Cyber Security Quiz With Certificate Free

Cyber Security Quiz With Certificate Free

8 – 63 Questions 9 min
Covering NIST Cybersecurity Framework controls for everyday employee actions—phishing verification, credential hygiene, secure data handling, and timely patching—this quiz reinforces mandatory workplace training meant to prevent breaches and ransomware outages. Non-compliance can trigger reportable incidents, regulatory penalties, and contractual findings. Use it to confirm you can follow policy, escalate suspicious activity, and support audit-ready security practices.
Start
Choose quiz length
1Which practice best prevents one breached website from exposing your other work accounts?
2Delaying security updates leaves known vulnerabilities unpatched for attackers to exploit.

True / False

3You receive an email that appears to be from the CEO asking you to pay a new vendor within the hour and keep it confidential. The address is slightly different than usual. What should you do?
4Saving work files to a personal cloud drive is risky mainly because it:
5A pop-up on an unfamiliar website says your video player is out of date and offers a download. What should you do?
6Select all that apply. Which actions reduce the risk created by password reuse?

Select all that apply

7If an email is well written and uses a familiar display name, it cannot be phishing.

True / False

8Arrange the steps in the best order after you realize your work phone is missing.

Put in order

1Request a remote lock or wipe
2Document what happened (time, location, last seen)
3Monitor accounts for unusual activity
4Change passwords/tokens linked to the device if instructed
5Report the loss to IT/security immediately
9At a client site you see a network labeled “Guest_Free_WiFi.” You need to send a presentation containing internal data. What is the safest action?
10Arrange the best sequence for handling an unexpected request to urgently change a vendor’s bank details.

Put in order

1Report the suspicious message if verification fails
2Pause and do not act on urgency
3Check the email address/domain carefully
4Verify the request via a known phone number or official chat
5Follow the finance approval workflow
11You need to work from home and access a document containing internal data. What is the most compliant approach?
12Select all that apply. You need to work from a hotel Wi‑Fi. Which actions reduce risk?

Select all that apply

13A vendor releases a firmware update for a work device to fix a known vulnerability. What should you do?
14Arrange the best actions in the first hour after you suspect ransomware has started encrypting files on your computer.

Put in order

1Follow IT instructions for containment and evidence preservation
2Record what you observe (time, messages, impacted files)
3Notify IT/security immediately using the incident channel
4Disconnect the device from networks (Wi‑Fi/Ethernet)
5Begin restoration only after IT confirms it is safe
15You are on public Wi‑Fi and need to send sensitive work data, but your VPN will not connect. What should you do?
16You suspect an email is trying to steal credentials. What is the best next step?
17Select all that apply. Which events should you report promptly to IT/security?

Select all that apply

18Reusing the same complex password across multiple accounts is acceptable as long as it is long and random.

True / False

Disclaimer

This quiz is for educational purposes only. It does not replace official safety training, certification, or regulatory compliance programs.

Frequent NIST CSF Gaps Employees Miss in Day-to-Day Security

Credential and access control errors

Most real-world account takeovers start with small identity mistakes that weaken the Protect function of the NIST CSF.

  • Password reuse across systems: One breach becomes many. Use unique credentials and your organization-approved password manager.
  • MFA fatigue approvals: Approving “push” prompts you didn’t initiate can hand attackers the session. Deny unexpected prompts and report them immediately.
  • Over-permissioned access: Keeping admin rights “just in case” expands blast radius. Request least-privilege access and time-bound elevation when needed.

Phishing and social engineering blind spots

  • Trusting display names: Attackers spoof names and threads. Validate the actual sender address and the business context.
  • Switching channels too late: If money, credentials, or sensitive data is involved, verify via a known channel (call a saved number, open a ticket) before acting.
  • Misusing “Report Phish”: Forwarding suspicious messages to coworkers spreads risk. Use the official reporting path so security tools can quarantine and investigate.

Data handling and device hygiene mistakes

  • Personal cloud/USB convenience: Moving files off managed storage breaks monitoring, encryption, retention, and incident response. Keep work data in approved repositories only.
  • Deferring updates: Patch delays leave known vulnerabilities exposed. Follow change-control, but prioritize security updates within required timelines.
  • Ignoring early indicators: Unusual login prompts, new inbox rules, and “sent mail you didn’t send” are Detect signals—treat them as incidents, not annoyances.

Workplace Cyber Scenarios Mapped to NIST CSF Decisions

Use these short drills to practice the same judgment calls the quiz targets across Protect, Detect, Respond, and Recover activities.

1) Executive wire request with urgency and secrecy

You receive an email “from the CEO” asking for a same-hour vendor payment and requesting confidentiality.

  • Best action: Pause the transaction, verify via a trusted channel, and follow the finance approval workflow.
  • Why it matters: Business email compromise succeeds when employees bypass controls under pressure.

2) Cloud document share from a “vendor” you don’t recognize

A file-sharing link claims you must “review the updated contract” and sign in to view it.

  • Best action: Validate the sender independently, then access vendor files only through approved portals and accounts.
  • Why it matters: Credential harvesting often hides behind legitimate-looking cloud services.

3) Unexpected MFA prompts while you’re not logging in

Your phone receives repeated authentication prompts for a system you aren’t using.

  • Best action: Deny prompts, change your password from a known-good device, and notify IT/security.
  • Why it matters: This is an early Detect signal of credential stuffing or session takeover attempts.

4) “Update required” pop-up during routine browsing

A browser pop-up says your device is “infected” and demands an immediate plug-in update.

