Case Study: Password Management Techniques Quiz Answer
In this article i am gone to share Coursera Course: Technical Support Case Studies and Capstone Week 4 Practice Quiz | Case Study: Password Management Techniques Quiz Answer with you..
Enroll Link: Technical Support Case Studies and Capstone
Case Study: Password Management Techniques Quiz Answer
Natalie is a service desk technician, and she answers a call from Edward, another employee at the company. The following exchange ensues:
Technician: Hello, this is Natalie with technical support. How may I help you today?
Employee: Natalie, this is Edward. I just got an email from our CEO asking if I can give her the password for my work account. She says that she needs my password to access some files in my network drive, and the matter is urgent. But I’ve never even met the CEO, so I’m surprised that she’d ask me.
Technician: Edward, I’m glad that you called. Did you reply to the email, and if so, did you share your password?
Employee: Yes, I replied and shared my password. She says that the situation is urgent, and I don’t want to say no to the CEO, as weird as this request is!
Assume this company’s password policy meets best practices. With whom should employees like Edward share their company password?
- Any employee
- No one
- IT staff
Technician: Edward, this is a serious matter, and you should have checked the company’s policy or consulted tech support before acting. Per our policy, you should never share company passwords with anyone, not even the CEO, and it’s unlikely that she’s forgotten this rule.
Employee: Now that you mention it, I remember seeing emails about this policy. Sorry about that! But is it that big of a deal that I gave them my password?
Natalie wants to convey the severity of the threat that weak or stolen passwords present. Weak or stolen passwords lead to what percentage of company data breaches?
- More than 80%
- Around 40%
- Around 60%
- Less than 20%
Technician: Weak or stolen passwords account for over 80% of company data breaches. One way that cybercriminals get these passwords is through phishing attempts, which is probably what happened in your case. Phishing is when hackers use email or messaging to commit fraud, stealing login information to access sensitive information like company files and bank account information. You can access lots of our company’s intellectual property through your work account. Now, the cybercriminal can access it, too.
Employee: Oh no! The company could be in a lot of trouble because of my mistake.
Technician: Well, let’s do what we can to limit any damage. First, you need to immediately change your password to prevent the hacker from using the login info you provided. And let’s ensure that your new password is strong.
What is one piece of advice that Natalie should provide Edward for creating his new password?
- Use the same password from another of his accounts.
- Use “password” instead of a unique password.
- Use a password like “12345” that he can easily remember.
- Use a passphrase that includes many random words.
Technician: Let’s go over some guidelines for strong passwords. First, use a unique password, not one you’ve previously used for this or any other account and not a common password like “12345” or “password.” Instead, you can use a passphrase that includes many random words, like “GlassToastisanumber.”
Employee: Okay, that all makes sense.
Technician: Your password should not include names, places, or dictionary words. Hackers have tools for rapidly guessing these. You also shouldn’t include any personally identifiable information.
Employee: Okay, so I should not include any of that in my password! But what should I include?
Which password includes all the components of a strong password?
Technician: A strong password is at least 12 characters long, and it includes upper and lowercase letters as well as numbers and special characters. In fact, when you open the password reset page, you’ll see that your password must meet all these standards.
Employee: Okay. I think I’ll use “$2-gDvZt#kGK.” How about that?
Technician: Remember not to share your password with anyone, even me! But yes, that’s a strong password. You should also ensure that it’s easy to remember. For example, you can use the first letter of each word in a sentence that you can easily remember, like “Dinner is usually served at 8 PM in our house!” This sentence translates to “Dius@8pmioh!” You can modify it to make it more complex if you want.
Edward resets his password.
Employee: Okay, I’ve reset my password. Should I do anything else?
Technician: I would change the password on any other accounts that use the same password as your work account. Again, you shouldn’t reuse passwords across accounts, so ensure each of these updated passwords is unique.
Employee: All right, I’ll do that.
Technician: Also, can you send me a screenshot of the email? I want to confirm that it’s a phishing attempt and warn others about it.
Employee: Sure, I’ll do that right now.
Edward takes a screenshot of the email and sends it to Natalie.
What three clues should Natalie look for to determine whether the suspicious email is a phishing attempt? Select all that apply.
- Sense of urgency
- Odd-looking logos
- Errors like typos
- Company email address
Natalie confirms that the email is a phishing attempt and blocks the email address from the company’s server. She includes the screenshot in a company-wide email to warn them about this and similar phishing attempts and demonstrate what these emails look like.