iSecurity Quiz Answers MCQ | Course Id 7408 | TCS iEvolve MCQ

Q1: What are the different information classification categories available in the company?

A. Confidential. Secret. Public. Internal

B. Public, Internal, Private, Secret, Confidential

C. Restricted. Confidential, Internal Use Public-Private and Confidential

D. Personal, Confidential, Top Secret

Answer: C

Q2: It is always acceptable to send business information from your customer-provided email ID to your email ID.
Is this statement True or False?

A. TRUE

B. FALSE

Answer: B

Q3: You are using the same password for an application for a long time. Is the use of the same password for a long time advisable?

A. No as use of the same password makes it vulnerable to breach over a period of time

B. Yes, as the system has not prompted for the change of password

C. Yes. as the password is shared with colleagues onsite and cannot be changed

D. No, as the current password is complex enough

Answer: A

Q4: You are working overseas at a client location and need to use the data when you return to your home country. How will you ensure data availability?

A. Copy the data to a personal laptop

B. Upload the data on the internet

C. Copy the data on a personal USB drive and carry it with you

D. Carry the data with you with client permission

Answer: D

Q5: You have prepared a Design Document for the new product being launched by your customer. The customer has not provided any guidance on how such documents should be classified. How will you handle the document?

A. At par with Confidential classification

B. Company Restricted

C. Since the customer has not specified any requirements, you need not classify the document.

D. Company Internal

Answer: A

Q6: You are executing a project, and you have come to know that project information has to be retained for a period more than the project duration due to regulatory requirements. What should you do?

A. Just keep the backup of information as the customer would be aware of the regulatory requirement

B. Communicate to the customer that information has to be retained beyond the project duration with reason.

C. No need to communicate to the customer as it is a regulatory requirement

Answer: B

Q7: When you have to retain the information, which factors should be considered for the retention period?

A. TC Retention policy

B. Regulatory requirements

C. Project duration

D. Contractual requirements

Answer: All of the above

Q8: Which of the following statements is/are correct while using the Internet/intranet/Network Channels provided by the company?

A. Associate can produce web pages or sites that reference Company or its affiliates, or in any way disclose any other information about a company without the permission of Security Manager

B. Associate cannot use Internet-based applications including chat rooms, instant messaging, peer-to-peer network-based applications, VoIP applications without prior authorization

C. Associate can host personal sites on company facilities only after taking ISM approval.

D. Not entering into binding contracts (accepting licence agreements by clicking OK/Accept while downloading any software from the internet) on behalf of the company over the internet, unless by the company legal team and authorised by

management.

Answer: B and C

Q9: Writing down passwords is wrong. With respect to this statement, which of the following options is appropriate?

A. Remembering multiple passwords is difficult hence it is okay to write them down.

B. Writing down passwords in a notebook inside the OD is fine, as it will not cause any harm as outsiders have no entry to the ODC.

C. Writing down passwords is okay if it is shared and colleagues need to know it.

D. Writing down passwords will disclose it to unauthorised people who can misuse them, but you will be held responsible for all activities.

Answer: D

Q10: What is referred to as social engineering?

A. Wasting resources

B. Gathering information from discarded manuals and printouts

C. Using people skills to obtain proprietary/confidential information

D. Destruction or alteration of the data

Answer: C

Q11: If you find a person whom you know tailgating, what should you do?

A. Confront the concerned person and ask him the reason for tailgating

B. Ignore it since you know that he has no mal intentions.

C. Log a security incident.

D. Inform the security guard.

Answer: A and C

Q12: What should you do to make your password difficult to guess or crack?

A. Do not disclose it to anyone.

B. Use a combination of alphabet, number, and special character.

C. Use a combination of residential details like the street name and flat number, etc.

D. Increase the length of the password to the extent possible.

Answer: A and B

Q13: One day when you log on to your email, you find that there is an unsolicited e-mail having abusive and offensive content in your inbox. What should you do?

A. Forward such e-mails to your colleagues

B. Report an incident along with the evidence (Header information and copy of email) and then delete such emails from your mailbox.

C. Save such emails for future use.

D. Do nothing.

Answer: B

Q14: Rakesh has been deputed to a client located in the US. The client has provided a laptop to Rakesh. His family resides in India. Every evening he uses the client-provided laptop to chat with his family through a webcam using software he has installed directly from the internet. Which of the following is correct?

