Titansoft Training System

1.

Which area does ISO 27017 primarily focus on for information security management?

Cloud service security

Only wireless network security inside office spaces

Only food safety management

Only internal IT infrastructure of traditional companies

解析: 無

2.13 分

2.

Which of the following security responsibilities should you (cloud service customer) expect from your cloud service provider?

Ensuring the physical and logical security of the cloud environment

Managing your employees' behavior and office air quality

Letting you handle all of your own security concerns

Overseeing all your financial records and payroll systems

解析: 無

2.13 分

3.

What should you (cloud service customer) expect from your cloud service provider when it comes to the protection of your data?

Protecting your data’s security and privacy according to the data processing agreement

Processing your data without your consent and doing as they please

Following only internal rules without considering legal or compliance obligations

Sharing your data freely with third parties as long as the provider agrees

解析: 無

2.13 分

4.

What is the difference between cloud service providers and customers (Infrastructure as a Service (IaaS))?

The provider ensures the physical and virtual infrastructure security, while the customer ensures the security of applications and data.

The customer is responsible for all aspects of security, and the provider offers no protection.

The provider handles all security aspects, leaving the customer with no responsibility.

The customer is only responsible for the security of their desktop computers.

解析: 無

2.13 分

5.

If a cloud service security incident occurs, how should we (cloud service customer) respond according to ISO 27017?

Report the incident to the provider immediately and cooperate in resolving it

Wait for the issue to resolve itself and avoid contacting the provider

Skip reporting the incident because it’s not important for the provider

Handle the incident themselves without informing the provider

解析: 無

2.13 分

6.

How should you as a cloud service customer ensure the security of sensitive data in the cloud according to ISO 27017?

Encrypt sensitive data and restrict access to authorized personnel only

Store sensitive data without encryption or any restrictions

Back up sensitive data and ignore encryption

Share sensitive data freely because encryption can slow things down

解析: 無

2.13 分

7.

How should we (cloud service customer) manage the risks of using these services?

Assess the service provider’s risks and identify potential security issues

Ignore risk management because cloud services are always secure

Focus only on costs and leave risk management entirely to the provider

Assume there are no risks in the cloud environment

解析: 無

2.13 分

8.

Which of the following physical security measures should you (cloud service customer) expect the provider to implement for the data centers?

Strong physical security controls, including access systems, surveillance, and inspections

No physical security measures, as long as the provider has good virtual security

Physical security is not needed, because cloud technology itself is secure

Data center doors should be left unlocked, as access control is unnecessary

解析: 無

2.13 分

9.

How should we (cloud service customer) handle backups for our data?

Regularly back up our data and ensure the availability of backups and do regular check to ensure the backup works

Skip backups because the provider automatically protects all data

Assume backup data can be lost without worry

Only think about backups after data loss occurs

解析: 無

2.13 分

10.

What is our role as cloud service customers in security monitoring?

Regularly monitor our cloud services and address security issues promptly

Let the provider handle all monitoring, with no involvement from the customer

Monitor only after a major security problem arises

No need to monitor because the cloud environment is secure by default

解析: 無

2.13 分

11.

An information system is an virtual/ physical environment which

Only stores data and information

Only processes data and information

Only distributes data and information

Stores, processes and distributes data and information

解析: 無

2.13 分

12.

A good security standard “90/10” Rule, which refers to:

90% water, 10% alcohol

90% technical control mechanisms, 10% user behaviors

10% technical control mechanisms, 90% user behaviors

10% hardware controls, 90% software controls

解析: 無

2.13 分

13.

Information Security Management System (ISMS) is a framework under which ISO standard?

ISO 27001

ISO 29001

ISO 22000

ISO 9000

解析: 無

2.13 分

14.

Titansoft has been ISO certified since 2012, and why do we do so?
(i) Ensuring our success in award hunting
(ii) Ensuring our work are cumbersome
(iii) Ensuring our information security practices are acceptable under ISO standards
(iv) Being certified also help our customers to save efforts in their license(s) application

(i) & (ii)

(i) & (ii) & (iii)

(iii) & (iv)

All of the above

解析: 無

2.13 分

15.

Which of the following is NOT mentioned in the Titansoft Information Security Policy?

Protect Company & Customer Information and other related assets from threats

Uses ISO29000 to manage information security

Ensure business continuity & minimize business damage

Increase staff information security awareness through information security education and training

解析: 無

2.13 分

16.

