Search test library by skills or roles
⌘ K

Cyber Security Assessment Test

The Cyber Security Assessment Test evaluates candidates on Cyber Security basics (operating systems, computer networks, and cloud concepts), their ability to detect security risks in existing systems (SQL injections, malware, virus, trojans), setup guards against future cyber attacks (DDoS, proxy servers, VPNs, firewalls) and use cryptography techniques (hashing, digital signatures).

Get started for free
Preview questions

Screen candidates with a 40 mins test

Test duration:  40 mins
Difficulty level:  Moderate
Availability:  Ready to use
Questions:
  • 15 Cyber Security MCQs
Covered skills:
Network Security (Protocols; TLS; Firewalls; Port Scans)
Cybersecurity Attacks (Man-in-the-middle; DoS/DDos; Network attacks)
Cryptography (Hashing; SSL; HTTPS)
Web security (SQL injections
XSS)
Email security (Phishing)
Malware (Trojans; Adware; Rootkits)
Data security (Patches; Encryption; Backups)
Data governance
Cybersecurity Defenses
Risk assessments
Network tests (Penetration tests)
Get started for free
Preview questions

Use Adaface tests trusted by recruitment teams globally

Adaface is used by 1500+ businesses in 80 countries.

Adaface skill assessments measure on-the-job skills of candidates, providing employers with an accurate tool for screening potential hires.

Amazon Morgan Stanley Vodafone United Nations HCL PayPal Bosch WeWork Optimum Solutions Deloitte NCS Sokrati J&T Express Capegemini

Use the Cyber Security Test to shortlist qualified candidates

The Cyber Security Assessment Test helps recruiters and hiring managers identify qualified candidates from a pool of resumes, and helps in taking objective hiring decisions. It reduces the administrative overhead of interviewing too many candidates and saves time by filtering out unqualified candidates at the first step of the hiring process.

The test screens for the following skills that hiring managers look for in candidates:

  • Ability to identify and implement secure protocols in network security
  • Ability to configure and manage firewalls to protect network infrastructure
  • Ability to detect and prevent Man-in-the-middle attacks
  • Ability to mitigate DoS/DDoS attacks in a network
  • Knowledge of different network attacks and their prevention methods
  • Understanding of cryptographic concepts and ability to use hashing algorithms
  • Knowledge of SSL and its implementation for secure communication
  • Ability to implement HTTPS for secure web browsing
  • Understanding of common web security vulnerabilities like SQL injections and XSS
  • Knowledge of email security practices and ability to detect phishing attempts
  • Familiarity with different types of malware and ability to identify and remove them
  • Ability to implement data security measures like patches, encryption, and backups
  • Understanding of data governance principles and its importance in cybersecurity
  • Knowledge of various cybersecurity defense mechanisms and their implementation
  • Ability to conduct risk assessments to identify potential vulnerabilities
  • Proficiency in conducting network tests, including penetration tests
Get started for free
Preview questions

Screen candidates with the highest quality questions

We have a very high focus on the quality of questions that test for on-the-job skills. Every question is non-googleable and we have a very high bar for the level of subject matter experts we onboard to create these questions. We have crawlers to check if any of the questions are leaked online. If/ when a question gets leaked, we get an alert. We change the question for you & let you know.

How we design questions

These are just a small sample from our library of 15,000+ questions. The actual questions on this Cyber Security Assessment Test will be non-googleable.

🧐 Question

Medium

Cookie Security Analysis
Web Application Security
HTTP Cookies
Cross-Domain Communication
Solve
You are a cybersecurity officer and a new third-party payment gateway is integrated into your company's e-commerce website. The payment gateway API is hosted on a different domain (pay-gateway.com) than your e-commerce site (my-ecommerce.com). You receive some reports that users are unable to complete their transactions intermittently. 

You obtain the following set of HTTP cookies from an affected user:

1. user_session=1; Domain=my-ecommerce.com; Path=/; Secure; HttpOnly
2. payment_session=xyz123; Domain=pay-gateway.com; Path=/; Secure; HttpOnly
3. cart_id=abcd1234; Domain=my-ecommerce.com; Path=/; Secure
4. csrf_token=efgh5678; Domain=my-ecommerce.com; Path=/; Secure
5. currency=USD; Domain=my-ecommerce.com; Path=/;
6. same_site_test=1; Domain=my-ecommerce.com; Path=/; Secure; SameSite=None
7. payment_verification=; Domain=my-ecommerce.com; Path=/; Secure; HttpOnly

Which of the following configuration modifications would likely solve the intermittent transaction failure issue?
A: Set SameSite=Strict attribute on all cookies.
B: Set "SameSite=None; Secure" attribute on the payment_session cookie.
C: Change the Domain attribute of payment_session cookie to my-ecommerce.com.
D: Set HttpOnly attribute on cart_id and csrf_token cookies.
E: Remove Secure attribute from user_session cookie.

