SECURITY AWARENSS QUIZ
Short Security Awareness Quiz Session for WA Oil & Co.
START
1/10 -- Technical Vulnerability
Pay the ransom
If a hacker locked the device(s) containing the R&D data with ransomware, what should I do?
Do not pay the ransom
YOU ARE CORRECT!!!
1/10 -- Technical Vulnerability
Right answer (B):
There is no guarantee that the hacker will unlock the device(s) upon receiving the ransom.The ransomware could still be lurking within the computer system even after paying off the ransom, resulting in possible future attacks.
next
Sorry, wrong answer selected...
1/10 -- Technical Vulnerability
Right answer (B):
There is no guarantee that the hacker will unlock the device(s) upon receiving the ransom.The ransomware could still be lurking within the computer system even after paying off the ransom, resulting in possible future attacks.
next
1/10 -- Technical Vulnerability
Right answer (B):
Therefore, it is essential to regularly back up your data and files. This ensures a quick recovery with minimal loss in the event of a ransomware attack as recommended by the ISO 27001:2013 under Control A.12.3.1 (Information backup)
next qn
2/10 -- Technical Vulnerability
αpple.com
Which of the following is a phishing website?
apple.com
YOU ARE CORRECT!!!
2/10 -- Technical Vulnerability
Right answer (A): αpple.com
The letter "α" of αpple.com is the lowercase greek letter for Alpha to disguise as the legitimate website. The legitimate website uses the English basic latin alphabet "a" (apple.com) Source: NIST SP 800-12 REV. 14.1.1 Fraud and Theft
next qn
Sorry, wrong answer selected...
2/10 -- Technical Vulnerability
Right answer (A): αpple.com
The letter "α" of αpple.com is the lowercase greek letter for Alpha to disguise as the legitimate website. The legitimate website uses the English basic latin alphabet "a" (apple.com) Source: NIST SP 800-12 REV. 14.1.1 Fraud and Theft
next qn
3/10 -- Technical Vulnerability
Disconnect the computer from the internet and report to the security team
One day at work, you noticed that your computer is unusually slow. You decide to open the task manager and notice an increased CPU usage by an unknown program. What should you do?
Run a malware scanner by and attempt to fix the computer by oneself
YOU ARE CORRECT!!!
3/10 -- Technical Vulnerability
Right answer (A): Disconnect the computer from the internet and report to the security team
Upon discovery of infection with malware, one should immediately report the issue to the relevant personnel (i.e. direct superiors, IT department), so that countermeasures can be taken as soon as possible to minimize the damages and impact.
next
Sorry, wrong answer selected...
3/10 -- Technical Vulnerability
Right answer (A): Disconnect the computer from the internet and report to the security team
Upon discovery of infection with malware, one should immediately report the issue to the relevant personnel (i.e. direct superiors, IT department), so that countermeasures can be taken as soon as possible to minimize the damages and impact.
next
3/10 -- Technical Vulnerability
Right answer (A): Disconnect the computer from the internet and report to the security team
Additionally, any attempts to rectify an infected computer by oneself may lead to greater damages, especially when one is untrained or does not specialize in handling malware attacks. Source: NIST SP 1800-26B: Data Integrity Detecting and Responding to Ransomware and Other Destructive Events Annex 4.1.2.4 Mitigation and Containment & 4.1.2.6 Reporting
next qn
4/10 -- Human Vulnerability
Yes
If you received a phone call, which claims to be from a bank, asking for your personal details, is it alright for you to provide them as per requested because of their claims and are thus trustworthy?
No
YOU ARE CORRECT!!!
4/10 -- Human Vulnerabilities
Right answer (B): No
If the caller claims to be from a bank, they should have all the required details / information on you and would not need you to verify your identity. It is very likely to be a phishing call and you should end the call immediately. A bank or government agency would never ask for personal information / details if they are the caller. Source: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management version 1.0: Data Processing Policies, Processes, and Procedures (CT.PO-P) & NIST SP 800-12 REV. 14.1.1 Fraud and Theft
next qn
Sorry, wrong answer selected...
4/10 -- Human Vulnerabilities
Right answer (B): No
If the caller claims to be from a bank, they should have all the required details / information on you and would not need you to verify your identity. It is very likely to be a phishing call and you should end the call immediately. A bank or government agency would never ask for personal information / details if they are the caller. Source: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management version 1.0: Data Processing Policies, Processes, and Procedures (CT.PO-P) & NIST SP 800-12 REV. 14.1.1 Fraud and Theft
next qn
5/10 -- Human Vulnerability
Apologize and politely decline his request as it is usually against company policy to share user credentials with someone else.
