Cybersecurity Concepts Quiz

Questions and Answers

What does copyright grant you concerning your creations?

• The ability to prevent others from creating similar ideas.
• Legal rights to anything you create that expresses or embodies an idea. (correct)
• Permission to use any existing intellectual property without restrictions.
• Ownership of any ideas without the need for documentation.

Which of the following is an example of a patent?

• A marketing strategy for a new product.
• An invention for a new type of energy-efficient light bulb. (correct)
• A recipe for a chocolate cake.
• A technique used in a manufacturing process.

Which of the following is NOT one of the types of security policies?

• Data Classification Policy
• Access Control Policy
• Incident Response Policy
• Information Storage Policy (correct)

What is the primary purpose of the Data Privacy Act of 2012?

To establish transparency in data collection and secure storage of personal information. (D)

Which of the following best describes a trade secret?

Confidential business information whose secrecy provides a competitive advantage. (A)

What is the primary focus of proactive intrusion detection?

Implementing physical security measures (A)

What is the primary objective of a denial of service (DoS) attack?

To flood a system with data and overload it (B)

What advantage does a scalable physical security implementation provide?

Easy installation and setup (B)

Which type of exploit is termed as a zero-day exploit?

Undisclosed vulnerabilities that are not public (D)

What is the focus of mobile forensics?

Recovering data from mobile devices (B)

Which of the following best describes operational security?

A risk management process prioritizing adversary perspectives (D)

What does malware forensics primarily aim to achieve?

Finding and tracking down attacking malware (D)

Which statement correctly defines data ownership?

Individuals have exclusive rights to their personal data (C)

What must organizations obtain to comply with data collection practices?

Clear and informed consent (A)

What is considered a security incident?

A security event that damages network resources (A)

What is the role of disk forensics?

To recover deleted data from physical storage devices (D)

What is the primary concern related to unauthorized access to sensitive data?

Potential for identity theft or fraud (B)

What does identity theft involve?

Accessing and using personal information for criminal benefits (B)

What does the Data Privacy Act of 2012 aim to protect?

Privacy of individuals' personal data (C)

How do criminal defamation laws often impact journalism?

They can be abused to hinder critical speech (C)

What is the primary measure of physical security?

Protecting buildings and safeguarding equipment (C)

Flashcards

Exploit

A piece of code, software, or method used by attackers to exploit vulnerabilities in systems or networks.

Known exploits

Vulnerabilities or attack methods that have been discovered and are publicly known.

Denial of Service (DoS) attack

A cyberattack that overwhelms a system with traffic, preventing it from functioning properly.

Malware

Harmful software designed to steal data, damage systems, or take control of devices.

Identity theft

A criminal obtains personal information and uses it for their own benefit.

Cryptojacking

Cybercriminals secretly use a victim's computer resources to mine cryptocurrency.

Cross-Site Request Forgery (CSRF)

A type of attack that forces a user to perform unwanted actions on a website they are logged into.

Disk Forensics

The process of recovering deleted data and hidden partitions from physical storage devices.

What is an intangible asset?

An intangible asset is a non-physical asset that a company or person owns. It can be anything from a trademark to a copyright.

What is Copyright?

A legal right granted to creators of original works, allowing them to control how their work is used and distributed.

What is a Patent?

A secured right granted to new inventions, allowing the inventor to prevent others from making, using, or selling their invention.

What is a Trade Secret?

A secret business information, such as formulas, patterns, techniques, or processes, which gives a company an advantage over its competitors.

What is Patent Infringement?

Prohibited act with respect to a patented invention, without permission from the patent holder.

Proactive Intrusion Detection

Physical security measures designed to prevent unauthorized access to buildings and assets.

Seamless System Integrations

The ability of a security system to easily integrate with other software and applications.

Operational Security

A process that aims to protect sensitive information by understanding potential threats and implementing security measures.

Information Privacy

The right of individuals to control how their personal data is collected, stored, and used.

Data Privacy Act of 2012 (RA 10173)

A legal framework enacted in the Philippines to protect the privacy of individuals by regulating the handling of personal data.

Freedom of Expression

The ability of individuals or groups to express their ideas and opinions without fear of censorship from the government.

Criminal Defamation Laws

Laws that criminalize the publication of false or defamatory information, but are sometimes misused to silence criticism.

Informal Censorship

Actions taken to prevent or punish the publication of critical material, often without formal legal censorship.

Study Notes

Security Incident

• A security event that damages network resources or data as part of an attack or security threat.

