Information Security and Management

Midterm Long Quiz

1. Foundations of Information Security

1. Which of the following best describes the CIA Triad in information security?
a) Confidentiality, Identification, Accessibility
b) Control, Integrity, Availability
c) Confidentiality, Integrity, Availability
d) Classification, Integrity, Authentication
2. What is the primary goal of confidentiality in information security?
a) Ensuring data is accessible only to authorized users
b) Guaranteeing data remains accurate and unaltered
c) Ensuring system uptime and availability
d) Preventing data from being encrypted
3. Integrity ensures that:
a) Data is only accessible by authorized users
b) Data remains accurate and is not tampered with
c) Systems remain available during high demand
d) Data is backed up regularly
4. An information security policy is important because it:
a) Defines how firewalls are configured
b) Establishes guidelines for protecting information assets
c) Ensures software updates are installed on time
d) Manages physical security measures
5. Which of the following is an example of a security control?
a) Firewall
b) Password policy
c) Data encryption
d) All of the above
6. A system ensuring data is accessible during an outage is focused on:
a) Confidentiality
b) Integrity
c) Availability
d) Authentication
7. Non-repudiation in security ensures:
a) Data cannot be modified without detection
b) A user cannot deny their actions
c) Systems remain online
d) Only authorized users access data

2. Risk Management and Analysis

1. In risk management, a threat is best described as:

a) A weakness in a system
 b) The likelihood of data corruption
c) A potential danger that exploits a vulnerability
d) A protective security measure
2. Risk assessment involves:
a) Identifying and analyzing potential risks
b) Eliminating all system vulnerabilities
c) Monitoring network activity
d) Encrypting sensitive data
3. A Business Impact Analysis (BIA) helps an organization:
a) Identify legal compliance requirements
b) Assess the impact of security breaches on operations
c) Design software architecture
d) Develop employee training programs
4. What is an example of a vulnerability?
a) Weak password policies
b) Cyberattacks from external sources
c) Power outages
d) Strong encryption algorithms
5. Residual risk is the risk that remains:
a) After implementing security controls
b) Before a threat is identified
c) After a risk assessment
d) Once a vulnerability is exploited
6. Mitigation in risk management means:
a) Ignoring low-level risks
b) Reducing the impact or likelihood of a risk
c) Accepting the risk without action
d) Transferring risk to another party
7. Which of the following is a risk transfer strategy?
a) Installing a firewall
b) Purchasing cybersecurity insurance
c) Implementing strong password policies
d) Encrypting all sensitive data

3. Access Control and Authentication

1. Authentication verifies:
a) Who you are
b) What you can access
c) Data accuracy
d) Network availability
2. Which of the following is an example of multi-factor authentication (MFA)?
a) Username and password
b) Biometric scan only
c) Password and a one-time PIN
d) Security question only
 3. Role-Based Access Control (RBAC) grants permissions based on:
a) The user's identity
b) The user's department
c) The user's job function
d) The user’s geographic location
4. What is the strongest form of authentication?
a) Passwords only
b) Security questions
c) Biometric data combined with PINs
d) CAPTCHA verification
5. Least privilege principle means:
a) Users have unlimited access
b) Users have access only to what they need
c) Administrators manage all data access
d) Everyone shares the same permissions
6. Access control lists (ACLs) define:
a) Security policies for data storage
b) Who can access specific resources
c) Encryption levels for sensitive files
d) Data integrity measures
7. Which of the following ensures data confidentiality during transmission?
a) Firewalls
b) Data encryption
c) Password policies
d) Access control mechanisms

4. Cryptography Basics

1. Symmetric encryption uses:

a) A pair of public and private keys
b) The same key for encryption and decryption
c) Hashing algorithms only
d) Different algorithms for each process
2. Asymmetric encryption is also known as:
a) Secret key encryption
b) Hash encryption
c) Public key encryption
d) Stream cipher encryption
3. Which of the following is an example of symmetric encryption?
a) RSA
b) AES
c) Diffie-Hellman
d) ECC
4. Hashing is primarily used to ensure:
a) Confidentiality
b) Availability
 c) Integrity
d) Authentication
5. A digital signature provides:
a) Encryption only
b) Data compression
c) Non-repudiation and data integrity
d) Anonymity for users
6. Public Key Infrastructure (PKI) manages:
a) Encryption speed
b) Key generation and distribution
c) Network performance
d) Physical security measures
7. Which algorithm is commonly used for digital certificates?
a) AES
b) SHA-256
c) RSA
d) DES

