Basics of Cybersecurity: Threats & Vulnerabilities
48 Questions
7 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which type of attack is characterized by overwhelming a system with excessive traffic?

  • Denial-of-Service Attack (correct)
  • Man-in-the-Middle Attack
  • Supply Chain Attack
  • Social Engineering Attack
  • What is one of the main risks associated with social engineering attacks?

  • Unintentional disclosure of sensitive information (correct)
  • Degradation of hardware performance
  • Loss of physical equipment
  • Inability to detect malware
  • In which type of attack does malicious input potentially expose sensitive information within a web application?

  • Supply Chain Attacks
  • Malware Attacks
  • Injection Attacks (correct)
  • Man-in-the-Middle Attacks
  • Which of the following describes a significant vulnerability created by system misconfigurations?

    <p>Vulnerabilities due to incompatible security settings</p> Signup and view all the answers

    What primarily enables attackers to exploit systems effectively?

    <p>Outdated or unpatched software</p> Signup and view all the answers

    Which of the following best describes a supply chain attack?

    <p>Infection of legitimate applications without the vendor's knowledge</p> Signup and view all the answers

    What is a consequence of a successful Man-in-the-Middle Attack?

    <p>Compromising sensitive communications between parties</p> Signup and view all the answers

    Which of these is not categorized as a type of malware?

    <p>Phishing</p> Signup and view all the answers

    What is the primary purpose of a patch management strategy?

    <p>To apply recent system updates</p> Signup and view all the answers

    Which statement accurately defines the concept of data privacy?

    <p>Data privacy focuses on controlling who has access to specific data.</p> Signup and view all the answers

    What are zero-day vulnerabilities?

    <p>Weaknesses in systems identified by attackers before the user</p> Signup and view all the answers

    Which principle supports ensuring users can access data required for business functions?

    <p>Data Availability</p> Signup and view all the answers

    What challenge is associated with malicious insider threats within an organization?

    <p>They often manipulate actions to appear genuine.</p> Signup and view all the answers

    Data protection refers to which of the following?

    <p>The strategic steps to safeguard sensitive data</p> Signup and view all the answers

    How does missing or weak data encryption affect an organization?

    <p>It can lead to the exposure of misleading information.</p> Signup and view all the answers

    What aspect of data lifecycle management is emphasized in the protection of data?

    <p>Automating data transmission to various storage</p> Signup and view all the answers

    What primary function does Information Lifecycle Management serve regarding information assets?

    <p>Valuating, cataloging, and protecting information assets</p> Signup and view all the answers

    Which of the following laws is primarily concerned with safeguarding personal data in the Philippines?

    <p>Data Privacy Act of 2012 (RA No. 10173)</p> Signup and view all the answers

    What is a key ethical responsibility of cybersecurity professionals?

    <p>To follow codes of conduct to maintain integrity</p> Signup and view all the answers

    Which act specifically addresses incidents of online sexual abuse or exploitation of children in the Philippines?

    <p>Anti-Online Sexual Abuse or Exploitation of Children Act (RA No. 11930)</p> Signup and view all the answers

    What potential consequences might organizations face due to security negligence?

    <p>Penalties and legal liability</p> Signup and view all the answers

    What does ethical hacking require prior to conducting security tests?

    <p>Permission from the entity being tested</p> Signup and view all the answers

    What should organizations balance when monitoring for security purposes?

    <p>Security requirements with privacy rights</p> Signup and view all the answers

    What does the Cybercrime Prevention Act of 2012 primarily focus on?

    <p>Addressing cybercrime and promoting cybersecurity</p> Signup and view all the answers

    What distinguishes Narrow AI from General AI?

    <p>General AI can handle complex tasks beyond human capabilities.</p> Signup and view all the answers

    Which type of AI is characterized by the inability to store memories or use past experiences in decision-making?

    <p>Reactive Machines</p> Signup and view all the answers

    Which type of AI is currently not in existence but predicts the potential to understand human emotions?

    <p>Theory of Mind</p> Signup and view all the answers

    What is a key feature of Limited Memory AI?

    <p>It can store and utilize previous data for decision-making.</p> Signup and view all the answers

    IBM’s Deep Blue is an example of which type of AI?

    <p>Reactive Machines</p> Signup and view all the answers

    What is the primary function of Reactive Machines?

    <p>To carry out simplistic tasks in real-time</p> Signup and view all the answers

    Which of the following applications exemplifies the capabilities of Limited Memory AI?

    <p>A self-driving car</p> Signup and view all the answers

    What is a notable benefit of using cryptocurrencies over traditional banking systems?

    <p>Elimination of third parties</p> Signup and view all the answers

    Which of the following is NOT considered a challenge in the use of cryptocurrencies?

