Security Awareness Month Quiz
Happy Security Awareness Month! There’s no better time to educate yourself – or reassure your existing knowledge, as the case may be – about the dos and don’ts of security and being safe with computers. Let’s see how much you know!
- 1.
It's safe to open e-mail attachments and click on e-mail links, even if the message is from someone you don't know.
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
Even though email messages get scanned via multiple vendors for malware, spyware and phishing, there is no guarantee that they will catch every instance of malware. It is recommended that you only open attachments and click on links if messages are from an individual you know. Enabling Safe Senders for Outlook is a good way to accomplish this.Rate this question:
-
- 2.
It's ok to share your work password with others.
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
Your work password should never be shared with anyone; even your manager.Rate this question:
-
- 3.
The following are characteristics of a good work password:
- A.
The password is the same as another online account
- B.
The password is at least 4 characters long
- C.
The password uses a combination of lowercase, uppercase, and special characters
- D.
The password contains part of a family members birthday
- E.
All of the above
Correct Answer
C. The password uses a combination of lowercase, uppercase, and special charactersExplanation
You should never choose your work password to be the same as any other accounts. You should also not use family birthdays, names, or other publicly available information about you or your family as part of your password.Rate this question:
-
- 4.
If you received a message that you suspect may be spam or a phishing attempt, what should you do with the message?
- A.
Open it up and click any links or attachments in the message
- B.
Delete the message
- C.
Forward it to a co-worker to see if they can open it
Correct Answer
B. Delete the messageExplanation
If it looks suspicious it is safest to delete the message and not expose yourself and SAS to risk.Rate this question:
-
- 5.
Which of the following should you not do with your password?
- A.
Say it out loud
- B.
Email it to an associate
- C.
Provide it to your manager
- D.
All of the above
Correct Answer
D. All of the aboveExplanation
Passwords are meant to be secret and only known by you and not shared in any way.Rate this question:
-
- 6.
Where should keep your password in case you forget it?
- A.
Someplace easily seen from your computer
- B.
Someplace out of sight like in a drawer or under your keyboard
- C.
If you have to write down your password, it should be stored in a password keeper or vault.
Correct Answer
C. If you have to write down your password, it should be stored in a password keeper or vault.Explanation
Passwords should never be written down unless they are being stored in a password vault or storage utility and protected by a master password.Rate this question:
-
- 7.
Password challenge questions, used for resetting passwords on some Internet sites, should not be used if they contain publicly available information.
- A.
True
- B.
False
Correct Answer
A. TrueExplanation
Know what you've posted about yourself. A common way that hackers break into financial or other accounts is by clicking the "Forgot your password?" link on the account login page. To break into your account, they search for the answers to your security questions, such as your birthday, home town, high school class, or mother's middle name. If the site allows, make up your own password questions, and don't draw them from material anyone could find with a quick search.Rate this question:
-
- 8.
It is safe to connect a USB drive that you found in the parking lot to your work computer.
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
GIS should be contacted to clean the device or you can contact Security to put the drive in lost and found.Rate this question:
-
- 9.
If someone calls you and requests information about where you work, the employees, your work account, passwords, or personal information about yourself you should:
- A.
Answer them as truthfully as possible
- B.
Give them your work e-mail address so they can email you the information they need
- C.
Deny their request and contact Security about the call.
Correct Answer
C. Deny their request and contact Security about the call.Explanation
Cases like this is when someone is trying to social engineer you for information about your workplace.Rate this question:
-
- 10.
It's ok to setup a rule to auto-forward all of your work e-mail to an external e-mail account like Gmail or Hotmail.
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
Auto-forwarding rules are prohibited by company policy. You can forward individual mails to your personal account as long as the communications are not company confidential.Rate this question:
-
- 11.
It's not OK to accept 3rd party/customer data without permissions from Information Security.
- A.
True
- B.
False
Correct Answer
A. TrueExplanation
Information Security has a request form that will walk you through the process of accepting 3rd party data.Rate this question:
-
- 12.
An 8 character password containing a mix of uppercase, lowercase and special characters can be cracked in under a day.
- A.
True
- B.
False
Correct Answer
A. TrueExplanation
Hackers are now using Graphics cards in order to help brute force passwords. The 8 character keyspace can be traversed in under 24 hours with multi-GPU machines: http://arstechnica.com/security/2012/08/passwords-under-assault/Rate this question:
-
- 13.
If you set your anti-virus software to auto-update then you don't need Windows Automatic Updates.
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
Anti-virus is not a replacement for regularly applying patches and security updates.Rate this question:
-
- 14.
According to the FBI and the Computer Security Institute, most information security breaches occur due to what?
- A.
External Hackers
- B.
Poor Programming Techniques
- C.
Internal Employees
- D.
Bad Firewall Settings
Correct Answer
C. Internal EmployeesExplanation
Internal employees tend to be the cause of the most information security breachesRate this question:
-
- 15.
It is not safe to e-mail business documents to your home computer to work on them.
