Security awareness

Cyber savvy? Take a Quick Security Awareness Quiz to Find Out

aurelius
July 20, 2015 by
aurelius

So you think you are cyber-savvy knowledgeable in the cyber security risks you face every day in the digital world? Take this quick security quiz and find out.

Just get record your answers as you take the quiz. There are 10 questions for this security awareness quiz. You can refer to the Answers Section to check your answers. You may also want to review the explanation for each answers. The goal of this quiz is to challenge how cyber-savvy are you about the usual treats and risks then provide some knowledge sharing about each situations.

Two year's worth of NIST-aligned training

Two year's worth of NIST-aligned training

Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.

Book a Demo

Questions:

1. When is the best time to lie to your information security auditor or officer?

  1. If you want to cover up your best friend's faults or mistakes
  2. If the security auditor is not your friend and cannot be trusted
  3. If it impacts the termination of the key people in your organization
  4. None of the above
    5. 2. You came across a website that looks exactly like Facebook but it has a different domain which you have never heard of, which of the following is the best course of action that should be taken?

    1. Hack that website and deface it then post it on Facebook or Twitter.
    2. Launch DDoS (Distributed Denial of Service) attacks into that website with the help of your friends if you can't hack it in order to take it offline then post it in Facebook or      Twitter. #TangoDown!
    3. Do not login into that website and report it as a phishing page to Google Safe       Browsing Team - https://www.google.com/safebrowsing/report_phish/.
    4. Just ignore that website and login to https://facebook.com instead.

      5.  3. While visiting your favorite website for downloading the Firefox browser, a popup appears that says "You just won 100,000 US dollars! Click this link to claim your prize", what should you do?

      1. Ignore that popup and just download the Firefox browser.
      2. Click the popup and claim your prize.
      3. Report the popup and the details to the website administrator and don't download the Firefox browser.
      4. Share the link to your friends, classmates and colleagues so that they could also claim the prize because sharing is caring.
        5. 4. Your college best friend has just sent you a chat in Facebook and sent with a link. The link is a shortened URL for example https://goo.gl/wf4V8Z, what should you do?

        1. Click the link because it shouldn't be malicious since he/she is your best friend after all. There is nothing to worry about.
        2. Do not click the link and try to check the URL using an online tool that checks where it really takes you.
        3. Contact your local Computer Emergency Response / Readiness Team because it may contain malicious software.
        4. Install antivirus software, then click the link.
          5. 5. You went to Starbucks to buy a coffee and then while waiting for your order, you decided to connect to their Free WIIFI. While browsing to your Google Mail (https://mail.google.com/), the page redirects to http://www.googlemail.andrew.net. What do you think should you do?

          1. Login to where Google Mail has redirected, it's just one of Google's web sites – not suspicious at all.
          2. Disconnect to Starbuck's WIFI network.
          3. Ask the person sitting next to you if his Google Mail also redirects to http://www.googlemail.andrew.net.
          4. Find the Wireless Access Point and reboot it

            5. 6. Which of the following is a good netiquette?

            1. Do not use all caps when replying to emails or when commenting.
            2. Use internet slang when replying to a chat or a comment.
            3. Always login to websites that have SSL or HTTPS.
            4. All of the above

              5. 7. What does the Internet slang "LOL" mean?

              1. League of Legends
              2. Laughing Out Loud
              3. Laugh On Lead
              4. None of the above

                5. 8. Your Facebook friend has just posted a link on your timeline that contains nude pictures. You also noticed that he has tagged some of your mutual friends too, what is the most responsible thing you can do for this situation as a cyber-savvy?

                1. Just untagged yourself and delete the post. It doesn't matter anyway since it's already a norm nowadays.
                2. Report the malicious post to Facebook
                3. Unfriend him or her
                4. Scold your friend and explain to him or her that this could destroy your reputation.

                  5. 9. A customer service representative has just called you saying that your credit card is about to expire, he or she asked you to provide your account information and personal information in order to verify your account and to renew your credit card without telling you from what bank he or she came from. What should you do?

