Cybersecurity Quiz on Spyware and Data Protection

Questions and Answers

What type of information can spyware collect about users?

• Usernames and passwords stored on the computer
• Operating system specifications
• Financial records and medical history
• Internet surfing habits and visited sites (correct)

What is a botnet primarily used for?

• To enhance computer performance
• To transmit malware or spam (correct)
• To regulate internet traffic
• To improve internet security

What can a dialer program cause without the user's consent?

• It can install anti-virus software.
• It can upgrade the computer's operating system.
• It can dial premium telephone numbers. (correct)
• It can enhance computer connectivity.

What is the main function of anti-virus software?

To protect against most viruses (C)

Why is it important to regularly update anti-virus software?

To ensure it can detect new virus types (D)

What does keystroke logging allow a user to do?

Record consecutive key strokes on a keyboard (C)

What could be a possible consequence of spyware installing itself on a computer?

Changes to computer settings leading to slow connection speeds (C)

How do most anti-virus programs stay up to date with recognizing new viruses?

By regularly connecting to the Internet for updates (D)

Which of the following is NOT a principle that data controllers should ensure when processing personal data?

Personal data should be maintained indefinitely. (B)

What is one of the purposes of guidelines and policies in IT use within organizations?

To outline acceptable use of ICT resources. (D)

Which action is associated with social engineering?

Manipulating individuals to disclose confidential information. (B)

Which characteristic best describes the data processing principle of adequacy?

Data must be relevant to the processing purpose. (C)

When is it acceptable for personal data to be processed beyond its original purpose?

Never, unless the new purpose is compatible. (C)

What should data controllers do with incomplete or incorrect personal data?

Take reasonable measures to correct or erase it. (C)

What is one main goal of developing guidelines and policies for ICT use in organizations?

To ensure compliance with legal obligations. (C)

What typically drives social engineering tactics?

Manipulation and deception of individuals. (B)

Which of the following is necessary to view available wireless networks on a Windows computer?

A wireless network adapter and driver (B)

What must be entered the first time connecting to a protected wireless network?

Network security key (C)

What is the minimum required length for a strong password for network accounts?

6 characters (A)

Which of the following is a characteristic that biometric security systems may use?

Fingerprint (A)

Which of the following should be avoided when creating a strong password?

Common dictionary words (A)

Why should passwords be changed regularly?

To avoid security breaches (C)

What can help to verify a person's identity in biometric security systems?

Voice recognition (A)

What should a user do if they suspect that someone knows their password?

Change the password immediately (A)

What is the purpose of a biometric scanner in a secure facility?

To match an individual's physical characteristics with stored records. (B)

What does the 'https://' in a URL signify?

The website is secure and data transmission is encrypted. (C)

What is a common characteristic of a secure website?

The presence of a padlock symbol in the browser. (D)

What is pharming primarily concerned with?

Redirecting users to fake websites without their knowledge. (A)

Why should users be cautious when receiving emails asking for personal details?

Reputable organizations will never ask for sensitive information via email. (D)

What is a potential risk of shopping online regarding personal information?

Information can be intercepted during transmission. (C)

What should a user do after completing online transactions?

Log off and close all browser windows. (D)

Which describes phishing in comparison to pharming?

Phishing uses direct email while pharming redirects users silently. (A)

What happens the first time you visit a web page?

A copy of all content is stored on the hard disk. (B)

What triggers the browser to use cached files instead of downloading them again?

The last modified dates of the files are the same. (B)

Which of the following statements regarding temporary Internet files is accurate?

Temporary Internet files remain until the cache is full. (C)

What is one function of content-control software?

It restricts access to objectionable content. (A)

Content-control software can be applied at which of the following levels?

At multiple levels including government, ISP, and home. (C)

What type of software is often referred to as parental control software?

Content-control software used in homes. (B)

Which of the following is not included when deleting browsing history in MS Internet Explorer?

Favorites. (D)

Which of the following content is typically restricted by content-control software?

Objectionable content such as racially charged sites. (A)

What is the primary focus of the ECDL Standard Module related to IT Security?

