Jane is implementing a new solution by integrating 3 different applications (SaaS, PaaS and IaaS). She has classified the information resources as per Cyber Security Risk Management Standard as 1 high risk, 1 medium risk and 1 low risk. Which of the UNSW Information Resources does she have a mandate as per the standard, to record in an inventory: (select multiple correct answers)

Medium Risk rated Information Resource

High Risk rated Information Resource

Low Risk rated Information Resource

A regulatory requirement for a high risk Finance Division application requires certain security logs to be retained for 6 months. The Finance team wants to follow the regulatory advise and store the logs for 6 months. Your advise to the team is to retain them

as per the regulatory requirement

The following types of UNSW Information Resources must be configured to generate and retain any security event logs or audit trails: (Select multiple correct answers)

Medium Cyber Risk Rated Information Resources

George is working on a project for WAF refresh. He is unsure what account Information must be recorded for logging and monitoring. Select all correct options from below:

Administrative activity & Login or log-off

For the same project, what additional activities would you advise George to be designed to be recorded for his WAF project apart from account related logging?

Modifications to the privilege level or configuration of an account

UNSW Information Resources must be recorded in an inventory that is periodically updated to record the asset locations, ownership, and the Cyber Security Risk Rating (and rationale) in accordance with the relevant change management process. Thomas is using a SaaS service which is medium risk and connecting to SIMs. He believes it does not to be recorded as it's related to SIMs. What is your advise to him?

Advise him as per the Standard, the resources include all types of cloud service

Tell him there is no Standard around it.

Security event logs must be protected from unauthorised modification and deletion by using (select all correct options)

ensuring that access to the log source and log destination is securely authenticated and restricted

a specialised, logging service that cryptographically signs security event logs to protect the logs from modification.

a separate room in the office to host SIEM on a server which is locked with specialized access

UNSW has implemented a log monitoring and reporting system to monitor its information resources. Which of the following is a requirement for this system to be effective? (Select all correct options)

record the baseline of expected traffic/data flows and event patterns

correlate events and identify potential threats.

alert based on suspicious events, event thresholds, or other anomalies.

be continuously improved based on changes to the risk profile of the monitored UNSW Information Resources.

Security event logs must (Select all correct options)

not include Highly Sensitive data.

Cyber Policy quiz 3

Authored by Nivedita Newar

Instructional Technology

Professional Development

Used 5+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

25 questions

Show all answers

MULTIPLE SELECT QUESTION

1 min • 1 pt

Zhang's business case to implement an exam proctoring software has been approved by UNSW management. He wants to understand which mandatory IT asset management requirements need to be documented from a cyber security perspective: (Select multiple correct answers)

connections and data flows to and from the service.

vulnerabilities identified and/or mitigated.

cost of storage for the system

cyber security controls, their function, and their configuration.

MULTIPLE SELECT QUESTION

1 min • 1 pt

Deepak has obtained approval for his business to implement a new Information Resource/Application handling highly sensitive UNSW data, hosted in UCloud-AWS). He is required to do the following: (multiple correct answers)

Review and update the information resource attribute fields in inventory on a periodic basis, as requested by cyber security team.

Evaluate the assets "Inherent Cyber Risk Rating" classification using the Cyber Security Risk Management Standard

Record the information resource in IT's central asset inventory.

Update the information resource attribute fields in the asset inventory upon asset changes, upgrades, decommissioning.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

As per the "Cyber Security Standard-Information Asset Management", all UNSW Business Divisions and Faculty's "Low Cyber Risk rated Information Resources must be recorded in an inventory.

True

False

FILL IN THE BLANK QUESTION

1 min • 1 pt

High Cyber Risk Rated UNSW Information Services and supporting UNSW Information Assets must be reported to the UNSW IT ________ team for recording in the central UNSW IT inventory.

MULTIPLE SELECT QUESTION

1 min • 1 pt

Mary Grace is business owner of learning management software(LMS), classified as High Cyber Risk rated information resource. One of the software has reached end of life/support but she is insisting on continuing to use it because it has been used for more than 9 years. What is your advice to her? (multiple correct answers)

Since the LMS is currently non compliant with cyber security standards, it must be isolated from the network

that LMS must have active maintenance or support contracts with the vendors or manufacturers.

that LMS must be managed in accordance with the Cyber Security Standard – Risk Management.

that her business division must not use end-of-life and/or end-of-support Information Resources, including the LMS.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

As per Cyber Security Standard-Information Asset Management, all UNSW Business Divisions and Faculty's "High Cyber Risk rated Information Resources" must be recorded in "IT's" central asset inventory

True

False

MULTIPLE SELECT QUESTION

45 sec • 1 pt

The person responsible for defining, operating, measuring, and improving a UNSW Information Service and associated cyber security controls is called (select multiple correct answers)

Information Asset Owner

Information Service Owner

System Owner

IT service owner

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Distribution

Quiz

•

10th Grade - Professi...

