Chapter 120 · Quiz

Security Awareness — Quiz

Ten questions covering phishing campaigns and click rate measurement, phishing recognition indicators, anomalous behavior categories (risky, unexpected, unintentional), automated monitoring metrics, and security awareness program development and execution components.

1. A company's security team sends simulated phishing emails to all 800 employees. The emails contain a link to a fake login page. The system automatically tracks which employees click the link and how many enter credentials. Employees who click immediately receive an automated message explaining the mistake and are directed to a 15-minute training module. What is the primary purpose of this campaign?
2. A security monitoring system alerts the security team that an employee's account logged in from Brazil at 3 AM local time. The employee has never accessed the system from outside the US, has no travel scheduled, and normal login hours are 8 AM to 6 PM. Which category of anomalous behavior does this represent?
3. A security awareness program tracks the following metrics monthly: what percentage of employees clicked simulated phishing links, what percentage of employees have enrolled in the organization's approved password manager, what percentage of active accounts have MFA enabled, and how many password-sharing incidents were reported. What does tracking these metrics enable the security team to do?
4. During a security review, a user reports that they accidentally typed "arnazon.com" instead of "amazon.com" while shopping on a personal device during lunch. The security team notes that mistyped domain names can redirect users to malicious sites. Which category of anomalous behavior does typing the wrong domain name represent?
5. A security team is building a formal security awareness program. They identify that finance employees need specific training on wire transfer fraud and CEO impersonation attacks, while warehouse employees need training on physical security and device handling. All employees receive baseline phishing recognition training. What program design principle is being applied?
6. A security awareness team receives automated daily reports showing that employee A's workstation uploaded 2.3 GB of data to an external cloud storage service at 11 PM, employee B replaced a system configuration file that controls login behavior, and employee C's account sent 450 emails in 3 minutes. All three of these events were flagged for security review without any human monitoring. Which monitoring approach makes this possible?
Matching: Security Awareness Concepts

Match each concept (1–4) to its correct description (A–D).

1Phishing Click Rate
2Risky Behavior
3MFA Adoption Rate
4Unexpected Behavior
AActions that create security risk, such as modifying the hosts file, replacing core OS files, or uploading sensitive data to unauthorized external locations
BActions deviating from established normal patterns, such as logins from foreign countries or sudden spikes in data transfer volumes, that may indicate compromised credentials
CPrimary metric from simulated phishing campaigns: the percentage of users who clicked a simulated phishing link, tracking organizational susceptibility over time
DSecurity awareness metric tracking the percentage of user accounts enrolled in multifactor authentication; higher is better