Quizalize logo
placeholder image to represent content

sapt_cern

Quiz by Michael Kirchner

Feel free to use or edit a copy

includes Teacher and Student dashboards

Measure skills
from any curriculum

Tag the questions with any skills you have. Your dashboard will track each student's mastery of each skill.

With a free account, teachers can
  • edit the questions
  • save a copy for later
  • start a class game
  • automatically assign follow-up activities based on students’ scores
  • assign as homework
  • share a link with colleagues
  • print as a bubble sheet

Our brand new solo games combine with your quiz, on the same screen

Correct quiz answers unlock more play!

New Quizalize solo game modes
10 questions
Show answers
  • Q1

    The pentest target of the course is

    All systems, employees and physical locations that belong to CERN.

    Internet-facing systems operated by CERN where the "whois IP lookup" points to the CERN organization.

    All Internet-facing systems that can be attributed to CERN and are likely used by the CERN organization.

    Internet-facing systems operated by CERN with IP addresses that are allow-listed in their Code of Ethics.

    120s
  • Q2

    Is "maps.web.cern.ch" a valid target for this pentest? Take your time to do the actual research.

    true
    false
    True or False
    300s
  • Q3

    Is "cerncourier.com" a valid target for this pentest? Take your time to do the actual research.

    false
    true
    True or False
    300s
  • Q4

    How can you lower the probability to cause a denial of service situation while testing a target system?

    Continously ping the target system while testing. As long as ping responses are received, it is also okay to continue increasing scanning speeds and usage of parallel threads. 

    Make sure to only launch security tests from locations that have comparatively low upstream bandwidth (e.g., home internet connections). This implicitly ensures that the generated amount of traffic will not overwhelm a remote system. 

    When working with security testing tools, stick to conservative settings in regards to scan speed and usage of parallel threads. Stop testing when you notice unavailability while performing tests.

    When working with security testing tools, stick to conservative settings in regards to scan speed and usage of parallel threads. When noticing unavailability during tests, write an e-mail to the owners of the system and ask them to increase resources.

    120s
  • Q5

    You found a SQL injection vulnerability in a web site operated by CERN. You can read internal information that is not visible on the web site. The next steps you do are:

    Post the information on X/Twitter or your other favorite platform.

    Try to modify existing data stored in the database to gain additional access. Example: try to overwrite the administrator password to a new value that you know, so that you can log in.

    Analyze and document the issue for the pentest report. 

    Reach out to the CERN security team immediately and report the issue to them.

    120s
  • Q6

    The allowed timeframe to conduct security tests against the CERN infrastructure ... 

    ... stays active as long as you are studying at University of Applied Sciences St.Pölten.

    ... ends when successfully completing the Bachelor's degree programme.

    ... ends with the last day of the course (result presentations).

    ... is not bound to specific limits. 

    120s
  • Q7

    You found a cross-site request forgery vulnerability in a CERN system that you were analyzing. The attack works the following way: If a legit administrator visits a link that you have prepared, a request is sent in the background that promotes your regular system user to an administrator user. Overall, the legitimate administrator will not notice what is going on, as the request is sent in the background. You see the administrator's e-mail address on the affected web site and send her/him an e-mail with the prepared link inside. Is this procedure in line with the rules of engagement of this course?

    false
    true
    True or False
    120s
  • Q8

    When working on the CERN pentest while being on-site at University of Applied Sciences St.Pölten, the following networks should be used as the source of your activities.

    Only the CAMPUS_STP WIFI network.

    The lab PC network or the FH_STP_NWTLAB WIFI network.

    The lab PC network or the CAMPUS_STP WIFI network.

    Only the lab PC network.

    120s
  • Q9

    You found a user registration feature on a CERN website that is in scope of the pentest. Trying to register a new user account is fine.

    true
    false
    True or False
    120s
  • Q10

    You found information about the CERN IT infrastructure on a web site that is not allowed to be tested by the rules of engagement of this course. Using this information for your further testing activities is fine, as long as you do not actively test systems that are out of scope. 

    true
    false
    True or False
    120s

Teachers give this quiz to your class