General S&C (KITUR)
Risk Assessment
MPI,Data Privacy & RMG
Cloud Security & Cyber Security
100

It is not required to logon to EM computers only by Smart Card(physical or virtual)

1. True

2. False

2. False (unless you have a technical deferral)

100

Where can you raise request for ITRM Advisor for advice on contracts and risk assessments?

Goto/FindanAdvisor

100

How many control points should be applied for Private classification?

  1. 1
  2. 2
  3. 5
  4. 4

2. 2 control points

100

In the OAuth Code Grant flow, the user confirms consent by:

  1. Providing a code back to the app
  2. Entering their password when prompted
  3. By either providing a code or entering their password
  4. None of the above

1. Providing a code back to the app

200

Is it a good practice to forward zoom meeting invites to personal email IDs or attend meetings from unauthorized devices?

1. Yes

2. No

2. No

200

What is the pre – requisite before you submit a VAT request?

Carta Id should be created and CRE( Cyber Risk Evaluation) should be completed

200

What are the classification levels for ExxonMobil information?

  1. Proprietary
  2. Private
  3. Restricted
  4. All of the above

4. All of the above

200

Which of the following identities eliminate the need for credentials in code?

  1. Managed Identities
  2. Service Principals
  3. Managed Identities and Service Principals
  4. None of the above

1. Managed Identities

300

Is it Okay to Use your Company email when accessing external internet or social media sites for conducting Company business?

1. Yes

2. No

1. Yes

300

Before a Risk Assessment is endorsed and approved, what should be reviewed with business owners

  1. eCIMS
  2. Exposures
  3. Controls
  4. All of the above

4. All of the above

300

What is Full form of GDPR?

General Data Protection Regulation

300

You can activate an eligible privileged identity profile

  1. Via the Microsoft Authenticator App
  2. Via the Azure Privileged Identity app in the Azure Portal
  3. In the properties of your office 365 user profile
  4. All the above

2. Via the Azure Privileged Identity app in the Azure Portal

400

Which of these areas fall under KITUR

  1. Cybersecurity Awareness
  2. SharePoint
  3. Social Media
  4. Personal devices
  5. All of the above
  1. Cybersecurity Awareness
  2. SharePoint
  3. Social Media
400

For cloud applications, one must complete which questionnaire and where to find the questionnaire?

CAQ( Cloud Assessment Questionnaire) and goto/CAQ

400

Business email address is example for ---------------- under Data Privacy Practices.

1. Private information

2. Restricted information

3. Personal information

4. Proprietary information

3. Personal information

400

With Azure AD MFA, you can automatically block authentication for users who report fraud via email to a support address.

  1. True
  2. False

2. False

500

If your system is Moderate Risk Systems and Externally Hosted (or Internal with sensitive attributes), after how many years the Risk Assessment should be performed/reviewed ?

Every 4 years

500

As per travel adversary India comes under controlled-Affiliate  category 

1. True

2. False

1. True

500

What are the 3 stages of Record life cycle?

Create-Store-Review/Dispose/Archive

500

Azure AD Pass Through authentication (PTA) is associated with which of the following identity model?

  1. Cloud Only
  2. Synchronized
  3. Federated
  4. All of the above

2. Synchronized

M
e
n
u