Jane is implementing a new solution by integrating 3 different applications (SaaS, PaaS and IaaS). She has classified the information resources as per Cyber Security Risk Management Standard as 1 high risk, 1 medium risk and 1 low risk. Which of the UNSW Information Resources does she have a mandate as per the standard, to record in an inventory: (select multiple correct answers)

Medium Risk rated Information Resource

High Risk rated Information Resource

Low Risk rated Information Resource

A regulatory requirement for a high risk Finance Division application requires certain security logs to be retained for 6 months. The Finance team wants to follow the regulatory advise and store the logs for 6 months. Your advise to the team is to retain them

as per the regulatory requirement

The following types of UNSW Information Resources must be configured to generate and retain any security event logs or audit trails: (Select multiple correct answers)

Medium Cyber Risk Rated Information Resources

George is working on a project for WAF refresh. He is unsure what account Information must be recorded for logging and monitoring. Select all correct options from below:

Administrative activity & Login or log-off

For the same project, what additional activities would you advise George to be designed to be recorded for his WAF project apart from account related logging?

Modifications to the privilege level or configuration of an account

UNSW Information Resources must be recorded in an inventory that is periodically updated to record the asset locations, ownership, and the Cyber Security Risk Rating (and rationale) in accordance with the relevant change management process. Thomas is using a SaaS service which is medium risk and connecting to SIMs. He believes it does not to be recorded as it's related to SIMs. What is your advise to him?

Advise him as per the Standard, the resources include all types of cloud service

Tell him there is no Standard around it.

Security event logs must be protected from unauthorised modification and deletion by using (select all correct options)

ensuring that access to the log source and log destination is securely authenticated and restricted

a specialised, logging service that cryptographically signs security event logs to protect the logs from modification.

a separate room in the office to host SIEM on a server which is locked with specialized access

UNSW has implemented a log monitoring and reporting system to monitor its information resources. Which of the following is a requirement for this system to be effective? (Select all correct options)

record the baseline of expected traffic/data flows and event patterns

correlate events and identify potential threats.

alert based on suspicious events, event thresholds, or other anomalies.

be continuously improved based on changes to the risk profile of the monitored UNSW Information Resources.

Security event logs must (Select all correct options)

not include Highly Sensitive data.

Cyber Policy quiz 3

Authored by Nivedita Newar

Instructional Technology

Professional Development

Used 5+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

25 questions

Show all answers

MULTIPLE SELECT QUESTION

1 min • 1 pt

Zhang's business case to implement an exam proctoring software has been approved by UNSW management. He wants to understand which mandatory IT asset management requirements need to be documented from a cyber security perspective: (Select multiple correct answers)

connections and data flows to and from the service.

vulnerabilities identified and/or mitigated.

cost of storage for the system

cyber security controls, their function, and their configuration.

MULTIPLE SELECT QUESTION

1 min • 1 pt

Deepak has obtained approval for his business to implement a new Information Resource/Application handling highly sensitive UNSW data, hosted in UCloud-AWS). He is required to do the following: (multiple correct answers)

Review and update the information resource attribute fields in inventory on a periodic basis, as requested by cyber security team.

Evaluate the assets "Inherent Cyber Risk Rating" classification using the Cyber Security Risk Management Standard

Record the information resource in IT's central asset inventory.

Update the information resource attribute fields in the asset inventory upon asset changes, upgrades, decommissioning.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

As per the "Cyber Security Standard-Information Asset Management", all UNSW Business Divisions and Faculty's "Low Cyber Risk rated Information Resources must be recorded in an inventory.

True

False

FILL IN THE BLANK QUESTION

1 min • 1 pt

High Cyber Risk Rated UNSW Information Services and supporting UNSW Information Assets must be reported to the UNSW IT ________ team for recording in the central UNSW IT inventory.

