IT can get heavy sometimes, especially cybersecurity. Tickets pile up, alerts don’t sleep, and every “quick fix” somehow becomes a three-hour adventure. That’s exactly why it helps to keep things fun. Things like MSP memes and great trivia sparks a conversation, encourages curiosity, and fosters big picture thinking.
Use these questions to quiz your staff, because the teams that learn together win together.
1. What Microsoft Windows error screen is known as BSOD?
Answer: Blue Screen of Death. A critical error screen displayed in many iterations of Windows, first appearing in Windows 1.0 in 1985.
2. Why is using plain FTP considered risky for MSP-managed environments? What protocol fixes that risk?
Answer: Plain FTP transmits credentials and data in cleartext, making it vulnerable to interception. SFTP fixes this by encrypting authentication and file transfers over SSH.
3. What security release “tradition” happens the second Tuesday of every month?
Answer: Patch Tuesday. Microsoft adopted it in October 2003 as a way to standardize the releases of security updates. Tuesdays were considered ideal because there was time to test and fix problems before the end of the week.
4. In 2026, roughly how many people worldwide will rely on the internet for work, commerce, and services? What does that imply for downtime risk?
Answer: About 6.1 billion people. That highlights how even brief outages can have massive global impact.
5. What global organization coordinates IP address allocation and other core internet identifiers?
Answer: IANA (Internet Assigned Numbers Authority).
6. What internet routing protocol, when misconfigured or hijacked, can take major websites offline worldwide?
Answer: BGP (Border Gateway Protocol), which controls how traffic is routed between networks on the internet.
7. What cloud computing concept lets developers build and run code without managing servers?
Answer: Serverless computing.
8. Why do outages in one SaaS feature sometimes not take down the entire platform? What architecture enables that?
Answer: Microservices architecture, which separates applications into independently deployable services.
9. What technology protects client login pages and admin portals from eavesdropping and tampering on the web?
Answer: TLS (Transport Layer Security), which encrypts web traffic and verifies server identity.
10. What core technology makes modern MSP hosting, private clouds, and disaster-recovery platforms possible?
Answer: Hypervisor-based virtualization, which allows multiple virtual machines to run on a single physical server.
11. What technology helps MSPs improve website performance including page load times?
Answer: Content Delivery Networks (CDNs), which cache content closer to users to reduce latency and outages.
Security and Compliance
1. What’s one high-level reason MSPs are considered “high-leverage” targets for attackers?
Answer: Compromising an MSP tool or account can provide access to many client environments (a supply-chain multiplier).
2. What modern authentication concept allows login without passwords using cryptographic credentials?
Answer: Passkeys.
3. NotPetya is widely described as one of the most damaging cyberattacks ever. What damage figure is commonly cited?
Answer: Roughly $10 billion in damages.
4. In the famous IoT casino incident, what device was cited as the entry point for hackers?
Answer: An internet-connected fish tank thermometer/sensor.
5. What cybersecurity framework organizes work into Identify, Protect, Detect, Respond, and Recover?
Answer: The NIST Cybersecurity Framework (CSF)
6. What cybersecurity concept assumes no user or device should be trusted by default?
Answer: Zero Trust
7. What security principle limits users to only the access they need?
Answer: Least privilege
8. Which international standard defines requirements for an Information Security Management System (ISMS)?
Answer: ISO/IEC 27001
9. Which standards body publishes the WebAuthn specification used for modern passkeys?
Answer: The World Wide Web Consortium (W3C)
10. What standards-based approach is commonly used for phishing-resistant sign-in with passkeys?
Answer: FIDO2 / WebAuthn
11. What legal obligation requires businesses to disclose certain data breaches?
Answer: Breach notification laws
Source: FTC (Data breach response guide)
Source: FTC (Data breach response guide)
12. What is the name of the CISA list that helps defenders prioritize vulnerabilities proven exploited “in the wild?”
Answer: The Known Exploited Vulnerabilities (KEV) Catalog
13. Which NIST publication is the classic “go-to” guide for handling security incidents?
Answer: NIST SP 800-61 (Computer Security Incident Handling Guide)
14. In modern NIST password guidance, what’s the general stance on forced periodic password changes?
Answer: Don’t require routine password resets unless there’s evidence of compromise.
