Information Security & Data Privacy Quiz

Quiz Summary

0 of 20 Questions completed

Questions:

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading…

You must sign in or sign up to start the quiz.

You must first complete the following:

Results

Quiz complete. Results are being recorded.

Results

0 of 20 Questions answered correctly

Your time:

You have reached 0 of 0 point(s), (0)

maximum of 100 points
Pos.	Name	Entered on	Points	Result
Table is loading
No data available

Current
Review
Answered
Correct
Incorrect

Question 1 of 20

1. Question
What should be included in an Organization’s Information Security Policy?
- Statements on the importance of Information Security
- Fundamental rules on organising Information Security
- Detailed technical requirements for configuring critical IT systems
- Specific rules on how confidential information is to be handled
Question 2 of 20

2. Question
For which tasks is an Information Security Officer typically responsible?
- Coordinating the development of Information Security concepts
- Reporting to management on the current Information Security status
- Configuring Information Security technology solutions
Question 3 of 20

3. Question
What core criteria do you need to take into account when determining an IT system’s availability requirements?
- The maximum system downtime that can be tolerated
- The effort required to restore the IT system following a breakdown
- The number of people who use the IT system
- The costs of procuring the IT system
Question 4 of 20

4. Question
What procedures should you follow to determine how well a group of clients are protected during an IT Audit review?
- Conduct interviews with the System Administrators responsible
- Perform on-site examinations of random clients and their configurations
Question 5 of 20

5. Question
When should you assess a security requirement of a given IT Asset as Compliant ✅ during an IT Audit review?
- When the asset is fully covered by appropriate and effective measures
- When neither random checking nor interview(s) conducted with the resource(s) responsible for the IT System has revealed any security flaws
- When the resource responsible for the IT System has given you assurances that there have not been any security issues with the IT system in question thus far
- When there is a detailed documentation on the protective measures that will be implemented for the IT system in question
Question 6 of 20

6. Question
What should you evaluate when assessing risk?
- How frequently a threat occurs
- The scale of damage associated with the threat
- The protection objectives impacted by a threat
- The effectiveness of the measures planned and implemented to address a threat
Question 7 of 20

7. Question
What are some of the ways risks can be transferred?
- By taking out an insurance policy
- By outsourcing a high-risk business process to an external service provider
Question 8 of 20

8. Question
What reason(s) may justify accepting a high level of risk?
- Potential safeguards would require an inordinate amount of resources
- There are no effective safeguards against the risk in question
- Similar organisations also accept the risk in question (e.g. Minimum Android level to install an app)
- The threat from which the risk stems has not led to a significant security incident thus far
Question 9 of 20

9. Question
As an Information Security Officer, what should you do if your organization’s executives are not willing to provide the resources required to implement a given security control?
- You should point out the risks associated with a failure to implement the control
- You should ask the executives to sign a document confirming that they acknowledge and accept the risks
- You should ignore the executives and implement the control with your authority as an Information Security Officer
Question 10 of 20

10. Question
Why should you review your security controls on a regular basis?
- Because threats evolve
- Because your organisation's processes and structures evolve
- Because your organisation's objectives and priorities evolve
Question 11 of 20

11. Question
What should always be established before a key control related to Information Security is introduced?
- The intended purpose of the key control
- The procedure to be followed in collecting results/evidences associated with the key control
- The preference of the security team regarding the key control
Question 12 of 20

12. Question
Drag and map the definitions to the appropriate description
Sort elements
- Threat
- Vulnerability
- An action or event that has the potential to cause harm, loss, or disruption to systems, assets or operations.
- A weaknesses in a system, process, or control that could be exploited.
Question 13 of 20

13. Question
An auditor reviews a Web Server and discovers important security updates haven’t been installed. What has the Auditor identified?
- A Vulnerability
- A Threat
Question 14 of 20

14. Question
The goals of Information Security and Data Privacy are the same?
- True
- False
Question 15 of 20

15. Question
Drag and map the definitions to their appropriate description
Sort elements
- Event
- Incident
- Problem
- Disaster
- Multiple failed login attempts are discovered
- Unauthorized access to sensitive data is discovered
- A vulnerability is discovered that enables authentication bypass
- A vulnerability is exploited to commit fraud
Question 16 of 20

16. Question
Drag and map the Business Continuity strategies to their most appropriate description
Sort elements
- Fail Safe
- Fail Over
- Fault Tolerant
- High Availability
Question 17 of 20

17. Question
Map the security threats to their appropriate description
Sort elements
- Virus
- Worm
- Trojan
- Rootkit
- A type of malware that can replicate itself and infect data on your computer.
- A type of malware that replicates itself to other computers within your network.
- A type of malware that pretends to be a legitimate software.
- A type of malware designed to gain full privileges on a computer.
Question 18 of 20

18. Question
Which phase within a Software Security Development Lifecycle (SDLC) is most effective to perform Threat Modeling?
- Design
- Requirements
- Verification
- Release
- Response
Question 19 of 20

19. Question
A malicious user who may be able to impersonate the identity of a valid user for an application is an example of which STRIDE threat?
- Spoofing
- Tampering
- Repudiation
- Information Disclosure
- Denial of Service
- Elevation of Privilege
Question 20 of 20

20. Question
Drag and map the STRIDE threat properties to their appropriate description
Sort elements
- Authenticity
- Integrity
- Non-deniability
- Confidentiality
- Availability
- Authorization
- Spoofing
- Tampering
- Repudiation
- Information Disclosure
- Denial of Service
- Elevation of Privilege

Information Security & Data Privacy Quiz

Information Security & Data Privacy Quiz

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

Sort elements

13. Question

14. Question

15. Question

Sort elements

16. Question

Sort elements

17. Question

Sort elements

18. Question

19. Question

20. Question

Sort elements

Pin It on Pinterest