Which of the following is NOT a power of the National Privacy Commission?

Directly prosecuting individuals for data privacy violations

Monitoring compliance with the Data Privacy Act

Receiving and resolving complaints

Issuing cease and desist orders

In the cybersecurity learning continuum, what is the purpose of "role-based training"?

To provide knowledge specific to an individual's security responsibilities

To provide a universal baseline of security concepts

To develop secure practices for all IT resource users

To prepare for advanced cybersecurity certifications

What is a key characteristic of a privacy awareness program?

It reaches all employees and covers various topics like physical security and social engineering

It focuses solely on digital security

It is a one-time training session

Under the Data Privacy Act, penalties for non-compliance can include:

Imprisonment from 1-7 years and fines from ₱1-7 million

Mandatory retraining of all employees

What does "threat strength" primarily refer to?

The probable level of force a threat agent can apply against an asset

The total number of potential threats

The complexity of a security system

The financial impact of a potential breach

In data sharing, what is required for consent to be valid?

Specific information about purpose, extent, and intended recipients

Verbal agreement from a company representative

Implied consent through continued service use

Only required for sensitive personal information

What is the primary goal of the privacy awareness, training, and education program?

To develop a high-level understanding of privacy responsibilities across the organization

To create a comprehensive security manual

To train only IT security staff

To document all potential security risks

In the OSI Security Architecture, what is the primary purpose of a security mechanism?

To detect, prevent, or recover from a security attack

To completely prevent all attacks

To identify potential security vulnerabilities

Which of the following is NOT a characteristic of a passive attack?

Attempting to modify the original data

Eavesdropping on communications

Monitoring transmission channels

Collecting information about communication patterns

In the context of web security, what makes casual web users particularly vulnerable?

Their lack of technical skills and security awareness

Their frequent use of social media

Their preference for mobile applications

A masquerade attack involves:

One entity pretending to be a different entity

Completely blocking network access

Encrypting all network communications

Randomly changing user credentials

According to the document, what is a key challenge in the mobile ecosystem regarding app stores?

Uncertainty about malware in third-party app stores

Limited number of available applications

Which of the following is considered a web application privacy risk related to user-side data leakage?

Insufficient access management controls

In the mobile application vetting process, what is the primary role of the auditor?

To inspect reports and ensure security requirements are met

To manage mobile device inventory

What is the best way to prevent a passive attack?

Using strong network encryption methods

Disconnecting from the internet

In the context of data brokers, what makes their data collection practices particularly concerning?

Consumers have no direct interaction or means to know the extent of data collection

They only collect public information

They exclusively use government records

They always obtain explicit user consent

What is a potential risk of vulnerabilities in third-party libraries?

Potential introduction of vulnerabilities affecting thousands of apps

Which of the following is NOT mentioned as a mobile app privacy threat?

Insecure network communications

Vulnerabilities in third-party libraries

According to the document, what makes a web server particularly dangerous from a security perspective?

Its potential to be a launching pad into an entire computer complex

What does nonrepudiation prevent in a security context?

Either sender or receiver from denying a transmitted message

Data modification during transmission

What does personal data refer to?

Any information from which an individual's identity is apparent

Any recorded information about data security

Information about an organization's policies

What is the primary difference between data privacy and data security?

Privacy focuses on compliance, while security focuses on protection.

Security ensures compliance, while privacy ensures encryption.

Privacy prevents cyberattacks, while security ensures privacy.

Security focuses on the identity of the user, while privacy focuses on the data.

What does the CIA Triad element ‘Integrity’ ensure?

Data is accessed only by authorized individuals

What is the focus of data privacy?

The rights of individuals and compliance with laws

Developing security tools like firewalls

What is a data breach?

Unauthorized or unintentional disclosure of confidential information

The use of encryption to secure data

An attack targeting network access

A compliance activity for data privacy

What is the principle of Privacy by Design (PbD) that ensures data protection throughout its lifecycle?

Privacy embedded into the design

Which of the following is considered personally identifiable information (PII)?

