Security & Compliance Quiz - 2015
-
On the training video, Customer Information, Personally Identifiable Information and Personal Data are other terms for:
-
Protected information
-
Private information
-
Confidential information
-
Transactional information
-
This is a short 10-minute quiz about the required Security & Compliance trainings for all Cloud Sherpas employees.
If you have not yet taken the online trainings, please click the link below:
Synergyse Training for Google Apps
You must get a score of 100% to pass. Otherwise, you must retake the quiz until you pass.
Passing this See morequiz and compliance on the associated videos are counted as part of your KPI for the year 2015.
.webp "Security & Compliance Quiz - 2015 - Quiz")
Quiz Preview
- 2.
Select 3 examples that on their own, are considered as protected information:
-
Age
-
Criminal Record
-
Country of Residence
-
Full Name
-
Gender
-
Photograph
-
School Attended
-
Social Security Number
-
Workplace
Correct Answer(s)
A. Full Name
A. Photograph
A. Social Security NumberExplanation
Full Name, Photograph, and Social Security Number are considered as protected information because they are personal identifiers that can be used to uniquely identify individuals. Full Name and Photograph can be used to identify someone visually, while Social Security Number is a unique identifier issued by the government for tax and employment purposes. Revealing these pieces of information without consent can lead to identity theft, fraud, or invasion of privacy.Rate this question:
-
- 3.
If the company “Sta. Ana Holdings Group” requires additional security measures for their data on top of the protections required by applicable regulations, it will be classified as:
-
Security Tier 1
-
Security Tier 2
-
Security Tier 3
-
Security Tier 4
Correct Answer
A. Security Tier 3Explanation
If the company "Sta. Ana Holdings Group" requires additional security measures for their data on top of the protections required by applicable regulations, it will be classified as Security Tier 3. This tier indicates that the company has implemented advanced security measures beyond the basic requirements, ensuring a higher level of protection for their data.Rate this question:
-
- 4.
As the Project Manager, Joan should create a plan to secure the client’s protected information that should include:(SELECT 3)
-
Where the information will be stored
-
How files should be named
-
Who can access the information
-
Which encoding should be used for files
-
How the access list can be formatted
-
How the data should be destroyed
Correct Answer(s)
A. Where the information will be stored
A. Who can access the information
A. How the data should be destroyedExplanation
As the project manager, Joan is responsible for ensuring the security of the client's protected information. To do this, she should create a plan that addresses three key aspects: where the information will be stored, who can access the information, and how the data should be destroyed. By determining where the information will be stored, Joan can ensure that it is kept in a secure location. By specifying who can access the information, she can control and limit access to authorized personnel only. Finally, by defining how the data should be destroyed, Joan can ensure that any sensitive information is properly disposed of to prevent unauthorized access.Rate this question:
-
- 5.
Not all client information should be secured. Only data classified as protected information should be secured.
-
True
-
False
Correct Answer
A. FalseExplanation
This statement is incorrect. In order to maintain the privacy and security of client information, all client information should be secured, not just the data classified as protected information. Failure to secure any client information could result in breaches of privacy and potential legal consequences. Therefore, the correct answer is False.Rate this question:
-
- 6.
Armand and Jill are working on separate projects for the same client, “Acme Explosives”. Jeremy, an “Acme Explosives” representative, needed Jill to analyze a stack of invoice printouts for Jill’s project. With Jill on PTO, Jeremy asked Armand to hold-on to the printouts with instructions to forward them to Jill when she gets back.By agreeing with Jeremy, Armand’s actions fall under:
-
A breach in security. He should have declined taking responsibility for documents outside his project.
-
A security protocol exception. He can receive the documents as long as Jill was informed.
-
A non-issue. He works with the same client as Jill and so has the same security access.
-
A breach in security. He should have asked Jeremy to sign a receipt before accepting the documents.
Correct Answer
A. A breach in security. He should have declined taking responsibility for documents outside his project.Explanation
Armand's actions can be considered a breach in security because he agreed to hold onto the invoice printouts that were meant for Jill's project while she was on PTO. As someone working on a separate project, it is not his responsibility to handle documents outside of his own project. He should have declined taking the responsibility and asked Jeremy to find an alternative solution for forwarding the printouts to Jill.Rate this question:
-
- 7.
Francis and Jarred are working on the same project. Jarred was given a copy of a few records from Production to simulate a possible issue experienced by an end-user. Separately, Francis had just finished his implementation and needs to have it tested.Could Francis ask Jarred for a copy of the records to conduct his tests?
-
Yes, he should have the same security clearance as Jarred.
-
No, he should create his own data to conduct his tests.
-
Yes, as long as they both inform their manager first.
-
No, he has to wait for Jarred to finish his tests first.
Correct Answer
A. No, he should create his own data to conduct his tests.Explanation
Francis should create his own data to conduct his tests because Jarred's records were given to him to simulate a possible issue experienced by an end-user, not for general testing purposes. It is important for each developer to have their own set of data to work with to ensure accurate and independent testing. Sharing data between developers can lead to confusion, dependencies, and potential issues in the testing process. Therefore, it is best practice for Francis to create his own data for testing purposes.Rate this question:
-
- 8.
Jennifer and Cindy are both from the Finance Department and both belong to the “ConfidentialAccts” Email Distribution List. Jennifer accidentally shares a file on Google Drive with the “ConfidentialAccts” Distribution List. The file contained billing details of the clients Jennifer exclusively works with. Realizing what happened, what should Cindy do?
-
Ignore the shared file. She has the same security clearance level so no harm was done.
