Test your cybersecurity awareness with 18 real-world scenario questions across six domains. Takes approximately 5 minutes.
0 / 18 questions
0%
Question 1 of 18
Phishing Recognition
Your CEO posts on LinkedIn about a new project. Shortly after, you get an email referencing that project asking you to download a brief. What do you do?
Attackers use publicly available information (OSINT) to craft highly convincing spear-phishing emails.
Question 2 of 18
Phishing Recognition
You receive a calendar invite from an external contact with a meeting link you don't recognise. What is your first step?
Malicious calendar invites can contain phishing links disguised as meeting URLs.
Question 3 of 18
Phishing Recognition
You receive a text message saying your package delivery failed and asking you to click a link to reschedule. What do you do?
SMS phishing (smishing) uses delivery notifications to trick people into visiting malicious websites.
Question 4 of 18
Password Hygiene
You need to share a streaming service login with a family member. How do you handle it?
Sharing passwords directly increases exposure. Use built-in sharing features or a password manager's sharing vault.
Question 5 of 18
Password Hygiene
Do you use multi-factor authentication (MFA) on your personal accounts?
MFA adds a critical second layer of security. Even if your password is stolen, MFA can prevent unauthorised access.
Question 6 of 18
Password Hygiene
Your company enforces a 90-day password rotation. How do you handle creating new passwords?
Predictable password patterns (Password1, Password2…) defeat the purpose of rotation policies.
Question 7 of 18
Social Engineering
A delivery person asks you to hold the secure door open because their hands are full. What do you do?
Tailgating using props like packages is a classic social engineering technique to bypass physical access controls.
Question 8 of 18
Social Engineering
A senior executive emails you urgently requesting a wire transfer to a new vendor. What do you do?
Business Email Compromise (BEC) costs organisations billions annually. Always verify financial requests through a second channel.
Question 9 of 18
Social Engineering
Someone calls you claiming to be from IT support and asks for your login credentials to fix a problem. What do you do?
Legitimate IT departments will never ask for your password over the phone. This is a classic social engineering tactic.
Question 10 of 18
Safe Browsing
You want to download free software and find it on a third-party download site. What do you do?
Third-party download sites often bundle malware or adware with legitimate software.
Question 11 of 18
Safe Browsing
You need to use public Wi-Fi at a coffee shop to check your work email. What precautions do you take?
Public Wi-Fi networks are easy to intercept. Using a VPN encrypts your traffic and prevents eavesdropping.
Question 12 of 18
Safe Browsing
A website asks for permission to show notifications. What do you do?
Browser notification permissions are abused to deliver spam, scareware, and phishing lures.
Question 13 of 18
Data Handling
A client asks you to send their contract via personal WhatsApp. What do you do?
Sending sensitive documents through unapproved personal messaging apps bypasses corporate data controls.
Question 14 of 18
Data Handling
How do you share sensitive documents with colleagues?
Email attachments can be intercepted. Encrypted file sharing and access-controlled platforms are safer alternatives.
Question 15 of 18
Data Handling
You discover a shared drive folder containing files you shouldn't have access to. What do you do?
Accidental access to restricted data is a permissions issue that should be reported, not exploited.
Question 16 of 18
Physical Security
Someone you don't recognise follows you through a secure door. What do you do?
Tailgating is one of the simplest ways to bypass physical security. Politely challenging unknown individuals protects everyone.
Question 17 of 18
Physical Security
At the end of the workday, what do you do with sensitive printed documents on your desk?
A clean desk policy prevents unauthorised viewing of sensitive information left in plain sight.
Question 18 of 18
Physical Security
You notice a colleague's password written on a sticky note on their monitor. What do you do?
Visible passwords are one of the easiest ways for an attacker or insider to gain unauthorised access.
Your Cyber Score
0/100
Create a free account to see your full domain breakdown, personalised roadmap, and learning recommendations.