Cyber Security and Privacy Week 3 Nptel Answers
Are you looking for Cyber Security and Privacy Week 3 NPTEL Answers? You’ve come to the right place! Access the latest and most accurate solutions for your Week 3 assignment in the Cyber Security and Privacy course.
Table of Contents
Cyber Security and Privacy Week 3 Nptel Answers (July-Dec 2025)
Question 1. A company’s risk register lists “third-party data breach” as a critical risk. Which GRC function is primarily responsible for ensuring ongoing monitoring and mitigation of this risk?
a) Governance
b) Reducible Breach
c) Compliance
d) Risk Management
Question 2. Which of the following statements is correct regarding the implementation of a GRC framework?
a) Implementing a GRC framework guarantees that an organization has immunity from all cyber threats.
b) A GRC framework helps organizations identify, assess, and mitigate cyber risks, but does not make them fully immune to threats.
c) GRC frameworks are only relevant for financial compliance and do not address cybersecurity.
d) GRC frameworks eliminate the need for cybersecurity controls.
Question 3. True or False: de facto standard refers to instructions that dictate certain standard behavior within an organization.
a) True
b) False
Question 4. Which of the following refers to a detailed statement of what must be done to comply with policy?
a) de jure practices
b) guidelines
c) standard
d) procedures
Question 5. If an organization’s policy states “All confidential data must be protected,” which of the following would be the most appropriate standard to support this policy?
a) Employees should consider using strong passwords
b) Confidential data must be encrypted using AES-256
c) Steps for reporting a data breach
d) Encouraging staff to attend security training
Question 6. True or False: Compliance activities in a GRC framework are limited to following internal company policies and do not involve external laws or regulations.
a) True
b) False
Question 7. MSQ: Which of the following are examples of preventive controls in IT security? (Select all that apply. More than one answer may be possible.)
a) Firewall configuration blocking unauthorized ports
b) Security awareness training for employees
c) Daily review of audit logs
d) Multi-factor authentication (MFA) for system access
e) Data backup and recovery solutions
Question 8. Which framework, developed by the IT community, prioritizes IT control objectives and is specified by ISACA (Information Systems Audit and Control Association)?
a) COBIT
b) COSO
c) ISO/IEC 27001
d) NIST Cybersecurity Framework
Question 9. Which of the following statements about the NIST Cybersecurity Framework are NOT correct? (Select all that apply. More than one answer may be possible.)
a) It guarantees complete protection against all cyber threats.
b) Only large organizations can benefit from it.
c) The framework is rigid and cannot be customized to fit an organization’s needs.
d) Implementing it is a one-time activity and does not require ongoing updates.
e) It deals only with technology and does not consider employee training or policies.
Question 10. Which of the following statements is correct regarding ISO 27001 certification?
a) ISO 27001 certification is only relevant for government agencies.
b) ISO 27001 certification can be issued to both organizations and individuals.
c) ISO 27001 certification can only be issued to organizations.
d) ISO 27001 certification is only available to individuals, not organizations.
Cyber Security and Privacy Week 3 Nptel Answers (July-Dec 2024)
Course Link: Click Here
Session: JUL-DEC 2024
Q1.The process of defining and specifying the long-term direction to be taken by an organization, and the allocation and acquisition of resources needed to pursue this effort is known as:
Governance
Security Management
Strategic Planning
Objectives
Answer: Updating soon(in progress)
Q2.Which of the following statements best describes the relationship between GRC (Governance, Risk, and Compliance) and cybersecurity ?
GRC focuses solely on cybersecurity management and overlooks other risk management initiatives.
Cybersecurity is the primary focus of GRC, with minimal consideration for other risks.
GRC integrates cybersecurity as one component within the broader framework of enterprise risk management (ERM).
GRC is a standalone framework independent of cybersecurity and risk management.
Answer: Updating soon(in progress)
For answers or latest updates join our telegram channel: Click here to join
These are Cyber Security and Privacy Week 3 Nptel Answers
Q3.A written document provided by management that inform employees and others in the workplace about proper behavior regarding the use of information and information assets are known as:
Guidelines
Information Security Policy
De facto standard
Practices
Answer: Updating soon(in progress)
Q4.Which approach to cybersecurity management treats cybersecurity as a separate category distinct from other risks an organization may face, and focuses solely on cybersecurity, depending on the size and nature of the organization?
Standard Driven Approach
Organization Planning Approach
GRC Framework
Risk Management Framework
Answer: Updating soon(in progress)
For answers or latest updates join our telegram channel: Click here to join
These are Cyber Security and Privacy Week 3 Nptel Answers
Q5.Benefits of implementing a GRC in an organization include:
Responsible operations
Data-driven decision-making
Improved cybersecurity
All the above
Answer: Updating soon(in progress)
Q6. What is the purpose of the COBIT maturity model?
To assess an organization’s maturity in IT governance processes
To rank organizations based on their financial performance
To determine the efficiency of network infrastructure
To evaluate employee satisfaction levels in the IT department
Answer: Updating soon(in progress)
For answers or latest updates join our telegram channel: Click here to join
These are Cyber Security and Privacy Week 3 Nptel Answers
Q7.COSO’s ERM framework emphasizes:
Operational efficiency
Risk identification and assessment
Regulatory compliance
Human resource management
Answer: Updating soon(in progress)
Q8. Which characteristic distinguishes the approaches of COBIT, COSO, and COSO-ERM from specific standards like ISO or NIST?
