1.)What are the different information classification categories available in the company? A.) Confidential. Secret. Public. Internal B.) Public, Internal, Private, Secret, Confidential C.) Restricted. Confidential, Internal Use Public-Private and Confidential D.) Personal, Confidential, Top Secret
2.)It is always acceptable to send business information from your customer-provided email id to your email id. Is this statement True or False? A.) TRUE B.) FALSE
3.)You are using the same password for an application for a long time. Is the use of the same password for a long time advisable? A.) No as use of the same password makes it vulnerable to breach over a period of time B.) Yes, as the system has not prompted for the change of password C.) Yes. as the password is shared with colleagues onsite and cannot be changed D.) No, as the current password is complex enough
4.)You are working overseas at a client location and need to use the data when you return to your home country. How will you ensure data availability? A.) Copy the data to a personal laptop B.) Upload the data on the internet C.) Copy the data on a personal USB drive and carry it with you D.) Carry the data with you with client permission
5.)You have prepared a Design Document for the new product being launched by your customer. The customer has not provided any guidance on how such documents should be classified. How will you handle the document? A.) At par with Confidential classification B.) Company Restricted C.) Since the customer has not specified any requirements. you need not classify the document. D.) Company Internal
6.)You are executing a project and you have come to know that project information has to be retained for a period more than the project duration due to regulatory requirements. What should you do? A.) Just keep the backup of information as a customer would be aware of the regulatory requirement B.) communicate to the customer that information has to be retained beyond project duration with reason. C.) No need to communicate to the customer as it is a regulatory requirement
7.)When you have to retain the information, which factors should be considered for the retention period? A.) TC Retention policy B.) Regulatory requirements C.) Project duration D.) Contractual requirements
Answer.) All of the above
8.)Which of the following statements is/are correct while using the Internet/intranet/Network Channels provided by the company? A.) Associate can produce web pages or sites that reference Company or its affiliates, or in any way disclose any other information about a company without the permission of Security Manage B.) Associate cannot use Internet-based applications including chat rooms,/instant messaging, peer-to-peer network-based applications, VoIP applications without prior authorization C.) Associate can host personal sites on company facilities only after taking ISM approval. D.) Not entering into binding contracts (accepting license agreements by clicking OK/Accept while downloading any software from the internet) on behalf of the company over the internet, unless by the company legal team and authorized by management.
Answer.) B and C
9.)Writing down passwords is wrong. With respect to this statement which of the following options are appropriate?
A.) Remembering multiple passwords is difficult hence it is ok to write them down. B.) Writing down passwords in a notebook inside the OD is fine, as it will not cause any harm as outsiders have no entry to the ODC. C.) Writing down passwords is ok if it is shared and colleagues need to know it. D.) writing down passwords will disclose it to unauthorized people who can misuse them, but you will be held responsible for all activities.
10.)What is referred to as social engineering? A.) Wasting resources B.) Gathering information from discarded manuals and printouts C.) Using people skills to obtain proprietary/confidential information D.) Destruction or alteration of the data
11.)If you find a person whom you know tailgating what should you do? A.) Confront the concerned person and ask him the reason for tailgating B.) Ignore it since you know that he has no mal intentions. C.) Log a security incident. D.) Inform the security guard.
Answer.) A and C
12.)What should you do to make your password difficult to guess or crack? A.) Do not disclose it to anyone. B.) Use a combination of alphabet, Number, and special character. C.) Use a combination of residential details like the street name and flat number etc D.) increase the length of the password to the extent possible.
Answer.) A and C
13.)One day when you log on to your e-mail, you find that there is an unsolicited e-mail having abusive and offensive content in your inbox. What should you do? A.) Forward such e-mails to your colleagues B.) Report an incident along with the evidence (Header information and copy of e-mail) and then delete such e-mails from your mailbox. C.) Save such e-mails for future use. D.) Do nothing.
