









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Security Awareness Training Q&A
Typology: Exams
1 / 17
This page cannot be seen from the preview
Don't miss anything!










The Psychology of Social Engineering
Q1: Which psychological principle is most commonly exploited when an attacker creates a sense of urgency in a phishing email?
o Answer: C) Scarcity o Rationale: Scarcity, or a manufactured sense of urgency, is a powerful psychological trigger. It pressures the victim to act quickly without thinking, bypassing careful scrutiny of the message. Attackers use phrases like "Your account will be closed" or "Limited time offer" to create this feeling. Q2: In the social engineering lifecycle, which phase involves the attacker gathering publicly available information about the target? o Answer: B) Research / Information gathering
o Rationale: Before an attack begins, the attacker researches their target, collecting data from public sources like LinkedIn, company websites, and social media. This information is used to craft a believable and targeted attack. Q3: An attacker leaves a USB drive labeled "Executive Bonuses" in a parking lot, hoping an employee will pick it up and plug it into their computer. This technique is called: o Answer: B) Baiting
o Rationale: Baiting is a social engineering tactic that promises an item or good to entice victims. The physical media (e.g., USB drive) is often infected with malware that will be installed when the victim uses the device. Q4: Which of the following is an example of a "smishing" attack?
o Answer: B) An SMS message with a link to a malicious site o Rationale: Smashing is a form of phishing that uses SMS text messages to deliver malicious links or requests for personal information. Q5: "Tailgating" in a physical security context refers to:
o Answer: B) Following an authorized person through a secure door without presenting credentials o Rationale: Tailgating (or piggybacking) occurs when an unauthorized person gains entry to a restricted area by closely following an authorized person who has unlocked a door or passed through a checkpoint.
📧 Recognizing and Handling Email Threats (Phishing)
Q6: You receive a suspicious email. What is the most important reason to report it rather than just delete it? o Answer: Others likely received the same email and might not know it was a phishing attempt. o Rationale: Reporting a suspected phishing email allows the security team to analyze the threat, block the malicious links or attachments, and warn other users. Deleting it only protects you.
Q7: Which email header field is most reliable for detecting a spoofed sender address? o Answer: C) Received
o Rationale: The Received header shows the email's path through servers. By reviewing it, you can often see if the email originated from an unexpected server. The "From" address is easily forged. Q8: Why do cybercriminals often target many people at an organization rather than just those with access to bank accounts? o Answer: So they can use access to a computer or account within the organization to attack others 'from the inside'. o Rationale: Once any user's account is compromised, an attacker can use it as a beachhead to move laterally across the network, escalating privileges and eventually accessing valuable data or systems.
Q9: You receive an urgent text message from your "manager" asking you to buy gift cards or wire money. What should you do?
o Answer: Contact your manager directly using a phone number you know is legitimate, not the one in the message.
o Rationale: This is a common phishing scam (CEO fraud or business email compromise). Always verify any unusual or urgent request for money or sensitive information by using a trusted communication channel.
🔑 Passwords & Multi-Factor Authentication (MFA)
Q10: What is the primary purpose of using a strong, unique password?
o Answer: To protect personal information and organizational assets from unauthorized access.
o Rationale: Strong passwords—long, complex, and unique for each account—make it difficult for attackers to guess or crack them. Using unique passwords prevents a single breach from compromising multiple accounts.
o Rationale: Ransomware is a type of malware that blocks access to data or systems, typically by encryption, until a ransom is paid. Prevention through backups and user awareness is key.
Q17: What is a "zero-day" exploit? o Answer: An attack that takes advantage of a software vulnerability that the vendor is not yet aware of and has not patched. o Rationale: Because no patch exists at the time of discovery, zero-day exploits are particularly dangerous and are often used in highly targeted attacks. Q18: What is the function of a "keylogger"?
o Answer: To record every keystroke a user makes on their device. o Rationale: Keyloggers can be hardware devices or software programs used to capture sensitive data like passwords, credit card numbers, and private messages, which are then sent to the attacker.
