Blog

Security awareness questions and answers

Q1: Which of the following three is the strongest password?

  1. starwars
  2. 1qaz2wsx
  3. trEEGCv-

Ans: The correct answer is 3. 

Q2: Which of the following is a weak password?

  1. 123456
  2. P@ssw0rd
  3. ILoveYou123
  4. All of the above

Ans: The correct answer is 4. All of the passwords are weak and already leaked in data breaches.

Q3: How often should I change a password?

  1. Never
  2. Every week
  3. Every month
  4. Every year
  5. Only when there’s proof or suspicion of compromise

Ans: The correct answer is 5. 

Q4: Is it considered safe to use the same complex password on all websites?

  1. Yes
  2. No

Ans: The correct answer is 2.

Q5: What should I do after I learn about a data breach of a website? Choose the best answer.

  1. Nothing
  2. Change the password of my account for that website
  3. Change the password for my account for that website and of all other websites where I use that same password

Ans: The correct answer is 3. 

Q6: What are the characteristics of a strong password?

  1. Long
  2. Long, random and unique
  3. Long, unique
  4. Long, random

Ans: The correct answer is 2. 

Q7: If you want to share a password with someone, what’s the best option?

  1. Send it via email
  2. Send a text message
  3. Tell it via the phone
  4. None of the above

Ans: The correct answer is 4. A password is personal data which shouldn’t be shared with others.

Q8: Which of the following is the most secure backup strategy?

  1. One backup on an external harddisk and another one on a cloud backup
  2. 2 backups on 2 different external harddisks
  3. A backup on an external harddisk

Ans: The correct answer is 1. Because you spread the backups over 2 geographically different regions, which makes your backup strategy more resilient. 

Q9: You open a website and it has a padlock in the browser bar (the lock icon in front of the URL). Which statements are true?

  1. I can be sure that this is a legit, non-malicious site
  2. It tells me that the site is 100% secure
  3. The traffic between my computer (browser) and the server that runs the website is secured
  4. No one, even my Internet Service Provider doesn’t know which site I visit.
  5. This could be a phishing site.

Ans: The correct answers are 3 and 5.

Q10: Is it generally considered safe to use Starbucks Public Wi-Fi network for performing an online banking operation?

  1. Yes, it is safe
  2. No, it can be dangerous

Ans: The correct answer is 2.

Q11: Is it secure to enter your private information (e.g., data of birth, identification number etc.) on a site with an address that starts with “http://”?

  1. Yes
  2. No

Ans: The correct answer is 2. 

Q12: Which of the following statements are correct? When I use incognito or private mode in a browser…

  1. No one can see the websites I visited, even not my Internet Service Provider.
  2. Others that use my device can’t see which sites I visited
  3. I’m anonymous for that website

Ans: The only correct answer is 2. Private or incognito browsing only implies that your search and browsing history isn’t saved.

Q13: Your business email account has been compromised and leaked in a data breach. What is the best course of action(s)?

  1. Change your password immediately
  2. Inform the security team of your organization
  3. Change the Password on all sites where you use the same password
  4. All of above

Ans: The correct answers is 4.

Q14: Is it useful to run antivirus software on an Android phone?

  1. Yes
  2. It depends, only if you download apps from outside of Google’s official app store
  3. No

Ans: The correct answer is 1. Even Google Play, Google’s offical app store is known to host apps that can contain viruses. 

Q15: Which of the following are considered personal data under GDPR (more than 1 answer possible)?

  1. Your IP address
  2. Your birthdate
  3. Your home address
  4. Only your firstname

Ans: The correct answers are 1, 2 and 3.

Q16: If you receive a call from someone that says to be a clerk from your bank, is it ok to give your bank account details over the phone?

  1. Yes
  2. Never
  3. Only if I recognize that the phone number is from my bank.

Ans: The correct answer is 2. You shouldn’t give your bank account details over the phone. 

Q17: You receive an email with subject: “$5 million donation from Bill Gates” and in the email they ask you to provide your telephone number and full postal address to claim the money. What’s the best action?

  1. Reply with my phone number and postal address, I want the 5 million dollars
  2. Forward the email to friends, because sharing is caring
  3. Report the email as spam and delete it

Ans: The correct answer is 3. If something is too good to be true it just isn’t true. No one will email you out of the blue to give you such an amount of money.

Q18: You’re browsing and on a random site a pop-up to get free access to Netflix appears. What’s the most secure action?

  1. Follow the pop-up instructions to get the free access
  2. Immediately close the pop-up and don’t proceed

Ans: The correct answer is 2.

Q19: You receive an email from ‘hajhsyye@sound.ocn.ne.jp’ that urges you to reset your Hyundai password. What should you do?

  1. Change my password immediately as per the instructions given in the email
  2. Don’t proceed and delete the email

Ans: The correct answer is 2. If SomeWebsite would ask you to reset your password the mail would come from an official SomeWebsite.com email address. 

Q20: Is the following statement true or false? Reusing the same password across multiple sites is a good idea. It’s very convenient after all.

  1. True
  2. False

Ans: The correct answer is 2. It sure is convenient, but this convenience comes with a price.

Q21: Is it considered a good security practice to leave your machine unlocked when you leave your desk?

  1. Yes
  2. No

Ans: The correct answer is 2. It’s not a good idea, if you don’t lock your device everyone in the office has the possibility to access the (confidential) data on your device.