Protection of data and information (B)

Which of the following is NOT considered a type of malware?

Firewall (A)

What does encryption primarily aim to achieve in IT security?

Concealing data from unauthorized access (A)

Which of the following best describes social engineering in the context of IT security?

Manipulating individuals into breaching security protocols (C)

What is a common threat to personal information online?

Identity theft (B)

What is the purpose of using antivirus software?

To search for and remove malware (B)

What type of network connection typically offers more security?

Wired connection (B)

Which of the following is an effective way to secure sensitive information online?

Using strong, unique passwords (D)

What does a firewall do in network security?

Analyzes network traffic (C)

What is a digital certificate used for in online security?

To verify the authenticity of a website (C)

How can personal data be effectively managed to prevent loss?

Regularly backing up data (C)

What role does a network administrator play in IT security?

Setting and enforcing security policies (C)

What is phishing primarily associated with?

Fraudulently acquiring sensitive information (B)

Which of the following describes the primary purpose of data protection legislation?

To regulate the handling of personal data (D)

Flashcards

Data

Data is raw, unprocessed facts, figures and symbols. It is not meaningful on its own.

Information

Information is data that has been processed, organized and made meaningful.

Cybercrime

The use of technology to commit illegal acts, such as fraud, identity theft, and hacking.

Data Protection Principles

The principles governing how personal data should be handled to ensure privacy, fairness, and security.

Social Engineering

The process of manipulating people to gain unauthorized access to computer systems or sensitive information.

ICT Usage Guidelines

A set of guidelines and policies outlining acceptable and appropriate use of ICT resources within an organization.

Purpose Limitation

The purpose for which personal data is collected must be clearly stated and legitimate.

Purpose Compatibility

Personal data is only processed for the intended purpose and not for any other incompatible use.

Data Accuracy

Personal data must be accurate and kept up to date when necessary.

Data Retention

Personal data should be stored only for as long as necessary to fulfill its intended purpose.

Data Minimisation

Personal data should be relevant and necessary for the intended purpose, avoiding excessive collection.

Spyware

A program that secretly installs itself on a computer and gathers information about users without their consent, including browsing history and websites visited.

Botnet

A group of compromised computers, often infected with malware, controlled remotely to send spam, spread malware, or launch attacks.

Keystroke logging

A software program that records every keystroke typed on a keyboard, potentially capturing sensitive information like usernames and passwords.

Dialer

A program that causes a computer to dial premium rate telephone numbers without the user's knowledge, resulting in high phone bills.

Antivirus software

A program that protects a computer from viruses by detecting and removing infected files.

Virus definitions database

A database that contains information about known viruses, allowing antivirus software to identify and address threats effectively.

Updating antivirus software

Updating antivirus software regularly ensures it can detect and remove new types of viruses.

Free antivirus programs

Free antivirus programs available online for home users.

Biometric security

A security mechanism that uses unique physical characteristics of a person to verify their identity.

Network account

A unique username and password assigned to an employee by a network administrator to access a company's private network.

Strong password

A password that is at least 6 characters long, including uppercase and lowercase letters, numbers, and special characters.

Biometric data

Information about a person's physical characteristics, such as fingerprints, hand patterns, and facial features.

Password change

A password that should be changed regularly, following the company's security policy, to enhance security.

Protected wireless network

A method of accessing a wireless network that uses a passkey or password to verify the connection.

LAN (Local Area Network)

A network that allows access to files and resources within a company or organization.

Wireless network adapter

A type of network adapter that allows a computer to connect to a wireless network.

What is a secure (protected) website?

A secure website that requires a username and password for access.

What is a username?

A combination of letters and numbers used to identify and authenticate a user on a website or system.

What is a password?

A secret code, often a combination of letters, numbers, and symbols, used to verify a user's identity.

What is pharming?

A method of redirecting users to fake websites without their knowledge, aiming to steal personal information.

What is phishing?

A scam where users are tricked into visiting fake websites to steal their personal information.