☁ ️ Secure Browsing & Device Use
Q19: You have been using an AI chatbot for work and it requests access to specific project details. What should you do?
o Answer: Consult your organization’s security policy regarding sharing sensitive information with AI assistants.
o Rationale: Many organizations have policies that prohibit feeding proprietary or confidential information into third-party AI tools, as that data may be used to train the AI or be accessible to others. Q20: What is the essential first step to protect a new IoT device, like a smart lock or camera, before connecting it to your home network? o Answer: Change the default administrative password.
o Rationale: Default passwords are widely known and published online. Failing to change them leaves the device, and your entire network, vulnerable to easy compromise.
Q21: What is "shoulder surfing"? o Answer: A social engineering technique where an attacker looks over your shoulder to steal your password, PIN, or other sensitive information. o Rationale: A simple but effective low-tech threat. Always be aware of your surroundings when entering sensitive information on a device in a public space. Q22: Which of the following practices is most essential for maintaining safe computing on personal and organizational devices? o Answer: Regularly updating software and operating systems.
o Rationale: Security patches are released specifically to fix known vulnerabilities. Failing to apply updates leaves your devices open to exploitation by malware and attackers.
🛡 ️ Protecting Company Data & Privacy
Q23: A "data breach" is best defined as:
o Answer: An incident where sensitive, protected, or confidential data is copied, transmitted, viewed, or stolen by an unauthorized individual.
o Rationale: A data breach can be intentional or accidental. It's a failure of data protection that can have severe legal, financial, and reputational consequences.
Q24: What is the primary purpose of designating October as "Cyber Security Awareness Month"?
o Answer: To raise awareness about cyber security risks and best practices among employees and the general public.
o Rationale: It's a dedicated time for organizations and individuals to focus on staying safe online through education and community engagement.
Q25: According to KnowBe4, what is the primary goal of effective Security Awareness Training (SAT)?
o Answer: To modify user behavior in a manner that improves cyber hygiene. o Rationale: The ultimate goal of SAT is to create a "human firewall" by fostering a security-conscious culture and teaching people how to make safer decisions online, not just to check a compliance box.
💡 General Knowledge & Core Concepts
Q26: Who is Kevin Mitnick, and what is his role at KnowBe4? o Answer: A former hacker known as the "World's Most Wanted Hacker," now the Chief Hacking Officer (CHO) at KnowBe4. o Rationale: His practical experience is used to shape the training, giving it authenticity and real-world relevance. Q27: What does the acronym "BYOD" stand for in information security?
o Answer: Bring Your Own Device. o Rationale: BYOD policies govern how employees can use their personal devices (laptops, phones, tablets) to access company networks and data, introducing specific security risks.
Q28: What is a "botnet"?
Q34: Which of the following is a sign of a social engineering attempt?
o Answer: A caller claiming there is a problem with your computer that needs to be fixed immediately.
o Rationale: A sense of urgency, fear, and unsolicited requests for information are all hallmarks of social engineering. The goal is to bypass rational thought and provoke an emotional reaction.
Q35: What is "pretexting"?
o Answer: The act of creating a false, fabricated scenario (pretext) to engage a victim and extract information. e.g., an attacker pretending to be a bank representative.
o Rationale: Pretexting builds a fake identity and story to establish trust and legitimacy with the target.
Q36: You are in a coffee shop and connect to a Wi-Fi network named "Free_Coffee_WiFi." This is an example of a potential:
o Answer: Evil Twin attack o Rationale: An attacker can set up a fake access point with a believable name to intercept all traffic. Always verify the official network name with staff or use your phone's hotspot and VPN.
Q37: An attacker gains physical access to an office and looks for sticky notes with passwords under keyboards or on monitors. This technique is known as:
o Answer: Dumpster diving o Rationale: Dumpster diving isn't just about literal trash; it includes searching desks, printers, and other accessible areas for any information that can be used for an attack.
Q38: An attacker sends an email to a specific individual in the finance department with a malicious invoice attachment. What is this targeted attack called? o Answer: Spear phishing
o Rationale: Unlike broad phishing campaigns, spear phishing is highly targeted, using personal information to appear legitimate and increase the chance of success.
