Final Quiz – Corporate Course 1

This is the final knowledge check for Course 1: Cybersecurity Awareness & Defense for Office Employees.
Please answer all 15 questions carefully.
You must score at least 12 out of 15 to pass and complete the course.
Take your time, think critically, and remember — cybersecurity begins with you.

 

Results

#1. Which of the following actions best protects against both phishing and vishing attacks?

Ignoring unknown emails and calls

Using antivirus software

Verifying suspicious messages through a second channel before acting

Changing passwords regularly

#2. What is the main reason why office Wi-Fi networks should be segmented for guests and employees?

To reduce bandwidth usage

To prevent guests from accessing internal resources

To increase speed for employees

To avoid legal issues

#3. You receive an email from “payments@secure-pay.co” asking you to urgently confirm client invoice data. It appears to be from your finance department. What should be your first step?

Reply and ask who sent it

Click the link and check where it goes

Report it as phishing and verify internally

Forward it to the client

#4. Which combination of password practices is most secure?

Long passwords with your birthdate

Short complex passwords reused across sites

A password manager and unique strong passwords for every service

Passwords changed monthly, stored in an email draft

#5. What is the safest way to handle a USB drive found in the office parking lot?

Plug it in to identify the owner

Give it to IT or Security staff

Use it on a personal device first

Keep it in a drawer in case someone asks

#6. Which statement best describes the core benefit of using Multi-Factor Authentication (MFA)?

It prevents phishing attacks entirely

It ensures only trusted devices can connect

It adds a second independent barrier even if your password is stolen

It removes the need to regularly change passwords

#7. You’re under pressure to meet a deadline, and a trusted colleague urgently asks for access to a protected file. What’s the correct corporate protocol?

Grant temporary access and notify IT afterward

Share the file through your personal email

Confirm with your supervisor or IT before sharing any access

Upload the file to a shared cloud folder without restrictions

#8. Your team is considering whether to use a browser’s “save password” feature. What’s the most secure recommendation?

Use it only for work-related logins

Avoid it and use a business-grade password manager

Use it with a master password

It’s safe as long as your browser is up to date

#9. What is a hidden risk of delaying software updates in a corporate environment?

Systems run slower over time

Updates may be larger later on

Attackers may exploit known vulnerabilities already fixed in patches

You might be locked out of certain apps

#10. Which of the following violates physical security policies in most corporate environments?

Leaving your access badge on your desk overnight

Not reporting a broken surveillance camera

Allowing a delivery person to tailgate into the building

All of the above

#11. After clicking a suspicious link, your computer shows no visible signs of infection. What is the most responsible next step?

Ignore it since nothing happened

Disconnect from the internet and report to IT immediately

Restart the device and clear browsing history

Run an antivirus scan and continue working

#12. You’re asked to log in to a company tool from a new URL: https://portal-company.com. What’s the first red flag to check?

Whether the design matches the usual portal

If the email sender is a known colleague

If the domain is slightly misspelled or altered

If the site asks for two-factor authentication

#13. Which type of cyberattack is most commonly enabled by human behavior, not technical flaws?

DNS poisoning

Zero-day malware

Social engineering

SQL injection

#14. Your personal social media accounts use the same password as your corporate logins. What’s the most realistic risk?

Social media platforms are secure and rarely breached

Hackers could use a breach on one account to compromise the other

Using it for non-sensitive accounts doesn’t matter

It’s only a risk if both accounts are used on the same device

#15. What is the true goal of cybersecurity awareness programs in a corporate setting?

To ensure 100% prevention of all attacks

To replace technical security controls

To build a human layer of defense by reducing behavioral risks

To delegate responsibility to individual users

Previous

Finish

CONGRATULATIONS AND STAY SAFE!