A. Rakesh can use the client-provided laptop to connect with his family as he is away from them. This is acceptable since neither has he any mal intention nor is he sharing any confidential data

B. Rakesh has the right to directly download software for such use since it is a client-provided laptop

C. The client-provided laptop must be used for business purposes only.

D. Since Rakesh does not have his own laptop, he can use the client-provided laptop for such a purpose

Answer: C

Q15: You were creating some design/flow diagrams on paper for a sensitive project of a client. when suddenly the PL calls you for an urgent meeting in a meeting room which is outside the Offshore Development Center (ODC). What is the appropriate way to handle the papers?

A. While entering the meeting room, you realise that you are carving the papers and you see your friend from another account passing by, so you send the papers with him to be handed over to someone in your ODC.

B. Put all the paper inside your desk drawers. Lock it and then go for a meeting.

C. Leave the papers on the desk since it is a restricted access ODC

D. None of the above

Answer: B

Q16: You are working on a project and require logging on to the environment managed by the client. The client has provided you with a single user ID and your entire team uses the same ID to login to the environment. Which of these statements is correct in this context?

A. It is not wrong to share credentials since the team has to complete the delivery according to the schedule

B. The team should present the scenario to the customer and request more IDs. In case the customer declines, connect with your ISM and inform the client before sharing credentials

C. Credentials should never be shared. You should consult our OU loM in such scenarios

D. It is not wrong to share credentials since this has been shared within the team

Answer: C

Q17: You have backed up your project information in the media. The project will continue for the next two years. How often should the restorability test be done?

A. Should be done only once in the lifetime of the media

B. Should be done immediately after the backup and it is a one-time activity only

C. Should be done regularly

D. Depends on client requirements according to the contract

Answer: C

Q18: Which of the following is not true about Information classified as Private and confidential?

A. Information is not specific to individuals.

B. Information can be in the custody of the company.

C. Information always belongs to the company.

D. Disclosure of such information is not desirable.

Answer: A and C

Q19: You are searching the Internet for some information. After clicking a link on one page, you become suspicious that it may have triggered a virus or something which is wrong. What should be your immediate reaction?

A. Isolate the machine from the network. (Disconnect from the network)

B. Log a ticket on Global Helpdesk and wait for someone to attend. Till then continue to work.

C. Ignore the suspicion and continue to work.

D. Call up the information security manager and wait for instruction

Answer: A and D

Q20: You are executing a project and you have come to know that project information has to be retained for a period more than the project duration due to regulatory requirements. What should you do?

A. Just keep the backup of information as a customer would be aware of the regulatory requirements.

B. Communicate to the customer that information has to be retained beyond the project duration with the reason.

C. No need to communicate to the customer as it is a regulatory requirement.

Answer: B

Q21: Which of the following is most appropriate with regard to an organisation's Business Continuity Planning (BCP) framework?

A. It is not necessary to have a BCP framework, and in the event of a crisis, instant measures can be taken as per the need of the hour.

B. An organisation should implement a BCP framework without doing a cost-benefit analysis.

C. The organisation should carry out a cost-benefit analysis with due diligence and then implement a BCP framework that meets the business objectives of all concerned.

D. None of the above

Answer: C

Q22: The company recommended method of disposing of non-electronic information in paper form classified as Restricted, Confidential, or Private & Confidential is the same. Is this statement True or False?

A. TRUE

B. FALSE

Answer: A

Q23: How should an employee handle classified information while travelling?

A. Leave it on the desk.

B. Carry it along in a backpack.

C. Store it in a secure bag or locked compartment.

D. Discard it in a nearby trash can.

Answer: C

Q24: A friend of yours shares their password with you. What should you do in this situation?

A. Use the password to access their account when needed.

B. Inform your friend about the risks of sharing passwords and advise them to change it immediately.

C. Share the password with other colleagues to ease access to your friend's account.

D. Ignore the situation and take no action.

Answer: B

Q25: The confidentiality of information is compromised when:

A. Information is shared with authorised personnel within the organisation.

B. Information is disclosed to unauthorised individuals or entities.

C. Information is stored in a secure location.

D. Information is classified as Restricted.

Answer: B