1) Nisa receives this security alert about her Google account:

She suspects that it's a phishing email,

so she decides not to click the buttons at the bottom.
Which aspect of the email is least indicative of a phishing attack? The email
includes a company logo.
(This is not particularly indicative of a phishing email, as many legitimate
emails contain a logo.)
2) A teacher receives an email to his school address. The email claims to be from
their school's learning management system and asks him to verify his account
credentials. He follows a link in the email to a website with a username and
password box. The website doesn't look quite right, so he suspects it might be a
phishing scam. What would be the safest next step? Follow his bookmarked
link to the LMS website, and email their official support address to see if the
email is real.
3) Dax is a customer of the payment company BeanMo and typically logs on to
"beanmo.com".He receives an email that claims to be from BeanMo
andcontains a link to a webpage.

Once the webpage loads, he checks the URL in

the browser to make sure it's really a BeanMo URL. Which of these URLs is
most likely a legitimate BeanMo domain? account.beanmo.com
(This domain name is a subdomain of "beanmo.com", their official website.
The administrator of a domain can also set up subdomains, so the owner of
"beanmo.com" is also the owner of "account.beanmo.com".)
4) Agatha received an email from her bank that asked for verification of her
account details. She clicked the link in the email, and entered her username and
password into a form.

At that point, she realized the email was a

phishing scam, and she had just revealed her password to the cyber criminals
behind the scam. What are the effects of revealing her bank account
password to cyber criminals? 1. They can use the password to login to the
real bank website. 2. They can try the password on other websites where she
has a login.
5) Karlee receives this email that claims to be from Instagram, the social media
site:

Which aspect of the email is least indicative of a phishing attack? The email
footer includes the company's mailing address.
6) Evelyn receives an email that claims to be from the IRS, the United States
Internal Revenue Service. The email states that their tax refund is ready and
includes an attachment labeled "taxrefund.doc".Evelyn is eager for their refund
but worried the email is a phishing scam. What is the safest next step? Evelyn
can find the official IRS website by searching the Web, and contact IRS
through a listed email address to inquire about the email.

7) Sigourney has an account on the social media website InstaTag and typically
logs on to the domain name "instatag.com".She receives an email that claims to be
from InstaTag and contains a link to a webpage.
 Once the webpage loads, she checks the URL in the
browser to make sure it's really an InstaTag URL.Which of these URLs is most
likely owned by InstaTag? user.instatag.com

8) Jaime received an email from his favorite movie streaming service. The email
stated that all customers were being asked to reset their passwords (due to a security
breach) and linked to a webpage with a password reset form. The webpage asks him
to confirm his old password and then enter a new password.

At that point, Jaime wonders if the email and

webpage are part of a phishing scam. He searches the Web and finds other reports of
the scam, so he closes the webpage and marks the email as spam.What could have
happened if he had filled out the form? 1. The attackers could try using the "old
password" and "new password" to login to Jaime's accounts on other sites. 2. The
attackers could use Jaime's "old password" to login to the actual movie streaming
website.

9) Tatsuki receives an urgent email from his bank:

He thinks it might be a phishing scam, so he

decides to ignore it.Which aspect of the email is least indicative of a phishing
attack? The email references the federal government.
10) Mason receives an email from a law firm called "Baker & McKenzie". The email
states that they are scheduled to appear in court and includes a link to view the court
notice.Mason is suspicious that this may be a phishing attack, since this is the first
they've heard about a court appearance.What would be the safest next step? They
can look in a phone directory for a number to the listed court and call the court to see
if they have record of the notice.

11) Sacha uses a payment app called CircleCash and typically logs on to his merchant
account as "circle.com". He receives an email that claims to be from CircleCash and
contains a link to a webpage.

Once the webpage loads, he checks the URL in the

browser to make sure it's a legitimate CircleCash URL.Which of these URLs is most
likely owned by CircleCash? io.circle.com

12) Emilia arrived to work at her company's office at 9 AM. She connected her laptop
to the WiFi hotspot labeled "OfficeWiFi5thFl". After a meeting ended at 10:30 AM,
she connected to a different hotspot labeled "OfficeSpace5thFl". After lunch ended at
12 PM, her laptop lost that signal and reconnected to "OfficeWiFi5thFl". If
"OfficeSpace5thFl" was actually a rogue access point, which website visits could
it have intercepted? A visit to a tax software website at 10:45 AM where she filled
out part of her tax form for this year.

13) Femke went to a computer lab and connected her laptop to the WiFi network. She
later received an email from the lab administrator that warned that the WiFi network
was in fact a rogue access point.Which of these actions could have occurred over
that connection to the rogue access point? When she used her laptop to submit an
online form, the rogue access point could have modified her form submission on its
way to the server.

14) Addison visits a café while visiting a foreign country that offers three options for
Internet connection: 1.A public WiFi hotspot. 2.An Ethernet cable along the wall.3.A
password-protected WiFi hotspot (food purchase required). Which of those could be
a rogue access point? Either of the wifi hotspots.
15) Ayah wants to watch Khan Academy videos in the backyard, but there is no
Internet connection in her yard. Since it rains frequently, Ayah doesn’t want to place a
cable on the ground. What device could Ayah install in order to access the Web in
the backyard? A wireless router because it uses an access point to interpret wireless
signals and route packets through the Internet.