14.)Rakesh has been deputed to a client located in the US. The client has provided a laptop to Rakesh. His family resides in India. Every evening he uses the client-provided laptop to chat with his family through a webcam using software he has installed directly from the internet. Which of the following is correct? A.) Rakesh can use the client-provided laptop to connect with his family as he is away from them. This is acceptable since neither has he any mal intention nor is he sharing any confidential data B.) Rakesh has the right to directly download software for such use since it is a client-provided laptop C.) client provided laptop must be used for business purposes only. D.) Since Rakesh does not have his own laptop, he can use the client provided laptop for such a purpose
15.)You were creating some design/flow diagrams on paper for a sensitive project of a client. when suddenly the PL calls you for an urgent meeting in a meeting room which is outside the Offshore Development Center (ODC). What is the appropriate way to handle the papers? A.) While entering the meeting room, you realize that you are carving the papers and you see your friend from another account passing by, so you send the papers with him to be handed over to someone in your ODC. B.) Put all paper inside your desk drawers. Lock it and then go for a meeting. C.) Leave the papers on the desk since it is a restricted access ODC D.) None of the above
16.)You are working on a project and require logging on to the environment managed by the client The client has provided you with a single user ID and your entire team uses the same ID to login to the environment. Which of these statements is correct in this context A.) It is not wrong to share credentials since the team has to complete the delivery according to the schedule B.) The team should present the scenario to the customer and request more IDs. In case the customer declines, connect with your ISM and inform the client before sharing credentials C.) credentials Smould never be shared. You should consult our OU loM In such scenarios D.) it is not wrong to share credentials since this has been shared within the team
17.)You have backed up your project information on media. The project will continue for the next two years. How often should the restorability test be done? A.) Should be done only once in the lifetime of the media
B.) Should be done immediately after the backup and it is a one-time activity only C.) Should be done regularly D.) Depends on client requirements according to the contract
18.)Which of the following is not true about Information classified as Private and confidential? A.) Information is not specific to individuals. B.) Information can be in the custody of the company. C.) Information always belongs to the company. D.) Disclosure of such information is not desirable.
Answer.) A and C
19.)YOU are searching the Internet for some Information. After clicking a link on one page you become suspicious that it may have triggered a virus or something which is wrong. What should be your immediate reaction? A.) Isolate the machine from the network. (Disconnect from the network) B.) Log a ticket on Global Helpdesk and wait for someone to attend. Till then continue to work C.) Ignore the suspicion and continue to work. D.) Call up the information security manager and wait for instruction
Answer.) A and D
20.)You are executing a project and you have come to know that project information has to be retained for a period more than the project duration due to regulatory requirements. What should you do? A.) Just keep the backup of Information as a customer would be aware of the regulatory requirements. B.) Communicate to the customer that information has to be retained beyond project duration with the reason. C.) No need to communicate to the customer as it is a regulatory requirement
21.)Which of the following is most appropriate with regard to an organization’s Business Continuity Planning (BCP) framework? A.) It is not necessary to have a BCP framework and in the event of a crisis, instant measures can be taken as per the need of the hour. B.) An organization should implement a BCP framework without doing a cost-benefit analysis. C.) The organization should carry out cost-benefit analysis with due diligence and then implement a BCP framework that meets the business objectives of all concerned. D.) None of the above
22.)The company recommended method of disposing of non-electronic Information in paper form classified as Restricted, Confidential, or Private & Confidential is the same. Is this statement True or False? A.) TRUE
23.)How should an Information Security Incident be reported? A.) Through the Incident Management Tool /through Phone/through e-mail/In Person B.) Only through Incident Management Tool C.) Only through Phone D.) Only through e-mail
24.)You find that your webmail ID is compromised. What could be the possible reasons? A.) You accessed it from a nearby internet café, and there was a keylogger that captured your ID and password B.) Company Webmail is vulnerable to such attacks and nothing can be done about it. C.) You did not change your webmail password in a very long time. D.) It is impossible to compromise any webmail account due to TOS Security policy,
Answer.) A and C
25.)You are the owner of the information and you have to share it with the client. For some reason, It is not possible to label the information. What should you do while sharing the information? A.) When you cannot label the information due to technical reasons, you just need to raise a Change Request and then share the document. B.) You should encrypt the information before sharing it. C.) While sharing the information with the client, communicate to the client about the protection required for the information. D.) You should share the information with the client directly since there is a Non-Disclosure and Confidentiality Agreement signed with the customer.
26.)Which of the following choices should be covered while preparing the information backup schedule? A.) Details of System/Device/Application Name and Information to be backed up B.) Type of backup and backup location C.) Frequency of backup and the time schedule of the backup process D.) Retention period and restoration requirement
Answer.) All of the above.
Part - 2:
1.)You are working on a project at a client site. The client has provided you with an e-mail id on their domain, you are not allowed to access the company e-mail id through the client network. What will you do to access e-mails received on our company ID? Select appropriate choice? A.) Use client network to access company e-mails as you know that access is not blocked B.)Use the Auto Forward feature of Les e-mail and forward mails received on your company ID to your client e-mail ID. C.)Use the Auto Forward feature of company e-mail and forward e-mails received on company ID to your personal e-mail ld like Gmail or Yahoo D.)Use webmail to access Tes e-mails outside the client network or have louts Notes configured on smartphone and use a network other than client network.
