Search test library by skills or roles
⌘ K

About the test:

The Cyber Security Assessment Test evaluates candidates on Cyber Security basics (operating systems, computer networks, and cloud concepts), their ability to detect security risks in existing systems (SQL injections, malware, virus, trojans), setup guards against future cyber attacks (DDoS, proxy servers, VPNs, firewalls) and use cryptography techniques (hashing, digital signatures).

Covered skills:

  • Network Security (Protocols; TLS; Firewalls; Port Scans)
  • Cryptography (Hashing; SSL; HTTPS)
  • Cybersecurity Attacks (Man-in-the-middle; DoS/DDos; Network attacks)
  • Web security (SQL injections
See all covered skills

9 reasons why
9 reasons why

Adaface Cyber Security Assessment Test is the most accurate way to shortlist Cybersecurity Analysts



Reason #1

Tests for on-the-job skills

网络安全测试减少了采访太多候选人的管理开销,并通过过滤不合格的候选人节省了昂贵的工程时间。

典型技能招聘人员在网络安全专业人员中寻找的Adaface网络安全测试筛选候选人:

  • 网络安全基础知识(安全治理,身份联合会,密码学,哈希,数字签名)
  • 网络安全防御的基础知识,包括防火墙,下一代AV,IDS/IPS,SIEM,密码和补丁管理
  • Web应用程序安全性(用于加密的SSL认证,代码备份的CodeGuard)
  • 计算机网络基本面(协议,TLS/SSL,VPN,IPSEC,SSH,防火墙,NAT,端口扫描)
  • 了解常见的网络攻击(中间人攻击,DOS/DDOS,密码攻击,社会工程,网络攻击)
  • Web应用程序安全性(Web App体系结构,SQL注射,盲sql注射,跨站点脚本)
  • 恶意软件(病毒,蠕虫,木马,间谍软件,广告软件,勒索软件,逻辑炸弹和词根,反恶意软件)
  • 风险评估(端口扫描,SQL注射攻击欺骗,发现网络钓鱼电子邮件,电子邮件跟踪)
  • 网络安全协议和治理(频繁的补丁,应用白名单,数据备份)

此外,如果该角色要求候选人具有动手编程经验,则该测试将有编码问题。

Reason #2

No trick questions

no trick questions

Traditional assessment tools use trick questions and puzzles for the screening, which creates a lot of frustration among candidates about having to go through irrelevant screening assessments.

The main reason we started Adaface is that traditional pre-employment assessment platforms are not a fair way for companies to evaluate candidates. At Adaface, our mission is to help companies find great candidates by assessing on-the-job skills required for a role.

Why we started Adaface ->
Reason #3

Non-googleable questions

We have a very high focus on the quality of questions that test for on-the-job skills. Every question is non-googleable and we have a very high bar for the level of subject matter experts we onboard to create these questions. We have crawlers to check if any of the questions are leaked online. If/ when a question gets leaked, we get an alert. We change the question for you & let you know.

这些只是我们库中有10,000多个问题的一个小样本。关于此的实际问题 Cyber Security Assessment Test 将是不可行的.

🧐 Question

Medium

Cookie Security Analysis
Web Application Security
HTTP Cookies
Cross-Domain Communication
Solve
You are a cybersecurity officer and a new third-party payment gateway is integrated into your company's e-commerce website. The payment gateway API is hosted on a different domain (pay-gateway.com) than your e-commerce site (my-ecommerce.com). You receive some reports that users are unable to complete their transactions intermittently. 

You obtain the following set of HTTP cookies from an affected user:

1. user_session=1; Domain=my-ecommerce.com; Path=/; Secure; HttpOnly
2. payment_session=xyz123; Domain=pay-gateway.com; Path=/; Secure; HttpOnly
3. cart_id=abcd1234; Domain=my-ecommerce.com; Path=/; Secure
4. csrf_token=efgh5678; Domain=my-ecommerce.com; Path=/; Secure
5. currency=USD; Domain=my-ecommerce.com; Path=/;
6. same_site_test=1; Domain=my-ecommerce.com; Path=/; Secure; SameSite=None
7. payment_verification=; Domain=my-ecommerce.com; Path=/; Secure; HttpOnly

Which of the following configuration modifications would likely solve the intermittent transaction failure issue?
A: Set SameSite=Strict attribute on all cookies.
B: Set "SameSite=None; Secure" attribute on the payment_session cookie.
C: Change the Domain attribute of payment_session cookie to my-ecommerce.com.
D: Set HttpOnly attribute on cart_id and csrf_token cookies.
E: Remove Secure attribute from user_session cookie.

