Information Security Awareness Quiz: MCQ!

The password "Dp0si#Z$2" would be the best choice because it is a combination of uppercase and lowercase letters, numbers, and special characters. This makes it more secure and harder for hackers to guess or crack. The other options, "mySecret," "abc123," and "keyboard," are all relatively weak passwords as they are easily guessable and lack complexity.

A combination of upper and lowercase letters mixed with numbers and symbols is a good way to create a password because it increases the complexity and makes it harder for hackers to guess or crack the password. Using a variety of characters and mixing different types of characters makes the password stronger and more secure.

If you are not careful about your Internet browsing, it can result in the installation of spyware or adware, browser hijacking, and information or identity theft. This means that by not being cautious while browsing the internet, you are susceptible to having malicious software installed on your device, your browser being taken over by unauthorized parties, and your personal information or identity being stolen.

Having a good understanding of Information Security policies and procedures is important because it helps protect individuals from being victims of security incidents. By knowing the policies and procedures, individuals can take necessary precautions to safeguard their information and prevent unauthorized access. Additionally, it provides an understanding of the steps to follow in the event of a security incident, enabling individuals to respond effectively and minimize the impact. Lastly, understanding levels of responsibility ensures that individuals are aware of their roles and obligations in maintaining information security, promoting a culture of accountability and compliance.

When receiving an email from an unknown contact that has an attachment, it is advisable to delete the email. Opening the attachment can potentially expose your computer to viruses, malware, or other security threats. Forwarding the email to co-workers or personal email accounts can also put their devices at risk. Therefore, the safest course of action is to delete the email to protect your own and others' devices from potential harm.

A malicious user can use email or webpages as a means to launch various types of attacks. Phishing attacks involve tricking individuals into revealing sensitive information, such as passwords or credit card details. Virus attacks involve infecting a system with harmful software that can damage files or steal information. Spyware refers to software that secretly gathers information about a user's activities without their consent. Therefore, all of the options listed in the question can be used by a malicious user to launch attacks.

To avoid email viruses, it is a good practice to delete unexpected or unsolicited messages as they may contain malicious attachments or links. Using anti-virus software to scan attachments before opening them is also recommended, as it helps detect and eliminate any potential viruses. Additionally, deleting similar messages that appear more than once in your Inbox can help prevent the spread of viruses through duplicate emails. Therefore, all of the above practices are effective in avoiding email viruses.

If you think your password has been compromised, it is recommended to take multiple actions to ensure your security. Changing your password is important to prevent further unauthorized access to your accounts. Reporting the incident to the proper authorities, such as system administrators, helps them investigate and take necessary actions. Additionally, checking other systems where you have accounts is crucial as the compromise may extend beyond a single platform. Therefore, all the mentioned actions should be taken to effectively address the situation and protect your online presence.

The first step in Security Awareness is being able to recognize a security threat. This means being able to identify and understand potential risks or dangers to the security of a system or network. By recognizing these threats, individuals can take appropriate measures to protect themselves and their information from potential attacks or breaches. This could involve being able to identify suspicious emails, websites, or behaviors that may indicate a security threat. Recognizing security threats is crucial in maintaining a secure and safe environment.

The correct answer is "A program that is secretly installed onto your computer and makes copies of itself which consumes your computer resources." This statement accurately describes a virus, which is a type of malicious software that replicates itself and consumes computer resources, often causing harm to the system it infects.

Sending an occasional personal email is allowed according to the user acceptance agreement. This implies that employees are permitted to use company resources for personal communication purposes, as long as it is done in moderation and does not interfere with their work responsibilities. It is important to note that conducting business for personal gain, using company resources for political purposes, and downloading music and video files are not allowed according to the user acceptance agreement.

End Users are the biggest vulnerability to computer information security because they often lack awareness and understanding of security practices. They may fall victim to social engineering attacks, such as phishing, where they unknowingly provide sensitive information to attackers. They may also click on malicious links or download infected files, introducing malware into the system. Additionally, they may use weak passwords or fail to update their software regularly, leaving systems vulnerable to attacks. Therefore, it is crucial to educate and train end users on security best practices to mitigate these risks.

There is no wrong answer here! Also, everyone should know:
- To use strong passwords and to protect their passwords.
- Practice safe computing while traveling.
- Prevent the loss of data, either electronically or physical.
- Take care in sending emails and using IM tools.
- Take the appropriate actions to protect againse virus', phishing attempts, spyware/adware installation at home and at work.
- Follow company usage policies.

The correct answer is to not give out computer or network information, not complete confidential company tasks in an unsecure setting, and not give out personal identifiable information. These measures can help prevent a social engineering attack by limiting the amount of information an attacker can gather about an individual or organization. By not giving out computer or network information, individuals can protect their systems from being compromised. Not completing confidential tasks in an unsecure setting ensures that sensitive information is not exposed to potential attackers. Similarly, not giving out personal identifiable information helps prevent identity theft and unauthorized access to personal accounts.

Experiencing frustration with co-workers, stress, and financial problems can potentially turn a trusted user into a malicious insider. Frustration with co-workers can lead to feelings of resentment and a desire for revenge, causing the individual to act maliciously. Stress can impair judgment and decision-making, making it easier for someone to engage in malicious activities. Financial problems can create desperation and a need for financial gain, leading an individual to exploit their trusted position for personal gain. These life experiences can contribute to a trusted user's motivation and willingness to engage in malicious insider activities.

The most common delivery method for viruses is through email and internet downloads. Viruses are often disguised as attachments or links in emails, which when opened or clicked, can infect the user's device. Similarly, internet downloads from untrusted sources can contain malicious software that can infect the user's system. These two methods are widely used by hackers and cybercriminals to distribute viruses as they can easily reach a large number of users and exploit vulnerabilities in their devices.

If you think the email you received is a phishing attempt, you should not click the link to see what the site looks like. This action could expose your system to malicious software or lead to the compromise of your personal information. Instead, you should avoid interacting with any links or attachments in the email, report the email, and ensure your system is secure.

The correct answer is "Always wear your security badge when leaving work, even if just for a break. They should be worn outside of the office in public so other people know where you work." This is not a good physical security practice because wearing a security badge outside of the office in public can make an individual a target for theft or unauthorized access. It is important to keep security badges concealed when outside of the office to maintain privacy and prevent potential security risks.