So you think you are cyber-savvy knowledgeable in the cybersecurity risks you face every day in the digital world? Take this quick security quiz and find out.
Just get record your answers as you take the quiz. There are 10 questions. You can refer to the answers section (listed after the questions) to check your results. How cyber-savvy are you about the usual treats and risks then provide some knowledge sharing about each situations? Let’s find out!
Security Awareness Quiz:
Q1: When is the best time to lie to your information security auditor or officer?
A. If you want to cover up your best friend’s fault or mistakes
B. If the security auditor is not your friend and cannot be trusted
C. If it impacts the termination of the key people in your organization
D. None of the above
Q2: You came across a website that looks exactly like Facebook but it has a different domain which you have never heard of, which of the following is the best course of action that should be taken?
A. Hack that website and deface it then post it on Facebook or Twitter.
B. Launch DDoS (Distributed Denial of Service) attacks into that website with the help of your friends if you can’t hack it in order to take it offline then post it in Facebook or Twitter. #TangoDown!
C. Do not login into that website and report it as a phishing page to Google Safe Browsing Team.
D. Just ignore that website and login to https://facebook.com
Q 3: While visiting your favorite website for downloading the Firefox browser, a popup appears that says “You just won 100,000 US dollars! Click this link to claim your prize”, what should you do?
A. Ignore that popup and just download the Firefox browser.
B. Click the popup and claim your prize.
C. Report the popup and the details to the website administrator and don’t download the Firefox browser.
D. Share the link to your friends, classmates and colleagues so that they could also claim the prize because sharing is caring.
Q4: Your best friend from college has just sent you a chat in Facebook with a link. The link is a shortened URL for example https://goo.gl/wf4V8Z, what should you do?
A. Click the link because it shouldn’t be malicious since he/she is your best friend after all. There is nothing to worry about.
B. Do not click the link and try to check the URL using an online tool that checks where it really takes you.
C. Contact your local Computer Emergency Response / Readiness Team because it may contain malicious software.
D. Install antivirus software, then click the link.
Q5: You went to Starbucks to buy a coffee and then while waiting for your order, you decided to connect to their Free WIIFI. While browsing to your Google Mail, the page redirects to http://www.googlemail.andrew.net. What do you think should you do?
A. Login to where Google Mail has redirected, it’s just one of Google’s web sites – not suspicious at all.
B. Disconnect to Starbuck’s WIFI network.
C. Ask the person sitting next to you if his Google Mail also redirects to http://www.googlemail.andrew.net.
D. Find the Wireless Access Point and reboot it
Q6: Which of the following is a good “netiquette”?
A. Do not use all caps when replying to emails or when commenting.
B. Use internet slang when replying to a chat or a comment.
C. Always login to websites that have SSL or HTTPS.
D. All of the above
Q7: What does the acroynm “LOL” mean?
A. League of Legends
B. Laughing Out Loud
C. Lots Of Love
D. None of the above
Q8: Your Facebook friend posted a link on your timeline that contains inappropriate pictures. You also noticed that he has tagged some of your mutual friends too, what is the most responsible thing you can do for this situation?
A. Just untag yourself and delete the post. It doesn’t matter anyway since it’s already a norm nowadays.
B. Report the malicious post to Facebook
C. Unfriend him or her
D. Scold your friend and explain to him or her that this could destroy your reputation.
Q9: A customer service representative has just called you saying that your credit card is about to expire, he or she asked you to provide your account information and personal information in order to verify your account and to renew your credit card without telling you from what bank he or she came from. What should you do?
A. Ask the customer representative what bank or company he or she came from.
B. Verify by looking at your credit card to see if it really expired
C. Don’t give out your personal information and credit card information yet if you don’t have enough information about the customer service representative yet or about the bank.
D. All of the above
Q10: Which of the following could help you mitigate malwares and viruses from infecting your PC?
A. Download software from trusted sources only
B. Install an antivirus program and a two-way firewall
C. Always update your PC when prompted for system updates
D. Install Wireshark to monitor and analyze the traffic of your network
- D – This is a very tricky question and it has been used in some technical and security interviews. You should never lie to your information security auditor or officer since their role is to maintain the confidentiality, integrity, and availability (CIA triad) of the assets and technologies of your organization or company. A good information security auditor or officer can help you with the cybersecurity problems in your organization. Even if you lost key people in your organization because of their wrongdoings – do not cover them up.
- C – This is a possible phishing attempt which could harm other cyber citizens because the website could store the log-in credentials if the user is not that cyber-savvy. As a concerned cyber citizen, you need to be vigilant but don’t hack it or launch DDoS attacks on it instead report it to security teams or computer emergency response teams like the Google Safe Browsing Team, US-CERT, etc.
- C – There are two possibilities of what just happened here. The website could be hacked and backdoored wherein the attacker placed a malicious link or the website administrator didn’t fully review the advertising ads he or she placed on the website. You should inform the website administrator and explain to him or her that this could harm other computer users who are not that vigilant.
- B – The shortened URL could take you to a malicious website which could steal your cookies, exploit the trust of your browser, or exploit the vulnerability of your browser wherein the attacker can then control your computer (check out BeeF or Metasploit video tutorials on how an attacker could control your PC if you want to know more). The best way to ensure that it will take you to a legitimate site is to use an online URL expander like http://longurl.org/. If it takes you to an unknown website or if you suspect that the website is malicious report it.
- B – Someone maybe conducting ARP spoofing and routing all the Google Mail traffic to http://www.googlemail.andrew.net so it’s wise to just disconnect to their WIFI connection or else your Gmail credentials will be sniffed. It would also be wise to approach their IT personnel about their problem. http://www.googlemail.andrew.net is possibly owned by the attacker. (Rich Rhodes recently wrote a post about connecting to free WiFi networks for more information).
- A – Using all caps can be seen as shouting or being rude (see How Capital Letters Became Internet Code for Yelling).
- B – LOL is an acronym for “laughing out loud” and is common Internet (and texting) slang.
- B – Inappropriate pictures on your timeline could destroy your reputation if you just ignore it or they could get into the wrong hands (kids or otherwise). Reporting it would be better but also, inform your friend that what he or she is sharing is not OK with you.
- D – In this situation, it might be an attacker trying to social engineer you. Don’t just give out your personal information and credit card details right away if you can’t confirm the customer service representative’s bank or company. Check the expiry date on your card as well just to be sure.
- B – All of the choices can be used for mitigating malware and viruses from infecting your PC, but the best thing you can do is install an antivirus and a two-way firewall. Wireshark does not eliminate or clean viruses or malware but can be used for analyzing your network traffic.
Patching your system is also one way to preventing new exploits from dropping off payloads. And of course downloading trusted software from trusted sources could eliminate malicious software but if that trusted site is hacked and is currently serving malware because the attacker modified most of the software then you are not safe at all.
Take note that antivirus software is as good as the virus database. If there is a new virus in the wild, then it could miss detecting that virus. That’s why we also need a two-way firewall, because it protects you while accessing anything outside. Take note that there is also a way to bypass these firewalls but at least you can mitigate some known threats and risks.
Security Awareness is a serious issue that should not be taken lightly. Use the information from this quiz to put additional parameters in place to safeguard your information.
This post was written by Aurelius, an application security analyst and the creator of n00bs CTF Labs, bug bounty hunter, and is a security researcher at InfoSec Institute. He loves playing games and watching movies aside from hacking.