NPTEL Cyber Security and Privacy Week 5 Assignment Answers 2024
1. The primary function of a cybersecurity policy within an organization is to:
- Define a rigid set of penalties for security violations.
- Eliminate the need for ongoing security awareness training programs.
- Dictate specific technical security controls for implementation.
- Establish a comprehensive reference point for organizational cybersecurity practices.
Answer :- For Answers Click Here
2. Which type of policy is related to an organization’s strategic purpose, mission, and vision?
- Issue-specific information security policies (ISSP)
- Systems-specific information security policies (SysSP)
- Enterprise information security policy (EISP)
- Technical implementation policy
Answer :- For Answers Click Here
3. True or False: Standards are broad, abstract documents that provide detailed procedures for employees to comply with policies.
- True
- False
Answer :- For Answers Click Here
4. Which of the following reflects the hierarchical top-down order of information security policies?
- Enterprise > Issue-Specific > Systems-Specific
- Systems-Specific > Issue-Specific > Enterprise
- Issue-Specific > Enterprise > Systems-Specific
- All three policy types are independent and unconnect
Answer :-
5. Which of the following components is typically included in the Enterprise Information Security Policy (EISP)?
- Incident response procedures
- Statement of purpose
- Software development guidelines
- Employee performance evaluations
Answer :- For Answers Click Here
6. True or False: Systems-specific security policies (SysSPs) can be separated into two general groups, managerial guidance SysSPs and technical specifications SysSPs
- True
- False
Answer :-
7. _____________ consists of details about user access and use permissions and privileges for an organizational asset or resource.
- Access Control Lists
- Configuration rules
- Authorized access and usage of equipment
- Authorization rules
Answer :- For Answers Click Here
8. True or False: Consequence-driven Cyber-informed Engineering (CCE) is a cyber defense concept that focuses on the lowest consequence events from an engineering perspective so that resource-constrained organizations receive the greatest return on their security investments.
- True
- False
Answer :-
9. _________ are nonmandatory recommendations the employee may use as a reference in complying with a policy.
- Practices
- Procedures
- Standards
- Guidelines
Answer :-
10. Creating “air gaps” to isolate critical systems is a cyber hygiene practice that focuses on:
- Installing the latest security patches.
- Strengthening user authentication.
- Segmenting networks for improved security
- Keeping complex passwords up-to-date.
Answer :- For Answers Click Here
