Cloud and Microsoft Office 365 (M365) Security

This 20 question quiz is designed to test and strengthen your understanding of Cloud and Microsoft Office 365 (M365) Security, and how these principles apply to your role within the organisation. Each question presents a realistic scenario involving potential security threats, such as phishing attempts, unauthorised access, data breaches, misconfigurations, and risks associated with cloud-based collaboration and storage.

You will be asked to choose the safest, most effective, and most secure response in each case.

The goal of this exercise is to help you recognise security risks within cloud environments, understand how protective measures and policies are applied, and adopt best practices that safeguard organisational data and user accounts. By working through these examples, you will build stronger awareness of common attack vectors and reinforce the habits that support a secure and compliant digital workplace.

Make your attempt count, you only have one chance to pass this quiz.

By continuing, you agree that System Force can use your details to send you your quiz results by email.

1 / 24

1. Effective cyber security requires:

Reliance on employee awareness only

A combination of governance, people, processes, and technology

Implementation of technical tools alone

Use of firewalls as the sole protective control

2 / 24

2. Which security approach assumes no automatic trust?

Zero Trust security framework

Anonymous system access model

Open access trust model

Traditional perimeter-based security model

3 / 24

3. Which organisation regulates data protection in the UK?

Office of Communications (Ofcom)

National Health Service (NHS)

British Broadcasting Corporation (BBC)

Information Commissioner’s Office (ICO)

4 / 24

4. What is one consequence of a data breach?

Increased customer confidence and trust

Improvements in overall system security posture

Damage to organisational reputation and potential financial penalties

Reduction in organisational risk exposure

5 / 24

5. What is the principle of least privilege?

Completely removing access to all systems and applications

Assigning administrative rights to all users by default

Granting users only the minimum access required to perform their role

Allowing shared use of administrator accounts

6 / 24

6. Which organisation provides Cyber Essentials?

HM Revenue and Customs (HMRC)

A UK government-backed scheme supported by the Information Assurance for Small and Medium-sized Enterprises (IASME)

The National Health Service (NHS)

The Driver and Vehicle Licensing Agency (DVLA)

7 / 24

7. Which Microsoft product provides DLP functionality?

Windows Calculator utility

Microsoft Paint image editor

Windows Notepad text editor

Microsoft Purview compliance and governance solutions

8 / 24

8. DLP helps prevent:

Delays in hardware upgrade cycles

Unauthorised access, sharing, or disclosure of sensitive information

Failures in printing and document output devices

Physical network infrastructure issues

9 / 24

9. What does DLP stand for?

Domain-Level Protection

Data Loss Prevention

Data Location Policy

Digital Link Protocol

10 / 24

10. What is Microsoft Secure Score?

A measurement tool that evaluates and recommends security improvements

A financial rating used to assess organisational creditworthiness

A network firewall configuration tool

A formal external audit compliance report

11 / 24

11. What is a passkey?

A cryptographic, passwordless authentication credential

A traditional physical key used for device security

A removable USB storage device

A product activation or licence key

12 / 24

12. MFA uses:

A single password-based authentication factor

Multiple independent authentication factors to verify identity

A single biometric authentication method

No authentication requirements for system access

13 / 24

13. What does MFA stand for?

Multi-File Archiving system

Managed Firewall Administration

Main Function Authorisation

Multi-Factor Authentication

14 / 24

14. What is Microsoft Entra ID primarily used for?

Editing and producing multimedia content

Financial reporting and business accounting

Managing enterprise printing and document workflows

Identity and access management across cloud and hybrid environments

15 / 24

15. Which is an emerging cloud threat?

Risks associated with paper-based record storage

AI-assisted phishing and social engineering attacks

Use of outdated optical media such as CD-ROMs

Continued reliance on analogue fax communication systems

16 / 24

16. What legislation governs personal data protection in the UK?

Control Objectives for Information and Related Technologies (COBIT)

United Kingdom General Data Protection Regulation (UK GDPR)

Payment Card Industry Data Security Standard (PCI DSS)

Sarbanes-Oxley Act (SOX)

17 / 24

17. Which Cyber Essentials control helps reduce cloud risks?

Sharing account credentials across multiple users

Delaying patching and software updates

Disabling endpoint protection tools

Applying secure configuration to systems and services

18 / 24

18. Which is a common cause of cloud breaches?

Enforcing multi-factor authentication across all users

Use of encrypted storage for sensitive data

Implementation of complex password policies

Exposure or theft of valid user credentials

19 / 24

19. Who secures the underlying cloud infrastructure in Microsoft's shared responsibility model?

The customer’s internal IT support teams

Individual end users configuring their own devices

Independent external compliance auditors

Microsoft as the cloud service provider

20 / 24

20. What is cloud computing?

Hosting applications on locally installed on-site hardware infrastructure

Installing security software directly onto end-user devices

Delivery of computing services such as storage, processing, and applications over the internet

Maintaining offline backups using removable storage media

21 / 24

1. Any additional feedback you would like to make us aware of?

22 / 24

2. What additional topics would you like to see covered in future cyber resiliency sessions?

23 / 24

3. Which part of the training did you find most valuable for improving your cyber resiliency skills, and why?

24 / 24

4. How confident do you feel in your ability to identify and respond to cyber threats after attending this webinar?

Exit

Take our Cloud and Microsoft Office 365 (M365) Security Quiz

You will be asked to choose the safest, most effective, and most secure response in each case.

1. Any additional feedback you would like to make us aware of?

2. What additional topics would you like to see covered in future cyber resiliency sessions?

3. Which part of the training did you find most valuable for improving your cyber resiliency skills, and why?

4. How confident do you feel in your ability to identify and respond to cyber threats after attending this webinar?