Security Awareness Flashcards
Objective 5.6: Given a scenario, you must be able to implement security awareness practices
You are a cybersecurity analyst at a large organization. During a routine review of employee activity logs, you notice that an employee, James, has been logging into the system outside of regular working hours and copying large amounts of sensitive data onto an external storage device. What is the most appropriate course of action?
A) Immediately terminate James’ access and notify law enforcement.
B) Report the behavior to the security team and initiate an insider threat investigation.
C) Confront James directly and ask why he is copying sensitive data.
D) Ignore the activity as it may be part of his routine work responsibilities.
✅ Correct Answer: B) Report the behavior to the security team and initiate an insider threat investigation.
📌 Explanation:
A) Immediately terminating James’ access and notifying law enforcement is excessive without proper evidence.
C) Directly confronting James could alert him and cause data destruction or retaliation.
D) Ignoring the activity could result in a serious security breach, as unauthorized data access should always be investigated.
B) Reporting the anomaly ensures a structured investigation while protecting the organization.
Your company recently conducted financial wellness assessments for employees. During this process, Sarah, a database administrator, disclosed to a coworker that she is under significant financial strain due to medical expenses. At the same time, you notice Sarah has been accessing customer financial records more frequently than her job requires. What should your organization do next?
A) Launch an investigation to determine if Sarah is misusing her access.
B) Immediately revoke Sarah’s access to customer financial records.
C) Ignore it, as financial struggles are a personal issue and not a security concern.
D) Publicly question Sarah about her financial issues to gauge her reaction.
✅ Correct Answer: A) Launch an investigation to determine if Sarah is misusing her access.
📌 Explanation:
B) Immediately revoking Sarah’s access may be unjustified without evidence.
C) Ignoring financial stress is risky because it is a known factor in insider threats.
D) Publicly questioning Sarah would be unethical and could violate employee privacy.
A) Conducting an investigation ensures the situation is evaluated fairly before taking any actions.
Your organization conducts routine security awareness training. During a discussion, an employee notices that a coworker, Michael, who earns a modest salary, recently purchased a luxury car and a high-end apartment in an expensive area. The employee expresses concerns about potential illicit activity. How should your organization respond?
A) Immediately fire Michael for suspicious financial activity.
B) Discreetly investigate Michael’s financial background to rule out illicit activities.
C) Ignore the report, as employees have the right to personal privacy.
D) Publicly question Michael about how he can afford these luxuries.
✅ Correct Answer: B) Discreetly investigate Michael’s financial background to rule out illicit activities.
📌 Explanation:
A) Firing Michael immediately would be unjustified without evidence.
C) Ignoring the report disregards a potential insider threat.
D) Publicly questioning Michael could be invasive, unethical, and damage morale.
B) Conducting a discreet investigation ensures fairness while identifying potential security risks.
Your organization has a wellness program aimed at supporting employees. One of your team members, John, has recently exhibited signs of emotional distress. He has been giving away personal belongings, making concerning statements, and appears disengaged at work. As a security professional, what should you do?
A) Report John’s behavior to HR and security for intervention.
B) Ignore the situation because it’s a personal issue.
C) Immediately terminate John’s employment for being a potential risk.
D) Send an anonymous email to management warning about John’s behavior.
✅ Correct Answer: A) Report John’s behavior to HR and security for intervention.
📌 Explanation:
B) Ignoring his behavior could allow security risks to escalate.
C) Terminating employment immediately is extreme and lacks justification.
D) Sending an anonymous report lacks transparency and may not result in appropriate action.
A) Reporting to HR and security ensures John gets the support he needs while mitigating risks.
To proactively address insider threats, your company is implementing a new security awareness training program. Which of the following best practices should be included?
A) Encourage employees to report suspicious behavior without fear of retaliation.
B) Enforce strict monitoring of all employees, regardless of risk level.
C) Mandate that all employees undergo financial background checks.
D) Publicly post a list of employees who are considered security risks.
✅ Correct Answer: A) Encourage employees to report suspicious behavior without fear of retaliation.
📌 Explanation:
B) Strictly monitoring all employees may create an environment of mistrust.
C) Mandatory financial background checks may violate privacy rights.
