Who are allowed to access highly confidential files?

A. Employees with a business need-to-know

B. Contractors with a business need-to-know

C. Employees with signed NDA have a business need-to-know

D. Non-employees designated with approved access and have signed NDA

What type of compliancy standard, regulation or legislation provides a code of practice for information security?

A. ISO/IEC 27002

B. Personal data protection act

C. Computer criminality act

D. IT Service Management

Four types of Data Classification (Choose two)

A. Restricted Data, Confidential Data

B. Project Data, Highly Confidential Data

C. Financial Data, Highly Confidential Data

D. Unrestricted Data, Highly Confidential Data

A couple of years ago you started your company which has now grown from 1 to 20 employees. Your company's information is worth more and more and gone are the days when you could keep control yourself. You are aware that you have to take measures, but what should they be. You hire a consultant who advises you to start with a qualitative risk analysis.

What is a qualitative risk analysis?

A. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.

B. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.

Someone from a large tech company calls you on behalf of your company to check the health of your PC, and therefore needs your user-id and password. What type of threat is this?

A. Social engineering threat

B. Organisational threat

C. Technical threat

D. Malware threat

Integrity of data means

A. Accuracy and completeness of the data

B. Data should be viewable at all times

C. Data should be accessed by only the right people

A fire breaks out in a branch office of a health insurance company. The personnel are transferred to neighboring branches to continue their work.

Where in the incident cycle is moving to a stand-by arrangements found?

A. between threat and incident

B. between recovery and threat

C. between damage and recovery

D. between incident and damage

What is a reason for the classification of information?

A. To provide clear identification tags

B. To structure the information according to its sensitivity

C. Creating a manual describing the BYOD policy

You receive an E-mail from some unknown person claiming to be representative of your bank and asking for your account number and password so that they can fix your account. Such an attempt of social engineering is called

A. Shoulder Surfing

B. Mountaineering

C. Phishing

D. Spoofing

All are prohibited in acceptable use of information assets, except:

A. Electronic chain letters

B. E-mail copies to non-essential readers

C. Company-wide e-mails with supervisor/TL permission.

D. Messages with very large attachments or to a large number ofrecipients.