Cyber Security and Privacy Week 4 Nptel Answers
Are you looking for Cyber Security and Privacy Week 4 NPTEL Answers? You’ve come to the right place! Access the latest and most accurate solutions for your Week 4 assignment in the Cyber Security and Privacy course.
Course Link: Click Here
Table of Contents
Cyber Security and Privacy Week 4 Nptel Answers (July-Dec 2025)
Question 1. _______________ is the actions taken by management to specify the intermediate goals and objectives of the organization in order to obtain specified strategic goals, followed by estimates and schedules for the allocation of resources necessary to achieve those goals and objectives.
a) Tactical Planning
b) Strategic Planning
c) Operational Planning
d) Business Continuity Planning
Question 2. True or False: Strategic plans are used to create operational plans, which in turn are used to develop tactical plans.
a) True
b) False
Question 3. The actions taken by senior management to develop and implement a combined Disaster Recovery (DR) and Business Continuity (BC) policy, plan, and set of recovery teams is known as
a) Business Resumption Planning (BRP)
b) Business Continuity Planning (BCP)
c) Disaster Recovery Planning (DCP)
d) Incident Response Planning (IRP)
Question 4. _________ is an adverse event that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization.
a) Disaster
b) Phishing
c) Incident
d) Impact
Question 5. Contingency Plan includes
a) Incident Response Planning (IRP), Organizational Planning (OP), and Business Continuity Planning (BCP)
b) Organizational Planning (OP), Disaster Recovery Planning (DRP), and Business Continuity Planning (BCP)
c) Incident Response Planning (IRP), Disaster Recovery Planning (DRP), and Tactical Planning (TP)
d) Incident Response Planning (IRP), Disaster Recovery Planning (DRP), and Business Continuity Planning (BCP)
Question 6. _________ is an investigation and assessment of adverse events that can affect the organization, conducted as a preliminary phase of the contingency planning process.
a) Business Contingency Plan
b) Direct Changeover Conversion Strategy
c) Crisis Management Planning
d) Business Impact Analysis
Question 7. _______ is the total amount of time the system owner is willing to accept for a mission/business process outage or disruption, including all impact considerations.
a) Recovery Time Objective
b) Work Recovery Time
c) Maximum Tolerable Downtime
d) Total Recovery Time
Question 8. The presence or execution of unknown programs or processes is a
a) Possible incident indicator
b) Probable incident indicator
c) Definite incident indicator
d) All the above
Question 9. An organization can choose from several cost-based strategies when planning for business continuity. _______ is a facility that provides only basic services, with no computer hardware or peripherals.
a) Hot Sites
b) Warm Sites
c) Cold Sites
d) Yellow Sites
Question 10. Which of the following statements accurately distinguish between a threat and an attack in cybersecurity? (Select all that apply. More than one answer may be possible)
a) A threat is a potential danger, while an attack is an active action taken to exploit that danger
b) An attack can exist without a preceding threat
c) A threat actor often carries out an attack
d) An attack’s success always depends on the existence of a vulnerability that the threat agent can exploit
Cyber Security and Privacy Week 4 Nptel Answers (July-Dec 2024)
Session: JUL-DEC 2024
Q1.A facility that provides only rudimentary services, with no computer hardware or peripherals is known as:
Cold site
Hot site
Warm site
Service bureau
Answer:Cold site
Q2.The amount of effort necessary to make the business function operational after the technology element is recovered is known as:
Recovery Time Objective
Work Recovery Time
Maximum Tolerable Downtime
Recovery Point Objective
Answer: Work Recovery Time
For answers or latest updates join our telegram channel: Click here to join
Q3.Contingency Planning includes:
Incident response plan
Disaster recovery plan
Business continuity plan
All the above
Answer:All the above
Q4.An investigation and assessment of the various adverse events that can affect the organization, conducted as a preliminary phase of the contingency planning process, which includes a determination of how critical a system or set of information is to the organization’s core processes and recovery priorities is known as:
Risk assessment
Business impact analysis
Crisis management
Incident damage assessment
Answer:Business impact analysis
These are Cyber Security and Privacy Week 4 Nptel Answers
For answers or latest updates join our telegram channel: Click here to join
Q5.The process that prepares an organization to reestablish or relocate critical business operations during a disaster that affects operations at the primary site is known as:
Business continuity planning
Disaster recovery planning
Strategic Planning
Operational planning
Answer: Disaster recovery planning
Q6. Which level of Organizational Planning typically addresses day-to-day activities and tasks?
