These are the 25 sets of Security quizzes – Generic Question and Answer. Here, the content that we are providing is based on our knowledge and personal study.
If you missed the previous article on security quizzes click here.
1.)What are the different information classification categories available in the company?
A.) Confidential. Secret. Public. Internal
B.) Public, Internal, Private, Secret, Confidential
C.) Restricted. Confidential, Internal Use Public-Private and Confidential
D.) Personal, Confidential, Top Secret
2.)It is always acceptable to send business information from your customer-provided email id to your email id. Is this statement True or False?
3.)You are using the same password for an application for a long time. Is the use of the same password for a long time advisable?
A.) No as use of the same password makes it vulnerable to breach over a period of time
B.) Yes, as the system has not prompted for the change of password
C.) Yes. as the password is shared with colleagues onsite and cannot be changed
D.) No, as the current password is complex enough
4.)You are working overseas at a client location and need to use the data when you return to your home country. How will you ensure data availability?
A.) Copy the data to a personal laptop
B.) Upload the data on the internet
C.) Copy the data on a personal USB drive and carry it with you
D.) Carry the data with you with client permission
5.)You have prepared a Design Document for the new product being launched by your customer. The customer has not provided any guidance on how such documents should be classified. How will you handle the document?
A.) At par with Confidential classification
B.) Company Restricted
C.) Since the customer has not specified any requirements. you need not classify the document.
D.) Company Internal
6.)You are executing a project and you have come to know that project information has to be retained for a period more than the project duration due to regulatory requirements. What should you do?
A.) Just keep the backup of information as a customer would be aware of the regulatory requirement
B.) communicate to the customer that information has to be retained beyond project duration with reason.
C.) No need to communicate to the customer as it is a regulatory requirement
7.)When you have to retain the information, which factors should be considered for the retention period?
A.) TC Retention policy
B.) Regulatory requirements
C.) Project duration
D.) Contractual requirements
Answer.) All of the above
8.)Which of the following statements is/are correct while using the Internet/intranet/Network Channels provided by the company?
A.) Associate can produce web pages or sites that reference Company or its affiliates, or in any way disclose any other information about a company without the permission of Security Manage
B.) Associate cannot use Internet-based applications including chat rooms,/instant messaging, peer-to-peer network-based applications, VoIP applications without prior authorization
C.) Associate can host personal sites on company facilities only after taking ISM approval.
D.) Not entering into binding contracts (accepting license agreements by clicking OK/Accept while downloading any software from the internet) on behalf of the company over the internet, unless by the company legal team and authorized by management.
Answer.) B and C
9.)Writing down passwords is wrong. With respect to this statement which of the following options are appropriate?
A.) Remembering multiple passwords is difficult hence it is ok to write them down.
B.) Writing down passwords in a notebook inside the OD is fine, as it will not cause any harm as outsiders have no entry to the ODC.
C.) Writing down passwords is ok if it is shared and colleagues need to know it.
D.) writing down passwords will disclose it to unauthorized people who can misuse them, but you will be held responsible for all activities.
10.)What is referred to as social engineering?
A.) Wasting resources
B.) Gathering information from discarded manuals and printouts
C.) Using people skills to obtain proprietary/confidential information
D.) Destruction or alteration of the data
11.)If you find a person whom you know tailgating what should you do?
A.) Confront the concerned person and ask him the reason for tailgating
B.) Ignore it since you know that he has no mal intentions.
C.) Log a security incident.
D.) Inform the security guard.
Answer.) A and C
12.)What should you do to make your password difficult to guess or crack?
A.) Do not disclose it to anyone.
B.) Use a combination of alphabet, Number, and special character.
C.) Use a combination of residential details like the street name and flat number etc
D.) increase the length of the password to the extent possible.
Answer.) A and C
13.)One day when you log on to your e-mail, you find that there is an unsolicited e-mail having abusive and offensive content in your inbox. What should you do?
A.) Forward such e-mails to your colleagues
B.) Report an incident along with the evidence (Header information and copy of e-mail) and then delete such e-mails from your mailbox.
C.) Save such e-mails for future use.
D.) Do nothing.
14.)Rakesh has been deputed to a client located in the US. The client has provided a laptop to Rakesh. His family resides in India. Every evening he uses the client-provided laptop to chat with his family through a webcam using software he has installed directly from the internet. Which of the following is correct?
A.) Rakesh can use the client-provided laptop to connect with his family as he is away from them. This is acceptable since neither has he any mal intention nor is he sharing any confidential data
B.) Rakesh has the right to directly download software for such use since it is a client-provided laptop
C.) client provided laptop must be used for business purposes only.
D.) Since Rakesh does not have his own laptop, he can use the client provided laptop for such a purpose
15.)You were creating some design/flow diagrams on paper for a sensitive project of a client. when suddenly the PL calls you for an urgent meeting in a meeting room which is outside the Offshore Development Center (ODC). What is the appropriate way to handle the papers?
