Unlock hundreds more features
Save your Quiz to the Dashboard
View and Export Results
Use AI to Create Quizzes and Analyse Results

OR
Sign inSign in with Facebook
Sign inSign in with Google
Quizzes > Computers & IT

Cyber Security Quiz with Answers: Test Your Skills

Quick, free quiz to test your knowledge with cybersecurity quiz questions. Instant results.

Editorial: Review CompletedCreated By: Viet NguyenUpdated Aug 27, 2025
Difficulty: Moderate
2-5mins
Learning OutcomesCheat Sheet
Paper art illustration promoting a free cyber security quiz on a dark blue background

This cyber security quiz helps you spot common threats and strengthen your defenses with instant answers and brief tips. For a quick refresh, try our cyber security awareness quiz or explore an online safety quiz with answers. Teams can check knowledge with a security awareness quiz for employees.

What does the 'C' stand for in the CIA triad?
Integrity
Availability
Authentication
Confidentiality
The CIA triad is a core model in cybersecurity representing Confidentiality, Integrity, and Availability. Confidentiality ensures information is not disclosed to unauthorized individuals. It is one of the three fundamental principles for securing data.
Which of the following best describes phishing?
Deploying software updates remotely
Scanning systems for open ports
Intercepting network traffic to read packets
Sending fraudulent emails to steal personal information
Phishing is a social engineering attack where attackers send deceptive messages to trick recipients into revealing sensitive data. These messages often mimic legitimate organizations. Phishing is one of the most common methods for stealing credentials.
Which security device inspects incoming and outgoing network packets to enforce security policies?
Switch
Firewall
Load Balancer
Router
A firewall monitors and controls network traffic based on predetermined security rules. It forms a barrier between trusted and untrusted networks. Firewalls can be hardware, software, or a combination of both.
What does two-factor authentication (2FA) require?
Password only
Something you know and something you have
Biometric only
Username and password
Two-factor authentication requires two different types of credentials: something you know (like a password) and something you have (like a token or smartphone). This provides an additional layer of security over password-only systems. 2FA significantly reduces the risk of account compromise.
Which term refers to malicious software such as viruses, worms, and Trojans?
Malware
Adware
Spyware
Ransomware
Malware is a broad term for any malicious software designed to harm or exploit systems. It includes viruses, worms, Trojans, ransomware, and more. The goal of malware can vary from data theft to system disruption.
What does HTTPS indicate when seen in a website URL?
Standard HTTP protocol
Secure HTTP over TLS/SSL
High traffic site
Hosted via cloud services
HTTPS stands for HTTP Secure, meaning HTTP traffic is encrypted using TLS (or SSL) protocols. Encryption prevents eavesdropping and tampering by third parties. Websites with HTTPS display a padlock icon in most browsers.
Which practice helps create strong passwords?
Keeping passwords short
Using a mix of letters, numbers, and symbols
Reusing the same password across multiple sites
Using only dictionary words
Strong passwords include a combination of uppercase and lowercase letters, numbers, and special characters, making them harder to guess or brute force. Avoiding dictionary words and common patterns strengthens security. Password length also plays a key role.
Which of the following is an example of symmetric encryption?
Diffie-Hellman
AES
RSA
ECC
Symmetric encryption uses the same key for encryption and decryption. AES (Advanced Encryption Standard) is the most widely adopted symmetric algorithm. RSA and ECC are examples of asymmetric encryption.
Which port is commonly used for HTTPS traffic?
443
25
21
80
HTTPS traffic is encrypted HTTP and typically uses TCP port 443. Port 80 is used for unencrypted HTTP. Ports 21 and 25 are used for FTP and SMTP respectively.
Which hashing algorithm is considered insecure due to collision vulnerabilities?
SHA-256
MD5
bcrypt
SHA-3
MD5 is prone to collision attacks where two different inputs produce the same hash. Modern applications use stronger hashes like SHA-256 or bcrypt for password storage. MD5 is deprecated for security-critical uses.
What best defines social engineering in cybersecurity?
Manipulating individuals to divulge confidential information
Installing network firewalls
Encrypting data at rest
Scanning for open ports
Social engineering exploits human psychology rather than technical vulnerabilities to extract information. Techniques include phishing, pretexting, and baiting. Training and awareness are key defenses.
At which OSI layer does routing occur?
Application layer
Network layer
Transport layer
Data Link layer
Routing decisions are made at the OSI model's Network layer (Layer 3). Routers forward packets based on IP addresses. The Data Link layer handles MAC addresses and switching.
What primary benefit does a VPN provide?
Faster internet speeds
Spam filtering
Secure encrypted connection over a public network
Physical server redundancy
A VPN (Virtual Private Network) encrypts data between your device and the VPN server, protecting information on public networks. It provides confidentiality and can mask your IP address. VPNs do not inherently increase speed.
