SkillQuiz

Test your cybersecurity skills with interactive quizzes; earn certificates

upon 80% pass mark.

🌐 IoT Penetration Testing

Evaluate IoT security knowledge in 25 practical questions; pass mark: 80%.

1 / 25

IoT devices can be recruited into botnets and used for DDoS attacks.

2 / 25

Many IoT devices are shipped with default credentials that are publicly documented.

3 / 25

Zigbee only operates on the 2.4 GHz frequency worldwide.

4 / 25

Binwalk can identify and extract filesystems and compressed data from firmware images.

5 / 25

MQTT uses TLS/SSL by default to secure messages.

6 / 25

Shodan provides a graphical interface to search exposed IoT devices on the internet.

7 / 25

IoT pentesting focuses only on hardware vulnerabilities.

8 / 25

Firmware analysis can reveal sensitive information such as API keys and passwords.

9 / 25

Wireshark can analyze MQTT packets if the correct dissector is enabled.

10 / 25

IoT devices often use strong encryption by default.

11 / 25

Which organization defines IoT security guidelines and frameworks?

12 / 25

Which layer of the IoT architecture is most vulnerable to physical attacks?

13 / 25

Which tool helps capture wireless packets for IoT analysis?

14 / 25

Which of these is a common vulnerability in IoT devices?

15 / 25

Which command can you use to identify devices on a local network?

16 / 25

Which IoT protocol is based on publish-subscribe messaging?

17 / 25

What is the function of the “firmadyne” framework?

18 / 25

Which type of attack targets IoT communication protocols like MQTT or CoAP?

19 / 25

Which tool helps in analyzing Zigbee communication?

20 / 25

What does the term “firmware reverse engineering” refer to?

21 / 25

Which tool can scan IoT networks for open ports and services?

22 / 25

What is the main purpose of an IoT pentest?

23 / 25

Which command-line tool is used to extract firmware files from images?

24 / 25

What is the default port for the MQTT protocol?

25 / 25

Which tool is widely used to discover IoT devices connected to the internet?

Your score is

The average score is 0%

0%

Wi-Fi Penetration Testing

Assess wireless security skills with 25 questions; pass mark: 80%.

1 / 25

Which encryption algorithm is used in WPA3 for enhanced security?

2 / 25

Which wireless security feature prevents brute-force WPS attacks?

3 / 25

What command in Aircrack-ng suite is used to capture packets?

4 / 25

Which tool is used to automate Evil Twin attacks?

5 / 25

Name one Linux distribution specialized for Wi-Fi and network penetration testing.

6 / 25

A hidden SSID completely protects a Wi-Fi network from attackers.

7 / 25

WEP encryption uses dynamic keys, making it hard to crack.

8 / 25

Wireshark can be used to analyze wireless packets if the adapter supports monitor mode.

9 / 25

MAC address filtering is a foolproof method to secure Wi-Fi networks.

10 / 25

WPA3 uses SAE (Simultaneous Authentication of Equals) for secure key exchange.

11 / 25

Which layer of the OSI model does Wi-Fi primarily operate on?

12 / 25

Which attack allows intercepting data between a user and a legitimate AP?

13 / 25

Which tool can be used to create a fake access point?

14 / 25

Which protocol is used for encrypting WPA2 traffic?

15 / 25

Which wireless mode acts as a central connection point for clients?

16 / 25

What type of attack targets the WPS feature in routers?

17 / 25

Which tool is mainly used to perform Wi-Fi password brute-force attacks?

18 / 25

Which frequency band is not commonly used for Wi-Fi?

19 / 25

What does “SSID” stand for?

20 / 25

Which command-line tool is used for Wi-Fi packet analysis on Linux?

21 / 25

Which protocol replaced WEP due to its vulnerabilities?

22 / 25

What does a deauthentication attack do in Wi-Fi networks?

23 / 25

Which tool is commonly used to capture Wi-Fi handshakes for password cracking?

24 / 25

What is the default port for RADIUS authentication in wireless networks?

25 / 25

Which wireless encryption standard is considered most secure for modern Wi-Fi networks?

Your score is

The average score is 0%

0%

Ethical Hacking Fundamentals

Test your ethical hacking skills with 25 questions; pass mark: 80%.

1 / 25

What tool can automate SQL Injection exploitation in web applications?

2 / 25

Write one command to scan all ports on an IP using Nmap.