Exploit

• A piece of code, software, or method used by attackers to take advantage of vulnerabilities or weaknesses in applications, systems, or networks.
• Known exploits: vulnerabilities or attack methods already discovered, documented, and made public.
• Unknown exploits (zero-day exploits): vulnerabilities or attack methods not yet known or disclosed to the public.

Denial of Service (DoS) attack

• A cyberattack that floods a computer or website with data to overload the system and prevent it from working properly.

Malware

• Harmful software like spyware, viruses, ransomware, and worms that can access a system's data.

Identity theft

• A criminal gains access to a user's personal information and uses it for their own benefit.

Cryptojacking

• Cybercriminals use a victim's computer resources to mine cryptocurrencies without their knowledge.

Cross-Site Request Forgery (CSRF)

• An attack that forces an end user to execute unwanted actions on a web application they are currently authenticated in.

Disk Forensics

• The process of experts recovering deleted data and hidden partitions from physical storage devices.

Network Forensics

• Investigating network traffic to collect evidence regarding security incidents, unauthorized access, or other malicious activity.

Database Forensics

• Collecting information contained in databases, including data and metadata.

Mobile Forensics

• Examining and recovering data from mobile devices using specialized software.

Malware Forensics

• Finding, examining, and tracking the attacking malware.

Physical Security

• Protecting buildings and equipment from unwanted intruders.
• Preventing unauthorized entry and providing access to authorized individuals.

Proactive Intrusion Detection

• A crucial first line of defense in physical security to prevent intrusions.

Scalable Physical Security Implementation

• Easy to install and quick to set up solutions for physical security that can be easily scaled.

Seamless System Integrations

• Physical security systems that integrate with other software and applications in the cloud. This often provides integration with other security systems or operations.

Audit Trails and Analytics

• Easily detecting weaknesses in your system to implement new physical security plans.

Operational Security (Procedural Security)

• Risk management process that encourages managers to view operations from an adversary's perspective to protect sensitive information.

Information Privacy

• The right of individuals to control how their personal data is collected, stored, and shared.

Data Ownership

• Individuals own their personal data and have the right to decide how it is used.

Data Collection Practices

• Companies collecting data through online forms, cookies, and applications. Clear consent must be obtained before collecting data.

Tracking Technologies

• Tools like cookies and mobile apps track user activity.

Data Breaches

• Unauthorized access to sensitive data, potentially leading to identity theft or fraud.

Social Media

• Over-sharing and a lack of privacy controls can expose personal information to risk.

Data Privacy Act of 2012 (RA 10173)

• Protects individual privacy by regulating the processing of personal data.

Freedom of Expression

• The ability of individuals to express their beliefs, opinions, thoughts and emotions without government censorship.

Criminal Defamation Laws

• Frequently abused; used in cases not involving public interest and as a first (rather than last) resort.

Attacks on Media Workers

• Harassment of journalists and media workers significantly threatens independent and investigative journalism.

Informal Censorship

• Designed to prevent or punish the publication/broadcast of critical material.

Hate Speech

• Undermines the effective enjoyment of rights for those targeted.

Gender Equity

• Ensuring proper coverage of female issues in the media and representing women's perspectives.

Intellectual Property (IP)

• Includes intangible assets owned by a company or individual, like copyrights and patents.

Copyright

• Legal rights to creations expressing or embodying ideas.

Patents

• Legal rights granted for new, useful inventions to prevent others from making, using, or selling them.

Patent Infringement

• The act of using a patented invention without permission.

Trade Secret

• Confidential business information that gives a company a competitive advantage.

Acceptable Use Policy

• Policy outlining permitted and prohibited uses of technology or services.

Data Classification Policy

• Policy to define and classify sensitive data.

Incident Response Policy

• Standard operating procedures for handling security incidents.

Access Control Policy

• Policy establishing procedures for managing access to systems and information.

Transparency in data collection

• Requirement of transparency about how personal data is collected.

Secure storage of personal information.

• Data should be protected to prevent unauthorized access.

Rights of individuals to access and correct their data.

• Allowing individuals to access and amend their personal data as needed.

Five freedom-of-speech key issues

• (List needed, this section is incomplete).

IP key terms

• (List needed, this section is incomplete).

Examples of Trade Secrets

• (List needed, this section is incomplete).

Examples of Patents

• (List needed, this section is incomplete).

Description

Test your knowledge on essential cybersecurity concepts such as exploits, denial of service attacks, and malware. This quiz covers various aspects of security incidents and identity theft. Challenge yourself to see how well you understand these critical topics!