Answers to our cybersecurity quiz

Bethany Reid
Wednesday 9 March 2022

For Cyber Scotland Week 2022, we circulated a cybersecurity quiz for staff and students to complete. Thanks to everyone that took part and congratulations to our two winners (both scoring 100%!).

Q1. What is the purpose of multi-factor authentication?

To add a second layer of protection to your account.

Q2. Which of the following is not a form of multi-factor authentication?

Written signature, push notification, retinal scan, or fingerprint scan? The answer is written signature. A written signature is mainly used to signal intent, like signing a contract, rather than verifying your identity.

Q3. Which of these is the strongest password?

  1. Password12345
  2. C1ark-17
  3. b00kpurple$ign
  4. dolphin72!

The correct answer is number 3. This is because it’s more closely aligned to the ‘three random words’ password guidance issued by the National Cyber Security Centre. They say that choosing three random words, like book purple and sign as above, and substituting in numbers and symbols will make your password very difficult to guess.

Q4. How many times was the password ‘123456’ used on compromised accounts last year?

The right answer was over 100 million.

Q5. The name for ‘a computer/person working methodically through all possible passwords’

This type of attack is a brute force attack. Other answers available to choose from were man in the middle attack, cryptographic attack, and password spraying.

Q6. Choose the true statements about device safety

  1. Add a method of authentication (password, fingerprint or similar)
  2. Make sure your devices are visible when you leave them in the car
  3. Back up your data regularly so you have a copy of your most recent files
  4. Don’t leave your devices unattended

1, 3, and 4 are true. For more information on physical device security, read our earlier blog post ‘five ways to physically secure your device.’

Q7. How do you know if a website is secure?

  1. It’s the same URL which I’ve visited before
  2. It contains the University logo
  3. There is a lock icon in the address bar
  4. The address bar starts with ‘https’ rather than ‘http’

1, 3, and 4 are the correct answers.

Q8. How can you protect your data on public wifi?

Connect to the virtual private network (VPN).

Q9. Which of these actions could result in a ransomware attack?

  1. Opening an attachment contained in a phishing email
  2. Following a link on social media which leads to an infected website
  3. Forgetting your password
  4. Having a weak guessable password

1, 3, and 4 were the correct answers.

Q10. How can you prevent private information popping up when sharing your screen?

Share the window rather than the screen, use the ‘mute notifications during meeting’ and close any confidential content before the meeting.

Q11. How can you prevent unwanted intruders during an online event?

Set a lobby to prevent uninvited guests from joining, ask attendees to register beforehand and ensure everyone has their mic and camera enabled.

Register for our next ‘running a Teams webinar‘ session in PDMS to learn more about this.

Q12. What should you do if you receive a phishing email?

Use the ‘report as phishing’ button in Outlook (or forward to [email protected])

Q13 and Q14. Is this email real or phishing?

100% of respondents answered correctly that the first was phishing (as it has a suspicious email address and sense of urgency) and the second was real.

For phishing guidance, read our earlier blog post ‘four ways to spot a phishing email.’

Q15. Put the following items in order of their information classification level

  1. University prospectus (public)
  2. Student photographs (internal)
  3. Examinations results (confidential)
  4. Counselling records (strictly confidential)

Read our blog post ‘what is information classification?’ for more information.

Q16. What statements are true when handling confidential information?

  1. Confidential information can be stored on personal devices if they’re up-to-date
  2. Confidential information can be shared across any cloud platform, like DropBox
  3. Confidential should be distributed on a strictly need-to-know basis
  4. Confidential information can be viewed on personal devices if secured by a 6-digit PIN

3. and 4. are true.

Share this story

Leave a reply

By using this form you agree with the storage and handling of your data by this website.

Subscribe to the IT Services blog

Enter your email address to subscribe to this blog to receive notifications of new posts.