Jane is implementing a new solution by integrating 3 different applications (SaaS, PaaS and IaaS). She has classified the information resources as per Cyber Security Risk Management Standard as 1 high risk, 1 medium risk and 1 low risk. Which of the UNSW Information Resources does she have a mandate as per the standard, to record in an inventory: (select multiple correct answers)

Medium Risk rated Information Resource

High Risk rated Information Resource

Low Risk rated Information Resource

A regulatory requirement for a high risk Finance Division application requires certain security logs to be retained for 6 months. The Finance team wants to follow the regulatory advise and store the logs for 6 months. Your advise to the team is to retain them

as per the regulatory requirement

The following types of UNSW Information Resources must be configured to generate and retain any security event logs or audit trails: (Select multiple correct answers)

Medium Cyber Risk Rated Information Resources

George is working on a project for WAF refresh. He is unsure what account Information must be recorded for logging and monitoring. Select all correct options from below:

Administrative activity & Login or log-off

For the same project, what additional activities would you advise George to be designed to be recorded for his WAF project apart from account related logging?

Modifications to the privilege level or configuration of an account

UNSW Information Resources must be recorded in an inventory that is periodically updated to record the asset locations, ownership, and the Cyber Security Risk Rating (and rationale) in accordance with the relevant change management process. Thomas is using a SaaS service which is medium risk and connecting to SIMs. He believes it does not to be recorded as it's related to SIMs. What is your advise to him?

Advise him as per the Standard, the resources include all types of cloud service

Tell him there is no Standard around it.

Security event logs must be protected from unauthorised modification and deletion by using (select all correct options)

ensuring that access to the log source and log destination is securely authenticated and restricted

a specialised, logging service that cryptographically signs security event logs to protect the logs from modification.

a separate room in the office to host SIEM on a server which is locked with specialized access

UNSW has implemented a log monitoring and reporting system to monitor its information resources. Which of the following is a requirement for this system to be effective? (Select all correct options)

record the baseline of expected traffic/data flows and event patterns

correlate events and identify potential threats.

alert based on suspicious events, event thresholds, or other anomalies.

be continuously improved based on changes to the risk profile of the monitored UNSW Information Resources.

Security event logs must (Select all correct options)

not include Highly Sensitive data.

Cyber Policy quiz 3

Professional Development

•

25 Qs

Similar activities

tobots

KG - Professional Development

•

22 Qs

BCS System & Architecture Quiz 7

University - Professional Development

•

20 Qs

VEHICLE PARTS (Pre-test)

1st Grade - Professional Development

•

20 Qs

2nd Written Activity

Professional Development

•

20 Qs

Quizizz Connect Before Content

Professional Development

•

20 Qs

Ddy Quiz 13 Sept

Professional Development

•

20 Qs

Cybersecurity Awareness

Professional Development

•

20 Qs

AUT 102 Chapter 21 Week 8/9 Quiz

Professional Development

•

20 Qs

Cyber Policy quiz 3

Quiz

•

Instructional Technology

•

Professional Development

•

Practice Problem

•

Medium

Nivedita Newar

Used 5+ times

FREE Resource

25 questions

Show all answers

MULTIPLE SELECT QUESTION

1 min • 1 pt

Zhang's business case to implement an exam proctoring software has been approved by UNSW management. He wants to understand which mandatory IT asset management requirements need to be documented from a cyber security perspective: (Select multiple correct answers)

connections and data flows to and from the service.

vulnerabilities identified and/or mitigated.

cost of storage for the system

cyber security controls, their function, and their configuration.

MULTIPLE SELECT QUESTION

1 min • 1 pt

Deepak has obtained approval for his business to implement a new Information Resource/Application handling highly sensitive UNSW data, hosted in UCloud-AWS). He is required to do the following: (multiple correct answers)

Review and update the information resource attribute fields in inventory on a periodic basis, as requested by cyber security team.

Evaluate the assets "Inherent Cyber Risk Rating" classification using the Cyber Security Risk Management Standard

Record the information resource in IT's central asset inventory.

Update the information resource attribute fields in the asset inventory upon asset changes, upgrades, decommissioning.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

As per the "Cyber Security Standard-Information Asset Management", all UNSW Business Divisions and Faculty's "Low Cyber Risk rated Information Resources must be recorded in an inventory.

True

False

FILL IN THE BLANK QUESTION

1 min • 1 pt

High Cyber Risk Rated UNSW Information Services and supporting UNSW Information Assets must be reported to the UNSW IT ________ team for recording in the central UNSW IT inventory.

