Lesson 5 - Demo LMS Content

Password security is a critical aspect of protecting digital systems and information. Passwords are often the first line of defense against cyberattacks, and therefore it is essential to follow best practices for creating and managing secure passwords.

Creating strong passwords involves using a combination of upper and lowercase letters, numbers, and special characters. Passwords should be long and complex, and should not include easily guessable information such as birth dates or names. Using a password manager can help manage multiple passwords securely, and two-factor authentication can provide an additional layer of security by requiring a second form of authentication, such as a fingerprint or a text message code. Password policy best practices include requiring regular password changes, prohibiting the use of common passwords, and using multi-factor authentication where appropriate.

Social engineering attacks are a common tactic used by cybercriminals to steal passwords or gain access to sensitive information. Phishing attacks involve using fake emails or websites to trick individuals into divulging sensitive information, including passwords. Pretexting attacks involve creating a false pretext to gain access to sensitive information, while baiting attacks involve leaving a seemingly innocent item, such as a USB drive, in a public place to entice individuals into using it, thereby gaining access to their system. Shoulder surfing refers to the practice of stealing passwords by observing individuals as they type them in. Preventing social engineering attacks involves being aware of potential threats and being cautious when sharing sensitive information. Using multi-factor authentication can also provide additional security against social engineering attacks.

In conclusion, password security is critical for protecting digital systems and information. By following best practices for creating and managing secure passwords, individuals and organizations can reduce the risks of potential security breaches. Additionally, being aware of potential social engineering attacks and taking steps to prevent them can help mitigate cybersecurity risks and protect sensitive information from unauthorized access.

Quizes for Lesson 5:

Single
Choice

Multiple
Choice

"Free"
Choice

Sorting
Choice

Matrix
Sorting

Fill in the
Blank

Assessment
(Survey)

What is a best practice for creating strong passwords?

Using dictionary words

Using personal information

Using a combination of letters, numbers, and symbols✅

Using short passwords

What is shoulder surfing?

Looking over someone's shoulder to see what they're typing✅

A type of physical exercise

A type of social engineering attack

D. A type of encryption algorithm

What is two-factor authentication?

Using two passwords to log in

Using a password and a fingerprint to log in✅

Using a username and a password to log in

Using a smart card and a password to log in

What is a password manager?

An app that helps you create strong passwords✅

A person who manages your passwords for you

A device that stores your passwords

A type of social engineering attack

What is a best practice for password policies?

Requiring users to change their passwords every six months✅

Allowing users to reuse old passwords

Allowing users to share passwords

Allowing users to use short, easy-to-guess passwords

Which of the following are considered password best practices?

Using the same password for all accounts

Creating strong passwords✅

Sharing passwords with friends and family✅

Writing passwords down and leaving them in plain sight

Which of the following is an example of a social engineering attack against passwords?

Installing a virus on a computer

Conducting a phishing scam✅

Hacking into a network

Using a brute force attack to guess a password✅

What is a password manager?

An app that stores all of your passwords in one place✅

A tool used for hacking into password-protected accounts

A software program used to encrypt data

An authentication method that uses biometric data

What is two-factor authentication?

A password that consists of two words

An authentication method that uses biometric data

A method of verifying identity that requires two different forms of identification✅

A password that is two characters longer than the average password

What are some password policy best practices?

Allowing employees to use the same password for all accounts

Requiring passwords to be changed every few years✅

Prohibiting the use of special characters in passwords

Allowing short passwords that are easy to remember

Two-factor authentication (2FA) is an example of ______.

password security

Hint:

password security

______ is the practice of attempting to trick individuals into divulging sensitive information such as passwords or bank information.

phishing

Hint:

phishing

______ is the practice of looking over someone's shoulder to try to obtain sensitive information, such as passwords or PINs.

shoulder surfing

Hint:

shoulder surfing

A ______ is a program or service that stores your login information for different websites and applications.

password manager

Hint:

password manager

The minimum length for a strong password is ______ characters.

eight

Hint:

eight

Sort the following password best practices by their level of importance, with the most important practice at the top:

Creating strong passwords

Password managers

Two-factor authentication

Password policy best practices

Hint:

Creating strong passwords
Password managers
Two-factor authentication
Password policy best practices

Sort the following social engineering attacks by the level of risk they pose, with the most risky attack at the top:

Baiting attacks

Shoulder surfing

Pretexting attacks

Phishing attacks

Hint:

Baiting attacks
Shoulder surfing
Pretexting attacks
Phishing attacks

Sort the following mobile device security features by their level of importance, with the most important feature at the top:

Password protection

Biometric authentication

Remote wipe capabilities

Device encryption

Hint:

Password protection
Biometric authentication
Remote wipe capabilities
Device encryption

Sort the following data loss prevention (DLP) systems by their level of effectiveness, with the most effective system at the top:

Network-based DLP

Endpoint-based DLP

Cloud-based DLP

Email-based DLP

Hint:

Network-based DLP
Endpoint-based DLP
Cloud-based DLP
Email-based DLP

Sort the following encryption types by their level of strength, with the strongest encryption type at the top:

WEP

WPA

WPA2

AES

Hint:

WEP
WPA
WPA2
AES

Please match the following definitions:

Restricting access to only the necessary resources.

Least privilege

Making a password difficult to guess by including uppercase and lowercase letters, numbers, and symbols.

Complexity

Changing passwords on a regular basis to reduce the risk of compromise.