MULTIPLE SELECT QUESTION

1 min • 1 pt

Mary Grace is business owner of learning management software(LMS), classified as High Cyber Risk rated information resource. One of the software has reached end of life/support but she is insisting on continuing to use it because it has been used for more than 9 years. What is your advice to her? (multiple correct answers)

Since the LMS is currently non compliant with cyber security standards, it must be isolated from the network

that LMS must have active maintenance or support contracts with the vendors or manufacturers.

that LMS must be managed in accordance with the Cyber Security Standard – Risk Management.

that her business division must not use end-of-life and/or end-of-support Information Resources, including the LMS.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

As per Cyber Security Standard-Information Asset Management, all UNSW Business Divisions and Faculty's "High Cyber Risk rated Information Resources" must be recorded in "IT's" central asset inventory

True

False

MULTIPLE SELECT QUESTION

45 sec • 1 pt

The person responsible for defining, operating, measuring, and improving a UNSW Information Service and associated cyber security controls is called (select multiple correct answers)

Information Asset Owner

Information Service Owner

System Owner

IT service owner

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Class 3 - Review

Quiz

•

Professional Development

20 questions

Video games

Quiz

•

3rd Grade - Professio...

20 questions

PM Overview and Integration

Quiz

•

Professional Development

20 questions

Canva and Designs

Quiz

•

Professional Development

20 questions

AUT 101 Chapter 12 week 1

Quiz

•

Professional Development

24 questions

Informatica di base

Quiz

•

Professional Development

26 questions

Air Brakes quiz 2

Quiz

•

Professional Development

20 questions

Quiz: Dale's Cone of Experience

Quiz

•

Professional Development

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

15 questions

Hargrett House Quiz: Community & Service

Quiz

•

5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Instructional Technology

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

35 questions

World War Two 8th G

Quiz

•

6th Grade - Professio...

7 questions

DOL REC: Solutions & Solubility Curves

Quiz

•

Professional Development

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

20 questions

NCAA Logo Quiz

Quiz

•

Professional Development

Cyber Policy quiz 3

Zhang's business case to implement an exam proctoring software has been approved by UNSW management. He wants to understand which mandatory IT asset management requirements need to be documented from a cyber security perspective: (Select multiple correct answers)

Deepak has obtained approval for his business to implement a new Information Resource/Application handling highly sensitive UNSW data, hosted in UCloud-AWS). He is required to do the following: (multiple correct answers)

As per the "Cyber Security Standard-Information Asset Management", all UNSW Business Divisions and Faculty's "Low Cyber Risk rated Information Resources must be recorded in an inventory.

High Cyber Risk Rated UNSW Information Services and supporting UNSW Information Assets must be reported to the UNSW IT ________ team for recording in the central UNSW IT inventory.

As per Cyber Security Standard-Information Asset Management, all UNSW Business Divisions and Faculty's "High Cyber Risk rated Information Resources" must be recorded in "IT's" central asset inventory

The person responsible for defining, operating, measuring, and improving a UNSW Information Service and associated cyber security controls is called (select multiple correct answers)

Who is responsible for Asset Authorisation- the management decision to permit the operation of an Information Resource into a production environment through a formal release management process.

A regulatory requirement for a high risk Finance Division application requires certain security logs to be retained for 6 months. The Finance team wants to follow the regulatory advise and store the logs for 6 months. Your advise to the team is to retain them (a)

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology

Cyber Policy quiz 3

Zhang's business case to implement an exam proctoring software has been approved by UNSW management. He wants to understand which mandatory IT asset management requirements need to be documented from a cyber security perspective: (Select multiple correct answers)

Deepak has obtained approval for his business to implement a new Information Resource/Application handling highly sensitive UNSW data, hosted in UCloud-AWS). He is required to do the following: (multiple correct answers)

As per the "Cyber Security Standard-Information Asset Management", all UNSW Business Divisions and Faculty's "Low Cyber Risk rated Information Resources must be recorded in an inventory.

High Cyber Risk Rated UNSW Information Services and supporting UNSW Information Assets must be reported to the UNSW IT ________ team for recording in the central UNSW IT inventory.

As per Cyber Security Standard-Information Asset Management, all UNSW Business Divisions and Faculty's "High Cyber Risk rated Information Resources" must be recorded in "IT's" central asset inventory

The person responsible for defining, operating, measuring, and improving a UNSW Information Service and associated cyber security controls is called (select multiple correct answers)

Who is responsible for Asset Authorisation- the management decision to permit the operation of an Information Resource into a production environment through a formal release management process.

A regulatory requirement for a high risk Finance Division application requires certain security logs to be retained for 6 months. The Finance team wants to follow the regulatory advise and store the logs for 6 months. Your advise to the team is to retain them ​ (a)

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology

A regulatory requirement for a high risk Finance Division application requires certain security logs to be retained for 6 months. The Finance team wants to follow the regulatory advise and store the logs for 6 months. Your advise to the team is to retain them (a)