🔐 Cyber Security
100 Internet Security Quiz Questions & Answers 2026
Passwords, phishing, VPN, HTTPS, social engineering and online safety best practices
Ready to test your knowledge?
Take the Quiz →
Password Security — 20 Questions
- What makes a strong password? (12+ characters, mix of uppercase/lowercase, numbers, symbols)
- What is a password manager? (Tool that generates and stores strong unique passwords)
- What is two-factor authentication (2FA)? (Requires second verification — code, biometric, or hardware key)
- What is the most common password? ("123456" — still used by millions)
- How often should you change passwords? (Only when compromised — unique strong passwords per site is more important)
- What is a passphrase? (Multiple random words — longer but memorable — "correct horse battery staple")
- What is biometric authentication? (Using fingerprint, face ID, or iris scan for verification)
- What is a hardware security key? (Physical device (YubiKey) for 2FA — most secure option)
- What is single sign-on (SSO)? (Login once to access multiple applications)
- What is credential stuffing? (Using stolen passwords from one breach to access other accounts)
- What is password reuse, and why is it risky? (Using the same password across multiple sites, risking all accounts if one is breached)
- What is "salting" a password before hashing? (Adding random data to prevent identical passwords from producing identical hashes)
- What is the minimum recommended password length by most security experts today? (At least 12 characters)
- What is an authenticator app used for? (Generating time-based one-time codes for two-factor authentication)
- What is a PIN code typically used for? (A short numeric password, often for devices or ATMs)
- What is the risk of using personal information (like a birthday) in a password? (It's easier for attackers to guess using available personal data)
- What is a "security question" used for, and what is its weakness? (Verifying identity, but answers can often be guessed or found online)
- What is account lockout used for after failed login attempts? (Preventing brute force attacks by temporarily blocking further attempts)
- What is the benefit of biometric login over traditional passwords? (Convenience and resistance to typical password-guessing attacks)
- What is a YubiKey? (A popular brand of hardware security key for physical 2FA)
- What should you do if you suspect a password has been compromised? (Change it immediately and check for unauthorized account activity)
- What website lets users check if their email has appeared in known data breaches? (Have I Been Pwned)
- What is the risk of writing passwords down on paper? (Physical theft or loss, though it can be safer than weak digital storage in some contexts)
- What is "passwordless authentication"? (Logging in using methods like biometrics or security keys instead of a traditional password)
Online Privacy & Safe Browsing — 25 Questions
- What is a browser cookie? (Small file storing user preferences and session data)
- What is private/incognito browsing? (Session not saved locally — but ISP and websites still see you)
- What is a VPN? (Encrypts traffic and hides IP address)
- What is the Tor browser? (Routes traffic through multiple nodes for anonymity)
- What does HTTPS padlock mean? (Connection is encrypted — data is secure in transit)
- What is a tracking pixel? (Invisible 1×1 image tracking email opens and web activity)
- What does GDPR stand for? (General Data Protection Regulation — EU privacy law)
- What is data minimization? (Collecting only the minimum data necessary)
- What is a privacy policy? (Legal document explaining how a company collects and uses data)
- What is a data breach? (Unauthorized access/exposure of sensitive data)
- What is doxxing? (Publishing private personal information online without consent)
- What is identity theft? (Using someone's personal information without permission for fraud)
- How do you spot a phishing email? (Check sender address, look for urgency/threats, hover over links, watch for typos)
- What is HTTPS vs HTTP? (HTTPS encrypts data; HTTP sends in plaintext — never enter passwords on HTTP)
- What is a man-in-the-middle attack on public WiFi? (Attacker intercepts traffic between you and the hotspot)
- What is browser fingerprinting? (Identifying and tracking a user based on unique device/browser characteristics)
- What is an ad blocker used for, related to privacy? (Blocking ads and often the trackers embedded within them)
- What is the "right to be forgotten" under GDPR? (A person's right to request deletion of their personal data)
- What is a public WiFi risk that a VPN helps mitigate? (Attackers intercepting unencrypted data on shared networks)
- What is geolocation tracking, and how can users limit it? (Apps tracking physical location; users can disable location permissions)
- What is a "cookie consent banner" required for under privacy laws? (Informing users and obtaining consent before tracking via cookies)
- What is end-to-end encrypted messaging, e.g. on WhatsApp or Signal? (Messages only readable by sender and recipient, not even the platform)
- What is metadata, and why does it matter for privacy? (Data about data, like when/where a photo was taken, which can reveal personal info)
- What is a "burner email" used for? (A temporary email address used to protect your main address from spam or tracking)
- What is the safest way to dispose of an old device with personal data? (Securely wiping or factory-resetting it before disposal or resale)
Social Media & Online Safety — 25 Questions
- What is oversharing on social media, and why is it risky? (Posting too much personal information, which can be exploited by bad actors)
- What is catfishing? (Creating a fake online identity to deceive someone, often for romantic or financial scams)
- What is the risk of posting your location in real time? (It can reveal your home is empty or allow stalking)
- What is cyberbullying? (Using digital platforms to harass, threaten, or humiliate someone)
- What is a "privacy setting" used for on social media? (Controlling who can see your posts, profile, and personal information)
- What is the risk of accepting friend requests from strangers? (Exposure to scams, phishing, or social engineering attempts)
- What is grooming, in the context of online child safety? (An adult building trust with a minor for the purpose of exploitation)
- What is sextortion? (Blackmail using sexual images or content, often obtained through deception)
- What should parents do to help keep children safe online? (Use parental controls, discuss online risks, and monitor activity appropriately)
