Cyber savvy? Take a Quick Security Awareness Quiz to Find Out
So you think you are cyber-savvy knowledgeable in the cyber security risks you face every day in the digital world? Take this quick security quiz and find out.
Just get record your answers as you take the quiz. There are 10 questions for this security awareness quiz. You can refer to the Answers Section to check your answers. You may also want to review the explanation for each answers. The goal of this quiz is to challenge how cyber-savvy are you about the usual treats and risks then provide some knowledge sharing about each situations.
Strengthen security awareness with human risk management
Infosec HRM, powered by Right-Hand Cybersecurity, provides alert-based training nudges to minimize human risk at your organization.
Questions:
1. When is the best time to lie to your information security auditor or officer?
3. While visiting your favorite website for downloading the Firefox browser, a popup appears that says "You just won 100,000 US dollars! Click this link to claim your prize", what should you do?
6. Which of the following is a good netiquette?
7. What does the Internet slang "LOL" mean?
8. Your Facebook friend has just posted a link on your timeline that contains nude pictures. You also noticed that he has tagged some of your mutual friends too, what is the most responsible thing you can do for this situation as a cyber-savvy?
9. A customer service representative has just called you saying that your credit card is about to expire, he or she asked you to provide your account information and personal information in order to verify your account and to renew your credit card without telling you from what bank he or she came from. What should you do?
10. Which of the following could help you mitigate malwares and viruses from infecting your PC?
Answers:
-
D – This is a very tricky question and it has been used in some technical and security interviews. You should never lie to your information security auditor or officer since their role is to maintain the confidentiality, integrity, and availability (CIA triad) of the assets and technologies of your organization or company. A good information security auditor or officer can help you about the cyber security problems in your organization. Even if you lost key people in your organization because of their wrongdoings – do not cover them up. There is a due process in a good organization or company.
-
C – This is a possible phishing attempt which could harm other cyber citizens because the website could store the login credentials if the user is not that cyber-savvy. As a concerned cyber citizen, you need to be vigilant but don't hack it or launch DDoS attacks on it instead report it to security teams or computer emergency response teams like the Google Safe Browsing Team, US-CERT, etc. By hacking and DDosing it, you are being unethical.
-
C – There are two possibilities of what just happened here. The website could be hacked and backdoored wherein the attacker placed a malicious link or the website administrator didn't fully review the advertising ads he or she placed on the website. You should inform the website administrator and explain to him or her that this could harm other computer users who are not that vigilant.
-
B – The shortened URL could take you to a malicious website which could steal your cookies, exploit the trust of your browser, or exploit the vulnerability of your browser wherein the attacker can then control your computer (check out BeeF or Metasploit video tutorials on how an attacker could control your PC if you want to know more). The best way to ensure that it will take you to a legitimate site is to use an online URL expander like http://longurl.org/. If it takes you to an unknown website or if you suspect that the website is malicious report it.
-
B – Someone maybe conducting ARP spoofing and routing all the Google Mail traffic to http://www.googlemail.andrew.net so it's wise to just disconnect to their WIFI connection or else your Gmail credentials will be sniffed. It would also be wise to approach their IT personnel about their problem. http://www.googlemail.andrew.net is possibly owned by the attacker. For me, it's wise not to connect to Free WIFI networks and be partially paranoid about where you connect to.
Fill out the form below for the answers to questions 6-10!
[download]Click Here to Download![/download]
Remember, enterprise information awareness training is a great way to keep end users up to date. Patching your system is also one way to preventing new exploits from dropping off payloads. And of course downloading trusted software from trusted sources could eliminate malicious software but if that trusted site is hacked and is currently serving malware because the attacker modified most of the software then you are not safe at all.
See Infosec IQ in action
Take note that antivirus software is as good as the virus database. If there is a new virus in the wild, then it could miss detecting that virus. That's why we also need a two-way firewall, because it protects you while accessing anything outside. Take note that there is also a way to bypass these firewalls but at least you can mitigate some known threats and risks.