CYBER AWARENESS CHALLENGE VERIFIED EXAM SOLUTIONS -
COMPREHENSIVE QUESTIONS AND ANSWERS - CURRENT VERSION
2026/2027
1. Q1: What is phishing?
ANSWER Phishing is a cyberattack where attackers impersonate
legitimate entities via email, text, or phone to trick users into revealing
sensitive information like passwords or credit card numbers.
2. Q2: What is spear phishing?
ANSWER Spear phishing is a targeted phishing attack aimed at a specific
individual or organization, using personalized information to appear more
convincing.
3. Q3: What is vishing?
ANSWER Vishing (voice phishing) is a social engineering attack
conducted over the phone, where attackers impersonate trusted entities to
extract sensitive information.
4. Q4: What is smishing?
ANSWER Smishing is phishing conducted via SMS text messages, often
containing malicious links or prompts to call a fraudulent phone number.
5. Q5: What is whaling?
ANSWER Whaling is a highly targeted phishing attack aimed at senior
executives or high-profile individuals within an organization.
6. Q6: How can you identify a phishing email?
ANSWER Look for suspicious sender addresses, urgent language, poor
grammar, unsolicited attachments, mismatched URLs, and requests for
personal information.
7. Q7: What should you do if you receive a suspicious email?
ANSWER Do not click any links or open attachments. Report it to your
IT/security team and delete it. Verify the sender through an official channel
if necessary.
8. Q8: What is pretexting?
Page 1 of 29
, ANSWER Pretexting is a social engineering technique where the attacker
fabricates a scenario (pretext) to manipulate the victim into divulging
information or performing actions.
9. Q9: What is baiting in cybersecurity?
ANSWER Baiting involves enticing victims with something appealing, such
as a free USB drive containing malware, to gain access to systems or
information.
10. Q10: What is a watering hole attack?
ANSWER A watering hole attack compromises websites frequently visited
by a target group, infecting visitors' systems with malware.
2. Passwords & Authentication
11. Q11: What makes a strong password?
ANSWER A strong password is at least 12 characters long, contains
uppercase and lowercase letters, numbers, and special characters, and
avoids common words or patterns.
12. Q12: What is multi-factor authentication (MFA)?
ANSWER MFA is a security process that requires users to verify their
identity using two or more methods: something they know (password),
something they have (token), or something they are (biometrics).
13. Q13: Why should you never reuse passwords?
ANSWER Reusing passwords means that if one account is compromised,
all accounts using that password are at risk — a technique known as
credential stuffing.
14. Q14: What is a password manager?
ANSWER A password manager is a software tool that securely stores and
manages passwords, allowing users to use unique, complex passwords for
each account without memorizing them.
15. Q15: What is a passphrase?
ANSWER A passphrase is a sequence of random words used as a
password. It is typically longer and easier to remember than traditional
passwords while being harder to crack.
16. Q16: What is credential stuffing?
ANSWER Credential stuffing is an attack where stolen
username/password combinations from one breach are used to try to gain
access to other services.
Page 2 of 29
, 17. Q17: What is a brute-force attack?
ANSWER A brute-force attack systematically tries all possible
combinations of characters until the correct password is found.
18. Q18: What is a dictionary attack?
ANSWER A dictionary attack uses a list of common words and phrases to
guess passwords, targeting users who choose simple or common words.
19. Q19: How often should you change your passwords?
ANSWER Change passwords immediately after a known breach, when
you suspect compromise, or when leaving an organization. NIST now
recommends against mandatory periodic changes unless compromise is
suspected.
20. Q20: What is single sign-on (SSO)?
ANSWER SSO is an authentication scheme that allows a user to log in
with a single set of credentials to access multiple applications, simplifying
access management.
3. Malware & Ransomware
21. Q21: What is malware?
ANSWER Malware is malicious software designed to damage, disrupt, or
gain unauthorized access to computer systems. It includes viruses, worms,
trojans, spyware, ransomware, and adware.
22. Q22: What is ransomware?
ANSWER Ransomware is malware that encrypts a victim's files and
demands a ransom payment to restore access. It can target individuals and
organizations.
23. Q23: What is a computer virus?
ANSWER A virus is malicious code that attaches itself to legitimate
programs and replicates by infecting other files when executed.
24. Q24: What is a worm?
ANSWER A worm is self-replicating malware that spreads across
networks without requiring user interaction or a host program.
25. Q25: What is a Trojan horse?
ANSWER A Trojan horse is malware disguised as legitimate software that
deceives users into installing it, then performs malicious activities.
