Security Awareness Training

07 Dec

Welcome to your Security Awareness Training

Name

Unexpectedly, you get an email from a colleague who requests you to urgently click on an email link which they’ve sent you. What is the safest option?

The link is from a known person therefore it’s safe to open.

If the link was malicious the organization’s firewall would have flagged or blocked it, therefore it’s safe to open.

Reply to the sender to double-check if the link is safe to open as they might have sent it accidentally.

Do not click the link. Phone the sender for verification.

Information Security is the responsibility of

Information Services

All employees

Key employees handling sensitive or criminal justice data

All of the above

None of the above

What is the best way to validate a legitimate email vs. a phishing email?

Bad spelling, poor syntax and grammar are one of the tell-tale signs of a fake email.

Look at the email headers to see where it really came from.

Look for poorly replicated logos.

Contact the sender on some other medium besides email to verify whether they sent you the email.

You’re waiting for a package from overseas, but then you get a shipping delayed notification saying your package is stuck in Halifax! It's going to be returned to sender unless you click a link and confirm your shipping address. What should you do first?

Click on the provided link right away to confirm your address.

Call the number provided in the email to speak to a service agent.

Double check the sender's email address and check the provided link by hovering over it without clicking on it.

Contact the seller to complain about the delayed shipment.

Your email account has been compromised. What is the best way of preventing further unauthorized access to your email account?

Change the password and enable two-factor authentication on the email account.

Change the password, then run an anti-virus scan an anti-malware scan.

Change the login password to your computer.

Updating your email application software to the latest version.

Why is information security important?

To support and protect critical business processes and systems

To avoid potential fines

To protect employee and citizen data

None of the above

All of Above

When travelling, you use a mobile disk carried in your laptop bag to back-up your system. What is the risk here?

Electromagnetic radiation from the laptop could corrupt the backup disk.

Backups should never be stored in the same location as the original data set.

Electromagnetic airport scanners can corrupt the backup disk.

Viruses from the laptop can corrupt the backup disk.

Where should you store the encryption passphrase for your laptop?

On a sticker underneath your laptop’s battery as it’s not visible to anyone using the laptop.

On a sticky note attached to the base of your laptop.

In a password-protected Word file stored on your laptop.

Either don’t store or use the password management tool supplied/authorized by your organization.

You have a highly sensitive document which you need to email to a trusted third-party. What is the safest way to send this?

Make sure you scan the document with your anti-virus software first.

Send the document from your work email account.

Encrypt the document first. Then send the password to the third-party using a different communication method, such as SMS.

Send the document using a file sharing application.

10.

A colleague calls you telling you they have an urgent deadline to meet. But unfortunately, they have forgotten their password to the client database. What should you do to help?

Go to a computer terminal and log the user in so they can meet their deadline.

Suggest to your colleague that they call your IT helpdesk for a password reset link.

Give them your login credentials temporarily so your colleague can meet their deadline.

Put your login credentials on an encrypted USB memory stick and hand it to them.

11.

Which of the following is a good way to create a password?

Your children's or pet's names

Using look-alike substitutions of numbers or symbols

A combination of upper and lowercase letters mixed with numbers and symbols

Using common names or words from the dictionary

12.

You’ve inadvertently opened a web link contained in a suspicious email and now your computer is behaving strangely. What should course of action should you follow next?

The purpose of a firewall and security software is to block malicious code getting into your computer in the first place so no action is needed.

You need to update and run your anti-virus software.

You need to contact your IT help desk or Information Security team.

Keep an eye on the performance of your computer.

13.

You receive an email with subject: "$5 million donation from Bill Gates" and in the email they ask you to provide your telephone number and full postal address to claim the money. What's the best action?

Reply with my phone number and postal address, I want the 5 million dollars

Forward the email to friends, because sharing is caring

Report the email as spam and delete it

14.

While browsing on a shopping site, you see an ad banner for one of your favorite charities, asking you to donate for a worthy cause. You decide to donate. You should

Click on the convenient banner and enter your payment information.

Contact the charity directly to donate by going to their official website.

Contact the website that you found the ad banner on and demand to know why they are advertising false information.

None of the above.

15.

You get a call from your technical support helpdesk saying they are performing an urgent server upgrade. They ask you for your password. What should you do?

Refuse and contact your manager or Information Security team.

Get the agent's name and give him your login and password.

Get the agent's email address and email him your login and password.

Give the support representative your password, but not your login.

16.

Your friend is late to meet you at your local café, and the café has open Wi-Fi. You’ve been meaning to take a look at a jewelry website that your mom likes to beat the Black Friday rush. You should:

Only buy from the website when using a phone.

Only buy from the website if you think it is secure.

Only buy from the website when using a laptop.

Wait until you get back home and use a trusted network.

17.

What is the most important security awareness training topic?

Physical security

Information Protection

Social engineering

Remote computing protections

All of the above

18.

You’ve just got a warning from your bank that suspicious activity has been detected and to login immediately using a URL (link) provided. What is the best course of action to take?

Contact your bank using the telephone number on the back of your credit card.

Check the headers in the email and then login.

19.

A supplier has sent you a USB memory stick in the post which contains drawings of a project that you’re collaborating on. What is the safest course of action?

Perform a virus scan of the memory stick before opening any of its files.

Use the USB port in front of your computer instead of the back which enables you to disconnect the memory stick quickly if it’s infected.

Do not use the USB stick. Request the supplier to the send the file via email or upload it to a secure file sharing service.

Insert the USB memory stick but don’t click on any of the files.

20.

What does information security do?

Guards the library

Protects the network and information systems

Protects employee and citizen data

Protects information on the internet

B & C

21.

What should I do after I learn about a data breach of a website? Choose the best answer.

Nothing

Change the password of my account for that website

Change the password for my account for that website and of all other websites where I use that same password

22.

Jim is planning a holiday to Spain. Using his smartphone, he finds a nice hotel, but all the information is only in Spanish. He downloads a free translation app to help him translate the information into English. What is the biggest risk here?

The app might steal the data from his smartphone, which could lead to the compromise of sensitive data or other applications on the device or in the cloud.

The app might corrupt all the data on his phone which he uses for work.

The app might contain viruses.

The app might give him fraudulent information and he might end-up be redirected to a fraudulent site.

23.

Which of the following statements best describes the modern-day hacker?

Bored and lonely anti-social teenagers who hack as a challenge and sometimes for profit.

Computer savvy people who hack individuals and businesses as a form of competition.

Highly-organized crime gangs run like businesses who deploy highly automated and sometimes highly targeted attacks against individuals and businesses for profit.

All of the above.

24.

Why are humans still the weakest link despite security training and resources?

Threat actors spend their days thinking of new ways to exploit human vulnerabilities and are rewarded for their innovation.

Average people do not spend all their time thinking about security and may feel powerless in preventing attacks.

Cybersecurity practitioners may be the only people at their organizations who spend their workdays focused on prevention, protection and mitigation activities.

All of the above

25.

True or False: Is it considered safe to use the same complex password on all websites?

True

False

Thank you for the Quiz, Kindly check your email for the result.
Good Luck!