IT Safety Training Quiz

1. You should login with only your user name and password. If you think that your password has been compromised, please

Change your password within one day.

Change your password within one week.

Change your password immediately.

Change your password within 30 minutes.

The correct answer is "change your password immediately" because the statement emphasizes the urgency of the situation. If the user believes their password has been compromised, it is crucial to take immediate action to protect their account and prevent unauthorized access. Waiting for a day, a week, or even 30 minutes could provide ample time for an attacker to exploit the compromised password. Therefore, the most appropriate course of action is to change the password immediately.

Explanation

The correct answer is "change your password immediately" because the statement emphasizes the urgency of the situation. If the user believes their password has been compromised, it is crucial to take immediate action to protect their account and prevent unauthorized access. Waiting for a day, a week, or even 30 minutes could provide ample time for an attacker to exploit the compromised password. Therefore, the most appropriate course of action is to change the password immediately.

2. Email is not a secure way to transmit sensitive information.

True

False

Email is not a secure way to transmit sensitive information because it can easily be intercepted by unauthorized individuals. Emails are typically transmitted over the internet in plain text, which means that anyone with access to the network can potentially read the contents of the email. Additionally, email accounts can be hacked, allowing attackers to gain access to sensitive information. To ensure the security of sensitive information, it is recommended to use encrypted communication methods such as secure file transfer protocols or encrypted messaging platforms.

Explanation

Email is not a secure way to transmit sensitive information because it can easily be intercepted by unauthorized individuals. Emails are typically transmitted over the internet in plain text, which means that anyone with access to the network can potentially read the contents of the email. Additionally, email accounts can be hacked, allowing attackers to gain access to sensitive information. To ensure the security of sensitive information, it is recommended to use encrypted communication methods such as secure file transfer protocols or encrypted messaging platforms.

3. When printing a document with client information, it's important to

Never leave any documents on the printer unattended.

Walk over to the printer after 20 minutes.

Tell the client that you have printed out their information.

Always send the client a copy of what you printed.

Leaving documents on the printer unattended can pose a security risk as anyone passing by can access and potentially misuse the client's sensitive information. It is important to always ensure that documents are promptly collected from the printer to maintain confidentiality and protect client privacy.

Explanation

Leaving documents on the printer unattended can pose a security risk as anyone passing by can access and potentially misuse the client's sensitive information. It is important to always ensure that documents are promptly collected from the printer to maintain confidentiality and protect client privacy.

4. Which item below is not suspicious and would not require further investigation?

An identification document that expires in a month.

An identification document that appears forged or altered.

An identification document containing a photo that does not match the person presenting the document.

An identification document that contains personal information that is inconsistent with existing GreenPath records.

An identification document that expires in a month is not suspicious and would not require further investigation because it is a common occurrence for identification documents to have expiration dates. The expiration date indicates that the document will no longer be valid after a certain period, but it does not necessarily imply any wrongdoing or alteration.

Explanation

An identification document that expires in a month is not suspicious and would not require further investigation because it is a common occurrence for identification documents to have expiration dates. The expiration date indicates that the document will no longer be valid after a certain period, but it does not necessarily imply any wrongdoing or alteration.

5. One set of standards that we are required to comply with is the PCI-DSS standards. PCI-DSS stands for Personal Cardholder Information – Data Security Standards. Adherence to these standards is required by all companies that process credit card payments. Non-compliance can

Result in large fines and revocation of our rights to process payments via Credit or Debit cards.

Result in small fines and revocation of our rights to process payments via Credit or Debit cards.

Result in large fines and revocation of our rights to process payments via Debit cards.

Result in large fines and revocation of our rights to process payments and possible jail time.

Adherence to the PCI-DSS standards is required by all companies that process credit card payments. Failure to comply with these standards can result in large fines and the revocation of the company's rights to process payments via Credit or Debit cards. This emphasizes the importance of following the PCI-DSS standards to ensure the security and protection of personal cardholder information.

Explanation

Adherence to the PCI-DSS standards is required by all companies that process credit card payments. Failure to comply with these standards can result in large fines and the revocation of the company's rights to process payments via Credit or Debit cards. This emphasizes the importance of following the PCI-DSS standards to ensure the security and protection of personal cardholder information.

6. If you need to include account information in an email, you should only include:

The account name, and no numbers

The first four numbers

The last six numbers

The last four numbers

When including account information in an email, it is important to prioritize the security and privacy of the information. Including the last four numbers of the account is a safe option as it provides enough identification without revealing the complete account number. This helps to minimize the risk of unauthorized access or misuse of the account information.