26. Q26: What is spyware?
Page 3 of 29
COMPREHENSIVE QUESTIONS AND ANSWERS - CURRENT VERSION
2026/2027
1. Q1: What is phishing?
ANSWER Phishing is a cyberattack where attackers impersonate
legitimate entities via email, text, or phone to trick users into revealing
sensitive information like passwords or credit card numbers.
2. Q2: What is spear phishing?
ANSWER Spear phishing is a targeted phishing attack aimed at a specific
individual or organization, using personalized information to appear more
convincing.
3. Q3: What is vishing?
ANSWER Vishing (voice phishing) is a social engineering attack
conducted over the phone, where attackers impersonate trusted entities to
extract sensitive information.
4. Q4: What is smishing?
ANSWER Smishing is phishing conducted via SMS text messages, often
containing malicious links or prompts to call a fraudulent phone number.
5. Q5: What is whaling?
ANSWER Whaling is a highly targeted phishing attack aimed at senior
executives or high-profile individuals within an organization.
6. Q6: How can you identify a phishing email?
ANSWER Look for suspicious sender addresses, urgent language, poor
grammar, unsolicited attachments, mismatched URLs, and requests for
personal information.
7. Q7: What should you do if you receive a suspicious email?
ANSWER Do not click any links or open attachments. Report it to your
IT/security team and delete it. Verify the sender through an official channel
if necessary.
8. Q8: What is pretexting?
Page 1 of 29
, ANSWER Pretexting is a social engineering technique where the attacker
fabricates a scenario (pretext) to manipulate the victim into divulging
information or performing actions.
9. Q9: What is baiting in cybersecurity?
ANSWER Baiting involves enticing victims with something appealing, such
as a free USB drive containing malware, to gain access to systems or
information.
10. Q10: What is a watering hole attack?
ANSWER A watering hole attack compromises websites frequently visited
by a target group, infecting visitors' systems with malware.
2. Passwords & Authentication
11. Q11: What makes a strong password?
ANSWER A strong password is at least 12 characters long, contains
uppercase and lowercase letters, numbers, and special characters, and
avoids common words or patterns.
12. Q12: What is multi-factor authentication (MFA)?
ANSWER MFA is a security process that requires users to verify their
identity using two or more methods: something they know (password),
something they have (token), or something they are (biometrics).
13. Q13: Why should you never reuse passwords?
ANSWER Reusing passwords means that if one account is compromised,
all accounts using that password are at risk — a technique known as
credential stuffing.
14. Q14: What is a password manager?
ANSWER A password manager is a software tool that securely stores and
manages passwords, allowing users to use unique, complex passwords for
each account without memorizing them.
15. Q15: What is a passphrase?
ANSWER A passphrase is a sequence of random words used as a
password. It is typically longer and easier to remember than traditional
passwords while being harder to crack.
16. Q16: What is credential stuffing?
ANSWER Credential stuffing is an attack where stolen
username/password combinations from one breach are used to try to gain
access to other services.
Page 2 of 29
, 17. Q17: What is a brute-force attack?
ANSWER A brute-force attack systematically tries all possible
combinations of characters until the correct password is found.
18. Q18: What is a dictionary attack?
ANSWER A dictionary attack uses a list of common words and phrases to
guess passwords, targeting users who choose simple or common words.
19. Q19: How often should you change your passwords?
ANSWER Change passwords immediately after a known breach, when
you suspect compromise, or when leaving an organization. NIST now
recommends against mandatory periodic changes unless compromise is
suspected.
20. Q20: What is single sign-on (SSO)?
ANSWER SSO is an authentication scheme that allows a user to log in
with a single set of credentials to access multiple applications, simplifying
access management.
3. Malware & Ransomware
21. Q21: What is malware?
ANSWER Malware is malicious software designed to damage, disrupt, or
gain unauthorized access to computer systems. It includes viruses, worms,
trojans, spyware, ransomware, and adware.
22. Q22: What is ransomware?
ANSWER Ransomware is malware that encrypts a victim's files and
demands a ransom payment to restore access. It can target individuals and
organizations.
23. Q23: What is a computer virus?
ANSWER A virus is malicious code that attaches itself to legitimate
programs and replicates by infecting other files when executed.
24. Q24: What is a worm?
ANSWER A worm is self-replicating malware that spreads across
networks without requiring user interaction or a host program.
25. Q25: What is a Trojan horse?
ANSWER A Trojan horse is malware disguised as legitimate software that
deceives users into installing it, then performs malicious activities.
26. Q26: What is spyware?
Page 3 of 29