    <p>Improved accuracy</p> Signup and view all the answers

    What characteristic of Self-aware AI is unique compared to other types of AI?

    <p>It possesses a form of self-awareness.</p> Signup and view all the answers

    What is one of the potential negative implications of the pseudonymous nature of cryptocurrency transactions?

    <p>Facilitation of criminal activities</p> Signup and view all the answers

    Which financial technology application is specifically designed to help consumers manage their investments automatically?

    <p>Robinhood</p> Signup and view all the answers

    What characteristic of cryptocurrencies contributes to their price volatility?

    <p>High demand coupled with limited supply</p> Signup and view all the answers

    In the context of financial technology, which of the following applications is primarily used for peer-to-peer transactions?

    <p>Block (Square)</p> Signup and view all the answers

    Which of the following statements accurately describes fintech?

    <p>It encompasses digital innovations that enhance financial services.</p> Signup and view all the answers

    What type of applications do personal finance tools like Mint provide?

    <p>Overview of finances and budgeting capabilities</p> Signup and view all the answers

    What is the penalty for a person found guilty of section 4(c)(3)?

    <p>PhP50,000.00 to PhP250,000.00</p> Signup and view all the answers

    Which factor does NOT contribute to the digital divide?

    <p>Cultural inclusiveness of digital platforms</p> Signup and view all the answers

    What primary advantage of technology in education is mentioned in the context?

    <p>Gamified learning and personalized approaches</p> Signup and view all the answers

    For which of the following does the penalty increase by one degree according to the regulations?

    <p>Section 4(c)(2)</p> Signup and view all the answers

    Which statement about the digital divide is true?

    <p>It encompasses disparities in access and digital literacy.</p> Signup and view all the answers

    What is a common concern raised regarding the legal framework around technology?

    <p>Privacy issues surrounding personal data can arise.</p> Signup and view all the answers

    What is the purpose of MOOCs like edX and Coursera?

    <p>To democratize education and make it accessible globally.</p> Signup and view all the answers

    Which aspect is NOT considered an advantage of cybersecurity?

    <p>Reduction of the digital divide</p> Signup and view all the answers

    Study Notes

    Basics of Cybersecurity: Threats and Vulnerabilities

    • Cyber threats originate from individuals aiming to steal data or damage systems.
    • Malware attacks involve malicious software (viruses, worms, trojans, spyware, ransomware).
    • Effects of malware include data collection, network manipulation, and data destruction.
    • Social engineering manipulates individuals to provide access for malware.
    • Phishing, baiting, pretexting, vishing, smishing, piggybacking, and tailgating are social engineering techniques.
    • Supply chain attacks target legitimate applications, potentially infecting software from vendors.
    • Man-in-the-Middle attacks intercept communications, eavesdropping or impersonating parties.
    • Denial-of-Service attacks overwhelm a system with traffic, hindering functionality.
    • HTTP flood DDoS and SYN flood DDoS are denial-of-service techniques.
    • Injection attacks insert malicious input into web applications, potentially exposing sensitive information.
    • Cross-Site Scripting (XSS) is an example of an injection attack.

    Types of Cybersecurity Vulnerabilities

    • System misconfigurations can cause security mistakes in network assets.
    • Cybercriminals exploit vulnerabilities in security settings to gain access.
    • Outdated or unpatched software is easily exploited by attackers.
    • Patch management strategies are crucial to ensure systems are updated regularly.
    • Missing or weak authorization credentials allow attackers to guess passwords and access systems.
    • Malicious insider threats are posed by employees with access to critical systems.
    • Missing or poor data encryption makes sensitive data vulnerable to interception.

    Data Privacy and Protection

    • Data privacy focuses on who can access data, often controlled by the user.
    • Data protection is the company's responsibility to ensure data privacy.
    • Data privacy guidelines dictate how data should be collected and handled.
    • Data protection involves procedural steps to safeguard sensitive data.
    • Principles of data protection include data availability, lifecycle management, and information protection.
    • Compliance with laws like GDPR and CCPA is crucial to protect personal data.
    • Protecting intellectual property prevents unauthorized access and ensures rights are respected.
    • Legal liability exists for organizations negligent in security.
    • Ethical hackers must obtain permission to perform penetration testing and security audits.
    • Cybersecurity professionals must comply with codes of conduct to ensure integrity and responsibility.
    • Surveillance and monitoring should balance security with privacy rights to inform individuals.

    Zero-Day Vulnerabilities

    • These are software flaws known to attackers but not yet identified by users.
    • Attackers can exploit these vulnerabilities to infiltrate systems undetected.

    Incident Reporting Obligations

    • Timely reporting of data breaches is mandatory by regulations.
    • Laws exist to combat hacking, identity theft, and other cybercrimes.

