An audit in cybersecurity is a systematic evaluation of an organization's IT infrastructure, policies, and procedures to:
✅ Identify vulnerabilities and misconfigurations
📋 Ensure compliance with standards like ISO 27001, GDPR, HIPAA, or PCI DSS
🔐 Strengthen data protection and operational resilience
1. You are going to do a project audit and realize that you do not have access to the Offshore Development Centre (ODC). What should you do?
✅ Request the Auditee to escort you into the ODC and sign the visitor register.
❌ Wait for some time and enter along with the next person entering the ODC.
❌ Knock the door and swipe once the door is opened so your entry is registered.
❌ It is not recommended for auditors to visit the customer ODC since the audit is internal to ABC.
2. If you are working on a sensitive application that uses a default password, what should you do?
✅ Change the default password after the first login.
❌ Maintain confidentiality and keep using the default password for the benefit of the project.
❌ Use the default password for individual or colleagues' benefit.
❌ Share the default password with colleagues as it is standard.
3. Which of these classification types can be used only by members of the Corporate Communication team?
✅ Restricted
❌ Confidential
❌ Internal use
❌ Public
4. You receive an unsolicited email containing abusive and offensive content in your inbox. What should you do?
✅ Report an incident along with the evidence (header information and a copy of the email), then delete the email.
❌ Forward such emails to your colleagues.
❌ Save such emails for future use.
❌ Do nothing.
5. Your colleague is delayed due to traffic, and an urgent client email is sent to their ID. How should you avoid sharing email IDs?
✅ Use the delegate/backup facility.
✅ Use a group mail ID or mail-in database with required team members.
❌ No need to avoid; using a colleague’s email is okay if necessary.
❌ Ask a supervisor or another associate to use the delayed colleague's ID.
6. While working as a database administrator, how should you handle your password?
✅ Should never be disclosed to anyone or shared with anyone.
❌ Can be shared with a team member if a need arises.
❌ Can be shared with a client if they ask for it.
❌ Can be shared with a supervisor only.
7. Can you bring your personal laptop to the office?
✅ No, personal laptops cannot be carried into ABC premises.
❌ Yes, if you have insured it.
❌ Yes, provided it does not have a modem.
❌ None of the above.
8. Your colleague forgot their ID/access card and is stuck outside the office gate. What should you do?
✅ Ask them to get in touch with the admin and follow the process for 'Forgot ID card'.
❌ Let the security guard know that you are acquainted with them and request entry.
❌ Ask them to tailgate when the security guard is busy.
❌ Send your access card through another colleague.
9. You are on leave when you receive an urgent request from your supervisor to share your login credentials. What should you do?
✅ You should not share your credentials.
✅ You should raise a security incident.
❌ You should share your credentials as work is affected.
❌ You should share your credentials because if something goes wrong, you are not responsible while on leave.
10. When sharing information with a third party, should you inform them that further distribution is not permitted unless authorized by ABC?
✅ True
❌ False
11. Who is responsible for having an Account/Relationship level Business Continuity Plan (BCP) in place?
✅ Relationship/Account Crisis Management Leader (CML)
❌ Admin Manager
❌ Security Deployment Leader (SDL)
❌ Chief Security Officer (CSO)
12. If you have to provide access to your information to a third-party vendor, what should you ensure?
✅ Check if the third party has a genuine need to know the information.
✅ Access privileges to be provided should be just enough to carry out the required work.
✅ The third party should have signed an NDA with the company.
❌ The third party is the client and should be given access by default.
13. Which choices should be covered while preparing an information backup schedule?
✅ Details of the system/device/application name and information to be backed up.
✅ Type of backup and backup location.
✅ Frequency of backup and the time schedule of the backup process.
✅ Retention period and restoration requirements.
14. The printer jammed while you were taking prints of a project plan. What should you do?
✅ True – Inform the Infrastructure Services (IS) and return to work, asking the team to get the prints once the problem is resolved.
❌ False
15. You want to start a blog to discuss delivery issues in your project or relationship. What should you do?
✅ Use office internal social media (such as Knome) and post the query in the right community.
❌ Use LinkedIn since it is mainly used by professionals as a networking platform.
❌ Ensure that you accept LinkedIn invites only from office members in your relationship.
16. Your client manager requests a photograph of your facility to help his team understand more about offshoring. What action should you take?
✅ Update the client about the photography process that needs to be complied with.
✅ Obtain approval from the ISM for photography.
✅ Use an authorized (avoid personal) camera to take the photograph and get it verified by ISM before sending it to the client.
❌ Go ahead, take a photograph, and send it directly to the client.
17. To whom should you express concerns and suggestions related to information security at your location?
✅ Information Security Manager
❌ Security Guard
❌ Admin Head
❌ HR Manager
18. Information such as BGC reports, salary increment letters, and similar sensitive documents should be labeled as:
✅ Confidential
❌ Secret
❌ No classification required
❌ Internal
19. You need to use an internet-based chat messenger that is not approved by the office. What should you do?
✅ Connect with your ISM to discuss risks involved and a feasible solution.
❌ Download it directly for use since it is a business need.
❌ Expect IS to install it directly because the client requested it.
❌ Get supervisor approval and install it.
20. Are access-related controls for confidential classification more stringent than internal classification?
✅ TRUE – Confidential information is distributed among a limited number of people.
✅ TRUE – The business impact of unauthorized disclosure of confidential information is greater than for internal information.
❌ TRUE – Internal information is stored within the office network.
❌ FALSE – Business impact due to unauthorized disclosure can be the same in both classifications.