2019 Security Awareness Training Assessment
- 1.
What is the first thing you should do when receiving a phishing email to your Credly email address?
- A.
Contact the Federal Bureau of Investigation
- B.
Respond to the email to see what is going on
- C.
Forward the email to the Security Council
- D.
Ignore the email
Correct Answer
C. Forward the email to the Security CouncilExplanation
When receiving a phishing email to your Credly email address, the first thing you should do is forward the email to the Security Council. This is because the Security Council is responsible for handling security-related issues, including phishing attempts. By forwarding the email to them, you are alerting the appropriate team who can investigate and take necessary actions to mitigate the threat.Rate this question:
-
- 2.
Which of the following is an acceptable password?
- A.
Credly1234
- B.
RamtinTaheri3
- C.
Fr33d0m89?
- D.
PY3%
Correct Answer
C. Fr33d0m89?Explanation
The password "Fr33d0m89?" is an acceptable password because it meets the criteria for a strong password. It includes a combination of uppercase and lowercase letters, numbers, and special characters. The use of numbers and special characters adds complexity to the password, making it harder for hackers to guess or crack. Additionally, the password is at least 8 characters long, which is generally considered a minimum requirement for a secure password.Rate this question:
-
- 3.
What is a phishing email?
- A.
An email with an embedded virus
- B.
An email that informs the sender when you have read it
- C.
An email attempting to trick you into sending the sender your confidential information
- D.
An email about jam bands
Correct Answer
C. An email attempting to trick you into sending the sender your confidential informationExplanation
A phishing email is an email that is designed to deceive and trick the recipient into revealing their confidential information, such as passwords, credit card numbers, or social security numbers. The sender of the email pretends to be a trustworthy entity, such as a bank or a reputable company, in order to gain the recipient's trust and convince them to provide their sensitive information. This type of email is a common method used by cybercriminals to carry out identity theft and financial fraud.Rate this question:
-
- 4.
What are the Credly Information Classification categories?
- A.
Public Information, Intellectual Property, Confidential Information
- B.
Confidential Information, Sensitive Information, Public Information
- C.
Confidential Information, Proprietary Information, Legal Documents
- D.
Customer Information, Source Code, Business Documents
Correct Answer
B. Confidential Information, Sensitive Information, Public InformationExplanation
The Credly Information Classification categories include Confidential Information, Sensitive Information, and Public Information. These categories help classify and protect different types of information based on their level of sensitivity and importance. Confidential Information refers to data that should only be accessed by authorized individuals, while Sensitive Information includes data that requires special handling and protection. Public Information is data that can be freely accessed and shared by anyone.Rate this question:
-
- 5.
Which of the following security laws do NOT apply to Credly?
- A.
Health Insurance Portability and Accountability Act (HIPPA)
- B.
Family Educational Rights and Privacy Act (FERPA)
- C.
Children's Online Privacy Protection Act (COPPA)
- D.
The European Union General Data Protection Regulation (GDPR)
Correct Answer
A. Health Insurance Portability and Accountability Act (HIPPA)Explanation
The Health Insurance Portability and Accountability Act (HIPPA) does not apply to Credly. HIPPA is a US law that ensures the privacy and security of health information. However, Credly is a digital credentialing platform and does not deal with health information. Therefore, HIPPA does not apply to Credly.Rate this question:
-
- 6.
Who manages the Credly security program?
- A.
The Development Team
- B.
The Legal Department
- C.
The Security Council
- D.
The Customer Success Team
Correct Answer
C. The Security CouncilExplanation
The Security Council manages the Credly security program.Rate this question:
-
- 7.
Which of the following is true about sensitive information?
- A.
No Credly employee should ever see sensitive information
- B.
Credly employees must follow the “minimum necessary” rule for disclosing sensitive information
- C.
Sensitive information does not include earner personal information
- D.
Sensitive information only includes data that is regulated by the GDPR
Correct Answer
B. Credly employees must follow the “minimum necessary” rule for disclosing sensitive informationExplanation
Credly employees must follow the "minimum necessary" rule for disclosing sensitive information means that employees should only access and disclose sensitive information when it is necessary for their job responsibilities. This ensures that sensitive information is protected and only accessed by authorized individuals who need it to perform their duties.Rate this question:
-
- 8.
What is piggybacking?
- A.
Using another Credly employees username or login
- B.
Hacking the Credly production server and stealing earner information
- C.
Forgetting to unlock your laptop when walking away from your screen
- D.
Following a Credly employee into a restricted area after they have already used their badge to gain access
Correct Answer
D. Following a Credly employee into a restricted area after they have already used their badge to gain access -
- 9.
What are appropriate networks you can use when doing Credly work? (Select all that apply)
- A.
Your secure home WiFi
- B.
Public WiFi
- C.
The WeWork WiFi
- D.
Your friend’s WiFi network
Correct Answer(s)
A. Your secure home WiFi
C. The WeWork WiFiExplanation
Appropriate networks that can be used when doing Credly work include your secure home WiFi and The WeWork WiFi. These networks are considered suitable because they are secure and provide a stable internet connection, ensuring the safety and reliability of the work being done on Credly. Public WiFi and your friend's WiFi network may not be as secure or stable, making them less appropriate for Credly work.Rate this question:
-
- 10.
What policy governs emergencies at Credly?
- A.
Acceptable Use Policy
- B.
Business Continuity Plan
- C.
Access Control Policy
- D.
Risk Assessment Plan
Correct Answer
B. Business Continuity PlanExplanation
The Business Continuity Plan governs emergencies at Credly. This plan outlines the procedures and protocols to be followed in the event of an emergency or disruption to normal business operations. It ensures that essential functions and services can continue to operate during and after an emergency, minimizing the impact on the organization. The Business Continuity Plan includes strategies for disaster recovery, communication, resource allocation, and coordination of response efforts.Rate this question:
-
- 11.
