Mock Questions

Question 1

What are some common goals of social engineering? (Select three.)

Option 1: Data theft

Option 2: Financial gain

Option 3: Cryptography

Option 4: Revenge

Option 5: Spoofing

Answer 1

Option 1: Data theft
Option 2: Financial gain
Option 4: Revenge

Question 2

Which of the following are examples of a network connection that provides the security to protect the data as it is transmitted between your laptop and a cloud service? (Select two.)

Option 1: A secure private network

Option 2: Any public network

Option 3: Any public network with password authentication

Option 4: A public network using a VPN connection

Answer 2

Option 1: A secure private network.
Option 4: A public network using a VPN connection.

Question 3

You are working from a coffee shop, and you are connected to the wireless network of the establishment. What is the most secure method to access your company’s network?

Option 1: Using a Virtual Private Network (VPN).

Option 2: Using the hotspot of your mobile phone instead.

Option 3: Using a web browser in private or incognito mode.

Option 4: Updating the antivirus software on your computer.

Answer 3

Option 1: Using a Virtual Private Network (VPN)

A VPN creates an encrypted tunnel between your device and the company’s network, which helps protect your data from potential eavesdropping or interception by unauthorized users on the public Wi-Fi network. Using a VPN ensures that your internet connection is secure and your online activities are private.

Question 4

Your company has a policy that allows employees to work remotely. What policies will help secure the remote connections while using public open Wi-Fi? (Select two.)

Option 1: Require users to connect to the company’s internal resources with a Virtual Private Network (VPN).

Option 2: Store company data on a USB thumb drive.

Option 3: Update the router firmware at the company location.

Option 4: Only allow videoconferencing services and block all other services.

Option 5: Use secure protocols such as HTTPS and SSH.

Answer 4

Option 1 is important because it provides a secure encrypted connection between the remote user’s device and the company’s internal network. It ensures that any data transmitted between the remote user’s device and the company’s network is encrypted and secure.

Option 5 is also important because it ensures that any data transmitted between the remote user’s device and the websites or services they are accessing is encrypted and secure. HTTPS and SSH are both secure protocols that provide encryption for web browsing and remote access, respectively.

Question 5

Which is the most secure form of authentication?

Option 1: Single-factor authentication with a user name and strong password saved in your browser history.

Option 2: Two-factor authentication with a user name/password combination and a fingerprint scan or facial identification.

Option 3: Multi-factor authentication with a user name/password combination, a fingerprint scan, and a PIN

Option 4: Multi-factor authentication with a user name/password combination, a fingerprint scan, and a one-time code sent to your cell phone.

Answer 5

Option 4 is the most secure because it requires three different factors for authentication: something the user knows (a password), something the user has (a fingerprint), and something the user receives (a one-time code sent to their cell phone). This makes it more difficult for attackers to gain unauthorized access to an account, even if they have somehow obtained the user’s password.

Question 6

Which of the following would be a resource for organizational compliance?

Option 1: Government websites

Option 2: Insurance provider

Option 3: Human Resources

Option 4: Industry associations/professional groups

Answer 6

Option 1: Government websites would be a resource for organizational compliance.

Government websites provide information on regulations, laws, and standards that organizations need to follow to ensure compliance with legal and regulatory requirements. These websites are maintained by government agencies and provide up-to-date information on compliance requirements and best practices. Examples of government websites that can be a resource for organizational compliance include the Federal Trade Commission (FTC), the Occupational Safety and Health Administration (OSHA), and the Securities and Exchange Commission (SEC).

Question 7

Your phone rings, when you answer it, it’s somebody from the IT service desk who tells you that there is something wrong with your PC. They can fix it remotely, but they need to have your user name and password to do so. What is the action you will take?

Option 1: You honour the request and give your user name and password.

Option 2: You ask them to identify themselves before giving the requested information.

Option 3: You hang up the phone, call the IT service desk back, and verify if they really called.

Option 4: You report the incident to security, as this certainly was a phishing attempt.

Answer 7

Option 3: You hang up the phone, call the IT service desk back, and verify if they really called.

This is the best action to take in this scenario because it’s possible that the call could be a phishing attempt. Cybercriminals often use social engineering tactics to trick people into giving out their sensitive information like usernames and passwords. By pretending to be IT service desk personnel, they could get access to your computer or steal your login credentials.

To verify if the call was legitimate, it’s important to hang up and call the IT service desk using a phone number you know to be legitimate. This will help you confirm if there was really an issue with your computer and if the service desk needs your username and password to fix it.

Question 8

You receive an email that offers three months of free access to a popular gaming site. To redeem the offer, you need to visit the web page whose URL is in the email message. What possible danger exists in this scenario?

Option 1: Spam overload in email and web pop-ups

Option 2: Scripts or other executable files hidden in email or gaming web page

Option 3: Encrypted files on web page could contain PII

Option 4: Unencrypted files on web page could contain PII

Answer 8

Option 2: Scripts or other executable files hidden in email or gaming web page could pose a danger in this scenario. The email could be a phishing email, and the link provided in the email could lead to a fake website that looks like the legitimate gaming site but is designed to steal your login credentials or install malware on your device. These scripts or executable files could exploit vulnerabilities in your device’s security and cause harm to your computer, compromise your personal information, or even give unauthorized access to your device to cybercriminals.

Question 9

In the security settings of this social network, select the two options that will prevent your information from being posted without your authorization. (Select two.)

Option 1: Limit Who Sees Your Profile, Photos, and Posts

Option 2: Ads shown off of Facebook

Option 3: Turn Off. “Do you want search engines outside of Facebook to link to your profile?”

Option 4: Use two-factor authentication, also called multi-factor authentication

Option 5: Revoke the Facebook app’s location permission

Answer 9

Option 1: Limit Who Sees Your Profile, Photos, and Posts
Option 3: Turn Off “Do you want search engines outside of Facebook to link to your profile?”