2.)Where can you find company process for Business Continuity Management? A.)In iQMS Wik B.)In KNOWMAX C.)In Integrated Project Management System (IPMS) D.)in Enterprise Process Web (EPW)
3.)What data would you typically select for the backup? A.) Taking regular backup is just a recommendation; so no backup is really required.
B.) Only a large amount of data C.) All of your personal data D.) Data that will impact the project execution thus Impacting the company or its customer
4.)While working on an assignment where you are an administrator for the database, your password A.)Can be shared with team members If a need arises B.)Can be shared with clients if they ask for it C.)Can be shared with a supervisor only. D.)Should never be disclosed to anyone or shared with anyone
5.)Why do you need Business Continuity Plan? A.)To be able to continue our critical operations in the event of any crisis/disaster B.)Because others have it C.)To minimize the impact of any crisis/disaster to company and our customers
Answer.)A and B
6.)The access-related controls for Confidential classification are more stringent as compared to Internal classification. Is this statement True or False and Why? A.)TRUE as Confidential information is distributed among a limited number of people B.)FALSE, as Internal information is stored within the company network C.)TRUE, as the business impact due to unauthorized disclosure of confidential information is more than internal information. D.)FALSE, as business impact due to unauthorized disclosure can be the same in both classifications.
7.)The information displayed on company website is classified as company Internal. This statement is True or False A.)TRUE. Since all information is about company internal matters, it’s classified as company Internal B.)FAlSE The information on company website is public and is explicitly approved by management for a public release
8.)You need to mail the estimation sheet created as a response to one RFP to your Onsite BRM. What care will you take while sending the e-mail with regards to its label? A.)Document must be labeled as company Confidential B.)E-mail must be labeled as Confidential C.)Classification and labeling is required when the document is finalized, not when it’s under internal review D.)Classification is not necessary since both the sender (you) and the recipient (BRM) are on company domain
Answer.)A and B
9.)What should you do to make your password difficult to guess or crack? A.)Do not disclose it to anyone. B.)Use a combination of alphabets, numbers, and special characters C.)Use a combination of residential details like street name and flat number etc. D.)Increase the length of the password to the extent possible.
Answer.)B and D
10.)While working on the office network, which of the following are not acceptable practices? A.)Transmission of any information which is unprofessional, offensive, objectionable, intimidating, or private to others
B.)Publishing information which belongs to a particular political party C.)Sending or posting messages that could denigrate or harass others on the basis of gender, race, age, disability, religion, D.)Not to use internal platform for blogs
Answer.)A, B, and C
11.)You are taking a printout of a debugging code you have written. What precautions do you need to take? A.)Collect the printouts immediately B.)if the paper jams, remove the paper and shred it. C.)Collect the printout next time you take a break D.)Ensure that printout is classified properly
Answer.)A, B, and D
12.)You have a business need to use Internet-based chat messenger not approved by company. What should you do? A.)Download it directly for use as it is a business need. B.)Connect with your ISM to discuss the risks involved and the feasible solution C.)Since the client has asked you should expect IS to install it directly. D.)Get supervisor approval and install it
13.)You observe that one of your company colleagues keeps sending unsolicited e-mails which are either offensive, obscene, or at times defamatory what should you do? A.)Do nothing. Just ignore such e-mails by deleting them B.)Do nothing Keep such e-mails in a separate folder of your mailbox for future use C.)Inform your ISM, raise an incident give the mail as evidence and delete il from your mailbox. D.)Forward the e-mail to your other colleagues so that they are alerted to such activity
14.)How would you protect company/Customer provided laptops during air travel? A.)Do not check-in the laptop along with other luggage and car it with you as hang-Baggage B.)Do not keep the laptop out of sight during any stage of travel C.)For safety. you should check in the laptop with other luggage D.)After security check, collect your laptop promptly. Recheck once if you have collected your own laptop and someone else’s
Answer.)A, B, and D
15.)Tom has joined a project. He has been assigned a desktop. This desktop was used by Jerry who is now released from the project. Upon logging on, Tom found personal non-business files stored in the computer by Jerry. If you were Tom, what action would you take? A.)You must inform the IS team to remove Jerry’s personal files from the desktop. B.)You must inform Jerry to take copies of his personal files and delete them from the desktop.
C.)You can send Jerry’s personal files through e-mail to Jerry. D.)You should raise an information security incident in the security incident reporting tool.
16.)You are going to do a project audit and realize that you do not have access to the Offshore Development Center (ODC). What should you do? A.)Wait for some time and enter along with the next person entering the ODC. B.)Knock the door and swipe once the door is opened so that your entry is registered. C.)Request the Auditee to escort you into the ODc. Make sure that you sign the visitor register when entering and existing the ODc. D.)It is not recommended for auditors to visit the customer ODC since the audit is internal to company.