Rotation

Increasing the number of characters in a password to make it more secure.

Length

Using a secondary method, such as a text message or fingerprint, to verify identity.

Two-factor authentication

Hint:

Restricting access to only the necessary resources. ➢ Least privilege
Making a password difficult to guess by including uppercase and lowercase letters, numbers, and symbols. ➢ Complexity 
Changing passwords on a regular basis to reduce the risk of compromise. ➢ Rotation 
Increasing the number of characters in a password to make it more secure. ➢ Length 
Using a secondary method, such as a text message or fingerprint, to verify identity. ➢ Two-factor authentication

Please match the following definitions:

Offering something desirable to trick someone into providing sensitive information.

Baiting

Attempting to trick individuals into divulging sensitive information such as passwords or bank information.

Phishing

Creating a false scenario to trick someone into providing sensitive information.

Pretexting

A targeted phishing attack that uses specific information about the victim to appear more legitimate.

Spear phishing

Looking over someone's shoulder to try to obtain sensitive information, such as passwords or PINs.

Shoulder surfing

Hint:

Offering something desirable to trick someone into providing sensitive information. ➢ Baiting 
Attempting to trick individuals into divulging sensitive information such as passwords or bank information. ➢ Phishing 
Creating a false scenario to trick someone into providing sensitive information. ➢ Pretexting 
A targeted phishing attack that uses specific information about the victim to appear more legitimate. ➢ Spear phishing 
Looking over someone's shoulder to try to obtain sensitive information, such as passwords or PINs. ➢ Shoulder surfing

Please match the following definitions:

Access is granted based on the user's job function or role within the organization.

Role-based access control

Access is granted at the owner's discretion.

Discretionary access control

Access is granted based on a set of rules defined by the system administrator.

Mandatory access control

Access is granted based on a set of attributes assigned to the user or resource.

Attribute-based access control

Access is granted only during specific times of the day or week.

Time-based access control

Hint:

Access is granted based on the user's job function or role within the organization. ➢ Role-based access control 
Access is granted at the owner's discretion. ➢ Discretionary access control 
Access is granted based on a set of rules defined by the system administrator. ➢ Mandatory access control 
Access is granted based on a set of attributes assigned to the user or resource. ➢ Attribute-based access control 
Access is granted only during specific times of the day or week. ➢ Time-based access control

Please match the following definitions:

A complete backup of all data on a system.

Full backup

A backup that only includes changes made since the last full backup.

Differential backup

A backup that only includes changes made since the last backup, whether it was full or incremental.

Incremental backup

A backup that captures the state of a system at a particular moment in time.

Snapshot backup

A backup that stores data in a remote, cloud-based server.

Cloud backup

Hint:

A complete backup of all data on a system. ➢ Full backup 
A backup that only includes changes made since the last full backup. ➢ Differential backup 
A backup that only includes changes made since the last backup, whether it was full or incremental. ➢ Incremental backup 
A backup that captures the state of a system at a particular moment in time. ➢ Snapshot backup
A backup that stores data in a remote, cloud-based server. ➢ Cloud backup

Please match the following definitions:

A firewall that examines each packet of data and decides whether to allow or block it based on predefined rules.

Packet-filtering firewall

A firewall that keeps track of the state of each connection and allows only legitimate traffic.

Stateful firewall

A firewall that intercepts traffic between two networks and acts as an intermediary, hiding the internal network from external traffic.

Proxy firewall

A firewall that combines traditional firewall functionality with advanced features, such as intrusion prevention and application control.

Next-generation firewall

A firewall that operates within a virtualized environment, protecting the virtual machines running on the system.

Virtual firewall

Hint:

A firewall that examines each packet of data and decides whether to allow or block it based on predefined rules. ➢ Packet-filtering firewall
A firewall that keeps track of the state of each connection and allows only legitimate traffic. ➢ Stateful firewall
A firewall that intercepts traffic between two networks and acts as an intermediary, hiding the internal network from external traffic. ➢ Proxy firewall 
A firewall that combines traditional firewall functionality with advanced features, such as intrusion prevention and application control. ➢ Next-generation firewall 
A firewall that operates within a virtualized environment, protecting the virtual machines running on the system. ➢ Virtual firewall

Fill in the blank:

Two-factor authentication (2FA) is an example of {password security} .

Hint:

password security

Fill in the blank:

{phishing} is the practice of attempting to trick individuals into divulging sensitive information such as passwords or bank information.

Hint:

phishing

Fill in the blank:

{shoulder surfing} is the practice of looking over someone's shoulder to try to obtain sensitive information, such as passwords or PINs.

Hint:

shoulder surfing

Fill in the blank:

A {password manager} is a program or service that stores your login information for different websites and applications.

Hint:

password manager

Fill in the blank:

The minimum length for a strong password is {eight} characters.

Hint:

eight

How often do you change your passwords for important accounts?

{ [Never] [Rarely] [Sometimes] [Frequently] [Always] }

Have you ever fallen victim to a phishing attack?

{ [Yes] [No] }

How often do you use two-factor authentication for important accounts?

{ [Never] [Rarely] [Sometimes] [Frequently] [Always] }

How often do you check for signs of malware on your devices?

{ [Never] [Rarely] [Sometimes] [Frequently] [Always] }

How often do you review your social media privacy settings?

{ [Never] [Rarely] [Sometimes] [Frequently] [Always] }