Cyber Awareness Challenge 2024 – P3 Explanations

Malicious Code

What are some examples of malicious code?

  • Viruses, Trojan horses, or worms

Explanation: Malicious code includes various types of harmful software, such as viruses, Trojan horses, and worms. These are designed to damage or exploit computer systems.

Which of the following is NOT a way that malicious code spreads?

  • Legitimate software updates

Explanation: Malicious code typically spreads through methods like infected email attachments, malicious websites, or compromised software. Legitimate software updates, when obtained from official sources, are not a typical vector for malicious code.

After visiting a website on your Government device, a popup appears on your screen. The popup asks if you want to run an application. Is this safe?

  • No, you should only allow mobile code to run from your organization or your organization’s trusted sites.

Explanation: Allowing the execution of applications from untrusted sources, especially popups on websites, can pose a significant security risk. It’s essential to limit the execution of code to trusted sources to prevent the introduction of malicious software.

Which of the following is NOT a type of malicious code?

  • Executables

Explanation: Executables are a broad category of files that can include both legitimate and malicious code. Viruses, Trojans, and worms are specific types of malicious code, while executables encompass a wider range of program files.

Which of the following is true of downloading apps?

  • For Government-owned devices, use approved and authorized applications only.

Explanation: Government-owned devices should only have approved and authorized applications installed to ensure security. Using unauthorized apps can introduce security vulnerabilities.

How should you respond to the theft of your identity?

  • Report the crime to local law enforcement

Explanation: Reporting the theft of your identity to local law enforcement is a crucial step to initiate an investigation and protect yourself from further harm.

Which of the following statements is true of cookies?

  • You should only accept cookies from reputable, trusted websites.

Explanation: Accepting cookies from reputable and trusted websites helps maintain a level of security and privacy. Cookies from unknown or untrusted sources may pose risks.

Which of the following actions can help protect your identity?

  • Shred personal documents

Explanation: Shredding personal documents is a security best practice to prevent unauthorized access to sensitive information.

Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail?

  • Do not access website links, buttons, or graphics in e-mail

Explanation: Avoiding interactions with potentially malicious links, buttons, or graphics in emails helps prevent the inadvertent download of viruses or other malicious code.

What is TRUE of a phishing attack?

  • Phishing can be an email with a hyperlink as bait.

Explanation: Phishing attacks often involve emails with hyperlinks that act as bait to trick individuals into revealing sensitive information.

Which of the following is a way to protect against social engineering?

  • Follow instructions given only by verified personnel.

Explanation: Verifying the authenticity of instructions and communications helps protect against social engineering attacks where attackers attempt to manipulate individuals into divulging confidential information.

What is whaling?

  • A type of phishing targeted at senior officials

Explanation: Whaling is a specific form of phishing that targets high-profile individuals, often senior officials or executives, with the goal of obtaining sensitive information.

What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)?

  • Investigate the link’s actual destination using the preview feature

Explanation: Before clicking on any link, especially in emails, it’s prudent to investigate the link’s destination using available features to avoid potential security threats associated with compressed URLs.

How can you protect yourself from internet hoaxes?

  • Use online sites to confirm or expose potential hoaxes

Explanation: Using online resources to verify the authenticity of information can help protect against falling victim to internet hoaxes.

Which may be a security issue with compressed Uniform Resource Locators (URLs)?

  • They may be used to mask malicious intent.

Explanation: Compressed URLs can be manipulated to disguise their true destination, potentially leading individuals to malicious websites.

What is a common indicator of a phishing attempt?

  • A claim that you must update or validate information

Explanation: Phishing attempts often involve deceptive messages claiming that the recipient needs to update or validate information, creating a sense of urgency to trick individuals.

Which of the following is true of internet hoaxes?

  • They can be part of a distributed denial of service (DDoS) attack.

Explanation: Internet hoaxes can sometimes be used as a distraction or part of a broader attack strategy, such as a distributed denial of service (DDoS) attack.

Which of the following is true?

  • Digitally signed e-mails are more secure.

Explanation: Digitally signed emails provide a level of assurance regarding the authenticity and integrity of the sender’s message.

What security issue is associated with compressed Uniform Resource Locators (URLs)?

  • They may be used to mask malicious intent.

Explanation: Compressed URLs can obscure the true destination, potentially leading to security issues as users may be directed to malicious websites.

What type of social engineering targets particular groups of people?

  • Spear phishing

Explanation: Spear phishing is a targeted form of social engineering that focuses on specific individuals or groups, often using personalized information to increase the likelihood of success.

What should you consider when using a wireless keyboard with your home computer?

  • Reviewing and configuring the available security features, including encryption

Explanation: Securing a wireless keyboard involves reviewing and configuring security features, such as encryption, to protect against unauthorized access or interception of keystrokes.

Which of the following is a best practice for securing your home computer?

  • Create separate accounts for each user

Explanation: Creating separate user accounts on a home computer helps maintain individual privacy and security for each user.

How should you secure your home wireless network for teleworking?

  • Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum

Explanation: Securing a home wireless network with WPA2 encryption adds a layer of protection against unauthorized access and helps ensure the confidentiality of transmitted data.