17.)You are working on a shift and your colleague in the next shift is delayed due to traffic conditions. Your colleague calls you and asks you to download an urgent you avoid such sharing or e-mails IDs? A.)There is no need to avoid as it Is Ok to use colleagues e-mail ID If the situation demands So B.)Ask a supervisor or another associate from the next shift to use the ID of the colleague who is delayed C.)Use the delegate/backup facility D.)Use group mail id or mainline DB with required associates in the teams as members.
Answer:)C and D
18.)Information classified as Restricted should be given the highest level of protection among all classifications during storage or transmission. Is this statement True or False? A.)TRUE B.)FALSE
19.) Your client wants to know the background Check (BGC) outcome of one of the associates. He wants to get the complete report of BGC for verification. What will you do? A.)You will get the softcopy of the report from HR SPOC. Once you verify, you will send it to the client B.)You will ask the HR SPOC to share the BGC report of the association with the client C.)You will ignore such requests D.)You will raise a CR for this
20.)Who is responsible for classifying information? A.)GL/PL of the project B.)Information Security Coordinator for the project C.)System Administrator D.)Owner of the information
Part - 3:
1.)Where classification is not specified by the client, such information does not require any specific protection. Is this statement True or False? A.) TRUE. B.) FALSE
2.)You are under pressure and a bit dejected when you receive an e-mail from a friend on your official mail ID. Your friend has asked you to forward the e-mail to at least ten people. If you do so, a miracle would take place in your life within the next 24 hours, or else a mishap would take place. What should you do In such a scenario? A.) You should forward this e-mail to 10 of your friends ensuring that all are in Company and the e-mail is forwarded to their Company ID. B.) you should ignore such e-mails and delete them. C.) You should forward the e-mail to your friends as there is no confidentiality violation and you are not doing it with any fraudulent intent.
D.) You should not forward or even solicit emails that are unreadable to Business activities or for personal gain.
Answer.) B and D.
3.)You are not allowed to classify any information as Public without authorization. Is this statement True or False? A.) TRUE B.) FALSE
Answer.) A (TRUE)
4.) Rohit Is a project leader for a team of 30 people. He has to catch an evening flight and so is leaving the office a bit early. He was requested for laptop verification at the security desk while leaving the office. What should Rohit do? A.) Rohit is a project leader so there is no need for him to give his laptop for verification B.) As security has checked the laptop while entering the office, there is no need to check while leaving the office C.) Being a laptop user, Rohit should cooperate with a security person for laptop verification. D.) Rohit should expect a waiver since he has to catch the flight.
5.)You are working overseas at a client location and need to use the data when you return to your home country. How will you ensure data availability? A.) Copy the data to a personal laptop B.) upload the data on the internet C.) Copy the data on a personal USB drive and carry it with you D.) Carry the data with you with client permission
6.) You receive a call from your friend asking you to leave Immediately as there Is some unrest In a certain part of the city. Which of these is the most appropriate action for you to take? A.) You will leave immediately without informing anybody. B.) You will inform ever one about the call and ask them to leave as well C.) Ask your friends in the office and try to confirm whether they are aware of such unrest. D.) Inform the Admin/ML about the call and wait for their instructions.
7.)You are taking a printout of a debugging code you have written. What precautions do you need to take? A.) Collect the printouts Immediately. B.) if the paper jams, remove the paper and shred it. C.) Collect the printout next lime you take a break D.) Ensure that printout is classified properly
Answer.) A, B, and D
8.)The primary reason for which I am not allowed to store unlicensed music files on Company assets is that: A.) Company Is against music. B.) My manager would not like it. C.) It is a copyright violation. D.) It occupies hard disk space.
9.)The client has sent you some data on a USB stick. What are the mandatory steps that you need to follow? A.) Need to declare the media at the reception B.) If media has to be connected to the Company network, it should be scanned by IS for virus
C.) After approval by IS, it should be approved by OU/Sub OU/SSG ISM to copy the required data D.) IS team will copy the required information onto an appropriate location.
Answer.) All of The Above
10.)While working on an assignment where you are an administrator for the database, your password A.) Can be shared with a team member if a need arises B.) Can be shared with clients if they ask for it C.) Can be shared with a supervisor only D.) Should never be disclosed to anyone or shared with anyone
11.) One day when you log on to your e-mail, you find that there is an unsolicited e-mail having abusive and offensive content in your Inbox. What should you do? A.) Forward such e-mails to your colleagues B.) Report an incident along with the evidence (Header information and copy of e-mail) and then delete such e-mails from your mailbox C.) Save such e-mails for future use. D.) Do nothing.
