1.
One set of standards that we are required to comply with is the PCI-DSS standards. PCI-DSS stands for Personal Cardholder Information – Data Security Standards. Adherence to these standards is required by all companies that process credit card payments. Non-compliance can
Correct Answer
A. Result in large fines and revocation of our rights to process payments via Credit or Debit cards.
Explanation
Adherence to the PCI-DSS standards is required by all companies that process credit card payments. Failure to comply with these standards can result in large fines and the revocation of the company's rights to process payments via Credit or Debit cards. This emphasizes the importance of following the PCI-DSS standards to ensure the security and protection of personal cardholder information.
2.
You should login with only your user name and password. If you think that your password has been compromised, please
Correct Answer
C. Change your password immediately.
Explanation
The correct answer is "change your password immediately" because the statement emphasizes the urgency of the situation. If the user believes their password has been compromised, it is crucial to take immediate action to protect their account and prevent unauthorized access. Waiting for a day, a week, or even 30 minutes could provide ample time for an attacker to exploit the compromised password. Therefore, the most appropriate course of action is to change the password immediately.
3.
Identity thieves will sometimes attempt to deceive you by impersonating members of the IT staff. No one from IT should be asking you to
Correct Answer
B. Reveal your password
Explanation
Identity thieves often try to trick individuals by pretending to be part of the IT department. They may ask for sensitive information, such as passwords, in order to gain unauthorized access to personal accounts or systems. Therefore, it is important not to disclose your password to anyone, including members of the IT staff, as legitimate IT professionals would never ask for this information. Revealing your password can put your personal and professional data at risk of being compromised.
4.
In order to detect the Red Flags associated with establishing a new Covered Account, GreenPath employees will take the following steps to obtain and verify the identity of the individual opening the Covered Account:
Correct Answer
D. All of the above
Explanation
The explanation for the given correct answer is that in order to detect the Red Flags associated with establishing a new Covered Account, GreenPath employees will take all of the mentioned steps to obtain and verify the identity of the individual opening the Covered Account. This includes obtaining specific personal information such as first name, last name, address, telephone number, date of birth, social security number, and email address. They will also establish a password for the individual or obtain a full or partial social security number. Additionally, they will verify that the personal information provided does not match information already in FMS for an existing client. Therefore, all of the above steps are necessary for detecting red flags and ensuring the security of the covered account.
5.
If you feel that you need to obtain new software, you will need permission
Correct Answer
B. From IT and your manager.
Explanation
If you feel that you need to obtain new software, you will need permission from IT and your manager. This is because IT is responsible for managing and maintaining the software and technology infrastructure within the organization, while your manager is responsible for overseeing your work and ensuring that any new software aligns with your job responsibilities and objectives. Therefore, both IT and your manager need to give their approval before you can obtain new software.
6.
Email is not a secure way to transmit sensitive information.
Correct Answer
A. True
Explanation
Email is not a secure way to transmit sensitive information because it can easily be intercepted by unauthorized individuals. Emails are typically transmitted over the internet in plain text, which means that anyone with access to the network can potentially read the contents of the email. Additionally, email accounts can be hacked, allowing attackers to gain access to sensitive information. To ensure the security of sensitive information, it is recommended to use encrypted communication methods such as secure file transfer protocols or encrypted messaging platforms.
7.
Which item below is not suspicious and would not require further investigation?
Correct Answer
A. An identification document that expires in a month.
Explanation
An identification document that expires in a month is not suspicious and would not require further investigation because it is a common occurrence for identification documents to have expiration dates. The expiration date indicates that the document will no longer be valid after a certain period, but it does not necessarily imply any wrongdoing or alteration.
8.
If you are entering the building during non-regular business hours, and another person whom you recognize does not have their Employee Access Badge, you should
Correct Answer
B. Refuse to let them in and ask them to contact their supervisor, manager, or the help desk for assistance.
Explanation
If you are entering the building during non-regular business hours and see someone you recognize without an Employee Access Badge, it is important to prioritize security. Refusing to let them in and asking them to contact their supervisor, manager, or the help desk for assistance ensures that the situation is properly addressed and that unauthorized individuals are not granted access to the building. This action helps maintain the safety and security protocols in place.
9.
When printing a document with client information, it’s important to
Correct Answer
A. Never leave any documents on the printer unattended.
Explanation
Leaving documents on the printer unattended can pose a security risk as anyone passing by can access and potentially misuse the client's sensitive information. It is important to always ensure that documents are promptly collected from the printer to maintain confidentiality and protect client privacy.
10.
If you need to include account information in an email, you should only include:
Correct Answer
D. The last four numbers
Explanation
When including account information in an email, it is important to prioritize the security and privacy of the information. Including the last four numbers of the account is a safe option as it provides enough identification without revealing the complete account number. This helps to minimize the risk of unauthorized access or misuse of the account information.