05 May Information Security Session 3 Assessment by Cybrone Solutions in Comments Welcome to your Information Security Session 3 Quiz Name Email 1. What is a common technique used in online tech support scams? Offering legitimate technical support services Calling potential victims on the phone Claiming that the victim's device is infected with malware Providing a money-back guarantee for their services 2. What is the most effective way to prevent phishing attacks? Training employees to identify and report phishing attempts Installing the latest antivirus software on all devices Blocking all incoming emails from unknown senders 3. What is the best way to protect against password attacks? Using complex passwords Using the same password for all accounts Sharing passwords with others Writing passwords down on a piece of paper 4. . What is the primary purpose of encryption in information security? To ensure the confidentiality and integrity of data To make data accessible to anyone To delete data permanently from a device To prevent data from being transmitted over a network 5. What is a common sign that a website is not secure? The website has a lock icon in the address bar The website's URL starts with "https://" The website has a lot of pop-up ads The website asks for personal information before displaying any content 6. What is the primary purpose of phishing attacks? To steal sensitive information by tricking users into giving away their login credentials To install malware on a user's device To launch a denial-of-service attack 7. What is a common vulnerability in code related to session management? Allowing users to create weak passwords Storing session tokens in plain text Using strong encryption for network communication Using secure hashing algorithms to store passwords 8. What is a common characteristic of an online phishing scam? It involves sending unsolicited phone calls to potential victims It relies on social engineering tactics to trick users into revealing sensitive information It only targets large corporations and never individuals It requires physical access to a victim's device 9. What is the purpose of using a static code analysis tool? To find and fix security vulnerabilities in code To encrypt data sent over the network To store passwords securely To implement secure coding frameworks and libraries 10. What is information security? Protecting information from unauthorized access, use, disclosure, disruption, modification or destruction Creating information to be used for business purposes Storing information in a central database for easy access 11. Which of the following is NOT an example of a password attack? Brute-force attack Dictionary attack Trojan horse attack 12. What is a common technique used by attackers to gain access to a user's device? Social engineering Brute-force attacks Denial-of-service attacks 13. What is the primary goal of a safe browsing policy? To prevent users from accessing any website To allow users to access any website without restriction To ensure users only access trusted and secure websites To block all incoming network traffic 14. What is a safe way to browse the web? Only visiting untrusted websites Clicking on every link and attachment received in emails Only visiting trusted websites and verifying their security certificates Disabling antivirus software and firewalls 15. What is the purpose of threat modeling in secure coding practices? To identify and prioritize potential security threats and vulnerabilities To implement secure coding frameworks and libraries To encrypt data sent over the network To store passwords securely 16. What is a common vulnerability in code that can lead to security breaches? Using secure coding frameworks and libraries Ignoring input validation and sanitization Using strong encryption algorithms Regularly updating software and its dependencies 17. What is the primary goal of a web application attack? To steal sensitive information by exploiting vulnerabilities in a web application To install malware on a user's device To launch a denial-of-service attack 18. What is a common type of web attack that involves exploiting vulnerabilities in a web application's input validation? Cross-site scripting (XSS) Cross-site request forgery (CSRF) SQL injection Session hijacking 19. How can you protect yourself from vishing scams? Never provide personal information over the phone unless you initiated the call Click on any links provided in the call to verify the legitimacy of the call Provide your personal information to the caller to avoid any legal trouble Agree to pay any fees or charges requested by the caller 20. What is a common sign that an online investment opportunity is a scam? The offer promises high returns with no risk The investment is backed by a reputable financial institution The investment requires a large upfront payment The offer is only available to a select group of people 21. What is a common technique used in website spoofing attacks? Sending fake emails that contain malicious links Creating fake login pages that look like legitimate ones Hacking into a legitimate website's server Creating fake social media profiles 22. What is vishing? A type of scam that targets mobile devices A type of scam that involves impersonating a legitimate organization/person over the phone A type of scam that involves infecting a victim's computer with malware A type of scam that relies on social media to trick victims 23. Which of the following is a best practice for secure coding related to error handling? Ignoring error messages generated by the application Displaying detailed error messages to users Logging error messages without any context Displaying generic error messages to users 24. What is a common technique used in vishing scams? Claiming to be a friend or family member in distress Asking the victim to click on a link in an email Claiming that the victim has won a prize and needs to provide personal information Threatening the victim with legal action 25. Which of the following is an example of a password policy best practice? Allowing users to reuse their previous passwords Requiring users to change their password every month Allowing users to share their passwords with others Using simple and easy-to-guess passwords Thank you for the Quiz, Kindly check your email for the result. Good Luck!