Skip to main content

Compass is offline while we prepare our new tools

Compass is offline while we prepare our new tools

Compass is now offline. Read more

Discover what this means

Try a cyber-security quiz

Crack some codes to learn about cyber security.

Back to Activities

You’ll need

  • Pens or pencils
Cyber Quiz Questions And Answers
PDF – 794.6KB
Download Cyber Quiz Questions And Answers
Cyber Quiz Code Key With Letters
PDF – 242.4KB
Download Cyber Quiz Code Key With Letters
Cyber Quiz Code Key Without Letters
PDF – 283.0KB
Download Cyber Quiz Code Key Without Letters

Before you begin 

  • Use the safety checklist to help you plan and risk assess your activity. There's also more guidance to help you carry out your risk assessment, including examples.   
  • Make sure all young people and adults involved in the activity know how to take part safely.
  • Make sure you’ll have enough adult helpers. You may need some parents and carers to help. 

Planning and setting up this activity 

  • If you’re unsure about your cyber security knowledge, you can use the National Cyber Security Centre (NCSC) resources and improve your skills before running the activity. 
  • Make sure you’ve printed or written copy of the quiz questions, answers and quiz codes.

Running this activity 

  1. Gather everyone together and explain that you’re going to be practising code breaking. You’ll be finding out the answers to questions by working out a secret code.
  2. Explain that some cyber-criminals, also known as hackers, often break codes or use computer programmes to help them break codes to find out information, such as passwords, or to access computer systems to gain information.
  3. Ask if anyone has tried code breaking or using secret codes to send messages before, such as morse code.
  4. Everyone should get into teams, then give each team a copy of the quiz questions sheet (but without answers) and a copy of the quiz codes. Depending on the groups age, you could give them a copy of the code with or without the letters, depending on their ability. You may want to give them the code sheet without letters first, then provide the version with letters if people are struggling. 
  5. For older groups, you could let people try work out the code from answers they know, without any code sheet. 
  6. Now, give the teams time to crack the code and work out the answers. 
  7. When everyone’s ready, gather back together and go through the answers.
  8. You could give a prize or congratulate the team(s) who scored the most points, but also reward any teams who communicated well, worked together well or supported each other.  
  • Use a strong and different password for your email: Combining 3 random words that each mean something to you is a great way to create a password that is easy to remember but hard to crack. You should use a different password for each of your accounts, particularly your email account.
  • Consider using a Password Manager: A password manager can store all your passwords securely, so you don’t have to worry about remembering them, helping you to use strong, separate passwords for all your important accounts.
  • Enable Two-Step Verification (2SV): Aim to use Two-Step Verification (2SV) wherever possible. This can involve entering a code that’s sent to your phone or email, as well as your password. It’s often also known as Two-Factor Authentication or Multi-Factor Authentication (MFA).
  • Keep software regularly updated: Regularly update your operating system, apps and antivirus software to protect against the latest threats. Cybercriminals, often known as hackers, make use of and benefit from weaknesses in outdated software to steal information. 
  • Look out for phishing and scams: For emails, messages or texts, always avoid using suspicious links or downloading attachments from unknown sources. Phishing emails, messages and texts often look legitimate, but their aim is to steal your information. They often use suspicious URL’s or email addresses, use bad spelling and have bad formatting.
  • Back up data regularly: Always back-up your most important files stored in a secure location, such as on an external hard drive or in cloud storage. This helps to protect you from data loss if there’s malicious software (such as viruses, worms, spyware) or hardware failures.
  • Educate others: Make sure you stay informed about the latest cybersecurity threats and how to protect yourselves from them. It's always good to tell your friends, family and loved ones about them too.  
  1. Antivirus software protects your device from viruses. Microsoft and Apple tend to have free antivirus programs installed, so if you turn these on you will be more secure. Make sure that antivirus is set up to apply updates automatically to keep you safe. You don’t need antivirus on a phone or tablet – but you should set up your apps and device to apply updates automatically. Always download apps from official stores, such as Apple’s App Store and Google Play. 
  2. Malware is code that can harm your device and the data on it. Your devices can become infected if you accidentally download malware from an attachment in an email, visiting a dodgy website or plugging in an infected USB. Always be careful of any links you click on in emails and check if the email seems OK first. If it’s offering for something too good to be true, it probably is!  
  3. Multi-Factor Authentication (MFA) adds a layer of protection to your accounts. It’s also known as 2-Step Verification (2-SV) or 2-Factor Authentication. When you set up 2-SV, you will be sent a PIN or code, often by text or email, depending on what you provided details for. You then need to enter that PIN into the website to prove that it is really you. Another form of 2SV is fingerprint identification or facial recognition. It takes a few minutes to set up 2SV, and many websites will ask you to do this when you set up an account, or at least provide you with the option. If you clicked on a dodgy link and have 2SV set up, you would be notified that someone was trying to gain access to your account and be able to stop it.
  4. Phishing is when hackers attempt to gather personal information from a person in a fraudulent way, normally through emails. It’s one of the most common ways for hackers to access your accounts. Some common signs of phishing emails are a sense of urgency, such as a deadline for payment, an account closing or something needing to be done quickly. It might make you feel like you’re missing out on a good deal if you don’t respond quickly. Many hackers will try and create some kind of emotion to make you more likely to click on the link too, such as fear. Always check the email address and you can always check with the sender if the message is genuine. Hackers believe that the more official a message seems, the more likely they can trick you to give out personal information. You should also think about whether the message is expected (for example, a message may be unexpected if it’s from a competition that you didn’t enter.) If the message is offering something that seems too good to be true or in short supply, such as concert tickets, a free phone or discounted headphones, it’s more than likely a scam. Poor grammar, bad spelling, the wrong or an old logo, or bad photo quality could be the sign of a scam.
  5. Updates help to keep your device secure. Remember to install automatic updates to your devices.
  6. Apps should only be downloaded from official stores, such as Google Play or the App Store. Keep all apps up-to-date whenever an update becomes available. It is one of the quickest things to keep you secure online. Usually these will take some time and may require reliable Wi-Fi to complete so bear this in mind.
  7. Vulnerability is the risk of using an old, unsupported device. The NCSC recommends that you replace any unsupported device so your device is not vulnerable to a cyber attack. It does not need to be brand new, but it is important to keep patching your device to keep it secure.
  8. Patches are software updates contain to keep your devices secure. They’re security updates that are crucial for devices to remain secure throughout their lifespan. It’s common for manufacturers to find vulnerabilities or issues over time, so they release these patches, or security updates, to fix them and keep you secure online.
  9. Identity theft is the act of stealing personal information and pretending to be someone else. This is one of the many reasons we need to be careful about how much personal information we have online, including photos and the background photos. Once information is out there, it’s hard to get it back or see where it ends up, and people may steal it to use without your consent.
  10. Smishing is when someone sends you fake mobile text messages to trick you into downloading malware, sharing sensitive information or sending money to cyber criminals. The term smishing comes from a combination of ‘SMS’ and ‘Phishing’. The signs are similar to phishing, such as urgency, emotion and poor spelling. You can forward any scam texts to 7726. This reports the message as a fake. You can also contact a person or organisation directly (not using the information in the text) to check if the message is fake. If it sounds too good to be true, it probably is.

