sample multiple choice Security Awareness Test

I'm looking for more questions for users which should cover areas like:
a) Spam emails
b) Phishing
c) Malwares & AV
d) Physical security
e) Data Confidentiality
f)  Password & password complexity

Ideally provide me with the answers as well.

Attached is a sample that I have so far, but I'll need about 40 more questions

Some basic reading materials for the users to do prior reading before
taking the awareness test is needed too
Who is Participating?
Rich RumbleConnect With a Mentor Security SamuraiCommented:
This is a good question, and I will write an article on it. I'll link to it once it's approved by EE. Your off to a good start, but users lose interest very quickly. Most Computer Base Training is abysmal, and everyone hates it. You have to be engaging and make the learning fun. We have great success with our program and I'm no authorized to share it publicly, so I'll document in an EE article first.
But to get you started, these are the leaders in Phishing and Security Awareness Training:
Wombat Security (
PhishMe ( (

bbaoConnect With a Mentor IT ConsultantCommented:
most sample questions are practical questions and recommended for a real questionario. however, a few recommendations:

1. more areas to cover, such as vishing, social pressure and policy adoption.

2. avoid questions too conceptual that only suitable for security professionals such as Q1, Q11 and Q17. better more questions for average end users at operational level.

3. avoid ambiguously nonsense questions. e.g. Q18, if a user could know a website is malicious, the user would generally be alerted already. hence it is just a question on paper.
sunhuxAuthor Commented:
Thanks Bing.

I'll still need actual sample questions & answers   plus reading notes (for them to read prior to the test)
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

David AndersConnect With a Mentor Technician Commented:
These seem useful as general reading notes.
btanConnect With a Mentor Exec ConsultantCommented:
KnowBe4 is another good candidate. If only our last line of defence can stay vigilant and the program to regular exercise them can levitate them into a human FW.
bbaoIT ConsultantCommented:
> Most Computer Base Training is abysmal, and everyone hates it.

per my experiences, case study is always (much) better than theories and concepts especially for IT Security Awareness trainings. an interesting fact is that most trainers just love explaining a concept using more other abysmal concepts. :)

therefore, for a best result, the cases are better from personal experiences and something familiar for the audience. that could be a challenge for the trainer as the trainer needs to prepare training materials case by case according the audience's background.
Rich RumbleConnect With a Mentor Security SamuraiCommented:
Here is the first part of Security Awareness Training advice:

Specific training and materials to follow soon!
btanConnect With a Mentor Exec ConsultantCommented:
Nice, Richrumble. The campaign is worth to validate the user and the positive reinforcement helps build the culture of the company - doing good do benefit one and all as a whole :)

Just to share past EE article on security awareness

- for user as gatekeeper and look out for red flags

- for user to stay vigilant and safeguard own online identity & privacy protection
sunhuxAuthor Commented:
Wombatsecurity's trial is excellent
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.