General Cybersecurity Awareness Quiz

Questions and Answers

Which of the following is the biggest cybersecurity threat to organizations?

Software vulnerabilities (correct)

Insider threats

Natural disasters

External hackers

What can happen if you plug a personal device into a work computer?

Nothing, it's perfectly safe

It could introduce malware to the network (correct)

Personal data will be backed up automatically

Work files will be copied to the device

True or False: A VPN ensures complete immunity from cyberattacks.

False

What is the most secure password?

LongPhraseWithNumbers123!

What should you do before updating software?

Verify updates through official channels

What is PII?

Personally Identifiable Information

Which of the following is NOT an example of PII?

Business phone number

What is the best way to protect sensitive data?

Encrypt it

True or False: Sharing PII without encryption is acceptable for internal use.

False

Why is protecting PII important?

All of the above

Which of the following is a common sign of a phishing email?

All of the above

What is social engineering?

Manipulating people to gain sensitive information

What should you do if you suspect a phishing attempt?

Report it to IT security

Which is NOT a social engineering tactic?

Enabling 2FA

What is the first step to protect against phishing?

Enable email spam filters

What does ransomware do?

Encrypts files and demands payment

How can you prevent malware infections?

All of the above

What should you do if a ransomware attack occurs?

Disconnect the infected device

True or False: Paying the ransom guarantees recovery of your data.

False

Which of the following is NOT a type of malware?

Firewall

What is a common risk of remote work?

All of the above

What tool should you use when connecting to public Wi-Fi?

VPN

What is a secure practice for remote work?

Using strong, unique passwords

How can you secure your home Wi-Fi network?

All of the above

What should you do if you suspect a security breach while working remotely?

Report it to IT immediately

What is the first step in responding to a suspected security incident?

Report it to the IT team

Which of the following should be included in an incident report?

All of the above

Why is it important to report security incidents immediately?

All of the above

True or False: Incident response is solely the responsibility of IT.

False

What should you NOT do when responding to a security incident?

Tamper with evidence

Why is it important to regularly update software and tools?

To fix security vulnerabilities

Which is NOT a secure way to share sensitive files?

Using public file-sharing services

What is the purpose of a password manager?

To store strong passwords securely

How can you ensure the safe use of collaboration tools like MS Teams?

All of the above

What is the primary purpose of a VPN?

Encrypt and secure communication

Study Notes

General Cybersecurity Awareness

• Biggest cybersecurity threat to organizations: Software vulnerabilities.
• Personal device plugged into work computer: Could introduce malware to the network.
• VPN and cyberattacks: A VPN does not guarantee complete immunity from cyberattacks.
• Secure password: Long phrases with numbers and symbols.
• Software updates: Verify updates through official channels before applying them.

Protecting Personally Identifiable Information (PII)

• PII definition: Personally Identifiable Information.
• PII example (not): Business phone number.
• PII examples: Credit card number, Social Security number, email address.

Phishing and Social Engineering

• Phishing email red flags: Urgent language, mismatched email domains, unexpected attachments.
• Social engineering: Manipulating people to gain sensitive information.
• Responding to a suspected phishing attempt: Report it to IT security.
• Not a social engineering tactic: Enabling 2FA.
• Protecting against phishing: Enable email spam filters.

Ransomware and Malware

• Ransomware action: Encrypts files and demands payment.
• Preventing malware infections: Keep software updated, use antivirus software, avoid clicking unknown links.
• Ransomware attack response: Disconnect the infected device.
• Ransom payment and data recovery: Paying the ransom does not guarantee data recovery.
• Not a type of malware: Firewall.

Remote Work Security

• Remote work risk: Unsecured networks, device theft, sensitive data exposure.
• Public Wi-Fi security: Use a VPN.

Incident Reporting and Management

• First step in security incident response: Report it to the IT team.
• Incident report components: Description of the event, date and time of the incident, actions taken in response.
• Importance of immediate incident reporting: Minimizes damage, allows quick mitigation, prevents further attacks.
• Incident response responsibility: Not solely the responsibility of IT.
• Security incident actions to avoid: Tampering with evidence.

Secure Use of Software and Tools

• Software updates importance: To fix security vulnerabilities.
• Secure file sharing: Use encrypted file-sharing platforms, secure email, password-protected links.
• Password manager purpose: To store strong passwords securely.
• Collaboration tools security: Avoid clicking unknown links, restrict access to sensitive channels, use strong passwords.
• VPN purpose: To encrypt and secure communication.

Description

Test your knowledge on important cybersecurity practices, including threats, securing PII, and identifying phishing attempts. This quiz covers key principles that every individual should know to protect themselves and their organizations from cyber threats.