Which tool is commonly used for network vulnerability scanning?
Nmap
Wireshark
Nessus
Metasploit
Nessus is a professional vulnerability scanner that identifies known security flaws across systems. Wireshark captures and analyzes network traffic. Metasploit is a penetration testing framework. Nmap is primarily a port scanner.
What is a zero-day vulnerability?
A patched security bug
A flaw unknown to the vendor with no available patch
An outdated security control
A vulnerability that is fixed in one day
A zero-day vulnerability is an unknown software flaw with no official patch available, making it highly valuable to attackers. Because the vendor is unaware, no defense exists at discovery. Prompt detection and mitigation are critical.
What is the main difference between an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS)?
IDS blocks traffic, IPS only logs events
IDS monitors and alerts, IPS blocks traffic
Both encrypt network traffic
Both only log events
An IDS analyzes traffic and generates alerts when suspicious activity is detected, while an IPS can actively block or reject malicious traffic. Both are key components of network defense. Selecting the right tool depends on risk tolerance and network architecture.
In disaster recovery planning, what does BCP stand for?
Business Cycle Procedure
Basic Cybersecurity Policy
Business Continuity Plan
Backup Control Protocol
A Business Continuity Plan outlines procedures to maintain or resume critical operations after a disruption. It addresses risks, recovery strategies, and communication plans. BCP is essential for organizational resilience.
Which Wi-Fi security protocol introduced CCMP and is considered more secure than WPA?
WPA
WPA3
WPA2
WEP
WPA2 replaced WPA and WEP by introducing CCMP (Counter Mode CBC-MAC Protocol) for robust encryption. CCMP is based on AES and provides integrity and confidentiality. WPA3 is newer but not as widely deployed.
What is the purpose of adding a salt to stored password hashes?
To compress the hash
To encrypt the hash key
To prevent use of rainbow tables
To speed up hashing
A salt is random data appended to passwords before hashing to ensure identical passwords produce different hashes. This thwarts precomputed rainbow table attacks and forces attackers to brute force each hash separately. Salting is an industry best practice.
What technique binds a public key certificate to a host to prevent man-in-the-middle attacks?
Certificate pinning
Public key logging
Key stretching
SSL stripping
Certificate pinning involves associating a host with its expected public key or certificate. Clients reject connections if the certificate doesn't match the pinned value, preventing MITM attacks with fraudulent certificates. It boosts TLS security in applications.
Which security measure is specifically designed to prevent Cross-Site Request Forgery (CSRF) attacks?
Session timeouts
Input validation
Anti-CSRF tokens
SQL parameterized queries
Anti-CSRF tokens are unique, unpredictable values tied to the user's session that the server checks on form submissions. They ensure that form requests originate from authenticated clients. Without a valid token, the request is rejected.
What method does a rainbow table attack use?
Brute forcing every possible combination
Buffer overflow to extract hashes
Social engineering to guess passwords
Precomputed hash values to reverse password hashes
Rainbow table attacks use large precomputed tables of hash values mapped to potential plaintext passwords. Attackers compare a stolen hash against the table to find a match quickly. Salting hashes renders rainbow tables ineffective.
What is homomorphic encryption?
Encryption allowing computations on ciphertext yielding encrypted results matching operations on plaintext
Encryption that automatically hashes data
Encryption used only for disk drives
Encryption requiring multiple keys for decryption
Homomorphic encryption allows mathematical operations on encrypted data without decryption. The result, once decrypted, matches the operations performed on the plaintext. This enables secure computation in untrusted environments.
Which technique allows applying critical OS patches without rebooting servers in real-time production environments?
Hot swapping CPUs
Recompilation on the fly
Live patching (e.g., Ksplice)
Cold boot authentication
Live patching systems like Ksplice or Kernel Live Patching inject updates directly into a running kernel without rebooting. This minimizes downtime for critical servers. It requires specialized tooling to ensure kernel integrity.
Which security model enforces access controls based on data confidentiality and a user's security clearance level, using 'no read up' and 'no write down' rules?
Brewer and Nash model
Clark-Wilson model
Biba model
Bell-LaPadula model
The Bell-LaPadula model focuses on data confidentiality and restricts subjects from reading higher-classified information ('no read up') and preventing writing to lower classification ('no write down'). It is widely used in government and military systems.
0
{"name":"What does the 'C' stand for in the CIA triad?", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"What does the 'C' stand for in the CIA triad?, Which of the following best describes phishing?, Which security device inspects incoming and outgoing network packets to enforce security policies?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

