Scribd
Upload
376 views12 pages

Infosec Awareness Document

Uploaded by

vimalnirwan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
376 views12 pages

Infosec Awareness Document

Uploaded by

vimalnirwan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

EMPLOYEE AWARENESS

INFORMATION
SECURITY QUIZ
Let's put your infosec awareness to the test!

01 / 12
QUESTION #1
You receive an email from a trusted
colleague with an attachment named
"Urgent_Report.zip". The email seems
legitimate, but you weren't expecting any
file from them. What should you do?

OPEN THE ATTACHMENT WITHOUT ANY CONCERN


SINCE IT'S FROM A TRUSTED SOURCE.
REPLY TO THE EMAIL AND ASK FOR CLARIFICATION
BEFORE OPENING THE ATTACHMENT.
DELETE THE EMAIL WITHOUT OPENING THE
ATTACHMENT, AS IT COULD BE A PHISHING ATTEMPT.
FORWARD THE EMAIL TO THE IT SECURITY TEAM
FOR ANALYSIS.

02 / 12
QUESTION #2
While browsing the internet at work, a pop-
up appears claiming that your computer is
infected with a virus and prompting you to
call a toll-free number for tech support. How
should you respond?

CALL THE NUMBER AND FOLLOW THEIR


INSTRUCTIONS TO REMOVE THE VIRUS.
CLOSE THE POP-UP AND CONTINUE WORKING, AS
IT'S LIKELY A SCAM.
RESTART YOUR COMPUTER AND RUN AN ANTIVIRUS
SCAN.
REPORT THE INCIDENT TO THE IT DEPARTMENT
IMMEDIATELY

03 / 12

Learn CISM with Santosh


QUESTION #3
While working remotely, you need to access
a company database from your personal
computer. How should you proceed?

USE YOUR REGULAR LOGIN CREDENTIALS TO ACCESS


THE DATABASE FROM YOUR PERSONAL COMPUTER.
REQUEST A SECURE VIRTUAL PRIVATE NETWORK (VPN)
CONNECTION FROM THE IT DEPARTMENT.
WAIT UNTIL YOU'RE BACK IN THE OFFICE TO ACCESS THE
DATABASE.
ASK A COLLEAGUE TO SHARE THEIR LOGIN
CREDENTIALS WITH YOU.

04 / 12

Learn CISM with Santosh


QUESTION #4
You notice that a colleague's computer is left
unlocked and unattended. What is the best
course of action?

LOG OUT OF THEIR COMPUTER TO PREVENT


UNAUTHORIZED ACCESS.
SEND THEM A REMINDER TO LOCK THEIR
COMPUTER WHEN AWAY FROM THEIR DESK.
REPORT THE INCIDENT TO THE IT DEPARTMENT FOR
POTENTIAL POLICY VIOLATION.
BOTH A AND C.

05 / 12

Learn CISM with Santosh


QUESTION #5
You receive a phone call from someone
claiming to be from a software company,
offering you a free upgrade to your work
computer. How should you respond?

PROVIDE THEM WITH YOUR COMPUTER'S LOGIN


CREDENTIALS TO INITIATE THE UPGRADE.
POLITELY DECLINE THE OFFER AND HANG UP THE
PHONE.
ASK FOR THEIR COMPANY'S NAME AND VERIFY THEIR
IDENTITY BEFORE PROCEEDING.
TRANSFER THE CALL TO THE IT DEPARTMENT FOR
ASSISTANCE.

06 / 12

Learn CISM with Santosh


QUESTION #6
You need to share confidential client
information with a colleague who is working
on the same project. What is the most
secure method?

EMAIL THE INFORMATION TO YOUR COLLEAGUE'S


WORK EMAIL ADDRESS.
UPLOAD THE INFORMATION TO A SHARED CLOUD
STORAGE SERVICE.
USE A SECURE FILE TRANSFER SYSTEM APPROVED BY
THE COMPANY.
PRINT THE INFORMATION AND HAND-DELIVER IT TO
YOUR COLLEAGUE.

07 / 12

Learn CISM with Santosh


QUESTION #7
You receive an email from your manager
asking you to urgently transfer funds to a
new vendor. The email includes instructions
and account details. How should you
proceed?

FOLLOW THE INSTRUCTIONS AND TRANSFER THE


FUNDS AS REQUESTED.
REPLY TO THE EMAIL AND VERIFY THE REQUEST
THROUGH ANOTHER CHANNEL (E.G., PHONE CALL).
FORWARD THE EMAIL TO THE FINANCE DEPARTMENT
FOR VERIFICATION.
BOTH B AND C.

08 / 12

Learn CISM with Santosh


QUESTION #8
You notice that a colleague has been using
the same password for multiple accounts
and systems. What should you do?

REMIND THEM ABOUT THE IMPORTANCE OF USING


UNIQUE AND STRONG PASSWORDS.
REPORT THE INCIDENT TO THE IT DEPARTMENT
FOR POTENTIAL POLICY VIOLATION.
RESET THEIR PASSWORDS AND PROVIDE THEM WITH
NEW, SECURE PASSWORDS.
BOTH A AND B.

09 / 12

Learn CISM with Santosh


QUESTION #9
You receive a phone call from someone
claiming to be from the IT department,
asking for your login credentials to resolve a
system issue. What is the appropriate
action?

PROVIDE THE REQUESTED INFORMATION SINCE THEY


CLAIM TO BE FROM THE IT DEPARTMENT.
POLITELY DECLINE AND INFORM THEM THAT YOU WILL
NOT SHARE YOUR CREDENTIALS OVER THE PHONE.
ASK FOR THEIR EMPLOYEE ID AND VERIFY THEIR
IDENTITY BEFORE SHARING ANY INFORMATION.
HANG UP THE PHONE AND REPORT THE INCIDENT TO
THE IT SECURITY TEAM.

10 / 12

Learn CISM with Santosh


QUESTION #10
You accidentally left your company-issued
laptop unattended in a public area for a
short period. When you returned, it was still
there. What should you do?

ASSUME EVERYTHING IS FINE SINCE THE LAPTOP


WAS NOT STOLEN.
CHANGE YOUR LOGIN CREDENTIALS AS A
PRECAUTIONARY MEASURE.
REPORT THE INCIDENT TO THE IT DEPARTMENT AND
FOLLOW THEIR INSTRUCTIONS.
BOTH B AND C.

11 / 12

Learn CISM with Santosh


FOLLOW US ON
LINKEDIN FOR FREE
INFOSEC
PRESENTATIONS

Security & Privacy Made Easy

You might also like