Lucidity Information Security Quiz
Where appropriate, sensitive information both in digital and physical format and assets should be stored in:
A) Locked fireproof cabinets
B) Filing cabinets that are locked with keys stored away from the cabinet
C) In the desk’s drawer
D) All of the above
Sensitive or critical information should be:
A) Clearly classified as such
B) Locked away when not in use
C) Taken off site each night
D) Subjected to inventory and stored in a central repository
When a computer is unattended but still connected to the network, they should be:
A) Available for someone else to use
B) Switched off
C) Locked with windows password
D) Locked up with a device such as a cable lock
Sensitive or classified information, when printed, should be:
A) Bound and labelled
B) Immediately taken from the printer
C) Shredded
D) Put in the recipient’s delivery box
Which security measure would be the best deterrent to the theft of corporate information from a laptop which was left in a hotel room?
A) Install a cable lock on the laptop when it is unattended
B) Encrypt the data on the hard drive
C) Store all data on disks and lock them in an in-room safe
D) Remove the batteries and power supply from the laptop and store them separately from the computer
All messages sent from the Company’s email account remain the property of:
A) The sender
B) The recipient
C) The company
D) All of the above
You should use auto-forwarding while on holiday as it is good practice that, important or urgent messages are not being missed as well as ensuring that there is continuity of your roles and responsibilities within the business while you are away
A) True
B) False
Responsibilities for information security management need to be defined at this level:
A) Board of Directors
B) User level
C) Middle Management
D) Suppliers or partners level
E) All of the above
F) None of the above
G) a and c only
How is the purpose of information security policy best described?
A) An information security policy documents the analysis of risks and the search for countermeasures
B) An information security policy provides direction and support to the management regarding information security
C) An information security policy makes the security plan concrete by providing it with the necessary details
D) An information security policy provides insight into threats and the possible consequences
What is the goal of classification of information?
A) To create a manual about how to handle user guidelines
B) Applying labels making the information easier to recognise
C) Structuring information according to its sensitivity
Who is authorised to change the classification of a document?
A) The author of the document
B) The administrator of the document
C) The owner of the document
D) The manager of the owner of the document
The applicable security responsibility in BYOD is: (select all that apply)
A) Downloading only authorised applications
B) Understanding all regulatory requirements appropriate to a particular industry
C) Be aware of cyberattack from malware to social engineering
D) Not copying sensitive information to your local device
The user security responsibility in Mobile Device Policy is:
A) Not hold classified information on the device unless this has been authorised and appropriate controls such as encryption put in place
B) The mobile device may be used by your friends and family after hours when you are not using it for work
C) Not keep password and other security items with the device
D) Ensure that the device screen locks after a short period of inactivity and requires a password to unlock it
E) You may make your own backup of work data on a public cloud such as google drive and dropbox as they are trusted cloud storage providers
F) Ensure that the device is not left unattended in public view which is prone to theft
G) You may disable antivirus temporary on your work device as it causes degraded performance at times
H) All of the above except b, e and g
I) All of the above
J) All of the above except b and e
Classes of information within Lucidity are:
A) Level 0 – Private
B) Level 0 - Public
C) Level 1 - Internal
D) Level 2 - Confidential
E) Level 2 - Sensitive
F) a, b and d
G) b, c and d
Which of the following classes of information does not need to be classified and an owner assigned to it?
A) Level 0 - Private
B) Level 0 - Public
C) Level 1 - Internal
D) Level 2 - Confidential
E) Level 2 – Sensitive
Cryptography supports all of the core principles of information security except
A) Availability
B) Confidentiality
C) Integrity
D) Authenticity
Cryptography is not required for which of the following circumstances?
A) Customers’ data under Lucidity responsibility when being taken outside of the Lucidity office
B) On mobile devices such as laptops, tablets, smartphones and USB memory sticks that contain confidential data
C) Data owned by customers which carry an appropriate information classification
D) None of the above
How are privacy and data protection relates to each other?
A) Data protection is a subset of privacy
B) Privacy is a subset of data protection
C) They are the same thing
D) You cannot have privacy without data protection
There is a network printer in the hallway of the company where you work. Many employees don’t pick up their printouts immediately and leave them on the printer.
A) The integrity of the information is no longer guaranteed
B) The availability of the information is no longer guaranteed
C) The confidentiality of the information is no longer guaranteed
When designing access controls for a new systems and services, the following general principles should be used:
A) Defence in Depth – security should not depend upon any single control but be the sum of a number of complementary controls
B) Least Privilege – the default approach taken should be to assume that access is not required, rather than to assume that it is
C) Need to know – access is only granted to the information required to perform a role, and no more
D) Need to Use – Users will only be able to access physical and logical facilities required for their role
E) None of the above
F) All of the above
{"name":"Lucidity Information Security Quiz", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"This is a quiz for all Lucidity staff to assess our knowledge of Information Security.","img":"https://www.poll-maker.com/3012/images/ogquiz.png?sz=1200-00000000001000005300"}