Medium

Security Incident
Log Analysis
Solve
You are the security analyst for a company and are currently investigating a security incident. You found the following log entries in your HTTP server logs, which appear to be linked to the incident:

1. 192.0.2.4 - - [24/May/2023:13:15:30 +0000] "GET /wp-login.php HTTP/1.1" 200 167 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8)"
2. 192.0.2.4 - - [24/May/2023:13:15:31 +0000] "POST /wp-login.php HTTP/1.1" 302 152 "http://www.example.com/wp-login.php" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8)"
3. 192.0.2.4 - - [24/May/2023:13:15:32 +0000] "GET /wp-admin/install.php HTTP/1.1" 200 125 "http://www.example.com/wp-admin/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8)"

Based on this information, which of the following statements are correct?
A: The attacker was unable to compromise the Wordpress login page but was successful in accessing the installation page.
B: The attacker attempted to login to a Wordpress site and, despite the login failing, was able to access the Wordpress installation page.
C: The attacker was attempting a dictionary attack on the Wordpress site and accessed the Wordpress installation page.
D: The logs indicate that the attacker was able to compromise the Wordpress login and directly access the installation page.
E: The attacker attempted to login to a Wordpress site, succeeded, and then tried to access the Wordpress installation page.

Medium

Network Traffic Anomaly
Network Traffic Analysis
Network Protocols
Solve
You are a cybersecurity engineer working on a network traffic analysis case. You have been given the following set of observations from network logs of the past 24 hours:

- Observation 1: 1,000,000 DNS requests were recorded, 50% more than the usual daily traffic.
- Observation 2: 85% of these DNS requests have the same subdomain but different domain names.
- Observation 3: For each of these DNS requests, an HTTP POST request follows immediately.
- Observation 4: No other significant anomalies were detected in the system logs.

Given these observations, what would you suspect is happening?
A: The network is experiencing a DNS amplification attack
B: There is a misconfiguration in the DNS settings
C: The system is the source of a SYN flood attack
D: A fast-flux DNS network is in operation
E: The system is infected with a DNS tunneling based malware

Medium

SQL Log Analysis
SQL Injection
Log Analysis
Solve
You are investigating a possible SQL injection attack on your company's web application. You found the following entries in the HTTP server logs:

Note that each log line contains the following information:

IP Address - Timestamp - Request URI - Request Status - Response Size
 image
Based on the log entries, which of the following statements are correct?
A: The attacker logged in successfully but failed to execute the SQL injection.
B: The attacker failed in the SQL injection attack.
C: The attacker failed to login but successfully accessed the admin page.
D: The attacker performed a successful SQL injection attack that dumped all product information.
E: The attacker was unsuccessful in both the SQL injection attack and the login attempt.

Medium

Misappropriation Post-Migration
DNS Management
Infrastructure Migration
Subdomain Hijacking
Solve
A software company decided to move some of their web services from one cloud provider (Vendor A) to another (Vendor B) for better cost optimization. Initially, their main web application "webapp.company.com" was hosted at IP 192.0.2.1 on Vendor A's infrastructure. As part of this transition, it was moved to IP 203.0.113.1 on Vendor B's setup. Subsequently, a secondary web service previously hosted on "serviceA.company.com" at IP 192.0.2.2 (Vendor A), was migrated and re-hosted at "serviceB.company.com" at IP 203.0.113.2 (Vendor B).

A month post-migration, the SEO team reported an unexpected spike in organic traffic to the "company.com" domain. Upon investigating, the IT team noticed unusual activity related to "serviceA.company.com" in the server access logs, including successful HTTP 200 responses from several requests. A suspicious HTTPS GET request, `GET /explicit-content.html HTTP/1.1`, was also recorded.

