A smart thermostat in an office starts sending data to an unknown server. Network logs show no other anomalies. What should the IT team do FIRST, and why?

A user visits a news site and unknowingly downloads a file that locks their system with a ransom demand. No email or attachment was involved. What attack occurred, and what should have been updated?

A European retailer suffers a breach exposing customer emails. The legal team insists on notifying authorities within 72 hours. What regulation drives this, and what should be prepared?

A manufacturing plant’s SCADA system is compromised, shutting down production. Logs show unusual commands from an internal IP. What should the incident response team do FIRST, and why?

A cybersecurity team investigates a breach where an attacker used a stolen session cookie to access a user’s account. Logs show no password attempts. What should they implement to prevent this, and what feature should be enabled?

A remote developer connects to a git repository over an unencrypted channel. An attacker intercepts the session, stealing code. What should the IT team enforce, and what protocol should be used?

A logistics firm restricts warehouse staff from accessing financial records. After a breach, they find a worker exploited a shared account. What should have been implemented, and how should it be configured?

A startup deploys a customer database in AWS. After a breach, they learn an attacker accessed it via a misconfigured S3 bucket. What should they have used to secure it, and what feature should be enabled?

A gaming company’s forum is hacked, displaying pop-ups with malicious scripts after a user posts a comment. Logs show no server-side breaches. What attack occurred, and what should be fixed?

A tech support employee receives a call from someone claiming to be a VP needing urgent password help. The caller knows internal project names but refuses video verification. What should the employee suspect, and what should they do FIRST?