5. Network Security

1. Firewalls primarily function to:

a) Encrypt data in transit
b) Detect malware on devices
c) Control incoming and outgoing network traffic
d) Ensure data integrity
2. An Intrusion Detection System (IDS):
a) Blocks unauthorized traffic
b) Detects and alerts on suspicious activity
c) Encrypts sensitive information
d) Manages user authentication
3. VPNs (Virtual Private Networks) are used to:
a) Monitor network activity
b) Ensure secure remote access
c) Increase internet speed
d) Authenticate users
4. SSL/TLS protocols provide:
a) Network segmentation
b) Secure data transmission over the internet
c) Firewall configuration
d) Antivirus protection
5. A man-in-the-middle (MITM) attack targets:
a) Data confidentiality during transmission
b) System availability
c) User authentication
d) Data storage integrity
 6. Port scanning is a technique used to:
a) Encrypt network traffic
b) Identify open network services
c) Block unauthorized access
d) Monitor system performance
7. A demilitarized zone (DMZ) in network security:
a) Isolated an internal network from the internet
b) Encrypts sensitive data
c) Stores backup files
d) Manages user permission

6. Incident Response and Management

1. The first step in the incident response life cycle is:

a) Containment
b) Identification
c) Eradication
d) Recovery
2. Containment during an incident means:
a) Restoring normal operations
b) Preventing the incident from spreading
c) Removing the threat entirely
d) Conducting forensic analysis
3. Eradication in incident response involves:
a) Identifying the threat source
b) Restoring affected systems
c) Removing the threat from the environment
d) Notifying stakeholders
4. A disaster recovery plan (DRP) focuses on:
a) Identifying potential risks
b) Restoring critical systems after a major incident
c) Mitigating vulnerabilities
d) Managing encryption keys
5. Forensic analysis is used to:
a) Recover lost data
b) Identify the root cause of an incident
c) Monitor network traffic
d) Prevent system downtime
6. Which of the following is an example of a security incident?
a) Scheduled maintenance
b) Unauthorized access to sensitive data
c) System upgrade
d) Employee password reset
7. Business continuity planning (BCP) ensures:
a) Data confidentiality
b) Long-term operational resilience
 c) System patching
d) Access control policies

7. Legal and Ethical Issues in Information Security

1. The Data Privacy Act of 2012 (Philippines) protects:

a) Intellectual property rights
b) Personal information of individuals
c) Corporate trade secrets
d) National cybersecurity infrastructure
2. Ethical hacking is also known as:
a) White-hat hacking
b) Black-hat hacking
c) Grey-hat hacking
d) Insider threat analysis
3. Which of the following is an example of cybercrime?
a) Penetration testing with consent
b) Using strong passwords
c) Unauthorized access to a computer network
d) Implementing firewall rules
4. Intellectual property (IP) laws protect:
a) Public domain content
b) Creative and innovative works
c) Open-source software
d) Hardware configurations
5. Compliance audits ensure:
a) Organizations follow legal and regulatory requirements
b) Systems are free of malware
c) Encryption protocols are up to date
d) Network speeds are optimized
6. Whistleblowing in cybersecurity refers to:
a) Reporting internal security policy violations
b) Conducting ethical hacking
c) Implementing access control measures
d) Conducting forensic investigations
7. Cybersecurity insurance helps organizations:
a) Prevent security breaches
b) Cover financial losses from cyber incidents
c) Encrypt their data
d) Train employees on security awareness

8. Security Governance and Management

1. Information security governance primarily focuses on:

a) Implementing technical controls
b) Defining and aligning security strategies with business objectives
 c) Managing daily IT operations
d) Conducting software updates
2. Which of the following is a security governance framework?
a) ISO 27001
b) TCP/IP
c) AES Encryption
d) SSL/TLS
3. COBIT (Control Objectives for Information and Related Technologies) is designed
to:
a) Ensure data confidentiality
b) Align IT processes with business goals and governance requirements
c) Manage network traffic
d) Detect system vulnerabilities
4. A key component of security management is:
a) Installing antivirus software
b) Developing and enforcing security policies
c) Monitoring social media activity
d) Conducting marketing campaigns
5. Security awareness training helps organizations by:
a) Reducing human-related security risks
b) Improving system performance
c) Ensuring high-speed network access
d) Managing encryption protocols
6. Which of the following is a security audit designed to assess?
a) The effectiveness of implemented security controls
b) Software development lifecycles
c) Physical building security
d) Employee productivity levels
7. ISO 27001 primarily addresses:
a) Incident response procedures
b) Risk management and information security management systems (ISMS)
c) Network hardware performance
d) Data compression algorithms