KNOWBE4 TERMS ACTUAL QUESTIONS WITH SOLUTIONS
2025 GRADED A+
✔✔security vulnerability: - ✔✔A weakness on a network, computer, or software which
allows a bad guy to gain access. A security vulnerability has three elements: a flaw,
access to the flaw, and capability to exploit that flaw.
✔✔exploit: - ✔✔Software or code—usually malicious—that takes advantage of a flaw or
vulnerability. The purpose is to cause unintended or unanticipated behavior to occur
with the software or hardware. Such behavior would be unauthorized access or control
of a computer, or denial-of-service (DoS).
✔✔zero-day: - ✔✔The name of a vulnerability unknown to those who would be
interested in securing it, which includes the software vendor or user (good guys). The
bad guys use these vulnerabilities to launch an attack.
✔✔zero-day exploit: - ✔✔Also known as "zero-day attack," is an exploit that takes
advantage of a zero-day vulnerability on its first day of release, before the vendor knows
about it.
✔✔advanced persistent threat: - ✔✔Also known as APT, is a network attack in which an
unauthorized person gains access to a network and stays there undetected for a long
period of time. The bad guy's goal is to go undetected and steal data, rather than cause
damage to the network or organization.
✔✔tailgating: - ✔✔Also known as piggybacking, tailgating is a method used by bad
guys to gain access to a building or other protected areas. A tailgater waits for an
authorized user to open and pass through a secure entry and then follows right behind
✔✔keylogger: - ✔✔Malware or hardware that observes what someone types on their
keyboard, which is then sent back to the bad guys.
✔✔Bitcoin: - ✔✔A digital currency in which encryption (the process of converting
information or data into a code) techniques are used to regulate the generation of units
of currency and verify the transfer of funds, operating independently of a central bank.
✔✔money mule: - ✔✔A person recruited by a criminal or criminal organization to quickly
receive and turnaround funds involved in scams. The person is often unaware of their
role in the criminal act.
✔✔firewall: - ✔✔Hardware or software designed to block unauthorized network access
while permitting authorized communications.
✔✔cloud computing: - ✔✔The practice of using remote servers on the Internet to store,
manage, and process data, rather than a local server or a personal computer.
, Cloud servers get all the latest software and security updates, making them less
vulnerable to attack.
✔✔security awareness training (SAT): - ✔✔Any training that raises the awareness of a
user to potential threats, and how to avoid them.
✔✔Kevin Mitnick: - ✔✔In the mid-nineties, he was known as the "World's Most Wanted
Hacker." Today, Kevin's positioned as "The World's Most Famous Hacker." Kevin is a
very successful Fortune 500 security consultant, part owner and the Chief Hacking
Officer of KnowBe4.
✔✔learning management system (LMS): - ✔✔A system for the administration,
documentation, tracking, reporting, and delivery of e-learning education courses or
training programs.
✔✔return on investment (ROI): - ✔✔Measures the amount of return on an investment
relative to the investor's cost.
✔✔Shareable Content Object Reference Model (SCORM): - ✔✔A technical standard
that governs how online learning content and Learning Management Systems
communicate with each other. Note: Our customers access our security awareness
training modules through an LMS. Those modules all follow the SCORM standard.
✔✔The Six Steps to Successful Security Awareness Training (SAT) - ✔✔Step 1:
Have a security policy, and have each employee read and sign it.
Step 2:
Have all employees take mandatory SAT (online), with a clear deadline and reasons
why they're taking the training.
Step 3:
Make SAT part of the onboarding process (the process of integrating new hires in a
company).
Step 4:
Regularly test employees to reinforce the SAT its application.
Step 5:
Have employees who fail phishing tests meet privately with a supervisor or HR; reward
employees with low failure rates.
Step 6:
Send regular security hints and tips via email to all employees.
✔✔There are 7 reasons why an organization would outsource security awareness
training (why they seek our product): - ✔✔reduce costs, access to talent, geographic
research and scalability, compliance, mitigate risk, business focus, leverage cost of
technology.