D) Publicly listing security risks is unethical and could harm employee morale.
A) Encouraging employees to report threats fosters a security-conscious culture.
Your organization has implemented user activity monitoring tools to detect insider threats. However, some employees are concerned about privacy violations. What is the best way to address these concerns?
A) Clearly communicate the purpose and scope of monitoring while balancing privacy rights.
B) Tell employees that their privacy does not matter when security is at risk.
C) Stop all monitoring activities to respect employee privacy.
D) Conduct monitoring in secret without informing employees to avoid resistance.
✅ Correct Answer: A) Clearly communicate the purpose and scope of monitoring while balancing privacy rights.
📌 Explanation:
B) Telling employees privacy does not matter could create a hostile work environment.
C) Stopping monitoring entirely could lead to security breaches.
D) Secret monitoring is unethical and may violate privacy laws.
A) Transparency helps employees understand the necessity of monitoring while maintaining trust.
During a security audit, you notice that an employee, Alex, has been accessing sensitive financial data that is unrelated to his role. What is the best next step?
A) Immediately revoke Alex’s access and fire him.
B) Investigate whether Alex’s access is authorized and necessary for his job.
C) Ignore the activity because Alex has not caused any known damage.
D) Publicly question Alex about why he is looking at financial data.
✅ Correct Answer: B) Investigate whether Alex’s access is authorized and necessary for his job.
📌 Explanation:
A) Immediately firing Alex is excessive without evidence.
C) Ignoring the activity disregards a potential insider threat.
D) Publicly questioning Alex is unprofessional and could escalate the situation.
B) Investigating first ensures that actions are justified before revoking access.
Sarah works in the finance department of a large corporation and struggles to remember her passwords for multiple work-related accounts. She decides to write them down in a notebook for convenience. What would be a more secure alternative?
A) Store passwords in a password manager with a strong master password.
B) Keep all passwords written in a notebook stored in a locked drawer.
C) Use the same password for all accounts so she only has to remember one.
D) Save passwords in a text document on her work computer.
✅ Correct Answer: A) Store passwords in a password manager with a strong master password.
📌 Explanation:
A (Correct): A password manager securely stores multiple credentials and requires only one master password, reducing security risks.
B (Incorrect): While a locked drawer adds physical security, it does not protect against theft, loss, or unauthorized access.
C (Incorrect): Reusing passwords across multiple sites is highly insecure and increases vulnerability to credential stuffing attacks.
D (Incorrect): Storing passwords in an unprotected text file exposes them to unauthorized access, malware, or accidental leaks.
John frequently uses the same password across multiple websites, including his personal email, banking account, and a social media platform. What is the biggest risk of this practice?
A) If one account is compromised, attackers can access multiple accounts using the same password.
B) Websites may require different password formats, making it harder to remember one password.
C) John may forget his single password and be locked out of all accounts.
D) His passwords could be too strong, making it difficult for him to log in without assistance.
✅ Correct Answer: A) If one account is compromised, attackers can access multiple accounts using the same password.
📌 Explanation:
A (Correct): Reusing passwords means a breach on one website exposes all accounts using the same password, enabling credential stuffing attacks.
B (Incorrect): Different password formats are an inconvenience but do not pose the biggest risk compared to password reuse.
C (Incorrect): Forgetting a password can be resolved with password recovery, but using weak or reused passwords leads to security breaches.
D (Incorrect): Having strong passwords is beneficial, and using a password manager can prevent login difficulties.
David is setting up his online banking account and needs a way to store his credentials securely. He is considering using either his web browser’s built-in password manager or a third-party solution. Which of the following best explains why a third-party password manager might be a better choice?
A) Third-party password managers offer cross-platform compatibility and additional security features.
B) Browser-based password managers are unreliable and do not work on most websites.
C) Third-party password managers are always free, making them a more cost-effective option.
D) Browser-based managers do not support encryption, making stored passwords easy to steal.
✅ Correct Answer: A) Third-party password managers offer cross-platform compatibility and additional security features.
📌 Explanation:
A (Correct): Third-party password managers (e.g., Bitwarden, Dashlane, LastPass, OnePass) provide stronger encryption, cross-device syncing, and better security policies.