3 principles of ISMS(“CIA Triad”) consists:
(i) "Confidentiality", restricting unauthorized access to information system
(ii) "Closure", restricting all access to information system
(iii) "Integrity", ensuring there are no unintentional or malicious altering of information/ data in the information system
(iv) "Invisibility", masking all identities of users
(v) "Availability", ensuring access to the information must be available for the authorized personnel when they need the information
(vi) "Amaze", ensuring others are amazed by your capabilities

(i) & (iii) & (v)

(ii) & (iv) & (vi)

(i) & (iv) & (v)

(ii) & (iii) & (vi)

解析: 無

2.13 分

17.

ISMS uses PDCA cycle and what is this cycle about?
(i) PDCA cycle consist of 4 stages, namely PLAN, DO, CHECK, ACT
(ii) PDCA cycle consist of 4 stages, namely PLAY, DISCORD, CRACK, ADVANCE
(iii) PDCA a repetitive cycle without much purpose
(iv) PDCA is an iterative improvement cycle

(i) & (iv)

(i) & (iii)

(ii) & (iii)

(ii) & (iv)

解析: 無

2.13 分

18.

What is the true purpose of Corrective Action Requests(“CAR”)?

CAR is rewards and punishments

CAR is for recording purpose, you can choose not to act (within 30days) upon receiving CAR

CAR is like mosquitoes, the only pupose is to irritate you

CAR focused on prevention of future nonconformity to happen

解析: 無

2.13 分

19.

Non-conformity ticket (NCT) is a correction of actions. Which of the following will be issued NCTs?

Leave the desk without locking your computer.

Leaving sensitive information on the printer.

Forget to lock the zoom room.

All of the above

解析: 無

2.13 分

20.

You notice that the office door cannot be locked, which could allow unauthorized individuals to enter, what should you do?

Ignore it and continue working.

Report it to the MIS immediately.

Wait until the end of the day to deal with it.

Report it the next time you see it.

解析: 無

2.13 分

21.

When you see some unfamiliar face loitering around work area without access pass, what should you do?

Ignore that person, probably he lost his way

Go forth and check on his visit purpose. Direct him to the public area if necessary

Call the police, because you don’t like him

Give him your access card, so that he can stay longer in restricted area

解析: 無

2.13 分

22.

What should you do if you forget to bring your access pass to work?

Ask someone to let you in without a pass.

Apply for a TEMP pass from OD.

Wait outside until someone notices you.

Use a colleague's access pass.

解析: 無

2.13 分

23.

If you lose your access pass, how soon should you report it to OD?

Within 24 hours.

Within 1 week.

Within 4 hours.

As soon as you find it again.

解析: 無

2.13 分

24.

When using computers, what behavior could put your information at risk?
(i) Keep anti-virus software up-to-date
(ii) Use and turn on firewall protection
(iii) Install computer software updates
(iv) Install Peer to Peer (P2P) software
(v) Use thumb drive
(vi) Consult with IT dept before installing any software

(i) & (v)

(ii) & (iii)

(iv) & (v)

(iv) & (v) & (vi)

解析: 無

2.13 分

25.

Which of the following about Internet Usage is Correct?

Use internet services for business purposes only

Connecting to VPN using personal devices

Use internet for accessing pornographic or unethical material

Download and install unknown or unsolicited programs

解析: 無

2.13 分

26.

When received spam mail from stranger, what should you do?

Reply the mail

Open attachment from the mail

Forward the mail to colleagues

Delete junk/ spam mail

解析: 無

2.13 分

27.

Which of the following applies to the email usage policy?
(i) Use official email address for any personal subscription purpose
(ii) Pass along funny e-mails or chain letters
(iii) Use official mail for business purposes only
(iv) Be cautious even when opening attachments from your peers
(v) Share company email content outside of the company
(vi) Check email at least 2 times daily

(iii) & (iv)

(iii) & (iv) & (vi)

(iii) & (iv) & (v) & (vi)

All of the above

解析: 無

2.13 分

28.

Instant messaging can be hazardous in which of the following ways?

Always be on alert even if you are communicating with a known account

Sending confidential documents without encrypting

Delete suspicious links, even if they were shared by peers

Be aware of known accounts that could be impersonated by unknown parties.

解析: 無

2.13 分

29.

When transmitting sensitive data, which of the following practices should be adopted to protect user data?

