1. What is 'phishing' in cybersecurity?
- A fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity — typically via email
- Installing keylogging software on a target's computer
- Intercepting WiFi signals at a public location
- Searching through network traffic for passwords
2. What is a 'zero-day vulnerability'?
- A security flaw that takes zero days to exploit
- A software vulnerability that is unknown to the vendor and has no available patch — attackers can exploit it from day zero
- A type of vulnerability that zeroes out (deletes) all data
- A vulnerability only discovered on the first day a product is released
3. The 2017 WannaCry ransomware attack affected 200,000+ computers in 150 countries. What exploited vulnerability did it use?
- A Google Chrome browser zero-day
- A Linux kernel vulnerability
- An Apple iOS flaw
- EternalBlue — an NSA-developed Windows exploit leaked by Shadow Brokers
4. What is 'two-factor authentication' (2FA) and why is it important?
- A security method requiring two forms of verification — something you know (password) plus something you have (phone code) or are (biometric)
- Having two separate email accounts for security purposes
- Logging in from two different devices simultaneously
- Using two different passwords for the same account
5. What does 'HTTPS' protect compared to 'HTTP'?
- HTTPS blocks malware; HTTP allows it
- HTTPS encrypts data in transit using TLS, preventing eavesdropping and tampering; HTTP sends data in plain text
- HTTPS is faster than HTTP
- HTTPS only works on mobile devices
6. What is 'social engineering' in cybersecurity?
- A branch of computer science studying social networks
- Building social networks for technical teams
- Engineering social media platforms for maximum engagement
- Manipulating people psychologically to reveal confidential information or take actions that compromise security — exploiting human behaviour rather than technical vulnerabilities
7. What is a 'DDoS attack'?
- A targeted intrusion into a specific user's account
- A virus that deletes data from a server
- Decrypting and stealing encrypted data from a server
- Distributed Denial of Service — flooding a target server with so much traffic from many sources that it becomes overwhelmed and unavailable
8. What is end-to-end encryption (E2EE), used by apps like Signal and WhatsApp?
- A system where messages are encrypted by the sender's device only
- Encryption that prevents emails from being forwarded
- Encryption that protects data only at the server
- Encryption where only the communicating parties can read messages — not the service provider, not anyone intercepting the data
9. What is a 'VPN' and what does it protect?
- A system for blocking advertisements online
- A Verified Personal Network — an internet connection certified as secure by the government
- A Very Private Network — a firewall for home computers
- A Virtual Private Network — encrypts internet traffic and routes it through a server, masking your IP address and protecting data on public networks
10. The 2013 NSA PRISM surveillance programme was revealed by which whistleblower?
- Chelsea Manning
- Edward Snowden
- Julian Assange
- Reality Winner
11. What is 'ransomware' and how do most attacks demand payment?
- A type of virus that randomly deletes files
- Malware that encrypts a victim's files, then demands payment (usually cryptocurrency) to provide the decryption key
- Software that locks the screen until a subscription is paid
- Software that makes a computer run slowly until it's repaired
12. What is 'SQL injection' — one of the most common web application vulnerabilities?
- A method of compressing SQL databases for storage
- A technique for speeding up database queries
- Injecting physical substances into SQL server hardware
- Inserting malicious SQL code into an input field to manipulate a database — potentially exposing, modifying, or deleting data
13. What is a 'botnet' in cybersecurity?
- A company's internal network of chatbots
- A network of compromised computers ('bots') controlled by attackers, used for DDoS attacks, spam, cryptocurrency mining, and more
- A network of robots used in manufacturing
- Software robots that automatically test websites for security flaws
14. What does 'GDPR' stand for and what did it establish?
- General Data Protection Regulation — an EU law giving citizens rights over their personal data
- General Digital Platform Rules — an EU competition law
- Global Digital Privacy Rights — an international treaty
- Government Data Privacy Regulation — a US federal law
15. What is the 'dark web' and how is it typically accessed?
- A network of websites accessible only through the Tor browser, not indexed by search engines, offering anonymity
- Illegal content hosted on regular websites
- The internet at night when fewer users are active
- Websites with a dark colour scheme
16. What is 'multi-factor authentication' and why is SMS-based 2FA considered relatively weak?
- SMS 2FA is actually the most secure form
- SMS 2FA is weak because it requires a data connection
- SMS codes can be intercepted via SIM-swapping attacks (convincing carriers to transfer a phone number) or SS7 network vulnerabilities
- SMS codes expire too quickly to be practically useful
17. The Solar Winds hack (2020) is considered one of the most sophisticated cyber attacks ever. What did it target?
- A widely-used IT management software that, once compromised, gave attackers backdoor access to thousands of government and corporate networks
- NASA's solar observation satellites
- Solar panel companies' systems
- Stock market trading systems for renewable energy companies
18. What is 'ethical hacking' (penetration testing)?
- A career path where hackers are reformed and employed by cybersecurity firms
- Authorised security testing of systems to identify vulnerabilities before malicious hackers do — also called 'pen testing'
- Hacking only for educational purposes, never for financial gain
- Hacking only government systems under FOIA requests
19. What is 'cryptography' at its most basic level?
- A cryptocurrency mining technique
- The mathematics of computer processing speeds
- The science of secure communication — transforming readable data (plaintext) into an unreadable format (ciphertext) that only authorised parties can decode
- The study of ancient encrypted texts
20. What is the 'principle of least privilege' in cybersecurity?
- Only privileged users should use computers
- Passwords should be as short and simple as possible for usability
- The least experienced team members should handle security tasks to build their skills
- Users and systems should be granted only the minimum access rights needed to perform their specific tasks — nothing more