Voxygen ISO Quiz 2016
Quiz on ISO 27001 Policies
- 1.
Please select all that apply.A security breach or event is:
- A.
An unauthorised probe within the network detected or a viral infection prevented
- B.
Authorised access or use of a system from off site of the Voxygen premises
- C.
Sensitive or confidential information incorrectly shared
- D.
Storing data in a hosted site outside of the UK
Correct Answer(s)
A. An unauthorised probe within the network detected or a viral infection prevented
C. Sensitive or confidential information incorrectly sharedExplanation
The correct answer options are related to different aspects of a security breach or event. "An unauthorised probe within the network detected or a viral infection prevented" refers to unauthorized attempts to access the network or the detection and prevention of malware infections. "Sensitive or confidential information incorrectly shared" refers to the unauthorized disclosure or sharing of sensitive or confidential data. Both of these options represent different types of security breaches or events that can compromise the security and integrity of a system or network.Rate this question:
-
- 2.
All suspected or real security events must, in the first instance, be reported immediately to:
- A.
Telefonica / O2
- B.
The CIO, Anna Pitt-Stanley
- C.
Colleagues most closely associated with the incident
- D.
The police
Correct Answer
B. The CIO, Anna Pitt-StanleyExplanation
The correct answer is The CIO, Anna Pitt-Stanley. This is because as the Chief Information Officer, Anna Pitt-Stanley is responsible for overseeing the organization's information security and handling security incidents. Reporting security events to her ensures that the incident is escalated to the appropriate level and necessary actions can be taken to mitigate the risk.Rate this question:
-
- 3.
The project in JIRA which records all security events, including issues relating to non-conformities and compliance is called:
- A.
ISO27001 Security Issues
- B.
ISO27001 Security Events
- C.
CIO’s list of Security breaches
- D.
Voxygen Information Security Events
Correct Answer
D. Voxygen Information Security EventsExplanation
The correct answer is "Voxygen Information Security Events". This is because the question is asking for the project in JIRA that records all security events, including issues relating to non-conformities and compliance. "Voxygen Information Security Events" is the most appropriate and specific option that aligns with the requirements of the question.Rate this question:
-
- 4.
Please select all that apply.Information assets include:
- A.
The Voxygen network infrastructure
- B.
Voxygen’s data
- C.
Telefonica’s data used by Voxygen
- D.
Voxygen’s software programs
- E.
Emails in Voxygen’s system
- F.
Client relationships
Correct Answer(s)
A. The Voxygen network infrastructure
B. Voxygen’s data
C. Telefonica’s data used by Voxygen
D. Voxygen’s software programs
E. Emails in Voxygen’s system
F. Client relationshipsExplanation
The information assets mentioned in the answer include the Voxygen network infrastructure, Voxygen's data, Telefonica's data used by Voxygen, Voxygen's software programs, emails in Voxygen's system, and client relationships. These assets are all part of the information that is owned or used by Voxygen.Rate this question:
-
- 5.
Please select all that DO NOT apply.The objectives of the Information Security Policy are:
- A.
To keep information authentic
- B.
To ensure safeguards to reduce risk are implemented
- C.
To reduce the cost of securing our information
- D.
To meet all legal, regulatory and contractual requirements
Correct Answer
C. To reduce the cost of securing our informationExplanation
The objective of the Information Security Policy is not to reduce the cost of securing our information. The policy aims to keep information authentic, ensure safeguards to reduce risk are implemented, and meet all legal, regulatory, and contractual requirements. However, reducing the cost of securing information is not mentioned as one of the objectives.Rate this question:
-
- 6.
If a Voxygen gmail user receives suspicious emails he/she should:
- A.
Ignore it
- B.
Send a threatening reply
- C.
Try to unsubscribe
- D.
Inform the CIO
- E.
Delete it
Correct Answer
D. Inform the CIOExplanation
If a Voxygen gmail user receives suspicious emails, it is important to inform the Chief Information Officer (CIO). The CIO is responsible for the organization's information security and can take necessary actions to investigate and address the issue. Ignoring the email may lead to potential security risks, and replying or unsubscribing may further engage with the sender and potentially escalate the situation. Deleting the email without informing the CIO may also prevent the organization from taking necessary precautions to protect its systems and data.Rate this question:
-
- 7.
Put the following phases of incidence response to a breach or suspected breach of security in the correct order: a) Recoveryb) Triagec) Follow-upd) Detection / Alerte) Response
- A.
B - D - A - E - C
- B.
D - E - A - C - B
- C.
D - B - E - A - C
- D.
B - C - D - E - A
Correct Answer
C. D - B - E - A - CExplanation
The correct order of phases in incident response to a breach or suspected breach of security is as follows: Detection/Alert (D) - Triage (B) - Response (E) - Recovery (A) - Follow-up (C). First, the incident needs to be detected and an alert needs to be generated. Then, the incident is triaged to determine its severity and impact. Next, a response plan is implemented to mitigate the incident and prevent further damage. Once the incident is under control, the recovery process begins to restore systems and data to their normal state. Finally, a follow-up is conducted to analyze the incident, identify any lessons learned, and implement any necessary improvements to prevent future incidents.Rate this question:
-
- 8.
