SecureMac, Inc.

SecureMac Cybersecurity Quiz

Test your cybersecurity savvy! Can you answer all of these basic cybersecurity questions correctly?

Congratulations!

You scored %%SCORE%% out of %%TOTAL%%.

Your performance has been rated as %%RATING%%


Your answers are highlighted below.
Question 1
Which of the following is a strong password?
A
pa$$w0rd1965
Hint:
Whoops! pa$$w0rd1965 is better than “password”, but not by much. Some variation of “pa$$w0rd” in combination with a birth year has doubtless been used many times before—and hackers know this. A computer can run through all the possibilities in a matter of seconds, making a password like this one easy to hack.
B
yesterdayallmytroublesseemedsofaraway
Hint:
Good guess, but not quite right. John, Paul, George and Ringo are household names, which is why this passphrase, although long, is not particularly secure. Computers are powerful enough to try millions of common phrases and well-known song lyrics in the blink of an eye—and as bands go, it doesn’t get much more well-known than the Fab Four. A good rule of thumb is that if you can search for and find a particular string of words in a search engine, it’s better to use something else as your passphrase.
C
123456
Hint:
Oh no! This one isn’t very strong at all. Common, simple, and trivially easy for a computer to crack.
D
MarkandRuth2002
E
None of the above
Hint:

Correct!

All the other choices have problems. Your passwords should not rely on publicly available strings of words like famous song lyrics or common variants on the word “password” (e.g. pa$$w0rd), nor should they use common personal details like the account owner’s name in conjunction with birth or anniversary years.The best passwords and passphrases are long, contain a mix of uppercase and lowercase letters, and include numbers and special characters. Worried about remembering it all? Don’t try! Get a reputable password manager like Dashlane, iCloud Keychain, or 1Password.

Question 2
You can never be sure whether or not your account has been part of a large-scale data breach, unless the hacked website or company informs you directly.
A
True
Hint:
Not true! There is a way to check for yourself. Click on the correct answer to find out how.
B
False
Hint:

Correct!

Websites like haveibeenpwnd.com or tools like Google Chrome’s Password Checkup extension allow you to check your accounts to see if they've been part of a known data breach.

Question 3
It’s never safe to reuse a password on secondary accounts (even if they’re not important accounts).
A
True
Hint:

Correct!

Re-using passwords is never recommended, and when it comes to password security, there’s no such thing as an “unimportant account”. This is because even small or relatively obscure websites can be hacked—and criminals trade and sell lists of passwords and usernames on the dark web, allowing other malicious actors to try out these credentials on larger sites.

B
False
Hint:
Oh no! You’re not reusing passwords, are you? Click on the correct answer to learn why this is a bad idea...
Question 4
If you’re using a web browser’s “Private Browsing” feature, who can see what you’re doing?
A
Government and law enforcement agencies
Hint:
The CIA can see you. But it’s not just them…
B
Your network administrator, Internet service provider (ISP), and VPN provider
Hint:
Anyone who controls network traffic can see your activity, even if you’re Incognito. But they’re not the only ones...
C
Hackers who have intercepted network traffic
Hint:
Sure, but it’s not only the bad guys.
D
A and B only
Hint:
Almost. But it’s worse than you think.
E
A, B, and C
Hint:

Correct!

Anyone who controls or routes network traffic will be able to see your activity when you’re in Private Browsing mode. This includes network admins, ISPs and VPNs. Similarly, those with the tools and know-how to intercept and monitor traffic can see what you’re doing as well. This means legitimate law-enforcement personnel, intelligence agencies foreign and domestic, and outright cybercriminals.

Question 5
Performing regular, encrypted backups of important files and systems is a good way to minimize the damage caused by this type of cyberattack:
A
Phishing
Hint:
Phishing attacks are definitely something to watch out for, but your backups won’t help you if you send your bank account login details to an attacker.
B
Trojan Horse
Hint:
Trojan Horse malware, as the name implies, disguises itself as something harmless so that you download it onto your system. Definitely tricky, but having backups won’t protect you from these in all cases.
C
Ransomware
Hint:

Correct!