    Cybersecurity Legislation in the Philippines

    • Various acts including RA No. 11967, RA No. 8792, RA No. 11930, RA No. 8484, RA No. 9995, RA No. 11934, RA No. 11202, and RA No. 9775 address cybercrimes, and RA No. 10173 addresses data privacy.
    • Specific penalties exist for violations depending on the act violated.

    IT and Society: Digital Divide

    • The digital divide refers to inequalities in access, use, and skills related to information and communication technologies.
    • Geographical disparities, economic barriers, education and literacy limitations, and cultural and language barriers contribute to the digital divide.

    IT in Education and Learning

    • Technology extends beyond online classes to include gamified learning, AI-driven personalization, VR, and data analytics.

    Innovations in E-learning

    • Massive Open Online Courses (MOOCs) democratize access to education from top institutions.
    • Virtual classrooms and collaboration tools enhance accessibility and real-time interaction.
    • AI in education personalizes lessons based on individual progress (DreamBox, Khan Academy)

    Opportunities

    • Digital tools promote inclusivity, allowing students from diverse backgrounds to engage.
    • These tools support teacher-student interaction and provide access to global experiences.

    Challenges

    • Concerns regarding data privacy remain important.
    • Digital fatigue and inequality in access are ongoing issues, particularly for lower-income countries.

    Impact of IT on Culture and Social Interactions

    • Digital communication platforms have reshaped social interactions, leading to increased awareness of global issues, greater connectivity, and more opportunities for self-expression.
    • Cyberbullying, misinformation, and polarization are also negative consequences of these platforms.

    Emerging Technologies

    • Emerging technology is a term generally used to describe a new technology, continuing development of an existing technology, or the varying interpretations of a technology based on its use case.

    Artificial Intelligence (AI)

    • AI involves developing computers and robots that behave in ways that mimic or surpass human capabilities.
    • Narrow or Weak AI carries out specific tasks (e.g., personal assistants).
    • General AI is complex and human-like in capabilities (e.g., self-driving cars).
    • Reactive machines perceive the world but don't store memory or rely on past experience.
    • Limited memory AI has limited memory but gathers data to make decisions.
    • Theory of mind and self-aware AI are hypothetical AI types that have not been realized.

    AI Benefits and Disadvantages

    • AI benefits include automating tasks, solving complex problems, improving customer experiences, accelerating healthcare, and reducing human error.
    • Disadvantages include job displacement, bias and discrimination, hallucinations, and privacy and ethical concerns.

    AI Applications and Examples

    • Applications include healthcare, retail, customer service, manufacturing, finance, and marketing.
    • Examples include generative AI tools, smart assistants, self-driving cars, wearables, and visual filters.

    Machine Learning (ML)

    • Machine learning teaches computers to learn from data without explicit programming.
    • Deep learning uses sophisticated neural networks for advanced predictive analytics.
    • Categories of ML include supervised, unsupervised, reinforcement, and semi-supervised learning.

    ML Benefits and Risks

    • Benefits include lower operational costs, improved efficiency, and better insights.
    • Risks include job displacement, bias/discrimination, and ethical concerns.

    ML Applications

    • Applications include speech recognition, customer service, computer vision, recommendation systems, and more.

    Big Data

    • Big data refers to massive and complex data sets that can't be easily managed using conventional tools.
    • Characteristics are often described by the "5 Vs": volume, velocity, variety, veracity, and value.
    • Big data benefits include better insights, decision-making, personalization, and efficiency improvements.
    • Uses are present in retail, healthcare, financial services, manufacturing, and more.

    Data Analytics

    • Data analytics involves collecting, organizing, and transforming data to inform decisions.
    • Types of data analytics include descriptive, diagnostic, predictive, and prescriptive analytics.

    Blockchain Technology

    • Blockchain is a decentralized ledger of data shared securely among participants.
    • Using cloud services enables easy data integration and sharing of transactional data from multiple sources.
    • Prevents alteration and data tampering because data can't be modified without consensus from participants.

    Cryptocurrency

    • Cryptocurrencies are digital payment systems independent of banks, enabling peer-to-peer transactions without intermediaries.
    • Transactions are recorded in a public ledger called a blockchain.
    • Cryptocurrency is stored in digital wallets.

    Fintech

    • Fintech refers to using technology to improve and automate financial services.
    • Examples are robo-advisors, investment apps, payment apps, personal finance apps, P2P lending platforms, and crypto apps.
    • Insurtech is an example of leveraging technology in the insurance industry.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    GEE11 MIDTERM PDF

    Description

    Test your knowledge on the basics of cybersecurity, focusing on various threats and vulnerabilities. This quiz covers topics such as malware, social engineering techniques, and different types of attacks including DDoS and injection attacks. Prepare to deepen your understanding of how to protect systems from cyber threats.

    More Like This

    Use Quizgecko on...
    Browser
    Browser