Please select all that apply.Voxygen email may be used to:
- A.
Promote activities related to hobbies
- B.
Rally your local MP for better Council services
- C.
Set up a personal Twitter account
- D.
Sign up for tutorials on software development
Correct Answer
D. Sign up for tutorials on software developmentExplanation
The Voxygen email can be used to sign up for tutorials on software development. This suggests that Voxygen offers email services that allow users to register for software development tutorials.Rate this question:
-
- 9.
Please select all that apply.Non disclosure Agreements for Contractors can be obtained from:
- A.
The Employee Handbook
- B.
The CIO
- C.
Members of the INCO team
- D.
Dean Elwood, CEO
- E.
Company’s solicitor firm
Correct Answer
B. The CIOExplanation
The correct answer is The CIO. The Chief Information Officer (CIO) is responsible for managing the company's information technology and data security. As such, they would likely have access to and be able to provide Non-disclosure Agreements (NDAs) for contractors. The Employee Handbook may contain information on company policies and procedures, but it may not specifically provide NDAs for contractors. Members of the INCO team may have knowledge of the company's internal controls, but it is not clear if they would have the authority to provide NDAs. Dean Elwood, CEO, may have overall authority in the company, but it is not specified if they would handle NDAs directly. The company's solicitor firm may be able to provide legal advice and assistance, including NDAs, but it is not stated as a direct source in the question.Rate this question:
-
- 10.
Please select all that apply.An asset of Voxygen may be removed off site provided:
- A.
They are portable
- B.
All security measures noted in the Voxygen Information Security policies are adhered to
- C.
It’s not a phone on loan from Telefonica
- D.
They are not left unattended in a bar
Correct Answer(s)
B. All security measures noted in the Voxygen Information Security policies are adhered to
D. They are not left unattended in a barExplanation
The asset of Voxygen may be removed off site if all security measures noted in the Voxygen Information Security policies are adhered to. Additionally, the asset should not be left unattended in a bar.Rate this question:
-
- 11.
In the unlikely event of a fire at 201 City Road, once personnel have evacuated the building they should go to the meeting place at:
- A.
The Eagles pub on Shepherdess Walk
- B.
Outside the Bavarian Pub across the road fro 201 City Road offices
- C.
On the corner of City Road and Westland Place (outside Westland Coffee House)
- D.
On the corner of City Road and Shepherdess Walk (outside the Shepherdess Café)
Correct Answer
C. On the corner of City Road and Westland Place (outside Westland Coffee House)Explanation
In the event of a fire at 201 City Road, personnel should go to the meeting place on the corner of City Road and Westland Place, outside the Westland Coffee House. This is the correct answer because it specifies the exact location where personnel should gather after evacuating the building. The other options, such as The Eagles pub on Shepherdess Walk, outside the Bavarian Pub across the road from 201 City Road offices, and outside the Shepherdess Café on the corner of City Road and Shepherdess Walk, are not mentioned as the designated meeting place in the question.Rate this question:
-
- 12.
Please select all that apply.Third party suppliers may have access to Voxygen’s information systems provided:
- A.
They are well known to the CEO
- B.
They are potential clients
- C.
The CIO approves it
- D.
They have a relative working at Voxygen or Telefonica
- E.
They pay for access
Correct Answer
C. The CIO approves itExplanation
The correct answer is "The CIO approves it". This suggests that third party suppliers may have access to Voxygen's information systems only if the CIO (Chief Information Officer) approves it. This implies that there is a process in place where the CIO evaluates and grants permission for third party suppliers to access the information systems.Rate this question:
-
- 13.
Please select all that apply.In the event of a disaster that renders the office building unusable for working, Voxygen personnel would be expected to:
- A.
Resign and find work elsewhere
- B.
Go on holiday
- C.
Rent their own office space
- D.
Work from home
Correct Answer
D. Work from homeExplanation
In the event of a disaster that renders the office building unusable for working, Voxygen personnel would be expected to work from home. This is a practical solution as it allows employees to continue their work remotely without the need for a physical office space. It ensures business continuity and minimizes disruption to the workflow. Resigning and finding work elsewhere or going on holiday would not be appropriate responses in such a situation. Renting their own office space might be a possibility, but working from home is a more cost-effective and convenient option.Rate this question:
-
- 14.
Please select all that apply.Equipment manufacturers need to meet the following criteria:
- A.
Be a global brand
- B.
Have an excellent reputation for after sales support
- C.
Be recommended by Telefonica
- D.
Be willing to deliver directly to our data centres
Correct Answer(s)
A. Be a global brand
B. Have an excellent reputation for after sales supportExplanation
The correct answer is "Be a global brand" and "Have an excellent reputation for after sales support." These criteria are important for equipment manufacturers as being a global brand ensures that they have a wide reach and presence in multiple markets. This can indicate their expertise and experience in the industry. Additionally, having an excellent reputation for after sales support is crucial as it ensures that the manufacturer will provide necessary assistance and support to customers after the sale is made, leading to customer satisfaction and loyalty.Rate this question:
-
- 15.