You are on leave and your colleague called you up, urgently requesting to use your credentials to access some files in your computer. What should you do?
Share your user credentials with him as you have both been colleagues for some years, making him trustworthy.
YOU ARE CORRECT!!!
5/10 -- Human Vulnerability
Right answer (A): Politely decline his request
It is never all right to share your user credentials with anyone. This action not only typically violates company and privacy policies, it also compromises oneself when revealing such sensitive information to others, regardless of who or what their position is. Source: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management version 1.0: Data Processing Policies, Processes, and Procedures (CT.PO-P) & NIST SP 800-12 REV.1 4.2.3 Impacts to Personal Privacy of Information Sharing
next qn
Sorry, wrong answer selected...
5/10 -- Human Vulnerability
Right answer (A): Politely decline his request
It is never all right to share your user credentials with anyone. This action not only typically violates company and privacy policies, it also compromises oneself when revealing such sensitive information to others, regardless of who or what their position is. Source: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management version 1.0: Data Processing Policies, Processes, and Procedures (CT.PO-P) & NIST SP 800-12 REV.1 4.2.3 Impacts to Personal Privacy of Information Sharing
next qn
6/10 -- Human Vulnerability
Join in the conversation as the work you do is unimportant and you do not wish to feel left out.
You are having lunch in a public cafeteria with your colleagues, when suddenly one of your colleagues starts a conversation about the R&D project. What should you do?
Politely end the conversation and change the topic to something that is not work-related
YOU ARE CORRECT!!!
6/10 -- Human Vulnerability
Right answer (B): End the conversation and Change topic
Because you are in a public area, it is not all right to speak about work-related topics, especially confidential ones like the company's R&D project, due to accidental exposure of company secrets, which might lead to severe consequences - e.g., sudden counter proposals by competitors or revealing of company operations Source: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management version 1.0: Data Processing Policies, Processes, and Procedures (CT.PO-P) & NIST SP 800-12 REV.1 4.2.3 Impacts to Personal Privacy of Information Sharing
next qn
Sorry, wrong answer selected...
6/10 -- Human Vulnerability
Right answer (B): End the conversation and Change topic
Because you are in a public area, it is not all right to speak about work-related topics, especially confidential ones like the company's R&D project, due to accidental exposure of company secrets, which might lead to severe consequences - e.g., sudden counter proposals by competitors or revealing of company operations Source: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management version 1.0: Data Processing Policies, Processes, and Procedures (CT.PO-P) & NIST SP 800-12 REV.1 4.2.3 Impacts to Personal Privacy of Information Sharing
next qn
7/10 -- Physical Vulnerability
Just leave the premises without locking and cleaning up your work desk and quickly attend to the urgent matter. You are sure you will return within 5 minutes.
You are working in the office and need to momentarily leave the office to attend to some urgent matters. You should:
Log off your computer, clean up your desk, and lock up all documents into your cabinet before leaving the office to attend to the urgent matter.
YOU ARE CORRECT!!!
7/10 -- Physical Vulnerability
Right answer (B): Log off your computer, clean up your desk, and lock up all documents into your cabinet before leaving the office to attend to the urgent matter.
It is crucial to ensure that you have securely logged off and secured all company information assets and property (e.g., computers, documents, cabinets) even if you are not working alone in the office and you are only temporarily leaving for a short while.
next
Sorry, wrong answer selected...
7/10 -- Physical Vulnerability
Right answer (B): Log off your computer, clean up your desk, and lock up all documents into your cabinet before leaving the office to attend to the urgent matter.
It is crucial to ensure that you have securely logged off and secured all company information assets and property (e.g., computers, documents, cabinets) even if you are not working alone in the office and you are only temporarily leaving for a short while.
next
7/10 -- Physical Vulnerability
Right answer (B): Log off your computer, clean up your desk, and lock up all documents into your cabinet before leaving the office to attend to the urgent matter.
This deters unauthorized access and use of company information assets and property by any malicious users. Failure to do so could cause potential damage such as data theft and sabotage. Source: ISO 27001 / ISO 22301 :A.11.2.9 Clear Desk & Screen PolicyClear Desk and Clear Screen Policy
next qn
8/10 -- Physical Vulnerability
Respect the visitor's rights to use the restroom and leave them alone to their private matters.