15. What’s the name of the public knowledge base that maps adversary tactics and techniques (used heavily in detection engineering)?
Answer: MITRE ATT&CK
16. What type of attack are passkeys designed to help reduce?
Answer: Phishing (by replacing passwords with cryptographic credentials).
17. NIST discussed the proposed deprecation of what common MFA method due to risk?
Answer: SMS-based out-of-band authentication
19. CISA recommends a simple backup resilience pattern. What’s the “3-2-1” rule?
Answer: 3 copies of data on 2 media types with 1 copy offsite.
20. In NIST incident response guidance, what’s the name of the step where you confirm and scope what happened before action?
Answer: Detection & Analysis as part of the incident response lifecycle
21. What’s the term for a concise, repeatable set of steps teams follow during incidents to speed response?
Answer: A runbook, often paired with playbooks
22. Under the SEC’s cyber disclosure rules, how soon must companies generally file an Item 1.05 Form 8-K after determining an incident is material?
Answer: Generally within four business days of the materiality determination
23. Under the GDPR, what’s the maximum administrative fine tier for the most severe violations?
Answer: Up to 20 million euro or 4% of global annual turnover, whichever is higher
24. In HIPAA breaches, what’s the latest allowed timing for notifying affected individuals?
Answer: Without unreasonable delay and no later than 60 days after discovery
25. Under the FTC Safeguards Rule (GLBA), what authentication control is explicitly required for access to information systems (with limited exceptions)?
Answer: Multi-factor authentication (MFA)
IT Business Growth and Operations
1. What free Google tool helps MSPs manage how their business appears in Google Search and Maps?
Answer: Google Business Profile
2. What type of online behavior can trigger restrictions on Google Business Profiles?
Answer: Fake or manipulated reviews and engagement (policy violations)
Source: Google Help (Business Profile restrictions for policy violations)
3. What customer-loyalty concept did Harvard Business Review call “the one number you need to grow?”
Answer: Net Promoter Score (NPS)
4. In the NPS model, what customer behavior is the core signal of loyalty?
Answer: Recommending the company to others
5. What cloud deployment model combines on-premises systems with public cloud services?
Answer: Hybrid cloud
6. What Microsoft partner program allows MSPs to resell and manage Microsoft cloud services?
Answer: The Cloud Solution Provider (CSP) program
7. Which Microsoft portal is the official entry point for CSP enrollment and management?
Answer: Partner Center
8. Why do MSPs emphasize recurring revenue as a growth lever?
Answer: It supports predictable, contract-based revenue and long-term customer relationships.
9. What sales approach encourages MSPs to sell business outcomes instead of tools?
Answer: Value-based selling
10. What cybersecurity service monitors environments 24×7 for threats and helps coordinate response?
Answer: SOC-as-a-Service (SOCaaS)/managed SOC
11. What cybersecurity capability focuses on detecting and responding to suspicious activity on endpoints?
Answer: Endpoint Detection and Response (EDR)
MSP Industry
1. In what year was HP Inc. founded?
Answer: Hewlett-Packard was founded in 1939 by Bill Hewlett and David Packard in a one-car garage in Palo Alto, CA.
2. Which NBA team plays its home games at the Kaseya Center (named after the MSP software provider Kaseya)?
Answer: The Miami Heat
3. ChannelPro Network is part of what parent company that’s often abbreviated “CRA?”
Answer: CyberRisk Alliance.
4. What’s the oldest peer organization in the managed IT industry?
Answer: The ASCII Group was founded in 1984.
5. Which authors wrote The Pumpkin Plan for Managed Service Providers, a popular book on client selection and management?
Answer: Dave Cava and Shawn Walsh wrote it, based on the bestseller by Mike Michalowicz.
6. Which MSP owner and podcaster is affectionately known as Uncle Marv?
Answer: Marvin Bee
Featured image: noviyanita — stock.adobe.com
