🔐 Cyber Security
100 Cyber Security Quiz Questions & Answers 2026
Malware types, hacking techniques, encryption, firewalls and cybersecurity basics
Ready to test your knowledge?
Take the Quiz →
Cyber Threats & Attacks — 25 Questions
- What is malware? (Software designed to harm, exploit, or disable computer systems)
- What is a virus? (Malicious code that attaches to legitimate programs and spreads)
- What is ransomware? (Malware that encrypts files and demands payment for decryption)
- What is phishing? (Fraudulent attempt to obtain sensitive info by pretending to be trustworthy)
- What is spear phishing? (Targeted phishing aimed at specific individuals or organizations)
- What is a DDoS attack? (Distributed Denial of Service — overwhelming a system with traffic)
- What is a Man-in-the-Middle attack? (Attacker intercepts communication between two parties)
- What is SQL injection? (Inserting malicious SQL code into a query to manipulate databases)
- What is cross-site scripting (XSS)? (Injecting malicious scripts into trusted web pages)
- What is a zero-day vulnerability? (Unknown vulnerability with no patch — attacker exploits it before fix)
- What is a botnet? (Network of compromised computers controlled by an attacker)
- What is social engineering? (Manipulating people to reveal confidential information)
- What is a Trojan horse? (Malware disguised as legitimate software)
- What is a rootkit? (Software hiding malicious activity — provides persistent privileged access)
- What is a keylogger? (Malware recording keystrokes to capture passwords)
- What is a brute force attack? (Trying all possible combinations to crack a password)
- What is a dictionary attack? (Using common words/phrases to crack passwords)
- What is credential stuffing? (Using leaked usernames/passwords from one breach on other sites)
- What is an APT? (Advanced Persistent Threat — long-term targeted attack by skilled adversaries)
- What is a watering hole attack? (Infecting websites frequented by targets)
- What is a logic bomb? (Malicious code triggered by a specific condition or date)
- What is spyware? (Software that secretly monitors and collects user information)
- What is adware? (Software that automatically displays or downloads unwanted advertisements)
- What is a worm in cybersecurity? (Self-replicating malware that spreads without needing a host program)
- What is whaling, as a type of phishing? (A phishing attack targeting high-profile individuals like executives)
Security Concepts & Cryptography — 25 Questions
- What is encryption? (Converting readable data into unreadable ciphertext)
- What is decryption? (Converting ciphertext back to readable plaintext)
- What is a cipher? (Algorithm for performing encryption/decryption)
- What is symmetric encryption? (Same key for encryption and decryption — AES, DES)
- What is asymmetric encryption? (Public/private key pair — RSA, ECDSA)
- What is a hash function? (One-way function producing fixed-size output from any input)
- What is SHA-256? (Secure Hash Algorithm — widely used cryptographic hash)
- What is TLS? (Transport Layer Security — encrypts internet communications)
- What is a digital certificate? (Electronic document proving ownership of a public key)
- What is a PKI? (Public Key Infrastructure — framework for managing digital certificates)
- What is 2FA/MFA? (Two/Multi-Factor Authentication — requires two forms of verification)
- What is HTTPS? (HTTP + TLS — secure web communication)
- What is a VPN? (Virtual Private Network — encrypts internet traffic and masks IP)
- What is a firewall? (Network security device monitoring/filtering traffic)
- What is the CIA triad? (Confidentiality, Integrity, Availability — core security principles)
- What is a security audit? (Systematic evaluation of security policies and controls)
- What is penetration testing? (Authorized simulated attack to find vulnerabilities)
- What is SIEM? (Security Information and Event Management — centralized monitoring)
- What is least privilege? (Users have minimum permissions needed — reduces attack surface)
- What is defense in depth? (Multiple security layers — if one fails, others protect)
- What is end-to-end encryption? (Encryption where only the sender and recipient can read the message)
- What is a salt in password hashing? (Random data added to a password before hashing to prevent attacks)
- What is a digital signature used for? (Verifying the authenticity and integrity of a message or document)
- What is a sandbox in cybersecurity? (An isolated environment for safely testing or running suspicious code)
- What is zero trust architecture? (A security model that never automatically trusts any user or device, verifying continuously)
Cybersecurity Defenses & Best Practices — 25 Questions
- What is a strong password generally characterized by? (Length, complexity, and uniqueness across accounts)
- What is a password manager used for? (Securely storing and generating unique passwords for different accounts)
- What is patch management? (Regularly updating software to fix known vulnerabilities)
- What is data backup used for in security? (Protecting against data loss from attacks like ransomware)
- What is network segmentation? (Dividing a network into smaller parts to limit the spread of attacks)
- What is an intrusion detection system (IDS)? (A system that monitors network traffic for suspicious activity)
- What is an intrusion prevention system (IPS)? (A system that actively blocks detected threats, beyond just alerting)
- What is endpoint security? (Protecting individual devices like laptops and phones from threats)
- What is a security awareness training program for? (Educating employees to recognize and avoid security threats)
- What is incident response? (The process of handling and mitigating a security breach after it occurs)
- What is a disaster recovery plan? (A documented strategy for restoring systems after a major disruption)
