If you get a suspicious phone call at work from someone claiming that your computer has a virus, you should:

A) Stay on the line and give the person the information they are requesting
B) Allow the representative to remote into your computer to assist you
C) Hang up and contact the SOC
D) Only provide them with your name and operating system

How can we tell that an email was sent from outside of TJX?

A) The message contains a red flag
B) The email address of the sender appears in red
C) The body of the email has a banner saying it has come from an external sender, and the subject line has an "[External]" tag

What is the best way to create a strong and unique password?

A) Vary your passwords from application to application
B) Don't use words that are easy to guess (e.g. your street address, your child's name)
C) Add a mix of uppercase and lowercase letters, numbers, and symbols
D) All of the above

What should you do if you think your TJX account has been compromised?

A) Monitor your email address and accounts for fradulent activity
B) Respond to the warning email you have received
C) Shut down your device
D) Contact the SOC and your manager immediately

What is social engineering in the context of cybersecurity?

A) Designing secure software
B) Building physical security systems
C) Developing encryption algorithms
D) Manipulating people into divulging confidential information

In the context of cybersecurity, what does the acronym APT stand for?

A) Advanced Persistent Threat
B) Automated Penetration Test
C) Active Protection Technology
D) Application Penetration Testing

What is the main function of a sandbox in cybersecurity?

A) Isolating and analyzing suspicious files
B) Encrypting data
C) Monitoring network traffic
D) Managing user access

What is the difference between symmetric and asymmetric encryption?

A) Symmetric uses one key, asymmetric uses two keys
B) Symmetric uses two keys, asymmetric uses one key
C) Symmetric is slower, asymmetric is faster
D) Symmetric is more secure than asymmetric

What does the term "zero-day exploit" refer to?

A) A vulnerability that is exploited before the software developer has released a fix
B) An attack that occurs on the first day of the month
C) A type of malware that activates on a specific date
D) A security patch that is released immediately

What does the acronym VPN stand for, and what is its primary use?

A) Virtual Private Network; secure internet connection
B) Virtual Public Network; data encryption
C) Virtual Protected Network; malware protection
D) Virtual Personal Network; user authentication

Because you have antivirus software installed on your computer, you don’t have to worry about a virus attack on your computer.

A) True
B) False

Which framework does TJX use to guide its cybersecurity practices?

A) ISO/IEC 27001
B) NIST Cybersecurity Framework
C) COBIT
D) ITIL

What is one of the primary functions of TJX’s Security Operations Center?

A) Data encryption
B) Threat detection and incident response
C) User authentication
D) Network monitoring

What is the primary purpose of a honeypot in cybersecurity?

A) To speed up network traffic
B) To store sensitive data securely
C) To attract and trap potential attackers
D) To encrypt communications

When using Multi-Factor Authentication, each piece of evidence must come from a different category: something you know, something you have or something you ____.

A) Want
B) See
C) Need
D) Are