Search test library by skills or roles
⌘ K

About the test:

The Cyber Security Assessment Test evaluates candidates on Cyber Security basics (operating systems, computer networks, and cloud concepts), their ability to detect security risks in existing systems (SQL injections, malware, virus, trojans), setup guards against future cyber attacks (DDoS, proxy servers, VPNs, firewalls) and use cryptography techniques (hashing, digital signatures).

Covered skills:

  • Network Security (Protocols; TLS; Firewalls; Port Scans)
  • Cryptography (Hashing; SSL; HTTPS)
  • Cybersecurity Attacks (Man-in-the-middle; DoS/DDos; Network attacks)
  • Web security (SQL injections
See all covered skills

9 reasons why
9 reasons why

Adaface Cyber Security Assessment Test is the most accurate way to shortlist Cyber Security Analysts



Reason #1

Tests for on-the-job skills

The Cyber Security Test reduces the administrative overhead of interviewing too many candidates and saves expensive engineering time by filtering out unqualified candidates.

The Adaface Cyber Security Test screens candidates for the typical skills recruiters look for in a cybersecurity professional:

  • Basics of Cybersecurity (Security Governance, Identity Federation, Cryptography, Hashing, Digital Signatures)
  • Basics of Cybersecurity defences, including Firewalls, Next-Gen AV, IDS/IPS, SIEM, password and patch management
  • Web application security (SSL certifications for encryption, CodeGuard for code backups)
  • Computer networks fundamentals (Protocols, TLS/SSL, VPNs, IPSec, SSH, Firewalls, NAT, Port Scans)
  • Knowledge of common Cyber Attacks (Man-in-the-Middle attacks, DoS/DDoS, Password attacks, Social engineering, Network attacks)
  • Web Application Security (Web App Architecture, SQL Injections, Blind SQL Injections, Cross-Site Scripting)
  • Malware (Viruses, Worms, Trojans, Spyware, Adware, Ransomware, Logic Bombs and Rootkits, Anti-malware)
  • Risk assessments (port scanning, SQL injection attack spoofing, spotting phishing emails, email tracking)
  • Cybersecurity protocols and governance (Frequent patches, Application whitelisting, Data backups)

Additionally, if the role requires candidates to have hands-on programming experience, the test will have coding questions.

Reason #2

No trick questions

no trick questions

Traditional assessment tools use trick questions and puzzles for the screening, which creates a lot of frustration among candidates about having to go through irrelevant screening assessments.

The main reason we started Adaface is that traditional pre-employment assessment platforms are not a fair way for companies to evaluate candidates. At Adaface, our mission is to help companies find great candidates by assessing on-the-job skills required for a role.

Why we started Adaface ->
Reason #3

Non-googleable questions

We have a very high focus on the quality of questions that test for on-the-job skills. Every question is non-googleable and we have a very high bar for the level of subject matter experts we onboard to create these questions. We have crawlers to check if any of the questions are leaked online. If/ when a question gets leaked, we get an alert. We change the question for you & let you know.

These are just a small sample from our library of 10,000+ questions. The actual questions on this Cyber Security Assessment Test will be non-googleable.

🧐 Question

Medium

Cookie Security Analysis
Web Application Security
HTTP Cookies
Cross-Domain Communication
Solve
You are a cybersecurity officer and a new third-party payment gateway is integrated into your company's e-commerce website. The payment gateway API is hosted on a different domain (pay-gateway.com) than your e-commerce site (my-ecommerce.com). You receive some reports that users are unable to complete their transactions intermittently. 

You obtain the following set of HTTP cookies from an affected user:

1. user_session=1; Domain=my-ecommerce.com; Path=/; Secure; HttpOnly
2. payment_session=xyz123; Domain=pay-gateway.com; Path=/; Secure; HttpOnly
3. cart_id=abcd1234; Domain=my-ecommerce.com; Path=/; Secure
4. csrf_token=efgh5678; Domain=my-ecommerce.com; Path=/; Secure
5. currency=USD; Domain=my-ecommerce.com; Path=/;
6. same_site_test=1; Domain=my-ecommerce.com; Path=/; Secure; SameSite=None
7. payment_verification=; Domain=my-ecommerce.com; Path=/; Secure; HttpOnly

Which of the following configuration modifications would likely solve the intermittent transaction failure issue?
A: Set SameSite=Strict attribute on all cookies.
B: Set "SameSite=None; Secure" attribute on the payment_session cookie.
C: Change the Domain attribute of payment_session cookie to my-ecommerce.com.
D: Set HttpOnly attribute on cart_id and csrf_token cookies.
E: Remove Secure attribute from user_session cookie.

