A. What should I do after I learn about a data breach of a website? Choose the best answer.
- Nothing
- Change the password of my account for that website
- Change the password for my account for that website and of all other websites where I use that same password
A: The correct answer is 3. If your username and password is stolen the account for that particular hacked website is at risk, but also your accounts for any other website where you use that same password. If you want to learn more about it read further, why password reuse is a bad idea.
B. Which of the following three is the strongest password?
- starwars
- 1qaz2wsx
- trEEGCv-
A: The correct answer is 3. This is a random password and thus the most secure one of the 3. starwars is not random and a commonly used password. 1qaz2wsx seems random but it’s the first 2 columns of a qwerty keyboard and also commonly used. Attackers use these in wordlists to crack passwords or to gain access to existing sites for which you use this password.
C. If you want to share a password with someone, what’s the best option?
- Send it via email
- Send a text message
- Tell it via the phone
- None of the above
A: The correct answer is 4. A password is personal data which shouldn’t be shared with others.
D. Which of the following is the most secure backup strategy?
- One backup on an external harddisk and another one on a cloud backup
- 2 backups on 2 different external harddisks
- A backup on an external hard disk
A: The correct answer is 1. Because you spread the backups over 2 geographically different regions, which makes your backup strategy more resilient.
E. You open a website and it has a padlock in the browser bar (the lock icon in front of the URL). Which statements are true?
- I can be sure that this is a legit, non-malicious site
- It tells me that the site is 100% secure
- The traffic between my computer (browser) and the server that runs the website is secured.
- No one, even my Internet Service Provider doesn’t know which site I visit.
- This could be a phishing site.
A: The correct answers are 3 and 5. A padlock in the browser bar implies that the connection between your browser and the website is secure, but it doesn’t say anything about the intentions of a website, so it could be a phishing website. Your Internet Service Provider will still know which websites you visit.
F. Is it generally considered safe to use Starbucks High Speed Customer Wi-Fi network for performing an online banking operation?
- Yes, it is safe
- No, it can be dangerous
A: The correct answer is 2. While a lot more websites are served over HTTPS nowadays, the security risks of using public Wi-Fi are lower but it’s still not to recommend doing online banking on a public Wi-Fi. It might be a better idea to use your mobile data and/or switch on a VPN.
G. Is it useful to run antivirus software on an Android phone?
- Yes
- It depends, only if you download apps from outside of Google’s official app store
- No
A: The correct answer is 1. Even Google Play, Google’s offical app store is known to host apps that can contain viruses. It’s always a good idea to have a virusscanner installed.
H. Which of the following statements are correct?
- Phishing is a form of social engineering.
- Phishing is a so called “spray and pray” technique in which an attacker sends out the same email to hundreds of potential targets in the hope they will fall victim.
- All of the above
A: The correct answer is 3. Phishing is indeed a form of social engineering or in other words the psychological manipulation of people into performing actions or divulging confidential information and it can also be a mass attack.
I. Which month is considered or recognized as Cyber Security Month?
- September
- October
- November
- December
A: the correct answer is 2. October is Cyber Security awareness month. During October a lot of practical security awareness content is being shared.
J. Which of the following things help to decide whether an online shopping website is trustworthy?
- The address of the website starts with ‘https://’
- There’s a seal on the website that says ‘100% secure’
- Do a bit of research to see whether the site has a good reputation
- Read on the website and look for positive reviews of other customers
A: The correct answer is 3. Malicious sites can also run over https and security seals can be easily faked. The website owner can also put fake reviews of other customers on their website.