You are currently assigned to escort a potential employee within WA Oil & Gas Inc. main headquarters for a business contract discussion, when the visitor requests for a quick trip to the restroom. It has been 15 minutes and he/she is still not out. What should you do?
Go to the restroom to check on the visitor or ask someone to check if inconvenient (i.e., different sex)
YOU ARE CORRECT!!!
8/10 -- Physical Vulnerability
Right answer (B): Check on the visitor
It is crucial to ensure that the visitor you are escorting is always within your field of vision. This ensures the safety of both company properties and assets as well as the visitor. Visitor's perspective - they could get lost due to their unfamiliarity with the layout of the building premise. Company's perspective - Prevent any illegal / unauthorized access of sensitive information from visitors Source: ISO 27001:2013 A.11.1.1 Physical security perimeter & NIST SP 800-53 PE-3 Physical Access Control 3.10.3
next QN
Sorry, wrong answer selected...
8/10 -- Physical Vulnerability
Right answer (B): Check on the visitor
It is crucial to ensure that the visitor you are escorting is always within your field of vision. This ensures the safety of both company properties and assets as well as the visitor. Visitor's perspective - they could get lost due to their unfamiliarity with the layout of the building premise. Company's perspective - Prevent any illegal / unauthorized access of sensitive information from visitors Source: ISO 27001:2013 A.11.1.1 Physical security perimeter & NIST SP 800-53 PE-3 Physical Access Control 3.10.3
next Qn
9/10 -- Current Policies & Procedures
Attend to my work first and then alert my direct superiors and Security team later to report on the lost company pass
You have misplaced your company pass in the company building restroom. What should you do?
Alert my direct superiors and Security team immediately to report on the lost company pass
YOU ARE CORRECT!!!
9/10 -- Current Policies & Procedures
Right answer (B): Alert my direct superiors and Security team immediately to report on the lost company pass
Losing any security access pass or identification pass is a severe matter and the relevant people (i.e. direct superiors, security team) should immediately be informed. Should these passes be picked up, they could be used to infiltrate, impersonate, and carry out unauthorized duplication of such passes for future malicious usage, compromising the security of the assets within the building premise.
next
Sorry, wrong answer selected...
9/10 -- Current Policies & Procedures
Right answer (B): Alert my direct superiors and Security team immediately to report on the lost company pass
Losing any security access pass or identification pass is a severe matter and the relevant people (i.e. direct superiors, security team) should immediately be informed. Should these passes be picked up, they could be used to infiltrate, impersonate, and carry out unauthorized duplication of such passes for future malicious usage, compromising the security of the assets within the building premise.
next
9/10 -- Current Policies & Procedures
Right answer (B): Contact direct superior and the security post immediately
The quicker the relevant personnel are alerted, the faster the rectification acts can be implemented, which in turn minimizes damages and loss. Source: NIST 800-63B6.2 Loss, Theft, Damage, and Unauthorized Duplication
next qn
10/10 -- Current Policies & Procedures
WA Oil & Gas Inc. management requires you to change your password to one with a minimum of 8 characters long. For simplicity sake, is it okay for you to use your date of birth as your password (dd/mm/yyyy)?
Yes
No
10
YOU ARE CORRECT!!!
10/10 - Current Policies & Procedures
Right answer (B): No
Using your birthdate is a strict NO even if it is not enforced by the company because it can be easily guessed, resulting in unauthorized access to your account.
next
10
Sorry, wrong answer selected...
10/10 - Current Policies & Procedures
Right answer (B): No
Using your birthdate is a strict NO even if it is not enforced by the company because it can be easily guessed, resulting in unauthorized access to your account.
next
10
10/10
Right answer (B): No
A good password combination would generally consist of: 1. A mix of upper and lower case letters 2. Symbols and Signs (i.e. !@#$%) 3. A mix of numbers and letters 4. At least 8 characters long Source:NIST 800-63B5.1.1.2 Memorized Secret Verifiers
THE END!!
Congratulations!
We have come to the end of the Security Awareness Quiz. THANK YOU for your participation!
play again?