Running `dig +short serviceA.company.com` returned IP address 198.51.100.1. Cross-checking this information with the company's DNS records revealed:
 image
Based on the details provided, identify the probable cause for the unexpected increase in organic traffic:
A: The company failed to delete the DNS "A" record for "serviceB.company.com" before migration on vendor A.
B: The company failed to delete the DNS "A" record for "serviceA.company.com" after migration.
C: The company did not configure DNS record for webapp.company.com properly on Vendor B's platform.
D: The DNS configuration for serviceB.company.com is incorrect post migration
🧐 Question🔧 Skill

Medium

Cookie Security Analysis
Web Application Security
HTTP Cookies
Cross-Domain Communication
2 mins
Cyber Security
Solve

Medium

Security Incident
Log Analysis
2 mins
Cyber Security
Solve

Medium

Network Traffic Anomaly
Network Traffic Analysis
Network Protocols
2 mins
Cyber Security
Solve

Medium

SQL Log Analysis
SQL Injection
Log Analysis
2 mins
Cyber Security
Solve

Medium

Misappropriation Post-Migration
DNS Management
Infrastructure Migration
Subdomain Hijacking
3 mins
Cyber Security
Solve
🧐 Question🔧 Skill💪 Difficulty⌛ Time
Cookie Security Analysis
Web Application Security
HTTP Cookies
Cross-Domain Communication
Cyber Security
Medium2 mins
Solve
Security Incident
Log Analysis
Cyber Security
Medium2 mins
Solve
Network Traffic Anomaly
Network Traffic Analysis
Network Protocols
Cyber Security
Medium2 mins
Solve
SQL Log Analysis
SQL Injection
Log Analysis
Cyber Security
Medium2 mins
Solve
Misappropriation Post-Migration
DNS Management
Infrastructure Migration
Subdomain Hijacking
Cyber Security
Medium3 mins
Solve
Reason #4

1200+ customers in 75 countries

customers in 75 countries
Brandon

借助Adaface,我们能够优化我们的初始筛查过程超过75%,从而为招聘经理和我们的人才获取团队提供了宝贵的时间!


Brandon Lee, 人的负责人, Love, Bonito

Reason #5

Designed for elimination, not selection

The most important thing while implementing the pre-employment Cyber Security Assessment Test in your hiring process is that it is an elimination tool, not a selection tool. In other words: you want to use the test to eliminate the candidates who do poorly on the test, not to select the candidates who come out at the top. While they are super valuable, pre-employment tests do not paint the entire picture of a candidate’s abilities, knowledge, and motivations. Multiple easy questions are more predictive of a candidate's ability than fewer hard questions. Harder questions are often "trick" based questions, which do not provide any meaningful signal about the candidate's skillset.

Reason #6

1 click candidate invites

Email invites: You can send candidates an email invite to the Cyber Security Assessment Test from your dashboard by entering their email address.

Public link: You can create a public link for each test that you can share with candidates.

API or integrations: You can invite candidates directly from your ATS by using our pre-built integrations with popular ATS systems or building a custom integration with your in-house ATS.

invite candidates
Reason #7

Detailed scorecards & benchmarks

Reason #8

High completion rate

Adaface tests are conversational, low-stress, and take just 25-40 mins to complete.

This is why Adaface has the highest test-completion rate (86%), which is more than 2x better than traditional assessments.

test completion rate
Reason #9

Advanced Proctoring


如何为高级网络安全分析师定制测试?

高级网络安全专业人员使用的问题将基于高级主题,问题的难度将更高。

在高级网络安全测试中评估的典型主题是:

  • 使用Wireshark,TCPDUMP和Syslog等工具的经验
  • 高级网络攻击(MITER ATT&CK框架,威胁策略,攻击杀戮链,攻击向量,妥协指标)
  • 设计有效的安全协议方面的专业知识(IDS/IPS,数据丢失预防,漏洞管理,零日脆弱性,系统审核,审计日志,事件调查,威胁情报)
  • 安全操作和发病率管理的经验(事件响应和剧本,NIST框架,黄金小时,日志和电子邮件分析,SLAS KRIS,KPI,恢复和取证)
  • 实施安全身份验证过程(多因素身份验证,包括软令牌和硬令牌)的经验
  • 保护数据破坏

此外,如果该角色要求候选人具有动手编程知识,则测试将包括更高难度级别的编码问题。

What roles can I use the Cyber Security Assessment Test for?

  • Cybersecurity Analyst
  • Security Engineer
  • Network Administrator
  • Penetration Tester
  • Security Consultant
  • Chief Information Security Officer (CISO)
  • IT Auditor
  • Security Architect
  • Security Operations Center (SOC) Analyst

What topics are covered in the Cyber Security Assessment Test?

