All correct.
I’d be a little critical of q9, about using public WiFi for sensitive activities. In the absence of https, yes, anything sensitive is risky on public WiFi. But it would be risky on private WiFi, too, in many circumstances, vulnerable to snoopers.
But the survey chose online banking as the example around which the question was framed. Are there really any online banks, anywhere, at all, that allow unencrypted connections? Surely not, and if not, was the question really helpful for public education?