Security Questionnaire 2024
Quiz by Inpart
Feel free to use or edit a copy
includes Teacher and Student dashboards
Measure skillsfrom any curriculum
Tag the questions with any skills you have. Your dashboard will track each student's mastery of each skill.
- edit the questions
- save a copy for later
- start a class game
- automatically assign follow-up activities based on students’ scores
- assign as homework
- share a link with colleagues
- print as a bubble sheet
- Q 1/16Score 0
I want to share a sensitive information with a customer, what is the adequate level of data classification?
29Restricted
Internal
Public
Confidential
- Q1
I want to share a sensitive information with a customer, what is the adequate level of data classification?
Restricted
Internal
Public
Confidential
60s - Q2
How do you determine the confidentiality level of a document?
Following the personal preferences of the manager
Randomly
Based on the content and the recipient
All documents are public
60s - Q3
What does integrating the principle of "Privacy by Design" mean?
Integrating confidentiality from the beginning of the design process
Complying with the minimum legal confidentiality standards
Consulting confidentiality experts only after development
Adding privacy features only if requested by the client
60s - Q4
Why is important to consult your security team before implementing AI tools in your work environment.
For continuously assessing the security risks associated with AI
I don't need to ask security team, AI can generate the risk assessment as well
For focusing only on AI performance
For applying the same security standards as for other technologies
60s - Q5
What is the first action to take in the event of a data breach?
Notify the security team and your manager to identify the extent of the breach and the data impacted
Wait to see the impact of the breach before reporting
Change all passwords without investigating the breach
Immediately notify all clients regardless of the analysis
60s - Q6
In the event of a security breach, what is the first action to perform?
Report only to higher-ups without formal documentation
Send a general email to the entire company to warn of the problem
Immediately report to the IT team
Wait for a team meeting to discuss the problem
60s - Q7
What does the "Least Privilege" principle imply in access management?
Granting restricted access during employee integration then obtaining higher access based on seniority
Granting only the rights needed to perform the assigned tasks
Allowing high access based on responsibility
Providing administrator access to avoid frequent access restrictions
60s - Q8
What is the importance of task separation?
Simplifying processes by assigning multiple tasks to a single employee
Concentrating expertise to accelerate decision-making
Reducing the risks of fraud and operational errors
Increasing dependence among employees to improve collaboration
60s - Q9
'4 Eyes' Principle: When do you apply this principle?
Only for financial transactions
When two people must independently verify and approve a task or transaction
When resources are limited and require less frequent double verification
When tasks are too complex for one person
60s - Q10
In your opinion, how often should security documents be reviewed?
Only in case of data breaches or security incidents
According to a pre-established schedule based on a risk assessment and significant changes in the organization
Every five years regardless of operational changes
Once when the document is introduced without future revisions
60s - Q11
What is the importance of 'Security by Design' in software development?
Focusing security on the least critical aspects of the system
Ensuring that security is an afterthought
Applying security only in the final phases of development
Integrating security measures from the early phases of development
60s - Q12
How do you ensure that privacy/security is considered from the start of your development projects?
Continuous monitoring of data breaches
Periodic reviews of privacy procedures
Consultations with lawyers specialized in personal data
For each new project, an evaluation must be made by experts in conjunction with the security team
60s - Q13
It is mandatory to consult the security team in the selection for new tool or provider ?
Yes, a risk analysis is conducted in order to prevent new vulnerability or policy compliances issues
Yes, after the contract signature
I don't need if the budget is approved
No needs if it's open source
60s - Q14
When is encryption recommended ?
For all internal communications
Whenever information is transmitted or stored
Only for confidential information
Never, it is too costly
60s - Q15
What is the appropriate behavior to prevent tailgating, i.e. unauthorized persons trying to enter after an authorized employee?
It's just a delivery man, we can leave him alone the package must be important.
Don't let unknown people in without an access badge. Ask them who they have an appointment with and inform the office manager, without letting them in alone.
Be polite and hold the door open for visitors.
Make appointments with your suppliers or service providers at the office, without having to be physically present to meet them.
60s
