Page 1 of 1
Module 1 — Security Awareness Foundations assessment
Knowledge check based on Module 1 of the Okimia training program — Security Awareness Foundations. Required for all employees and contractors after the training session. 20 questions, ~10 minutes.
1. Which best describes Okimia's regulatory status?
*
1. Which best describes Okimia's regulatory status?
A
It is an unregulated software vendor
B
It is registered with ORIAS under three statuses: CIF, MOBSP, and IAS
C
It is a licensed bank
D
It is solely a payment processor
2. Within how many hours must a confirmed personal data breach be notified to the CNIL under GDPR?
*
2. Within how many hours must a confirmed personal data breach be notified to the CNIL under GDPR?
A
24 hours
B
72 hours
C
7 days
D
30 days
3. Who is the Data Protection Officer (DPO) at Okimia?
*
3. Who is the Data Protection Officer (DPO) at Okimia?
A
Geoffrey LAIRD
B
Thomas DUBOIS
C
François MENJAUD
D
An external firm
4. Which documents do you sign upon joining Okimia? (Select all that apply)
*
4. Which documents do you sign upon joining Okimia? (Select all that apply)
Employment contract with a confidentiality clause
Non-disclosure agreement (NDA)
GDPR-specific agreement
Public communications policy
5. Your confidentiality obligation under the NDA ends when:
*
5. Your confidentiality obligation under the NDA ends when:
A
Your employment ends
B
The information becomes publicly known through no action of yours
C
Exactly one year after signing
D
Five years after signing
6. What does the principle of least privilege mean?
*
6. What does the principle of least privilege mean?
A
Junior staff receive fewer privileges than seniors
B
You only have access to what you strictly need for your role
C
All access is read-only
D
Only managers have write access
7. Who has direct access to Okimia's production database?
*
7. Who has direct access to Okimia's production database?
A
All technical team members
B
The CEO only
C
Geoffrey LAIRD and Thomas DUBOIS only
D
Every employee
8. What is the minimum recommended length for a password at Okimia?
*
8. What is the minimum recommended length for a password at Okimia?
A
6 characters
B
8 characters
C
12 characters
D
20 characters
9. Which of these are required password practices at Okimia? (Select all that apply)
*
9. Which of these are required password practices at Okimia? (Select all that apply)
Use the company-provided password manager
Enable 2FA wherever available
Generate long, random passwords
Reuse one memorable password across services
10. On which Okimia tools is 2FA mandatory?
*
10. On which Okimia tools is 2FA mandatory?
A
Email only
B
Source code repositories only
C
All tools exposing client or financial data (Google Workspace, AWS, GitHub, HubSpot, Stripe, Equals Money, and the password manager)
D
Only the password manager
11. When working from a café or hotel, what is the correct practice?
*
11. When working from a café or hotel, what is the correct practice?
A
Connect directly to the Wi-Fi
B
Use the corporate VPN before opening any Okimia tool
C
Use only your phone's hotspot at all times
D
Avoid all work during travel
12. Which of the following are red flags for a phishing email? (Select all that apply)
*
12. Which of the following are red flags for a phishing email? (Select all that apply)
A subtly altered sender domain
An urgent threat of lockout or sanction
A link whose URL doesn't match the displayed text
A request for credentials, a wire transfer, or gift cards
13. You receive a suspicious email. What is the FIRST thing to do?
*
13. You receive a suspicious email. What is the FIRST thing to do?
A
Reply to ask if it's legitimate
B
Click cautiously to see where the link leads
C
Don't click any link, don't reply — verify through another channel
D
Delete it immediately without telling anyone
14. You realize you clicked a malicious link. What is the right reaction?
*
14. You realize you clicked a malicious link. What is the right reaction?
A
Hide it and hope nothing happens
B
Wait 24 hours to see if anything changes
C
Change your password, sign out of all tools, and alert Geoffrey or Thomas immediately
D
Reformat your laptop yourself
15. A 'CEO' urgently asks you by email to wire funds to a new account, confidentially. What do you do?
*
15. A 'CEO' urgently asks you by email to wire funds to a new account, confidentially. What do you do?
A
Process it — the CEO needs it urgently
B
Reply asking for more details
C
Pause, verify by calling on a known number, and escalate to a director
D
Forward to a colleague to handle
16. A client asks you to send a copy of their data. What is the right channel?
*
16. A client asks you to send a copy of their data. What is the right channel?
A
As an email attachment
B
As a Slack DM
C
Through a restricted Drive share, approved by Geoffrey (DPO)
D
Via WhatsApp
17. Which of the following must be reported as a security incident? (Select all that apply)
*
17. Which of the following must be reported as a security incident? (Select all that apply)
You clicked a suspicious link or attachment
Your work laptop was lost or stolen
You sent client data to the wrong recipient
You suspect that one of your passwords has been compromised
18. Where should you report a security incident?
*
18. Where should you report a security incident?
A
On Slack #security, then escalated to Geoffrey or Thomas
B
By email to a banking partner
C
On LinkedIn so others are warned
D
Nowhere if it seems minor
19. A teammate asks you for your password 'just for 5 minutes' to finish a demo. The right answer is:
*
19. A teammate asks you for your password 'just for 5 minutes' to finish a demo. The right answer is:
A
Yes, just this once
B
Only if they're senior to you
C
No — share access through the password manager, or do the action yourself
D
Yes, by Slack DM so there's a trace
20. Which of the following best summarizes your responsibility after this training?
*
20. Which of the following best summarizes your responsibility after this training?
A
I'll follow the rules only on critical projects
B
I know the rules, I apply them daily, and I report any incident, doubt, or deviation
C
Security is handled by Geoffrey and Thomas, not me
D
These rules are mostly for new joiners
Submit