CISO Life • Analyst Training

Top 50 Cybersecurity Threats – Analyst Test

Answer all 50 questions. When you submit, your score and per-question feedback will appear below. This test is designed for junior analysts to validate baseline threat knowledge.

Analyst Information

Optional but recommended

Name

Test Questions (50)

Select one answer per question

1. Account Takeover

What makes account takeover so difficult to detect?

A. Attackers always change device IDs B. Authentication appears identical to legitimate user behavior C. It only impacts mobile devices D. It requires advanced malware

2. Advanced Persistent Threat (APT)

What defines an APT?

A. Short, loud attacks B. Long-term, stealthy access supported by intelligence gathering C. Only uses ransomware D. Only targets personal devices

3. AWS Attacks

According to AWS’s shared responsibility model, who secures data inside an S3 bucket?

A. AWS B. The customer C. The ISP D. The data owner’s bank

4. Application Access Token Abuse

Why are stolen OAuth tokens dangerous?

A. They expire every 5 minutes B. They allow API access without MFA C. They cannot be used outside the network D. They only grant read-only permissions

5. Bill Fraud

Why do victims often fall for fraudulent bills?

A. They look unprofessional B. The amounts are small and resemble legitimate services C. They require face-to-face approval D. They include malware

6. Brute Force Attack

What is a dictionary attack?

A. Guessing IP addresses using random numbers B. Trying every word in a wordlist or password dump C. Capturing SMS codes D. Using AI to guess biometrics

7. Business Email Compromise (BEC)

How has BEC evolved in recent years?

A. Using QR codes B. Leveraging video meeting invites to impersonate executives C. Requiring ransomware deployment D. Only using spoofed domains

8. Cloud Cryptomining

What is a common sign of cryptomining in cloud environments?

A. Decrease in CPU usage B. Unexpected increases in compute instances C. DNS failures D. Frequent password resets

9. Command and Control (C2)

What does a C2 server enable attackers to do?

A. Perform SaaS updates B. Remotely control compromised hosts C. Block internet access D. Automatically patch vulnerabilities

10. Compromised Credentials

Why do credential harvesting attacks succeed so often?

A. Most users rotate passwords daily B. Password reuse and lack of MFA C. Companies block phishing emails 100% of the time D. Hackers guess passwords manually

11. Credential Dumping

Tools like Mimikatz allow attackers to:

A. Automatically encrypt directories B. Extract passwords, hashes and Kerberos tickets C. Format hard drives D. Disable antivirus

12. Credential Reuse Attack

What is the core concept behind a credential reuse attack?

A. Using malware to generate tokens B. Trying stolen usernames/passwords across multiple sites C. Spoofing certificates D. Capturing API logs

13. Cross-Site Scripting (XSS)

What can XSS attacks steal?

A. Firewall rules B. Browser cookies and session tokens C. SQL server passwords only D. Hardware serial numbers

14. Cryptojacking Attack

Cryptojacking malware typically:

A. Deletes system files B. Uses victim CPU resources to mine cryptocurrency C. Installs SQL databases D. Runs only on MacOS

15. DNS Amplification

Why is DNS amplification effective?

A. DNS traffic is encrypted B. Small requests trigger large responses C. It only targets mobile devices D. It uses phishing vectors

16. DNS Hijacking

DNS hijacking allows attackers to:

A. Patch the DNS server B. Redirect users to malicious destinations C. Disable TLS certificates D. Spoof hardware IDs

17. DNS Tunneling

DNS tunneling is dangerous because:

A. DNS traffic is rarely monitored B. It requires admin rights C. It only affects on-prem servers D. It cannot bypass firewalls

18. DoS / DDoS Attack

DDoS attacks are difficult to mitigate because:

A. They require insider access B. Traffic comes from many distributed sources C. They only use stolen credentials D. Firewalls can easily stop them

19. Drive-by Download

Why can drive-by infections occur without user clicks?

A. Because the browser auto-patches B. Malicious scripts execute automatically when loading the page C. Cookies contain malware D. Sandboxing fails by default

20. Insider Threat

Why are insiders particularly dangerous?

A. They require malware to act B. They already have authorized access C. They only target HR systems D. They cannot bypass monitoring

21. IoT Threats

What makes IoT devices high risk?

A. They run Linux B. They lack proper security controls and dramatically expand attack surface C. They can’t connect to WiFi D. They are immune to malware

22. Macro Viruses

How do macro viruses typically spread?

A. Through router firmware B. Via infected Office documents shared over email C. Through DNS requests D. By USB driver exploitation

23. Malicious PowerShell

Why do attackers favor PowerShell?

A. It cannot run scripts B. It runs on most enterprise systems and hides in-memory C. It requires admin rights D. It is easily detected

24. Malware

What makes Emotet so destructive?

