1.
Which one of the following is an example of phishing?
Correct Answer
C. An email directing the recipient to enter personal details on a fake website made to look legitimate.
Explanation
An email directing the recipient to enter personal details on a fake website made to look legitimate is an example of phishing. Phishing is a type of cyber attack where the attacker pretends to be a trustworthy entity in order to deceive individuals into providing sensitive information such as passwords, credit card numbers, or social security numbers. In this case, the email is attempting to trick the recipient into thinking they are entering their personal details on a legitimate website, when in reality, it is a fake website created by the attacker.
2.
Which of the following is an acceptable password?
Correct Answer
A. H@ppyHol1dayz
Explanation
The password "H@ppyHol1dayz" is acceptable because it includes a combination of uppercase and lowercase letters, numbers, and special characters. This makes it more secure and harder to guess.
3.
Where can the Credly Written Information Security Policy be found?
Correct Answer
C. Intranet.credly.com
Explanation
The Credly Written Information Security Policy can be found on intranet.credly.com. This is the internal website of Credly where employees can access company-specific information and policies.
4.
Which of the following are possible warning signs of a potential insider threat situation? Select all that apply.
Correct Answer(s)
A. A coworker is attempting to copy company proprietary data without being authorized to do so.
B. A coworker is downloading a large amount of company information.
C. Overhearing a coworker constantly expressing their dissatisfaction with working at Credly, and their desire to take adverse actions due to that dissatisfaction.
D. Overhearing a coworker discuss working for a competitor of Credly.
Explanation
The possible warning signs of a potential insider threat situation include a coworker attempting to copy company proprietary data without authorization, a coworker downloading a large amount of company information, overhearing a coworker expressing dissatisfaction with working at Credly and their desire to take adverse actions, and overhearing a coworker discussing working for a competitor of Credly. These actions suggest that the coworker may have malicious intentions or may be planning to misuse company resources or confidential information, making them potential insider threats.
5.
You print a series of documents containing sensitive information for a client meeting. After the meeting is finished, what is the proper way to dispose of these documents?
Correct Answer
C. Shred the documents.
Explanation
The proper way to dispose of documents containing sensitive information is to shred them. This ensures that the information cannot be accessed or retrieved by anyone else. Placing the documents in the recycling bin, putting them in your personal trash can, or putting them in the trash can at the office leaves the possibility of someone finding and using the information. Shredding provides a higher level of security and protection for the sensitive information.
6.
Which is not an acceptable method for locking a workstation?
Correct Answer
B. Type LOCK on your keyboard, then press enter
Explanation
Typing "LOCK" on the keyboard and then pressing enter is not an acceptable method for locking a workstation. This is because there is no standard keyboard shortcut or command to lock a workstation by typing "LOCK" and pressing enter. The other options listed are valid methods for locking a workstation on different operating systems such as Windows and Mac.
7.
What should you do AS SOON AS you discover that a Security Incident occurred (or you have reason to believe one might have)?
Correct Answer
B. Notify a member of the Security Council.
Explanation
As soon as you discover a security incident or have reason to believe one might have occurred, the appropriate action is to notify a member of the Security Council. This is important because the Security Council is responsible for handling security incidents and has the expertise to assess the situation, investigate the incident, and take necessary actions to mitigate the impact and prevent further damage. Fixing the problem on your own may not be sufficient or effective, and contacting the hackers or entities that performed the attack is not recommended as it can compromise the investigation and potentially escalate the situation. Informing local and national media outlets is not the immediate priority and should be done only after the incident is properly addressed.
8.
How frequently must you change your password?
Correct Answer
B. Every 90 days.
Explanation
Passwords should be changed every 90 days to ensure security. This time frame strikes a balance between ensuring that passwords are regularly updated to prevent unauthorized access and minimizing the inconvenience of frequently changing passwords. Changing passwords regularly helps protect against password guessing, brute force attacks, and unauthorized access to accounts. Additionally, it reduces the risk of compromised passwords being used for an extended period of time.
9.
What is NOT considered sensitive information under the Credly Written Information Security Policy?
Correct Answer
C. Your social media posts.
Explanation
According to the Credly Written Information Security Policy, social media posts are not considered sensitive information. This implies that the information shared on social media platforms is not considered confidential or private. The policy likely classifies social media posts as public information that can be accessed and viewed by anyone, rather than sensitive data that needs to be protected.
10.
Which of the following should you report to a member of the Security Council?