Vulnerability Quiz
esmekhoo90
Created on July 15, 2021
ICT380 Vulnerability Quiz
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Smart Quiz
View
Essential Quiz
View
Practical Quiz
View
Akihabara Quiz
View
Piñata Challenge
View
Math Calculations
View
Pixel Challenge
Explore all templates
Transcript
SECURITY AWARENSS QUIZ
Short Security Awareness Quiz Session for WA Oil & Co.
START
1/10 -- Technical Vulnerability
Pay the ransom
If a hacker locked the device(s) containing the R&D data with ransomware, what should I do?
Do not pay the ransom
YOU ARE CORRECT!!!
1/10 -- Technical Vulnerability
Right answer (B):
There is no guarantee that the hacker will unlock the device(s) upon receiving the ransom.The ransomware could still be lurking within the computer system even after paying off the ransom, resulting in possible future attacks.
next
Sorry, wrong answer selected...
1/10 -- Technical Vulnerability
Right answer (B):
There is no guarantee that the hacker will unlock the device(s) upon receiving the ransom.The ransomware could still be lurking within the computer system even after paying off the ransom, resulting in possible future attacks.
next
1/10 -- Technical Vulnerability
Right answer (B):
Therefore, it is essential to regularly back up your data and files. This ensures a quick recovery with minimal loss in the event of a ransomware attack as recommended by the ISO 27001:2013 under Control A.12.3.1 (Information backup)
next qn
2/10 -- Technical Vulnerability
αpple.com
Which of the following is a phishing website?
apple.com
YOU ARE CORRECT!!!
2/10 -- Technical Vulnerability
Right answer (A): αpple.com
The letter "α" of αpple.com is the lowercase greek letter for Alpha to disguise as the legitimate website. The legitimate website uses the English basic latin alphabet "a" (apple.com) Source: NIST SP 800-12 REV. 14.1.1 Fraud and Theft
next qn
Sorry, wrong answer selected...
2/10 -- Technical Vulnerability
Right answer (A): αpple.com
The letter "α" of αpple.com is the lowercase greek letter for Alpha to disguise as the legitimate website. The legitimate website uses the English basic latin alphabet "a" (apple.com) Source: NIST SP 800-12 REV. 14.1.1 Fraud and Theft
next qn
3/10 -- Technical Vulnerability
Disconnect the computer from the internet and report to the security team
One day at work, you noticed that your computer is unusually slow. You decide to open the task manager and notice an increased CPU usage by an unknown program. What should you do?
Run a malware scanner by and attempt to fix the computer by oneself
YOU ARE CORRECT!!!
3/10 -- Technical Vulnerability
Right answer (A): Disconnect the computer from the internet and report to the security team
Upon discovery of infection with malware, one should immediately report the issue to the relevant personnel (i.e. direct superiors, IT department), so that countermeasures can be taken as soon as possible to minimize the damages and impact.
next
Sorry, wrong answer selected...
3/10 -- Technical Vulnerability
Right answer (A): Disconnect the computer from the internet and report to the security team
Upon discovery of infection with malware, one should immediately report the issue to the relevant personnel (i.e. direct superiors, IT department), so that countermeasures can be taken as soon as possible to minimize the damages and impact.
next
3/10 -- Technical Vulnerability
Right answer (A): Disconnect the computer from the internet and report to the security team
Additionally, any attempts to rectify an infected computer by oneself may lead to greater damages, especially when one is untrained or does not specialize in handling malware attacks. Source: NIST SP 1800-26B: Data Integrity Detecting and Responding to Ransomware and Other Destructive Events Annex 4.1.2.4 Mitigation and Containment & 4.1.2.6 Reporting
next qn
4/10 -- Human Vulnerability
Yes
If you received a phone call, which claims to be from a bank, asking for your personal details, is it alright for you to provide them as per requested because of their claims and are thus trustworthy?
No
YOU ARE CORRECT!!!
4/10 -- Human Vulnerabilities
Right answer (B): No
If the caller claims to be from a bank, they should have all the required details / information on you and would not need you to verify your identity. It is very likely to be a phishing call and you should end the call immediately. A bank or government agency would never ask for personal information / details if they are the caller. Source: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management version 1.0: Data Processing Policies, Processes, and Procedures (CT.PO-P) & NIST SP 800-12 REV. 14.1.1 Fraud and Theft
next qn
Sorry, wrong answer selected...
