Q1. Which of the following is a common indicator of a phishing
email? [Basic]
A. Email arrives from a known B. Email has a generic greeting
colleague like 'Dear User' ✓
C. Email is sent during business D. Email includes your full name in
hours the subject
Q2. What should you do if you receive a suspicious email asking
for your password? [Basic]
A. Reply with your password B. Delete it and report it to your
securely IT security team ✓
C. Forward it to colleagues to warn D. Click the link to verify if it is
them legitimate
Q3. Spear phishing differs from regular phishing because it:
[Intermediate]
A. Uses more links in the email B. Is targeted at a specific
individual or organization ✓
C. Is only sent via text message D. Requires malware to be
installed first
Page 1 | Answers highlighted in green
,Q4. What is 'vishing'? [Basic]
A. Phishing via video call B. Voice phishing conducted
over the phone ✓
C. Phishing that targets veterans D. A type of malware
Q5. Which action best protects you from phishing? [Basic]
A. Opening email attachments B. Hovering over links to verify
quickly the URL before clicking ✓
C. Using the same password for all D. Disabling your spam filter
accounts
Q6. An attacker calls pretending to be IT support and asks for your
login credentials. This is an example of: [Intermediate]
A. Malware injection B. Social engineering ✓
C. Insider threat D. Zero-day exploit
Q7. What is 'smishing'? [Intermediate]
A. Phishing via social media B. Phishing via SMS text
messages ✓
C. A type of spyware D. Sending spam email
Q8. Which of the following URLs is most likely a phishing attempt?
[Basic]
A. https://www.irs.gov/refunds B. https://www.irs-gov-
refund.com ✓
C. https://www.irs.gov/forms D. https://irs.gov/help
Q9. A 'watering hole attack' involves: [Advanced]
A. Physically stealing a device B. Compromising websites
near a water source frequently visited by the target
✓
Page 2 | Answers highlighted in green
,C. Flooding a network with traffic D. Intercepting wireless
communications at public fountains
Q10. Which of the following is NOT a social engineering technique?
[Intermediate]
A. Pretexting B. Baiting
C. SQL injection ✓ D. Tailgating
Q11. What does 'pretexting' mean in the context of social
engineering? [Basic]
A. Using malware to steal data B. Creating a fabricated
scenario to manipulate someone
✓
C. Sending fake invoices D. Hacking into a network
Q12. If you receive an email from your CEO asking you to urgently
wire money, you should: [Intermediate]
A. Wire the money immediately B. Verify the request by calling
the CEO using a known phone
number ✓
C. Reply to the email asking for D. Forward it to accounting to
more details process
Q13. What is a 'business email compromise (BEC)' attack?
[Advanced]
A. A malware attack on business B. An attack where criminals
servers impersonate executives to
defraud companies ✓
C. A DDoS attack on business D. Unauthorized access to a
networks business email server
Q14. Why are phishing emails often marked as URGENT or time-
sensitive? [Basic]
Page 3 | Answers highlighted in green
, A. To ensure high priority delivery B. To pressure victims into
acting before thinking critically
✓
C. Because they contain time- D. To comply with spam filters
limited offers
Q15. Which of the following is the best defense against social
engineering attacks? [Intermediate]
A. Antivirus software B. Employee security awareness
training ✓
C. A strong firewall D. Encryption
Q16. What should you do before clicking on a link in an email?
