1. What does the https:// at the beginning of a URL denote, as opposed to "http://" (without the s)?

Select one:
a. That the site has special high definition
b. That information entered into the site is encrypted
c. That the site is the newest version available
d. That the site is not accessible to certain computers
e. None of the above

2. A company that you deal with often sends you an email that looks somewhat different than normal and
asks for personal information and provides a link to enter your login id/password. What should you do?
Select one:
a. Reply to the email to clarify the link with the sender
b. Forget the email and don't do business with them anymore
c. Call the business and verify that the email is from them but still dont respond to the email
d. Reply to the email with the requested information

3. Before you make a purchase online, you should look for:

Select one:
"https" preceding the web address
a. A padlock symbol signifying that the site is secure
b. A place to enter your credit card number
c. All of the above
d. Answers A and B

4. You've just received an email from ISD. It is an urgent mail requesting your email password due to some
unforeseen problems they are trying to resolve. Your reaction is to:
Select one:
a. You follow the instruction as you are a team player! You send your password immediately so they
can get it all fixed.
b. This is suspicious. You contact STMC (Security Threat Monitoring Center) via GDSC
c. You wait for the reminder from ISD if it is urgent

5. You've just received an email from an internal user @oocl.com account without his email banner. It is an
urgent mail requesting fund transfer to his VIP customer account. You know the sender in person. Your
reaction is to:
Select one:
a. You verify the request on email by simply replying the email
b. You send a separate email by selecting his email address from our email address book to verify the
request with the intended recipient's sender.
c. You know the sender; therefore, you follow the instruction as it is a VIP customer

6. One day when looking at your e-mail inbox, you find you have received an email from a friend you have not
heard from for at least one year. When you open the email the text says Hi, please click here
http://shorturl.jhdsuyc.com, there is surprise for you.

What would you do in such scenario?

Select one:
a. You click on the link since you know the sender (friend) of the email
b. You do nothing with the email and certainly, you dont click on the link
c. You click on the link only if it looks somehow familiar to you
d. You call your friend to verify if the email was sent by your friend.
7. You are having a business trip to Singapore till the end of this month. Which one of the following Out-of-
Office messages is considered to be the worst template:
Select one:
a. I am not available right now and might not reply your email timely. For any urgent issue, please
contact my assistant Mary Wong.
b. I am now on business trip and might not reply your email timely. For any urgent issue, please
contact my assistant [email protected].
c. I am on business trip to Singapore and will be back June 1. I might not reply your email timely.
For any urgent issue, please contact my assistant [email protected].

8. The message said that youve won the lottery and the company is asking you specific personal and
banking details so that they could lodge a large sum of money in your bank account. These emails are a
common type of cyber-attack that goes by the name of..
Select one:
a. Social Engineering
b. Phishing
c. Spyware

9. You get a call from someone claiming to be from the electric company saying your electric bill is overdue.
They ask for your account number for verification purposes, and your credit card number. Why is this
probably a scam?
Select one:
a. You dont recall getting any past-due notices
b. A representative would have your account number on screen and would never ask for a credit
card number
c. Youre pretty sure you paid your last bill

10. Both email attachments and downloaded files can spread malware.
Select one:
a. False
b. True

11. Why might someone break into (hack) your computer?

Select one:
a. They don't like you
b. To commit a crime
c. Random vandalism
d. To use it to distribute porn, malicious programs, etc
e. All of the above

12. A friend of yours tells you that you should start downloading all the great free games and files on the
internet. You suggest that:
Select one:
a. You need to be very careful as not all links or downloads are what they seem to be
b. It really is great to check out all the free things online
c. You should download as many files as your hard drive can store

13. A user has brought her company laptop back from a business trip and the user indicates the laptop is not
acting correctly and might have a virus. Which of the following should be performed?

