2.2.2, 2.2.3, 5.6.2

Question 1

What is social engineering?

Answer 1

A form of psychological manipulation to gain access to sensitive information or perform unauthorized actions

Question 2

Which of the following is a method through which social engineering can be executed?

Answer 2

Texting, face-to-face communication, email

Question 3

What are biases in the context of social engineering?

Answer 3

Preconceived notions that influence decision making

Question 4

Which principle of social engineering exploits a bias of obedience and compliance?

Answer 4

Authority

Question 5

What is the principle of scarcity in social engineering?

Answer 5

The desire to be exclusive

Question 6

How can individuals defend against social engineering attacks?

Answer 6

By recognizing when manipulation techniques are being used

Question 7

Which of the following is NOT a clue to a potential social engineering attack in email communication?

Answer 7

“Take your time to consider”

Question 8

What is the main reason social engineering attacks succeed?

Answer 8

Exploitation of human biases and emotions

Question 9

Which of the following best describes phishing?

Answer 9

Attempting to gain sensitive information through electronic communication by posing as a trustworthy source

Question 10

What is a common characteristic of obvious phishing attempts?

Answer 10

Misspelled words and odd graphics

Question 11

What is another term for phishing done by phone call or voice message?

Answer 11

Voice phishing or vishing

Question 12

What is the primary goal of eliciting information in phishing attacks?

Answer 12

To gather personal information from the victim

Question 13

What is spear phishing?

Answer 13

Phishing attempts directed at a specific target using personal information

Question 14

Which term refers to spam sent over instant messaging apps?

Answer 14

Spam over Internet Messaging

Question 15

What is whaling in the context of phishing?

Answer 15

Phishing attempts directed at high-profile targets like CEOs

Question 16

What is clone phishing?

Answer 16

Creating a duplicate email with malicious content

Question 17

What is one of the key objectives of engaging sessions for security awareness training?

Answer 17

Developing a keen eye for abnormal behaviors

Question 18

How can organizations promote continuous learning in security practices?

Answer 18

Through regular interactive training sessions

Question 19

What is one way to integrate insider threat awareness into training programs?

Answer 19

Implementing sophisticated monitoring mechanisms

Question 20

How can organizations encourage strong password management practices?

Answer 20

By equipping employees with the knowledge and skills to create and maintain secure passwords

Question 21

What is the purpose of conducting simulated phishing campaigns?

Answer 21

To serve as educational tools for employees

Question 22

How can organizations adapt security practices for remote work environments?

Answer 22

By providing guidelines for securing home offices and remote connections

Question 23

What is the purpose of setting up effective mechanisms for reporting and monitoring security incidents?

Answer 23

To ensure swift and accurate reporting of security concerns

Question 24

How can organizations integrate security training throughout the employee lifecycle?

Answer 24

By integrating comprehensive security training during onboarding and regular sessions

Question 25

What contributes to creating a resilient security environment within organizations?

Answer 25

Clear policies and proactive monitoring

Question 26

How can organizations foster a culture of security consciousness among employees?

Answer 26

By promoting continuous education and clear policies