12.)You are attending an Important telecon with your client manager. All of a sudden, you hear a fire alarm. What should you do? A.) Continue with the call as these alarms are part of regular drills and your meeting is important. B.) Inform the client at other ends about the fire alarm and evacuate the building using the closest fire exit along with others. C.) Contact your ISM and inform them about the situation and take approval to continue with the call. D.) Drop an email to the Admin about your presence in the building and that you are not evacuating due to an important call with the client.
13.)What data would you typically select for the backup? A.) Taking regular backup is just a recommendation; so no backup is really required. B.) Only a large amount of data C.) All of your personal data D.) Data that will Impact the project execution thus impacting Company or its customer
14.)You are on leave when you receive an urgent call from your supervisor asking for your login credentials so that another team member can log in and complete the pending request. What should you do in such a situation? A.) You should share your credentials as work is being affected. B.) You should share your credentials because even If something goes wrong you are not responsible for being on leave. C.) You should raise a security incident. D.) You should not share your credentials.
Answer.) C and D
15.)You have been working from home on your laptop. What do you need to do when you connect to the Company network? A.) Ensure that the latest patches are updated. B.) Restart the machine after patch deployment, if required. C.) Ensure that the latest antivirus is updated. D.) None of the above
Answer.) A, B, and C
16.) Due care must be taken for virus check while opening encrypted attachments as compared to unencrypted attachments in e-mail. Is this statement True or False? A.) TRUE B.) FALSE
17.) Where can you find the Company process for Business Continuity Management? A.) In IQMS WIki B.) In KNOWMAX C.) In Integrated Project Management System (IPMS) D.) In Enterprise Process Web (EPW)
18.) You have a business need to use a Company-based chat messenger not approved by Company. What should you do? A.) Download it directly for use as it is a business need B.) Connect with your ISM to discuss the risks involved and the feasible solution. C.) Since the client has asked you should expect IS to install it directly. D.) Get supervisor approval and install it.
19.)Your college friend shares with your code for an e-mail agent which can auto-respond to specific users with pre-defined content. Is It appropriate for you to Implement this agent in Company for a specific business purpose? A.) YES B.) NO
20.)Tom has joined a project. He has been assigned a desktop. This desktop was used by Jerry who is now released from the project. Upon logging on, Tom found personal non-business data like music and movie files stored in the computer by Jerry. If you were tom, what action would you take?
A.) You must inform the IS team to remove Jerry’s personal files from the desktop. B.) you must inform Jerry to take copies of his personal files and delete them from the desktop. C.) You can send Jerry’s personal files through e-mail to Jerry D.) you should raise an information security incident in the security Incident reporting tool
21.)You receive an e-mail on your Company ID which has a personal business proposal not related to Company. Is it appropriate to reply? A.) It is ok since no confidential information is being shared. B.) It is inappropriate since the e-mail is for personal gain and unrelated to your work. C.) It is okay to respond to the e-mail after office hours or on a weekend. D.) No, such activities should be done using personal e-mall IDs only.
Answer.) B and D
22.)When you have to retain the information, which factors should be considered for the retention period? A.) Company Retention policy B.) Regulatory requirements C.) Project duration D.) Contractual requirements
Answer.) All of the above
23.)You just received an e-mail from your bank asking you to confirm your online activities by logging on to your account within a week. What is the best course of action to take? A.) If possible, call your bank to confirm the authenticity of the e-mail. If you can’t reach your bank, don’t click the link but visit your account by manually entering the URL of the bank. B.) Follow the link provided in the e-mail and enter your login information – after all, the e-mail has your bank’s logo and looks legitimate. C.) Set up my anti-spam software to automatically purge messages received from people not listed in my contacts. D.) I know It’s phishing, so I will just put false information in to fool the hackers. It is not my information, they cannot do anything to harm me.
24.)To whom should you express your concerns and suggestions related to information security at your location? A.) Information Security Manager B.) Security Guard C.) Admin Head D.) HR Manager
25.) A top government official is coming to visit you in one of the Company offices. This person is a prospective client for Company. Select the appropriate choices to handle the visitor access for such officials.
A.) Since the person is a prospective client and high profile government official, you need not follow the visitor management process. B.) It is allowed to completely avoid the visitor process for such visitors. C.) You are busy completing daily tasks and hence should request someone from admin to escort the official. D.) You should obtain all the details in advance and keep things ready so that minimal time is spent while issuing the visitor ID card, and as a host, you should ensure that the official is escorted.