Sending the data without any encryption.

Encrypting the data before transmission to ensure confidentiality.

Share the data via unsecured email.

Compress the data into a ZIP file and send it without any security.

解析: 無

2.13 分

30.

How to use removable media safely?

Encrypt and password protect removable media with sensitive information

Protect the removable media from loss and damage

Scan removable media before transferring files to your computer

All of the above

解析: 無

2.13 分

31.

Which of the following is a good Data Backup practices?
(i) Keep your backups in the same physical location as your computer
(ii) Make regular back-up of critical data and software program based on data criticality, e.g., daily, weekly, monthly
(iii) Store back-up disks at a geographically separate and secure location
(iv) Put confidential information in public shared folder
(v) Prepare for disasters by testing the ability to restore data from back-up disks
(vi) Backup illegal data and files without license

(i) & (ii) & (iii)

(ii) & (v)

(ii) & (iii) & (v)

(iii) & (v) & (vi)

解析: 無

2.13 分

32.

You need to store some work-related documents. Where CAN'T you store?

Store the documents on your personal Google account.

Store the documents on your company Google account.

Store the documents on confluence.

Store the documents in company folder.

解析: 無

2.13 分

33.

Sensitive data/ information that are no longer needed, we will have to dispose them. What should you do to dispose those information?

Reformat or low level format computer storage device or removable storage media before recycling or re-using electronic media

Degauss or destroy your digital media via magnets or special software tools before discarding

Shred the sensitive hardcopy documents first before throwing in the trash

All of the above

解析: 無

2.13 分

34.

What is the risk of pirated software?

May contain viruses

Break Copyright law and lead to civil penalties

Lack of technical support and manual

All of the above

解析: 無

2.13 分

35.

How to prevent software piracy and copyright infringement?

Use pirated software

Only Install and use licensed software

Copy or share music or video files that you have to pay for

Use P2P to download copyright protected files.

解析: 無

2.13 分

36.

What is NOT in compliance with VPN usage regulations?

Obtaining remote access to company information systems through a VPN connection.

Connect using authorized devices only.

Share account and password with stranger.

Using the VPN connection for business purposes only.

解析: 無

2.13 分

37.

When setting password, you should NOT?

Change your new accounts default password

Use password with combination of alphabets, numbers & special characters

Use passwords which are easily associated with your personal information

Use password that is significantly different from earlier passwords

解析: 無

2.13 分

38.

Passwords can be protected by

writing them down

allowing your web browser to remember them when using a public or shared computer

storing them in plaintext

never sharing them with anyone under any circumstances

解析: 無

2.13 分

39.

Which of the following about phishing is TRUE?
(i) Phishing is one type of social engineering that uses e-mail or websites to trick you into disclosing personal sensitive information.
(ii) Phisher sending emails or pop-up messages which directs the you to a fake website that looks just like the real website.
(iii) The fake website tricks you to submit your personal sensitive information.
(iv) Phisher uses your personal information to steal your identity.

(i) & (ii) & (iii)

(ii) & (iii) & (iv)

(iv)

All of the above

解析: 無

2.13 分

40.

What action may lead to phishing attacks?

Ensure your internet browser and email phishing filters are activated

Report suspicious phishing sites related to company

Install anti-virus software and keep it up-to-date

Click on links and submit personal data in suspicious email

解析: 無

2.13 分

41.

Which of the following is a potential phishing attempt?

HR@titansoft.com.sg

http://titans0ft.com

https://unit4hrms.com/TIT/web/Login.aspx

https://ironman.atlassian.net/wiki/spaces/announcement/overview?homepageId=245400611

解析: 無

2.13 分

42.

Which of the following is NOT a clear desk and clear screen policy?

Restricted document needs to be locked when unattended

Wipe the desk and computer screen frequently with alcohol to remove bacteria

No written passwords or sensitive information found on desk or on screen unattended

Ensuring no sensitive information is left unattended on the computer screen

解析: 無

2.13 分

43.

When using Zoom, which of the following is considered non-conformity?

Enable waiting room and only admit participants who need to attend the meeting.

Lock the meeting once all participants are in.

Update zoom any time to keep secure if you got the following prompt

Background has confidential information when engaging zoom meeting with external parties

解析: 無

2.13 分

44.

You’ve just received a notification that IT has created a new GCP account for you. According to the company’s security policy, what should you do next?