They prioritize cybersecurity over other risk management aspects.
They focus exclusively on small to medium-sized enterprises (SMEs).
They operate at the enterprise level rather than focusing on specific standards.
They are primarily developed by governmental regulatory bodies.
Answer: Updating soon(in progress)
For answers or latest updates join our telegram channel: Click here to join
These are Cyber Security and Privacy Week 3 Nptel Answers
Q9. Why might some countries be hesitant to adopt the ISO 27001 model?
It is a mandatory standard with strict compliance requirements.
It is not recognized as a valid security framework by international organizations.
There are concerns about the model’s overall effectiveness compared to existing approaches.
It prioritizes specific security vendors or technologies.
Answer:
Q10. Which of the following is not considered a principle or practice for securing IT systems?
Implement layered security to ensure there is no single point of vulnerability.
Do not implement unnecessary security mechanisms.
Maximize the system elements to be trusted.
Assume that external systems are insecure.
Answer:
For answers or latest updates join our telegram channel: Click here to join
These are Cyber Security and Privacy Week 3 Nptel Answers
All Weeks of Cyber Security and Privacy: Click here
For answers to additional Nptel courses, please refer to this link: NPTEL Assignment Answers
Cyber Security and Privacy Week 3 Nptel Answers (JULY-DEC 2023)
Course Name: Cyber Security and Privacy
Course Link: Click Here
These are Cyber Security and Privacy Nptel Week 3 Assignment 3 Answers
Q1. Which of the following terms best describe the specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls?
Blueprint
NIST handbook
An information security framework
Security plan
Answer: An information security framework
Q2. True or False: SP 800-18, Guide for Developing Security Plans, is considered the foundation for a comprehensive security blueprint and framework.
True
False
Answer: True
These are Cyber Security and Privacy Nptel Week 3 Assignment Answers
Q3. One of the foundations of security architectures is the requirement to implement security in layers. This layered approach is referred to as:
managerial controls
security domain
redundancy
defense in depth
Answer: defense in depth
Q4. Control Objectives for Information and Related Technologies is a framework created by —— for information technology (IT) management and ————-
HIPPA, & Information officer
ISO, & Security officer
ISACA, & IT governance
CISO, & Chief officer
Answer: ISACA, & IT governance
These are Cyber Security and Privacy Nptel Week 3 Assignment Answers
Q5. Three approaches to cyber security management are
1. Governance-Risk-Compliance (GRC) approach
2. —————————————————
3. Organizational planning approach
Information-driven approach
Security-driven approach
Standards-driven approach
Procedure-driven approach
Answer: Standards-driven approach
Q6. ISO/IEC 27032:2012 involves guidelines for —————–
Network security
Cyber security
Risk Management
Governance of information security
Answer: Cyber security
These are Cyber Security and Privacy Nptel Week 3 Assignment Answers
Q7. The five goals of information security governance are
1. —————–of information security with business strategy to support organizational objectives
2. —————- by executing appropriate measures to manage and mitigate threats to information resources
3. —————–by utilizing information security knowledge and infrastructure efficiently and effectively
4. —————–by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved
5. —————–by optimizing information security investments in support of organizational objectives.
A. Strategic alignment
B. Risk management
C. Resource management
D. Performance measurement
E. Value delivery
Match the following
1-B,2-C,3-D,4-C,5-A,
1-C,2-B,3-A,4-B,5-E
1-E,2-C,3-A,4-B,5-D
1-A,2-B,3-C,4-D,5-E,
Answer: 1-A,2-B,3-C,4-D,5-E,
These are Cyber Security and Privacy Nptel Week 3 Assignment Answers
Q8. Match ISO Series with the corresponding topic
(A) 27000 (1)Series Overview and Terminology
(B) 27003 (2)Information Security Management Systems Implementation Guidelines
(C) 27004 (3) Information Security Measurements and Metrics
(D) 27005 (4) ISMS Risk Management
(E) 27006 (5) Requirements for Bodies Providing Audit and Certification of ISMS
A-1, B-2,C-3, D-4, E-5
A-4, B-2, C-3, D-1, E-5
A-2,B-1,C-3,D-5,E-4
A-3,B-2,C-1,D-5,E-4
Answer: A-1, B-2,C-3, D-4, E-5
Q9. (1)—————— is authorized by policy from senior management and is usually carried out by senior IT and information security executives, such as the(2)———and-(3)——-
1- ISG 2- CIO, 3- CISO
1-CO,2, 2-CIO,3- CISO
1-CISO, 2-CIO, 3-CO
1-CISO, 2-ISG, 3-CO
Answer: 1- ISG 2- CIO, 3- CISO
These are Cyber Security and Privacy Nptel Week 3 Assignment Answers
More Weeks of Cyber Security and Privacy: Click here
More Nptel Courses: Click here
Cyber Security and Privacy Nptel Week 3 Assignment Answers