Medium

Security Incident
Log Analysis
Solve
You are the security analyst for a company and are currently investigating a security incident. You found the following log entries in your HTTP server logs, which appear to be linked to the incident:

1. 192.0.2.4 - - [24/May/2023:13:15:30 +0000] "GET /wp-login.php HTTP/1.1" 200 167 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8)"
2. 192.0.2.4 - - [24/May/2023:13:15:31 +0000] "POST /wp-login.php HTTP/1.1" 302 152 "http://www.example.com/wp-login.php" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8)"
3. 192.0.2.4 - - [24/May/2023:13:15:32 +0000] "GET /wp-admin/install.php HTTP/1.1" 200 125 "http://www.example.com/wp-admin/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8)"

Based on this information, which of the following statements are correct?
A: The attacker was unable to compromise the Wordpress login page but was successful in accessing the installation page.
B: The attacker attempted to login to a Wordpress site and, despite the login failing, was able to access the Wordpress installation page.
C: The attacker was attempting a dictionary attack on the Wordpress site and accessed the Wordpress installation page.
D: The logs indicate that the attacker was able to compromise the Wordpress login and directly access the installation page.
E: The attacker attempted to login to a Wordpress site, succeeded, and then tried to access the Wordpress installation page.

Medium

Network Traffic Anomaly
Network Traffic Analysis
Network Protocols
Solve
You are a cybersecurity engineer working on a network traffic analysis case. You have been given the following set of observations from network logs of the past 24 hours:

- Observation 1: 1,000,000 DNS requests were recorded, 50% more than the usual daily traffic.
- Observation 2: 85% of these DNS requests have the same subdomain but different domain names.
- Observation 3: For each of these DNS requests, an HTTP POST request follows immediately.
- Observation 4: No other significant anomalies were detected in the system logs.

Given these observations, what would you suspect is happening?
A: The network is experiencing a DNS amplification attack
B: There is a misconfiguration in the DNS settings
C: The system is the source of a SYN flood attack
D: A fast-flux DNS network is in operation
E: The system is infected with a DNS tunneling based malware

Medium

SQL Log Analysis
SQL Injection
Log Analysis
Solve
You are investigating a possible SQL injection attack on your company's web application. You found the following entries in the HTTP server logs:

Note that each log line contains the following information:

IP Address - Timestamp - Request URI - Request Status - Response Size
 image
Based on the log entries, which of the following statements are correct?
A: The attacker logged in successfully but failed to execute the SQL injection.
B: The attacker failed in the SQL injection attack.
C: The attacker failed to login but successfully accessed the admin page.
D: The attacker performed a successful SQL injection attack that dumped all product information.
E: The attacker was unsuccessful in both the SQL injection attack and the login attempt.

Medium

Misappropriation Post-Migration
DNS Management
Infrastructure Migration
Subdomain Hijacking
Solve
A software company decided to move some of their web services from one cloud provider (Vendor A) to another (Vendor B) for better cost optimization. Initially, their main web application "webapp.company.com" was hosted at IP 192.0.2.1 on Vendor A's infrastructure. As part of this transition, it was moved to IP 203.0.113.1 on Vendor B's setup. Subsequently, a secondary web service previously hosted on "serviceA.company.com" at IP 192.0.2.2 (Vendor A), was migrated and re-hosted at "serviceB.company.com" at IP 203.0.113.2 (Vendor B).

A month post-migration, the SEO team reported an unexpected spike in organic traffic to the "company.com" domain. Upon investigating, the IT team noticed unusual activity related to "serviceA.company.com" in the server access logs, including successful HTTP 200 responses from several requests. A suspicious HTTPS GET request, `GET /explicit-content.html HTTP/1.1`, was also recorded.

