#1
Which of the following is an example of an insider threat?
A hacker attempting to breach the company's network from outside.
A disgruntled employee stealing sensitive data.
A phishing attack targeting employees.
A natural disaster causing a data breach.
#2
What is the primary goal of insider threat awareness training?
To prevent external cyber attacks.
To educate employees on company policies.
To identify and mitigate risks posed by employees.
To install antivirus software on company devices.
#3
Which of the following is NOT a common motive for insider threats?
Financial gain.
Revenge.
Ethical hacking.
Espionage.
#4
What is the term for the process of monitoring and analyzing user activities and behaviors to identify suspicious actions?
Intrusion Detection System (IDS).
Firewall protection.
Behavioral analytics.
Data encryption.
#5
What is the term for the process of manipulating individuals into divulging confidential information or performing actions that may compromise security?
Phishing.
Spyware.
Malware.
Ransomware.
#6
Which of the following is an example of a technical control used to prevent insider threats?
Biometric authentication.
Employee background checks.
Security awareness training.
Performance evaluations.
#7
Which department or role within an organization typically oversees insider threat prevention efforts?
Human Resources.
Information Technology.
Marketing.
Legal.
#8
Which of the following is NOT a potential indicator of insider threat behavior?
Frequent password changes.
Accessing files outside of normal work hours.
Ignoring company policies.
Unexplained financial difficulties.
#9
Which of the following is NOT a recommended practice for preventing insider threats?
Implementing role-based access controls.
Conducting regular security awareness training.
Encouraging employees to share their passwords.
Monitoring user activities and behaviors.
#10
In the context of insider threats, what does the term 'privilege escalation' refer to?
Granting employees access to sensitive data.
Increasing an individual's level of access beyond what is necessary for their role.
Revoking an employee's access to company resources.
Providing employees with additional training on security protocols.
#11
What is the term for the practice of segregating duties within an organization to reduce the risk of insider threats?
Least privilege principle.
Single sign-on (SSO).
Social engineering.
Job rotation.
#12
Which of the following is an example of a behavioral indicator of potential insider threats?
Participating in team-building activities.
Exhibiting sudden changes in behavior or attitude.
Completing assigned tasks on time.
Attending regular training sessions.
#13
Which of the following is a recommended strategy for responding to an insider threat incident?
Ignoring the incident and hoping it resolves on its own.
Immediately terminating the employment of the suspected individual.
Conducting a thorough investigation to gather evidence.
Publicly shaming the individual to deter future incidents.