Select one:
a. Connect the laptop to the network and scan the laptop.
 b. Backup the users hard drive to a new laptop.
c. Use bootable media to run an antivirius scan on the laptop.
d. Reinstall the operating system

14. The first thing you can do to avoid malware is:

Select one:
a. Don't download anything from the web
b. Install antivirus software and keep it updated
c. Don't open email attachments

15. If you use a public computer, before leaving you should:

Select one:
a. Log out of your VPN session
b. Delete any confidential files you downloaded, and empty the recycle bin
c. Clear the browser history and close the browser
d. All of the above

16. What is phishing?

Select one:
a. A way to send spam mail to millions of people at once
b. A decryption method that uses complex algorithms
c. A method of online identity theft

17. [___] protects data contents, while [___] ensures that data has not been tampered with.
Select one:
a. Integrity, confidentiality
b. Availability, scalability
c. Scalability, availability
d. Confidentiality, integrity

18. Criminals access someones computer and encrypt the users personal files and data. The user is unable to
access this data unless they pay the criminals to decrypt the files. This practice is called
Select one:
a. Botnet
b. Ransomware
c. Driving
d. Spam
e. None of the above

19. Cybersecurity today is all about risk management, which means:

Select one:
a. Eliminating risks where possible
b. Mitigating risk where possible
c. Knowingly accepting certain risks
d. All of the above

20. You have noticed that your computer is acting erratically and normal tasks (e.g., open a
document/application), are taking a little bit longer to perform.
So you called a friend of yours who is a computer technician and always helps you when your computer has
problems. After a careful inspection, he told you that your computer has been infected by a Trojan Horse.

You wonder what a Trojan Horse could be?

Select one:
 a. It is a malfunction of the software that makes it difficult to navigate the Internet
b. It is a malicious software that allows other programs to control your computer by misleading users
of its true intent
c. It is a computer virus that frequently attack computers

21. It is safe to access websites with sensitive information, such as banking or credit card companies, while
using a public Wi-Fi network, as long as the website is secured by "https."
Select one:
a. True
b. False

22. What kind of cybersecurity risks can be minimized by using a Virtual Private Network (VPN)?
Select one:
a. De-anonymization by network operators
b. Key-logging
c. Phishing attacks
d. Use of insecure Wi-Fi networks

23. It is safe to use an unknown wireless internet connection, such as those in coffee shops.
Select one:
a. False
b. True

24. The most up-to-date security for a home Wi-Fi network is Wired Equivalent Privacy (WEP).
Select one:
a. False
b. True

25. If you create a password and don't think you can remember it, you should:
Select one:
a. Write down a hint that only makes sense to you and keep it secure
b. Tattoo it between your toes
c. Write it down and keep it in a safe place

26. Which one of the following is an example of a good password?

Select one:
a. My daughter Germaines name and her age: Germaine5. I always talk about her
b. I use the same password for everything. Its my phone number. I would never forget either one
and this solves both problems: 59995528654
c. I use a catch phrase about things only I know about. Its I fell in a well on my fourth birthday and I
had a crush on Boy from 1974 to 1978:1f1w0m4b&1hac0Sf74277
d. I love my cats Kiki & Boo. I have their pictures/names on my office wall for everybody to see:
KikiBoo

27. One of your friends has recently been a victim of a social engineering attack since someone has stolen her
username and password for accessing her work email. This name, social engineering looks quite strange
to you as it puts together engineering with social issues.

What does social engineering mean in a security context?

Select one:
 a. It is a form of social deception focused on information gathering, fraud, or system access
b. Someone uses social networks for stealing personal data
c. Building systems that are easy to use for society

28. Facebook is awesome. You can keep up with all of your friends at once and post what is going on in your
life. Being a member of a social networking site, you should:
Select one:
a. Post pictures of your house with street name and house number
b. Let your children have their own account without parental supervision
c. Post your complete birth date
d. Be responsible for your privacy and that of your children on-line

29. On a social networking site such as Facebook, you should:

Select one:
a. Disclose as much personal information as you like
b. Be careful what personal information you post, and use privacy settings
c. Click on all the interesting ads on the side of the page

30. After you have enrolled in Mobile Device Management (MDM), which one of the following data elements
will be collected?
Select one:
a. Browser History
b. Device Location
c. Device Name
d. Call History

31. What should users do to protect their devices before they get lost or stolen?
Select one:
a. Use passcodes/PINs to lock the screen
b. Enable phone-finding and remote-wiping capabilities
c. Set the screen to display the owner's contact information
d. All of the above

32. Which of the following does NOT help with mobile data security?
Select one:
a. Website blacklisting
b. VPN access
c. MDM software
d. Implementing BYOD

33. What should users do to protect their devices before they get lost or stolen?
Select one:
a. Use passcodes/PINs to lock the screen
b. Enable phone-finding and remote-wiping capabilities
c. Set the screen to display the owner's contact information
d. All of the above
34. Internet users are increasingly being tracked and profiled: this is the practice of tailoring online content,
especially advertisements, to visitors based on their inferred interests, or profile. For example, a like
button (such as the one employed by Facebook) tracks users across sites; each time a user visits a site that
contains a Facebook 'Like' button, the social networking site is informed about it even if the user does not
click on this button. This profiling practice however carries some risks among which a relevant one is...