Q39: An attacker sends an email to a CEO asking for an urgent wire transfer to a known vendor but with an updated bank account number. This is known as:
o Answer: CEO Fraud / Business Email Compromise (BEC) o Rationale: This high-level phishing attack impersonates a senior executive to trick an employee in finance or HR into authorizing fraudulent payments.
Q40: You receive a text message claiming you've won a prize and asking you to click a link. What is the safest action?
o Answer: Delete the message immediately without clicking the link.
o Rationale: Unsolicited "prize" messages are almost always a lure. Even interacting with the message can confirm your number is active to attackers.
Q41: Which of the following is NOT a common red flag of a phishing email?
o Answer: An overly friendly and relaxed tone.
o Rationale: While phishing emails can have poor grammar or urgent tones, some are sophisticated and may seem professional. The key is to be suspicious of any unexpected email requesting action or information.
Q42: The "Research" phase of a social engineering attack is primarily conducted using which of the following methods? o Answer: Open Source Intelligence (OSINT) gathering from sources like social media, news articles, and company websites. o Rationale: Attackers rely on publicly available information. The less you share professionally, the harder it is to be a target.
Q43: An attacker creates a fake website that looks identical to a company's internal HR portal to steal employee login credentials. This is a form of: o Answer: Pharming
o Rationale: Pharming redirects users from a legitimate website to a fraudulent one, often without their knowledge, to harvest credentials or deliver malware.
Q44: What is one of the most effective ways to combat social engineering attacks?
o Answer: A well-educated and vigilant workforce that follows a clear policy for verifying suspicious requests. o Rationale: Technology is important, but the human element is the primary target. Regular training and simulated phishing tests build a strong "human firewall".
Q45: An employee receives an email from "the IT department" stating their mailbox is full and to click a link to increase storage. What should they do? o Answer: Report the email to their real IT department for verification.
o Rationale: This is a common credential phishing lure. Legitimate IT departments rarely send unsolicited emails requiring a login via an external link.
Q46: A frustrated employee, about to leave for a competitor, copies the entire client database to a USB drive. This is an example of which type of threat?
o Answer: Insider Threat
o Answer: Registering a domain name that is visually similar to a legitimate one (e.g., rnicrosoft.com vs microsoft.com) to deceive users. o Rationale: Attackers use typosquatting or homograph attacks to create lookalike websites. Always carefully check the URL in the address bar for subtle misspellings.
Q53: You receive an unexpected file named Invoice_2025.pdf.exe. What is the risk of opening it?
o Answer: It is likely an executable file disguised as a PDF that will install malware, such as ransomware or a backdoor.
o Rationale: Always verify file extensions, especially double extensions like .pdf.exe. Legitimate invoices will not be in an executable format.
Q54: A "watering hole" attack targets a group by:
o Answer: Infecting a legitimate website that members of the group are known to frequently visit. o Rationale: Attackers research the browsing habits of their targets and compromise the "watering hole" site, waiting for the prey to come to them.
Q55: What is the primary risk of a "denial-of-service" (DoS) attack?
o Answer: To overwhelm a system, server, or network with traffic, making it unavailable to legitimate users.
o Rationale: A DoS attack disrupts business operations and can be used as a smokescreen for other, more nefarious activities like data theft.
Q56: An "advanced persistent threat" (APT) is best characterized by which of the following?
o Answer: A sophisticated, long-term attack where an adversary gains unauthorized access to a network and remains undetected for an extended period. o Rationale: APTs are often state-sponsored and focus on steadily exfiltrating data over time rather than causing immediate disruption.
Q57: Which of the following is a key indicator of a "spoofed" email?
o Answer: The "Reply-To" address is different from the "From" address. o Rationale: Attackers can easily forge the "From" address. Checking the headers or where a reply would go can often reveal the deception.
Q58: A "Man-in-the-Middle" (MITM) attack involves:
o Answer: An attacker secretly intercepting and potentially altering the communication between two parties.
o Rationale: This often occurs on unsecured networks (like public Wi-Fi). An attacker can eavesdrop on your communications or even inject their own malicious data.
