Data Privacy & Cybersecurity Jeopardy

Information Handling

Passwords & Accounts

Cybersecurity Practices

Securing Devices & Systems

Privacy Governance

100

C. It helps prevent harm to individuals and builds trust in organizations

Q1: Why is protecting personal data important for trust? A. It increases company profits immediately B. It prevents employees from working C. It helps prevent harm to individuals and builds trust in organizations D. It eliminates all risks permanently

100

A. Use strong passwords and multi-factor authentication (MFA)

Q18: Which of the following is recommended for account security? A. Use strong passwords and multi-factor authentication (MFA) B. Use weak passwords C. Share passwords with others D. Avoid passwords

100

B. Unauthorized access, misuse, or loss of data

Q2: What does protecting personal data help prevent under the Data Privacy Act of 2012? A. Employee promotions B. Unauthorized access, misuse, or loss of data C. Product shortages D. Office conflicts

100

C. The device may be affected by malware

Q13: A user downloads software from an unknown website, and the device starts malfunctioning. What is the most appropriate judgment? A. The software is safe to use B. The issue is unrelated C. The device may be affected by malware D. The device needs no action

100

C. Data Privacy Act of 2012

Q4: What is the legal basis mentioned for protecting personal data? A. Labor Code Act B. Freedom of Information Act C. Data Privacy Act of 2012 D. Cyber Security Act 2020

300

B. To prevent breaches and uphold individuals’ rights

Q5: What is one main purpose of proper data protection? A. To increase marketing sales B. To prevent breaches and uphold individuals’ rights C. To reduce workload D. To eliminate all technology use

300

B. Double-check email recipients

Q19: What should you do before sending sensitive files through email? A. Send immediately B. Double-check email recipients C. Post online D. Ignore the message

300

B. It avoids breaches, legal penalties, and reputational harm

Q3: Which of the following is one benefit of ensuring data confidentiality, integrity, and availability? A. It guarantees business expansion B. It avoids breaches, legal penalties, and reputational harm C. It increases social media followers D. It reduces employee salaries

300

C. Implementing role-based access control based on job responsibilities

Q8: If you were tasked to design a system for reducing unnecessary data exposure, which solution would you create? A. Giving all employees equal access to all data B. Eliminating access controls C. Implementing role-based access control based on job responsibilities D. Allowing unrestricted file sharing

300

B. Embedding privacy considerations into daily work decisions and actions

Q7: If you were to design a privacy-first culture in the workplace, which initiative would you include? A. Encouraging employees to prioritize speed over privacy B. Embedding privacy considerations into daily work decisions and actions C. Removing all data protection rules D. Limiting communication between teams

500

C. To determine how information should be handled and shared

Q15: What is the purpose of classifying documents as Public, Internal, Confidential, or Restricted? A. To make files harder to find B. To assign colors to documents C. To determine how information should be handled and shared D. To delete old files

500

C. Verify the link before clicking

Q11: You receive an email asking you to click a link to update your password. What should you do first? A. Click the link immediately B. Ignore the email C. Verify the link before clicking D. Forward it to coworkers

500

A. Avoid performing work transactions on public Wi-Fi

Q10: You are working in a coffee shop and need to access company systems. What is the best action? A. Avoid performing work transactions on public Wi-Fi B. Use the public Wi-Fi without concern C. Share your hotspot with strangers D. Turn off your security settings

500

B. Developing a yearly workshop on data handling, cyber threats, and privacy roles

Q6: Which action plan best demonstrates conducting regular privacy awareness training in a company? A. Ignoring employee knowledge gaps B. Developing a yearly workshop on data handling, cyber threats, and privacy roles C. Allowing employees to learn on their own D. Focusing only on technical staff

500

B. Establishing structured processes for managing data privacy

Q17: A company creates and follows a Privacy Management Program (PMP). How is this applied in practice? A. Ignoring privacy policies B. Establishing structured processes for managing data privacy C. Allowing unrestricted data sharing D. Removing accountability

1000

C. A serious insider threat

Q20: An employee intentionally shares sensitive company data with outsiders. How should this action be evaluated? A. Acceptable if done quickly B. A minor mistake C. A serious insider threat D. A harmless action

1000

B. Unsafe because it could be a phishing attempt

Q12: An employee receives an email requesting urgent account verification and clicks the link without checking. How would you evaluate this action? A. Acceptable because the request seemed urgent B. Unsafe because it could be a phishing attempt C. Necessary for faster work D. Recommended by security policies

1000

C. It contributes to fake news and misinformation

Q14: A person shares unverified information online that causes confusion among coworkers. How should this behavior be evaluated? A. It is harmless communication B. It is responsible sharing C. It contributes to fake news and misinformation D. It improves awareness

1000

A. Conducting regular reviews and updating controls based on risks and lessons learned

Q9: What strategy would you create to continuously improve data privacy practices in an organization? A. Conducting regular reviews and updating controls based on risks and lessons learned B. Ignoring feedback from employees C. Keeping policies unchanged for many years D. Only reviewing practices after a major breach

1000

B. To identify and assess potential privacy risks

Q16: An organization conducts a Privacy Impact Assessment (PIA) before launching a new system. What is the purpose of this action? A. To eliminate all policies B. To identify and assess potential privacy risks C. To assign employees new roles D. To reduce system costs