112 lines
8.3 KiB
Markdown
112 lines
8.3 KiB
Markdown
# Week 5 Graded Quiz: Security, Scams & Protecting Yourself
|
|
|
|
## Q1: AI-Powered Threats
|
|
Marcus receives a voicemail from what sounds exactly like his boss, urgently requesting he wire $5,000 to a vendor. The voice, tone, and speech patterns sound perfect. What should Marcus do FIRST?
|
|
|
|
A. Wire the money immediately — it sounds just like his boss
|
|
B. Reply to the voicemail number and confirm the request
|
|
C. Contact his boss directly using a known, trusted phone number (not the one from the voicemail) to verify the request
|
|
D. Ignore it — his boss would never call about money
|
|
|
|
**Answer:** C
|
|
**Explanation:** AI voice cloning can replicate someone's voice with just a few seconds of sample audio. A convincing voicemail is no longer proof of identity. Always verify unusual financial requests through a separate, trusted communication channel. Calling the voicemail number back could connect you to the scammer.
|
|
|
|
## Q2: Breach Analysis
|
|
In the 2017 Equifax breach, attackers accessed Social Security numbers, birth dates, and addresses of 147 million Americans. Which response by an affected individual would be MOST protective?
|
|
|
|
A. Change their Facebook password and move on
|
|
B. Freeze their credit with all three bureaus, monitor financial accounts, set up fraud alerts, and consider identity theft protection
|
|
C. Delete their email account so hackers can't contact them
|
|
D. Stop using the internet entirely
|
|
|
|
**Answer:** B
|
|
**Explanation:** When SSNs and personal data are exposed, the risk is identity theft — someone opening credit accounts in your name. Credit freezes prevent new accounts from being opened, fraud alerts add verification steps, and monitoring helps catch unauthorized activity quickly. Changing a social media password doesn't address the exposed SSN.
|
|
|
|
## Q3: Password Manager Justification
|
|
Kai's friend says, "I just use the same password everywhere — I can't remember different ones for 50 accounts." What is the BEST counter-argument?
|
|
|
|
A. "You should write each password on a piece of paper and keep it in a drawer"
|
|
B. "A password manager generates and stores unique passwords for every account — you only remember one master password"
|
|
C. "Just add a number to the end of your password for each site, like password1, password2, password3"
|
|
D. "Browsers remember passwords, so you don't need to worry about it at all"
|
|
|
|
**Answer:** B
|
|
**Explanation:** Password managers (like Bitwarden, 1Password, or KeePass) securely store unique, complex passwords for every account. You only need to remember one strong master password. Reusing passwords means one breach compromises all your accounts. Sequential variations (password1, password2) are easily guessed.
|
|
|
|
## Q4: Phishing vs Legitimate
|
|
Which email characteristic is the STRONGEST indicator that a message is legitimate rather than phishing?
|
|
|
|
A. It has a company logo and professional formatting
|
|
B. You initiated the interaction (e.g., you requested a password reset moments ago and immediately received the email)
|
|
C. The email says "This is not a scam" in the subject line
|
|
D. It doesn't ask for personal information
|
|
|
|
**Answer:** B
|
|
**Explanation:** Context is the strongest indicator. If you just requested a password reset and immediately receive one from the expected address, that's legitimate. Phishers can easily copy logos and professional formatting. "This is not a scam" is itself suspicious. And some legitimate emails do ask for information (like appointment confirmations).
|
|
|
|
## Q5: Malware Scenario
|
|
Daniela downloads a free game from an unofficial website. The game works fine, but her computer starts running slowly, and she notices unfamiliar programs in her task manager. What MOST likely happened?
|
|
|
|
A. The game is too graphically demanding for her computer
|
|
B. The game came bundled with malware (likely a trojan) that installed additional unwanted programs
|
|
C. Her internet provider is throttling her connection
|
|
D. She needs to restart her computer to complete the game installation
|
|
|
|
**Answer:** B
|
|
**Explanation:** A trojan disguises itself as legitimate software (like a free game) but carries hidden malware. Unfamiliar programs appearing in the task manager after installing software from an unofficial source is a classic sign of a trojan infection. Always download software from official sources.