Please select all that apply.Permission to download software required by the CEO, CTO, etc. may be provided:
- A.
Verbally
- B.
In JIRA as a ticket within the project that requires the specific authorisation
- C.
As a request via Skype or email
- D.
In JIRA as a ticket within the VISE project
Correct Answer(s)
C. As a request via Skype or email
D. In JIRA as a ticket within the VISE projectExplanation
The question asks for the ways in which permission to download software required by high-level executives can be provided. The correct answer options are "As a request via Skype or email" and "In JIRA as a ticket within the VISE project." These options suggest that the permission can be obtained through formal channels such as submitting a request through Skype or email, or through the project management system JIRA within the specific project that requires the authorization.Rate this question:
-
- 16.
Please select all that apply.When working for Voxygen on mobile computing equipment in a public area, to meet security standards required, personnel must ensure that:
- A.
The equipment is not left unattended
- B.
Data cannot be read by a stranger
- C.
The equipment is password protected
- D.
The wifi is secure
- E.
There is sufficient bandwidth on the internet connection
Correct Answer(s)
A. The equipment is not left unattended
B. Data cannot be read by a stranger
C. The equipment is password protected
D. The wifi is secureExplanation
When working for Voxygen on mobile computing equipment in a public area, personnel must ensure that the equipment is not left unattended to prevent unauthorized access or theft. They must also ensure that data cannot be read by a stranger by implementing encryption or other security measures. The equipment should be password protected to prevent unauthorized access. Additionally, the wifi network should be secure to protect against unauthorized access and data breaches. Ensuring there is sufficient bandwidth on the internet connection is not directly related to meeting security standards and therefore is not a requirement in this context.Rate this question:
-
- 17.
Please select all that apply.All tickets raised in JIRA under the VISE project should be resolved:
- A.
When time is available to do so
- B.
Within a timeframe commensurate with the importance of the issue raised
- C.
In the fastest time possible where there is a serious breach of security
- D.
When a client calls to complain
Correct Answer(s)
B. Within a timeframe commensurate with the importance of the issue raised
C. In the fastest time possible where there is a serious breach of securityExplanation
The correct answer is "Within a timeframe commensurate with the importance of the issue raised" because it suggests that the resolution of the tickets should be prioritized based on the importance of the issue. The second part of the answer, "In the fastest time possible where there is a serious breach of security," is also correct as it highlights the need for immediate resolution in case of a serious security breach.Rate this question:
-
- 18.
The Anti-Bribery Act 2010 makes it permissible to:
- A.
Accept money in exchange for retaining business
- B.
Pay money to someone in exchange for retaining business
- C.
Ask a friend to accept money on your behalf in exchange for retaining business
- D.
Accept money to pass on information
- E.
All of the above
- F.
None of the above
Correct Answer
F. None of the aboveExplanation
The Anti-Bribery Act 2010 prohibits all forms of bribery, including accepting money in exchange for retaining business, paying money to someone in exchange for retaining business, asking a friend to accept money on your behalf in exchange for retaining business, and accepting money to pass on information. Therefore, the correct answer is "None of the above."Rate this question:
-
- 19.
Please select all that apply.Please identify below which of the following would be considered to be a security breach:
- A.
A diagram of our network with “Restricted” in the heading is sent to a prospective client without an NDA in place
- B.
A password protected and hard drive encrypted laptop has been left unattended in a public area
- C.
An ex-employee copies some software from a Voxygen server using a password known by all members of the INCO team
Correct Answer(s)
A. A diagram of our network with “Restricted” in the heading is sent to a prospective client without an NDA in place
B. A password protected and hard drive encrypted laptop has been left unattended in a public area
C. An ex-employee copies some software from a Voxygen server using a password known by all members of the INCO teamExplanation
Sending a diagram of the network with "Restricted" in the heading to a prospective client without a non-disclosure agreement (NDA) in place would be considered a security breach because it exposes sensitive information to unauthorized individuals. Leaving a password-protected and hard drive encrypted laptop unattended in a public area is also a security breach as it puts the encrypted data at risk of being accessed by unauthorized individuals. Additionally, an ex-employee copying software from a server using a password known by all members of a specific team is a security breach as it compromises the confidentiality and integrity of the software.Rate this question:
-
- 20.
Unlicensed software can be downloaded provided:
- A.
Permission is given in writing by the CIO
- B.
Permission is given in writing by the CEO
- C.
Permission is given by the CTO, CIO, CEO and INCO team
- D.
All of the above
- E.
None of the above
Correct Answer
E. None of the aboveExplanation
The correct answer is "None of the above" because the question states that unlicensed software can be downloaded, but none of the given options provide the correct permission to download unlicensed software.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 20, 2023Quiz Edited by
ProProfs Editorial Team -
Feb 15, 2016Quiz Created by
Chriskondov
Back to top