Medium

Security Incident
Log Analysis
Solve
You are the security analyst for a company and are currently investigating a security incident. You found the following log entries in your HTTP server logs, which appear to be linked to the incident:

1. 192.0.2.4 - - [24/May/2023:13:15:30 +0000] "GET /wp-login.php HTTP/1.1" 200 167 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8)"
2. 192.0.2.4 - - [24/May/2023:13:15:31 +0000] "POST /wp-login.php HTTP/1.1" 302 152 "http://www.example.com/wp-login.php" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8)"
3. 192.0.2.4 - - [24/May/2023:13:15:32 +0000] "GET /wp-admin/install.php HTTP/1.1" 200 125 "http://www.example.com/wp-admin/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8)"

Based on this information, which of the following statements are correct?
A: The attacker was unable to compromise the Wordpress login page but was successful in accessing the installation page.
B: The attacker attempted to login to a Wordpress site and, despite the login failing, was able to access the Wordpress installation page.
C: The attacker was attempting a dictionary attack on the Wordpress site and accessed the Wordpress installation page.
D: The logs indicate that the attacker was able to compromise the Wordpress login and directly access the installation page.
E: The attacker attempted to login to a Wordpress site, succeeded, and then tried to access the Wordpress installation page.

Medium

Network Traffic Anomaly
Network Traffic Analysis
Network Protocols
Solve
You are a cybersecurity engineer working on a network traffic analysis case. You have been given the following set of observations from network logs of the past 24 hours:

- Observation 1: 1,000,000 DNS requests were recorded, 50% more than the usual daily traffic.
- Observation 2: 85% of these DNS requests have the same subdomain but different domain names.
- Observation 3: For each of these DNS requests, an HTTP POST request follows immediately.
- Observation 4: No other significant anomalies were detected in the system logs.

Given these observations, what would you suspect is happening?
A: The network is experiencing a DNS amplification attack
B: There is a misconfiguration in the DNS settings
C: The system is the source of a SYN flood attack
D: A fast-flux DNS network is in operation
E: The system is infected with a DNS tunneling based malware

Medium

SQL Log Analysis
SQL Injection
Log Analysis
Solve
You are investigating a possible SQL injection attack on your company's web application. You found the following entries in the HTTP server logs:

Note that each log line contains the following information:

IP Address - Timestamp - Request URI - Request Status - Response Size
 image
Based on the log entries, which of the following statements are correct?
A: The attacker logged in successfully but failed to execute the SQL injection.
B: The attacker failed in the SQL injection attack.
C: The attacker failed to login but successfully accessed the admin page.
D: The attacker performed a successful SQL injection attack that dumped all product information.
E: The attacker was unsuccessful in both the SQL injection attack and the login attempt.

Medium

Misappropriation Post-Migration
DNS Management
Infrastructure Migration
Subdomain Hijacking
Solve
A software company decided to move some of their web services from one cloud provider (Vendor A) to another (Vendor B) for better cost optimization. Initially, their main web application "webapp.company.com" was hosted at IP 192.0.2.1 on Vendor A's infrastructure. As part of this transition, it was moved to IP 203.0.113.1 on Vendor B's setup. Subsequently, a secondary web service previously hosted on "serviceA.company.com" at IP 192.0.2.2 (Vendor A), was migrated and re-hosted at "serviceB.company.com" at IP 203.0.113.2 (Vendor B).

A month post-migration, the SEO team reported an unexpected spike in organic traffic to the "company.com" domain. Upon investigating, the IT team noticed unusual activity related to "serviceA.company.com" in the server access logs, including successful HTTP 200 responses from several requests. A suspicious HTTPS GET request, `GET /explicit-content.html HTTP/1.1`, was also recorded.