What is the padlock symbol in a web browser?

A warning signal displayed by web browsers to indicate a secure connection, often represented by a padlock icon.

What is the URL of a secure website?

A type of address used to identify secure websites, starting with "https://" instead of "http://".

What is a secure connection?

The encrypted connection established between your computer and a website, preventing eavesdropping and information theft.

What is a browser cache?

A temporary storage location on your computer that stores frequently accessed web pages, images, and other files to speed up website loading times. It acts as a local cache of data that can be accessed faster than downloading it again from the server.

What does deleting browsing history do?

Deleting your browsing history removes data like visited websites, cached files, cookies, passwords, and form data. It helps protect your privacy and prevent others from seeing your browsing activity.

What is content-control software?

Restricting access to certain types of content on the internet. Parents, schools, or workplaces can use this to control the content users can access.

What is antivirus software?

Software that helps protect computers by detecting and removing viruses before they can cause harm. It also scans for malware, spyware, and other threats.

What is parental control software?

Parental control software is a specialized type of content-control software designed to limit children's access to inappropriate content online. It allows parents to set time limits, block websites, and monitor online activity.

What is content control?

A software feature that lets you set rules about what content should be blocked or allowed on a specific website. It gives you more fine-grained control over what people can access.

What's a botnet?

A group of computers infected with malware that are controlled remotely by a hacker. They can be used to send spam, spread malware, or launch attacks on other systems.

What is a local area network (LAN)?

A network that connects computers and other devices within a limited geographical area, often a single building or office. It allows devices to share resources such as files, printers, and internet access.

Study Notes

European Computer Driving Licence (ECDL) - IT Security

• The ECDL standard module covers IT security concepts, malware, network security, secure web use, and secure data management.
• Data refers to raw, unorganized facts, while information is processed, organized data that's meaningful.
• Cybercrime encompasses crimes using computers and networks, including hacking, cracking, and ethical hacking.
• Hacking is gaining unauthorized access to a computer or network, while cracking involves unauthorized modification/disabling of software features.
• Ethical hacking is gaining access with authorization, to identify weaknesses in a system for improvement.
• Threats to data include force majeure, employee misconduct, accidents, service provider failures, and external individuals.
• Password cracking involves recovering passwords for unauthorized access.
• Software cracking involves modifying software to disable features or remove limitations. This is illegal.

Malware

• Malware is malicious software that installs without consent.
• Malware includes Trojans (destructive code), rootkits (hidden files/processes), backdoors (access bypassing security), viruses (self-replicating code that infects files), worms (self-replicating code that spreads via networks), adware (displays ads), spyware (gathers info), botnets (networks of compromised computers), keystroke loggers (record keystrokes), and dialers (initiate premium rate calls).

Network Security

• Networks link computers to share resources and facilitate communication.
• Common network types include LANs (local area networks), WANs (wide area networks), and VPNs (virtual private networks).
• Network administrators manage, maintain, and upgrade network software/hardware.
• Firewalls prevent unauthorized access to networks, but are ineffective against employees who disclose credentials.

Secure Web Use

• Internet users worry about online payment security and data privacy during online activities.
• Secure websites use HTTPS (instead of HTTP) with digital certificates to verify authenticity.
• Users should be wary of phishing scams; these send fake messages, or links, to extract personal data.
• Pharming redirects users to fake websites unknowingly.
• Protecting your personal information online is critical.

Secure Data Management

• Physical security measures protect hardware and data from theft, damage, and unauthorized access.
• Servers, computers, and electronic devices should be secured (e.g. locked rooms).
• Data backup procedures, like regularly copying data to a secondary device, are essential for data recovery in case of loss or damage.
• Data destruction utilities permanently erase data to prevent unauthorized access.
• This process should be used for storage media containing sensitive data.

Description

Test your knowledge on the essentials of cybersecurity, specifically focusing on spyware, botnets, and anti-virus software. This quiz covers various aspects of data processing principles and the importance of IT guidelines. Ideal for students in cybersecurity or information technology courses.