Cybersecurity Quiz Questions

A sample of the Cyber Jeopardy question pool — click any clue to reveal the answer

Looking for cybersecurity quiz questions for a security awareness session, a CTF warm-up, or a team-building quiz night? Below is a sample board drawn from the built-in Cyber Jeopardy question pool. Questions are written in the classic Jeopardy style: each clue is a statement, and the correct response is phrased as a question.

When you are ready to play, create a free game — project the board on any screen, and let teams buzz in from their phones. No app installs, no account required.

Cryptography

Symmetric and asymmetric ciphers, hashing, PKI, and key exchange.

$200 — This hashing algorithm produces a 256-bit digest and is widely used in TLS and certificate signing.

What is SHA-256? Part of the SHA-2 family. Collision-resistant and still considered secure as of 2026.

$400 — This key exchange protocol lets two parties establish a shared secret over an insecure channel without transmitting the secret itself.

What is Diffie-Hellman key exchange? The basis for forward secrecy in TLS. ECDH is the elliptic-curve variant.

Network Security

Firewalls, VPNs, intrusion detection, protocols, and common network attacks.

$200 — This technique intercepts communication between two parties without their knowledge.

What is a Man-in-the-Middle attack? HTTPS and certificate pinning defend against it. Common on unsecured Wi-Fi.

$500 — This attack sends crafted packets to exploit TCP's three-way handshake, leaving connections half-open and exhausting server resources.

What is a SYN flood? Mitigated by SYN cookies, which let servers handle SYN packets without allocating state until the handshake completes.

Web Application Security (OWASP)

The OWASP Top 10 is the canonical reference for the most critical web security risks.

$100 — This attack injects malicious scripts into web pages viewed by other users.

What is Cross-Site Scripting (XSS)? Stored XSS persists in the database; reflected XSS lives in the URL. Mitigated by output encoding and Content Security Policy headers.

$300 — This vulnerability lets attackers manipulate database queries by injecting code into user input fields.

What is SQL injection? Prevented by parameterised queries and prepared statements. Still one of the most prevalent vulnerabilities.

Malware & Ransomware

Malicious software that damages, disrupts, or gains unauthorised access to systems.

$400 — This self-replicating malware spread via EternalBlue in 2017, encrypting hundreds of thousands of machines worldwide.

What is WannaCry? EternalBlue exploited a flaw in SMBv1. A kill-switch domain registered by Marcus Hutchins halted its spread.

$100 — This type of malware disguises itself as legitimate software to trick users into installing it.

What is a Trojan horse? Unlike viruses, trojans do not self-replicate. They often open backdoors for remote access.

Social Engineering

Manipulating people into divulging information or taking actions that compromise security.

$100 — This attack sends deceptive emails appearing to come from trusted sources to steal credentials or install malware.

What is phishing? Spear phishing targets specific individuals; vishing is the voice-call variant.

$500 — This attack targets a small group of high-value individuals, typically executives, with highly personalised phishing content.

What is whaling? Often combined with business email compromise. Global losses run into the billions.

Authentication & Access Control

Verifying identity and enforcing what authenticated users may do.

$300 — This security model requires every request to be verified, trusting no user or device by default, even inside the network perimeter.

What is Zero Trust? Summed up as “never trust, always verify.” Relies on strong identity, device posture, and least-privilege access.

$200 — This method requires two or more independent factors — something you know, have, or are — to authenticate.

What is Multi-Factor Authentication (MFA)? Phishing-resistant factors such as FIDO2/WebAuthn security keys are the strongest variant.

Ready to play?

The full pool spans 21 categories. Start a free game in under a minute, or see how it works first. Pro plans add custom question packs so you can write your own clues for your team.