OpenText Cybersecurity Challenge
Test your cybersecurity
knowledge and see if you know how to stay safe online.
Choose your skill level:
knowledge and see if you know how to stay safe online.
Choose your skill level:
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
What does “phishing” typically attempt to steal?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
The MITRE ATT&CK framework is primarily used to…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Initial Access Brokers (IABs) typically sell…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Oops, the correct answer is...
Personal or financial information
Phishing remains one of the most common and effective attack methods. It manipulates trust through deceptive emails, links, or copycat sites to trick users into handing over sensitive credentials.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Oops, the correct answer is...
Classify adversary tactics and techniques
MITRE ATT&CK provides a global knowledge base of adversary tactics and techniques, helping defenders model threats and improve detection.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Oops, the correct answer is...
Compromised network credentials
IABs profit by breaching networks and selling access to ransomware groups or other cybercriminals, enabling fast intrusions.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Which of the following is a strong password?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Which ransomware group was disrupted by law enforcement during Operation Endgame in 2024?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Which advanced attack technique can bypass MFA?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Sorry, the correct answer is...
H!9v$Kp@3
Strong passwords are long, unique, and include a mix of symbols, numbers, and cases. A password manager helps reduce reuse and maintain complexity.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Sorry, the correct answer is...
Lockbit
Operation Endgame was the largest anti-ransomware effort to date, hitting LockBit infrastructure and affiliates worldwide.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Sorry, the correct answer is...
Adversary-in-the-Middle phishing
AiTM phishing proxies intercept MFA tokens in real time, allowing attackers to hijack sessions despite MFA.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Multi-Factor Authentication (MFA) adds protection by…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Which vulnerability type is often most exploited first by attackers?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
FunkSec is best described as…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nope, the correct answer is...
Requiring more than just a password
MFA blocks most account takeover attempts by requiring a second factor like a push notification, code, or biometric check.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nope, the correct answer is...
Unpatched software
Patching remains critical. Attackers quickly weaponize newly disclosed vulnerabilities, exploiting those who delay updates.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nope, the correct answer is...
A ransomware group emerging after LockBit disruption
FunkSec gained visibility in 2025 as one of several groups filling the power vacuum after LockBit’s infrastructure takedown.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Which is the most common way SMBs are breached?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
What does EDR stand for?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Which ransomware campaign was specifically named for its attacks on VMware ESXi hypervisors in 2023?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Oops, the correct answer is...
Weak or stolen passwords
Credential theft and reuse attacks like credential stuffing are the top breach vector for SMBs. MFA and training reduce this risk.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Oops, the correct answer is...
Endpoint Detection and Response
EDR solutions monitor endpoints continuously, detecting and responding to advanced threats that bypass traditional antivirus.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Oops, the correct answer is...
ESXiArgs
The ESXiArgs campaign spread quickly using unpatched VMware ESXi servers. Later groups like Akira and BlackCat used similar methods, but the name refers to this wave specifically.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Ransomware attackers typically…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Which of the following is NOT a common SMB entry vector?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
“Living off the Land” (LOTL) attacks rely on…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Halfway done.
Keep at it! →
Sorry, the correct answer is...
Encrypt files and demand money
Ransomware encrypts critical files and may also steal data to threaten leaks. It remains the top cybercrime business model.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Halfway done.
Keep rolling! →
Right!
You're halfway done, so keep up the positive momentum.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Halfway there.
Keep at it! →
Sorry, the correct answer is...
Patching every week
Good patching hygiene reduces risk, while phishing, exposed RDP, and stolen credentials remain major attack routes.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Halfway done.
Keep rolling! →
Right!
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Halfway done.
Keep at it! →
Sorry, the correct answer is...
Built-in system tools to evade detection
LOTL uses trusted tools like PowerShell or PsExec to blend in, making detection harder and increasing attacker stealth.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Halfway done.
Keep rolling! →
Right!
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
A firewall’s main purpose is to…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Double-extortion ransomware means…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Supply chain attacks usually target…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nope, the correct answer is...
Block unauthorized network access
Firewalls serve as gatekeepers, filtering traffic and blocking unauthorized connections before they can enter a network.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Oops, the correct answer is...
Encrypting and stealing data
Modern ransomware groups both encrypt files and exfiltrate data, threatening public leaks if victims refuse to pay.
Edit
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nope, the correct answer is...
Third-party vendors or software updates
SolarWinds, Kaseya, and MOVEit are examples of supply chain attacks that weaponized trusted updates or vendor connections.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Which email detail is often a red flag for phishing?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
The principle of “least privilege” means…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Which security model enforces strict data compartmentalization to reduce insider threats?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Oops, the correct answer is...
Sender address looks suspicious
Checking the sender domain is key. Attackers often replace letters or add subtle differences to trick readers.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nope, the correct answer is...
Users only get the access they need
Least privilege reduces insider threat and lateral movement by ensuring accounts are restricted to only necessary access rights.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nope, the correct answer is...
Bell-LaPadula
The Bell-LaPadula model focuses on confidentiality by controlling information flow between classification levels, reducing insider risk.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Which is safer for SMB data storage?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
What is a primary goal of Zero Trust for SMBs?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Which cryptographic algorithm is considered most vulnerable to quantum computers?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nearly done.
Finish strong! →
Sorry, the correct answer is...
Secure, encrypted cloud
Cloud storage built for business offers encryption, access controls, and resilience, reducing data loss and insider threats.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nearly done.
Finish strong! →
Right!
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nearly done.
Finish strong! →
Sorry, the correct answer is...
Continuous authentication
Zero Trust enforces identity checks, device posture validation, and ongoing authentication to minimize implicit trust.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nearly done.
Finish strong! →
Right!
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nearly done.
Finish strong! →
Sorry, the correct answer is...
RSA
Shor’s algorithm allows quantum computers to break RSA and ECC efficiently, which is why post-quantum cryptography is being developed.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nearly done.
Finish strong! →
Right!
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Business Email Compromise (BEC) scams usually impersonate…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
“Smishing” is best described as…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
CISA’s “Shields Up” campaign was launched in response to…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Oops, the correct answer is...
Executives
BEC scams often impersonate CEOs or CFOs to trick staff into transferring money or releasing confidential data.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Oops, the correct answer is...
Phishing via SMS
Smishing uses fake texts with links or numbers to trick users into giving credentials or downloading malware.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nope, the correct answer is...
Russia–Ukraine conflict in 2022
Shields Up provided proactive security guidance to U.S. businesses amid fears of cyber retaliation linked to the Russia–Ukraine war.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
The term “Zero Trust” means…
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Which regulation most directly impacts SMBs handling EU customer data?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
In incident response, what does MTTR stand for?
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Oops, the correct answer is...
Never trust by default, always verify
Zero Trust requires continuous verification of users, devices, and applications. Nothing is trusted without validation, inside or outside the network.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Oops, the correct answer is...
GDPR
GDPR applies to any business that collects or processes personal data of EU residents, regardless of location.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
Nope, the correct answer is...
Mean Time to Recover
MTTR is a core incident response KPI, tracking how quickly an organization restores systems after a security incident.
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
{ outcome heading }
{ outcome description }
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
{ outcome heading }
{ outcome description }
By clicking a button above, you accept our Terms and Conditions and Privacy Policy
{ outcome heading }
{ outcome description }
By clicking a button above, you accept our Terms and Conditions and Privacy Policy