- What is a "scam link" commonly disguised as on social media? (Fake giveaways, urgent alerts, or too-good-to-be-true offers)
- What is "romance scamming"? (Building a fake romantic relationship online to manipulate someone into sending money)
- What is the risk of using the same profile picture and username across all platforms? (It makes you easier to track and link across services)
- What is "geotagging" in photos, and why can it be risky? (Embedding location data in images, which can reveal your whereabouts)
- What should you do if you receive a suspicious message from a friend's hacked account? (Avoid clicking links and verify with the friend through another channel)
- What is a fake news or misinformation risk on social media? (Spreading false information that can mislead or manipulate public opinion)
- What is "report and block" used for on social platforms? (Flagging abusive content and preventing further contact from a user)
- What is the risk of public Wi-Fi for social media login sessions? (Potential interception of login credentials by attackers on the same network)
- What is "digital footprint"? (The trail of data a person leaves behind from online activity)
- What is the benefit of reviewing app permissions on your phone? (Preventing apps from accessing more data than necessary)
- What is "pretexting" in social engineering? (Creating a false scenario to trick someone into giving up information)
- What is the danger of clicking links in unsolicited direct messages? (They may lead to phishing sites or malware downloads)
- What should you verify before donating to an online charity campaign? (That the charity is legitimate and verified, to avoid scams)
- What is "vishing"? (Voice phishing — using phone calls to trick victims into revealing information)
- What is "smishing"? (SMS-based phishing attacks sent via text message)
- What is the safest way to verify a suspicious request for money from a "friend" online? (Contact them directly through a known, separate channel to confirm)
Device & Network Safety — 25 Questions
- What is the purpose of antivirus software? (Detecting and removing malicious software from a device)
- Why is it important to keep software and apps updated? (Updates often patch known security vulnerabilities)
- What is the risk of jailbreaking or rooting a device? (It can bypass built-in security protections, increasing vulnerability)
- What is a firewall's role on a personal device? (Blocking unauthorized incoming and outgoing network connections)
- What is the risk of downloading apps from unofficial app stores? (Higher chance of installing malware or fake apps)
- What is "auto-update" useful for in terms of security? (Ensuring devices receive the latest security patches without delay)
- What is the purpose of locking your phone with a PIN or biometric? (Preventing unauthorized physical access to your data)
- What is the risk of using public USB charging stations? ("Juice jacking" — malicious data transfer through compromised charging ports)
- What is a "guest network" on a home router used for? (Giving visitors internet access without exposing your main network devices)
- What is the importance of changing default router passwords? (Default credentials are publicly known and easily exploited)
- What is a smart home device's main security risk? (Weak default security potentially allowing unauthorized access to your home network)
- What is "patch Tuesday," referenced by some companies? (A regular scheduled day for releasing software security updates)
- What is the purpose of regularly backing up your data? (Protecting against data loss from device failure, theft, or ransomware)
- What is the "3-2-1 backup rule"? (3 copies of data, on 2 different media, with 1 copy stored offsite)
- What is the risk of leaving Bluetooth enabled in public? (Potential exposure to unauthorized device pairing or "bluejacking")
- What should you do before selling or recycling an old smartphone? (Perform a factory reset to erase all personal data)
- What is the danger of clicking "remember this device" on shared or public computers? (It can let others access your accounts without re-entering credentials)
- What is the purpose of network encryption like WPA3 on home Wi-Fi? (Securing wireless communication from eavesdropping)
- What is the risk of using outdated Wi-Fi encryption like WEP? (It is easily crackable by modern tools, exposing your network)
- What is "shoulder surfing"? (Someone watching over your shoulder to steal your password or PIN)
- What is the benefit of using a screen privacy filter in public spaces? (Preventing others from viewing your screen at an angle)
- What is the risk of leaving location services on for all apps? (Unnecessary tracking of your movements by apps that don't need it)
- What is "SIM swapping," a security risk for mobile accounts? (An attacker convincing a carrier to transfer your number to their SIM, bypassing 2FA)
- What is the safest way to dispose of sensitive printed documents? (Shredding them before disposal)
- What is the overall best practice for staying safe online, combining all these concepts? (Layered defenses: strong unique passwords, 2FA, updated software, caution with links, and regular backups)
- What is the term for staying informed about new and evolving online threats? (Security awareness, or "cyber hygiene")
❓ Frequently Asked Questions
What are the most important internet security practices?
Use strong unique passwords + password manager, enable two-factor authentication, keep software updated, use HTTPS websites only, be suspicious of emails/links, use a VPN on public WiFi, and back up data regularly.
What is the biggest internet security threat in 2026?
Phishing remains the #1 threat — it accounts for over 80% of successful cyberattacks. AI-powered phishing (using deepfakes and personalized messages) is making attacks more convincing than ever.
🎯 Practice Quizzes — Cyber Security
Ready to test what you learned? Pick a quiz below and challenge yourself:
Easy
🔥 4
Types of Cyber Threats
🚀 Play Now →
Easy
🔥 2
Password and Account Security
🚀 Play Now →
Easy
🔥 2
Cybersecurity Fundamentals
🚀 Play Now →
Medium
🔥 2
Network Security
🚀 Play Now →
Hard
🔥 1
Penetration Testing and Ethical Hacking
🚀 Play Now →
Hard
🔥 0
Advanced Network Attacks and Defence
🚀 Play Now →
Medium
🔥 1
Malware and Attack Types
🚀 Play Now →
Hard
🔥 0
Cyber Threats and Attack Vectors
🚀 Play Now →
Medium
🔥 0
Social Engineering and Phishing Tactics
🚀 Play Now →
Hard
🔥 0
Advanced Cryptography and Encryption
🚀 Play Now →
Ready to Test Your Cyber Security Knowledge?
Take our Cyber Security quiz and see how you rank against players worldwide!