#1
Which of the following is an example of an insider threat?
A hacker attempting to breach the company's network from outside.
A disgruntled employee stealing sensitive data.
A phishing attack targeting employees.
A natural disaster causing a data breach.
#2
What is the primary goal of insider threat awareness training?
To prevent external cyber attacks.
To educate employees on company policies.
To identify and mitigate risks posed by employees.
To install antivirus software on company devices.
#3
Which of the following is NOT a common motive for insider threats?
Financial gain.
Revenge.
Ethical hacking.
Espionage.
#4
What is the term for the process of monitoring and analyzing user activities and behaviors to identify suspicious actions?
Intrusion Detection System (IDS).
Firewall protection.
Behavioral analytics.
Data encryption.
#5
What is the term for the process of manipulating individuals into divulging confidential information or performing actions that may compromise security?
Phishing.
Spyware.
Malware.
Ransomware.
#6
Which of the following is an example of a technical control used to prevent insider threats?
Biometric authentication.
Employee background checks.
Security awareness training.
Performance evaluations.
#7
Which department or role within an organization typically oversees insider threat prevention efforts?
Human Resources.
Information Technology.
Marketing.
Legal.
#8
Which of the following is NOT a potential indicator of insider threat behavior?
Frequent password changes.
Accessing files outside of normal work hours.
Ignoring company policies.
Unexplained financial difficulties.
#9
What is the term for the unauthorized copying, distribution, or use of proprietary software or data?
Phishing.
Spoofing.
Piracy.
Hacking.
#10
What is the primary purpose of conducting risk assessments related to insider threats?
To identify potential vulnerabilities and threats within an organization.
To determine employee salaries and benefits.
To promote employee engagement and morale.
To monitor employee productivity.
#11
What is the term for the process of an insider using their access rights to intentionally cause harm to an organization's data or systems?
Data leakage.
Data exfiltration.
Data destruction.
Data breach.
#12
Which of the following is NOT a common method used by insiders to exfiltrate sensitive data?
Email.
USB drives.
Cloud storage services.
Publicly accessible databases.
#13
What is the term for the process of monitoring and controlling user access to information within an organization?
Access management.
Access control.
Identity management.
Authentication.
#14
Which of the following is a potential consequence of an insider threat incident?
Increased employee morale.
Loss of intellectual property.
Enhanced company reputation.
Improved customer satisfaction.
#15
What is the primary goal of implementing a least privilege principle?
To restrict employee access to company resources.
To promote transparency within the organization.
To encourage employees to share sensitive information.
To increase employee productivity.
#16
Which of the following is NOT a common indicator of potential insider threat behavior?
Consistent adherence to company policies.
Excessive access to sensitive information.
Unauthorized installation of software.
Frequent access to secure areas.
#17
What is the term for the practice of monitoring and controlling the flow of sensitive information within an organization?
Data governance.
Data leakage prevention.
Data encryption.
Data management.
#18
Which of the following is a common challenge associated with insider threat detection?
Lack of employee training.
Over-reliance on external security measures.
Difficulty in distinguishing between normal and suspicious behavior.
Inadequate access controls.
#19
What is the term for the process of creating and maintaining a secure digital identity for users within an organization?
Identity theft protection.
Identity management.
Identity verification.
Identity authentication.
#20
Which of the following is NOT a recommended practice for preventing insider threats?
Implementing role-based access controls.
Conducting regular security awareness training.
Encouraging employees to share their passwords.
Monitoring user activities and behaviors.
#21
In the context of insider threats, what does the term 'privilege escalation' refer to?
Granting employees access to sensitive data.
Increasing an individual's level of access beyond what is necessary for their role.
Revoking an employee's access to company resources.
Providing employees with additional training on security protocols.
#22
What is the term for the practice of segregating duties within an organization to reduce the risk of insider threats?
Least privilege principle.
Single sign-on (SSO).
Social engineering.
Job rotation.
#23
Which of the following is an example of a behavioral indicator of potential insider threats?
Participating in team-building activities.
Exhibiting sudden changes in behavior or attitude.
Completing assigned tasks on time.
Attending regular training sessions.
#24
Which of the following is a recommended strategy for responding to an insider threat incident?
Ignoring the incident and hoping it resolves on its own.
Immediately terminating the employment of the suspected individual.
Conducting a thorough investigation to gather evidence.
Publicly shaming the individual to deter future incidents.