MULTIPLE SELECT QUESTION

1 min • 1 pt

Mary Grace is business owner of learning management software(LMS), classified as High Cyber Risk rated information resource. One of the software has reached end of life/support but she is insisting on continuing to use it because it has been used for more than 9 years. What is your advice to her? (multiple correct answers)

Since the LMS is currently non compliant with cyber security standards, it must be isolated from the network

that LMS must have active maintenance or support contracts with the vendors or manufacturers.

that LMS must be managed in accordance with the Cyber Security Standard – Risk Management.

that her business division must not use end-of-life and/or end-of-support Information Resources, including the LMS.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

As per Cyber Security Standard-Information Asset Management, all UNSW Business Divisions and Faculty's "High Cyber Risk rated Information Resources" must be recorded in "IT's" central asset inventory

True

False

MULTIPLE SELECT QUESTION

45 sec • 1 pt

The person responsible for defining, operating, measuring, and improving a UNSW Information Service and associated cyber security controls is called (select multiple correct answers)

Information Asset Owner

Information Service Owner

System Owner

IT service owner

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

G.K Quiz Part-2

Quiz

•

University - Professi...

20 questions

WB - Outbound

Quiz

•

Professional Development

25 questions

ADMINISTRASI INFRASTRUKTUR JARINGAN

Quiz

•

Professional Development

25 questions

ML-overall

Quiz

•

University - Professi...

25 questions

Revisão Geral 1

Quiz

•

Professional Development

20 questions

FUN 101 Week 3 Test Bolts, Studs & Nuts

Quiz

•

Professional Development

20 questions

instructional technology

Quiz

•

KG - Professional Dev...

20 questions

QC Process

Quiz

•

Professional Development

Popular Resources on Wayground

5 questions

This is not a...winter edition (Drawing game)

Quiz

•

1st - 5th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Identify Iconic Christmas Movie Scenes

Interactive video

•

6th - 10th Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

11 questions

How well do you know your Christmas Characters?

Lesson

•

3rd Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

20 questions

How the Grinch Stole Christmas

Quiz

•

5th Grade

Discover more resources for Instructional Technology

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

25 questions

Christmas Movies

Quiz

•

Professional Development

20 questions

Christmas Trivia

Quiz

•

Professional Development

15 questions

Fun Holiday Trivia

Quiz

•

Professional Development

25 questions

Name That Tune - Christmas

Quiz

•

Professional Development

29 questions

Christmas Song Emoji Pictionary

Quiz

•

Professional Development

9 questions

Holiday Movie Trivia

Lesson

•

Professional Development

34 questions

Winter Trivia

Quiz

•

Professional Development

Cyber Policy quiz 3

25 questions

Zhang's business case to implement an exam proctoring software has been approved by UNSW management. He wants to understand which mandatory IT asset management requirements need to be documented from a cyber security perspective: (Select multiple correct answers)

Deepak has obtained approval for his business to implement a new Information Resource/Application handling highly sensitive UNSW data, hosted in UCloud-AWS). He is required to do the following: (multiple correct answers)

As per the "Cyber Security Standard-Information Asset Management", all UNSW Business Divisions and Faculty's "Low Cyber Risk rated Information Resources must be recorded in an inventory.

High Cyber Risk Rated UNSW Information Services and supporting UNSW Information Assets must be reported to the UNSW IT ________ team for recording in the central UNSW IT inventory.

As per Cyber Security Standard-Information Asset Management, all UNSW Business Divisions and Faculty's "High Cyber Risk rated Information Resources" must be recorded in "IT's" central asset inventory

The person responsible for defining, operating, measuring, and improving a UNSW Information Service and associated cyber security controls is called (select multiple correct answers)

Who is responsible for Asset Authorisation- the management decision to permit the operation of an Information Resource into a production environment through a formal release management process.

A regulatory requirement for a high risk Finance Division application requires certain security logs to be retained for 6 months. The Finance team wants to follow the regulatory advise and store the logs for 6 months. Your advise to the team is to retain them (a)

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology

Cyber Policy quiz 3

25 questions

Zhang's business case to implement an exam proctoring software has been approved by UNSW management. He wants to understand which mandatory IT asset management requirements need to be documented from a cyber security perspective: (Select multiple correct answers)

Deepak has obtained approval for his business to implement a new Information Resource/Application handling highly sensitive UNSW data, hosted in UCloud-AWS). He is required to do the following: (multiple correct answers)

As per the "Cyber Security Standard-Information Asset Management", all UNSW Business Divisions and Faculty's "Low Cyber Risk rated Information Resources must be recorded in an inventory.

High Cyber Risk Rated UNSW Information Services and supporting UNSW Information Assets must be reported to the UNSW IT ________ team for recording in the central UNSW IT inventory.

As per Cyber Security Standard-Information Asset Management, all UNSW Business Divisions and Faculty's "High Cyber Risk rated Information Resources" must be recorded in "IT's" central asset inventory

The person responsible for defining, operating, measuring, and improving a UNSW Information Service and associated cyber security controls is called (select multiple correct answers)

Who is responsible for Asset Authorisation- the management decision to permit the operation of an Information Resource into a production environment through a formal release management process.

A regulatory requirement for a high risk Finance Division application requires certain security logs to be retained for 6 months. The Finance team wants to follow the regulatory advise and store the logs for 6 months. Your advise to the team is to retain them ​ (a)

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology

A regulatory requirement for a high risk Finance Division application requires certain security logs to be retained for 6 months. The Finance team wants to follow the regulatory advise and store the logs for 6 months. Your advise to the team is to retain them (a)