Running `dig +short serviceA.company.com` returned IP address 198.51.100.1. Cross-checking this information with the company's DNS records revealed:
 image
Based on the details provided, identify the probable cause for the unexpected increase in organic traffic:
A: The company failed to delete the DNS "A" record for "serviceB.company.com" before migration on vendor A.
B: The company failed to delete the DNS "A" record for "serviceA.company.com" after migration.
C: The company did not configure DNS record for webapp.company.com properly on Vendor B's platform.
D: The DNS configuration for serviceB.company.com is incorrect post migration
🧐 Question🔧 Skill

Medium

Cookie Security Analysis
Web Application Security
HTTP Cookies
Cross-Domain Communication

2 mins

Cyber Security
Solve

Medium

Security Incident
Log Analysis

2 mins

Cyber Security
Solve

Medium

Network Traffic Anomaly
Network Traffic Analysis
Network Protocols

2 mins

Cyber Security
Solve

Medium

SQL Log Analysis
SQL Injection
Log Analysis

2 mins

Cyber Security
Solve

Medium

Misappropriation Post-Migration
DNS Management
Infrastructure Migration
Subdomain Hijacking

3 mins

Cyber Security
Solve
🧐 Question🔧 Skill💪 Difficulty⌛ Time
Cookie Security Analysis
Web Application Security
HTTP Cookies
Cross-Domain Communication
Cyber Security
Medium2 mins
Solve
Security Incident
Log Analysis
Cyber Security
Medium2 mins
Solve
Network Traffic Anomaly
Network Traffic Analysis
Network Protocols
Cyber Security
Medium2 mins
Solve
SQL Log Analysis
SQL Injection
Log Analysis
Cyber Security
Medium2 mins
Solve
Misappropriation Post-Migration
DNS Management
Infrastructure Migration
Subdomain Hijacking
Cyber Security
Medium3 mins
Solve

Test candidates on core Cyber Security Hiring Test topics

Network Security: Network security refers to the measures taken to protect a computer network from unauthorized access, misuse, or disruption. It involves implementing protocols, such as TCP/IP, TLS, and VPNs, to secure data transmission, as well as deploying firewalls and conducting port scans to detect and block potential threats.

Cybersecurity Attacks: Cybersecurity attacks are malicious activities targeted at exploiting vulnerabilities in computer systems or networks. These attacks encompass various forms, such as man-in-the-middle attacks, DoS/DDoS attacks, and network attacks. Assessing this skill is essential for evaluating a candidate's ability to identify, prevent, and mitigate cyber threats.

Cryptography: Cryptography involves techniques for securing communication and data storage by converting information into a format that is unintelligible to unauthorized individuals. Hashing, SSL, and HTTPS are cryptographic measures used to ensure data integrity, confidentiality, and authentication. Evaluating a candidate's knowledge of cryptography is crucial for assessing their ability to protect sensitive information.

Web Security: Web security focuses on preventing and mitigating vulnerabilities and threats specifically targeting web applications. It includes measures to mitigate common web-based attacks, such as SQL injections and cross-site scripting (XSS). Gauging a candidate's expertise in web security is essential to ensure the safeguarding of online information and prevent unauthorized access.

Email Security: Email security refers to the protection of email communication from cyber threats, particularly phishing attacks. Assessing a candidate's understanding of email security is important for ensuring that they possess the knowledge and skills necessary to identify and prevent phishing attempts to protect an organization's sensitive data.

Malware: Malware encompasses a range of malicious software designed to harm or exploit computer systems or networks. This includes trojans, adware, and rootkits. Evaluating a candidate's knowledge of malware is essential to determine their ability to detect, analyze, and mitigate these harmful programs.

Data Security: Data security involves protecting data from unauthorized access, modification, or destruction. It includes implementing security patches, utilizing encryption techniques, and establishing regular data backups. Assessing a candidate's proficiency in data security is crucial for maintaining the confidentiality, integrity, and availability of sensitive information.

Data Governance: Data governance refers to the overall management of data quality, security, and privacy within an organization. It encompasses establishing policies, procedures, and controls to ensure the appropriate handling and usage of data. Assessing a candidate's understanding of data governance is important for ensuring compliance with regulations and maintaining the integrity of data.

Cybersecurity Defenses: Cybersecurity defenses involve implementing protective measures and strategies to safeguard computer systems and networks from cyber threats. These defenses can include firewalls, intrusion detection systems, antivirus software, and access controls. Evaluating a candidate's knowledge of cybersecurity defenses is essential to assess their ability to implement and maintain effective security measures.

Risk Assessments: Risk assessments involve identifying, analyzing, and evaluating potential risks and vulnerabilities related to information systems. This includes assessing the likelihood and potential impact of various threats and determining appropriate mitigation strategies. Assessing a candidate's skills in risk assessments is crucial for ensuring proactive identification and management of cybersecurity risks.