Q22: If you receive an unexpected phone call from Microsoft technical support, should you?

  1. Follow their instructions
  2. Give them your password
  3. Call them back
  4. Hang up

Ans: The correct answer is 4.

Q23: If you receive a suspicious email, should you?

  1. Reply to it
  2. Open the attachments
  3. Click the links
  4. Report it to the phishing reporting mailbox of your government

Ans: The correct answer is 4. 

Q24: You’re being texted that your parcel delivery will be delayed. In order to expedite it you need to?

  1. Reply to the text
  2. Click on the link provided in the sms
  3. Think first, am I expecting anything? If not report and delete the sms

Ans: The correct answer is 3.

Q25: Is the following statement true or false. Because operating system updates are time consuming and may need to restart the machine it’s a good idea to postpone them as long as possible.

  1. Yes
  2. No

Ans: The correct answer is 2. 

Q26: Which of the following statements are correct?

  1. Phishing is a form of social engineering.
  2. Phishing is a so called “spray and pray” technique in which an attacker sends out the same email to hundreds of potential targets in the hope they will fall victim.
  3. All of the above

Ans: The correct answer is 3.

Q27: Imagine you work for the finance department of a company. You received an email from your company’s CEO and they want you to immediately transfer a few millions to a bank account provided in the email. Will you execute the transaction?

  1. Yes, I will do so if my CEO asks me.
  2. I will only execute the transaction after I got confirmation from the CEO through another channel.

Ans: The correct answer is 2..\

Q28: If you suddenly see the following page in the browser, is it a good idea to claim your present?

  1. Yes
  2. No

Ans: The correct answer is 2.

Q29: Which of the following statements about a phishing email are true?

  1. The email comes out of the blue. There’s no context or previous contact with the sender
  2. The email contains a sense of urgency to get a particular action done
  3. All of the above

Ans: The correct answer is 3.

Q30: You receive a SMS from a supplier/vendor who asks you to click on a link to renew your contract. You should:

  1. Proceed without worrying
  2. Don’t proceed by clicking on the link in SMS

Ans: The correct answer is 2. 

Q31: Which month is considered or recognized as Cyber Security Month?

  1. September
  2. October
  3. November
  4. December

Ans: the correct answer is 2. October is Cyber Security awareness month. During October a lot of practical security awareness content is being shared.

Q32: The person who performs a social engineering attack is known as?

  1. An Information Engineer
  2. A Social Engineer
  3. A Social Media Activist

Ans: The correct answer is 2.

Q33: Imagine you find a USB device in the hallway at work. What’s the best thing to do?

  1. Pick it up and plug it in to see what’s on the USB device. Maybe you can identify the owner.
  2. Leave it in the hallway or bring it to the reception desk, such that the person who lost it can get it back.
  3. Pick it up, don’t plug it in but inform your IT department because this could be a USB device containing malware to infect your company’s systems.

Ans: The correct answer is 3.

Q34: Which URL(s) bring(s) you to Google’s Home Page?

  1. https://google.com
  2. https://gogle.com
  3. https://gooogle.com
  4. All of above

The correct answer is 4. 

Q35: Which of the following URLs could NOT be used in a so called ‘Typosquatting Attack’?

  1. http://microsoft.com
  2. http://mircosoft.com
  3. http://miroosoft.com
  4. All of the above

Ans: The correct answer is 1. 

Q36: You receive the following email which contains “This message was sent from a trusted sender” in the body. Does this mean you can trust that this email is legitimate?

  1. Yes
  2. No

Ans: The correct answer is 2. 

Q37: If you receive the following email, is it a good idea to proceed to get help from CBD?

  1. Yes
  2. No

The correct answer is 2. 

Q38: You receive the following invite to take a quiz. You decide to take the quiz to receive the free glasses. This is…

  1. A good idea, free stuff is always nice
  2. This is a bad idea, this is a scam to steal my personal data

Ans: The correct answer is 2.

Q39: Which of the following things help to decide whether an online shopping website is trustworthy?

  1. The address of the website starts with ‘https://’
  2. There’s a seal on the website that says ‘100% secure’
  3. Do a bit of research to see whether the site has a good reputation
  4. Read on the website and look for positive reviews of other customers

Ans: The correct answer is 3.

Q40: For online shopping it’s best to use…?

  1. A credit card
  2. A debit card

Ans: The correct answer is 1. 

Q41: I don’t use a PIN on my smartphone but keep it with me. What could go wrong?

  1. When I lose it all my information and apps are accessible by the finder
  2. When I leave my phone unattended, miscreants can gain access to all my online accounts using my email address
  3. When my phone gets stolen the thieves can access all my information and apps
  4. All of the above

Ans: The correct answer is 4. 

Q42: Is it a good idea to pay criminals that encrypted the files on your computer by deploying so called ransomware? Why or why not? Select all applicable answers.

  1. Yes, because you can be sure you will regain access to your files.
  2. Yes, because you don’t have to care about backups yourself.
  3. No, because you have no guarantee that you will regain access to your files.
  4. No, because even when you get your files back criminals might attack you later again because they are still active on your network.

Ans: The correct answers are 3 and 4..

Understanding Tree Traversal Algorithms: A Comprehensive Guide for Beginners

Tags:

Leave a Reply