B (Incorrect): Browser-based password managers work well but may lack advanced security features found in third-party solutions.
C (Incorrect): Many third-party password managers offer free versions, but premium features often require payment.
D (Incorrect): Most modern browsers encrypt stored passwords, but third-party managers typically provide stronger encryption and additional security layers.
Maria is an IT administrator managing numerous accounts for her company. She wants to improve security while simplifying login processes. What is the best way for her to achieve this?
A) Store all her passwords in a password manager with strong encryption.
B) Write her passwords in a personal notebook and store it at her desk.
C) Use simple passwords that are easy to remember and type.
D) Store login details in a spreadsheet protected by a password.
✅ Correct Answer: A) Store all her passwords in a password manager with strong encryption.
📌 Explanation:
A (Correct): Password managers encrypt and securely store passwords, preventing password reuse and simplifying access.
B (Incorrect): A notebook can be lost or stolen, leading to a security breach.
C (Incorrect): Simple passwords increase vulnerability to attacks like brute force and dictionary attacks.
D (Incorrect): Storing passwords in a spreadsheet is risky since it can be accessed if the main system is compromised.
A cybersecurity team detects that one of the company’s employees has had their login credentials exposed in a data breach. What is the best immediate action to take?
A) Require the employee to change their password immediately and enable multi-factor authentication (MFA).
B) Temporarily suspend the employee’s account and conduct a full security audit before allowing them access again.
C) Advise the employee to keep using the compromised password for consistency but be extra cautious.
D) Do nothing—since it was a one-time breach, it’s unlikely to be exploited again.
✅ Correct Answer: A) Require the employee to change their password immediately and enable multi-factor authentication (MFA).
📌 Explanation:
A (Correct): Changing the password prevents attackers from using the stolen credentials, and enabling MFA adds an extra layer of security.
B (Incorrect): Conducting an audit is good, but immediate action (password reset + MFA) is needed first to prevent unauthorized access.
C (Incorrect): Reusing a compromised password increases the risk of credential stuffing attacks.
D (Incorrect): A data breach should never be ignored, as attackers often sell or exploit leaked credentials.
Your company recently hired a new security guard who is responsible for monitoring access to the building. One day, a well-dressed individual approaches the door and tells the guard that they forgot their access badge at home but need to enter immediately for an urgent meeting. The guard considers allowing them in. What is the best course of action?
A) Allow the individual entry based on their appearance and urgency.
B) Deny access and immediately report the individual as a potential intruder.
C) Politely ask the individual to contact their supervisor or an authorized employee to verify their identity.
D) Let the individual in but follow them to ensure they don’t access restricted areas.
✅ Correct Answer: C) Politely ask the individual to contact their supervisor or an authorized employee to verify their identity.
📌 Explanation:
A) Incorrect: Social engineers often exploit urgency and authority to bypass security controls (e.g., tailgating or piggybacking). Allowing access without verification creates a security risk.
B) Incorrect: Denying access is necessary, but immediately reporting without verification could cause unnecessary panic. Verification should come first.
C) Correct: The best course of action is to require verification from an authorized source before granting access.
D) Incorrect: Following them does not prevent a security breach, as they may still access restricted areas once inside.
You are working remotely from a coffee shop and logging into your company’s internal system. You notice someone sitting behind you looking at your screen. What should you do to prevent potential shoulder surfing?
A) Turn your screen away or use a privacy screen filter.
B) Continue working and ignore the person since they may not be looking at your screen intentionally.
C) Politely confront the person and ask them to move away.
D) Log out of the system and stop working altogether.
✅ Correct Answer: A) Turn your screen away or use a privacy screen filter.
📌 Explanation:
A) Correct: A privacy screen filter limits visibility to the direct user and turning the screen away reduces exposure to prying eyes.
B) Incorrect: Ignoring the situation increases the risk of sensitive information being compromised.
C) Incorrect: Confronting someone may escalate the situation unnecessarily.
D) Incorrect: Logging out is not a long-term solution. Instead, adjusting screen positioning or using privacy tools provides better protection.
