Information Security & Cybersecurity Awareness Program and Quiz – Calsoft

Security

Information Security & Cyber Security Awareness Program and Quiz - Calsoft

Information Security & Cyber Security Awareness Program and Quiz - Calsoft

Please watch all the Security presentations and videos entirely, then complete the quiz using what you learned in the videos!

Please fill your Full correct Name and mail address which will be used for records and generating Cyber Security Awareness Program - Quiz and sending confirmation email as well, so re-check and then submit Full Name and correct mail ID.

Thank you and all the best!

NameEmailEmployee ID

1 / 12

Scenario: You receive a call from "IT Support." They say: "We are auditing network speed. Please go to this website and download the remote support tool so we can run a check."

What is the red flag?

IT never calls to ask users to download tools.

IT can perform checks remotely without user intervention if the domain is joined.

You should verify the caller's identity by calling the official IT helpdesk number.

All of the above.

2 / 12

Scenario: You are leaving the company. As a goodbye, you decide to keep some of the code you wrote on a personal hard drive because "you wrote it" and it might be useful for your portfolio.

Is this allowed?

Yes, you own the code you wrote.

No, the code is Intellectual Property (IP) owned by the company. Taking it is theft.

Yes, as long as you don't share it.

Yes, if you delete it after 6 months.

3 / 12

You notice unusual login attempts from multiple countries on your cloud account. What is the most immediate step?

Contact the attackers directly

Ignore it since cloud services are secure

Change your password and enable MFA

Log out and wait to see if it continues

4 / 12

Scenario: You receive a WhatsApp message from a number claiming to be the CEO of your company. The profile picture matches the CEO. The message states: "I am in a critical meeting and need to send an urgent payment to a client immediately. I cannot use my corporate account right now. Can you transfer $5,000 from the company petty cash to this UPI ID? I will reimburse it later."

What is the correct course of action?

Transfer the money immediately to help the CEO.

Reply asking for the OTP to verify the transaction.

Do not transfer money. Report the number as spam and verify with the CEO through a known official channel (like office phone or email).

Forward the message to the HR department and ask them to handle the payment.

5 / 12

Scenario: You are chatting with a friend on WhatsApp about work. You share a screenshot of your dashboard to show how busy you are. The screenshot contains a customer's name and partial phone number.

Is this a breach of PII?

No, it's just a screenshot for a friend.

Yes, sharing PII (Personally Identifiable Information) on personal messaging apps is a breach of privacy regulations.

Only if the friend shares it further.

No, because the phone number was partial.

6 / 12

You receive an urgent email asking you to reset your account password immediately by clicking a link. The email emphasizes urgency and account suspension. What should you do?

Click the link and reset the password quickly

Verify the request through the official website or IT team

Reply to the email asking for confirmation

Ignore the email completely

7 / 12

Scenario: You found a GitHub repository that looks useful for your project. You clone it and add your company's API keys to the configuration file to test it locally. You accidentally run `git push` and make the repository public.

What is the consequence?

The code will just be available for others to learn from.

Your company's API keys are now compromised, allowing attackers to access your systems.

GitHub will automatically delete the keys.

Nothing happens, as long as you delete the repo immediately.

8 / 12

An employee shares Personally Identifiable Information (PII) of customers with an external vendor without proper authorization. What is the best response?

Ignore it since the vendor is trusted

Report the incident to the Data Protection Officer/IT security

Save the data for future use

Forward the data to another external partner

9 / 12

Scenario: You receive an email appearing to be from the Income Tax Department. It states you are eligible for a ₹50,000 tax refund and asks you to click a link to "Submit Bank Details for Refund Credit." The email address ends in `@incometax-refund-gov.com`.

Is this legitimate?

Yes, government departments use .gov domains.

No, legitimate government emails use specific official domains (usually ending in `.gov.in` or `.nic.in`) and never ask for bank details via email links.

Yes, because it has the department logo.

No, but you should click the link just to check if it looks real.