Let us know how it went: 

Our supporter, the National Cyber Security Centre (NCSC), is keen to know how much you have learned about cyber security. If you’re happy to take part in their review, please ask your group these questions and send their answers to the NCSC using our Microsoft form. 

You’re going to read out a set of statements and everyone must decide if they Agree, Disagree or are Unsure. You could do this in lots of ways. You could use a thumbs up, thumbs down and thumbs in the middle. You could go round in a circle and ask people to say their answer, or you could set up three labelled areas for people to move between to show their answer. You will then report what the majority of the group answered. 

You may wish to run this before and after the activity to see what people have learned during the session.

Reflection

This activity was all about solving problems and learning about cyber security. Did you know any of the answers? Which question was the easiest and why? Which one was the hardest? Did you learn anything new? What’s one thing you’ve learned that you’d tell someone else? 

You also had to crack the code to find out the answers. How did you solve the code? Did you have a plan? When you started to get some of the answers, did it make it harder or easier to crack the code? What does this tell us about the passwords we should use? If someone cracks one of our passwords, they may be able to easily crack other passwords if we use the same or similar ones. 

You had to work together as a team. How did you find working as a team? Did you take on different roles? How did you use your skills to help the team? You needed to communicate and listen to each other too. How did you make sure everyone had chance to speak or had a turn at trying to answer the questions? Did anyone help lead the team or make sure everyone was treated fairly?  

You may have made a couple of mistakes when answering the questions or when cracking the code and that’s OK. If anything went wrong, or you were unsure of a question, what happened and how did you solve the problem? Did you have to go back and try again at any point? 

Safety

All activities must be safely managed. You must complete a thorough risk assessment and take appropriate steps to reduce risk. Use the safety checklist to help you plan and risk assess your activity. Always get approval for the activity, and have suitable supervision and an InTouch process.

Online safety

Supervise young people when they’re online and give them advice about staying safe. Take a look at our online safety or bullying guidance. The NSPCC offers more advice and guidance, too. If you want to know more about specific social networks and games, Childnet has information and safety tips for apps. You can also report anything that’s worried you online to the Child Exploitation and Online Protection CommandAs always, if you’ve got concerns about a young person’s welfare, including their online experiences, follow the Yellow Card to make a report.

  • If anyone needs help or struggles with fine motor skills, give them the opportunity to work in pairs, with a young leader or an adult volunteer. 
  • People who struggle with making choices could find all the options a bit overwhelming, so they might need extra support or to work with a young leader/volunteer. 

All Scout activities should be inclusive and accessible.

Digital Citizen Stage 1

If you enjoyed this activity, check out our others on cyber security or encourage the young people to check out the fun resources from the National Cyber Security Centre such as Cyber Sprinters - the award-winning interactive online security resources for 7-11 year olds. Or Cyber Navigators - all about how to stay secure online, it's an interactive online security resources for 11–14 year olds.

Young people could use the code to write other messages, or they could write their own quiz questions and coded answers.