112 lines
6.4 KiB
Markdown
112 lines
6.4 KiB
Markdown
# Week 5 Practice Quiz: Security, Scams & Protecting Yourself
|
|
|
|
## Q1: Authentication Factors
|
|
Multi-factor authentication (MFA) requires two or more types of verification. Which combination represents two DIFFERENT authentication factors?
|
|
|
|
A. A password and a PIN (both things you know)
|
|
B. A password and a fingerprint scan
|
|
C. A fingerprint scan and a face scan (both things you are)
|
|
D. Two different passwords for the same account
|
|
|
|
**Answer:** B
|
|
**Explanation:** The three authentication factors are: something you know (password, PIN), something you have (phone, security key), and something you are (fingerprint, face scan). True MFA requires factors from different categories. A password (know) + fingerprint (are) = two different factors.
|
|
|
|
## Q2: Types of Malware
|
|
What type of malware encrypts your files and demands payment to unlock them?
|
|
|
|
A. Spyware
|
|
B. Ransomware
|
|
C. Adware
|
|
D. Worm
|
|
|
|
**Answer:** B
|
|
**Explanation:** Ransomware encrypts your files (making them inaccessible) and demands a ransom payment — often in cryptocurrency — for the decryption key. It has affected hospitals, schools, governments, and businesses. Regular backups are the best defense.
|
|
|
|
## Q3: Password Best Practices
|
|
According to current security guidance, which is the BEST password practice?
|
|
|
|
A. Use a short, complex password like "X#9k" and change it every 30 days
|
|
B. Use a long passphrase with 2FA enabled and a password manager
|
|
C. Use the same strong password across all accounts so you only need to remember one
|
|
D. Write your passwords on a sticky note attached to your monitor
|
|
|
|
**Answer:** B
|
|
**Explanation:** Modern security guidance emphasizes length over complexity — a long passphrase (like "correct-horse-battery-staple") is harder to crack than a short complex one. A password manager stores unique passwords for each account, and 2FA adds a second layer of protection.
|
|
|
|
## Q4: Phishing Identification
|
|
Which of the following is MOST likely a phishing email?
|
|
|
|
A. An email from your professor's verified address reminding you about an assignment due date
|
|
B. An email from "Arnazon.com" saying your account is suspended and you must click a link immediately to verify your identity
|
|
C. A newsletter you subscribed to with an unsubscribe link at the bottom
|
|
D. A password reset email you requested 30 seconds ago
|
|
|
|
**Answer:** B
|
|
**Explanation:** "Arnazon.com" (with an 'r' and 'n' mimicking an 'm') is a spoofed domain designed to look like Amazon. Combined with urgency ("immediately") and a request to click a link to verify your identity, this is classic phishing. Always check the sender's domain carefully.
|
|
|
|
## Q5: Encryption Basics
|
|
What does encryption do?
|
|
|
|
A. Deletes sensitive files so no one can access them
|
|
B. Converts data into a coded format that can only be read with the correct decryption key
|
|
C. Makes your internet connection faster
|
|
D. Compresses files to save storage space
|
|
|
|
**Answer:** B
|
|
**Explanation:** Encryption scrambles data using mathematical algorithms so that only someone with the correct key can decode it. HTTPS encrypts web traffic, full-disk encryption protects your hard drive if your laptop is stolen, and end-to-end encryption protects messages in transit.
|
|
|
|
## Q6: Social Engineering
|
|
What is social engineering in the context of cybersecurity?
|
|
|
|
A. Building social media platforms
|
|
B. Manipulating people psychologically to trick them into giving up confidential information or access
|
|
C. Engineering software to be more social and user-friendly
|
|
D. Connecting devices on a social network
|
|
|
|
**Answer:** B
|
|
**Explanation:** Social engineering exploits human psychology rather than technical vulnerabilities. Attackers use trust, urgency, fear, or helpfulness to manipulate people into revealing passwords, clicking malicious links, or granting access. Phishing is one type of social engineering.
|
|
|
|
## Q7: Public WiFi Risks
|
|
Why should you avoid logging into your bank account while connected to public WiFi at a coffee shop?
|
|
|
|
A. Coffee shop WiFi is always too slow for banking
|
|
B. Public WiFi is shared and unencrypted — attackers on the same network could potentially intercept your data
|
|
C. Banks don't allow connections from public locations
|
|
D. Public WiFi automatically saves your password to the router
|
|
|
|
**Answer:** B
|
|
**Explanation:** Public WiFi networks are typically unencrypted and shared with strangers. An attacker on the same network could use tools to intercept unencrypted traffic (a "man-in-the-middle" attack). If you must use public WiFi for sensitive tasks, use a VPN to encrypt your connection.
|
|
|
|
## Q8: Software Updates
|
|
Why are software updates important for security?
|
|
|
|
A. They change the color scheme to look more modern
|
|
B. They patch known security vulnerabilities that attackers could exploit
|
|
C. They increase your internet speed
|
|
D. They are optional and only add new features
|
|
|
|
**Answer:** B
|
|
**Explanation:** Software updates frequently include security patches that fix vulnerabilities discovered since the last version. Attackers actively target known, unpatched vulnerabilities. Delaying updates leaves your system exposed to threats that have already been identified and solved.
|
|
|
|
## Q9: Data Breach Response
|
|
You receive a notification that a company where you have an account has been breached, and your email and password were exposed. What should you do FIRST?
|
|
|
|
A. Ignore it — breaches happen all the time and aren't serious
|
|
B. Change your password on that account immediately, and on any other accounts where you used the same password
|
|
C. Delete your email account entirely
|
|
D. Call the police and report the company
|
|
|
|
**Answer:** B
|
|
**Explanation:** Your first priority is changing the compromised password — and any other accounts using the same password (credential stuffing attacks try leaked passwords on many sites). Also enable 2FA if available, monitor your accounts for suspicious activity, and consider a credit freeze if financial data was involved.
|
|
|
|
## Q10: Scam Recognition
|
|
Rosa's grandmother receives a phone call from someone crying, claiming to be Rosa, saying she's been arrested and needs $2,000 in gift cards for bail. What type of scam is this?
|
|
|
|
A. Tech support scam
|
|
B. Impersonation / emergency scam (sometimes called a "grandparent scam")
|
|
C. Romance scam
|
|
D. Fake job offer
|
|
|
|
**Answer:** B
|
|
**Explanation:** The "grandparent scam" or emergency impersonation scam exploits family bonds and urgency. The caller pretends to be a loved one (or their "lawyer") in crisis, requesting immediate payment — usually via gift cards or wire transfers, which are untraceable. The defense: hang up and call the real person directly.
|