M27 Practice Quiz

#Cybersecurity #password

Question 1

  1. Jenna, a new hire at Dion Training, wants to ensure her work conversations remain confidential and are not susceptible to eavesdropping or shoulder surfing attacks. Which of the following should she do?

    Options:

    • Regularly change discussion venues to avoid pattern tracking by potential eavesdroppers
    • Obfuscate the conversation by speaking in codes or jargon when outside the office
    • Use the public Wi-Fi at the coffee shop for her remote meetings to improve performance
    • Hold confidential discussions in secure areas equipped with privacy measures

    Overall explanation:

    • Holding discussions in secure areas equipped with privacy measures is crucial for maintaining confidentiality. Secure areas prevent unauthorized access and are less prone to surveillance, significantly reducing the risk of eavesdropping or shoulder surfing attacks. These measures ensure that sensitive information is not inadvertently exposed to individuals who might exploit it, thereby maintaining the integrity of the conversation and protecting organizational data.

    Tags: Avoiding Social Engineering

Question 2

  1. Lisa, an executive at Dion Training, is using a password manager to maintain different strong passwords for her accounts. What additional step should she take to ensure the security of her password manager?

    Options:

    • Use a password manager with multi-factor authentication
    • Share the master password with a trusted friend
    • Write down the master password and store it someplace safe
    • Use a simple master password for easy recall

    Overall explanation:

    • Enabling multi-factor authentication (MFA) adds an extra layer of security to Lisa's password manager. This approach requires another piece of evidence besides the master password, making unauthorized access much more difficult even if the master password is compromised. MFA could involve something you know (password), something you have (a secure device), or something you are (biometric verification) to significantly enhance the security of your sensitive account information.

    Tags: Password Managers

Question 3

  1. Derek, a senior manager at Dion Training, discovers a USB drive in the parking lot and wants to identify the owner. Considering the risks, what should be his course of action?

    Options:

    • Give it to the IT department for further investigation
    • Ignore the UBS drive and leave it where it is currently located
    • Ask around the office to see if anyone lost a USB drive
    • Plug the USB into his office computer to check its contents

    Overall explanation:

    • Giving the USB drive to the IT department is the safest action to take since the IT professionals are equipped with the right tools and protocols to examine the drive safely without risking a potential security breach.
    • Plugging an unknown USB into a computer could introduce malware into the network, while ignoring it or asking around doesn't mitigate the risk of malicious content or ensure the device's proper handling.
    • The IT department can take precautionary measures to safeguard your organization's security.

    Tags: Avoiding Social Engineering

Question 4

  1. Sandra, a team leader at Dion Training, is concerned about phishing attempts targeting her team members working remotely. To address this threat, what approach should she advocate for within the team?

    Options:

    • Respond to all emails promptly
    • Share sensitive information only over phone calls and not emails
    • Click on all of the links in emails to verify the sender's claims
    • Ignore unsolicited emails that request sensitive information

    Overall explanation:

    • Choosing to ignore unsolicited emails asking for sensitive information is a key defense against phishing attempts. Phishing often involves tricking individuals into giving out personal data, and these scams commonly arrive via email. Such emails might seem legitimate but often contain deceptive content urging immediate action, such as clicking on a link or providing passwords, bank details, or other sensitive data. By ignoring these requests, the team can reduce the risk of inadvertently divulging information that could compromise personal or organizational security. It's crucial not to engage with these types of communications as they often lead to fraudulent sites designed to steal information.

    Tags: Avoiding Social Engineering

Question 5

  1. Chris, the head of the IT department at Dion Training, wants to fortify the company's defense against social engineering attacks. Which strategy should he incorporate to enhance the overall security culture?

    Options:

    • Limit additional high security protocols only to system administrator
    • Advise employees to deal with security threats independently
    • Hold regular training and conduct simulated cyber-attacks
    • Implement host-based firewall software on every workstation

    Overall explanation:

    • Holding regular training sessions and conducting simulated cyber-attacks is an integral strategy in fortifying defenses against social engineering attacks. This proactive approach ensures that employees are not only aware of potential cyber threats but are also experienced in recognizing and responding to them effectively.
    • By simulating cyber-attacks, employees can experience real-world scenarios without the actual risk. This strategy tests and reinforces their ability to react correctly to security threats, making them less susceptible to real-world attacks.
    • Additionally, these practices help in establishing a strong security culture within the organization, where everyone is aware of their role in preventing breaches, contributing to a more comprehensive and effective defense strategy.

    Tags: Creating a Culture of Security