Download New York State Information Security Awareness Training Exam 2025 Questions And Correct An and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
New York State Information Security Awareness
Training Exam 2025 Questions And Correct Answers
(Verified Answers) Plus Rationales
- What is the primary goal of information security? A. To increase system performance B. To create more user accounts C. To protect the confidentiality, integrity, and availability of data D. To reduce email traffic The core objective of information security is to safeguard information by ensuring confidentiality, integrity, and availability (CIA triad).
- Which of the following is an example of personally identifiable information (PII)? A. User login time B. Office floor plan C. Social Security number D. Printer name PII includes data that can uniquely identify a person, such as a Social Security number.
- Which method is most secure for creating passwords? A. Using your birthdate B. A single dictionary word
C. A passphrase with letters, numbers, and symbols D. Repeating the same character A passphrase with complexity makes the password harder to guess or brute force.
- What should you do if you suspect a phishing email? A. Forward it to friends B. Delete it immediately C. Report it to the IT/security team D. Reply and ask if it’s legitimate Reporting phishing attempts helps organizations track threats and educate others.
- Multi-factor authentication (MFA) improves security by: A. Making logins faster B. Removing the need for passwords C. Requiring multiple forms of identity verification D. Encrypting all data MFA combines two or more verification methods, making unauthorized access more difficult.
- Which of the following is a strong password? A. 123456 B. Password C. JohnDoe D. G$8v!rBq&L1@ Strong passwords are long, complex, and use a mix of characters.
D. Battery drain Auto-locking screens helps secure data when a user leaves their workstation. 11.What is the best practice when using public Wi-Fi? A. Avoid using a password B. Use a VPN connection C. Download large files D. Disable antivirus A VPN encrypts your traffic on unsecured networks, adding a layer of protection. 12.Which of these is a physical security control? A. Badge access to facilities B. Anti-virus software C. Password policy D. Firewall Physical controls protect the physical environment where data is stored or accessed. 13.Which file type is most likely to contain a virus? A. .exe B. .txt C. .png D. .html .exe files are executable programs that can run malicious code.
14.What should you do if you lose your ID badge? A. Ignore it B. Borrow a coworker’s C. Report it to security immediately D. Make a copy at home Lost credentials should be reported to prevent unauthorized building access. 15.Social engineering relies on: A. Technical hacking tools B. Encryption C. Human manipulation and trust D. Firewalls Social engineering exploits human behavior to bypass security. 16.Which of the following is considered a mobile device risk? A. Airplane mode B. Unauthorized data access from theft C. Poor battery life D. Color display Mobile devices are easily lost or stolen, risking exposure of sensitive data. 17.What is shoulder surfing? A. Observing someone entering sensitive information B. Surfing the internet in public C. Using social media D. A surfing video app
D. Password manager Malware is designed to damage, disrupt, or gain unauthorized access to systems. 22.Which of these is an example of a secure communication method? A. Sending plain-text emails B. Encrypted email or secure portal C. Voicemail D. Sticky notes Encryption ensures messages are readable only by intended recipients. 23.If you receive a suspicious attachment from a known contact, what should you do? A. Open it since it’s from someone you know B. Reply to ask about it C. Contact them through another channel to verify D. Delete all emails Attackers often spoof trusted senders; always verify suspicious files. 24.What should your screensaver require to unlock? A. A double-click B. A screen tap C. A password or biometric authentication D. Mouse movement This prevents unauthorized access to an unattended device. 25.What is the purpose of antivirus software? A. Manage files
B. Speed up performance C. Detect and remove malicious software D. Create documents Antivirus software scans, quarantines, and removes harmful programs. 26.What is the first step in responding to a data breach? A. Notify the media B. Reboot your computer C. Report the incident to the security or IT team D. Contact your coworkers Timely reporting ensures a swift and coordinated response to contain and mitigate damage. 27.What is considered acceptable use of work email? A. Sending personal jokes B. Signing up for non-work subscriptions C. Communicating official work-related information D. Forwarding memes Work email should be used solely for professional communications to maintain security and compliance. 28.When should you lock your workstation? A. At the end of the day B. Never C. Whenever you leave it unattended
C. Downloading an app D. Turning off your screen Social engineering manipulates people to divulge confidential information. 33.What is a secure way to store passwords? A. In a text file on the desktop B. In a password manager C. On a sticky note D. In your browser history Password managers encrypt and securely store login credentials. 34.What is the most secure action when leaving your device unattended in public? A. Turn the brightness down B. Lock or power it off and take it with you C. Leave it open D. Let a stranger watch it Unattended devices are a prime target for data theft or tampering. 35.What does the term “least privilege” mean in cybersecurity? A. Only managers can log in B. Users should have the minimum access needed to do their job C. Everyone has admin rights D. No passwords are needed This principle reduces risk by limiting unnecessary access to sensitive systems.
