KNOWBE4 STUDY GUIDE EXAM QUESTIONS WITH
SOLUTIONS 2025 GRADED A+
✔✔BPI - ✔✔Browser Password Inspector - checks the computers in active directory for
threats related to passwords stored in browsers.
✔✔CARA - ✔✔Compliance Audit Readiness Assessment
✔✔Compliance - ✔✔1. The state of having met required regulations for the industry one
is in.
2. The action of meeting requirements of accepted practices, to specific standards,
laws, prescribed rules and regulations, or terms of a contract.
✔✔GDPR - ✔✔General Data Protection Regulation
A regulation in EU law on data protection and privacy for all individuals in the EU.
✔✔BPT - ✔✔Breached Password Test - Free Tool
A tool that checks to see if an organization's users are currently using passwords that
are in publicly available breaches associated with the org's domain.
✔✔EEC Pro - ✔✔Email Exposure Check Pro - Free Tool
Identifies the at-risk users in an organization by searching business social media
information and hundreds of data breach databases.
✔✔Second Chance - ✔✔A free tool that checks links originated in email messages,
including embedded links within attached documents. It asks the user if they're sure
they want to follow the link, giving them a second chance to evaluate the link.
✔✔USB Drive Test - ✔✔A free tool that finds out how users react to unknown USB
drives. The purpose is to see how many users will pick up the USB drive, plug them into
their computer, and open files.
✔✔DD - ✔✔Domain Doppelganger - Free Tool
Searches for all available and purchased domains that are visually similar to the
organization's domain. The admin can then test their end users' awareness of the
dangers of look alike domains.
✔✔Data Breach - ✔✔Intentional or unintentional release of secure information to an
untrusted environment.
, ✔✔DoS Attack - ✔✔Denial of Service Attack - The attackers seek to make a computer
or network unavailable to its intended users by temporarily or indefinitely disrupting
service. Done by flooding a targeted system with unnecessary service requests, which
overloads the system.
✔✔Security Vulnerability - ✔✔A weakness on a network, computer, or software which
allows bad guys to gain access. It has three elements:
- A flaw
- Access to the flaw
- Capability to exploit that flaw.
✔✔Exploit - ✔✔Software or code, usually malicious, that takes advantage of a flaw or
vulnerability.
✔✔Zero Day - ✔✔A vulnerability unknown to those who would be interested in securing
it.
✔✔Zero Day Exploit - ✔✔An exploit that takes advantage of a zero-day vulnerability.
✔✔APT - ✔✔Advanced Persistent Threat
An attack where an unauthorized person gains access to a network and stays there
undetected for a long period of time. The bad guy's goal is to go undetected and steal
data, rather than cause damage to the network.
✔✔Tailgating - ✔✔Aka piggybacking, a method used by bad guys to gain access to a
building or other protected area by waiting for an authorized user to open and pass
through a secure entry and then following behind.
✔✔Keylogger - ✔✔Malware or hardware that observes what someone types on their
keyboard, which is then sent back to the bad guys.
✔✔Bitcoin - ✔✔A digital currency in which encryption is used to regulate the generation
of units and verify the transfer of funds, operating decentralized. Used by ransomware
because it is hard to trace.
✔✔Money Mule - ✔✔A person recruited by a criminal to quickly receive and turnaround
funds involved in scams. The person is often unaware of their role in the criminal act.
✔✔Applications - ✔✔A type of software that allows a user to perform specific tasks and
activities.
✔✔Utilities - ✔✔Applications designed to help analyze, configure, optimize, or maintain
a computer.
SOLUTIONS 2025 GRADED A+
✔✔BPI - ✔✔Browser Password Inspector - checks the computers in active directory for
threats related to passwords stored in browsers.
✔✔CARA - ✔✔Compliance Audit Readiness Assessment
✔✔Compliance - ✔✔1. The state of having met required regulations for the industry one
is in.
2. The action of meeting requirements of accepted practices, to specific standards,
laws, prescribed rules and regulations, or terms of a contract.
✔✔GDPR - ✔✔General Data Protection Regulation
A regulation in EU law on data protection and privacy for all individuals in the EU.
✔✔BPT - ✔✔Breached Password Test - Free Tool
A tool that checks to see if an organization's users are currently using passwords that
are in publicly available breaches associated with the org's domain.
✔✔EEC Pro - ✔✔Email Exposure Check Pro - Free Tool
Identifies the at-risk users in an organization by searching business social media
information and hundreds of data breach databases.
✔✔Second Chance - ✔✔A free tool that checks links originated in email messages,
including embedded links within attached documents. It asks the user if they're sure
they want to follow the link, giving them a second chance to evaluate the link.
✔✔USB Drive Test - ✔✔A free tool that finds out how users react to unknown USB
drives. The purpose is to see how many users will pick up the USB drive, plug them into
their computer, and open files.
✔✔DD - ✔✔Domain Doppelganger - Free Tool
Searches for all available and purchased domains that are visually similar to the
organization's domain. The admin can then test their end users' awareness of the
dangers of look alike domains.
✔✔Data Breach - ✔✔Intentional or unintentional release of secure information to an
untrusted environment.
, ✔✔DoS Attack - ✔✔Denial of Service Attack - The attackers seek to make a computer
or network unavailable to its intended users by temporarily or indefinitely disrupting
service. Done by flooding a targeted system with unnecessary service requests, which
overloads the system.
✔✔Security Vulnerability - ✔✔A weakness on a network, computer, or software which
allows bad guys to gain access. It has three elements:
- A flaw
- Access to the flaw
- Capability to exploit that flaw.
✔✔Exploit - ✔✔Software or code, usually malicious, that takes advantage of a flaw or
vulnerability.
✔✔Zero Day - ✔✔A vulnerability unknown to those who would be interested in securing
it.
✔✔Zero Day Exploit - ✔✔An exploit that takes advantage of a zero-day vulnerability.
✔✔APT - ✔✔Advanced Persistent Threat
An attack where an unauthorized person gains access to a network and stays there
undetected for a long period of time. The bad guy's goal is to go undetected and steal
data, rather than cause damage to the network.
✔✔Tailgating - ✔✔Aka piggybacking, a method used by bad guys to gain access to a
building or other protected area by waiting for an authorized user to open and pass
through a secure entry and then following behind.
✔✔Keylogger - ✔✔Malware or hardware that observes what someone types on their
keyboard, which is then sent back to the bad guys.
✔✔Bitcoin - ✔✔A digital currency in which encryption is used to regulate the generation
of units and verify the transfer of funds, operating decentralized. Used by ransomware
because it is hard to trace.
✔✔Money Mule - ✔✔A person recruited by a criminal to quickly receive and turnaround
funds involved in scams. The person is often unaware of their role in the criminal act.
✔✔Applications - ✔✔A type of software that allows a user to perform specific tasks and
activities.
✔✔Utilities - ✔✔Applications designed to help analyze, configure, optimize, or maintain
a computer.