Running `dig +short serviceA.company.com` returned IP address 198.51.100.1. Cross-checking this information with the company's DNS records revealed:
 image
Based on the details provided, identify the probable cause for the unexpected increase in organic traffic:
A: The company failed to delete the DNS "A" record for "serviceB.company.com" before migration on vendor A.
B: The company failed to delete the DNS "A" record for "serviceA.company.com" after migration.
C: The company did not configure DNS record for webapp.company.com properly on Vendor B's platform.
D: The DNS configuration for serviceB.company.com is incorrect post migration
🧐 Question🔧 Skill

Medium

Cookie Security Analysis
Web Application Security
HTTP Cookies
Cross-Domain Communication
2 mins
Cyber Security
Solve

Medium

Security Incident
Log Analysis
2 mins
Cyber Security
Solve

Medium

Network Traffic Anomaly
Network Traffic Analysis
Network Protocols
2 mins
Cyber Security
Solve

Medium

SQL Log Analysis
SQL Injection
Log Analysis
2 mins
Cyber Security
Solve

Medium

Misappropriation Post-Migration
DNS Management
Infrastructure Migration
Subdomain Hijacking
3 mins
Cyber Security
Solve
🧐 Question🔧 Skill💪 Difficulty⌛ Time
Cookie Security Analysis
Web Application Security
HTTP Cookies
Cross-Domain Communication
Cyber Security
Medium2 mins
Solve
Security Incident
Log Analysis
Cyber Security
Medium2 mins
Solve
Network Traffic Anomaly
Network Traffic Analysis
Network Protocols
Cyber Security
Medium2 mins
Solve
SQL Log Analysis
SQL Injection
Log Analysis
Cyber Security
Medium2 mins
Solve
Misappropriation Post-Migration
DNS Management
Infrastructure Migration
Subdomain Hijacking
Cyber Security
Medium3 mins
Solve
Reason #4

1200+ customers in 75 countries

customers in 75 countries
Brandon

With Adaface, we were able to optimise our initial screening process by upwards of 75%, freeing up precious time for both hiring managers and our talent acquisition team alike!


Brandon Lee, Head of People, Love, Bonito

Reason #5

Designed for elimination, not selection

The most important thing while implementing the pre-employment Cyber Security Assessment Test in your hiring process is that it is an elimination tool, not a selection tool. In other words: you want to use the test to eliminate the candidates who do poorly on the test, not to select the candidates who come out at the top. While they are super valuable, pre-employment tests do not paint the entire picture of a candidate’s abilities, knowledge, and motivations. Multiple easy questions are more predictive of a candidate's ability than fewer hard questions. Harder questions are often "trick" based questions, which do not provide any meaningful signal about the candidate's skillset.

Reason #6

1 click candidate invites

Email invites: You can send candidates an email invite to the Cyber Security Assessment Test from your dashboard by entering their email address.

Public link: You can create a public link for each test that you can share with candidates.

API or integrations: You can invite candidates directly from your ATS by using our pre-built integrations with popular ATS systems or building a custom integration with your in-house ATS.

invite candidates
Reason #7

Detailed scorecards & comparative results

Reason #8

High completion rate

Adaface tests are conversational, low-stress, and take just 25-40 mins to complete.

This is why Adaface has the highest test-completion rate (86%), which is more than 2x better than traditional assessments.

test completion rate
Reason #9

Advanced Proctoring


How is the test customized for Senior Cyber Security Analyst?

The questions used for Senior Cyber Security professionals will be based on advanced topics and the difficulty level of the questions will be higher.

Typical topics assessed in Senior Cyber Security tests are:

  • Experience with using tools like Wireshark, Tcpdump, and Syslog
  • Advanced Cyberattacks (MITRE ATT&CK Framework, Threat Tactics, Attack Kill Chain, Attack Vectors, Indicators of Compromise)
  • Expertise in designing efficient security protocols (IDS/IPS, Data Loss Prevention, Vulnerability Management, Zero-Day Vulnerability, System Audit, Audit logs, Incident Investigation, Threat Intelligence)
  • Experience in security operations and incidence management (Incident Response and playbooks, NIST Framework, The Golden Hour, Log and Email analysis, SLAs KRIs, KPI, Recovery and forensics)
  • Experience implementing secure authentication processes (multi-factor authentication including soft tokens and hard tokens)
  • Secure data destruction

Additionally, if the role requires the candidate to have hands-on programming knowledge, coding questions of higher difficulty levels will be included in the test.

What roles can I use the Cyber Security Assessment Test for?

  • Cyber Security Analyst
  • Cyber Security Manager
  • Cyber Security Engineer
  • Network Security Engineer
  • Systems Engineer (Cyber security)
  • Senior Information Analyst
  • Senior Cyber Security Analyst Cyber Risk Analyst Penetration Tester
  • Security Administrator

What topics are covered in the Cyber Security Assessment Test?

