Cybersecurity · Practice assessment

Cybersecurity practice assessment. Applied

A scored practice assessment. Not timed. Designed to sharpen judgement and create CPD-friendly export.

Back to Cybersecurity overview
OverviewTrack CPDCPD evidenceDashboardsLabsStudios
This is a scored practice assessment. It is not timed. Use it to identify weak domains before a timed attempt.
Cybersecurity practice assessment. Applied
12 questions

Scenario: A user changes order_id in a URL and sees another user’s order. What is the core failure?

web

Scenario: You are threat modelling a login flow. Under STRIDE 'Repudiation', what is the key concern?

threat-models

Scenario: You add security logging. What makes a log 'useful' for detection?

detection

Scenario: A password reset endpoint reveals whether an email exists. What risk is this?

web

Scenario: An endpoint checks authentication but not authorisation. What is the predictable failure?

identity

Scenario: You identify a threat but cannot justify a control. What is missing?

threat-models

Which logging practice is most defensible?

detection

Scenario: A support agent can see admin-only pages by changing a client-side flag. What is the root issue?

web

Scenario: You suspect brute force on login. What is the first detection signal you want?

detection

Scenario: An API uses long-lived API keys. What is the biggest security risk?

identity

Scenario: A team says 'we're safe because we use HTTPS'. What is the best response?

threat-models

Scenario: A file upload allows .html and is served from the same domain. What is a likely risk?

web
Add CPD reflection (optional)
One short paragraph makes your CPD evidence much stronger.
Pick one incorrect answer and write a one-paragraph note: what assumption changed, what evidence you would gather, and what control you would apply first.

Quick feedback

Optional. This helps improve accuracy and usefulness. No accounts required.