Q59: Which type of attack involves injecting malicious code into the database query of a website? o Answer: SQL Injection
o Rationale: SQL injection attacks exploit poorly secured web applications to execute unauthorized commands on a backend database, often to steal, modify, or delete data.
Q60: An attacker tricks you into visiting a malicious website by sending a QR code in an email. This technique is known as:
o Answer: Quishing (QR Code Phishing) o Rationale: Since QR codes are images, they bypass many text-based email filters, making them a growing threat. Always be cautious of unsolicited QR codes.
Q61: What is the key difference between a virus and a worm?
o Answer: A virus requires a user to execute a host program to spread, whereas a worm can self-replicate and spread across networks without user action.
o Rationale: Worms are particularly dangerous because they can spread rapidly and automatically, causing widespread disruption.
Q62: A user's computer starts acting strangely, and they notice a new toolbar in their browser that they did not install. This is most likely caused by:
o Answer: Potentially Unwanted Program (PUP) or adware. o Rationale: PUPs are often bundled with other software and may not be overtly malicious, but they degrade performance, compromise privacy, and can be difficult to remove.
Q63: An employee finds a mysterious USB drive on their desk. What is the most secure course of action?
o Answer: Immediately inform the security team and do not insert it into any computer. o Rationale: This is a classic "baiting" attack. The USB could contain hardware-based keyloggers or auto-executing malware.
Q64: An attacker sends you an email with a link that appears to be to https://amaz0n.com. This is a technique known as: o Answer: Typosquatting
o Rationale: The attacker is banking on you not noticing the slight misspelling ("0" instead of "o") of a legitimate domain name.
Q65: Ransomware is a type of malware that primarily aims to:
o Answer: Encrypt the victim's files and then demand a ransom payment for the decryption key.
o Answer: That data is only accessible to those authorized to see it.
o Rationale: Breaches of confidentiality are data breaches. Measures like encryption and access controls enforce this principle.
Q72: In the CIA triad, "Integrity" refers to:
o Answer: Assuring that data has not been altered or destroyed in an unauthorized manner. o Rationale: Integrity ensures that information is trustworthy and accurate. This can be compromised by malware or human error.
Q73: The final principle of the CIA triad, "Availability," means:
o Answer: Ensuring that information and resources are accessible to authorized users when needed.
o Rationale: A Denial-of-Service (DoS) attack is a direct attack on the availability of a system or service.
Q74: An employee uses a simple password like "Winter2025" and reuses it for 10 different accounts. Which of the following is the greatest risk?
o Answer: If one of the sites is breached, attackers will try that username and password combination on many other services (credential stuffing).
o Rationale: Password reuse multiplies the risk of a single breach. Attackers know users reuse passwords and automate attempts on services like email, banking, and social media.
Q75: You find your password in a public list of breached credentials that was just released. What is the most important action to take? o Answer: Change that password immediately on any site where it is currently used, and never use it again. o Rationale: The breach list is public, meaning attackers have it and will actively try to use it. Time is of the essence.
Q76: What is the difference between a "Security Policy" and "Security Standards"?
o Answer: A policy is a high-level statement of management intent (e.g., "All data must be protected"). A standard is a mandatory, specific technical requirement (e.g., "All servers must be patched within 30 days of a release"). o Rationale: Policies define "what" needs to be done, while standards and procedures define "how."
Q77: A "shoulder surfing" attack is classified as:
o Answer: A physical and visual social engineering attack.
o Rationale: It requires no technical skill but is highly effective in public places like airports, coffee shops, or open-plan offices.
Q78: The Federal law that sets the standard for protecting sensitive patient data is:
o Answer: HIPAA (Health Insurance Portability and Accountability Act) o Rationale: Organizations that handle health information must comply with HIPAA's privacy, security, and breach notification rules.
Q79: The European Union's comprehensive data protection and privacy law is called:
o Answer: GDPR (General Data Protection Regulation) o Rationale: GDPR applies to any organization that processes the personal data of individuals within the EU, regardless of where the organization is located.
Q80: Which of the following is NOT a common element of a strong password policy?
o Answer: Mandatory password changes every 30 days and complex rotation requirements.
o Rationale: Modern security guidance from NIST suggests that frequent, mandatory password changes are counterproductive, as they lead to weak, predictable passwords. Focus should be on length, blocklist checks, and MFA.
