Cybersecurity Vocabulary Quiz
12 multiple-choice questions on cybersecurity and information security vocabulary: malware, phishing, firewalls, encryption, vulnerabilities, authentication, data breaches and network protection. B2–C1 level.
Keep building your cybersecurity vocabulary.
Cybersecurity Vocabulary — FAQ
'Malware' (short for 'malicious software') is the broad umbrella term for any software written to harm, disrupt or gain unauthorised access to a computer system. A 'virus' is just one specific type of malware — a program that attaches itself to a legitimate file and spreads when that file is run. Other types of malware include worms, trojans, spyware and ransomware. So every virus is malware, but not all malware is a virus.
Phishing is a type of social-engineering attack in which criminals send fraudulent emails, texts or messages that appear to come from a trusted source, in order to trick the victim into revealing sensitive information such as passwords or bank details, or into clicking a malicious link. The word is a deliberate misspelling of 'fishing', because attackers cast out 'bait' and wait for someone to bite. 'Spear phishing' targets a specific individual, while 'whaling' targets senior executives.
A firewall is a security system — either hardware or software — that monitors and controls incoming and outgoing network traffic based on a set of predefined rules. It acts as a barrier between a trusted internal network and untrusted external networks such as the internet, blocking unauthorised access while allowing legitimate communication through. The term is a metaphor from building construction, where a firewall is a physical barrier that stops fire from spreading.
Encryption is the process of converting readable data ('plaintext') into a scrambled, unreadable form ('ciphertext') using an algorithm and a key, so that only someone with the correct key can decrypt and read it. A password is a secret string used to authenticate a user — to prove they are who they claim to be. They serve different purposes: passwords control access, while encryption protects the confidentiality of the data itself, even if someone gains access to it.
A vulnerability is a weakness or flaw in a system, network, application or process that could be exploited by an attacker to gain unauthorised access or cause harm. Vulnerabilities can come from coding errors, misconfigurations or outdated software. When a vulnerability is unknown to the vendor and has no fix available, it is called a 'zero-day'. Organisations reduce risk by 'patching' (updating software to fix known vulnerabilities).
Ransomware is a type of malware that encrypts a victim's files or locks their system, then demands a payment (a 'ransom') — usually in cryptocurrency — in exchange for restoring access. Even when victims pay, there is no guarantee the criminals will provide a working decryption key. The best defences are keeping regular offline backups, patching software promptly and training staff to recognise phishing emails, which are the most common delivery method.
Authentication is the process of verifying who a user is — confirming their identity, for example by checking a password, a fingerprint or a one-time code. Authorisation is the process of determining what an authenticated user is allowed to do — which files, systems or actions they have permission to access. In short: authentication answers 'Who are you?', while authorisation answers 'What are you allowed to do?'. 'Two-factor authentication' (2FA) strengthens the first by requiring two separate forms of proof.
A data breach is a security incident in which confidential, protected or sensitive information is accessed, copied, stolen or exposed by an unauthorised person. Breaches can result from hacking, malware, lost devices, weak passwords or human error. Under regulations such as the UK GDPR, organisations must report serious personal-data breaches to the regulator, often within 72 hours, and may have to notify the affected individuals.
A patch is a piece of software released by a vendor to fix bugs, close security vulnerabilities or improve performance in an existing program. 'Patching' is the act of applying these updates. It is one of the most important and cost-effective security measures, because attackers frequently exploit known vulnerabilities for which a fix already exists but has not been installed. Keeping systems 'up to date' or 'fully patched' significantly reduces the attack surface.
A VPN (Virtual Private Network) creates an encrypted 'tunnel' between your device and a remote server, hiding your internet traffic from anyone on the local network and masking your real IP address. It is commonly used to connect securely to a workplace network over the public internet, to protect data on untrusted Wi-Fi, and to enhance privacy. A VPN protects data in transit, but it does not make you completely anonymous or replace antivirus software and good security habits.