Select one:
a. The risk that your digital identity will be stolen.
b. Profiling endangers your privacy and could lead to irritating consequences such as advertisements
that you are not interested in. e.g. loan application and so on.
c. Mass surveillance.

35. A Cloud storage is a way to keep your file saved on third parties services over the internet. Common
examples are Dropbox or Amazon Cloud Drive. You have been using your personal cloud storage to backup
photographs but you are considering storing documents and some may contain personal information that
you would like to keep secure and private, what steps can you take to ensure that this happens?

Select one:
a. Encrypt files yourself
b. Leave it to your cloud service provider
c. Change the Share settings to a more restricted one

36. A Cloud storage is a way to keep your file saved on third parties services over the internet. Common
examples are Dropbox or Amazon Cloud Drive. Today you have created an account to a personal cloud
storage service to store your photos, documents, videos, and files. When you created the account, you
wanted to find out how your provider keeps all of your files secure and private. What kind of document
would you look for?

Select one:
a. Privacy Policy
b. Terms of Service
c. Acceptable Use Policy

37. One day you received an email from your customer in Russia asking you to login to a website that is related
to his business. The instruction from the website is to enter your OOCL login ID and password. You
followed the instruction but found that you were not able to login. You picked up the phone to call your
customer to verify the matter. He told you he has never sent you an email for a while. You then realized
that you fall in a trap and called STMC via GDSC for help immediately. The STMC agent replied your query
that your account has been turned on O365 MFA. You should be safe for now as long as you have never
disclosed the second authentication to others. The agent then reset your password and blocked the
website on your firewall.

Why do you think your account is safe?

Select one:

a. You are sure that you have never disclosed the second authenication to others
b. With MFA enabled for Office 365, even if someone (or the hackers) outside OOCL network knows
your password, you (and the hackers) can't get access to your account without being able to
generate the one-time unlock code as the second authenication.
c. STMC has been doing a good job. If SMTC confirmed your account has not been compromised, it
should be safe for sure
38. Some websites and online services use a security process called multi-factor authentication. Which of the
following images is an example of the second authentication?

A
39. Which is the feature of RMS to protect information?
Select one:
a. Helps to prevent an authorized viewer from copying, modifying, printing, faxing, or copying and
pasting the content for unauthorized use
b. Restricts access to content to a specified period of time
c. Helps to prevent an unauthorized viewer from viewing the content if it is sent in e-mail after it is
downloaded from the server
d. Restricts the email recipients from forwarding to other
e. All of the above

40. You have uploaded a file to a SharePoint that has been applied IRM protection with read/write restriction
to our team only. You then downloaded the file from the SharePoint and send the document as the
attachment via email to your helper in another team who don't have access to your SharePoint . What
actions can your helper take on the attachment when he received it from the email:
Select one:
a. Cannot Access
b. View and Edit
c. View Only

41. While surfing the Internet, a pop-up ad takes you to a site offering free game for your computer. Whats
your best course of action?
Select one:
a. Do a little research to decide whether its safe to download the game
b. Download it now, and decide later whether to use it or give it to a friend
c. Go ahead and download it you can always uninstall it later if theres problem

42. You just got a new computer which has antivirus software already installed. Is it safe to use on the internet
immediately?
Select one:
a. Maybe
b. No
c. Yes

43. You consider yourself an experienced user of mobile technologies. You have your own smartphone with
which you navigate the Internet and use several apps to get updates for local services, weather, etc., and to
find additional services, e.g., locating the best restaurant in the local area. Often you receive prompts for
installing new apps on your device. To ensure your device and data remain secure and safe, when you
install a new app it is good practice to.
Select one:
a. Block all the app downloads and just use the standard one already on your phone
b. Not use too many apps as the smartphone will become less secure
c. Scrutinize permission requests when using or installing smartphone apps