16) Kamdyn is at a cafe and sees an unsecured network called "Free WiFi".As soon as
he connects to the network, someone near him warns him that it's probably a rogue
access point. He's concerned now about an attacker seeing the requests he's sent over
the Internet.Which of his Internet requests can be seen by the rogue access point?
The rogue access point can see the Internet requests sent by his laptop after the
connection was made.

17) A journalist connects to the Internet over a wired Ethernet connection in a foreign
embassy. They don't want anyone else to see which websites they're visiting.

Which entities might be able to see their visited websites?

I. Rogue access point

II. Internet Service Provider (ISP)

III. Web browser II and III only

18) Annalee is setting up a research lab. She wants to be able to search the Web from
her laptop anywhere in the lab but doesn't want to drag an Ethernet cable around the
lab.Annalee starts browsing online for products.Which of the following products
should she buy? NetGear Wireless Access Point

19) At 9:30 AM, Thato went to a local coworking space and connected to the usual
WiFi network and started browsing the morning news. At 10 AM, he noticed that
webpages were slow to load and connected to a different free network instead. A
coworker walked by at 10:25 and warned him that the free network was actually a
rogue access point, however, so he disconnected from it and reconnected to the usual
network.Here is his browsing history from that morning:
 Which requests would the rogue access point have seen?
1. desmoinesregister.com @ 10:07. 2. theatlantic.com @ 10:13. 3. sltrib.com @ 10:22.

20) An IT administrator for a company discovers that someone setup a rogue access
point in the office and that several employees are connected to it. The administrator is
concerned about an attacker gaining access to company data. Which of these attacks
are possible over a rogue access point? Intercepting requests sent over the Internet
and copying their contents.

21) Joaquin needs to use online banking to transfer large amounts of money and is
concerned about an attacker using a rogue access point to intercept his bank transfer.
What's the best way for him to avoid the risks of a rogue access point? Use a
wired connection instead of a wireless connection.

22) Sümeyye is buying a subscription from an Internet Service Provider (ISP) for her
new apartment so that she can have wireless Internet access in each room. The ISP
offers to send her a wireless access point for an extra $30 dollars. Sümeyye already
has an old router that a friend offered her, however. Does she need to purchase the
wireless access point? It depends: she doesn't need the extra wireless access point as
long as her router also includes an access point.

23) Which of the following could not occur if your computer is connected to the
Internet over a rogue access point? The rogue access point could read the files on
your device.

24) Sahed works for admissions at a university. One day, she receives an email about
a new admissions tool that she needs to start using ASAP. The email links to a
webpage with a registration form.
 She decides to re-use her password from the old
administration tool, and signs up with her email and that password.

Unfortunately, she then receives a message from her manager that the email is a
phishing scam targeting everyone in their department, and that she should ignore
it.What are the effects of revealing that password to the cyber criminals? 1. The
cyber criminals can sell her email and password combination to other attackers. 2. The
cyber criminals can try that password on the actual admissions tool and successfully
gain access.

25) Which of these statements about malware are true? 1. A virus is a type of
computer malware, but there are other types of malware. 2. Malware can affect
desktops, laptops, phones, and servers.

26) A user complains that their anti-virus software claimed to have eliminated a virus,
but it popped up again the next day. What's the most likely explanation for why a
computer virus may be hard to eliminate? A virus can copy itself into multiple
files on the operating system.

27) The following snippet is from a 2017 article on an information security news site.
"A Virginia man pleaded guilty on Friday to charges of aiding and abetting computer
intrusion, accused of writing a keylogger that sold to over 3,000 people and infected
16,000 victims." In what way does a keylogger aid computer intrusion? A
keylogger records everything a user types and uploads the data to a server.

28) An IT manager for a company wants to make sure that the corporate computers
are secure, so they install antivirus software on every machine. In what way does the
antivirus software protect the computers? The antivirus software checks for known
malware and takes action to remove or repair affected files.

29) What is the difference between malware and a software bug? Malware is
designed to intentionally inflict damage on a computer; a software bug is an accident.
30) Which of the following algorithms is most likely to be found in a computer
virus? An algorithm that copies the virus program into a different file

31) BBC News wrote an article with this headline:"HP laptops found to have hidden
keylogger". After reading that headline, what should HP laptop owners be most
concerned about? The keylogger could be recording what they type and sending the
logs to a server.

32) The administration of a high school decides to install antivirus software on all of
the school computers.What can the antivirus software protect the computers
from? The antivirus software can protect the computers from any malware that it is
able to successfully detect.

33) The antivirus software can protect the computers from any malware that it is able
to successfully detect. Which of these rules bans the creation of malware? "Don't
create a program that intentionally damages a computing system or takes
unauthorized control of it."

34) Why is a computer virus more dangerous than other types of malware? A
virus can make copies of itself, including copying itself into an existing file.

35) The following snippet is from a 2020 news article:"On March 18, we uncovered
an email campaign that pushed victims into unwittingly downloading an invasive
keylogger called Agent Tesla." What is the primary danger of accidentally
downloading a keylogger? A keylogger will record every key stroke and upload the
data to an attacker.

36) ZeuS is malware that is typically used to steal banking data from a computer's
users by installing a key logger and sending the logged data to the attackers. What
best describes how antivirus software can protect against ZeuS? Antivirus
software can scan the files on the drive and notify users of files that look like the
ZeuS malware.

37) A teacher in a computer science classroom is writing guidelines for her classes.
She would like to explicitly forbid the creation of malware. Which of these rules
bans the creation of malware? "Don't create a program that intentionally damages a
computing system or takes unauthorized control of it."