iSecurity Quiz Answers MCQ 2023 - Course Id - 7408 | TCS iEvolve MCQ | Part 2

Part 1

Part 3

Question 1: You are working on a project at a client site. The client has provided you with an e-mail id on their domain, and you are not allowed to access the company e-mail id through the client network. What will you do to access e-mails received on our company ID? Select the appropriate choice.

A. Use client network to access company e-mails as you know that access is not blocked.

B. Use the Auto Forward feature of Les e-mail and forward mails received on your company ID to your client e-mail ID.

C. Use the Auto Forward feature of the company e-mail and forward e-mails received on the company ID to your personal e-mail ID like Gmail or Yahoo.

D. Use webmail to access the company e-mails outside the client network or have Lotus Notes configured on the smartphone and use a network other than the client network.

Answer: D

Question 2: Where can you find the company process for Business Continuity Management?

A. In iQMS Wiki.

B. In KNOWMAX.

C. In Integrated Project Management System (IPMS).

D. In Enterprise Process Web (EPW).

Answer: A

Question 3: What data would you typically select for the backup?

A. Taking regular backup is just a recommendation; so no backup is really required.

B. Only a large amount of data.

C. All of your personal data.

D. Data that will impact the project execution, thus impacting the company or its customers.

Answer: D

Question 4: While working on an assignment where you are an administrator for the database, your password:

A. Can be shared with team members if a need arises.

B. Can be shared with clients if they ask for it.

C. Can be shared with a supervisor only.

D. Should never be disclosed to anyone or shared with anyone.

Answer: D

Question 5: Why do you need a Business Continuity Plan?

A. To be able to continue our critical operations in the event of any crisis/disaster.

B. Because others have it.

C. To minimize the impact of any crisis/disaster to the company and our customers.

Answer: A and B

Question 6: The access-related controls for Confidential classification are more stringent as compared to Internal classification. Is this statement True or False and why?

A. True, as Confidential information is distributed among a limited number of people.

B. False, as Internal information is stored within the company network.

C. True, as the business impact due to unauthorized disclosure of confidential information is more than internal information.

D. False, as the business impact due to unauthorized disclosure can be the same in both classifications.

Answer: C

Question 7: The information displayed on the company website is classified as company Internal. This statement is True or False.

A. True. Since all information is about company internal matters, it’s classified as company Internal.

B. False. The information on the company website is public and is explicitly approved by management for a public release.

Answer: B-False

Question 8: You need to mail the estimation sheet created as a response to one RFP to your Onsite BRM. What care will you take while sending the e-mail with regards to its label?

A. Document must be labeled as company Confidential.

B. E-mail must be labeled as Confidential.

C. Classification and labeling are required when the document is finalized, not when it’s under internal review.

D. Classification is not necessary since both the sender (you) and the recipient (BRM) are on the company domain.

Answer: A and B

Question 9: What should you do to make your password difficult to guess or crack?

A. Do not disclose it to anyone.

B. Use a combination of alphabets, numbers, and special characters.

C. Use a combination of residential details like street name and flat number, etc.

D. Increase the length of the password to the extent possible.

Answer: B and D

Question 10: While working on the office network, which of the following are not acceptable practices?

A. Transmission of any information which is unprofessional, offensive, objectionable, intimidating, or private to others.

B. Publishing information that belongs to a particular political party.

C. Sending or posting messages that could denigrate or harass others on the basis of gender, race, age, disability, religion.

D. Not using the internal platform for blogs.

Answer: A, B, and C

Question 11: You are taking a printout of a debugging code you have written. What precautions do you need to take?

A. Collect the printouts immediately.

B. If the paper jams, remove the paper and shred it.

C. Collect the printout next time you take a break.

D. Ensure that the printout is classified properly.

Answer: A, B, and D

Question 12: You have a business need to use an Internet-based chat messenger not approved by the company. What should you do?

A. Download it directly for use as it is a business need.

B. Connect with your ISM to discuss the risks involved and the feasible solution.

C. Since the client has asked you, you should expect IS to install it directly.

D. Get supervisor approval and install it.

Answer: B

Question 13: You observe that one of your company colleagues keeps sending unsolicited e-mails that are either offensive, obscene, or at times defamatory. What should you do?

A. Do nothing. Just ignore such e-mails by deleting them.

B. Do nothing. Keep such e-mails in a separate folder of your mailbox for future use.

C. Inform your ISM, raise an incident, give the mail as evidence, and delete it from your mailbox.

D. Forward the e-mail to your other colleagues so that they are alerted to such activity.

Answer: C

Question 14: How would you protect company/customer-provided laptops during air travel?

A. Do not check-in the laptop along with other luggage and carry it with you as hand baggage.

B. Do not keep the laptop out of sight during any stage of travel.

C. For safety, you should check in the laptop with other luggage.

D. After security check, collect your laptop promptly. Recheck once if you have collected your own laptop and someone else’s.

Answer: A, B, and D

Question 15: Tom has joined a project. He has been assigned a desktop. This desktop was used by Jerry, who is now released from the project. Upon logging on, Tom found personal non-business files stored in the computer by Jerry. If you were Tom, what action would you take?

A. You must inform the IS team to remove Jerry’s personal files from the desktop.

B. You must inform Jerry to take copies of his personal files and delete them from the desktop.

C. You can send Jerry’s personal files through e-mail to Jerry.

D. You should raise an information security incident in the security incident reporting tool.

Answer: D

Question 16: You are going to do a project audit and realize that you do not have access to the Offshore Development Center (ODC). What should you do?

A. Wait for some time and enter along with the next person entering the ODC.

B. Knock the door and swipe once the door is opened so that your entry is registered.

C. Request the Auditee to escort you into the ODC. Make sure that you sign the visitor register when entering and exiting the ODC.

D. It is not recommended for auditors to visit the customer ODC since the audit is internal to the company.

Answer: C

Question 17: You are working on a shift, and your colleague in the next shift is delayed due to traffic conditions. Your colleague calls you and asks you to download an urgent file. How should you avoid such sharing of e-mail IDs?

A. There is no need to avoid it as it is okay to use colleagues' e-mail ID if the situation demands it.

B. Ask a supervisor or another associate from the next shift to use the ID of the colleague who is delayed.

C. Use the delegate/backup facility.

D. Use a group mail ID or the mainline DB with required associates in the teams as members.

Answer: C and D

Question 18: Information classified as Restricted should be given the highest level of protection among all classifications during storage or transmission. Is this statement True or False?

A. TRUE

B. FALSE

Answer: A

Question 19: Your client wants to know the background Check (BGC) outcome of one of the associates. He wants to get the complete report of BGC for verification. What will you do?

A. You will get the softcopy of the report from HR SPOC. Once you verify, you will send it to the client.

B. You will ask the HR SPOC to share the BGC report of the associate with the client.

C. You will ignore such requests.

D. You will raise a CR for this.

Answer: B

Question 20: Who is responsible for classifying information?

A. GL/PL of the project

B. Information Security Coordinator for the project

C. System Administrator

D. Owner of the information

Answer: D

Part 1

Part 3