3 / 25

Which tool would you use to analyze suspicious network traffic in real time?

4 / 25

What command is used in Metasploit to list available exploits?

5 / 25

Name one tool used for privilege escalation on Linux systems.

6 / 25

Which tool can be used for reverse shell communication?

7 / 25

Nikto is a tool used for:

8 / 25

Which command is used to check open ports on a local machine in Linux?

9 / 25

Which of the following is an OSINT (Open Source Intelligence) tool?

10 / 25

Which tool is used to detect and exploit wireless network vulnerabilities?

11 / 25

Which framework is used for web application penetration testing automation?

12 / 25

Which tool helps in brute-forcing login credentials over HTTP, FTP, and SSH?

13 / 25

What is the default port for SSH?

14 / 25

Which command in Linux shows active network connections?

15 / 25

Metasploit Framework is primarily used for:

16 / 25

Which of the following tools can be used for password cracking?

17 / 25

Which tool is commonly used for web vulnerability scanning?

18 / 25

What does the command nmap -sS perform?

19 / 25

Nmap is mainly used for:

20 / 25

Which tool is primarily used for network packet analysis?

21 / 25

Metasploit can be used to both exploit and test vulnerabilities in systems.

22 / 25

Burp Suite can intercept and modify HTTP requests between browser and server.

23 / 25

Hydra is a tool for network sniffing and packet capture.

24 / 25

Nmap can be used to detect the operating system of a target machine.

25 / 25

Wireshark can be used to capture and analyze encrypted HTTPS traffic without any decryption keys.

Your score is

The average score is 0%

0%

CISSP Advanced Level

Challenge your CISSP expertise with 40 advanced True/False questions; pass mark: 80%.

1 / 40

A honeypot is designed to distract and analyze attackers.

2 / 40

Data masking hides sensitive data in production systems.

3 / 40

Business impact analysis identifies critical systems and potential loss.

4 / 40

Zero-day vulnerabilities are publicly known and easily patched.

5 / 40

Two-person control ensures no single individual can perform critical tasks alone.

6 / 40

TLS replaced SSL for secure communications on the internet.

7 / 40

Network segmentation limits the impact of security breaches.

8 / 40

Security awareness training reduces the likelihood of phishing attacks.

9 / 40

Cross-site scripting (XSS) attacks target network firewalls directly.

10 / 40

Incident response plans include preparation, detection, containment, eradication, and recovery.

11 / 40

Antivirus software is enough to protect against advanced persistent threats (APTs).

12 / 40

Replay attacks are mitigated by using nonces or timestamps.

13 / 40

ISO/IEC 27001 provides a framework for information security management systems.

14 / 40

Risk acceptance means mitigating risk to zero.

15 / 40

Cloud service models include IaaS, PaaS, and SaaS.

16 / 40

Vulnerability management is a continuous process, not a one-time event.

17 / 40

Single sign-on (SSO) improves security without increasing risk.

18 / 40

The NIST Cybersecurity Framework includes Identify, Protect, Detect, Respond, Recover.

19 / 40

Encryption ensures both confidentiality and integrity of data.

20 / 40

Security policies are optional guidelines for employees.

21 / 40

Penetration testing actively simulates attacks to find vulnerabilities.

22 / 40

Biometrics is a type of knowledge-based authentication.

23 / 40

A DMZ is used to isolate internal networks from untrusted networks.

24 / 40

Separation of duties helps prevent fraud and collusion.

25 / 40

Least privilege principle grants users only the permissions necessary.

26 / 40

Intrusion detection systems prevent attacks by automatically blocking traffic.

27 / 40

Vulnerability scanning identifies unknown system weaknesses automatically.

28 / 40

SSL is the modern standard for securing web traffic.

29 / 40

Digital signatures provide non-repudiation for messages and documents

30 / 40

Social engineering attacks exploit human behavior rather than technical vulnerabilities.

31 / 40

Access control models include discretionary, mandatory, and role-based access control.

32 / 40

Hash functions are reversible, allowing original data recovery.

33 / 40

Security governance aligns security policies with organizational objectives.

34 / 40

Business continuity planning is only concerned with IT systems.

35 / 40

Risk assessment identifies threats, vulnerabilities, and potential impacts.

36 / 40

A firewall operates only at Layer 3 (Network) of the OSI model.

37 / 40

Asymmetric encryption uses a public and private key pair.

38 / 40

Symmetric encryption uses the same key for encryption and decryption.