A. It only attacks MacOS B. It enables credential theft, lateral movement and remote control C. It cannot spread laterally D. It only performs keylogging

25. Man-in-the-Middle (MITM)

What technique is used in many MITM attacks?

A. Spoofing legitimate login pages to steal credentials B. Modifying BIOS firmware C. Uploading encrypted ZIP files D. Spamming voicemail boxes

26. Masquerade Attack

In a masquerade attack, the attacker:

A. Executes SQL injection B. Pretends to be an authorized user C. Compromises DNS D. Escalates kernel-level privileges only

27. Meltdown & Spectre

Why are CPU vulnerabilities so impactful?

A. CPUs have built-in antivirus B. They affect hardware-level operations across many devices C. They only affect cloud servers D. They require physical access

28. Network Sniffing

Sniffing attacks expose data when:

A. Traffic is unencrypted B. A VPN is enforced C. Zero Trust is enabled D. Tokens are hashed

29. Open Redirection

Open redirects allow attackers to:

A. Modify CSS styling B. Send users to attacker-controlled malicious URLs C. Disable the browser cache D. Change IP addresses

30. Pass-the-Hash

Why is pass-the-hash effective?

A. Hashes automatically decrypt B. Attackers authenticate using hashed passwords without cracking them C. Hashes expire every minute D. It only works on Linux hosts

31. Phishing

Why does phishing still work?

A. Users always click links B. Emails mimic trusted senders convincingly C. Training eliminates all risk D. Browsers block all phishing pages

32. Phishing Payloads

Phishing payloads often include:

A. Weather reports B. Malicious Office documents or executables C. SSL certificates D. Printer drivers

33. Spear Phishing

What makes spear phishing different?

A. It only targets executives B. It is personalized and targeted C. It uses SMS only D. It relies on zero-days

34. Whaling

Whaling attacks focus on:

A. Social media influencers B. High-level executives C. Interns D. Cloud engineers

35. Privileged User Compromise

Why are privileged accounts dangerous if compromised?

A. They only have limited rights B. They allow access to critical systems and data C. They require MFA D. They reside only on one host

36. Ransomware

Modern ransomware “double extortion” means:

A. Encrypting two databases B. Stealing data and encrypting systems C. Sending two phishing emails D. Targeting two companies

37. Router & Infrastructure Attacks

Why target routers?

A. They have no logs B. They provide persistent access and are often unpatched C. They cannot be rebooted D. They store user cookies

38. Shadow IT

Shadow IT increases risk because:

A. IT approves everything B. Unmanaged apps and devices bypass security controls C. It encrypts corporate data D. It removes admin rights

39. Simjacking

SIM swap attacks allow criminals to:

A. Wipe mobile phones B. Intercept MFA codes C. Install rootkits D. Access physical SIM hardware

40. Social Engineering

Why is social engineering effective?

A. People are predictable and susceptible to manipulation B. It requires malware C. It always uses AI D. It only works on social media

41. Spyware

What can spyware collect?

A. Antivirus signatures B. User credentials, screenshots, keystrokes C. Hardware blueprints D. Only browser history

42. SQL Injection

SQL injection allows attackers to:

A. Increase CPU temperature B. Manipulate backend database queries C. Force firmware updates D. Change network routes

43. Supply Chain Attack

Why are supply chain attacks dangerous?

A. They only impact small vendors B. Compromising a trusted vendor can infiltrate many customers C. They require physical access D. They rely on weak WiFi

44. Suspicious Cloud Storage Activity

What may indicate cloud storage compromise?

A. Normal login times B. Large transfers to unfamiliar locations or users C. SSL certificate renewal D. Antimalware updates

45. Typosquatting

Typosquatting relies on:

A. DNS caching B. Users mistyping URLs and landing on malicious sites C. Password reuse D. DNSSEC

46. Watering Hole Attack

Watering hole attacks compromise:

A. Random websites B. Websites frequently visited by a target group C. Government DNS servers D. Cloud APIs

47. Web Session Cookie Theft

Stolen session cookies allow attackers to:

A. Modify BIOS B. Access accounts without passwords C. Break TLS encryption D. Alter MAC addresses

48. Zero-Day Exploit

Zero-days are dangerous because:

A. They never get patched B. No patch exists when exploitation begins C. They only affect old OS versions D. They require insider access

49. Cryptomining – Cloud Variant

A sudden spike in cloud compute usage may indicate:

A. MFA failure B. Unauthorized cryptomining C. VPN outage D. TLS expiration

50. Application Token Abuse (Refresh Tokens)

Why are refresh tokens risky when stolen?

A. They expire instantly B. They enable long-term session access even after password changes C. They only work online D. They are encrypted with AES-256