What is an insider threat?
- A.
A virus residing on a Credly employee’s laptop
- B.
A malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems
- C.
A bug in the Credly source code that creates a security vulnerability that a hacker can exploit
- D.
A phishing email sent to a Credly employee
Correct Answer
B. A malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systemsExplanation
The correct answer is the definition of an insider threat, which refers to a malicious threat that originates from individuals within an organization. These individuals, including employees, former employees, contractors, or business associates, possess insider knowledge about the organization's security practices, data, and computer systems. This type of threat can pose a significant risk to the organization's security and can lead to unauthorized access, data breaches, or other malicious activities.Rate this question:
-
- 12.
What policy governs workspace security?
- A.
Access Control Policy
- B.
Acceptable Use Policy
- C.
Business Continuity Plan
- D.
Clean Desk Policy
Correct Answer
D. Clean Desk PolicyExplanation
The Clean Desk Policy is a policy that governs workspace security by requiring employees to keep their work areas clean and free of sensitive or confidential information. This policy helps prevent unauthorized access to sensitive data and reduces the risk of information theft or loss. By implementing the Clean Desk Policy, organizations can ensure that employees properly secure and protect sensitive information when they are not at their desks, promoting a culture of security awareness and accountability.Rate this question:
-
- 13.
What is an example of information that is sensitive but NOT confidential?
- A.
A Credly employee’s birthday
- B.
A press release that has been authorized for release by the VP of marketing
- C.
Contract terms
- D.
Badges that have been shared by Earners on social media websites
Correct Answer
D. Badges that have been shared by Earners on social media websitesExplanation
Badges that have been shared by Earners on social media websites can be considered sensitive information because they may reveal someone's skills, achievements, or affiliations. However, they are not confidential because they have been willingly shared by the Earners on public platforms.Rate this question:
-
- 14.
What is the most important aspect of a Company’s security program?
- A.
The Security Officer
- B.
The General Counsel
- C.
The company’s firewall software
- D.
The company’s employees
Correct Answer
D. The company’s employeesExplanation
The most important aspect of a company's security program is the company's employees. This is because employees are often the weakest link in a company's security system. They have access to sensitive information and systems, and can inadvertently or intentionally compromise security. Therefore, it is crucial for companies to educate and train their employees on security best practices, enforce strong password policies, and implement measures such as multi-factor authentication to ensure the security of their systems and data.Rate this question:
-
- 15.
What is NOT a purpose of an Information Security Program
- A.
Confidentiality
- B.
Integrity
- C.
Chiasmus
- D.
Availability
Correct Answer
C. Chiasmus -
- 16.
Which of the following statements about a password is TRUE?
- A.
It must be changed only when compromised
- B.
It cannot contain special character symbols.
- C.
It must be changed on a quarterly basis.
- D.
It must be registered with a system administrator.
Correct Answer
C. It must be changed on a quarterly basis.Explanation
A password must be changed on a quarterly basis to ensure security. Regularly changing passwords helps to prevent unauthorized access to accounts or systems. By changing passwords every three months, it reduces the risk of passwords being compromised and provides an additional layer of protection.Rate this question:
-
- 17.
Where should Earner Information be stored?
- A.
Google Drive
- B.
Amazon Web Services production server
- C.
Your personal laptop
- D.
A and B
- E.
A, B, and C
Correct Answer
B. Amazon Web Services production serverExplanation
Earner Information should be stored on the Amazon Web Services (AWS) production server. This is because AWS provides a secure and reliable platform for storing and managing sensitive data. Storing the information on a personal laptop or Google Drive may not provide the same level of security and accessibility as an AWS production server. Additionally, using both AWS and a personal laptop (option C) or using all three options (option D) would not be necessary if the AWS production server is already available.Rate this question:
-
- 18.
Which of the following security practices requires all Credly employees to take a screenshot when completed?
- A.
Locking your screen when stepping away from the computer
- B.
Deleting confidential information
- C.
Receiving phishing emails
- D.
Installing antivirus software
Correct Answer
D. Installing antivirus software -
- 19.
Which of the following constitutes confidential information? Select all that apply
- A.
Documents or other information that are marked confidential
- B.
Documents or other information that you reasonably believe to be confidential
- C.
Credly’s social media postings
- D.
Documents or other information that you are told are confidential
Correct Answer(s)
A. Documents or other information that are marked confidential
B. Documents or other information that you reasonably believe to be confidential
D. Documents or other information that you are told are confidentialExplanation
The correct answer is that confidential information includes documents or other information that are marked confidential, documents or other information that you reasonably believe to be confidential, and documents or other information that you are told are confidential. This means that any information or documents that are explicitly labeled as confidential, any information or documents that you have a reasonable belief are confidential, and any information or documents that someone explicitly tells you are confidential are considered confidential information.Rate this question:
-
- 20.
What is the greatest security threat to Credly?
- A.
An accident triggered by a non-malicious workforce member
- B.
A failure of the AWS security apparatus
- C.
Hackers from overseas
- D.
Insider threats
Correct Answer
A. An accident triggered by a non-malicious workforce memberExplanation
An accident triggered by a non-malicious workforce member can be the greatest security threat to Credly because it is difficult to anticipate and prevent such incidents. While hackers from overseas and insider threats can pose significant risks, they are often intentional and can be detected and mitigated with proper security measures. On the other hand, accidents caused by non-malicious employees can lead to unintentional data breaches or system failures, potentially causing significant damage to Credly's security and operations. It is important for organizations to have robust training and protocols in place to minimize the risk of accidents caused by employees.Rate this question:
-
Back to top