2018 Security Awareness Compliance Training Assessment

1. You print a series of documents containing sensitive information for a client meeting. After the meeting is finished, what is the proper way to dispose of these documents?

Place the documents in the recycling bin.

Take the documents home and put them in your personal trash can.

Shred the documents.

Put the documents in the trash can at the office.

The proper way to dispose of documents containing sensitive information is to shred them. This ensures that the information cannot be accessed or retrieved by anyone else. Placing the documents in the recycling bin, putting them in your personal trash can, or putting them in the trash can at the office leaves the possibility of someone finding and using the information. Shredding provides a higher level of security and protection for the sensitive information.

Explanation

The proper way to dispose of documents containing sensitive information is to shred them. This ensures that the information cannot be accessed or retrieved by anyone else. Placing the documents in the recycling bin, putting them in your personal trash can, or putting them in the trash can at the office leaves the possibility of someone finding and using the information. Shredding provides a higher level of security and protection for the sensitive information.

2. What should you do AS SOON AS you discover that a Security Incident occurred (or you have reason to believe one might have)?

Fix the problem on your own.

Notify a member of the Security Council.

Inform local and national media outlets.

Contact the hackers or entities that performed the attack.

As soon as you discover a security incident or have reason to believe one might have occurred, the appropriate action is to notify a member of the Security Council. This is important because the Security Council is responsible for handling security incidents and has the expertise to assess the situation, investigate the incident, and take necessary actions to mitigate the impact and prevent further damage. Fixing the problem on your own may not be sufficient or effective, and contacting the hackers or entities that performed the attack is not recommended as it can compromise the investigation and potentially escalate the situation. Informing local and national media outlets is not the immediate priority and should be done only after the incident is properly addressed.

Explanation

As soon as you discover a security incident or have reason to believe one might have occurred, the appropriate action is to notify a member of the Security Council. This is important because the Security Council is responsible for handling security incidents and has the expertise to assess the situation, investigate the incident, and take necessary actions to mitigate the impact and prevent further damage. Fixing the problem on your own may not be sufficient or effective, and contacting the hackers or entities that performed the attack is not recommended as it can compromise the investigation and potentially escalate the situation. Informing local and national media outlets is not the immediate priority and should be done only after the incident is properly addressed.

3. Which one of the following statements about a password is TRUE?

It must be changed only if it is compromised.

It cannot contain special character symbols.

It must be registered with the system administrator.

It must be changed on a quarterly basis.

The correct answer is that a password must be changed on a quarterly basis. This is a common security practice to ensure that passwords are regularly updated and to minimize the risk of unauthorized access. By changing passwords regularly, it reduces the likelihood of a compromised password being used maliciously.

Explanation

The correct answer is that a password must be changed on a quarterly basis. This is a common security practice to ensure that passwords are regularly updated and to minimize the risk of unauthorized access. By changing passwords regularly, it reduces the likelihood of a compromised password being used maliciously.

4. Where can the Credly Written Information Security Policy be found?

Www.credly.com

Www.youracclaim.com

Intranet.credly.com

Credly’s AWS (Amazon Web Services) account

The Credly Written Information Security Policy can be found on intranet.credly.com. This is the internal website of Credly where employees can access company-specific information and policies.

Explanation

The Credly Written Information Security Policy can be found on intranet.credly.com. This is the internal website of Credly where employees can access company-specific information and policies.

5. Which of the following security practices requires all Credly employees to take a screenshot when completed?

Locking your screen when stepping away from the computer.

Securely handling sensitive information.

Reporting security incidents.

Installing antivirus software.

Installing antivirus software is a security practice that requires all Credly employees to take a screenshot when completed. This is because taking a screenshot provides evidence that the antivirus software has been successfully installed on the computer. This practice ensures that all employees have the necessary protection against malware and other security threats.

Explanation

Installing antivirus software is a security practice that requires all Credly employees to take a screenshot when completed. This is because taking a screenshot provides evidence that the antivirus software has been successfully installed on the computer. This practice ensures that all employees have the necessary protection against malware and other security threats.

6. Which of the following should you report to a member of the Security Council?

Theft of your company issued laptop.

Intentionally clicking a link in a phishing email.

Accidentally sending sensitive client information to the wrong person.

All of the above.

