Play this advanced cybersecurity quiz online for free — 20 hard questions and answers on cyber threats and attack vectors.
1. What is 'DNS spoofing'?
💡 DNS spoofing corrupts DNS data, redirecting users' traffic away from legitimate destinations toward malicious websites.
2. What is a 'supply chain vulnerability'?
💡 A supply chain vulnerability is a weakness introduced through third-party vendors, software, or hardware an organization relies on.
3. What does 'buffer overflow' refer to in cybersecurity?
💡 A buffer overflow occurs when a program writes more data to a buffer than it can hold, which can potentially be exploited to execute malicious code.
4. What does 'insider threat' refer to in cybersecurity?
💡 An 'insider threat' refers to a security risk that originates from within an organization, such as a current or former employee.
5. What does 'data exfiltration' refer to?
💡 'Data exfiltration' refers to the unauthorized transfer of data out of a compromised system, often the goal of an attack.
6. What is 'watering hole attack'?
💡 A watering hole attack compromises a website that a target group frequently visits, infecting visitors' devices when they access it.
7. What does 'supply chain attack' refer to?
💡 A supply chain attack compromises a target indirectly, by exploiting weaker security in its vendors or other supply chain partners.
8. What is 'cross-site scripting' (XSS)?
💡 Cross-site scripting (XSS) injects malicious scripts into webpages that are then executed in other users' browsers.
9. What is a 'zero-day vulnerability'?
💡 A zero-day vulnerability is a previously unknown security flaw that attackers can exploit before developers have a chance to fix it.
10. What is a 'DDoS attack' (Distributed Denial of Service)?
💡 A DDoS attack floods a target system with overwhelming traffic from multiple sources, making it unavailable to legitimate users.
11. What is 'advanced persistent threat' (APT)?
💡 An advanced persistent threat (APT) is a prolonged, targeted cyberattack in which an intruder maintains undetected access over an extended period.
12. What is 'privilege escalation' in the context of an attack?
💡 Privilege escalation exploits a vulnerability to gain a level of system access beyond what was originally authorized.
13. What does 'lateral movement' refer to in a cyberattack?
💡 'Lateral movement' describes an attacker's efforts to move through a network after an initial breach, seeking access to additional systems.
14. What does 'credential stuffing' involve?
💡 Credential stuffing uses stolen username-password combinations to attempt unauthorized logins across many different websites at once.
15. What is 'SQL injection'?
💡 SQL injection inserts malicious SQL code into a database query, potentially exposing or manipulating sensitive data.
16. What does 'clickjacking' involve?
💡 Clickjacking tricks users into clicking on something different from what they perceive, often triggering unintended, potentially harmful actions.
17. What is a 'man-in-the-middle attack'?
💡 A man-in-the-middle attack occurs when a third party secretly intercepts, and potentially alters, communication between two unsuspecting parties.
18. What is 'command and control' (C2) infrastructure in cyberattacks?
💡 Command and control (C2) infrastructure consists of servers attackers use to communicate with and remotely control compromised systems.
19. What is a 'logic bomb'?
💡 A logic bomb is malicious code programmed to trigger a harmful action once specific conditions, like a date, are met.
20. What is 'session hijacking'?
💡 Session hijacking involves taking over a legitimate, active user session to gain unauthorized access to information or services.