Cybersecurity Concepts Quiz

Questions and Answers

What does copyright specifically grant to creators?

• The right to prevent others from using their ideas.
• Ownership over all intangible assets related to their work.
• Legal rights to anything they create that embodies an idea. (correct)
• The right to prevent others from making or selling their inventions.

Which type of security policy is focused on how data should be classified?

• Acceptable Use Policy
• Data Classification Policy (correct)
• Access Control Policy
• Incident Response Policy

Which of the following represents an example of a patent?

• A unique chemical formula.
• A secret recipe for a soft drink.
• A business strategy for a startup.
• A new type of plant developed through breeding. (correct)

What is an act that constitutes patent infringement?

Selling a patented invention without consent from the patent holder. (A)

Which right is NOT associated with the Data Privacy Act of 2012?

Right to prevent others from using your identity. (C)

What is the primary goal of proactive intrusion detection?

To prevent unauthorized access through physical measures (D)

Which feature enhances the transition to a new physical security system?

Easy scalability and quick setup (A)

What does operational security primarily focus on?

Viewing operations from the adversary's perspective (D)

How does the Data Privacy Act of 2012 protect individuals?

By regulating the processing of personal data (C)

Which of the following represents a risk brought by data breaches?

Identity theft or fraud (C)

What is an example of tracking technology?

Cookies and mobile apps (C)

What does criminal defamation laws frequently lead to?

Abuse and suppression of public interest cases (A)

What is informal censorship intended to prevent?

Critical publications or broadcasts (B)

What type of exploit has not been disclosed to the public?

Zero-day exploits (B)

Which of the following best describes a Denial of Service (DoS) attack?

An attack that floods a system with data to cause disruption (C)

What is a primary goal of Malware Forensics?

Finding and tracking attacking malware (B)

Which type of forensics involves investigating data from physical storage devices?

Disk Forensics (D)

What does identity theft primarily involve?

Accessing personal information for unauthorized use (A)

Which of the following measures is considered an aspect of physical security?

Physical access restrictions to buildings (C)

What is the primary feature of Cross-Site Request Forgery (CSRF)?

Executing unwanted actions on a web application (A)

What is the main purpose of network forensics?

To investigate network traffic for malicious activity (D)

Flashcards

Security Incident

A security event that damages network resources or data due to an attack or threat.

Exploit

Code, software, or method used by attackers to exploit vulnerabilities in systems.

Known Exploits

Vulnerabilities or attack methods that are known to the public.

Unknown Exploits

Vulnerabilities or attack methods that haven't been discovered yet.

Denial of Service (DoS) Attack

An attack that overloads a system with data to prevent it from functioning.

Malware

Harmful software like viruses, spyware, and ransomware.

Disk Forensics

The process of collecting data from physical storage devices to recover deleted or hidden data.

Network Forensics

The process of analyzing network traffic to gather evidence of security incidents or unauthorized access.

Acceptable Use Policy

This policy outlines the acceptable use of company resources like computers, networks, and software. It sets rules, guidelines, and consequences for violation, ensuring ethical and responsible usage.

Data Classification Policy

This policy categorizes data based on its sensitivity and confidentiality levels. It defines how information is classified (e.g., Public, Internal, Confidential).

Incident Response Policy

This policy establishes procedures to respond to security incidents or breaches. It outlines roles, responsibilities, and actions to take during an event.

Access Control Policy

This policy determines who has access to what resources and how, ensuring data protection and limiting unauthorized access.

Data Privacy Act of 2012

This policy outlines how personal data is collected, used, and protected. It ensures transparency, protects individuals' privacy, and allows access to correct information.

Proactive Intrusion Detection

A security strategy that places a strong emphasis on physical barriers and measures to prevent unauthorized access to a building or facility.

Scalable Physical Security

A system that can easily adapt to changing needs and environments, offering flexibility in installation and setup.

Seamless System Integrations

The ability of a physical security system to connect and communicate with other software programs, applications, and systems.

Audit Trails and Analytics

The process of reviewing and analyzing data from a physical security system to identify weaknesses and areas for improvement.

Operational Security

A proactive approach to risk management that focuses on protecting confidential information by assessing potential threats and implementing protective measures from an adversary's perspective.

Information Privacy

The right of an individual to control how their personal data is collected, used, stored, and shared.

Data Privacy Act of 2012 (RA 10173)

The law in the Philippines that protects the privacy of individuals by regulating the collection, processing, and sharing of personal data.

