ALL RIGHTS RESERVED.
Study Guide for Training Exam Questions
And Answers Updated 2024/2025
PST Phishing Security Test - answer✔A simulated phishing attack performed by KnowBe4 on
email addresses an organization provides us. The purpose of the test is to see how prone the
organization's employees are to click on phishing links.
How it works: The PST user selects a phishing template; then a landing page (where an
employee is taken if they click a phishing link). Employees who click on phishing links are taken
to that landing page and shown the red flags they overlooked. The PST user will then receive a
report with their Phish-prone percentage.
ASAP- Automated Security Awareness Program - answer✔A tool that simplifies the process of
creating customized Security Awareness Programs.
How it works: The user completes a questionnaire about their organization and goals. ASAP
then generates a custom plan based on the user's specific needs.
Breached Password Test - BPT - answer✔A tool that checks to see if an organization's users are
currently using passwords that are in publicly available breaches associated with the org's
domain.
How it works: BPT checks to see if an organization has been part of a data breach that included
passwords. Then it checks to see if those passwords still exist in the organization's active
directory.
PAB - Phishing Alert Button - answer✔An email plugin that gives users a safe way to handle
actual or potential phishing emails.
How it works: PAB forwards the suspect email to the organization's security team for analysis. It
also deletes the email from the user's inbox, to prevent future exposure.
EEC - Email Exposure Check Pro (EEC Pro) - answer✔entifies the at-risk users in an organization
by searching business social media information and hundreds of data breach databases.
The EEC Pro works in two stages:
1|Page
, ©THESTAR EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
Stage 1: Does deep web searches to find any publicly available organizational data. This shows
what an organizational structure looks like to an attacker.
Stage 2: Finds any users that have had their account information exposed in any of several
hundred data breaches. These users are particularly at risk because an attacker knows more
about that user, up to and including their actual passwords!
DST - Domain Spoof Test - answer✔A test that checks a domain name—for example,
knowBe4.com—to see if it can be spoofed.
For example, a "bad guy" could send an email from , but it would be
spoofed to look like it came from .
Mailserver SEcurity Assessment (MSA) - answer✔ests a user's mailserver configuration to check
the effectiveness of the mail filtering rules.
MSA gives the user a quick insight at how their mailserver handles test messages that contain a
variety of different message types, email with attachments, or emails with spoofed domains.
RanSim - Ransomware Simulator - answer✔Simulates 13 ransomware infection scenarios to
determine if a user's workstation is vulnerable to infection. RanSim also allows users to see if
their antivirus software is incorrectly blocking files.
Second chance - answer✔A tool that checks links originated in email messages, including
embedded links within attached Office Documents and PDFs. It asks the user if they're sure
they want to follow the link, giving them a second chance to evaluate the link
USB Security Test - answer✔A tool that finds out how users react to unknown USB drives. The
purpose is to see how many users will pick up the USB drive, plug them into their computer,
and open files.
How it works: When an employee opens the file, it will "call home" and report a "fail" to their
KnowBe4 console. If the user opens a doc and also enables macros, (short for microinstruction,
which is a mini program) additional data is tracked.
Weak Password Test - WPT - answer✔Checks an organization's Active Directory for several
different types of weak password related threats.
How it works: Once the test is complete, it generates a report of the users who have weak
passwords. It does not report the actual passwords of the users; rather it highlights which ones
should be addressed.
AIDA - answer✔artificial Intelligence Driven Agent
AD - answer✔Active Directory
2|Page