All of the mentioned incidents should be reported to a member of the Security Council because they all pose potential security risks. The theft of a company-issued laptop can result in unauthorized access to sensitive information. Intentionally clicking a link in a phishing email can lead to malware installation or unauthorized access to personal or company data. Accidentally sending sensitive client information to the wrong person can result in a data breach and compromise client confidentiality. Reporting these incidents allows for appropriate actions to be taken to mitigate the risks and prevent further security breaches.

Explanation

All of the mentioned incidents should be reported to a member of the Security Council because they all pose potential security risks. The theft of a company-issued laptop can result in unauthorized access to sensitive information. Intentionally clicking a link in a phishing email can lead to malware installation or unauthorized access to personal or company data. Accidentally sending sensitive client information to the wrong person can result in a data breach and compromise client confidentiality. Reporting these incidents allows for appropriate actions to be taken to mitigate the risks and prevent further security breaches.

7. Which one of the following statements about wireless networks is TRUE?

They cannot be intercepted by unknown users.

They limit accessibility to other users.

They limit visibility to other users.

They can be accessible to other users.

Wireless networks can be accessed by other users because the signals are transmitted through the air and can be intercepted by anyone within range. This is why it is important to secure wireless networks with passwords and encryption to prevent unauthorized access.

Explanation

Wireless networks can be accessed by other users because the signals are transmitted through the air and can be intercepted by anyone within range. This is why it is important to secure wireless networks with passwords and encryption to prevent unauthorized access.

8. Which one of the following is an example of phishing?

An email warning the recipient of a computer virus threat.

An email directing the recipient to forward the email to friends.

An email directing the recipient to enter personal details on a fake website made to look legitimate.

An email from your manager about an upcoming meeting.

An email directing the recipient to enter personal details on a fake website made to look legitimate is an example of phishing. Phishing is a type of cyber attack where the attacker pretends to be a trustworthy entity in order to deceive individuals into providing sensitive information such as passwords, credit card numbers, or social security numbers. In this case, the email is attempting to trick the recipient into thinking they are entering their personal details on a legitimate website, when in reality, it is a fake website created by the attacker.

Explanation

An email directing the recipient to enter personal details on a fake website made to look legitimate is an example of phishing. Phishing is a type of cyber attack where the attacker pretends to be a trustworthy entity in order to deceive individuals into providing sensitive information such as passwords, credit card numbers, or social security numbers. In this case, the email is attempting to trick the recipient into thinking they are entering their personal details on a legitimate website, when in reality, it is a fake website created by the attacker.

9. What is NOT considered sensitive information under the Credly Written Information Security Policy?

An earner’s profile information.

A proposal sent to a client.

Your social media posts.

A document describing a client’s credential issuing strategy.

According to the Credly Written Information Security Policy, social media posts are not considered sensitive information. This implies that the information shared on social media platforms is not considered confidential or private. The policy likely classifies social media posts as public information that can be accessed and viewed by anyone, rather than sensitive data that needs to be protected.

Explanation

According to the Credly Written Information Security Policy, social media posts are not considered sensitive information. This implies that the information shared on social media platforms is not considered confidential or private. The policy likely classifies social media posts as public information that can be accessed and viewed by anyone, rather than sensitive data that needs to be protected.

10. When may you download and store Credly sensitive information on your local computer?

When the information is encrypted.

When the information is password protected.

When the password is in a hidden folder.

Never.

It is not recommended to download and store Credly sensitive information on a local computer, regardless of whether it is encrypted, password protected, or stored in a hidden folder. This is because storing sensitive information on a local computer increases the risk of unauthorized access, data breaches, and potential loss or theft of the information. It is safer to access and handle sensitive information directly through secure online platforms or systems provided by Credly.

Explanation

It is not recommended to download and store Credly sensitive information on a local computer, regardless of whether it is encrypted, password protected, or stored in a hidden folder. This is because storing sensitive information on a local computer increases the risk of unauthorized access, data breaches, and potential loss or theft of the information. It is safer to access and handle sensitive information directly through secure online platforms or systems provided by Credly.

11. Which of the following is an acceptable password?

H@ppyHol1dayz

Doktori23?

Password123!!

Kla4%

The password "H@ppyHol1dayz" is acceptable because it includes a combination of uppercase and lowercase letters, numbers, and special characters. This makes it more secure and harder to guess.

