Cyber Security and Privacy Week 3 NPTEL Assignment Answers 2025

Need help with this week’s assignment? Get detailed and trusted solutions for Cyber Security and Privacy Week 3 NPTEL Assignment Answers. Our expert-curated answers help you solve your assignments faster while deepening your conceptual clarity.

✅ Subject: Cyber Security and Privacy
📅 Week: 3
🎯 Session: NPTEL 2025 July-October
🔗 Course Link: Click Here
🔍 Reliability: Verified and expert-reviewed answers
📌 Trusted By: 5000+ Students

For complete and in-depth solutions to all weekly assignments, check out 👉 NPTEL Cyber Security and Privacy Week 3 Assignment Answers

🚀 Stay ahead in your NPTEL journey with fresh, updated solutions every week!

NPTEL Cyber Security and Privacy Week 3 Assignment Answers 2025

1. A company’s risk register lists “third-party data breach” as a critical risk. Which GRC function is primarily responsible for ensuring ongoing monitoring and mitigation of this risk?

• Governance
• Reducible Breach
• Compliance
• Risk Management

Answer : See Answers

2. Which of the following statements is correct regarding the implementation of a GRC framework?

• Implementing a GRC framework guarantees that an organization has immunity from all cyber threats.
• A GRC framework helps organizations identify, assess, and mitigate cyber risks, but does not make them fully immune to threats.
• GRC frameworks are only relevant for financial compliance and do not address cybersecurity.
• GRC frameworks eliminate the need for cybersecurity controls.

Answer :

3. True or False: de facto standard refers to instructions that dictate certain standard behavior within an organization.

• True
• False

Answer :

4. Which of the following refers to a detailed statement of what must be done to comply with policy?

• de jure practices
• guidelines
• standard
• procedures

Answer :

5. If an organization’s policy states “All confidential data must be protected,” which of the following would be the most appropriate standard to support this policy?

• Employees should consider using strong passwords
• Confidential data must be encrypted using AES-256
• Steps for reporting a data breach
• Encouraging staff to attend security training

Answer :

6. True or False: Compliance activities in a GRC framework are limited to following internal company policies and do not involve external laws or regulations.

• True
• False

Answer : See Answers

7. MSQ: Which of the following are examples of preventive controls in IT security? (Select all that apply. More than one answer may be possible.)

• Firewall configuration blocking unauthorized ports
• Security awareness training for employees
• Daily review of audit logs
• Multi-factor authentication (MFA) for system access
• Data backup and recovery solutions

Answer :

8. Which framework, developed by the IT community, prioritizes IT control objectives and is specified by ISACA (Information Systems Audit and Control Association)?

• COBIT
• COSO
• ISO/IEC 27001
• NIST Cybersecurity Framework

Answer :

9. Which of the following statements about the NIST Cybersecurity Framework are NOT correct? (Select all that apply. More than one answer may be possible.)

• It guarantees complete protection against all cyber threats.
• Only large organizations can benefit from it.
• The framework is rigid and cannot be customized to fit an organization’s needs.
• Implementing it is a one-time activity and does not require ongoing updates.
• It deals only with technology and does not consider employee training or policies.

Answer :

10. Which of the following statements is correct regarding ISO 27001 certification?

• ISO 27001 certification is only relevant for government agencies.
• ISO 27001 certification can be issued to both organizations and individuals.
• ISO 27001 certification can only be issued to organizations.
• ISO 27001 certification is only available to individuals, not organizations.

Answer : See Answers