PEI Provider IT Security Awareness Training - Knowledge Check

Please complete the following quiz as a knowledge check to verify completion of the PEI IT Security Awareness Webinar.

Once you complete the quiz, be sure to print your results page and save with your other PEI contract documents. Under your PEI contract, it is your organization's responsibility to provide documentation of training completion for contract compliance and monitoring purposes.

Question Title

* 1. Please enter your contact information so we can record your score and completion.

Name

Organization

Email Address

Question Title

* 2. You get out of your car in the office parking lot and find a flash drive lying on the pavement. It's labeled "Payroll 3rd Qtr." What should you do with it?

Take it to Accounting to see if it belongs to them.

Take it to your IT department and let them know exactly where you found it.

Plug it into your own computer to see if you can figure out who it belongs to.

Pick it up and throw it away so that the next guy doesn't get tricked.

Question Title

* 3. You receive an email stating that you have been opted in to a company-wide blood-drive and are asked to click on a link to confirm your participation. Which of the following is the biggest red flag? Choose the answer you feel best applies.

Did it ask you to take an action?

Did it prey upon your desire to help?

Did it seem a bit odd that you were automatically scheduled?

Was the email unexpected?

Question Title

* 4. What is the key thing to remember when you are asked to download a file?

Do I know the sender of the file, and did I confirm with them that they sent it?

Never download a file unless you are sure the source is secure.

Did I ask for it? If not, look at it with suspicion.

All of the Above

Question Title

* 5. Each of the images below are a screenshot of an email. After reviewing the emails, select the one that you think contains the most phishing red flags. (You may need to use your browser's zoom functionality to read the messages)

Question Title

* 6. Below are three transcripts of phone messages. After reading all of the messages, select the one you think contains the most vishing red flags.

Hi, this is Jen from Printerhelp. The boss asked me to call you about that problem with your printers. He didn't mention it to you? Well, he said I needed to get it fixed ASAP. Thanks, now go to www.PrinterHelp.com and once you are there, download "PrintTest". Yeah that's the one. Now go ahead and download it.

Hi, I'm Sal. Your boss asked me to call you. He said that you guys would be willing to post my information on your employee bulletin board. Yeah. Well, I'm sure he just forgot to tell you. It's for the grand opening of our new restaurant. Yeah, of course I can bring the flyers to you.

Hi, is this Wilma? Oh, sorry. I must have the name wrong. I'm calling to reach whoever is in charge of your vending machine service. Someone called from your place asking for healthier snack choices. Can you direct me to the right person?

Question Title

* 7. The images below are three different text messages you received. After reviewing all three messages, select the one that you think contains the most smishing red flags. (You may need to use your browser's zoom functionality to read the messages)

Question Title

* 8. Tailgating is a form of what type of attack?

Physical

Spear phishing

Malware

Vishing

Question Title

* 9. Hackers most likely have information about you that they use to make their con more convincing. They gain this information through:

Gaining access to your company's HR system through hacking into the network

Data breaches, social media, and other forms of information available on the internet

Attending hacker conferences where they exchange information

Using a chat app to ask questions of hackers within your organization already

Question Title

* 10. What is the most likely to be a possible physical attack?

A street musician is offering free USBs of his music outside your office.

A vendor that you have done business with hands you a USB stick at a conference.

IT provides you with a USB to install new software on your computer.

You visit a free music site to stream music.

Question Title

* 11. Hackers know that most attacks require you to do this for them to work:

Click a link

Take an action

Enter a password

Open an attachment

Question Title

* 12. The art of manipulating, influencing, or deceiving you into taking some action that isn't in the best interest of you or your organization is:

The threat landscape

Cybercrime

Hacking

Social engineering

Question Title

* 13. Which of the following is an example of PII?

John Smith, www.johnsmithwebsite.com

J. Smith, SS# 123-45-4459

John Smith, Capricorn

John S., Visa #3775561802553991

Question Title

* 14. Which of the following is a valid reason why you should take care to protect and safely handle sensitive information?

Cybercriminals could steal information to sell it on the black market and compromise our security.

Various laws and regulations require us to protect customer and coworker information.

The organization could be exposed to penalties and lawsuits if I do not protect sensitive information.

Ethically, it's just the right thing to do.

My own personal information is also being stored here and must be protected.

All of the above.

Question Title

* 15. You find a thumb drive in the men's room with a label "Layoffs for third quarter". What type of attack does this represent?

Spear-phishing

Phishing

Smishing

Vishing

USB

Question Title

* 16. You receive a text message from your bank asking you to click on the link provided to activate your new credit card. What type of attack does this represent?

Spear-phishing

Vishing

Smishing

USB

Phishing

Question Title

* 17. You receive an email from your bank telling you that your password has expired. It asks you to click on the link to reset it. What type of attack does this represent?

Smishing

Vishing

USB

Phishing

Spear-phishing

Question Title

* 18. You receive an email that looks like it's coming from your college alumni association asking you to download the new calendar. But you know the calendar is on their website, not in a pdf. What type of attack does this represent?

Vishing

Smishing

USB

Spear-phishing

Phishing

Question Title

* 19. You receive a voicemail that sounds like it's from your customer support for your cell phone provider asking you to call them back to avoid having your service interupted. What type of attack does this represent?

USB

Spear-phishing

Vishing

Smishing

Phishing

Question Title

* 20. You've received a text from your banking asking you to call the number provided to verify recent charges. Which scenario reflects the most secure approach?

Call the bank using the number you've located from a web search or the one on the back of your card.

Call the number and ask them to verify your account information before you answer any questions.

Call the number in the text and ask to speak with the manager.

Delete the text because you think it might be a smishing attack.

Question Title

* 21. Which of the following is LEAST likely to be the start of a social engineering attack?

A fellow you aren't familiar with tells you he's been sent by IT to install updates to your computer. He lets you know it will take about 20 minutes and feel free to take a short break while he does it.

You are in the elevator on your way to work and you see a nice looking thumb drive on the floor of the elevator.

You are at a marketing conference and a fellow attendee attending the same seminar asks you which company you work for.

While waiting for coffee near your work, a fellow patron asks you where you work. He tells you he's on his way to interview there. He follows you back to work chatting about the company. He assumes you will let him in using your access code.