Lesson 1

Question 1

is an individual who attempts to gain unauthorized entry into a system or network to exploit them for malicious reasons.

Answer 1

Black-hat Hacker

Question 2

exploit networks
and computer systems in
the way that black hats
do, but do so without any
malicious intent,
disclosing all loopholes and vulnerabilities to law enforcement agencies or intelligence agencies.

Answer 2

Gray Hat

Question 3

on the other hand, are deemed to be the good guys, working with organizations to strengthen the
security of a system

Answer 3

White Hat

Question 4

the methods that adversaries use to breach or
infiltrate your network.

Answer 4

Attack Vector

Question 5

An attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected.

Answer 5

Advanced Persistent Threats

Question 6

represented by ALL OF THE POINTS ON YOUR NETWORK where an adversary can
attempt to gain entry to your information systems.

Answer 6

Attack Surface

Question 7

the methods that adversaries use to BREACH OR
INFILTRATE YOUR NETWORK.

Answer 7

Attack Vector

Question 8

Major Attack Vectors

Answer 8

Social Engineering
Remote Access
Insider Threats
Brite-Force Attacks
Ransomware
Denial of Service
Access through Intermediaries

Question 9

Manipulating people into performing actions or divulging confidential information

Answer 9

Social Engineering: Phishing

Question 10

THROUGH OPEN PORTS or the exploitation of web code, hackers are able to gain unauthorized access to server

Answer 10

Remote Access

Question 11

Criminals are aided by the conscious assistance of an organization’s employee(s)

Answer 11

Insider Threats

Question 12

also known as an exhaustive search, is A CRYPTOGRAPHIC HACK THAT RELIES ON GUESSING POSSIBLE COMBINATIONS of a targeted password until the correct password is discovered.

Answer 12

Brute Force attacks

Question 13

RESTRICTING ACCESS to a computer until A RANSOM IS PAID

Answer 13

Ransomware

Question 14

a malicious attempt to DISRUPT THE NORMAL TRAFFIC OF A TARGETED SERVER, service or network by
overwhelming the target or its surrounding infrastructure with a flood of
Internet traffic.

Answer 14

Denial of Service

Question 15

An attack vector that DOESN’T REQUIRE PHYSICAL ACCESS to target machines

Answer 15

Access through Intermediaries

Question 16

A common, respected model that FORMS THE BASIS FOR THE DEVELOPMENT OF SECURITY SYSTEMS and policy

Answer 16

CIA Triad

Question 17

Term used for preservation of confidentiality, integrity and availability of information.

Answer 17

Information Security

Question 18

Defined as the preservation
of confidentiality, integrity and
availability of information in the
Cyberspace.

Answer 18

Cybersecurity

Question 19

PREVENTS UNAUTHORIZED USE or DISCLOSURE OF INFORMATION

Answer 19

Confidentiality

Question 20

Safeguards the ACCURACY AND COMPLETENESS of information

Answer 20

Integrity

Question 21

Authorized users have reliable and timely access to information

Answer 21

Availability

Question 22

the fundamental sector on which all critical infrastructure depend.

Answer 22

Information technology

Question 23

An act defining cybercrime, providing for the prevention, investigation, suppression and the imposition of penalties therefore and for other purposes

Answer 23

R.A. 10175
Cybercrime Prevention Act
of 2012

Question 24

An act protecting individual personal information in information and
communication systems in the government and the private sector,
creating for this purpose a National Privacy Commission, and for
other purposes.

Answer 24

R.A. 10173
Data Privacy Act of 2012

Question 25

Access to the whole or any part of a computer system WITHOUT RIGHT

Answer 25

Illegal Access

Question 26

Interception made by technical means without right

Answer 26

Illegal Interception

Question 27

Intentional or reckless alteration, damaging, deletion of computer data

Answer 27

Data Interference

Question 28

Intentional alteration or reckless INTERFERENCE with the functioning OF A COMPUTER OR COMPUTER NETWORK

Answer 28

System Interference

Question 29

Use, production, sale, procurement, importation, distribution, or otherwise making available, without right

Answer 29

Misuse of device

Question 30

Use, production, sale, procurement, importation, distribution, or otherwise making available, without right

Answer 30

Misuse of device

Question 31

Use, production, sale, procurement, importation, distribution, or otherwise making available, without right

Answer 31

Misuse of devices

Question 32

ACQUISITION OF A DOMAIN NAME over the internet in bad faith to profit, mislead, destroy reputation, and deprive others from registering the same

Answer 32

Cyber Squatting

Question 33

INPUT, ALTERATION, OR DELETION OF ANY COMPUTER DATA WITHOUT RIGHT resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic

Answer 33

Forgery

Question 34

Unauthorized input, alteration, or deletion of computer data or program or interference in the functioning of a computer system, causing damage thereby WITH FRAUDULENT INTENT

Answer 34

Fraud

Question 35

Intentional acquisition, use, misuse, transfer, possession, alteration or deletion of identifying information belonging to another, whether natural or juridical, without right.

Answer 35

Identity Theft

Question 36

It is when personal information is processed without the consent of the data subject, or without being authorized using lawful criteria

Answer 36

Unauthorized Processing

Question 37

It is when personal information is made accessible due to negligence and without being authorized by any existing law.

Answer 37

Negligence in Access

Question 38

It is when personal information is knowingly or negligently disposed, discard, or **abandon in an area accessible to the public** or has otherwise placed thepersonal information of an individual in any container for trash collection

Answer 38

Improper disposal

Question 39

It is when personal information is processed for purposes not authorized by the data subject, or otherwise authorized by any existing laws.

Answer 39

Unauthorized Purpose

Question 40

It is when an individual handling personal information knowingly and unlawfully, or violating data confidentiality and security data systems, **breaks in any way into any system where personal and sensitive personal information are stored.**

Answer 40

Unauthorized Access/Intentional Breach

Question 41

It is when an individual handling personal information knowingly and unlawfully, or violating data confidentiality and security data systems, *breaks in any way into any system where personal and sensitive personal information are stored.*

Answer 41

Unauthorized Access/Intentional Breach

Question 42

It is when an individual or entity who has knowledge of a security breach and of the obligation to notify the Commission pursuant to Section 20(f) of the Act, intentionally or by omission conceals the fact of such security breach.

Answer 42

Concealed Breach

Question 43

It is when an individual or entity with malice or in bad faith, discloses unwarranted or false information relative to any personal information or sensitive personal information obtained by him or her

Answer 43

Malicious Disclosure

Question 44

It is when an individual or entity **discloses to third party personal information** not covered by legitimate purpose, lawful criteria, and **without the consent of the data subject.**

Answer 44

Unauthorized Disclosure