- A.
True
- B.
False
Correct Answer
A. TrueExplanation
You should work on business documents on a corporate issued machine by either working on it in the office, or remotely connecting to your work machine and working on them remotelyRate this question:
-
- 16.
If you are browsing the Internet and suddenly you get a prompt asking you to download a file and run it, what should you do?
- A.
Download the file and run it.
- B.
Cancel the download and close your browser.
- C.
Download the file and e-mail it to a co-worker to see if it is legitimate.
Correct Answer
B. Cancel the download and close your browser.Explanation
If you are prompted to download a file when simply browsing the internet, then chances are you've navigated to a site that is infected and is trying to infect you. It is best to cancel the download, close the browser and run a full AV scan on your machine.Rate this question:
-
- 17.
What type of attack relies on the trusting nature of employees and the art of deception?
- A.
Fraud
- B.
Phishing
- C.
Social Engineering
- D.
Dumpster Diving
Correct Answer
C. Social EngineeringExplanation
Social Engineering is when an attacker tries to gain information about an attack based on information they already know about you or pretending to misrepresent themselves to you in hopes that you will trust them.Rate this question:
-
- 18.
You receive an e-mail message from a deposed Prince of Nigeria. What do you do?
- A.
Forward it to all of your friends
- B.
Follow all his instructions to the letter and wait for your check in the mail
- C.
Highlight the message and hit "Control + Shift + Delete" to completely remove the message
Correct Answer
C. Highlight the message and hit "Control + Shift + Delete" to completely remove the messageExplanation
These types of e-mails are called 419 or 411 scams. These are e-mails that try to encourage you to perform fraudulent activities on behalf of someone in another country (such as laundering money).Rate this question:
-
- 19.
You are using e-mail to send and receive private information (e.g. medical data, salary information, social security numbers, passwords) for an approved, business need. What should you do?
- A.
Encrypt the information before sending it through e-mail
- B.
Put the information in many small messages so that only a small information will be exposed if it falls into the wrong hands
- C.
Put all of the information in one large message before sending it to reduce the chance that it will fall into the wrong hands
Correct Answer
A. Encrypt the information before sending it through e-mailExplanation
Encrypting the information before sending it through email ensures that the data is protected and cannot be accessed by unauthorized individuals. Encryption converts the information into a code that can only be deciphered with a decryption key, making it extremely difficult for anyone else to read or understand the content of the email. This helps to maintain the confidentiality and integrity of the private information being transmitted.Rate this question:
-
- 20.
It's OK to post personal information about yourself on Twitter or Facebook.
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
You should limit the personal information you post about yourself and your family on Twitter, Facebook and other social media sites. This information could be used in order to perform social engineering on you or your family. You should configure privacy settings to be as strict as possible on such sites to limit prying eyes. All information posted to social media sites should be considered permanent, no matter what the privacy policies of the sites state.Rate this question:
-
- 21.
It's OK to click website links in e-mails, from other untrusted websites, or in IM messages that go to sites that I trust (Facebook, Twitter, Google, etc).
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
You should only access trusted sites (Google, Facebook, Twitter, etc) by entering the URL directly or via a bookmark. Clicking on links in e-mail and from other untrusted sites may allow an attacker to steal or capture your credentials.Rate this question:
-
- 22.
When entering personal data such as credit card information into a website, it is important to look for the lock symbol or verify the url starts with 'https" to insure the transaction is protected by SSL encryption.
- A.
True
- B.
False
Correct Answer
A. TrueExplanation
Before you enter sensitive data in a web form or on a webpage, look for signs—like a web address with https and a closed padlock beside it—that it is secure.Rate this question:
-
- 23.
Which of the following is the best protection technique for a home wireless network
- A.
MAC address filtering
- B.
Hidden SSID
- C.
WEP encryption
- D.
WPA2 encryption
Correct Answer
D. WPA2 encryptionExplanation
MAC filters are not protection from an intruder as MAC information can be obtained via wireless sniffers and this information be spoofed. Hiding your SSID will also not keep intruders out since the SSID can still be detected via a wireless sniffer. WEP is not a suitable wireless protection mechanism because this encryption technique can easily be cracked in a number of minutes. WPA2 Pre-shared key with a lengthy key is the preferred standard.Rate this question:
-
- 24.
If you receive an e-mail plea from a family member asking for money, it's OK to repond and wire them money since they sent the message from their e-mail account.
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
These types of scams are common when an e-mail account has been hacked. The first course of action is to try and contact the person (not via e-mail) and confirm if they really need money and let them know that their e-mail account may have been hacked.Rate this question:
-
- 25.
If you've spoken to your kids about being safe on the Internet, then there is no need to filter web content for them.
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
Web content should always be filtered for children. OpenDNS provides DNS-based protections for free. Other Anti-Virus companies also provide protections and filters for children accessing the Internet.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 22, 2023Quiz Edited by
ProProfs Editorial Team -
Sep 14, 2012Quiz Created by
Bubbanc
Back to top