PASSWORDS
True or False: Reusing passwords across accounts increases risk.
ANSWER :
True. Credential stuffing exploits reused passwords.
What does MFA stand for?
ANSWER:
Multi-Factor Authentication
An employee receives an email from "RBC IT" requesting password updates. Red flags include:
a) Generic greeting (e.g., "Dear User")
b) Urgency ("Account will be locked in 24 hours")
c) Both a and b
ANSWER:
c) Legitimate RBC communications avoid urgency tactics and use personalized details.
What percentage of phishing attacks use email as the delivery method?
a) 30%
b) 70%
c) 90%
ANSWER:
c) Email remains the primary vector for phishing links
Which method is MOST likely to steal credentials via email?
a) Malware attachment
b) Phishing link
c) Brute force attack
ANSWER:
b) Phishing is the primary vector for credential theft
Which password is MOST resistant to brute force attacks?
a) Password123
b) RBC$ecure2024!
c) Summer2024
ANSWER:
b) Length, complexity, and uniqueness are key.
True or False: RBC employees must use MFA for all corporate systems.
ANSWER :
True. MFA is a standard security requirement (publicly stated in RBC’s cybersecurity practices).
You receive an email from "ITSupport@rbc-security.com" (not RBC’s official domain) requesting your employee ID and password to "update security protocols." The email includes a link to a login page.
What should you do?
A) Enter your credentials to comply with the request.
B) Report the email as phishing via RBC’s internal reporting tool.
C) Call the sender’s phone number (provided in the email) to verify.
D) Forward the email to colleagues to warn them.
ANSWER:
B) Rationale: RBC will never request credentials via email. Reporting phishing attempts protects the organization and prevents credential theft.
What percentage of data breaches involve stolen credentials?
a) 20%
b) 50%
c) 80%
ANSWER:
c) 80% of breaches involve compromised credentials
A CPSA typically covers which type of fraud?
a) Unauthorized electronic transactions
b) Cheque fraud and forged signatures
c) Both a and b
ANSWER:
c) both a and b
This term describes a password that uses a series of random words, making it both memorable and resistant to dictionary attacks.
ANSWER:
PASSPHRASE
True or False: Multi-factor authentication (MFA) can prevent credential theft.
ANSWER:
True. MFA adds a second layer (e.g., code, biometrics) even if passwords are stolen.
A client emails RBC Leasing requesting a bank account change for their lease payments. They attach a "verification letter" from their bank, but the document appears suspicious (e.g., poor formatting, missing bank seals). The agent suspects fraud.
What is the most secure step the agent should take next to verify the client’s bank account?
A) Accept the letter and process the change immediately to avoid delays.
B) Request a void cheque or pre-authorized debit (PAD) form from the client.
C) Ask the client to provide their bank’s phone number for direct verification.
D) Ignore the request and flag the account for review without informing the client.
Answer:
B
In 2023, this type of fraud—where scammers impersonate trusted contacts via SMS—saw a 300% increase in reported incidents globally.
ANSWER:
SMISHING
Which URL is MOST likely malicious?
a) https://rbc.secure.login.com b) https://rbc.ca/update?id=123 c) http://rbc-security-alert.net
ANSWER:
c) Check for typos (net vs. .ca), missing HTTPS, or suspicious subdomains.