Technical specifications of hardware

Which privacy principle emphasizes minimizing the data collected to achieve its purpose?

Privacy embedded into the design

What is the primary goal of a privacy risk assessment?

Determine the budget for privacy controls

Secure organizational network systems

What does the term ‘Internet Privacy’ pertain to?

Protecting personal data shared over the Internet

Preventing unauthorized email access

What are privacy controls primarily designed to do?

Protect PII and satisfy privacy requirements

Encrypt all organizational data

Prevent data breaches in real time

Monitor and evaluate risk assessments

A small e-commerce company discovers that their web application is collecting additional demographic data from users that is not necessary for processing orders. From the perspective of web application privacy risks, this scenario most closely represents:

Collection of data not required for the primary purpose

Web server security vulnerability

Insufficient data breach response

A mobile app development team is creating an application and decides to use several third-party libraries to speed up development. Their security team should be most concerned about:

The potential introduction of vulnerabilities that could affect thousands of users

The additional development time required

The licensing costs of the libraries

The complexity of integrating multiple libraries

A data broker is compiling personal information from various sources without direct contact with the individuals, including courthouse records, website cookies, and loyalty card programs. This practice most directly violates:

Online privacy concerns about user consent

Data confidentiality principles

Mobile ecosystem privacy guidelines

An organization is implementing a mobile application vetting process. At which stage would a potential security risk or privacy concern be most comprehensively evaluated?

When an auditor inspects the security reports and risk assessments

When the app is first downloaded from a public app store

During the administrator's initial review

After the app has been deployed on mobile devices

A hospital stores its patient records digitally, including medical histories and treatment plans. An employee accidentally sends a patient file to the wrong email address. Which data privacy issue is most relevant in this scenario?

Unauthorized Access (Data Breach)

A company collects customer data to improve its services. It ensures that only necessary data is collected and that customers are informed about how their data will be used. Which principle of Privacy by Design is the company following?

Privacy Embedded into the Design

Full Functionality—Positive-Sum, Not Zero-Sum

IASDP

Authored by John Bernie Ruiz

Computers

University

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

50 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the primary objective of a risk assessment process?

To completely eliminate all security risks

To determine an appropriate security budget and implement optimal protection controls

To identify all potential threats to an organization

To punish employees who cause security breaches

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In the context of information security, what defines a "threat severity"?

The number of potential threats

The magnitude of potential damage a threat event can impose on an organization

The technical complexity of a potential breach

The frequency of threat attempts

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following best describes a "vulnerability" in information security?

An active attack on a system

A weakness that could be exploited by a threat source

The total cost of potential security breaches

The specific methods used by hackers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

According to the Data Privacy Act of 2012, companies are required to register with the National Privacy Commission if they:

Have more than 100 employees

Process any type of personal information

Have at least 250 employees or access to personal information of 1,000 people

Are located in major urban areas

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the key difference between a data controller and a data processor?

Data controllers are always government agencies

Data processors handle more sensitive information

Data controllers determine the purposes and procedures of data usage, while processors simply process data

There is no significant difference between the two

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In privacy impact assessment, "prejudicial potential" refers to:

The legal risks of data collection

An estimation of potential damage from threat consequences

The likelihood of a data breach

The cost of implementing privacy controls

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What constitutes "consent" under the Data Privacy Law?

Implied agreement through continued use of a service

A freely given, specific, informed indication of will to collect or process personal data

Written permission from a company's legal department

Verbal agreement with a customer service representative

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

kuis Jaringan Internet

Quiz

•

9th Grade - University

50 questions

CS8691 - Artifical Intelligence - IAT #1

Quiz

•

University

53 questions

System Analysis and Design (Prelim Exam)

Quiz

•

University

53 questions

Modules 1-2

Quiz

•

University

50 questions

Test 4

Quiz

•

University

50 questions

Kiến thức về xử lý mảng 1 chiều trong C++

Quiz

•

University

50 questions

ict 1-50

Quiz

•

University

50 questions

ICT 151-200

Quiz

•

University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

20 questions

CompTIA Network+ - Ports and Protocols

Quiz

•

University