20 questions

Azure Review

Quiz

•

Professional Development

20 questions

Syukuran HUT Jalin ke 6

Quiz

•

Professional Development

20 questions

[Scrum Master]-Primer-Examen-Primer-Intento

Quiz

•

Professional Development

20 questions

AUT 208 Week 1 Quiz

Quiz

•

Professional Development

20 questions

A 7th Quizz: Things you should know as an Adult.

Quiz

•

Professional Development

21 questions

Connecting to the Internet

Quiz

•

Professional Development

20 questions

Security+ Cengage Module6: Mobile and Embedded Device Security

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Instructional Technology

15 questions

LOTE_SPN2 5WEEK3 Day 2 Itinerary

Quiz

•

Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

42 questions

LOTE_SPN2 5WEEK2 Day 4 We They Actividad 3

Quiz

•

Professional Development

6 questions

Copy of G5_U6_L3_22-23

Lesson

•

KG - Professional Dev...

20 questions

Employability Skills

Quiz

•

Professional Development

Cyber Policy quiz 3

Zhang's business case to implement an exam proctoring software has been approved by UNSW management. He wants to understand which mandatory IT asset management requirements need to be documented from a cyber security perspective: (Select multiple correct answers)

Deepak has obtained approval for his business to implement a new Information Resource/Application handling highly sensitive UNSW data, hosted in UCloud-AWS). He is required to do the following: (multiple correct answers)

As per the "Cyber Security Standard-Information Asset Management", all UNSW Business Divisions and Faculty's "Low Cyber Risk rated Information Resources must be recorded in an inventory.

High Cyber Risk Rated UNSW Information Services and supporting UNSW Information Assets must be reported to the UNSW IT ________ team for recording in the central UNSW IT inventory.

As per Cyber Security Standard-Information Asset Management, all UNSW Business Divisions and Faculty's "High Cyber Risk rated Information Resources" must be recorded in "IT's" central asset inventory

The person responsible for defining, operating, measuring, and improving a UNSW Information Service and associated cyber security controls is called (select multiple correct answers)

Who is responsible for Asset Authorisation- the management decision to permit the operation of an Information Resource into a production environment through a formal release management process.

A regulatory requirement for a high risk Finance Division application requires certain security logs to be retained for 6 months. The Finance team wants to follow the regulatory advise and store the logs for 6 months. Your advise to the team is to retain them (a)

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology

Cyber Policy quiz 3

Zhang's business case to implement an exam proctoring software has been approved by UNSW management. He wants to understand which mandatory IT asset management requirements need to be documented from a cyber security perspective: (Select multiple correct answers)

Deepak has obtained approval for his business to implement a new Information Resource/Application handling highly sensitive UNSW data, hosted in UCloud-AWS). He is required to do the following: (multiple correct answers)

As per the "Cyber Security Standard-Information Asset Management", all UNSW Business Divisions and Faculty's "Low Cyber Risk rated Information Resources must be recorded in an inventory.

High Cyber Risk Rated UNSW Information Services and supporting UNSW Information Assets must be reported to the UNSW IT ________ team for recording in the central UNSW IT inventory.

As per Cyber Security Standard-Information Asset Management, all UNSW Business Divisions and Faculty's "High Cyber Risk rated Information Resources" must be recorded in "IT's" central asset inventory

The person responsible for defining, operating, measuring, and improving a UNSW Information Service and associated cyber security controls is called (select multiple correct answers)

Who is responsible for Asset Authorisation- the management decision to permit the operation of an Information Resource into a production environment through a formal release management process.

A regulatory requirement for a high risk Finance Division application requires certain security logs to be retained for 6 months. The Finance team wants to follow the regulatory advise and store the logs for 6 months. Your advise to the team is to retain them ​ (a)

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology

A regulatory requirement for a high risk Finance Division application requires certain security logs to be retained for 6 months. The Finance team wants to follow the regulatory advise and store the logs for 6 months. Your advise to the team is to retain them (a)