2025 GRADED A+
✔✔security vulnerability: - ✔✔A weakness on a network, computer, or software which
allows a bad guy to gain access. A security vulnerability has three elements: a flaw,
access to the flaw, and capability to exploit that flaw.
✔✔exploit: - ✔✔Software or code—usually malicious—that takes advantage of a flaw or
vulnerability. The purpose is to cause unintended or unanticipated behavior to occur
with the software or hardware. Such behavior would be unauthorized access or control
of a computer, or denial-of-service (DoS).
✔✔zero-day: - ✔✔The name of a vulnerability unknown to those who would be
interested in securing it, which includes the software vendor or user (good guys). The
bad guys use these vulnerabilities to launch an attack.
✔✔zero-day exploit: - ✔✔Also known as "zero-day attack," is an exploit that takes
advantage of a zero-day vulnerability on its first day of release, before the vendor knows
about it.
✔✔advanced persistent threat: - ✔✔Also known as APT, is a network attack in which an
unauthorized person gains access to a network and stays there undetected for a long
period of time. The bad guy's goal is to go undetected and steal data, rather than cause
damage to the network or organization.
✔✔tailgating: - ✔✔Also known as piggybacking, tailgating is a method used by bad
guys to gain access to a building or other protected areas. A tailgater waits for an
authorized user to open and pass through a secure entry and then follows right behind
✔✔keylogger: - ✔✔Malware or hardware that observes what someone types on their
keyboard, which is then sent back to the bad guys.
✔✔Bitcoin: - ✔✔A digital currency in which encryption (the process of converting
information or data into a code) techniques are used to regulate the generation of units
of currency and verify the transfer of funds, operating independently of a central bank.
✔✔money mule: - ✔✔A person recruited by a criminal or criminal organization to quickly
receive and turnaround funds involved in scams. The person is often unaware of their
role in the criminal act.
✔✔firewall: - ✔✔Hardware or software designed to block unauthorized network access
while permitting authorized communications.
✔✔cloud computing: - ✔✔The practice of using remote servers on the Internet to store,
manage, and process data, rather than a local server or a personal computer.
, Cloud servers get all the latest software and security updates, making them less
vulnerable to attack.
✔✔security awareness training (SAT): - ✔✔Any training that raises the awareness of a
user to potential threats, and how to avoid them.
✔✔Kevin Mitnick: - ✔✔In the mid-nineties, he was known as the "World's Most Wanted
Hacker." Today, Kevin's positioned as "The World's Most Famous Hacker." Kevin is a
very successful Fortune 500 security consultant, part owner and the Chief Hacking
Officer of KnowBe4.
✔✔learning management system (LMS): - ✔✔A system for the administration,
documentation, tracking, reporting, and delivery of e-learning education courses or
training programs.
✔✔return on investment (ROI): - ✔✔Measures the amount of return on an investment
relative to the investor's cost.
✔✔Shareable Content Object Reference Model (SCORM): - ✔✔A technical standard
that governs how online learning content and Learning Management Systems
communicate with each other. Note: Our customers access our security awareness
training modules through an LMS. Those modules all follow the SCORM standard.
✔✔The Six Steps to Successful Security Awareness Training (SAT) - ✔✔Step 1:
Have a security policy, and have each employee read and sign it.
Step 2:
Have all employees take mandatory SAT (online), with a clear deadline and reasons
why they're taking the training.
Step 3:
Make SAT part of the onboarding process (the process of integrating new hires in a
company).
Step 4:
Regularly test employees to reinforce the SAT its application.
Step 5:
Have employees who fail phishing tests meet privately with a supervisor or HR; reward
employees with low failure rates.
Step 6:
Send regular security hints and tips via email to all employees.
✔✔There are 7 reasons why an organization would outsource security awareness
training (why they seek our product): - ✔✔reduce costs, access to talent, geographic
research and scalability, compliance, mitigate risk, business focus, leverage cost of
technology.