Explanation

The password "H@ppyHol1dayz" is acceptable because it includes a combination of uppercase and lowercase letters, numbers, and special characters. This makes it more secure and harder to guess.

12. How frequently must you change your password?

Every 30 days.

Every 90 days.

Once Per Year.

Passwords need not be changed if they are automatically generated by a password manager such as “LastPass.”

Passwords should be changed every 90 days to ensure security. This time frame strikes a balance between ensuring that passwords are regularly updated to prevent unauthorized access and minimizing the inconvenience of frequently changing passwords. Changing passwords regularly helps protect against password guessing, brute force attacks, and unauthorized access to accounts. Additionally, it reduces the risk of compromised passwords being used for an extended period of time.

Explanation

Passwords should be changed every 90 days to ensure security. This time frame strikes a balance between ensuring that passwords are regularly updated to prevent unauthorized access and minimizing the inconvenience of frequently changing passwords. Changing passwords regularly helps protect against password guessing, brute force attacks, and unauthorized access to accounts. Additionally, it reduces the risk of compromised passwords being used for an extended period of time.

13. Which is not an acceptable method for locking a workstation?

Press Windows Key + L

Type LOCK on your keyboard, then press enter

Press Command + Option + Power

Press Command + Option + Eject

Typing "LOCK" on the keyboard and then pressing enter is not an acceptable method for locking a workstation. This is because there is no standard keyboard shortcut or command to lock a workstation by typing "LOCK" and pressing enter. The other options listed are valid methods for locking a workstation on different operating systems such as Windows and Mac.

Explanation

Typing "LOCK" on the keyboard and then pressing enter is not an acceptable method for locking a workstation. This is because there is no standard keyboard shortcut or command to lock a workstation by typing "LOCK" and pressing enter. The other options listed are valid methods for locking a workstation on different operating systems such as Windows and Mac.

14. Which of the following laws govern Credly's treatment of personally identifiable data?

European Union General Data Protection Regulation (GDPR)

The California Consumer Privacy Act of 2018

The Children’s Online Privacy Protection Act (COPPA)

All of the Above

All of the listed laws govern Credly's treatment of personally identifiable data. The European Union General Data Protection Regulation (GDPR) is a regulation that protects the personal data and privacy of European Union citizens. The California Consumer Privacy Act of 2018 (CCPA) is a state law that gives California residents rights over their personal information and requires businesses to be transparent about their data collection practices. The Children's Online Privacy Protection Act (COPPA) is a federal law that imposes certain requirements on websites and online services that collect personal information from children under the age of 13. Therefore, all three laws apply to Credly's treatment of personally identifiable data.

Explanation

All of the listed laws govern Credly's treatment of personally identifiable data. The European Union General Data Protection Regulation (GDPR) is a regulation that protects the personal data and privacy of European Union citizens. The California Consumer Privacy Act of 2018 (CCPA) is a state law that gives California residents rights over their personal information and requires businesses to be transparent about their data collection practices. The Children's Online Privacy Protection Act (COPPA) is a federal law that imposes certain requirements on websites and online services that collect personal information from children under the age of 13. Therefore, all three laws apply to Credly's treatment of personally identifiable data.

15. Which of the following are possible warning signs of a potential insider threat situation? Select all that apply.

A coworker is attempting to copy company proprietary data without being authorized to do so.

A coworker is downloading a large amount of company information.

Overhearing a coworker discuss working for a competitor of Credly.

The possible warning signs of a potential insider threat situation include a coworker attempting to copy company proprietary data without authorization, a coworker downloading a large amount of company information, overhearing a coworker expressing dissatisfaction with working at Credly and their desire to take adverse actions, and overhearing a coworker discussing working for a competitor of Credly. These actions suggest that the coworker may have malicious intentions or may be planning to misuse company resources or confidential information, making them potential insider threats.

Explanation

The possible warning signs of a potential insider threat situation include a coworker attempting to copy company proprietary data without authorization, a coworker downloading a large amount of company information, overhearing a coworker expressing dissatisfaction with working at Credly and their desire to take adverse actions, and overhearing a coworker discussing working for a competitor of Credly. These actions suggest that the coworker may have malicious intentions or may be planning to misuse company resources or confidential information, making them potential insider threats.

