1.
What technique used by unauthorized individuals to gain access to secure areas?
Correct Answer
C. Tailgating
Explanation
Tailgating refers to the technique used by unauthorized individuals to gain access to secure areas by closely following an authorized person through a secured door or gate. This method takes advantage of the trust placed in the authorized person and exploits their access privileges. By blending in and appearing as if they belong, the unauthorized individual can bypass security measures and gain entry to restricted areas. This is a common social engineering tactic used to breach physical security systems.
2.
Which event below is not an information security event you are required to report?
Correct Answer
B. Forgetting your password
Explanation
Forgetting your password is not an information security event that you are required to report. While it may be an inconvenience and can potentially lead to unauthorized access if someone else gains access to your account, it is not considered a security incident that needs to be reported. However, the other options listed (loss/theft of computer equipment, distribution of confidential information to unauthorized persons, and unauthorized access to information systems) are all events that should be reported as they pose a risk to the security and confidentiality of information.
3.
Phishing attacks only occur via email?
Correct Answer
B. False
Explanation
Phishing attacks do not only occur via email. While email is a common method used by attackers to deceive individuals into revealing sensitive information, phishing attacks can also occur through other means such as text messages, phone calls, social media messages, or even in-person interactions. Attackers may use various tactics to trick individuals into providing personal information or clicking on malicious links, making it important to stay vigilant and cautious across different communication channels.
4.
At a minimum, approximately how often should you change your password?
Correct Answer
C. Every 3 Months
Explanation
It is recommended to change your password every 3 months as a security measure. Regularly changing passwords reduces the risk of unauthorized access to your accounts and helps protect your personal information. By changing passwords frequently, you minimize the chances of hackers gaining access to your accounts and potentially compromising your data. This practice is especially important for accounts that contain sensitive information, such as online banking or email accounts.
5.
Which of the following is not recommended as part of a secure password?
Correct Answer
B. Dictionary Word
Explanation
Using a dictionary word as part of a password is not recommended because it is easily guessable. Dictionary words are commonly used and can be easily cracked by hackers using automated tools that try different combinations of words. To create a secure password, it is important to use a combination of numbers, special characters, capital letters, and avoid using easily guessable words.
6.
Which combination of keys can you use to quickly lock your computer before leaving it unattended?
Correct Answer
C. Windows Key + L
Explanation
Pressing the Windows Key + L combination is the quickest way to lock a computer before leaving it unattended. This combination instantly locks the computer and requires a password to unlock it, ensuring that no unauthorized access or tampering can occur while the user is away.
7.
Which is not a human desire that cyber criminals exploit when using social engineering techniques?
Correct Answer
B. Spite
Explanation
Cyber criminals exploit human desires such as trust, curiosity, and fear to manipulate individuals into falling for their social engineering techniques. However, spite is not a common human desire that cyber criminals typically exploit. Spite refers to a feeling of ill will or desire to harm others, and it is less likely to be used as a motivation for cyber criminals. Instead, they tend to focus on exploiting desires that are more common and easily manipulated, such as trust and curiosity.
8.
Which is not a human desire that cyber criminals exploit when using social engineering techniques?
Correct Answer
A. Anger
Explanation
Cyber criminals often exploit human desires like the desire to help, curiosity, and fear to manipulate individuals into falling for their scams or providing sensitive information. However, anger is not typically a desire that cyber criminals exploit. While anger can be a powerful emotion, it is less likely to be used as a tactic in social engineering attacks compared to other desires.
9.
Which is not a human desire that cyber criminals exploit when using social engineering techniques?
Correct Answer
B. Desperation
Explanation
Cyber criminals often exploit human desires to manipulate individuals into falling for their social engineering techniques. They may prey on the desire to avoid conflict by creating situations that seem urgent or threatening, causing individuals to act without thinking. Fear is another common desire that cyber criminals exploit, using scare tactics to manipulate individuals into revealing sensitive information or taking certain actions. Curiosity is also a desire that can be exploited, as cyber criminals may use enticing or intriguing messages to lure individuals into clicking on malicious links or downloading harmful files. However, desperation is not typically a desire that cyber criminals exploit in social engineering, as it does not provide them with the same level of control or influence over their targets.
10.
Which of the following is recommended as part of a secure password?
Correct Answer
A. Special Character
Explanation
A special character is recommended as part of a secure password because it adds an extra layer of complexity and makes it harder for hackers to guess or crack the password. Special characters include symbols like !, @, #, $, etc. By including a special character in a password, it increases the number of possible combinations, making it more difficult for unauthorized individuals to gain access to personal or sensitive information.