  • Best action: Close the page, don’t install, and request software only through approved channels (self-service portal or IT).
  • Why it matters: Fake updates are a common malware delivery method.

5) Working from guest Wi‑Fi with internal files

You’re at a client site and need to send a spreadsheet containing internal data.

  • Best action: Use the official guest network, connect through your company VPN, and avoid transmitting sensitive data if secure access isn’t available.
  • Why it matters: Network exposure increases interception and credential risk.

6) Ransom note appears on a shared drive

Files suddenly become unreadable and a ransom note appears.

  • Best action: Disconnect from the network if instructed by policy, alert the incident response channel immediately, and do not attempt “quick fixes” that destroy evidence.
  • Why it matters: Fast, coordinated Respond actions reduce spread and improve recovery outcomes.

Five Actions That Most Reduce Breach and Ransomware Risk

  1. Verify high-risk requests out-of-band: Any request for payments, credentials, or sensitive files should trigger a second-channel confirmation before you proceed.
  2. Treat unexpected MFA prompts as an incident signal: Deny, then immediately escalate—those prompts often indicate stolen credentials being tested.
  3. Keep data in managed locations: Approved storage enables encryption, access logging, retention, and rapid containment during investigations.
  4. Patch with urgency and discipline: Apply security updates within your organization’s change-control rules, but don’t let convenience override remediation timelines.
  5. Report early, not after you’re “sure”: Security teams can correlate your single suspicious event with other telemetry to stop a campaign in progress.

Cybersecurity Terms Used in NIST-Aligned Workplace Training

Multi-factor authentication (MFA)
Authentication that requires two or more different factor types (for example, password + authenticator app). Example: “I entered my password and then approved a one-time code.”
Phishing
A deceptive message that tricks a user into revealing credentials, sending money, or running malware. Example: “The email asked me to re-login to view an ‘invoice.’”
Business Email Compromise (BEC)
A social-engineering attack that impersonates executives or vendors to redirect payments or obtain sensitive information. Example: “Accounts payable received ‘updated banking details’ from a spoofed vendor.”
Least privilege
Granting only the minimum access needed to perform a task, for the minimum time needed. Example: “I requested temporary admin rights for a single installation.”
Patch (security update)
A vendor-provided fix that closes known vulnerabilities in software or firmware. Example: “I installed the critical update before reconnecting to production systems.”
Ransomware
Malware that encrypts or disrupts systems and demands payment, often paired with data theft. Example: “Shared files became unreadable and a ransom note appeared.”
Incident reporting
Using your organization’s defined process to escalate suspected compromise for triage and response. Example: “I reported a suspicious inbox rule through the security hotline/ticket queue.”

Authoritative NIST and CISA References for Continued Study

Cybersecurity Quiz + Certificate FAQs (NIST CSF-Aligned)

Which parts of the NIST Cybersecurity Framework does this quiz emphasize for everyday employees?

It focuses on behaviors that map cleanly to Protect (safe authentication, secure data handling, patch hygiene), Detect (spotting anomalies like unexpected MFA prompts or suspicious inbox rules), and Respond (using the correct internal reporting and containment steps). You’re practicing decisions that reduce breach likelihood, not just memorizing definitions.

What’s the most reliable way to handle “urgent” requests for money, credentials, or sensitive files?

Treat urgency as a risk signal. Verify the request using a separate, trusted channel (for example, calling a number from your directory rather than replying to the message) and follow the documented approval workflow. This prevents business email compromise where attackers rely on speed and secrecy to bypass controls.

If I accidentally clicked a suspicious link, what actions are usually expected immediately?

Stop interacting with the message, avoid entering credentials, and report it via your organization’s security reporting method. If you entered a password, change it right away from a known-good device and notify IT/security so they can check for session tokens, mailbox rules, or other persistence. The quiz scenarios reinforce early escalation over “waiting to see.”

Why do policies ban saving work files to personal email, personal cloud drives, or unmanaged USB devices?

Unmanaged storage typically bypasses corporate encryption, access logging, retention, backup, and legal hold controls. It also creates blind spots during incident response because investigators can’t reliably identify what data left the environment. If you want deeper practice on handling sensitive information, review the Data Protection Quiz.

How does the quiz treat passwords versus MFA—what’s considered “good enough” today?

Strong, unique passwords remain essential, but they’re not sufficient alone against phishing and credential stuffing. The expected baseline is unique credentials per system, use of an approved password manager when permitted, and MFA wherever available—plus refusing unexpected MFA prompts. The safest habit is to assume credentials can be exposed and rely on layered controls.

What does “reporting suspicious activity” mean in practice (beyond telling a coworker)?

It means using the official channel that creates a trackable record (security tool button, ticket queue, hotline, or SOC mailbox—whatever your organization defines). That enables quarantine, indicator correlation, and documentation for audits or regulatory response. For more targeted drills on email-based threats, see the Email Security And Compliance quiz.

Is a free certificate from this quiz a substitute for my employer’s required security training?

No. A quiz certificate typically documents that you completed an assessment, but it does not replace your organization’s mandatory training, policy attestations, or role-based requirements. Use the certificate as reinforcement evidence for personal development or manager review, while following your employer’s official training and compliance process.

Related Quizzes

Basic Networking & Cybersecurity Quiz Basic Networking & Cybersecurity Quiz Email Security And Compliance Email Security And Compliance Employee Cybersecurity Knowledge Test Employee Cybersecurity Knowledge Test Airport Security Awareness Quiz Airport Security Awareness Quiz