1. What is the best executive habit to reduce cyber risk quickly?
The best answer is: ______ Lead by example: follow the same security rules as everyone else.
a) Lead by example: follow the same security rules as everyone else.
b) Skip security steps because your time is valuable.
c) Let IT handle everything without your involvement.
[Welche Executive-Gewohnheit reduziert Cyber-Risiko am schnellsten?]

2. What is the safest approach to passwords at work?
The best answer is: ______ Use a password manager and unique passwords.
a) Reuse one strong password for all company systems.
b) Use a password manager and unique passwords.
c) Share passwords in chat for speed.
[Was ist der sicherste Umgang mit Passwörtern im Unternehmen?]

3. Which is the safest response to a suspicious invoice email at work?
The best answer is: ______ Verify using a known contact method before acting.
a) Open the attachment to see what it is.
b) Forward it to the whole team to ask.
c) Verify using a known contact method before acting.
[Welche Reaktion ist am sichersten bei einer verdächtigen Rechnungs-E-Mail?]

4. What is the best rule for approving payments or bank detail changes?
The best answer is: ______ Use a 2-person check and verify out-of-band.
a) Approve immediately if it’s urgent.
b) Use a 2-person check and verify out-of-band.
c) Approve by replying to the email thread.
[Welche Regel ist am besten für Zahlungen oder geänderte Bankdaten?]

5. Why should executives avoid bypassing MFA (2FA / Multi-Factor Authentication) prompts?
The best answer is: ______ Because MFA stops many account-takeover attacks.
a) Because MFA stops many account-takeover attacks.
b) Because it makes email faster.
c) Because it reduces meetings.
[Warum sollten Executives MFA-(2FA)-Abfragen nicht umgehen?]

6. What is the risk of using personal email for company files?
The best answer is: ______ It increases leakage risk and breaks control/auditing.
a) It improves compliance automatically.
b) It makes backups unnecessary.
c) It increases leakage risk and breaks control/auditing.
[Was ist das Risiko, private E-Mail für Firmendateien zu nutzen?]

7. What is a safe habit for executives when traveling?
The best answer is: ______ Use VPN and avoid sensitive work on unknown Wi-Fi.
a) Share hotspot passwords with anyone in the lounge.
b) Use VPN and avoid sensitive work on unknown Wi-Fi.
c) Disable screen lock to work faster.
[Welche sichere Gewohnheit gilt für Executives auf Reisen?]

8. What is the best behavior around USB sticks in the office?
The best answer is: ______ Treat unknown USB sticks as unsafe; don’t plug them in.
a) Treat unknown USB sticks as unsafe; don’t plug them in.
b) Plug them in quickly to identify the owner.
c) Let interns test unknown USB sticks first.
[Was ist das beste Verhalten bei USB-Sticks im Büro?]

9. Which is the best policy for company laptops and phones?
The best answer is: ______ Use encryption, screen lock, and remote wipe.
a) Allow shared logins to save time.
b) No device encryption so IT can access data easily.
c) Use encryption, screen lock, and remote wipe.
[Welche Richtlinie ist am besten für Firmen-Laptops und -Handys?]

10. What is the safest approach to admin privileges for employees?
The best answer is: ______ Use least privilege: only what’s needed, when needed.
a) Give admin rights to anyone who asks.
b) Use least privilege: only what’s needed, when needed.
c) Give everyone admin rights for productivity.
[Was ist der sicherste Umgang mit Admin-Rechten für Mitarbeiter?]

11. Why is it risky to allow password sharing between employees?
The best answer is: ______ Because you lose accountability and increase breach impact.
a) Because it improves accountability.
b) Because you lose accountability and increase breach impact.
c) Because it reduces phishing.
[Warum ist Passwort-Teilen zwischen Mitarbeitern riskant?]

12. What is the risk of delaying security updates company-wide?
The best answer is: ______ It leaves known vulnerabilities exploitable.
a) It improves user interface stability forever.
b) It increases battery life.
c) It leaves known vulnerabilities exploitable.
[Was ist das Risiko, Sicherheitsupdates im Unternehmen zu verzögern?]