11.
Which of the following is recommended as part of a secure password?
Correct Answer
A. Number
Explanation
Including a number as part of a password is recommended for enhanced security. By including a number, the password becomes more complex and harder to guess or crack. Adding numbers to a password increases the possible combinations, making it more difficult for attackers to gain unauthorized access. Therefore, including a number in a password is considered a best practice for creating secure passwords.
12.
Which of the following is recommended as part of a secure password?
Correct Answer
D. None of the Above
Explanation
The options provided, such as pet name, birthdate, and vehicle information, are not recommended as part of a secure password. These types of information are easily guessable or can be obtained by someone with knowledge about the person. A secure password should be unique, complex, and not easily associated with personal information. Therefore, none of the above options are recommended for a secure password.
13.
Which of the following is recommended as part of a secure password?
Correct Answer
B. Capital Letter
Explanation
Including a capital letter in a password is recommended as it adds an extra layer of complexity and makes it harder to guess. Using a mix of uppercase and lowercase letters, along with numbers and special characters, makes the password more secure and less vulnerable to brute force attacks or dictionary-based hacking attempts.
14.
A phishing attack typically asks you to do which of the following?
Correct Answer
B. Open an attachment
Explanation
A phishing attack typically asks you to open an attachment. Phishing attacks often involve sending deceptive emails or messages that appear to be from a legitimate source, such as a bank or a company. These emails often contain attachments that may appear harmless, but they are actually designed to install malware or steal personal information from the recipient's device. By opening the attachment, the victim unknowingly compromises their security and becomes vulnerable to cybercriminals. It is important to be cautious and avoid opening attachments from unknown or suspicious sources to protect against phishing attacks.
15.
A phishing attack typically asks you to do which of the following?
Correct Answer
D. Provide information
Explanation
In a phishing attack, the attacker usually requests the victim to provide personal or sensitive information. This can include passwords, credit card details, social security numbers, or any other confidential data. The purpose of phishing is to deceive individuals into disclosing their information, which can then be used for fraudulent activities such as identity theft or unauthorized access to accounts. Therefore, providing information is a common request in a phishing attack.
16.
A phishing attack typically asks you to do which of the following?
Correct Answer
C. Update information
Explanation
A phishing attack typically asks you to update information. Phishing attacks are attempts to deceive individuals into revealing sensitive information such as passwords, credit card numbers, or social security numbers. Attackers often impersonate legitimate organizations or individuals and send deceptive emails or messages that prompt recipients to update their personal information. This tactic is used to trick individuals into providing their confidential data, which can then be used for fraudulent purposes.
17.
A phishing attack typically asks you to do which of the following?
Correct Answer
A. Click a link
Explanation
A phishing attack typically asks you to click a link. Phishing attacks are designed to deceive individuals into revealing sensitive information such as passwords, credit card numbers, or personal data. By clicking on a link provided in a phishing email or message, the attacker can redirect the victim to a fake website that appears legitimate, tricking them into entering their information. This allows the attacker to gain unauthorized access to the victim's accounts or use their information for fraudulent purposes. It is important to be cautious and verify the authenticity of any links before clicking on them to protect against phishing attacks.
18.
Which of the following will help to prevent sensitive information from being compromised?
Correct Answer
B. Change your password immediately if you believe that it may have been compromised
Explanation
Changing your password immediately if you believe that it may have been compromised is an effective measure to prevent sensitive information from being compromised. By changing the password, unauthorized individuals who may have gained access to your credentials will no longer be able to use them to access sensitive information. This helps to protect the confidentiality and security of the information.
19.
What is the best way to remember your password?
Correct Answer
C. Use a passpHrase and commit it to memory
Explanation
Using a passphrase and committing it to memory is the best way to remember your password. Passphrases are longer and more complex than traditional passwords, making them harder to crack. By committing it to memory, you eliminate the risk of someone finding or accessing your written or saved password. Additionally, saving it on your computer or phone can pose security risks if they are lost or stolen.
20.
Which of the following will help to prevent sensitive information from being compromised?
Correct Answer
A. Validate a recipient as trusted and confirm their information before sending confidential information
Explanation
Validating a recipient as trusted and confirming their information before sending confidential information will help prevent sensitive information from being compromised. This ensures that the recipient is authorized to receive the information and that their contact information is accurate, reducing the risk of the information falling into the wrong hands. By verifying the recipient's trustworthiness and confirming their information, the sender can maintain confidentiality and protect sensitive data from unauthorized access or exposure.