A.) While entering the meeting room, you realize that you are carving the papers and you see your friend from another account passing by, so you send the papers with him to be handed over to
someone in your ODC.
B.) Put all paper inside your desk drawers. Lock it and then go for a meeting.
C.) Leave the papers on the desk since it is a restricted access ODC
D.) None of the above
16.)You are working on a project and require logging on to the environment managed by the client The client has provided you with a single user ID and your entire team uses the same ID to login to the environment. Which of these statements is correct in this context
A.) It is not wrong to share credentials since the team has to complete the delivery according to the schedule
B.) The team should present the scenario to the customer and request more IDs. In case the customer declines, connect with your ISM and inform the client before sharing credentials
C.) credentials Smould never be shared. You should consult our OU loM In such scenarios
D.) it is not wrong to share credentials since this has been shared within the team
17.)You have backed up your project information on media. The project will continue for the next two years. How often should the restorability test be done?
A.) Should be done only once in the lifetime of the media
B.) Should be done immediately after the backup and it is a one-time activity only
C.) Should be done regularly
D.) Depends on client requirements according to the contract
18.)Which of the following is not true about Information classified as Private and confidential?
A.) Information is not specific to individuals.
B.) Information can be in the custody of the company.
C.) Information always belongs to the company.
D.) Disclosure of such information is not desirable.
Answer.) A and C
19.)YOU are searching the Internet for some Information. After clicking a link on one page you become suspicious that it may have triggered a virus or something which is wrong. What should be your immediate reaction?
A.) Isolate the machine from the network. (Disconnect from the network)
B.) Log a ticket on Global Helpdesk and wait for someone to attend. Till then continue to work
C.) Ignore the suspicion and continue to work.
D.) Call up the information security manager and wait for instruction
Answer.) A and D
20.)You are executing a project and you have come to know that project information has to be retained for a period more than the project duration due to regulatory requirements. What should you do?
A.) Just keep the backup of Information as a customer would be aware of the regulatory requirements.
B.) Communicate to the customer that information has to be retained beyond project duration with the reason.
C.) No need to communicate to the customer as it is a regulatory requirement
21.)Which of the following is most appropriate with regard to an organization’s Business Continuity Planning (BCP) framework?
A.) It is not necessary to have a BCP framework and in the event of a crisis, instant measures can be taken as per the need of the hour.
B.) An organization should implement a BCP framework without doing a cost-benefit analysis.
C.) The organization should carry out cost-benefit analysis with due diligence and then implement a BCP framework that meets the business objectives of all concerned.
D.) None of the above
22.)The TCS recommended method of disposing of non-electronic Information in paper form classified as Restricted, Confidential, or Private & Confidential is the same. Is this statement True or False?
23.)How should an Information Security Incident be reported?
A.) Through the Incident Management Tool /through Phone/through e-mail/In Person
B.) Only through Incident Management Tool
C.) Only through Phone
D.) Only through e-mail
24.)You find that your webmail ID is compromised. What could be the possible reasons?
A.) You accessed it from a nearby internet café, and there was a keylogger that captured your ID and password
B.) TCS Webmail is vulnerable to such attacks and nothing can be done about it.
C.) You did not change your webmail password in a very long time.
D.) It is impossible to compromise any webmail account due to TOS Security policy,
Answer.) A and C
25.)You are the owner of the information and you have to share it with the client. For some reason, It is not possible to label the information. What should you do while sharing the information?
A.) When you cannot label the information due to technical reasons, you just need to raise a Change Request and then share the document.
B.) You should encrypt the information before sharing it.
C.) While sharing the information with the client, communicate to the client about the protection required for the information.
D.) You should share the information with the client directly since there is a Non-Disclosure and Confidentiality Agreement signed with the customer.
26.)Which of the following choices should be covered while preparing the information backup schedule?
A.) Details of System/Device/Application Name and Information to be backed up
B.) Type of backup and backup location
C.) Frequency of backup and the time schedule of the backup process
D.) Retention period and restoration requirement
Answer.) All of the above.
security quizzes isecurity security quiz security quizzes isecurity security quiz security quizzes isecurity security quiz security quiz security quiz security quiz security quiz security quiz security quiz security quiz, security quiz security quiz security quiz
Can I bring my personal laptop to the office No , personal laptops can not be …
Q1: Which of the following three is the strongest password? A: The correct answer is 3. This is a random password and thus the most secure one of the 3. starwars is not random and a commonly used password.
A strong must be at least 8 characters long. It should not contain personal information like real name, username, or company name. It must be very unique from your previously used passwords. It should not contain any word spelled completely.
Answer: The TCS process for business continuity management is handled by Head of Corporate Security for Asia, who manages fraud risk and information security.
