Quiz: Security awareness for end users

Give this quiz to your end users and find out how much they really know about security.



Studies show that a company's biggest security threat is its own employees. The SANS Institute recommends that organizations should take time to educate their employees about computer security and periodically test employees to make sure they understand the basics. To help you in your efforts to raise security awareness in your organization, we've created the following quiz.

How to take the quiz:
- After reading the question, click on the answer that you think is correct to go to the whatis.com definition. If the answer you've chosen is correct, you will see the question text or an approximation of it somewhere in the definition.
OR
- After reading the question, write down the letter of your answer choice on scrap paper. Check your answers by using the answer key at the end of the quiz.

Are you the weakest link?

1. This is a document that states in writing how a company plans to protect the company's physical and IT assets.
a. Data Encryption Standard
b. security policy
c. public key certificate
d. access control list
e. copyright

2. This is a program or file that is specifically developed for the purpose of doing harm.
a. buffer overflow
b. bastion host
c. malware
d. ping sweep
e. passphrase

3. This is a set of related programs, usually located at a network gateway server, that protects the resources of a private network from other networks.
a. firewall
b. sandbox
c. rootkit
d. password cracker
e. general protection fault

4. This is a class of programs that searches your hard drive and floppy disks for any known or potential viruses.
a. intrusion detection
b. Security Identifier
c. Antigen
d. probe
e. antivirus software

5. In computer security, this describes a non-technical kind of intrusion that relies heavily on human interaction. It often involves tricking people to break their own security procedures.
a. cyberterrorism
b. debugging
c. hijacking
d. nonrepudiation
e. social engineering

6. This is a program in which malicious or harmful code is contained inside apparently harmless programming or data.
a. war dialer
b. spam trap
c. smurf
d. Trojan horse
e. walled garden

7. This is the process of determining whether someone or something is, in fact, who or what it is declared to be.
a. conditional access
b. anonymizer
c. bypass
d. user profile
e. authentication

8. This is the conversion of data into a ciphertext that cannot be easily understood by unauthorized people.
a. brute force cracking
b. tunneling
c. encryption
d. ciphertext feedback
e. cloaking

9. To be effective, this should ideally contain at least one digit and not match a natural language word.
a. digital signature
b. smart card
c. public key
d. password
e. signature file

10. This is an agreement a company may ask an employee to sign that specifies what is considered to be appropriate (or inappropriate) use of e-mail or Web browsing.
a. RSA
b. AUP
c. SET
d. VPN
e. PKI

SCROLL DOWN FOR ANSWER KEY

















ANSWER KEY: 1b;2c;3a;4e;5e;6d;7e;8c;9d;10b

This was last published in May 2002

Dig Deeper on Security Awareness Training and Internal Threats-Information

Quiz: Cryptography OK, boys and girls! Do you have your secret decoder handy? Here's this week's special message. OK, boys and girls! Do you have your secret decoder handy? Here's this week's special message." (Radio message to subscribed members of the Lone Ranger Club, circa 1943.) How to take the quiz: - After reading the question, click on the answer that you think is correct to go to the whatis.com definition. If the answer you've chosen is correct, you will see the question text (or a paraphrase of it) somewhere in the definition. OR - Check your answers by using the answer key at the end of the quiz. This is an encryption/decryption key known only to the party or parties that exchange secret messages. a) e-signature b) digital certificate c) private key d) security token 2) This was commonly used in cryptography during World War II. a) tunneling b) personalization c) van Eck phreaking d) one-time pad 3) Today, many Internet businesses and users take advantage of cryptography based on this approach. a) public key infrastructure b) output feedback c) Encrypting File System d) single signon 4) This is the name for the issuer of a PKI certificate. a) man in the middle b) certificate authority c) Resource Access Control Facility d) script kiddy 5) Developed by Philip R. Zimmermann, this is the most widely used privacy-ensuring program by individuals and is also used by many corporations. a) DSS b) OCSP c) Secure HTTP d) Pretty Good Privacy 6) This is the encryption algorithm that will begin to supplant the Data Encryption Standard (DES) - and later Triple DES - over the next few years as the new standard encryption algorithm. a) Rijndael b) Kerberos c) Blowfish d) IPsec 7) This is the inclusion of a secret message in otherwise unencrypted text or images. a) masquerade b) steganography c) spoof d) eye-in-hand system 8) In password protection, this is a random string of data used to modify a password hash. a) sheepdip b) salt c) bypass d) dongle 9) This is a mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value and vice versa. a) footprinting b) hash function c) watermark d) Electronic Code Book 10) This is a trial and error method used to decode encrypted data through exhaustive effort rather than employing intellectual strategies. a) chaffing and winnowing b) cryptanalysis c) serendipity d) brute force cracking Click here for answer key or take another quiz!

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close