Communication Security
Endpoint Security
Network Security
Identity Protection
Miscellaneous
100

This is an un-solicited email that is requesting your personal information like social security number or bank details, for verification.

What is a phishing email?

100

You find a USB flash drive on the street; you take it back and plug it into your office/home computer. You risk spreading this into your network.

What is "virus"/"worm"/"malware"?

100

This is how public Wi-Fi generally passes information, which is readable by other computers and users.

What is "clear text"?

100

This is the proper way to dispose of confidential or sensitive paper documents.

What is "shredding/crosscut shredding"?

100

You can use this setting on your social media sites such as Facebook or twitter to prevent people unknown to you from accessing your information.

What is "privacy"?

200

This action involves using the mouse cursor to show the actual link, without clicking on the link, in an email or web page?

What is the "mouse hover"?

200

These are tools primarily focused on detecting and investigating suspicious activity on hosts or endpoints.

What is "Endpoint Defend and Response (EDR)"?

200

This type of information should never be accessed or transmitted over unencrypted networks.

What is "confidential or sensitive"?

200

This free tool, available to anyone, stops all access to credit reports until removed.

What is a "credit freeze"?

200

This type of software provides a safe way to store your passwords securely.

What is a password manager?

300

This person is in the front-line of defense against Phishing.

Who is the "individual person" / "user" / "end user" / "I" / "me" ?

300

Your computer has a new file on the desktop that describes that all your files were encrypted and demands ransom via bitcoin for their release. This is the best defense against losing information from such a ransomware.

What are "backups" or "offline backups"?

300

You should use this setting in your home Wi-Fi router for wireless network privacy, performance and security.

What is "WPA2/higher with AES encryption"?

300

This government website helps individuals who have been victims of identity theft or data breaches get started with recovery.

300

This is an internet-based practice of researching and publicly broadcasting private or identifying information about an individual or organization for malicious intent.

What is "doxing/doxxing"?

400

This email attack targets an individual or department by incorporating personal information such as name, title or address in an attempt to legitimize the email.

What is "spear phishing"?

400

Most websites use this technique to prevent malicious actors/computer programs repeatedly submitting junk by verifying the submitter is human. The technique often involves reading and typing text from an image or identifying same type images such as cars or other items in them. Name the technique.

What is a "CAPTCHA" "Re-CAPTCHA"?

400

This type of network attack originates from many sources, floods the victim's system or service with superfluous requests to attempt overloading the service and prevent some or all legitimate requests.

What is "Distributed Denial of Service"?

400

You maintain a customer database that includes Social Security Numbers, Personally Identifiable Information (PII). You have been notified that the company hosting your customer database has been compromised. This response activity demonstrates due diligence to affected parties.

What is "Notification of affected businesses and individuals"?

400

This is a form of protection grounded in the US Constitution and granted by law for original works of authorship in a tangible medium of expression.

What is a "Copyright"?

500

This type of attack uses manipulation by tapping into powerful emotions such as relationship, authority, fear, urgency, and greed.

What is "social engineering"?

500

This refers to a category of security solutions that defend against sophisticated malware or hacking based attacks targeting sensitive data. It includes a combination of endpoint agents, network devices, email gateways, malware protection systems and a management console to coordinate alerts and manage defenses.

What is "Advanced Threat Protection (ATP)"?

500

This network security device monitors incoming and outgoing traffic and decides whether to allow or block. It also performs Intrusion Prevention, controls and blocks risky apps.

What is "Next generation firewall" or "Unified Threat Management"?

500

This extra layer of security protection to an account that requires something you know (password), and something you have such as an app, a token, or code sent to your phone.

What is "Multi-factor authentication"?

500

Your enterprise buys software from a vendor. Recently your anti-virus detects malicious code in the software. This would be an example of.

What is "Software Supply Chain Attack"?