SANS ASLP Security Awareness Training Study Guide
What method would a cyber attacker use to infect a system with malware?
Tricking a person into opening an infected file attached to a message.
Which of the following is needed for a computer system or device to be vulnerable to malware?
An Internet connection
Which of the following is the most likely indicator of a phishing attack?
An urgent email claiming to be from a coworker, but was sent from a personal email address, such as one from @gmail.com.
Which of the following is an effective way for you to protect our organization against hackers?
Be suspicious of emails from external sources
Felicia in Human Resources receives an urgent email from her boss stating that the database containing all employees' tax information is inaccessible. She is asked to reply with all employees' tax information to avoid paying substantial late fees. What should she do?
Call her boss to confirm whether her boss sent the email requesting employee tax information.
What should you do if you are worried about using a potentially outdated Internet browser?
Contact the help desk or your security team if you have questions about the use or status of your system's software.
What is the best way to keep our organization secure when using social networking tools?
Do not post or share confidential information that could be used against our organization.
Rudy accidentally sent a sensitive work report to a friend named James instead one of his co-workers, who is also named James. What should Rudy have done to prevent this?
Double check the TO address before hitting the send button.
Which of the following is the best example of a strong and memorable password?
Elphant-Blue-42 (something Like this)
What is the most important reason you should not attempt to fix a hacked computer, device, or work account by yourself?
Evidence needed to investigate and address the system compromise might be corrupted.
Under which conditions is it appropriate to store work-related information on your mobile device?
Formal approval and a secure configuration
Why is it important to use a strong, unique passphrase for each of your social networking accounts?
If a cyber attacker compromises the password to one of your accounts, your other accounts will still be secure.
Why is it important to update your mobile device to have the latest versions of its operating system and applications?
It provides access to new security features and fixes for known vulnerabilities.
Why it is important to add two-step verification to all accounts that offer it?
It provides an extra layer of protection beyond just a password.
Under which condition may you install software on systems owned by the organization?
It's licensed and authorized according to organizational policy.
Why is it important to disable Wi-Fi and Bluetooth when you are not using them?
Mobile devices can automatically connect to dangerous wireless networks.
Which type of malware prevents you from accessing files stored on your computer?
Ransomware
Joe is browsing the web and notices the light by his webcam is on. The website he is on did not ask permission to access his webcam and he knows he did not turn it on. What should Joe do?
Report the possible malware attack.
What should you do with sensitive data that the organization no longer needs to retain for business use or legal reasons?
Securely dispose of the physical or digital data.
Phishing is what type of attack?
Social engineering
Who or what should be held responsible when sensitive data is mishandled?
The individual making use of the data.
What is the purpose of a password manager?
The secure storage and retrieval of multiple passwords.
Which of the following is the best way to confirm that your connection to a website is encrypted?
There is a padlock icon in the status bar.
Which of the following provides the most protection against malware?
Updates
Which of the following is the best way to create a strong password?
Use a long and unique passphrase.
You receive an email that appears to come from the help desk asking for your password so a critical update can be installed on your computer. What should you do?
You suspect the email may be a phishing attack, so you report it immediately.
Which of the following is an example of two-step verification?
A one-time code sent via text message to your mobile device.
What does HTTPS mean?
Data transmitted between the browser and web server is encrypted.
How do targeted attacks differ from common opportunistic attacks?
Targeted attackers research their victims in order to launch customized attacks.
One of your friends sends you a message on a social networking site to tell you that they're currently traveling abroad and were mugged. They're asking you to wire them money, and they provide a link to their account. What should you do?
Call your friend using a trusted phone number.
Cybercriminals are planning a targeted attack on an organization's groundbreaking research data. Colin is an entry-level accounting employee at the organization. What is the most likely risk posed by Colin in this scenario?
Colin is used as a stepping stone to gain initial access to the network.
After visiting several websites, your computer exhibits behavior you recognize from your security awareness training as a sign of a hacked system. What should you do next?
Follow your organization's procedure for reporting the system behavior.
Which of the following is the best way to keep sensitive data private when using social networking?
If it's highly sensitive or private, simply don't post it.
You receive an email from your bank informing you that their privacy policy has been updated and asking you to review it on their website. What is the safest way to visit your bank's website?
Open your browser and click on a bookmark you saved earlier for your bank's website.