Security Governance
Network Security
Email Security
Cyber Attacks
Phishing
Brute Force Attack
DoS and DDoS Attacks
Bots and Botnets
SQL injection
Cross-site scripting
Web Application Security
Malware (Viruses, Worms, Trojans)
Identity federation
Cryptography
Hashing
Antivirus
Firewalls
Encryption
Anonymizers
Authentication Methods
Digital signatures
SSL Certificates
Virtual Private Networks
Proxy servers
CodeGuard
SiteLock
Third-party assessments
Data governance
ARP spoofing
Singapore government logo

The hiring managers felt that through the technical questions that they asked during the panel interviews, they were able to tell which candidates had better scores, and differentiated with those who did not score as well. They are highly satisfied with the quality of candidates shortlisted with the Adaface screening.


85%
reduction in screening time

Cyber Security Online Test FAQs

Can I evaluate Cyber Security and Computer Networks knowledge in the same test?

Yes. Our standard Cyber Security test evaluates candidates on Network fundamentals. You can also get a custom test to get more questions focused on Computer Networks. You can review our Computer Networks test to get a sense of what kind of questions will be used to evaluate Computer Networks concepts.

How is the test customized for junior Cyber Security professionals?

The test will have easier questions and the topics will be focused on basics of Cyber security attacks, Networks and defenses. The test can also include questions to assess basic technical aptitude skills depending on your job description.

Can I evaluate technical/ coding skills in the same test?

Yes. Our standard Cyber Security test does not include coding questions, but if your job description requires the candidate to have hands-on coding skills, you can get a customised test with coding questions.

What does the cybersecurity aptitude test screen candidates for?

The Cybersecurity aptitude test screens candidates for their knowledge and ability to apply basic cybersecurity principles. The test covers topics such as network security, computer security, and information security. It also measures a candidate's ability to think critically about cybersecurity issues and to identify and solve problems.

Can I combine multiple skills into one custom assessment?

Yes, absolutely. Custom assessments are set up based on your job description, and will include questions on all must-have skills you specify.

Do you have any anti-cheating or proctoring features in place?

We have the following anti-cheating features in place:

  • Non-googleable questions
  • IP proctoring
  • Web proctoring
  • Webcam proctoring
  • Plagiarism detection
  • Secure browser

Read more about the proctoring features.

How do I interpret test scores?

The primary thing to keep in mind is that an assessment is an elimination tool, not a selection tool. A skills assessment is optimized to help you eliminate candidates who are not technically qualified for the role, it is not optimized to help you find the best candidate for the role. So the ideal way to use an assessment is to decide a threshold score (typically 55%, we help you benchmark) and invite all candidates who score above the threshold for the next rounds of interview.

What experience level can I use this test for?

Each Adaface assessment is customized to your job description/ ideal candidate persona (our subject matter experts will pick the right questions for your assessment from our library of 10000+ questions). This assessment can be customized for any experience level.

Does every candidate get the same questions?

Yes, it makes it much easier for you to compare candidates. Options for MCQ questions and the order of questions are randomized. We have anti-cheating/ proctoring features in place. In our enterprise plan, we also have the option to create multiple versions of the same assessment with questions of similar difficulty levels.

I'm a candidate. Can I try a practice test?

No. Unfortunately, we do not support practice tests at the moment. However, you can use our sample questions for practice.

What is the cost of using this test?

You can check out our pricing plans.

Can I get a free trial?

Yes, you can sign up for free and preview this test.

I just moved to a paid plan. How can I request a custom assessment?

Here is a quick guide on how to request a custom assessment on Adaface.

customers across world
Join 1200+ companies in 75+ countries.
Try the most candidate friendly skills assessment tool today.
g2 badges
Ready to use the Adaface Cyber Security Assessment Test?
Ready to use the Adaface Cyber Security Assessment Test?
Chat with us
logo
40 min tests.
No trick questions.
Accurate shortlisting.
Terms Privacy Trust Guide

🌎 Pick your language

English Norsk Dansk Deutsche Nederlands Svenska Français Español Chinese (简体中文) Italiano Japanese (日本語) Polskie Português Russian (русский)
ada
Ada
● Online
Previous
Score: NA
Next
✖️