1.
Sierra Pacific's Red Flags policy principally documents how to protect sensitive customer data.
Correct Answer
A. True
Explanation
The given statement is true. Sierra Pacific's Red Flags policy primarily focuses on outlining measures to safeguard sensitive customer data. This policy is designed to identify and prevent potential instances of identity theft and fraud. By implementing this policy, Sierra Pacific aims to protect the privacy and security of their customers' personal information.
2.
Good office security measures include: (check all that apply)
Correct Answer(s)
A. Locking doors and desks (including inner office doors) when employees are not around
B. Keeping your desk free of papers with customer information on them
C. Never putting customer data on your hard drive
D. Shredding sensitive documents
E. Using passwords to access computers
F. Encrypting Data
Explanation
Good office security measures include locking doors and desks when employees are not around to prevent unauthorized access. Keeping desks free of papers with customer information helps to protect sensitive data from being seen or stolen. Never putting customer data on the hard drive helps to prevent data breaches in case of theft or unauthorized access to the computer. Shredding sensitive documents ensures that confidential information cannot be retrieved from discarded papers. Using passwords to access computers adds an extra layer of security to prevent unauthorized access. Encrypting data helps to protect sensitive information from being accessed or intercepted by unauthorized individuals.
3.
Desktop security includes:
Correct Answer
D. All of the above
Explanation
The correct answer is "All of the above" because desktop security involves multiple measures to protect sensitive information. Logging out when leaving the area ensures that unauthorized individuals cannot access the desktop. A short timeout period on screen savers prevents unauthorized access when the desktop is left unattended. Keeping passwords private and changing them frequently adds an extra layer of security to prevent unauthorized access to the desktop and its contents. Therefore, all of these practices contribute to desktop security.
4.
It is the policy of Sierra Pacific to retain loan documents for a period of at least 7 years.
Correct Answer
A. True
Explanation
The statement is true because Sierra Pacific has a policy to retain loan documents for a minimum of 7 years. This means that any loan documents related to Sierra Pacific will be kept on record for at least 7 years, ensuring that the company complies with legal and regulatory requirements. This policy helps in maintaining accurate records and allows for easy access to loan documents when needed.
5.
All application information must be kept in the company efolder.
Correct Answer
A. True
Explanation
The given statement states that all application information must be kept in the company efolder. This means that it is necessary and required to store all application information in the designated efolder. Therefore, the correct answer is True, as it confirms the requirement of keeping all application information in the company efolder.
6.
Email is considered secure. Sensitive customer data may be sent through email.
Correct Answer
B. False
Explanation
Sensitive customer data should not be sent through email because email is not considered secure. Emails can be intercepted or hacked, putting the sensitive information at risk of being accessed by unauthorized individuals. To ensure the security of sensitive customer data, it is recommended to use more secure methods of communication such as encrypted messaging platforms or secure file transfer protocols.
7.
Data breaches must be immediately reported to IT, your manager, the Compliance Officer or Senior Management.
Correct Answer
A. True
Explanation
Data breaches must be immediately reported to IT, your manager, the Compliance Officer or Senior Management because they are responsible for handling and addressing such incidents. Reporting the breach allows the appropriate individuals to take necessary actions to mitigate the impact, investigate the cause, and implement measures to prevent future breaches. Prompt reporting also ensures compliance with organizational policies, legal requirements, and industry regulations. By involving the relevant parties, the breach can be properly managed, and appropriate steps can be taken to protect sensitive information and maintain the integrity of the organization's data security.
8.
Vendors present risk when we transmit sensitive customer data to and from them in the normal course of business.
Correct Answer
A. True
Explanation
Because of the inherent risk, it is important to make sure that data security procedures are followed.
9.
Some Red Flags identified by the FTC are: (check all that apply)
Correct Answer(s)
A. A fraud alert or security freeze on a consumer report
B. Address discrepancies
C. Identification documents appear altered or forged
D. Social security number not in range consistent with date of birth
E. Suspicious addresses supplied, such as drop boxes
F. Unusual credit activity, such as increase in usage
Explanation
The correct answer includes various red flags identified by the FTC that indicate potential fraudulent activity. These red flags include a fraud alert or security freeze on a consumer report, address discrepancies, identification documents that appear altered or forged, a social security number that is not in range consistent with the date of birth, suspicious addresses supplied (such as drop boxes), and unusual credit activity (such as an increase in usage). These red flags can help identify potential instances of identity theft or fraud.
10.
When sufficient employment documentation is received, it is not necessary to do a verbal employment verification.
Correct Answer
B. False
Explanation
Verbal employment verification is necessary even when sufficient employment documentation is received. This is because documentation can be forged or inaccurate, and a verbal verification allows for direct confirmation of the information provided. It is a crucial step in ensuring the accuracy and legitimacy of employment records. Therefore, the given statement is false.