-
Try to remove the share. Jennifer doesn’t need to be bothered with a simple mistake like this.
-
Ask Jennifer to remove the share. Let her revisit how and with whom the file should be shared.
-
Ask Jennifer to remove the share and report the incident to [email protected].
Explanation
Cindy should ask Jennifer to remove the share and report the incident to [email protected]. Even though they both have the same security clearance level, the file contained confidential information that should not have been shared with the entire distribution list. It is important to take immediate action to rectify the mistake and report it to the appropriate authorities to ensure that the incident is properly addressed and any potential security risks are mitigated.Rate this question:
-
- 9.
Michi was provided with an access to the client’s Production environment to deploy updates to the application. Another member of her team, Kevin, was asked to reconfigure a module of the application on Production. The access given to Michi was the last license available and the client informed Kevin that it will take at least 2 weeks to acquire new licenses.Kevin was told to reconfigure the module before the end of the week. How should he proceed?
-
Ask Michi to share the access to Production with him.
-
Request from his manager to allow Michi to share the access to Production with him.
-
Request an exemption from IT Security & Compliance to allow Michi to share the access with him.
-
Defer the update to the module until a license becomes available.
-
Escalate the situation to his manager to work it out with the client.
Correct Answer
A. Escalate the situation to his manager to work it out with the client. -
- 10.
In the videos that you watched, what is considered protected information?(SELECT ALL THAT APPLY)
-
Customer Contact Numbers (Fax, Telephone, Mobile)
-
Birth dates, admission dates, discharge dates, dates of death
-
Email addresses
-
Account information numbers (Social Security, Health record, licenses)
Correct Answer(s)
A. Customer Contact Numbers (Fax, Telephone, Mobile)
A. Birth dates, admission dates, discharge dates, dates of death
A. Email addresses
A. Account information numbers (Social Security, Health record, licenses)Explanation
The videos consider the following information as protected: Customer Contact Numbers (Fax, Telephone, Mobile), Birth dates, admission dates, discharge dates, dates of death, Email addresses, and Account information numbers (Social Security, Health record, licenses).Rate this question:
-
- 11.
Who conducts the Risk Assessment for clients of Cloud Sherpas and assigns corresponding Security Tiers for them?
-
Myself, as a Cloud Sherpas Consultant and Security & Compliance
-
Security & Compliance and Legal
-
My managers and Legal
-
Myself, as a Cloud Sherpas Consultant and Legal
Correct Answer
A. Security & Compliance and LegalExplanation
The Risk Assessment for clients of Cloud Sherpas is conducted by the Security & Compliance and Legal teams. These teams work together to assess the potential risks associated with each client and assign them corresponding Security Tiers. This ensures that the clients' security needs are properly evaluated and addressed, while also ensuring compliance with legal requirements.Rate this question:
-
- 12.
What should you do when you recognize that a protected information is being handled by Cloud Sherpas but is only classified as Security Tier 1?
-
Change the Security Standard to Tier 2
-
Nothing, that's not my problem
-
Contact [email protected] and change the Security Standard to Tier 2
-
Tell my customer that they are classified as Security Tier 1 and contact [email protected] to change it to Tier 2
Explanation
When you recognize that a protected information is being handled by Cloud Sherpas but is only classified as Security Tier 1, the appropriate action to take is to contact [email protected] and change the Security Standard to Tier 2. This ensures that the protected information is being handled with a higher level of security and meets the necessary requirements.Rate this question:
-
- 13.
Where do I find the Security Standard for my Customers in Summit?
-
Under a section on the Customers' Account Record
-
Under the Tab Risk Assessment
-
Beside the Account Name labelled (1, 2 or 3)
-
Nowhere, it can be found in quality.cloudsherpas.com not Summit
Correct Answer
A. Under a section on the Customers' Account RecordExplanation
The security standard for customers can be found under a section on the customers' account record. This implies that within the Summit platform, there is a specific section in the customers' account record where the security standard information is located.Rate this question:
-
- 14.
You are working on data for your customer that is not covered in the list of Protected Information, can you share that with others?
-
Yes, it is not considered Protected Information so I'm safe.
-
No, because Cloud Sherpas considers ALL customer data to be confidential
-
Yes, as long as I don't copy-and-paste, print screen, or print the data
-
No, because I need to first submit a form to Security & Compliance about sharing information
Correct Answer
A. No, because Cloud Sherpas considers ALL customer data to be confidentialExplanation
The correct answer is "No, because Cloud Sherpas considers ALL customer data to be confidential." This means that regardless of whether the data is listed as Protected Information or not, it is still considered confidential by Cloud Sherpas. Therefore, sharing the data with others without proper authorization would not be allowed.Rate this question:
-
- 15.
Who creates the plan for security the protected information of our customer?
-
The Project Manager
-
The customer
-
Myself, as a Cloud Sherpas consultant
-
Security & Compliance and Legal
Correct Answer
A. The Project ManagerExplanation
The Project Manager creates the plan for securing the protected information of our customers. As the person overseeing the project, the Project Manager is responsible for ensuring that all aspects of the project, including security measures, are properly planned and implemented. They work closely with the Security & Compliance and Legal teams to develop a comprehensive plan that addresses the specific security needs of the customer's information. This includes identifying potential risks and vulnerabilities, implementing appropriate security controls, and regularly monitoring and updating the plan as needed.Rate this question:
-
Quiz Review Timeline (Updated): Nov 24, 2023 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Nov 24, 2023Quiz Edited by
ProProfs Editorial Team -
Mar 03, 2015Quiz Created by
Catherine Halcomb
Back to top