Cyber Security and Privacy Week 5 Nptel Answers 2024
Are you looking for Cyber Security and Privacy Week 5 NPTEL Answers? You’ve come to the right place! Access the latest and most accurate solutions for your Week 5 assignment in the Cyber Security and Privacy course.
Cyber Security and Privacy Nptel Week 5 Assignment Answers
Cyber Security and Privacy Week 5 Nptel Answers (July-Dec 2024)
1. The primary function of a cybersecurity policy within an organization is to:
a) Define a rigid set of penalties for security violations. b) Eliminate the need for ongoing security awareness training programs. c) Dictate specific technical security controls for implementation. d) Establish a comprehensive reference point for organizational cybersecurity practices.
Answer:d) Establish a comprehensive reference point for organizational cybersecurity practices.
2. Which type of policy is related to an organization’s strategic purpose, mission, and vision?
a) Issue-specific information security policies (ISSP) b) Systems-specific information security policies (SysSP) c) Enterprise information security policy (EISP) d) Technical implementation policy
Answer:c) Enterprise information security policy (EISP)
3. True or False: Standards are broad, abstract documents that provide detailed procedures for employees to comply with policies.
a) True b) False
Answer:b) False
4. Which of the following reflects the hierarchical top-down order of information security policies?
a) Enterprise > Issue-Specific > Systems-Specific b) Systems-Specific > Issue-Specific > Enterprise c) Issue-Specific > Enterprise > Systems-Specific d) All three policy types are independent and unconnected
5. Which of the following components is typically included in the Enterprise Information Security Policy (EISP)?
a) Incident response procedures b) Statement of purpose c) Software development guidelines d) Employee performance evaluations
Answer:b) Statement of purpose
6. True or False: Systems-specific security policies (SysSPs) can be separated into two general groups, managerial guidance SysSPs and technical specifications SysSPs
a) True b) False
Answer:b) False
7. _ consists of details about user access and use permissions and privileges for an organizational asset or resource.
a) Access Control Lists b) Configuration rules c) Authorized access and usage of equipment d) Authorization rules
Answer:d) Authorization rules
8. True or False: Consequence-driven Cyber-informed Engineering (CCE) is a cyber defense concept that focuses on the lowest consequence events from an engineering perspective so that resource-constrained organizations receive the greatest return on their security investments.
a) True b) False
Answer:b) False
9. __ are nonmandatory recommendations the employee may use as a reference in complying with a policy.
a) Practices b) Procedures c) Standards d) Guidelines
Answer:d) Guidelines
10. Creating “air gaps” to isolate critical systems is a cyber hygiene practice that focuses on:
a) Installing the latest security patches. b) Strengthening user authentication. c) Segmenting networks for improved security d) Keeping complex passwords up-to-date.
Answer:c) Segmenting networks for improved security
These are Cyber Security and Privacy Week 5 Nptel Answers
All Weeks of Cyber Security and Privacy: Click here
For answers to additional Nptel courses, please refer to this link: NPTEL Assignment
Cyber Security and Privacy Week 5 Nptel Answers (Jan-Apr 2023)
Q1. What type of policy addresses specific areas of technology, requires frequent updates, and contains a statement on the organization’s position on a specific issue? Enterprise information security policy (EISP) Systems-specific security policy (SysSP) Automated policy (AP) Issue-specific security policy (ISSP)
Answer: Issue-specific security policy (ISSP)
Q2. What are the defence strategies’ three common methods? 1. Application of policy 2. Education and training 3. Business impact analysis 4. Risk management 5. Application of technology Choose the correct answer. 1,2,3 1,2,4 2,4,5 1,2,5
Answer: 1,2,5
These are Cyber Security and Privacy Nptel Week 5 Assignment Answers
Q3. Policy administrator is responsible for ———– 1. creation, 2. revision, 3. implementation 4. distribution, and 5. storage of policy in an organization. Choose the correct option 1,2 3 3,4 5
Answer: 3,4
Q4. Which type of policy is frequently codified as standards and procedures to be used when configuring or maintaining systems? Enterprise information security policy (EISP) Systems-specific security policy (SysSP) Automated policy (AP) Issue-specific security policy (ISSP)
Answer: Systems-specific security policy (SysSP)
These are Cyber Security and Privacy Nptel Week 5 Assignment Answers
Q5. Which of the following is used to direct how issues should be addressed and technologies must be used in an organization? policies standards ethics governance
Answer: policies
Q6. The boundary in the network within which an organization attempts to maintain security controls for securing information from threats from untrusted network areas is called —- Security peripheral Security perimeter Security measure Security principle
Answer: Security perimeter
These are Cyber Security and Privacy Nptel Week 5 Assignment Answers
Q7. Consider the following statements 1. Statement of Purpose -What the policy is for 2. Information Technology Security Elements – Defines information security 3. Need for Information Technology Security – Justifies the irrelevance of information security in the organization 4. Information Technology Security Responsibilities and Roles – Defines organizational overall business planning and security investment plan. Identify the components of the EISP 3, 4 2, 3, 4 1, 2 all are true
Answer: 1, 2
These are Cyber Security and Privacy Nptel Week 5 Assignment Answers
Q8. Access Control Lists specify 1. who can ——–the system 2. what ———users can access 3. when authorised users can ——–the system 4. where authorised users can access the system from Chose the correct words or expressions to fill in the blanks, in sequence: use, authorised, access authorised, access, create authorised, access, use administer, access, accountable
Answer: use, authorised, access
Q9. The goals of (A)—————————— are: 1.—————— of information security with business strategy to support organizational objectives 2 —————— by executing appropriate measures to manage and mitigate threats to information resources 3. —————— by using information security knowledge and infrastructure efficiently and effectively Choose the correct answer: A-Financial security gov, 1- Tactical alignment, 2- Performance mgmt., 3- Resource mgmt., A-Information security governance,1-Strategic alignment, 2- Risk mgmt., 3- Resource mgmt., A-Data security gov, 1-Operational management, 2- Resource mgmt., 3- Risk mgmt., A-Bord of governance,1-Operational alignment, 2- Risk mgmt., 3- Resource mgmt.