Correct Answer
D. All of the above.
Explanation
All of the mentioned incidents should be reported to a member of the Security Council because they all pose potential security risks. The theft of a company-issued laptop can result in unauthorized access to sensitive information. Intentionally clicking a link in a phishing email can lead to malware installation or unauthorized access to personal or company data. Accidentally sending sensitive client information to the wrong person can result in a data breach and compromise client confidentiality. Reporting these incidents allows for appropriate actions to be taken to mitigate the risks and prevent further security breaches.
11.
Which of the following security practices requires all Credly employees to take a screenshot when completed?
Correct Answer
D. Installing antivirus software.
Explanation
Installing antivirus software is a security practice that requires all Credly employees to take a screenshot when completed. This is because taking a screenshot provides evidence that the antivirus software has been successfully installed on the computer. This practice ensures that all employees have the necessary protection against malware and other security threats.
12.
When may you download and store Credly sensitive information on your local computer?
Correct Answer
D. Never.
Explanation
It is not recommended to download and store Credly sensitive information on a local computer, regardless of whether it is encrypted, password protected, or stored in a hidden folder. This is because storing sensitive information on a local computer increases the risk of unauthorized access, data breaches, and potential loss or theft of the information. It is safer to access and handle sensitive information directly through secure online platforms or systems provided by Credly.
13.
How does a Credly employee determine if information is confidential? Choose the best answer.
Correct Answer
C. The information is marked confidential OR a reasonable person would consider it to be confidential.
Explanation
A Credly employee determines if information is confidential based on whether it is marked as confidential or if a reasonable person would consider it to be confidential.
14.
Which three positions make up the Company’s Security Council?
Correct Answer
C. Chief Privacy Officer, Chief Security Officer, Software Development Manager
Explanation
The correct answer is Chief Privacy Officer, Chief Security Officer, Software Development Manager. These three positions make up the Company's Security Council. The Chief Privacy Officer is responsible for ensuring the company's compliance with privacy laws and regulations. The Chief Security Officer is in charge of implementing and maintaining the company's security measures. The Software Development Manager is involved in ensuring the security of the company's software systems. Together, these three positions work together to address privacy and security concerns within the company.
15.
Which one of the following statements about a password is TRUE?
Correct Answer
D. It must be changed on a quarterly basis.
Explanation
The correct answer is that a password must be changed on a quarterly basis. This is a common security practice to ensure that passwords are regularly updated and to minimize the risk of unauthorized access. By changing passwords regularly, it reduces the likelihood of a compromised password being used maliciously.
16.
Which of the following statements is TRUE?
Correct Answer
C. The Credly Written Information Security Policy covers non-confidential information belonging to Credly’s clients.
Explanation
The correct answer is that the Credly Written Information Security Policy covers non-confidential information belonging to Credly's clients. This means that the policy applies to information that is not marked as confidential, but still belongs to Credly's clients.
17.
Sending email via Credly’s Gmail system means that the email is encrypted in transit.
Correct Answer
A. True
Explanation
When sending an email via Credly's Gmail system, the email is encrypted in transit. This means that the email message is converted into a secret code during transmission, making it difficult for unauthorized individuals to intercept and read the content of the email. Encryption ensures the privacy and security of the email, protecting sensitive information from being accessed by malicious actors during the transfer process. Therefore, the statement is true.
18.
Which one of the following statements about wireless networks is TRUE?
Correct Answer
D. They can be accessible to other users.
Explanation
Wireless networks can be accessed by other users because the signals are transmitted through the air and can be intercepted by anyone within range. This is why it is important to secure wireless networks with passwords and encryption to prevent unauthorized access.
19.
It is ok to use a product that processes the personally identifiable data of Credly employees or users if:
Correct Answer
C. It has been posted at Credly.com/Subprocessors for at least 30 days.
Explanation
The correct answer is "It has been posted at Credly.com/Subprocessors for at least 30 days." This suggests that Credly has a specific process for vetting and approving products that process personally identifiable data. By ensuring that the product has been posted on their official website for at least 30 days, it allows for transparency and gives stakeholders an opportunity to review and assess the product's compliance with data protection regulations. This helps to ensure that the use of such a product is in line with Credly's data privacy and security policies.
20.
Which of the following laws govern Credly’s treatment of personally identifiable data?
Correct Answer
D. All of the Above
Explanation
All of the listed laws govern Credly's treatment of personally identifiable data. The European Union General Data Protection Regulation (GDPR) is a regulation that protects the personal data and privacy of European Union citizens. The California Consumer Privacy Act of 2018 (CCPA) is a state law that gives California residents rights over their personal information and requires businesses to be transparent about their data collection practices. The Children's Online Privacy Protection Act (COPPA) is a federal law that imposes certain requirements on websites and online services that collect personal information from children under the age of 13. Therefore, all three laws apply to Credly's treatment of personally identifiable data.