1.
Business Continuity plans should be created by? Select appropriate response(s).
Correct Answer(s)
A. Board members
B. Team leads
C. Business Continuity Manager
Explanation
Business Continuity plans should be created by a combination of board members, team leads, and the Business Continuity Manager. Board members play a crucial role in providing strategic direction and decision-making for the organization. Team leads have a deep understanding of their respective departments and can contribute valuable insights. The Business Continuity Manager, as the designated expert in this area, brings specialized knowledge and expertise to ensure the plans are comprehensive and effective. By involving all these stakeholders, the organization can create a well-rounded and robust Business Continuity plan.
2.
It is recommended that your business continuity plans be tested at what intervals?
Correct Answer
C. At least once a year
Explanation
Business continuity plans should be tested at least once a year to ensure their effectiveness and identify any potential weaknesses or gaps. Regular testing allows organizations to assess their readiness for unexpected events or disruptions and make necessary improvements to their plans. By conducting annual tests, businesses can validate their strategies, train employees, and update their plans based on changing circumstances or new risks. This proactive approach helps to minimize downtime, mitigate risks, and ensure the continuity of critical operations.
3.
Business continuity is concerned with? Check all that apply
Correct Answer(s)
A. Risks to the business
B. Risks to the vendors
C. Risks to our clients
Explanation
Business continuity is concerned with identifying and managing risks that could potentially disrupt or harm the business, its vendors, and its clients. By assessing and addressing these risks, businesses can develop strategies and plans to ensure the continuity of operations, protect their reputation, and minimize financial losses. This includes having contingency plans in place to mitigate the impact of potential risks and ensure the organization can continue to function effectively in the face of adversity.
4.
The business impact analysis helps to identify which of the following?
Correct Answer
B. Most critical business functions
Explanation
The business impact analysis is a process that helps identify the most critical business functions within an organization. By conducting this analysis, the organization can determine which functions are essential for its operations and prioritize them accordingly. This allows the organization to allocate resources effectively, develop appropriate contingency plans, and ensure continuity in the event of disruptions or disasters.
5.
The time at which a business function must be recovered following a disruptive incident is?
Correct Answer
B. Recovery Time Objective (RTO)
Explanation
The Recovery Time Objective (RTO) refers to the maximum acceptable downtime for a business function following a disruptive incident. It specifies the time within which the function must be recovered and brought back to normal operation. It helps in determining the urgency and priority of recovery efforts and allows organizations to plan their resources and strategies accordingly. RTO is a critical metric in business continuity planning as it ensures that the organization can resume operations within a specified time frame to minimize the impact of disruptions.
6.
Business continuity primarily addresses what security objective?
Correct Answer
D. Availability
Explanation
Business continuity primarily addresses the security objective of availability. This means ensuring that critical business functions, processes, and systems are available and accessible to authorized users when needed, even in the face of disruptions or disasters. Business continuity plans and strategies are designed to minimize downtime, ensure continuous operations, and enable timely recovery in the event of disruptions such as natural disasters, cyber-attacks, or equipment failures. By prioritizing availability, organizations can maintain productivity, serve customers, and minimize financial losses during unexpected events.
7.
Whose duty is it to report incidents?
Correct Answer
C. Mine
Explanation
The correct answer is "Mine" because the question is asking about the duty to report incidents, which implies that the responsibility lies with the person or entity directly involved in the incident. Therefore, it is the duty of the person or entity affected by the incident to report it.
8.
Which of the following would be the best password?
Correct Answer
C. Dp0si#Z$2
Explanation
The password "Dp0si#Z$2" would be the best choice because it is a combination of uppercase and lowercase letters, numbers, and special characters. This makes it more difficult for hackers to guess or crack the password. The length of the password is also sufficient, which adds an extra layer of security. "Keyboard" and "MySecret" are easily guessable and not strong passwords, while "Option 2" does not meet the criteria of having a combination of different character types.
9.
When receiving an email from an unknown contact that has an attachment, you should:
Correct Answer
B. Report to the appropriate authority and delete the email
Explanation
When receiving an email from an unknown contact that has an attachment, it is important to prioritize security and caution. Opening the attachment can potentially lead to malware or viruses being installed on your device. Therefore, the best course of action is to report the email to the appropriate authority, such as your IT department or email provider, and delete the email to prevent any potential harm.
10.
The first step in Security Awareness is being able to ________ a security threat?
Correct Answer
C. Recognize
Explanation
The first step in Security Awareness is being able to recognize a security threat. This means being able to identify and understand the signs and indicators of potential security risks or attacks. By recognizing these threats, individuals can take appropriate actions to protect themselves and their systems from potential harm.
11.
All of these are good physical security practices except?
Correct Answer
D. Always wear your security badge when leaving work, even if just for a break. They should be worn outside of the office in public so other people know where you work
Explanation
Wearing a security badge outside of the office in public does not contribute to physical security practices. It may actually pose a security risk by making it easier for unauthorized individuals to identify where an employee works and potentially gain access to sensitive information or the office premises. The other options mentioned, such as controlling access to the office, following clear desk policies, and preventing shoulder surfing, are all good physical security practices that help protect sensitive information and maintain a secure working environment.
12.
What should you do if you think your password has been compromised? Select all that apply.
Correct Answer(s)
A. Change your password
B. Report the incident to the proper authorities - such as a system administrator(s), information security team
C. Check other systems that you have accounts on as they may be compromised as well
Explanation
If you think your password has been compromised, it is important to change your password immediately to prevent unauthorized access to your accounts. Additionally, reporting the incident to the proper authorities, such as a system administrator or information security team, is necessary to ensure that appropriate actions can be taken to investigate and mitigate any potential security breaches. Checking other systems where you have accounts is also important as the compromise of one account may indicate a broader security issue.
13.
What should everyone know about information security? Check all that apply.
Correct Answer(s)
A. Verify everything! Verify who the person is on the pHone. Verify that the website is real. Verify that the visitor belongs where you find them.
B. Do not ignore unusual computer functioning. It might be a sign of malware
C. Computer security is part of everyone's job
D. Report anything suspicious to your system administrator
Explanation
Everyone should know that in information security, it is important to verify everything. This includes verifying the identity of the person on the phone, the authenticity of websites, and ensuring that visitors belong where they are found. Additionally, it is crucial not to ignore any unusual computer functioning as it could be a sign of malware. Computer security is a responsibility that everyone shares, and it is essential to report anything suspicious to the system administrator.
14.
The classification system of Flutterwave’s information includes the following except?
Correct Answer
C. Intergrity
Explanation
The classification system of Flutterwave's information includes three categories: Restricted, Public, and Confidential. The term "Integrity" does not fit into this classification system. Integrity refers to the accuracy, completeness, and reliability of data, rather than its classification.
15.
Which of the following is not a major aspect of information security?
Correct Answer
C. Convenience
Explanation
Convenience is not a major aspect of information security because the primary focus of information security is to protect the confidentiality, integrity, and availability of information. Convenience, while important for user experience, is not a core aspect of ensuring the security of information. Instead, information security measures often involve trade-offs with convenience to prioritize the protection of sensitive data and systems.