Strategic Planning
Tactical Planning
Operational Planning
Top Management Planning
Answer: Operational Planning
For answers or latest updates join our telegram channel: Click here to join
Q7.The job function of the Chief Information Security Officer includes:
Creating a strategic information security plan with a vision for the future of information security.
Understanding fundamental business activities performed by the company and suggesting appropriate information security solutions that uniquely protect these activities.
Improving the status of information security by developing action plans, schedules, budgets, status reports and top management communications
All the above
Answer:All the above
Q8. What is the unit of analysis in the contingency planning approach?
Business Assets
Risk Assets
Business Processes
Risk Factors
Answer: Business Processes
For answers or latest updates join our telegram channel: Click here to join
Q9. Which of the following is not a possible incident indicator?
Presence of unfamiliar files
Unusual consumption of computing resources
Unusual system crashes
Activities at unexpected times
Answer: Activities at unexpected times
Q10. What is the purpose of conducting an After Action Review (AAR) in incident response?
To review and improve the effectiveness of the DRP
To review and improve the effectiveness of the BCP
To review and improve the effectiveness of the IRP
To notify law enforcement agencies
Answer:To review and improve the effectiveness of the IRP
For answers or latest updates join our telegram channel: Click here to join
These are Cyber Security and Privacy Week 4 Nptel Answers
All Weeks of Cyber Security and Privacy: Click here
For answers to additional Nptel courses, please refer to this link: NPTEL Assignment
Cyber Security and Privacy Week 4 Nptel Answers (JULY-DEC 2023)
Course Name: Cyber Security and Privacy
Course Link: Click Here
These are Cyber Security and Privacy Week 4 Nptel Answers
Q1. Which term is used to describe detailed statements of what must be done to comply with policy?
Policies
Standards
Ethics
Governance
Answer: Standards
Q2. Management must use ——————-as the basis for all information security planning, design, and deployment.
Standards
Procedures
Policies
Best business practices
Answer: Policies
These are Cyber Security and Privacy Week 4 Nptel Answers
Q3. Which type of planning ensures that critical business functions continue if a catastrophic incident or disaster occurs?
Business continuity planning (BCP)
Contingency planning (CP)
Business resumption planning (BRP)
Disaster recovery planning (DRP)
Answer: Business continuity planning (BCP)
Q4. ————– policy can be separated into two general groups (a) managerial guidance and (b) technical specifications. Select the correct options
Systems-Specific Security
Issue-Specific Security
Enterprise Information Security
None of these
Answer: Systems-Specific Security
These are Cyber Security and Privacy Week 4 Nptel Answers
Q5. The actions taken during and after a disaster falls under —————-
Impact assessment
Risk management
Crisis management
Both (a) & (b)
Answer: Crisis management
Q6. Special Publication 800-14 of the National Institute of Standards and Technology (NIST) defines three types of security policy and chooses the
Violations of Policy, Business continuity planning, Response planning
A disaster recovery, Incident response planning, and Business continuity planning
Issue-specific security, Systems-specific security, Enterprise information security
Enterprise information security, Violations of Policy, Response planning
Answer: Issue-specific security, Systems-specific security, Enterprise information security
These are Cyber Security and Privacy Week 4 Nptel Answers
Q7. What are the elements of a business impact analysis?
1. Threat attack identification
2. Business unit analysis
3. Attack success scenario development
4. Potential damage assessment
5. Subordinate plan classification
6. Risk management
7. Disaster management
The elements of a business impact analysis are:
1,2,3,4,5 correct
1,2,3,5,6 correct
2,3,5,6,7 correct
All are correct
Answer: 1,2,3,4,5 correct
These are Cyber Security and Privacy Week 4 Nptel Answers
Q8. Access control lists (ACLs) that govern the rights and privileges of users consist of the
1. User access lists,
2. Matrices,
3. Capability, and
4. Dedicated hardware
Choose the correct answer
1,2,3,4 are true
1,2,3 are true
Only 4 is true
All are true
Answer: 1,2,3 are true
Q9. The instructions a system administrator codes into a server, networking device, or a device to specify how it operates is called
Administration rule
Configuration rules
Networking rules
Security rule
Answer: Configuration rules
Q10. Information security safeguards focus on administrative planning, organizing, leading, and controlling and that are designed by strategic planners and implemented by the organization’s security administration. These safeguards include governance and risk management together known as
Managerial controls
Operational controls
Technical controls
None of these
Answer: Managerial controls
Q11. A lattice-based access control with rows of attributes associated with a particular subject such as a user is called
Access control matrix
Capabilities table
Configuration table
All of above
Answer: Capabilities table
These are Cyber Security and Privacy Week 4 Nptel Answers