Submit

16. How does a Credly employee determine if information is confidential? Choose the best answer.

The information is marked confidential AND a reasonable person would consider it to be confidential.

The information is marked confidential.

The information is marked confidential OR a reasonable person would consider it to be confidential.

A reasonable person would consider the information to be confidential.

A Credly employee determines if information is confidential based on whether it is marked as confidential or if a reasonable person would consider it to be confidential.

Explanation

A Credly employee determines if information is confidential based on whether it is marked as confidential or if a reasonable person would consider it to be confidential.

17. Which of the following statements is TRUE?

A document must be marked as “confidential” to be treated as confidential under the Credly Written Information Security Policy.

The Credly Written Information Security Policy only applies to information that has never been disclosed to the public.

The Credly Written Information Security Policy covers non-confidential information belonging to Credly’s clients.

The Credly Written Information Security Policy only applies to employees who use earner profile Information.

The correct answer is that the Credly Written Information Security Policy covers non-confidential information belonging to Credly's clients. This means that the policy applies to information that is not marked as confidential, but still belongs to Credly's clients.

Explanation

The correct answer is that the Credly Written Information Security Policy covers non-confidential information belonging to Credly's clients. This means that the policy applies to information that is not marked as confidential, but still belongs to Credly's clients.

18. Sending email via Credly's Gmail system means that the email is encrypted in transit.

True

False

When sending an email via Credly's Gmail system, the email is encrypted in transit. This means that the email message is converted into a secret code during transmission, making it difficult for unauthorized individuals to intercept and read the content of the email. Encryption ensures the privacy and security of the email, protecting sensitive information from being accessed by malicious actors during the transfer process. Therefore, the statement is true.

Explanation

When sending an email via Credly's Gmail system, the email is encrypted in transit. This means that the email message is converted into a secret code during transmission, making it difficult for unauthorized individuals to intercept and read the content of the email. Encryption ensures the privacy and security of the email, protecting sensitive information from being accessed by malicious actors during the transfer process. Therefore, the statement is true.

19. Which three positions make up the Company's Security Council?

Chief Privacy Officer, Chief Security Officer, General Counsel

Chief Security Officer, Chief Privacy Officer, Chief Operating Officer

Chief Privacy Officer, Chief Security Officer, Software Development Manager

Vice President Product, General Counsel, Senior Legal Counsel

The correct answer is Chief Privacy Officer, Chief Security Officer, Software Development Manager. These three positions make up the Company's Security Council. The Chief Privacy Officer is responsible for ensuring the company's compliance with privacy laws and regulations. The Chief Security Officer is in charge of implementing and maintaining the company's security measures. The Software Development Manager is involved in ensuring the security of the company's software systems. Together, these three positions work together to address privacy and security concerns within the company.

Explanation

The correct answer is Chief Privacy Officer, Chief Security Officer, Software Development Manager. These three positions make up the Company's Security Council. The Chief Privacy Officer is responsible for ensuring the company's compliance with privacy laws and regulations. The Chief Security Officer is in charge of implementing and maintaining the company's security measures. The Software Development Manager is involved in ensuring the security of the company's software systems. Together, these three positions work together to address privacy and security concerns within the company.

20. It is ok to use a product that processes the personally identifiable data of Credly employees or users if:

My manager says it is ok.

A member of the Security Council says it is ok.

It has been posted at Credly.com/Subprocessors for at least 30 days.

The product is in wide use or generally well-known.

The correct answer is "It has been posted at Credly.com/Subprocessors for at least 30 days." This suggests that Credly has a specific process for vetting and approving products that process personally identifiable data. By ensuring that the product has been posted on their official website for at least 30 days, it allows for transparency and gives stakeholders an opportunity to review and assess the product's compliance with data protection regulations. This helps to ensure that the use of such a product is in line with Credly's data privacy and security policies.

Explanation

The correct answer is "It has been posted at Credly.com/Subprocessors for at least 30 days." This suggests that Credly has a specific process for vetting and approving products that process personally identifiable data. By ensuring that the product has been posted on their official website for at least 30 days, it allows for transparency and gives stakeholders an opportunity to review and assess the product's compliance with data protection regulations. This helps to ensure that the use of such a product is in line with Credly's data privacy and security policies.