39 / 40

Multifactor authentication relies only on two types of credentials.

40 / 40

The CIA triad stands for Confidentiality, Integrity, and Availability.

Your score is

The average score is 0%

0%

Hardware Hacking Fundamentals

Assess hardware exploitation skills with 25 hands-on questions; pass mark: 80%.

1 / 25

Hardware hacking is illegal in all circumstances.

2 / 25

Give one example of a hardware device often targeted by hackers for testing.

3 / 25

Name one type of side-channel attack besides power analysis.

4 / 25

Which tool is used to solder or desolder components on a PCB?

5 / 25

Name one common bus used for communication between microcontrollers and peripherals.

6 / 25

Differential power analysis is a method of side-channel attack.

7 / 25

Hardware hacking can help identify security vulnerabilities in IoT devices.

8 / 25

Logic analyzers are not useful for reverse engineering embedded devices.

9 / 25

Oscilloscopes help analyze voltage and signal timing in circuits.

10 / 25

EEPROM chips cannot be read or written with external programmers.

11 / 25

JTAG interfaces can be used for debugging and extracting firmware.

12 / 25

Hardware hacking requires only software knowledge, not electronics.

13 / 25

Side-channel attacks can reveal sensitive information without modifying the device.

14 / 25

Flashing a device means:

15 / 25

Which interface is often used for serial communication debugging?

16 / 25

What is the main purpose of a soldering iron in hardware hacking?

17 / 25

Which attack exploits variations in power consumption to extract secrets?

18 / 25

Which tool helps to extract firmware from a chip?

19 / 25

SPI and I2C are types of:

20 / 25

Which type of attack involves reading sensitive data directly from memory chips?

21 / 25

What is the purpose of a multimeter in hardware hacking?

22 / 25

What does GPIO stand for?

23 / 25

Which component is essential for flashing firmware?

24 / 25

What is the primary purpose of a logic analyzer?

25 / 25

Which interface is commonly used for hardware debugging?

Your score is

The average score is 0%

0%

Bug Bounty Hunting

Test bug bounty skills with 30 practical questions on reconnaissance, exploitation, reporting; pass mark: 80%.

1 / 25

Reporting vulnerabilities to vendors can improve your reputation and credibility.

2 / 25

Cross-Site Request Forgery (CSRF) attacks can manipulate authenticated users.

3 / 25

Bug bounty hunters must always have written permission before testing systems.

4 / 25

What is the primary tool for intercepting and modifying web traffic?

5 / 25

Name one platform where ethical hackers can participate in bug bounty programs.

6 / 25

Out-of-scope testing is allowed in most bug bounty programs.

7 / 25

Reporting bugs in scope is safe and legal.

8 / 25

Cross-site scripting can be stored or reflected.

9 / 25

Social engineering can be part of bug bounty testing if authorized.

10 / 25

Automated scanners are enough to find all vulnerabilities.

11 / 25

A responsible bug hunter never discloses vulnerabilities publicly before reporting.

12 / 25

Bug bounty programs always pay even for duplicate vulnerabilities.

13 / 25

Reconnaissance includes gathering information about targets before attacks.

14 / 25

Which of the following is a legal way to practice bug bounty skills?

15 / 25

Burp Suite is primarily used for:

16 / 25

What is a subdomain takeover?

17 / 25

CSRF attacks exploit:

18 / 25

Which header can prevent clickjacking attacks?

19 / 25

What is the primary goal of a bug bounty hunter?

20 / 25

SQL Injection allows attackers to:

21 / 25

What is responsible disclosure?

22 / 25

What does CVE stand for?

23 / 25

XSS vulnerabilities occur when:

24 / 25

Which tool is commonly used for web reconnaissance?

25 / 25

What is the first step in a bug bounty program?

Your score is

The average score is 0%

0%

📝 Explore Your Skills and Knowledge

Take interactive quizzes, test your skills, and explore knowledge across any

topic or query! 💡📩

Contact Us

VistaSec Arena is a platform where you can participate in hackathons, datathons, CTFs, quizzes, and challenges to win prizes and enhance your skills.

Company

Useful Links

Contact

Empowering Skills, Ensuring Security.

info@vistasec.com

Office number 207, 2nd floor, Emaar The Palm Square, Sector 66, Golf Course Extension Road, Gurgaon -122102. (HR).

Copyright © 2025 All Right Reserved VistaSec

Scroll to Top