36.Why should file-sharing permissions be limited? A. To avoid confusion B. To save disk space C. To reduce data exposure to unauthorized users D. To improve color schemes Restricting access ensures only those who need data can reach it. 37.Which of the following is a red flag for a phishing email? A. Professional tone B. Urgent request with suspicious links or attachments C. Clear branding D. Sent from a company address Urgency and suspicious content are typical signs of phishing. 38.If your computer starts behaving unusually, what should you do? A. Restart and ignore B. Disconnect from the network and notify IT C. Let it run D. Delete important files Isolating the device and reporting helps stop potential spread of malware. 39.How can you protect your device from ransomware? A. Ignore updates B. Backup data regularly and avoid suspicious links C. Uninstall antivirus D. Only use it offline Regular backups and cautious online behavior are key defenses.
44.Which of these is most important when creating a backup plan? A. Where to keep coffee B. Backup frequency and storage security C. The device color D. Battery charge Regular, secure backups are essential for data recovery after incidents. 45.Which device should be encrypted? A. Only desktops B. Only tablets C. All devices storing or accessing sensitive information D. None Encryption protects data in case devices are lost, stolen, or accessed remotely. 46.What should you avoid doing with work-related documents? A. Reading them B. Printing them C. Saving them on personal USB drives D. Organizing them Personal drives may lack security controls and can result in data breaches. 47.What kind of threat is a rogue USB device? A. Power source B. Physical vector for malware injection C. Backup device
D. External monitor USB drives can carry malware and infect systems without user knowledge. 48.If a coworker asks for your login because they forgot theirs, you should: A. Share it temporarily B. Decline and instruct them to contact IT C. Write it down for them D. Log in for them Credentials must never be shared. IT should assist with access issues. 49.A pop-up asking for your credentials is suspicious if: A. It’s on a login screen B. It appears randomly while browsing C. You’re updating software D. It’s on your desktop Unexpected pop-ups may be part of a phishing or malware attack. 50.How can you tell a website is secure for transactions? A. It’s colorful B. It loads fast C. It uses HTTPS and shows a padlock in the address bar D. It has ads HTTPS encrypts data transmitted between the browser and the server. 51.What is the main purpose of a security awareness training program? A. To enforce punishments B. To make employees memorize policies
D. Logging work hours Using work systems for financial gain or side businesses is a policy violation. 55.Why should you never plug in a found USB drive? A. It could explode B. It might contain malware or spyware C. It may be formatted incorrectly D. It could be full Unknown USB devices are a common vector for spreading malware. 56.Which of the following passwords is most secure? A. mypassword B. 987654321 C. B9!kTg#3wLm@1$Z D. johnny Strong passwords are long, complex, and difficult to guess or crack. 57.What is a VPN used for? A. Downloading files faster B. Blocking emails C. Securely connecting to a network over the internet D. Enhancing video quality VPNs encrypt communications and protect data in transit, especially over public Wi-Fi. 58.What does the term “patch management” refer to? A. Fixing clothes
B. Painting over scratches C. Applying updates to software and systems D. Reinstalling drivers Patch management addresses vulnerabilities and keeps systems secure and stable. 59.Why should devices be restarted after software updates? A. To save energy B. To clean temporary files C. To apply security patches fully D. To erase settings Many updates require restarts to complete the patching process. 60.What is data minimization? A. Removing all data B. Rewriting emails C. Collecting only the data necessary for a specific purpose D. Printing fewer pages Minimizing data collection reduces the risk in case of a breach. 61.Which of the following is a best practice when creating security questions? A. Use public information B. Use answers others can guess C. Choose obscure, hard-to-guess answers D. Write the answers on your desk Avoid common or public details; use answers only you would know.
Tailgating is a physical security breach where someone enters without proper credentials. 66.Which device setting can help protect against eavesdropping in public? A. Bluetooth B. Brightness C. Privacy screen filter D. Airplane mode Privacy screens limit viewing angles to prevent visual hacking. 67.Which of the following should not be shared online? A. Favorite movie B. Birthdate and place of birth C. Pet's name D. Favorite color Birthdate and birthplace are used in security verification and identity theft. 68.How often should antivirus software be updated? A. Once a year B. Every five years C. Regularly, preferably daily D. Never Frequent updates ensure detection of the latest threats and viruses. 69.When should you report a suspected security breach? A. At the end of the week B. Immediately
C. After investigation D. Only if damage is confirmed Early reporting enables faster containment and response. 70.What does “integrity” in cybersecurity mean? A. Keeping secrets B. Ensuring data is accurate and unaltered C. Backing up data D. Blocking access Integrity ensures that data is trustworthy and hasn’t been tampered with. 71.Which of these activities violates security best practices? A. Locking your screen B. Sharing login credentials C. Reporting phishing D. Encrypting email Credential sharing is a major security violation and risk. 72.If a co-worker receives a suspicious file, you should: A. Ignore it B. Tell them to open it C. Advise them to report it immediately D. Open it yourself Prompt reporting prevents malware spread and helps IT take action. 73.What is the benefit of automatic screen locking? A. Saves power B. Prevents unauthorized access to unattended devices