4/10 -- Human Vulnerabilities
Right answer (B): No
If the caller claims to be from a bank, they should have all the required details / information on you and would not need you to verify your identity. It is very likely to be a phishing call and you should end the call immediately. A bank or government agency would never ask for personal information / details if they are the caller. Source: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management version 1.0: Data Processing Policies, Processes, and Procedures (CT.PO-P) & NIST SP 800-12 REV. 14.1.1 Fraud and Theft
next qn
5/10 -- Human Vulnerability
Apologize and politely decline his request as it is usually against company policy to share user credentials with someone else.
You are on leave and your colleague called you up, urgently requesting to use your credentials to access some files in your computer. What should you do?
Share your user credentials with him as you have both been colleagues for some years, making him trustworthy.
YOU ARE CORRECT!!!
5/10 -- Human Vulnerability
Right answer (A): Politely decline his request
It is never all right to share your user credentials with anyone. This action not only typically violates company and privacy policies, it also compromises oneself when revealing such sensitive information to others, regardless of who or what their position is. Source: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management version 1.0: Data Processing Policies, Processes, and Procedures (CT.PO-P) & NIST SP 800-12 REV.1 4.2.3 Impacts to Personal Privacy of Information Sharing
next qn
Sorry, wrong answer selected...
5/10 -- Human Vulnerability
Right answer (A): Politely decline his request
It is never all right to share your user credentials with anyone. This action not only typically violates company and privacy policies, it also compromises oneself when revealing such sensitive information to others, regardless of who or what their position is. Source: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management version 1.0: Data Processing Policies, Processes, and Procedures (CT.PO-P) & NIST SP 800-12 REV.1 4.2.3 Impacts to Personal Privacy of Information Sharing
next qn
6/10 -- Human Vulnerability
Join in the conversation as the work you do is unimportant and you do not wish to feel left out.
You are having lunch in a public cafeteria with your colleagues, when suddenly one of your colleagues starts a conversation about the R&D project. What should you do?
Politely end the conversation and change the topic to something that is not work-related
YOU ARE CORRECT!!!
6/10 -- Human Vulnerability
Right answer (B): End the conversation and Change topic
Because you are in a public area, it is not all right to speak about work-related topics, especially confidential ones like the company's R&D project, due to accidental exposure of company secrets, which might lead to severe consequences - e.g., sudden counter proposals by competitors or revealing of company operations Source: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management version 1.0: Data Processing Policies, Processes, and Procedures (CT.PO-P) & NIST SP 800-12 REV.1 4.2.3 Impacts to Personal Privacy of Information Sharing
next qn
Sorry, wrong answer selected...
6/10 -- Human Vulnerability
Right answer (B): End the conversation and Change topic
Because you are in a public area, it is not all right to speak about work-related topics, especially confidential ones like the company's R&D project, due to accidental exposure of company secrets, which might lead to severe consequences - e.g., sudden counter proposals by competitors or revealing of company operations Source: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management version 1.0: Data Processing Policies, Processes, and Procedures (CT.PO-P) & NIST SP 800-12 REV.1 4.2.3 Impacts to Personal Privacy of Information Sharing
next qn
7/10 -- Physical Vulnerability
Just leave the premises without locking and cleaning up your work desk and quickly attend to the urgent matter. You are sure you will return within 5 minutes.
You are working in the office and need to momentarily leave the office to attend to some urgent matters. You should:
Log off your computer, clean up your desk, and lock up all documents into your cabinet before leaving the office to attend to the urgent matter.
YOU ARE CORRECT!!!
7/10 -- Physical Vulnerability
Right answer (B): Log off your computer, clean up your desk, and lock up all documents into your cabinet before leaving the office to attend to the urgent matter.
It is crucial to ensure that you have securely logged off and secured all company information assets and property (e.g., computers, documents, cabinets) even if you are not working alone in the office and you are only temporarily leaving for a short while.
next
Sorry, wrong answer selected...
7/10 -- Physical Vulnerability
Right answer (B): Log off your computer, clean up your desk, and lock up all documents into your cabinet before leaving the office to attend to the urgent matter.
It is crucial to ensure that you have securely logged off and secured all company information assets and property (e.g., computers, documents, cabinets) even if you are not working alone in the office and you are only temporarily leaving for a short while.
next
7/10 -- Physical Vulnerability
Right answer (B): Log off your computer, clean up your desk, and lock up all documents into your cabinet before leaving the office to attend to the urgent matter.
