Information Security Quiz: Ultimate Exam!

1. Is it recommended to reuse passwords on multiple sites?

True

False

Reusing passwords across sites poses a major security risk. If one site is breached, attackers could gain access to other accounts. Using unique passwords for each site mitigates this threat, enhancing overall online security.

Explanation

Reusing passwords across sites poses a major security risk. If one site is breached, attackers could gain access to other accounts. Using unique passwords for each site mitigates this threat, enhancing overall online security.

2. In a website's address, which prefix indicates that your communication is encrypted during transit?

Http://

Https://

Ftp://

Tcp://

The https:// prefix and lock symbol in the browser indicate that data is encrypted during transmission. While it reduces the risk of data interception, users should remain cautious about the website's legitimacy to ensure complete safety.

Explanation

The https:// prefix and lock symbol in the browser indicate that data is encrypted during transmission. While it reduces the risk of data interception, users should remain cautious about the website's legitimacy to ensure complete safety.

3. According to Alberta's Freedom of Information and Privacy (FOIP) legislation, can the University collect personal information about you from external sources without your consent?

True

False

Under FOIP legislation, public bodies are required to collect personal information directly from individuals unless specific exceptions apply. This ensures transparency and accountability in handling sensitive data, protecting individual privacy rights.

Explanation

Under FOIP legislation, public bodies are required to collect personal information directly from individuals unless specific exceptions apply. This ensures transparency and accountability in handling sensitive data, protecting individual privacy rights.

4. Is it acceptable to share your password with anyone, such as coworkers, friends, or IT staff?

Yes

No

Sharing passwords violates security protocols and exposes accounts to unauthorized access. Passwords should be confidential, as even trusted individuals may inadvertently compromise security. Strong policies emphasize non-disclosure to maintain system integrity.

Explanation

Sharing passwords violates security protocols and exposes accounts to unauthorized access. Passwords should be confidential, as even trusted individuals may inadvertently compromise security. Strong policies emphasize non-disclosure to maintain system integrity.

5. What is the correct definition of a computer worm?

A piece of code that copies itself and corrupts systems

A standalone program that replicates itself to spread across networks (Correct Answer)

A program that breaches security while appearing harmless

A network of infected computers controlled remotely

A computer worm is a self-replicating malware program designed to spread across networks. Unlike viruses, worms do not require a host program, making them particularly dangerous for rapidly propagating malware attacks.

Explanation

A computer worm is a self-replicating malware program designed to spread across networks. Unlike viruses, worms do not require a host program, making them particularly dangerous for rapidly propagating malware attacks.

6. According to the 2014 Ponemon report, what was the average cost per record lost during a data breach in the United States?

$50

$100

$200

$300

The 2014 Ponemon report revealed that data breaches cost organizations $201 per record lost, including $134 in indirect costs like customer churn. This figure highlights the financial impact of poor cybersecurity, underscoring the importance of robust data protection measures.

Explanation

The 2014 Ponemon report revealed that data breaches cost organizations $201 per record lost, including $134 in indirect costs like customer churn. This figure highlights the financial impact of poor cybersecurity, underscoring the importance of robust data protection measures.

7. What is the name of the software developed jointly by the U.S. and Israel that damaged nearly one-fifth of Iran's nuclear centrifuges in 2010?

Duqu

Flame

Conficker

Stuxnet

Stuxnet was a sophisticated computer worm developed by the U.S. and Israel to sabotage Iran's nuclear program. Delivered via a USB drive, it targeted industrial control systems, causing damage to centrifuges. Its ability to infiltrate air-gapped systems showcased a new level of cyber warfare complexity.

Explanation

Stuxnet was a sophisticated computer worm developed by the U.S. and Israel to sabotage Iran's nuclear program. Delivered via a USB drive, it targeted industrial control systems, causing damage to centrifuges. Its ability to infiltrate air-gapped systems showcased a new level of cyber warfare complexity.

8. A phishing attack or a communication asking a user to reveal sensitive information can prompt the user to:

Reply via email

Open a webpage to enter information

Open a file and send to a different location

Provide sensitive information over the phone

Phishing attacks employ various methods, such as emails, websites, file attachments, or phone calls, to trick users into divulging credentials. Vigilance and verification are critical to avoid falling victim to such scams.

Explanation

Phishing attacks employ various methods, such as emails, websites, file attachments, or phone calls, to trick users into divulging credentials. Vigilance and verification are critical to avoid falling victim to such scams.

Submit

9. The Sandworm malware, distributed by Russian hackers, exploits a zero-day vulnerability in which Microsoft Office product?

Microsoft Word

Microsoft Excel

Microsoft Powerpoint

Microsoft Outlook

Sandworm malware leverages a vulnerability in PowerPoint, using a malicious .INF file to download additional malware. This type of attack highlights the risks associated with unpatched software and underscores the need for regular updates.

Explanation

Sandworm malware leverages a vulnerability in PowerPoint, using a malicious .INF file to download additional malware. This type of attack highlights the risks associated with unpatched software and underscores the need for regular updates.

10. According to the University of Lethbridge Password Standard, how often should passwords be changed?

90 days

6 months

1 year

No expiration date on passwords

The University of Lethbridge Password Standard mandates changing passwords every 90 days. This practice minimizes the risk of unauthorized access by reducing the likelihood of compromised credentials being exploited over extended periods.

Explanation

The University of Lethbridge Password Standard mandates changing passwords every 90 days. This practice minimizes the risk of unauthorized access by reducing the likelihood of compromised credentials being exploited over extended periods.