Freedom of Expression

The ability of individuals and groups to freely express their thoughts, beliefs, and opinions without fear of censorship or reprisal.

Study Notes

Security Incident

• A security event damaging network resources or data, part of an attack or security threat.

Exploit

• Code, software, or method used by attackers to exploit vulnerabilities in applications, systems, or networks.
• Known exploits are vulnerabilities already discovered, documented, and made public.
• Unknown exploits (zero-day exploits) are vulnerabilities not yet known or disclosed.

Denial of Service (DoS) Attack

• Cyber attack flooding a computer or website with data, overloading the system to prevent proper functioning.

Malware

• Harmful software (spyware, viruses, ransomware, worms) accessing system data.

Identity Theft

• Criminal accessing a user's personal information for personal gain.

Cryptojacking

• Cybercriminals using a victim's computer resources to mine cryptocurrencies without their knowledge.

Cross-Site Request Forgery (CSRF)

• Attack forcing an end user to execute unwanted actions on a web application while authenticated.

Disk Forensics

• Process of recovering data from physical storage devices, finding deleted files, and hidden partitions.

Network Forensics

• Investigating network traffic to find evidence of security incidents, unauthorized access, or malicious activity.

Database Forensics

• Collecting information contained in a database, including data and metadata.

Mobile Forensics

• Procedure of extracting, investigating and recovering data from mobile devices.

Malware Forensics

• Identifying, examining, and tracking malicious software.

Physical Security

• Measures protecting buildings and equipment from unauthorized access.
• Preventing unauthorized entry and ensuring authorized access.

Proactive Intrusion Detection

• First line of defense for a building, physical security crucial in preventing intrusions.

Scalable Physical Security Implementation

• Easy-to-install, quick-to-set-up solution for physical security, ensuring seamless transition to a new system.

Seamless System Integrations

• Physical security systems integrating with other software, applications, and systems through cloud operation.

Audit Trails and Analytics

• Easily detecting system weaknesses allowing implementing new physical security plans.

Operational Security

• Risk management process viewing operations from an adversary's perspective to protect sensitive information.

Information Privacy

• Right of individuals to control how their personal data is collected, stored, and shared.

Data Ownership

• Individuals own their personal data and control its usage.

Data Collection Practices

• Companies and organizations collecting data through various means (online forms, cookies, apps).

Consent

• Organizations obtaining clear, informed consent before collecting individual data.

Tracking Technologies

• Tools (cookies, mobile apps) tracking user activity.

Data Breaches

• Unauthorized access to sensitive data leading to identity theft or fraud.

Social Media Privacy

• Over-sharing and lack of privacy controls on social media exposing personal information.

Data Privacy Act of 2012 (RA 10173)

• Protecting individual privacy by regulating personal data processing.

Freedom of Expression

• Ability to express beliefs, thoughts, ideas, and emotions without government censorship.

Criminal Defamation Laws

• Frequently abused laws used in cases not involving public interest, used as a first, not last resort.

Media Attacks and Harassment

• Harassment of journalists and media workers posing a significant threat to independent journalism.

Informal Censorship

• Preventing or punishing publication/broadcast of critical/sensitive material.

Hate Speech

• Insidious and pervasive ways of undermining rights enjoyment.

Gender Equity Media

• Ensuring proper coverage of women's issues and perspectives.

Intellectual Property (IP)

• Non-physical assets, owned by individuals or companies
• Intellectual property examples: Copyright, Patents

Copyright

• Legal rights over creative works.

Patents

• Legal rights over inventions.

Patent Infringement

• Unlawful use of a patented invention without permission.

Trade Secret

• Confidential business information granting a competitive advantage.

Security Policies

• Acceptable Use Policy
• Data Classification Policy
• Incident Response Policy
• Access Control Policy

Data Privacy Act of 2012 Provisions

• Transparency in data collection
• Secure storage of personal information
• Individuals' rights to access and correct their data

Freedom of Speech: Key Issues

• Key terms related to freedom of speech (specific issues related to freedom of speech may vary)

IP Key Terms

• Confidentiality
• Copyright
• Indigenous rights
• Patents
• Registered designs
• Trade marks
• Trade secrets

Examples of Trade Secrets

• Formulas
• Patterns
• Methods, techniques, and processes

Examples of Patents

• Utility patents
• Design patents
• Plant patents

Description

Test your knowledge on various cybersecurity concepts such as security incidents, malware, and denial of service attacks. This quiz covers critical topics including exploit types, identity theft, and cryptojacking. Perfect for anyone looking to improve their understanding of cyber threats and defenses.