Wait a few days before logging in

Use the account immediately without changing anything

Change your password and enable 2FA within 24 hours

Give your colleague access in case they need it

解析: 無

2.13 分

45.

Security incidents include virus attacks, hacking, information leakage, etc. When you discover a security incident, what should you do?

Immediately report anything unusual, suspected security incidents to IT dept

Ignore it

Discuss security incidents with any one outside organization

Non-IT incidents don't need to be reported

解析: 無

2.13 分

46.

You need to upload data for a new project to a cloud service. How should you ensure security?

Choose any free cloud service without considering security issues.

Use a company-approved cloud service and ensure compliance with security guidelines.

No security measures are needed, as this is public data.

Log in to the cloud service using a personal account and password.

解析: 無

2.13 分

47.

Employees traveling the following countries (China, Macau, Hong Kong and USA) must inform MIS via the "Staff travel policy (China, Macau, Hong Kong and USA)" page in confluence

解析: 無

2.13 分

ISMS Awareness Exercise 2025 (IT)

及格

Which area does ISO 27017 primarily focus on for information security management?

Which of the following security responsibilities should you (cloud service customer) expect from your cloud service provider?

What should you (cloud service customer) expect from your cloud service provider when it comes to the protection of your data?

What is the difference between cloud service providers and customers (Infrastructure as a Service (IaaS))?

If a cloud service security incident occurs, how should we (cloud service customer) respond according to ISO 27017?

How should you as a cloud service customer ensure the security of sensitive data in the cloud according to ISO 27017?

How should we (cloud service customer) manage the risks of using these services?

Which of the following physical security measures should you (cloud service customer) expect the provider to implement for the data centers?

How should we (cloud service customer) handle backups for our data?

What is our role as cloud service customers in security monitoring?

An information system is an virtual/ physical environment which

A good security standard “90/10” Rule, which refers to:

Information Security Management System (ISMS) is a framework under which ISO standard?

Which of the following is NOT mentioned in the Titansoft Information Security Policy?

ISMS uses PDCA cycle and what is this cycle about? (i) PDCA cycle consist of 4 stages, namely PLAN, DO, CHECK, ACT (ii) PDCA cycle consist of 4 stages, namely PLAY, DISCORD, CRACK, ADVANCE (iii) PDCA a repetitive cycle without much purpose (iv) PDCA is an iterative improvement cycle

What is the true purpose of Corrective Action Requests(“CAR”)?

Non-conformity ticket (NCT) is a correction of actions. Which of the following will be issued NCTs?

You notice that the office door cannot be locked, which could allow unauthorized individuals to enter, what should you do?

When you see some unfamiliar face loitering around work area without access pass, what should you do?

What should you do if you forget to bring your access pass to work?

If you lose your access pass, how soon should you report it to OD?

Which of the following about Internet Usage is Correct?

When received spam mail from stranger, what should you do?

Instant messaging can be hazardous in which of the following ways?

When transmitting sensitive data, which of the following practices should be adopted to protect user data?

How to use removable media safely?

You need to store some work-related documents. Where CAN'T you store?

Sensitive data/ information that are no longer needed, we will have to dispose them. What should you do to dispose those information?

What is the risk of pirated software?

How to prevent software piracy and copyright infringement?

What is NOT in compliance with VPN usage regulations?

When setting password, you should NOT?

Passwords can be protected by

What action may lead to phishing attacks?

Which of the following is a potential phishing attempt?

Which of the following is NOT a clear desk and clear screen policy?

When using Zoom, which of the following is considered non-conformity?

You’ve just received a notification that IT has created a new GCP account for you. According to the company’s security policy, what should you do next?

Security incidents include virus attacks, hacking, information leakage, etc. When you discover a security incident, what should you do?

You need to upload data for a new project to a cloud service. How should you ensure security?

Employees traveling the following countries (China, Macau, Hong Kong and USA) must inform MIS via the "Staff travel policy (China, Macau, Hong Kong and USA)" page in confluence

ISMS uses PDCA cycle and what is this cycle about?
(i) PDCA cycle consist of 4 stages, namely PLAN, DO, CHECK, ACT
(ii) PDCA cycle consist of 4 stages, namely PLAY, DISCORD, CRACK, ADVANCE
(iii) PDCA a repetitive cycle without much purpose
(iv) PDCA is an iterative improvement cycle