This deters unauthorized access and use of company information assets and property by any malicious users. Failure to do so could cause potential damage such as data theft and sabotage. Source: ISO 27001 / ISO 22301 :A.11.2.9 Clear Desk & Screen PolicyClear Desk and Clear Screen Policy
next qn
8/10 -- Physical Vulnerability
Respect the visitor's rights to use the restroom and leave them alone to their private matters.
You are currently assigned to escort a potential employee within WA Oil & Gas Inc. main headquarters for a business contract discussion, when the visitor requests for a quick trip to the restroom. It has been 15 minutes and he/she is still not out. What should you do?
Go to the restroom to check on the visitor or ask someone to check if inconvenient (i.e., different sex)
YOU ARE CORRECT!!!
8/10 -- Physical Vulnerability
Right answer (B): Check on the visitor
It is crucial to ensure that the visitor you are escorting is always within your field of vision. This ensures the safety of both company properties and assets as well as the visitor. Visitor's perspective - they could get lost due to their unfamiliarity with the layout of the building premise. Company's perspective - Prevent any illegal / unauthorized access of sensitive information from visitors Source: ISO 27001:2013 A.11.1.1 Physical security perimeter & NIST SP 800-53 PE-3 Physical Access Control 3.10.3
next QN
Sorry, wrong answer selected...
8/10 -- Physical Vulnerability
Right answer (B): Check on the visitor
It is crucial to ensure that the visitor you are escorting is always within your field of vision. This ensures the safety of both company properties and assets as well as the visitor. Visitor's perspective - they could get lost due to their unfamiliarity with the layout of the building premise. Company's perspective - Prevent any illegal / unauthorized access of sensitive information from visitors Source: ISO 27001:2013 A.11.1.1 Physical security perimeter & NIST SP 800-53 PE-3 Physical Access Control 3.10.3
next Qn
9/10 -- Current Policies & Procedures
Attend to my work first and then alert my direct superiors and Security team later to report on the lost company pass
You have misplaced your company pass in the company building restroom. What should you do?
Alert my direct superiors and Security team immediately to report on the lost company pass
YOU ARE CORRECT!!!
9/10 -- Current Policies & Procedures
Right answer (B): Alert my direct superiors and Security team immediately to report on the lost company pass
Losing any security access pass or identification pass is a severe matter and the relevant people (i.e. direct superiors, security team) should immediately be informed. Should these passes be picked up, they could be used to infiltrate, impersonate, and carry out unauthorized duplication of such passes for future malicious usage, compromising the security of the assets within the building premise.
next
Sorry, wrong answer selected...
9/10 -- Current Policies & Procedures
Right answer (B): Alert my direct superiors and Security team immediately to report on the lost company pass
Losing any security access pass or identification pass is a severe matter and the relevant people (i.e. direct superiors, security team) should immediately be informed. Should these passes be picked up, they could be used to infiltrate, impersonate, and carry out unauthorized duplication of such passes for future malicious usage, compromising the security of the assets within the building premise.
next
9/10 -- Current Policies & Procedures
Right answer (B): Contact direct superior and the security post immediately
The quicker the relevant personnel are alerted, the faster the rectification acts can be implemented, which in turn minimizes damages and loss. Source: NIST 800-63B6.2 Loss, Theft, Damage, and Unauthorized Duplication
next qn
10/10 -- Current Policies & Procedures
WA Oil & Gas Inc. management requires you to change your password to one with a minimum of 8 characters long. For simplicity sake, is it okay for you to use your date of birth as your password (dd/mm/yyyy)?
Yes
No
10
YOU ARE CORRECT!!!
10/10 - Current Policies & Procedures
Right answer (B): No
Using your birthdate is a strict NO even if it is not enforced by the company because it can be easily guessed, resulting in unauthorized access to your account.
next
10
Sorry, wrong answer selected...
10/10 - Current Policies & Procedures
Right answer (B): No
Using your birthdate is a strict NO even if it is not enforced by the company because it can be easily guessed, resulting in unauthorized access to your account.
next
10
10/10
Right answer (B): No
A good password combination would generally consist of: 1. A mix of upper and lower case letters 2. Symbols and Signs (i.e. !@#$%) 3. A mix of numbers and letters 4. At least 8 characters long Source:NIST 800-63B5.1.1.2 Memorized Secret Verifiers
THE END!!
Congratulations!
We have come to the end of the Security Awareness Quiz. THANK YOU for your participation!
play again?