                  1. Ask the customer representative what bank or company he or she came from.
                  2. Verify your credit card if it really expired because expiration dates are placed on credit cards
                  3. Don't give out your personal information and credit card information yet if you don't have enough information about the customer service representative yet or about the bank.
                  4. All of the above

                    5. 10. Which of the following could help you mitigate malwares and viruses from infecting your PC?

                    1. Download software from trusted sources only
                    2. Install an antivirus program and a two-way firewall
                    3. Always update your PC when prompted for system updates
                    4. Install Wireshark to monitor and analyze the traffic of your network

                      5. Answers:

                      1. D – This is a very tricky question and it has been used in some technical and security interviews. You should never lie to your information security auditor or officer since their role is to maintain the confidentiality, integrity, and availability (CIA triad) of the assets and technologies of your organization or company. A good information security auditor or officer can help you about the cyber security problems in your organization. Even if you lost key people in your organization because of their wrongdoings – do not cover them up. There is a due process in a good organization or company.
                      2. C – This is a possible phishing attempt which could harm other cyber citizens because the website could store the login credentials if the user is not that cyber-savvy. As a concerned cyber citizen, you need to be vigilant but don't hack it or launch DDoS attacks on it instead report it to security teams or computer emergency response teams like the Google Safe Browsing Team, US-CERT, etc. By hacking and DDosing it, you are being unethical.
                      3. C – There are two possibilities of what just happened here. The website could be hacked and backdoored wherein the attacker placed a malicious link or the website administrator didn't fully review the advertising ads he or she placed on the website. You should inform the website administrator and explain to him or her that this could harm other computer users who are not that vigilant.
                      4. B – The shortened URL could take you to a malicious website which could steal your cookies, exploit the trust of your browser, or exploit the vulnerability of your browser wherein the attacker can then control your computer (check out BeeF or Metasploit video tutorials on how an attacker could control your PC if you want to know more). The best way to ensure that it will take you to a legitimate site is to use an online URL expander like http://longurl.org/. If it takes you to an unknown website or if you suspect that the website is malicious report it.
                      5. B – Someone maybe conducting ARP spoofing and routing all the Google Mail traffic to http://www.googlemail.andrew.net so it's wise to just disconnect to their WIFI connection or else your Gmail credentials will be sniffed. It would also be wise to approach their IT personnel about their problem. http://www.googlemail.andrew.net is possibly owned by the attacker. For me, it's wise not to connect to Free WIFI networks and be partially paranoid about where you connect to.

                      Fill out the form below for the answers to questions 6-10!

                      [download]Click Here to Download![/download]

                      Remember, enterprise information awareness training is a great way to keep end users up to date. Patching your system is also one way to preventing new exploits from dropping off payloads. And of course downloading trusted software from trusted sources could eliminate malicious software but if that trusted site is hacked and is currently serving malware because the attacker modified most of the software then you are not safe at all.

                      See Infosec IQ in action

                      See Infosec IQ in action

                      From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.
                      Demo Now

                      Take note that antivirus software is as good as the virus database. If there is a new virus in the wild, then it could miss detecting that virus. That's why we also need a two-way firewall, because it protects you while accessing anything outside. Take note that there is also a way to bypass these firewalls but at least you can mitigate some known threats and risks.

                      Posted: July 20, 2015
                      aurelius
                      aurelius
                      View Profile

                      aurelius is the creator of n00bs CTF Labs, bug bounty hunter, security researcher at Infosec Institute and an application security analyst. He loves playing games and watching movies aside from hacking.

                      In this Series

                      See Infosec IQ in Action
                      We’ll customize our demo to your
                      • Security awareness goals
                      • Existing security and employee training tools
                      • Industry and compliance requirements
                      Demo Now

                      Security awareness

                      Tax scam season: How to protect your data from common scams in 2024

                      Security awareness

                      Security awareness for kids: Tips for safe internet use

                      Security awareness

                      Celebrate Data Privacy Week: Free privacy and security awareness resources

                      Security awareness

                      Consumer data, who owns it and who protects it?