Skip to main content

    Foundations-track — eindtoets

    25 vragen, samengesteld uit de vijf Foundations-lessen. Behaal 60% om de track af te ronden. Voortgang wordt alleen in jouw browser bewaard; niets wordt naar ons verstuurd.

    Korte check

    Vijf vragen. Antwoorden en toelichting verschijnen na inzenden.

    1. Q1.

      Why does an attacker most often have detailed information about your role and colleagues before contacting you?

    2. Q2.

      What is the four-step pattern most attacks follow?

    3. Q3.

      True or false: most cyber attacks against your company are personal.

    4. Q4.

      What is the single highest-leverage personal defence against the attacker mindset?

    5. Q5.

      Your photo shows a sticky note with a temporary password. The post gets 200 likes. Most likely outcome?

    6. Q6.

      Which category does a 'click here to confirm your shipment' SMS lure belong to?

    7. Q7.

      An MFA prompt arrives on your phone that you did not initiate. Which category is in motion?

    8. Q8.

      Why is it useful to know the attack category when reporting an incident?

    9. Q9.

      Most real-world cyber incidents are best described as:

    10. Q10.

      Your SaaS provider sends an unexpected 'we had a security incident, your data may have been accessed' email. Which category?

    11. Q11.

      Which of these is NOT one of the four universal phishing red flags?

    12. Q12.

      Two of the four red flags appear in a message. What is your correct response?

    13. Q13.

      A coworker DMs you a link in Slack asking you to 'log in to the new IT portal'. The DM was unsolicited and the link domain is unfamiliar. Most likely:

    14. Q14.

      Which type of verification is genuinely safe?

    15. Q15.

      Is urgency by itself enough to flag a message as phishing?

    16. Q16.

      What is the single highest-leverage personal cyber-hygiene change you can make today?

    17. Q17.

      Why is FIDO2 / passkey MFA categorically stronger than TOTP or SMS?

    18. Q18.

      You receive an MFA push prompt at 2 AM. You are not signing in. Correct response?

    19. Q19.

      Is a 16-character random password generated by a password manager 'secure'?

    20. Q20.

      Which MFA method does NOT defend against SIM-swap attacks?

    21. Q21.

      You see a ransomware demand on a colleague's screen. They are not at their desk. What is your correct first action?

    22. Q22.

      Under NIS2, what is the early-warning notification window to NCSC after an organisation becomes aware of a significant incident?

    23. Q23.

      You suspect you've been phished and you clicked a credential link. What should you do FIRST?

    24. Q24.

      True or false: it's safer to delete a suspicious email immediately after reporting it.

    25. Q25.

      Why does the 'first 30 minutes' matter so much in incident response?

    Track voltooid ✓

    Je hebt de Foundations-track afgerond. Ga door met de Phishing-track — 9 modules over elke variant, van BEC tot deepfake-stem.

    Door naar Phishing →

    Wil je een echte aanvaller in je omgeving testen?

    HackersHub voert betaalde red-team-engagements uit.

    Praat met een expert

    Deze module is door HackersHub goedgekeurd in exact deze vorm, inclusief watermerk. Gratis onder CC-BY-ND 4.0. Wil je de inhoud aanpassen? Verwijder dan eerst ons watermerk. — Het HackersHub-team Bekijk licentievoorwaarden.