Cyber Security and Privacy Week 5 Nptel Answers

Last updated: August 23, 2025

Are you looking for Cyber Security and Privacy Week 5 NPTEL Answers? You’ve come to the right place! Access the latest and most accurate solutions for your Week 5 assignment in the Cyber Security and Privacy course.

Correct Cyber Security and Privacy Week 5 Nptel Answers 2024 image — **Cyber Security and Privacy Nptel Week 5 Assignment Answers**

Cyber Security and Privacy Week 5 Nptel Answers (July-Dec 2025)

Question 1. Which of the following statement is not true?
a) Policies direct how issues should be addressed and technologies should be used.
b) Information security policy is best disseminated in a comprehensive security education, training, and awareness (SETA) program.
c) Policies are more detailed than standards and describe the steps that must be taken to conform to standards.
d) Management must use policies as the basis for all information security planning, design, and deployment.

View Answers

Question 2. _______ is an organizational policy that provides detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies.
a) Systems-specific security policy
b) Issue-specific security policy
c) Enterprise information security policy
d) General or security program policy

View Answers

Question 3. Which of the following is not a component of Enterprise information security policy?
a) Statement of Purpose
b) Information Security Responsibilities and Roles
c) Reference to other Information Standards and Guidelines
d) Statement of Policy

View Answers

Question 4. ________ contains the specifications of authorization that govern the rights and privileges of users to a particular information asset.
a) Access Control List (ACL)
b) Capabilities Table
c) Configuration Rules
d) Authentication Protocol

View Answers

Question 5. Access Control Matrix combines the information in
a) Access Control List (ACL)s and Capability Tables.
b) Access Control List (ACL)s and Authentication Protocol.
c) Authentication Protocol and Capability Tables.
d) Configuration Rules and Capability Tables.

View Answers

Question 6. Which of the following best differentiates cyber hygiene from cybersecurity?
a) Cyber hygiene is hardware-focused, while cybersecurity is software-focused.
b) Cyber hygiene is reactive in nature, while cybersecurity is always proactive.
c) Cyber hygiene involves routine practices for maintaining digital health, whereas cybersecurity includes broader strategies, technologies, and incident response.
d) Cyber hygiene focuses only on personal devices, while cybersecurity is limited to organizations.

View Answers

Question 7. True or False: Configuration rules govern how a security system reacts to the data it receives.
a) True
b) False

View Answers

Question 8. Which of the following is not true about Systems-Specific Security Policies (SysSPs)?
a) SysSPs can be separated into two general groups, managerial guidance SysSPs and technical specifications SysSPs.
b) SysSPs function as standards or procedures to be used when configuring or maintaining systems.
c) SysSPs can be combined into a single policy document that contains elements of both managerial guidance SysSPs and technical specifications SysSPs.
d) SysSPs can be developed at the same time as Issue-specific policies (ISSPs), or they can be prepared after their related ISSPs.

View Answers

Question 9. Which of the following are the basic rules that should be followed when shaping a policy?
a) Never conflict with law
b) Properly supported and administered
c) Involve end users of information systems
d) All the above

View Answers

Question 10. The statement “Use strong passwords, frequently changed.” is an example of
a) Practice
b) Standard
c) Guideline
d) Policy

View Answers

Cyber Security and Privacy Week 5 Nptel Answers (July-Dec 2024)

Course Link: Click Here

1. The primary function of a cybersecurity policy within an organization is to:

a) Define a rigid set of penalties for security violations.
b) Eliminate the need for ongoing security awareness training programs.
c) Dictate specific technical security controls for implementation.
d) Establish a comprehensive reference point for organizational cybersecurity practices.

Answer: d) Establish a comprehensive reference point for organizational cybersecurity practices.

2. Which type of policy is related to an organization’s strategic purpose, mission, and vision?

a) Issue-specific information security policies (ISSP)
b) Systems-specific information security policies (SysSP)
c) Enterprise information security policy (EISP)
d) Technical implementation policy

Answer: c) Enterprise information security policy (EISP)

3. True or False: Standards are broad, abstract documents that provide detailed procedures for employees to comply with policies.

a) True
b) False

Answer: b) False

4. Which of the following reflects the hierarchical top-down order of information security policies?

a) Enterprise > Issue-Specific > Systems-Specific
b) Systems-Specific > Issue-Specific > Enterprise
c) Issue-Specific > Enterprise > Systems-Specific
d) All three policy types are independent and unconnected

Answer: a) Enterprise > Issue-Specific > Systems-Specific

5. Which of the following components is typically included in the Enterprise Information Security Policy (EISP)?

a) Incident response procedures
b) Statement of purpose
c) Software development guidelines
d) Employee performance evaluations

Answer: b) Statement of purpose

6. True or False: Systems-specific security policies (SysSPs) can be separated into two general groups, managerial guidance SysSPs and technical specifications SysSPs

a) True
b) False

Answer: b) False

7. _ consists of details about user access and use permissions and privileges for an organizational asset or resource.

a) Access Control Lists
b) Configuration rules
c) Authorized access and usage of equipment
d) Authorization rules

Answer: d) Authorization rules

8. True or False: Consequence-driven Cyber-informed Engineering (CCE) is a cyber defense concept that focuses on the lowest consequence events from an engineering perspective so that resource-constrained organizations receive the greatest return on their security investments.

a) True
b) False

Answer: b) False

9. __ are nonmandatory recommendations the employee may use as a reference in complying with a policy.

a) Practices
b) Procedures
c) Standards
d) Guidelines

Answer: d) Guidelines

10. Creating “air gaps” to isolate critical systems is a cyber hygiene practice that focuses on:

a) Installing the latest security patches.
b) Strengthening user authentication.
c) Segmenting networks for improved security
d) Keeping complex passwords up-to-date.

Answer: c) Segmenting networks for improved security

These are Cyber Security and Privacy Week 5 Nptel Answers

All Weeks of Cyber Security and Privacy: Click here

For answers to additional Nptel courses, please refer to this link: NPTEL Assignment

Cyber Security and Privacy Week 5 Nptel Answers (Jan-Apr 2023)

Course Name: Cyber Security and Privacy

Course Link: Click Here

Q1. What type of policy addresses specific areas of technology, requires frequent updates, and contains a statement on the organization’s position on a specific issue?
Enterprise information security policy (EISP)
Systems-specific security policy (SysSP)
Automated policy (AP)
Issue-specific security policy (ISSP)

Answer: Issue-specific security policy (ISSP)

Q2. What are the defence strategies’ three common methods?
1. Application of policy
2. Education and training
3. Business impact analysis
4. Risk management
5. Application of technology
Choose the correct answer.
1,2,3
1,2,4
2,4,5
1,2,5

Answer: 1,2,5