Study Outcomes

  1. Understand Common Cyber Threats -

    Recognize a variety of online attacks - including phishing, malware, and social engineering - by working through targeted cyber security quiz questions and answers.

  2. Analyze Phishing Red Flags -

    Break down realistic phishing quiz with answers scenarios to spot deceptive links, suspicious senders, and social engineering tactics.

  3. Apply Strong Password Practices -

    Implement proven techniques for creating and managing secure passwords that resist hacking attempts and brute-force attacks.

  4. Evaluate Personal Security Habits -

    Assess your current online behaviors against best practices and identify areas for improvement in everyday web security.

  5. Navigate Online Cyber Security Quizzes -

    Gain confidence in completing diverse cybersecurity quiz questions with clear strategies for approaching different question types.

  6. Interpret Quiz Feedback to Enhance Defenses -

    Use detailed cyber security quiz answers to pinpoint knowledge gaps and strengthen your overall safety IQ.

Cheat Sheet

  1. Spotting Phishing Clues -

    Cyber security quiz questions often test your ability to detect phishing by checking mismatched sender addresses, suspicious URLs, and urgent language. Remember the "S-L-O-T" mnemonic: Sender mismatch, Links that don't match, Odd requests, and Typos or grammatical errors. For example, a phishing quiz with answers might ask you to hover over a link to verify the real domain before clicking.

  2. Building Strong Passwords -

    Online cyber security quizes often include questions on calculating password strength using the entropy formula: Entropy = log2(N^L), where N is character set size and L is length. Use passphrases (e.g., "PurpleDinosaur7!Jazz") to combine length and complexity and aim for at least 60 bits of entropy. Consider mnemonic tricks like the Diceware method to pick random words that are easy to remember.

  3. Implementing Two-Factor Authentication -

    Two-factor authentication (2FA) adds a second layer by combining "something you know" (password) with "something you have" (a one-time code). Enabling 2FA is often the correct answer in many cybersecurity quiz questions about login security. Common methods include SMS codes, authenticator apps, or hardware tokens.

  4. Keeping Software Updated -

    Patching known vulnerabilities is critical: unpatched systems are prime targets for exploits like CVE-2017-0144 (WannaCry). In quizzes, you might be asked about patch management frameworks such as the NIST Cybersecurity Framework's "Detect" and "Respond" functions. Automate updates to ensure security fixes are applied promptly.

  5. Understanding Network Encryption -

    Secure protocols like HTTPS (TLS), WPA3 for Wi-Fi, and VPNs encrypt data in transit and prevent eavesdropping. Remember "Always look for HTTPS and the padlock icon" when browsing. Many cyber security quiz answers hinge on knowing how encryption protects confidentiality and integrity.

Make a Quiz (FREE) Copy & Edit This Quiz Create a Quiz with AI

Computers & IT Quizzes

Powered by: Quiz Maker