安全治理
网络安全
电子邮件安全性
网络攻击
网络钓鱼
蛮力攻击
DOS和DDOS攻击
机器人和僵尸网络
SQL注入
跨站脚本
Web应用程序安全
恶意软件(病毒,蠕虫,木马)
身份联合会
密码学
哈希
防病毒软件
防火墙
加密
匿名者
身份验证方法
数字签名
SSL证书
虚拟专用网络
代理服务器
CodeGuard
Sitelock
第三方评估
数据治理
ARP欺骗
Singapore government logo

招聘经理认为,通过小组访谈中他们提出的技术问题,他们能够分辨哪些候选人的得分更好,并且与未得分的人有区别。他们是 非常满意 随着候选人的质量入围了Adaface筛查。


85%
减少筛查时间

Cyber Security Online Test FAQs

我可以在同一测试中评估网络安全和计算机网络知识吗?

是的。我们的标准网络安全测试评估了网络基本面的候选人。您还可以进行自定义测试,以获取更多针对计算机网络的问题。您可以查看我们的[计算机网络测试](https://www.adaface.com/assessment-test/network-eender-test),以了解将使用哪种问题来评估计算机网络概念。

如何为初级网络安全专业人员定制测试?

该测试将有简单的问题,主题将集中在网络安全攻击,网络和防御措施的基础上。该测试还可以包括根据您的职位描述评估基本技术才能技能的问题。

我可以在同一测试中评估技术/编码技能吗?

是的。我们的标准网络安全测试不包括编码问题,但是如果您的职位描述要求候选人具有动手编码技能,则可以获得带有编码问题的自定义测试。

网络安全能力测试筛选候选者的用途是什么?

网络安全能力测试筛选候选者的知识和应用基本网络安全原则的能力。该测试涵盖了网络安全性,计算机安全性和信息安全性等主题。它还衡量了候选人对网络安全问题进行批判性思考以及识别和解决问题的能力。

我可以将多个技能结合在一起,为一个自定义评估吗?

是的,一点没错。自定义评估是根据您的职位描述进行的,并将包括有关您指定的所有必备技能的问题。

您是否有任何反交换或策略功能?

我们具有以下反交易功能:

  • 不可解决的问题
  • IP策略
  • Web Protoring
  • 网络摄像头Proctoring
  • 窃检测
  • 安全浏览器

阅读有关[Proctoring功能](https://www.adaface.com/proctoring)的更多信息。

如何解释考试成绩?

要记住的主要问题是评估是消除工具,而不是选择工具。优化了技能评估,以帮助您消除在技术上没有资格担任该角色的候选人,它没有进行优化以帮助您找到该角色的最佳候选人。因此,使用评估的理想方法是确定阈值分数(通常为55%,我们为您提供基准测试),并邀请所有在下一轮面试中得分高于门槛的候选人。

我可以使用该测试的经验水平?

每个ADAFACE评估都是为您的职位描述/理想候选角色定制的(我们的主题专家将从我们的10000多个问题的图书馆中选择正确的问题)。可以为任何经验级别定制此评估。

每个候选人都会得到同样的问题吗?

是的,这使您比较候选人变得容易得多。 MCQ问题的选项和问题顺序是随机的。我们有[抗欺骗/策略](https://www.adaface.com/proctoring)功能。在我们的企业计划中,我们还可以选择使用类似难度级别的问题创建多个版本的相同评估。

我是候选人。我可以尝试练习测试吗?

不,不幸的是,我们目前不支持实践测试。但是,您可以使用我们的[示例问题](https://www.adaface.com/questions)进行练习。

使用此测试的成本是多少?

您可以查看我们的[定价计划](https://www.adaface.com/pricing/)。

我可以免费试用吗?

我刚刚搬到了一个付费计划。我如何要求自定义评估?

customers across world
Join 1200+ companies in 75+ countries.
立即尝试最候选的友好技能评估工具。
g2 badges
Ready to use the Adaface Cyber Security Assessment Test?
Ready to use the Adaface Cyber Security Assessment Test?
与我们聊天
logo
40 min tests.
No trick questions.
Accurate shortlisting.
术语 隐私 信任指南

🌎选择您的语言

English Norsk Dansk Deutsche Nederlands Svenska Français Español Chinese (简体中文) Italiano Japanese (日本語) Polskie Português Russian (русский)
ada
Ada
● Online
Previous
Score: NA
Next
✖️