This type of malware works by encrypting your files or locking you out of your system until you pay a ransom to the attackers. If you have backups of your files or systems, though, you won’t be at the mercy of cybercriminals. Be aware that some ransomware is designed to remain dormant on a system for a while before activating, giving it time to infect backup files as well. Very sneaky. So make sure your backup solution includes some kind of malware detection to warn you if there seems to be malicious software in the files you’re backing up.

D
Man-in-the-middle (MITM) attacks
Hint:
MITM attacks refer to hackers positioning themselves “in the middle” of two parties who are communicating with one another (or who think they’re communicating with one another). The hacker will then relay or alter the messages sent between those parties for malicious purposes. The best defenses against MITM attacks are strong endpoint authentication protocols and well-secured networks.
Question 6

If I’m using an iPhone with Face ID, my phone can't be unlocked if I’m asleep.

A
True
Hint:
Usually true, but not always. Click on the correct answer to make sure your iPhone is working as intended.
B
False
Hint:

Correct!

While Face ID is designed to work this way, it only functions as intended when a device’s “Require Attention” feature is enabled. Require Attention is used to prevent accidental unlocks and to keep Face ID from being used to unlock a sleeping person’s phone. However, some users disable this feature in a bid to make their iPhone open faster—which means their device can now be unlocked with their sleeping face. So if you’re using an iPhone with Face ID, be sure that Require Attention is enabled. You can find it under Settings > General > Accessibility.

Question 7

Which of the following is not a typical sign of a phishing email?

 
A
The email was unsolicited and asks you to confirm password information or sensitive account details
Hint:
This is generally a bad sign. Legitimate emails from banks or service providers will almost never ask for this kind of information. And no, the IRS or Apple will never call you on the phone to resolve an account issue.
B
The email address of the sender uses subdomains or extra characters
Hint:
This is a common trick used by malicious actors to make an email address seem like it comes from a legitimate organization, even though it’s anything but legit. Be on the lookout for addresses like payments@netflix123.com or refunds@irs.gov.cc.
C
The email was unsolicited and contains a clickable “unsubscribe” link at the bottom
Hint:

Correct!

While a phishing email might try to make use of an unsubscribe link to redirect you to a malicious website, these links are required by most mass mailing services (and in some places, by law) and will be found in almost all corporate email communications. In and of themselves, they’re nothing to worry about.

D
Hovering the mouse pointer over a URL link that you’re asked to click on reveals a different destination address.
Hint:
This is generally an excellent sign that an email is a phishing attack. If the link that you’re supposed to click reads “www.uber.com/accounts/new/rewards” but holding your mouse over this text indicates that you’ll instead be taken to “www.uber.fakewebsite.com/accounts/new/rewards”, don’t click!
E
The email was unsolicited and contains an attachment of some kind
Hint:
Another very common tactic that phishing emails use is to attach a malicious payload in the form of an attachment, often disguised as something innocent like a PDF or Word document. Never download something that you’re not sure about. Always use antivirus software to scan attachments before opening them.
Question 8

Using hotel or airport Wi-Fi is reasonably safe if I’m using a VPN

A
True
Hint:

Correct!

While you should never connect to a completely unprotected public Wi-Fi network, and while even password protected public networks may be compromised or poorly secured, a reputable VPN is a good way to make use of free Wi-Fi without sacrificing your security and privacy. VPNs add a layer of encryption to outbound and inbound data, allowing you to send and receive information securely.

B
False
Hint:
You’re more paranoid than we are! Public Wi-Fi can be sketchy, but using a VPN on a public network is generally considered secure. You might want to avoid those USB jacks in the airport lounge, though—no telling who installed them.
Once you are finished, click the button below. Any items you have not completed will be marked incorrect. Get Results
There are 8 questions to complete.

Join our mailing list for the latest security news and deals