During a business trip, you and a colleague are discussing an upcoming company project in a hotel lobby. A stranger sitting nearby seems to be listening. What is the best course of action?
A) Lower your voice and continue the discussion as planned.
B) Switch to an encrypted messaging app to communicate instead.
C) Move to a private, soundproof location before continuing the discussion.
D) Confront the stranger and ask if they are eavesdropping.
✅ Correct Answer: C) Move to a private, soundproof location before continuing the discussion.
📌 Explanation:
A) Incorrect: Lowering your voice helps but does not fully protect against eavesdropping.
B) Incorrect: Secure messaging apps work for text communication but do not protect verbal conversations.
C) Correct: Moving to a private area eliminates the risk of an unauthorized person overhearing sensitive details.
D) Incorrect: Confronting the individual is unnecessary and could lead to unwanted confrontation.
A company employee throws away printed reports containing financial data into a public trash bin instead of shredding them. How should the company prevent dumpster diving attacks in the future?
A) Instruct employees to shred sensitive documents before disposal.
B) Lock dumpsters inside a secure facility.
C) Encrypt all financial documents before printing.
D) Monitor trash bins with security cameras to detect unauthorized access.
✅ Correct Answer: A) Instruct employees to shred sensitive documents before disposal.
📌 Explanation:
A) Correct: Shredding sensitive documents ensures data cannot be recovered by attackers.
B) Incorrect: Locking dumpsters adds security, but not all organizations have secured disposal areas.
C) Incorrect: Encrypting files helps in digital security but does not prevent printed documents from being recovered.
D) Incorrect: Monitoring bins can help detect unauthorized access but does not stop the attack itself.
You find a USB flash drive labeled “Employee Salaries 2024” in your company’s parking lot. What should you do?
A) Plug the USB into your computer to check its contents and determine its owner.
B) Hand it over to the IT department for security inspection.
C) Format the USB drive to remove any potential malware before using it.
D) Leave it where you found it in case the owner comes back for it.
✅ Correct Answer: B) Hand it over to the IT department for security inspection.
📌 Explanation:
A) Incorrect: Plugging in unknown USB devices can infect a computer with malware.
B) Correct: The safest course of action is to report it to IT so it can be analyzed securely.
C) Incorrect: Formatting does not guarantee the removal of malware that could auto-execute.
D) Incorrect: Leaving it increases the risk that someone else will pick it up and use it unsafely.
While traveling, your phone battery is low, and you find a free public charging station at the airport. What is the safest way to charge your phone?
A) Use your own charging cable and AC adapter.
B) Use the provided charging cable but avoid logging into sensitive accounts.
C) Charge the phone only for a few minutes to minimize exposure.
D) Borrow a charging cable from another traveler.
✅ Correct Answer: A) Use your own charging cable and AC adapter.
📌 Explanation:
A) Correct: Using a personal charger and cable ensures you are not exposed to potential malware.
B) Incorrect: Malicious charging cables can install malware even if you don’t log in.
C) Incorrect: Even short exposure can compromise a device.
D) Incorrect: Borrowing a cable does not guarantee security unless it’s from a trusted source.
You receive a phone call from someone claiming to be your company’s IT support. They insist that your account will be locked in 10 minutes unless you provide your login credentials immediately. What should you do?
A) Provide the credentials since it seems urgent.
B) Ask for the caller’s details and verify with IT before taking any action.
C) Hang up and ignore the call.
D) Share only your username but not your password.
✅ Correct Answer: B) Ask for the caller’s details and verify with IT before taking any action.
📌 Explanation:
A) Incorrect: Legitimate IT support will never ask for login credentials over the phone.
B) Correct: The best action is to independently verify the request with IT before responding.
C) Incorrect: Hanging up is good, but ignoring the issue completely may prevent security teams from identifying a phishing attempt.
D) Incorrect: Sharing even partial credentials can assist an attacker in compromising your account.
You are a new employee at a cybersecurity firm and want to familiarize yourself with company policies. You come across a handbook and a policy document regarding data protection. How do these two documents differ?
A) A policy is a set of official rules that must be followed, while a handbook provides explanations and guidelines.
B) A handbook defines strict security rules, while a policy is more of a general guide for employees.
