Information Security & Cybersecurity Awareness Program and Quiz – Calsoft

Security

Information Security & Cyber Security Awareness Program and Quiz - Calsoft

Information Security & Cyber Security Awareness Program and Quiz - Calsoft

Please watch all the Security presentations and videos entirely, then complete the quiz using what you learned in the videos!

Please fill your Full correct Name and mail address which will be used for records and generating Cyber Security Awareness Program - Quiz and sending confirmation email as well, so re-check and then submit Full Name and correct mail ID.

Thank you and all the best!

NameEmailEmployee ID

1 / 12

Scenario: You are leaving the company. As a goodbye, you decide to keep some of the code you wrote on a personal hard drive because "you wrote it" and it might be useful for your portfolio.

Is this allowed?

Yes, you own the code you wrote.

No, the code is Intellectual Property (IP) owned by the company. Taking it is theft.

Yes, as long as you don't share it.

Yes, if you delete it after 6 months.

2 / 12

Scenario: You are chatting with a friend on WhatsApp about work. You share a screenshot of your dashboard to show how busy you are. The screenshot contains a customer's name and partial phone number.

Is this a breach of PII?

No, it's just a screenshot for a friend.

Yes, sharing PII (Personally Identifiable Information) on personal messaging apps is a breach of privacy regulations.

Only if the friend shares it further.

No, because the phone number was partial.

3 / 12

An employee shares Personally Identifiable Information (PII) of customers with an external vendor without proper authorization. What is the best response?

Ignore it since the vendor is trusted

Report the incident to the Data Protection Officer/IT security

Save the data for future use

Forward the data to another external partner

4 / 12

You receive a notification that your password was found in a data breach. What’s the best immediate action?

Wait until IT contacts you

Change the password immediately and enable MFA

Ignore it since breaches are common

Use the same password across accounts for convenience

5 / 12

Scenario: You receive a WhatsApp message from a number claiming to be the CEO of your company. The profile picture matches the CEO. The message states: "I am in a critical meeting and need to send an urgent payment to a client immediately. I cannot use my corporate account right now. Can you transfer $5,000 from the company petty cash to this UPI ID? I will reimburse it later."

What is the correct course of action?

Transfer the money immediately to help the CEO.

Reply asking for the OTP to verify the transaction.

Do not transfer money. Report the number as spam and verify with the CEO through a known official channel (like office phone or email).

Forward the message to the HR department and ask them to handle the payment.

6 / 12

Scenario: You found a GitHub repository that looks useful for your project. You clone it and add your company's API keys to the configuration file to test it locally. You accidentally run `git push` and make the repository public.

What is the consequence?

The code will just be available for others to learn from.

Your company's API keys are now compromised, allowing attackers to access your systems.

GitHub will automatically delete the keys.

Nothing happens, as long as you delete the repo immediately.

7 / 12

Scenario: You are trying to email a confidential file containing client PII (Personally Identifiable Information) to an external partner. You receive a pop-up notification from your security software (DLP) stating: "Confidential data detected. Action Blocked."

What should you do?

Try taking a screenshot of the data and pasting it into the email body.

Rename the file extension from `.xlsx` to `.jpg` to trick the filter.

Contact IT Security to understand the proper secure channel (e.g., secure file transfer link) for sending this data.

Put the data in a ZIP file with a simple password like "123456".

8 / 12

Scenario: An email claims to be from Microsoft 365. It says: "We have detected unusual sign-in activity. Click here to approve the login if it was you." You didn't try to log in.

What happens if you click?

You will be logged into your account safely.

You might inadvertently grant permission to a malicious app via OAuth (Consent Phishing).

Microsoft will block the attacker.

Your password will be automatically reset.

9 / 12

You get a text message with a link to track a courier package. The link looks unusual and asks for personal details. What should you do?

Enter your details to track the package

Ignore the message and delete it

Forward the link to friends for awareness

Call the number in the message directly

10 / 12

You receive an urgent email asking you to reset your account password immediately by clicking a link. The email emphasizes urgency and account suspension. What should you do?

Click the link and reset the password quickly

Verify the request through the official website or IT team

Reply to the email asking for confirmation

Ignore the email completely

11 / 12

Your company’s GitHub repository containing source code is accidentally set to public. What should be the immediate step?

Ignore it since GitHub is secure

Notify IT/security and restrict access immediately

Share the repository link with trusted partners

Delete the repository without informing anyone

12 / 12

A coworker accidentally shares sensitive data in a public Slack channel. What’s the best response?

Save the data for future use

Delete the message and notify IT/security

Ignore it since it was accidental

Forward the data to your manager

Your score is

0%

Leave a Reply Cancel reply