- Use a mix of alphabetical and numeric characters.
- Use a mixture of upper- and lowercase; passwords are case sensitive.
- Use symbols if the system allows (spaces shouldn't be used as some applications may trim them away)
The worst passwords in 2015, such as '123456' and 'password', continue to be the most popular options among the most careless computer users today. Here's a condensed list of the most frequently used (and therefore weakest) passwords of 2020: 123456.
This is what they found.
|Four digit||Six digit|
Some examples are:
Not a word in any language, slang, dialect, jargon. Both Uppercase and lowercase letters (e.g., a–z, A–Z) Base numbers and non-alphanumeric symbols (e.g., 0-9 !
Business continuity policy and planning are fundamental to ensure against organisational and reputation risk in case of business interruption.
TCS' Disaster Recovery Automation Offering helps companies streamline and automate their IT recovery processes by providing end-to-end services across consulting, architecture design, implementation, and support.
Business continuity focuses on keeping business operational during a disaster, while disaster recovery focuses on restoring data access and IT infrastructure after a disaster.
Mix Word and number together randomly
Mix Word and number together randomly (mix uppercase and lowercase). For example, 2 words “Scotfield” and “01255447689”, mix it randomly and become “S012cot5544fie76ld89”, frankly… i do not think is it possible to crack, but it very hard to remember also.
Make your password long. 12-14 characters are recommended. Use a mix of characters like capitalization, symbols and numbers. Use a different password for every account.
National Cyber Security Centre.
An example of a strong password is “Cartoon-Duck-14-Coffee-Glvs”. It is long and contains uppercase and lowercase letters, numbers, and special characters.
The Supreme Court stated that in circumstances where personal use of workplace computers is permitted or reasonably expected, the individual has a reasonable expectation of privacy in the personal information which is stored on the machine.
There are benefits to bring-your-own-device (BYOD) computer policies at work. For example, BYOD policies allow you to use your personal computer, which you might be more familiar with than a new work computer. Many people like the seamlessness of doing both work and personal activities on the same computer.
While many companies provide laptops for remote employees, it's not always a guarantee. In theory, all employers should provide the tools for employees to work. For example, if that same company worked from an office, they'd provide you with a computer the vast majority of the time.
Paying bills and making other bank transactions
When you enter your bank account routing and checking number or your debit card information into the computer, this renders it possible for the information to enter the pool of valuable information that hackers look for when they go after organizations.
Conclusion: Your Boss Can Legally Monitor Any Activity on a Work Computer or A Work Network. As you now know, your boss can monitor almost anything you do during the day - whether you're working remotely or have returned to the office.
If you have a connection to the company network, your employer has the right to track your internet activity. They can also monitor you if you are using a work computer but are not connected to the local WiFi.
- Search for Suspicious Apps in Application Manager. ...
- Search for Suspicious Background Processes. ...
- Check Data Usage for Suspicious Activity. ...
- Search for Suspicious Programs. ...
- Check the Firewall Settings.
Employers are generally within their rights to monitor all activity carried out on a company-owned device. If you distribute work phones and laptops, your company can track them via GPS or IP address, for example.
Yes, it is possible that your boss (or whomever) is watching you. Using your IP address (a series of numbers with dots), someone can easily trace your location while you're logging in from out of office. But… there are also ways of making this impossible.
Accordingly, an employer does have the right to limit or prohibit an employee of personal cell phone usage during company time and hours. This means that it is not illegal for a company, like FedEx, to require that all employees leave their cell phones at home or in their vehicles while working in the company facility.
Short answer NO! It is unethical because a work computer is for work sanctioned activities. Unless you get permission, the answer is always NO. Even if you did have permission from management, understand that every last keystroke is being monitored.
Your company would file a criminal complaint against you for theft if you do not return the laptop belonging to the company. It's advisable that you serve a legal notice to them asking them to pay your full and final settlement amount and also take the laptop from you.
You should look for a ninth or 10th-generation Intel i5 or i7 processor, at least 8GB of RAM (preferably 16GB if an option) and 256GB of SSD storage – do not buy a laptop that only has a traditional hard drive, and nothing below 128GB. In addition you have to consider the screen, keyboard and trackpad.
With the help of employee monitoring software, employers can view every file you access, every website you browse and even every email you've sent. Deleting a few files and clearing your browser history does not keep your work computer from revealing your internet activity.
From a practical perspective, whether your employer has the ability to read your personal emails depends on how it monitors and tracks its computer system. However, chances are pretty good that your employer has the capability to access those messages.
Bankrate.com says that online banking is less secure than a bank's mobile app. “Some banks that have multi-factor authentication on their mobile apps don't provide the same capability on their websites. Well-designed mobile apps don't store any data, and you're less likely to hear about a virus on a smartphone.”