- What is data loss prevention (DLP)? (Tools and policies preventing sensitive data from leaving an organization)
- What is multi-factor authentication's main benefit? (Adding extra verification steps beyond just a password)
- What is the principle of "need to know" in security? (Limiting information access to only those who require it for their role)
- What is a honeypot in cybersecurity? (A decoy system designed to attract and detect attackers)
- What is a security baseline? (A minimum set of security configurations required for systems)
- What is application whitelisting? (Allowing only approved software to run on a system)
- What is the purpose of regular vulnerability scanning? (Proactively identifying weaknesses before attackers exploit them)
- What is a secure software development lifecycle (SDLC)? (Integrating security practices throughout the software development process)
- What is data encryption at rest? (Encrypting stored data, as opposed to data in transit)
- What is the purpose of a security operations center (SOC)? (Continuously monitoring and responding to security incidents)
- What is biometric authentication? (Using physical traits like fingerprints or facial recognition to verify identity)
- What is the importance of regular employee offboarding in security? (Revoking access promptly when employees leave to prevent unauthorized access)
- What is air-gapping a system? (Physically isolating a computer from unsecured networks for security)
- What is the purpose of compliance standards like GDPR or HIPAA in cybersecurity? (Setting legal requirements for protecting personal and sensitive data)
Cybersecurity History & Careers — 25 Questions
- What was the first computer virus, created as a proof of concept? (Creeper, in 1971)
- What was the Morris Worm, released in 1988? (One of the first worms to spread widely across the early internet)
- What was notable about the WannaCry ransomware attack of 2017? (It spread globally, exploiting a Windows vulnerability and affecting hospitals and businesses)
- What was the Stuxnet worm, discovered in 2010? (A sophisticated cyberweapon believed to target Iranian nuclear facilities)
- What organization is responsible for assigning CVE identifiers? (MITRE Corporation)
- What is a "white hat" hacker's role generally? (Using hacking skills ethically and legally to improve security)
- What is a Chief Information Security Officer (CISO) responsible for? (Overseeing an organization's overall information security strategy)
- What certification is considered a gold standard for practical penetration testing skills? (OSCP — Offensive Security Certified Professional)
- What does CompTIA Security+ certify? (Foundational cybersecurity knowledge and skills)
- What does CISSP stand for? (Certified Information Systems Security Professional)
- What organization maintains the OWASP Top 10 list of web vulnerabilities? (The Open Worldwide Application Security Project)
- What government agency in the US focuses on cybersecurity and infrastructure protection? (CISA — Cybersecurity and Infrastructure Security Agency)
- What was notable about the Equifax data breach of 2017? (It exposed personal data of roughly 147 million people)
- What is a "bug bounty" program? (A program rewarding individuals for responsibly disclosing security vulnerabilities)
- What is the role of a security analyst in an organization? (Monitoring systems and investigating potential security incidents)
- What was the SolarWinds hack of 2020 notable for? (A sophisticated supply-chain attack affecting numerous government and corporate networks)
- What is "Capture the Flag" (CTF) in the cybersecurity community? (A competition where participants solve security challenges to find hidden "flags")
- What major event in 2013 revealed widespread government surveillance practices? (Disclosures by Edward Snowden)
- What is a "red team" in cybersecurity testing? (A group simulating attacks to test an organization's defenses)
- What is a "blue team" in cybersecurity? (The defensive team responsible for protecting against simulated or real attacks)
- What career path focuses specifically on analyzing malware? (Malware analyst or reverse engineer)
- What is digital forensics in cybersecurity careers? (Investigating and analyzing digital evidence after a security incident)
- What is a Security Operations Center (SOC) analyst's typical responsibility? (Monitoring alerts and responding to potential threats in real time)
- What is the purpose of cybersecurity insurance for organizations? (Providing financial protection against losses from cyber incidents)
- What notable ransomware attack affected the Colonial Pipeline in 2021? (An attack that disrupted fuel supply across parts of the US)
❓ Frequently Asked Questions
What cybersecurity topics are most important to know?
Phishing (most common attack), ransomware, social engineering, password security, two-factor authentication, encryption basics, and common vulnerabilities (SQL injection, XSS).
What is the difference between cybersecurity and information security?
Cybersecurity focuses specifically on digital threats and protection of computer systems. Information security (InfoSec) is broader — protecting all forms of information including physical documents.
🎯 Practice Quizzes — Cyber Security
Ready to test what you learned? Pick a quiz below and challenge yourself:
Easy
🔥 4
Types of Cyber Threats
🚀 Play Now →
Easy
🔥 2
Password and Account Security
🚀 Play Now →
Easy
🔥 2
Cybersecurity Fundamentals
🚀 Play Now →
Medium
🔥 2
Network Security
🚀 Play Now →
Hard
🔥 1
Penetration Testing and Ethical Hacking
🚀 Play Now →
Medium
🔥 0
Network Security Fundamentals
🚀 Play Now →
Hard
🔥 0
Cyber Threats and Attack Vectors
🚀 Play Now →
Medium
🔥 1
Security Frameworks and Compliance
🚀 Play Now →
Medium
🔥 0
Social Engineering and Phishing Tactics
🚀 Play Now →
Easy
🔥 1
Internet Safety Basics
🚀 Play Now →
Ready to Test Your Cyber Security Knowledge?
Take our Cyber Security quiz and see how you rank against players worldwide!