Network Tests (Penetration Tests): Network tests, specifically penetration tests, involve evaluating the security of a computer network by attempting to exploit vulnerabilities. This simulates real-world attack scenarios to identify weaknesses and develop strategies for improvement. Assessing a candidate's ability to conduct network tests provides insight into their proficiency in identifying and mitigating network vulnerabilities.

Get started for free
Preview questions

Make informed decisions with actionable reports and benchmarks

View sample scorecard

Screen candidates in 3 easy steps

Pick a test from over 500+ tests

The Adaface test library features 500+ tests to enable you to test candidates on all popular skills- everything from programming languages, software frameworks, devops, logical reasoning, abstract reasoning, critical thinking, fluid intelligence, content marketing, talent acquisition, customer service, accounting, product management, sales and more.

Invite your candidates with 2-clicks

Make informed hiring decisions

Get started for free
Preview questions

Try the most advanced candidate assessment platform

ChatGPT Protection

Non-googleable Questions

Web Proctoring

IP Proctoring

Webcam Proctoring

MCQ Questions

Coding Questions

Typing Questions

Personality Questions

Custom Questions

Ready-to-use Tests

Custom Tests

Custom Branding

Bulk Invites

Public Links

ATS Integrations

Multiple Question Sets

Custom API integrations

Role-based Access

Priority Support

GDPR Compliance


Pick a plan based on your hiring needs

The most advanced candidate screening platform.
14-day free trial. No credit card required.

From
$15
per month (paid annually)
love bonito

With Adaface, we were able to optimise our initial screening process by upwards of 75%, freeing up precious time for both hiring managers and our talent acquisition team alike!

Brandon Lee, Head of People, Love, Bonito

Brandon
love bonito

It's very easy to share assessments with candidates and for candidates to use. We get good feedback from candidates about completing the tests. Adaface are very responsive and friendly to deal with.

Kirsty Wood, Human Resources, WillyWeather

Brandon
love bonito

We were able to close 106 positions in a record time of 45 days! Adaface enables us to conduct aptitude and psychometric assessments seamlessly. My hiring managers have never been happier with the quality of candidates shortlisted.

Amit Kataria, CHRO, Hanu

Brandon
love bonito

We evaluated several of their competitors and found Adaface to be the most compelling. Great library of questions that are designed to test for fit rather than memorization of algorithms.

Swayam Narain, CTO, Affable

Brandon

Have questions about the Cyber Security Hiring Test?

How does pricing work?

You can check out our pricing plans.

Can I customize the test?

Yes, absolutely. Custom assessments are set up within 48 hours based on your job description, and will include questions on all must-have skills you specify. Here's a quick guide on how you can request a custom test. You can also customize a test by uploading your own questions.

Can I combine multiple skills into one test?

Yes, absolutely. Custom assessments are set up based on your job description, and will include questions on all must-have skills you specify. Here's a quick guide on how you can request a custom test.

What roles can I use the Cyber Security Test for?

Here are few roles for which we recommend this test:

  • Cybersecurity Analyst
  • Security Engineer
  • Network Administrator
  • Penetration Tester
  • Security Consultant
  • Chief Information Security Officer (CISO)
  • IT Auditor
  • Security Architect
  • Security Operations Center (SOC) Analyst
Can I see a sample test, or do you have a free trial?

Yes!

The free trial includes one sample technical test (Java/ JavaScript) and one sample aptitude test that you will find in your dashboard when you sign up. You can use it to review the quality of questions and the candidate experience of giving a test on Adaface.

You can preview any of the 500+ tests and see the sample questions to decide if it would be a good fit for your requirements.

How do I interpret test scores?

The primary thing to keep in mind is that an assessment is an elimination tool, not a selection tool. A skills assessment is optimized to help you eliminate candidates who are not technically qualified for the role, it is not optimized to help you find the best candidate for the role. So the ideal way to use an assessment is to decide a threshold score (typically 55%, we help you benchmark) and invite all candidates who score above the threshold for the next rounds of interview.

I'm a candidate. Can I try a practice test?

No. Unfortunately, we do not support practice tests at the moment. However, you can use our sample questions for practice.

customers across world
Join 1500+ companies in 80+ countries.
Try the most candidate friendly skills assessment tool today.
g2 badges
Ready to use the Adaface Cyber Security Assessment Test?
Ready to use the Adaface Cyber Security Assessment Test?
logo
40 min tests.
No trick questions.
Accurate shortlisting.
Terms Privacy Trust Guide
ada
Ada
● Online
Previous
Score: NA
Next
✖️