13. What is the best executive message about reporting mistakes?
The best answer is: ______ Encourage fast reporting without blame to reduce damage.
a) Encourage fast reporting without blame to reduce damage.
b) Punish every mistake to create fear.
c) Tell staff to stay quiet to avoid embarrassment.
[Welche Executive-Botschaft ist am besten fürs Melden von Fehlern?]

14. What is a safe practice for executive assistants handling calendars and email?
The best answer is: ______ Use MFA and separate accounts with clear permissions.
a) Turn off MFA to avoid interruptions.
b) Use MFA and separate accounts with clear permissions.
c) Use one shared mailbox password for the whole team.
[Welche sichere Praxis gilt für Assistenz bei Kalender und E-Mail?]

15. Which is the safest behavior for sharing sensitive documents internally?
The best answer is: ______ Use controlled access links with permissions and expiry.
a) Send them as email attachments to many people.
b) Use controlled access links with permissions and expiry.
c) Upload them to personal cloud accounts.
[Welche Handlung ist am sichersten beim Teilen sensibler Dokumente intern?]

16. What is the safest approach to onboarding new employees?
The best answer is: ______ Provide role-based access and security basics training.
a) Let them use personal devices with no controls.
b) Give broad access on day one to avoid delays.
c) Provide role-based access and security basics training.
[Was ist der sicherste Ansatz beim Onboarding neuer Mitarbeiter?]

17. Why should executives avoid approving requests under pressure?
The best answer is: ______ Because urgency is a common social engineering tactic.
a) Because it improves teamwork.
b) Because urgency is a common social engineering tactic.
c) Because pressure always means it’s legitimate.
[Warum sollten Executives Anfragen unter Druck nicht einfach freigeben?]

18. What is the main risk of using shared meeting links publicly?
The best answer is: ______ It can enable unauthorized access and data leakage.
a) It can enable unauthorized access and data leakage.
b) It increases audio quality.
c) It reduces calendar invites.
[Was ist das Hauptrisiko, Meeting-Links öffentlich zu teilen?]

19. What is a safe rule for executives about confidential information in chats?
The best answer is: ______ Avoid sensitive data in chat; use approved secure channels.
a) Send passwords in chat because it’s encrypted.
b) Avoid sensitive data in chat; use approved secure channels.
c) Use emojis instead of security controls.
[Welche sichere Regel gilt für vertrauliche Infos in Chats?]

20. What is the best executive habit for security culture?
The best answer is: ______ Ask for simple metrics and follow up regularly.
a) Ignore training and hope for the best.
b) Only discuss security after an incident.
c) Ask for simple metrics and follow up regularly.
[Welche Executive-Gewohnheit fördert Sicherheitskultur am besten?]

21. Which is safest when employees work from home?
The best answer is: ______ Use managed devices, VPN, and secure Wi-Fi practices.
a) Use managed devices, VPN, and secure Wi-Fi practices.
b) Allow work on any device with no rules.
c) Share one company account for all logins.
[Was ist am sichersten, wenn Mitarbeiter im Homeoffice arbeiten?]

22. What is the safest approach to employee offboarding?
The best answer is: ______ Remove access promptly and recover company devices.
a) Keep access for a few months just in case.
b) Remove access promptly and recover company devices.
c) Ask them to delete files on their own.
[Was ist der sicherste Ansatz beim Offboarding?]

23. Why is it risky to allow unapproved software ("shadow IT")?
The best answer is: ______ Because it can create unknown vulnerabilities and data leaks.
a) Because it always improves compliance.
b) Because it reduces costs with no downside.
c) Because it can create unknown vulnerabilities and data leaks.
[Warum ist unfreigegebene Software ("Shadow IT") riskant?]

24. What is the main risk of ignoring phishing simulations or training?
The best answer is: ______ Because staff remain vulnerable to common attacks.
a) Because staff remain vulnerable to common attacks.
b) Because it improves email speed.
c) Because it makes staff more confident automatically.
[Was ist das Hauptrisiko, Phishing-Training oder Simulationen zu ignorieren?]

25. What is a safe executive rule for “exceptions” to security?
The best answer is: ______ Keep exceptions rare, documented, time-limited, and approved.
a) Allow exceptions whenever someone is busy.
b) Keep exceptions rare, documented, time-limited, and approved.
c) Remove controls permanently for VIPs.
[Welche sichere Executive-Regel gilt für „Ausnahmen“ von Security?]