be intercepted by unknown users.
- B.
They limit accessibility to other users.
- C.
They limit visibility to other users.
- D.
They can be accessible to other users.
Correct Answer
D. They can be accessible to other users.Explanation
Wireless networks can be accessed by other users because the signals are transmitted through the air and can be intercepted by anyone within range. This is why it is important to secure wireless networks with passwords and encryption to prevent unauthorized access.Rate this question:
-
- 19.
It is ok to use a product that processes the personally identifiable data of Credly employees or users if:
- A.
My manager says it is ok.
- B.
A member of the Security Council says it is ok.
- C.
It has been posted at Credly.com/Subprocessors for at least 30 days.
- D.
The product is in wide use or generally well-known.
Correct Answer
C. It has been posted at Credly.com/Subprocessors for at least 30 days.Explanation
The correct answer is "It has been posted at Credly.com/Subprocessors for at least 30 days." This suggests that Credly has a specific process for vetting and approving products that process personally identifiable data. By ensuring that the product has been posted on their official website for at least 30 days, it allows for transparency and gives stakeholders an opportunity to review and assess the product's compliance with data protection regulations. This helps to ensure that the use of such a product is in line with Credly's data privacy and security policies.Rate this question:
-
- 20.
Which of the following laws govern Credly’s treatment of personally identifiable data?
- A.
European Union General Data Protection Regulation (GDPR)
- B.
The California Consumer Privacy Act of 2018
- C.
The Children’s Online Privacy Protection Act (COPPA)
- D.
All of the Above
Correct Answer
D. All of the AboveExplanation
All of the listed laws govern Credly's treatment of personally identifiable data. The European Union General Data Protection Regulation (GDPR) is a regulation that protects the personal data and privacy of European Union citizens. The California Consumer Privacy Act of 2018 (CCPA) is a state law that gives California residents rights over their personal information and requires businesses to be transparent about their data collection practices. The Children's Online Privacy Protection Act (COPPA) is a federal law that imposes certain requirements on websites and online services that collect personal information from children under the age of 13. Therefore, all three laws apply to Credly's treatment of personally identifiable data.Rate this question:
-
Back to top