Q81: What is the primary goal of an organization's "Risk Assessment" process?
o Answer: To identify potential threats and vulnerabilities, and determine the likelihood and impact of a security incident, in order to prioritize resources.
o Rationale: You can't protect everything perfectly. Risk assessment helps an organization focus its efforts on what matters most.
Q82: An employee's laptop is stolen from their car. The laptop's hard drive was encrypted. Which principle of the CIA triad was most effectively protected by the encryption?
o Answer: Confidentiality. o Rationale: Encryption renders the data unreadable without the decryption key. Even though the physical asset (confidentiality) was lost, the data itself remains confidential.
Q83: "Data at rest" refers to:
o Answer: Inactive data that is stored physically in any digital form (e.g., on a hard drive, USB drive, or in the cloud).
o Rationale: This is in contrast to "data in transit" (moving across a network) and "data in use" (being processed). Full-disk encryption is a common control for data at rest.
Q84: What is a "Digital Signature" primarily used for?
Q90: How does KnowBe4's "Automated Security Awareness Program" (ASAP) assist organizations? o Answer: It simplifies creating a customized security awareness program by having the user complete a questionnaire about their organization and goals. o Rationale: ASAP helps tailor the training content and frequency to the specific risk profile and compliance needs of an organization.
Q91: KnowBe4's "Breached Password Test" (BPT) is used to check for:
o Answer: Whether an organization's users are currently using passwords that appear in publicly available lists of breached credentials.
o Rationale: This is a critical tool to identify users who are one step away from having their account compromised through credential stuffing attacks.
Q92: "Gamification" in security awareness training (e.g., points, badges) is used for what purpose?
o Answer: To increase employee engagement and motivation for training and security- positive behaviors, like reporting phishing emails.
o Rationale: Making security fun and competitive can drive sustained participation and improved learning outcomes.
Q93: What is the role of the "Chief Information Security Officer" (CISO)?
o Answer: The executive responsible for an organization's overall information security program, including policy, strategy, and risk management. o Rationale: The CISO is the senior leader who owns security at the highest level, reporting to executive leadership or the board.
Q94: Which of the following is a key goal of KnowBe4's platform and training?
o Answer: To build a "Human Firewall" by changing user behavior and creating a strong security culture.
o Rationale: This is a core philosophy: technology alone cannot protect an organization; trained, vigilant employees are the last and most critical line of defense.
Q95: "Role-Based Training" means providing different security content to employees based on:
o Answer: Their specific job function, because risks vary (e.g., developers need to learn about secure coding, while HR needs to focus on handling sensitive personal data). o Rationale: A one-size-fits-all approach is inefficient. Relevant training is more effective.
Q96: Why is it important to send regular "security tips and tricks" emails, even to employees who have completed training?
o Answer: To reinforce good habits, keep security top-of-mind, and inform users about the latest, emerging threats. o Rationale: The threat landscape changes daily. Awareness is not a one-time event but an ongoing process.
Q97: What is the primary purpose of KnowBe4's "Email Exposure Check Pro" (EEC Pro)?
o Answer: To identify an organization's at-risk users by searching business social media information and hundreds of data breach databases.
o Rationale: It shows which users' email addresses and potentially other information are already publicly exposed, making them more likely targets.
Q98: An employee who reports a suspected phishing email is contributing to which of the following?
o Answer: The organization's collective security, by allowing the security team to warn others and block the threat.
o Rationale: Reporting, not deleting, is the gold-standard behavior for a "human firewall".
Q99: The "Phishing Attack Surface" of an organization is best defined as:
o Answer: The total quantity of employee email addresses exposed on the internet. A larger surface means a higher risk of being targeted.
o Rationale: Reducing the attack surface means minimizing the amount of information available to potential attackers.
Q100: What is the most important takeaway from any security awareness training program?
o Answer: A user is the last line of defense, and their actions—through vigilance, good habits, and reporting—can make or break an organization's security. o Rationale: No technology or policy is foolproof. An empowered, educated, and security- conscious user is the strongest and most adaptable security control any organization can have.