[Basic]
A. Open it in a private browser B. Hover over it to preview the
window actual URL ✓
C. Copy it and paste it into a text D. Forward the email to a friend
file first
Q17. An attacker leaves infected USB drives in a company parking
lot hoping employees will pick them up and plug them in. This is
called: [Intermediate]
A. Vishing B. Baiting ✓
C. Pretexting D. Whaling
Q18. What is 'whaling'? [Advanced]
A. Phishing attacks targeting large B. Phishing attacks targeting
groups high-profile executives (CEOs,
CFOs) ✓
C. Attacks using large malware D. Network flooding attacks
payloads
Page 4 | Answers highlighted in green
email? [Basic]
A. Email arrives from a known B. Email has a generic greeting
colleague like 'Dear User' ✓
C. Email is sent during business D. Email includes your full name in
hours the subject
Q2. What should you do if you receive a suspicious email asking
for your password? [Basic]
A. Reply with your password B. Delete it and report it to your
securely IT security team ✓
C. Forward it to colleagues to warn D. Click the link to verify if it is
them legitimate
Q3. Spear phishing differs from regular phishing because it:
[Intermediate]
A. Uses more links in the email B. Is targeted at a specific
individual or organization ✓
C. Is only sent via text message D. Requires malware to be
installed first
Page 1 | Answers highlighted in green
,Q4. What is 'vishing'? [Basic]
A. Phishing via video call B. Voice phishing conducted
over the phone ✓
C. Phishing that targets veterans D. A type of malware
Q5. Which action best protects you from phishing? [Basic]
A. Opening email attachments B. Hovering over links to verify
quickly the URL before clicking ✓
C. Using the same password for all D. Disabling your spam filter
accounts
Q6. An attacker calls pretending to be IT support and asks for your
login credentials. This is an example of: [Intermediate]
A. Malware injection B. Social engineering ✓
C. Insider threat D. Zero-day exploit
Q7. What is 'smishing'? [Intermediate]
A. Phishing via social media B. Phishing via SMS text
messages ✓
C. A type of spyware D. Sending spam email
Q8. Which of the following URLs is most likely a phishing attempt?
[Basic]
A. https://www.irs.gov/refunds B. https://www.irs-gov-
refund.com ✓
C. https://www.irs.gov/forms D. https://irs.gov/help
Q9. A 'watering hole attack' involves: [Advanced]
A. Physically stealing a device B. Compromising websites
near a water source frequently visited by the target
✓
Page 2 | Answers highlighted in green
,C. Flooding a network with traffic D. Intercepting wireless
communications at public fountains
Q10. Which of the following is NOT a social engineering technique?
[Intermediate]
A. Pretexting B. Baiting
C. SQL injection ✓ D. Tailgating
Q11. What does 'pretexting' mean in the context of social
engineering? [Basic]
A. Using malware to steal data B. Creating a fabricated
scenario to manipulate someone
✓
C. Sending fake invoices D. Hacking into a network
Q12. If you receive an email from your CEO asking you to urgently
wire money, you should: [Intermediate]
A. Wire the money immediately B. Verify the request by calling
the CEO using a known phone
number ✓
C. Reply to the email asking for D. Forward it to accounting to
more details process
Q13. What is a 'business email compromise (BEC)' attack?
[Advanced]
A. A malware attack on business B. An attack where criminals
servers impersonate executives to
defraud companies ✓
C. A DDoS attack on business D. Unauthorized access to a
networks business email server
Q14. Why are phishing emails often marked as URGENT or time-
sensitive? [Basic]
Page 3 | Answers highlighted in green
, A. To ensure high priority delivery B. To pressure victims into
acting before thinking critically
✓
C. Because they contain time- D. To comply with spam filters
limited offers
Q15. Which of the following is the best defense against social
engineering attacks? [Intermediate]
A. Antivirus software B. Employee security awareness
training ✓
C. A strong firewall D. Encryption
Q16. What should you do before clicking on a link in an email?
[Basic]
A. Open it in a private browser B. Hover over it to preview the
window actual URL ✓
C. Copy it and paste it into a text D. Forward the email to a friend
file first
Q17. An attacker leaves infected USB drives in a company parking
lot hoping employees will pick them up and plug them in. This is
called: [Intermediate]
A. Vishing B. Baiting ✓
C. Pretexting D. Whaling
Q18. What is 'whaling'? [Advanced]
A. Phishing attacks targeting large B. Phishing attacks targeting
groups high-profile executives (CEOs,
CFOs) ✓
C. Attacks using large malware D. Network flooding attacks
payloads
Page 4 | Answers highlighted in green