|
|
|
|
## Q6: Two-Factor Authentication
|
|
Why is SMS-based 2FA (receiving a code via text message) considered less secure than an authenticator app (like Google Authenticator)?
|
|
|
|
A. Text messages are too slow to receive in time
|
|
B. SMS messages can be intercepted through SIM-swapping attacks, where an attacker convinces your carrier to transfer your number to their device
|
|
C. Authenticator apps require an internet connection, which is more secure
|
|
D. SMS codes use more battery power than authenticator apps
|
|
|
|
**Answer:** B
|
|
**Explanation:** SIM-swapping is a real attack where criminals social-engineer your phone carrier into transferring your number to a new SIM card, intercepting all your text messages including 2FA codes. Authenticator apps generate codes locally on your device and aren't vulnerable to this attack. SMS-based 2FA is still better than no 2FA, however.
|
|
|
|
## Q7: AI Deepfake Detection
|
|
A video circulates on social media showing a celebrity endorsing a cryptocurrency investment. Which approach is BEST for determining if it's real?
|
|
|
|
A. It looks real and sounds real, so it must be legitimate
|
|
B. Check if the celebrity posted it from their verified official accounts, search for news coverage, and look for visual artifacts (unnatural blinking, lip sync issues, odd lighting)
|
|
C. Trust it if it has more than 1,000 likes
|
|
D. If the video is in high definition, it can't be a deepfake
|
|
|
|
**Answer:** B
|
|
**Explanation:** Deepfakes can produce convincing video and audio. Verification requires checking multiple sources: was it posted from verified accounts? Do reputable news outlets report it? Are there visual tells (unnatural movement, inconsistent lighting, audio sync issues)? Popularity (likes) doesn't equal legitimacy, and high resolution doesn't prevent deepfakes.
|
|
|
|
## Q8: Encryption in Practice
|
|
When you see a lock icon and "https://" in your browser's address bar, what is being protected?
|
|
|
|
A. The website itself is guaranteed to be trustworthy and virus-free
|
|
B. The data traveling between your browser and the website's server is encrypted in transit
|
|
C. Your computer's hard drive is encrypted
|
|
D. No one can ever see which website you're visiting
|
|
|
|
**Answer:** B
|
|
**Explanation:** HTTPS encrypts the data in transit between your browser and the server — protecting passwords, credit card numbers, and personal data from interception. It does NOT guarantee the website itself is trustworthy (phishing sites can use HTTPS), and your ISP can still see which domains you visit.
|
|
|
|
## Q9: Scam Identification
|
|
Tyler receives a text saying: "USPS: Your package cannot be delivered. Delivery fee of $1.95 required. Pay here: bit.ly/usps-fee-pay." He isn't expecting any packages. What is the BEST response?
|
|
|
|
A. Pay the $1.95 — it's a small amount and worth it to get his package
|
|
B. Click the link to check what package it might be
|
|
C. Delete the message — it's a smishing (SMS phishing) attempt designed to steal payment information
|
|
D. Reply "STOP" to unsubscribe from USPS notifications
|
|
|
|
**Answer:** C
|
|
**Explanation:** This is smishing (SMS phishing). USPS doesn't request delivery fees via text with shortened URLs. The small dollar amount is intentional — it seems harmless, but the goal is to capture your credit card information. The link leads to a fake payment page. Don't click, don't reply — just delete.
|
|
|
|
## Q10: Comprehensive Security
|
|
Which set of practices represents the STRONGEST overall personal security posture?
|
|
|
|
A. Using the same strong password everywhere with no 2FA, but updating antivirus weekly
|
|
B. Unique passwords via a password manager, 2FA on all important accounts, regular software updates, encrypted backups following the 3-2-1 rule, and skepticism toward unexpected messages
|
|
C. Avoiding the internet entirely
|
|
D. Using 2FA but never updating software and clicking links freely since 2FA protects everything
|
|
|
|
**Answer:** B
|
|
**Explanation:** Strong security is layered — no single measure is enough. Unique passwords prevent credential stuffing, 2FA adds a second barrier, updates patch known vulnerabilities, backups protect against ransomware, and skepticism defends against social engineering. Each layer covers weaknesses in the others.
|