Quizalize logo
placeholder image to represent content

SS7e-02

Quiz by Gibbons, Carl

Feel free to use or edit a copy

includes Teacher and Student dashboards

Measure skills
from any curriculum

Tag the questions with any skills you have. Your dashboard will track each student's mastery of each skill.

With a free account, teachers can
  • edit the questions
  • save a copy for later
  • start a class game
  • automatically assign follow-up activities based on students’ scores
  • assign as homework
  • share a link with colleagues
  • print as a bubble sheet

Our brand new solo games combine with your quiz, on the same screen

Correct quiz answers unlock more play!

New Quizalize solo game modes
20 questions
Show answers
  • Q1
    Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake?
    Documentation
    Budgeting
    Approval
    Planning
    30s
  • Q2
    Which of the following is NOT a characteristic of a penetration test?
    Automated
    Performed occasionally
    Finds deep vulnerabilities
    May use internal employees or external consultants
    30s
  • Q3
    Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on?
    Blue Team
    Purple Team
    White Team
    Red Team
    30s
  • Q4
    Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo?
    They would have to stay overnight to perform the test.
    Employees may have a reluctance to reveal a vulnerability.
    There may be a lack of expertise.
    The employees could not have inside knowledge of the network that would give them an advantage.
    30s
  • Q5
    What penetration testing level name is given to testers who have no knowledge of the network and no special privileges?
    White box
    Black box
    Purple box
    Gray box
    30s
  • Q6
    Which of the following is NOT an advantage of crowdsourced penetration testing?
    Less expensive
    Conducting multiple tests simultaneously
    Faster testing
    Ability to rotate teams
    30s
  • Q7
    Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?
    Exploitation
    Targets
    Scope
    Limitations and exclusion
    30s
  • Q8
    Which is the final rule of engagement that would be conducted in a pen test?
    Communication
    Reporting
    Cleanup
    Exploitation
    30s
  • Q9
    What is another name for footprinting?
    Revealing
    High-level reconnaissance
    Active reconnaissance
    Modeling
    30s
  • Q10
    When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?
    Squaring up
    Jumping
    Twirling
    Lateral movement
    30s
  • Q11
    What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?
    Blue papers
    Requests for comments (RFCs)
    White notebooks
    Cybersecurity feeds
    30s
  • Q12
    Which of the following is NOT a general information source that can provide valuable in-depth information on cybersecurity?
    Twitter
    Vendor websites
    Local industry groups
    Conferences
    30s
  • Q13
    Which of the following is a standard for the handling of customer card information?
    OSS XRS
    RMR CDC
    PCI DSS
    DRD STR
    30s
  • Q14
    Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals?
    Legislation
    Benchmarks
    Regulations
    White papers
    30s
  • Q15
    Which group is responsible for the Cloud Controls Matrix?
    OSINT
    CIS
    CSA
    NIST
    30s

Teachers give this quiz to your class