Explanation

When including account information in an email, it is important to prioritize the security and privacy of the information. Including the last four numbers of the account is a safe option as it provides enough identification without revealing the complete account number. This helps to minimize the risk of unauthorized access or misuse of the account information.

7. In order to detect the Red Flags associated with establishing a new Covered Account, GreenPath employees will take the following steps to obtain and verify the identity of the individual opening the Covered Account:

Verify that Personal Information provided does not match information already in FMS for an existing Client.

All of the above

The explanation for the given correct answer is that in order to detect the Red Flags associated with establishing a new Covered Account, GreenPath employees will take all of the mentioned steps to obtain and verify the identity of the individual opening the Covered Account. This includes obtaining specific personal information such as first name, last name, address, telephone number, date of birth, social security number, and email address. They will also establish a password for the individual or obtain a full or partial social security number. Additionally, they will verify that the personal information provided does not match information already in FMS for an existing client. Therefore, all of the above steps are necessary for detecting red flags and ensuring the security of the covered account.

Explanation

The explanation for the given correct answer is that in order to detect the Red Flags associated with establishing a new Covered Account, GreenPath employees will take all of the mentioned steps to obtain and verify the identity of the individual opening the Covered Account. This includes obtaining specific personal information such as first name, last name, address, telephone number, date of birth, social security number, and email address. They will also establish a password for the individual or obtain a full or partial social security number. Additionally, they will verify that the personal information provided does not match information already in FMS for an existing client. Therefore, all of the above steps are necessary for detecting red flags and ensuring the security of the covered account.

8. If you feel that you need to obtain new software, you will need permission

From IT or your manager.

From IT and your manager.

From only your manager.

From IT and your manager and your director.

If you feel that you need to obtain new software, you will need permission from IT and your manager. This is because IT is responsible for managing and maintaining the software and technology infrastructure within the organization, while your manager is responsible for overseeing your work and ensuring that any new software aligns with your job responsibilities and objectives. Therefore, both IT and your manager need to give their approval before you can obtain new software.

Explanation

If you feel that you need to obtain new software, you will need permission from IT and your manager. This is because IT is responsible for managing and maintaining the software and technology infrastructure within the organization, while your manager is responsible for overseeing your work and ensuring that any new software aligns with your job responsibilities and objectives. Therefore, both IT and your manager need to give their approval before you can obtain new software.

9. Identity thieves will sometimes attempt to deceive you by impersonating members of the IT staff. No one from IT should be asking you to

Reveal your employee ID.

Reveal your password

Reveal your supervisor's name.

All of the above.

Identity thieves often try to trick individuals by pretending to be part of the IT department. They may ask for sensitive information, such as passwords, in order to gain unauthorized access to personal accounts or systems. Therefore, it is important not to disclose your password to anyone, including members of the IT staff, as legitimate IT professionals would never ask for this information. Revealing your password can put your personal and professional data at risk of being compromised.

Explanation

Identity thieves often try to trick individuals by pretending to be part of the IT department. They may ask for sensitive information, such as passwords, in order to gain unauthorized access to personal accounts or systems. Therefore, it is important not to disclose your password to anyone, including members of the IT staff, as legitimate IT professionals would never ask for this information. Revealing your password can put your personal and professional data at risk of being compromised.

10. If you are entering the building during non-regular business hours, and another person whom you recognize does not have their Employee Access Badge, you should

Tell them to leave a note at the front desk.

Refuse to let them in and ask them to contact their supervisor, manager, or the help desk for assistance.

Allow the person to come in, but e-mail their supervisor, manager or help desk to alert them of what happened

Ask that they enter through the visitor's entrance.

If you are entering the building during non-regular business hours and see someone you recognize without an Employee Access Badge, it is important to prioritize security. Refusing to let them in and asking them to contact their supervisor, manager, or the help desk for assistance ensures that the situation is properly addressed and that unauthorized individuals are not granted access to the building. This action helps maintain the safety and security protocols in place.

Explanation

If you are entering the building during non-regular business hours and see someone you recognize without an Employee Access Badge, it is important to prioritize security. Refusing to let them in and asking them to contact their supervisor, manager, or the help desk for assistance ensures that the situation is properly addressed and that unauthorized individuals are not granted access to the building. This action helps maintain the safety and security protocols in place.