Easy
Moderate
Difficult
Expert
100

What does the acronym "VPN" stand for in the context of information security?

Virtual Private Network

100

As a security flaw or weakness in software or hardware that is unknown to the vendor or developers and has not yet been patched or fixed.

Zero-day vulnerability

100

Uses a single key for both encryption and decryption. It is efficient for large amounts of data and is commonly used for data storage and transmission within closed systems.

Symmetric encryption

100

What is the difference between authentication and authorization in information security?

Authentication is the process of verifying the identity of a user or system entity, usually through credentials

Authorization, on the other hand, is the process of determining whether an authenticated user or system entity has the right permissions to access specific resources or perform certain actions.

200

Ensures that information is accessible only to those authorized to access it.

Confidentiality

200

It focuses on how personal data is collected, used, shared, and stored in compliance with privacy laws and regulations.

Data Privacy

200

Transforms plaintext data into ciphertext to protect it from unauthorized access during transmission or storage.

Encryption

200

What is the principle of least privilege in cybersecurity?

The principle of least privilege is a cybersecurity concept where users, processes, and systems are granted only the minimum level of access or permissions necessary to perform their job functions or tasks, thereby reducing the potential impact of a security breach or insider threat.

300

Refers to the practice of protecting systems, networks, and data from digital attacks.

Cybersecurity

300

Identifying and documenting potential risks that could affect an organization's objectives.

Risk Identification

300

Involves manipulating individuals to divulge confidential information or perform actions that compromise security.

Social Engineering

300

How does the Cybercrime Prevention Act of 2012 complement the Data Privacy Act in the Philippines?

The Cybercrime Prevention Act addresses offenses related to cybercrime, including hacking, cyber fraud, and identity theft. It complements the Data Privacy Act by providing legal frameworks for investigating and prosecuting cybercrimes that may involve breaches of data privacy and security.

400

A security process that requires users to provide two different authentication factors to verify their identity

Two-factor authentication

400

Is the process of determining whether an authenticated user or system entity has the right permissions to access specific resources or perform certain actions.

Authorization

400

The process of identifying, analyzing, and evaluating potential risks and vulnerabilities in an organization's IT infrastructure and information systems.

Risk Assessment

400

The Data Privacy Act of 2012 defines 'sensitive personal information' as personal information:

About an individual's race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;

About an individual's health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings

500

A weakness or flaw in a system or software that could be exploited by attackers to compromise its security.

Vulnerability

500

As a security flaw or weakness in software or hardware that is unknown to the vendor or developers and has not yet been patched or fixed.

Zero-day vulnerability

500

What role does availability play in the CIA triad, and why is it critical for information systems?

Availability ensures that data and services are accessible and usable by authorized users when needed.

500

What is the CIA triad in information security?

The CIA triad stands for Confidentiality (ensuring data is accessible only to authorized entities), Integrity (ensuring data is accurate and trustworthy), and Availability (ensuring data is accessible when needed).

M
e
n
u