C) A policy and a handbook are the same; they both contain guidelines that are optional to follow.
D) A policy only applies to IT security, while a handbook covers all company policies.
✅ Correct Answer: A) A policy is a set of official rules that must be followed, while a handbook provides explanations and guidelines.
📌 Explanation:
A) (Correct) A policy establishes strict rules and must be followed, while a handbook provides explanations and best practices to help employees understand and implement policies.
B) (Incorrect) A policy is the set of rules, while a handbook is a guide—not the other way around.
C) (Incorrect) Policies must be followed; they are not optional. Handbooks provide guidance but also include policies.
D) (Incorrect) Policies apply to all areas, not just IT security. Handbooks cover policies across different business areas.
You work for a financial institution that requires secure disposal of sensitive documents. Your company has a policy stating that sensitive financial records must be shredded before disposal. A colleague suggests throwing old reports in the recycling bin instead of using the shredder. What should you do?
A) Follow company policy and shred the documents to ensure proper disposal.
B) Place the documents in the recycling bin, as long as the bin is in a secure area.
C) Ignore the situation, as your colleague is responsible for handling the documents.
D) Contact HR and report your colleague for violating company policy.
✅ Correct Answer: A) Follow company policy and shred the documents to ensure proper disposal.
📌 Explanation:
A) (Correct) Policies on data disposal exist to prevent sensitive data leaks. Following policy guidelines ensures compliance.
B) (Incorrect) Placing sensitive documents in the recycling bin—even in a secure area—violates security policy. Recycling bins are not designed for classified disposal.
C) (Incorrect) Ignoring the situation risks a security breach; all employees are responsible for following security policies.
D) (Incorrect) While security concerns should be reported, HR is not the first step for handling policy violations—talk to your colleague first and ensure compliance.
Your company allows remote work but has strict policies on handling sensitive information. You are working from home and need access to top-secret documents for a project. What should you do?
A) Check the company’s remote work policy before handling the documents.
B) Print the documents at home to review them later.
C) Send the documents to your personal email for easy access.
D) Save the files on a personal USB drive to transfer them later.
✅ Correct Answer: A) Check the company’s remote work policy before handling the documents.
📌 Explanation:
A) (Correct) Security policies outline what data can be accessed remotely. Always check policies first before handling sensitive information outside the office.
B) (Incorrect) Printing sensitive documents at home violates security policies and could lead to data breaches.
C) (Incorrect) Sending sensitive data to a personal email is a serious security risk and could violate company policy.
D) (Incorrect) Storing sensitive files on personal storage devices violates security protocols and could lead to a data breach.
Your organization updates its security policies annually, but employees often overlook the updates. To ensure compliance, what is the best approach?
A) Require employees to review and acknowledge security policies whenever an update is made.
B) Send an email notification about updates and assume employees will read it.
C) Only update policies if there is a major security incident.
D) Make policies optional for employees unless they work in IT or cybersecurity.
✅ Correct Answer: A) Require employees to review and acknowledge security policies whenever an update is made.
📌 Explanation:
A) (Correct) Employees must be aware of and acknowledge policy updates to ensure compliance and security awareness.
B) (Incorrect) Email notifications alone are ineffective because employees may ignore or miss them.
C) (Incorrect) Policies should be updated regularly, not just after security incidents. Proactive updates prevent issues.
D) (Incorrect) Security policies apply to all employees, not just IT staff.
An employee encounters a security issue that is not covered in the company handbook or policies. What should they do?
A) Report the situation to management or the security team for guidance.
B) Ignore the issue since there is no policy addressing it.
C) Create their own rule based on what seems logical.
D) Continue working and wait to see if the issue becomes a bigger problem.
✅ Correct Answer: A) Report the situation to management or the security team for guidance.
📌 Explanation:
A) (Correct) If policies do not cover a situation, employees should report it to management or security teams for guidance.
B) (Incorrect) Ignoring potential security issues increases risk and leaves vulnerabilities unaddressed.
C) (Incorrect) Employees should not create their own rules—policy decisions should be made at the organizational level.
D) (Incorrect) Waiting for an issue to escalate could worsen security risks. Reporting issues early prevents larger problems.