PAF INSURANCE ASSURANCE AND CYBERSECURITY AWARENESS TRAINING

REVIEWER

Module 1 – INFORMATION ASSURANCE

What defenses does host-based intrusion detection have against local network insider attacks?

a.) It compromises the data in a computer

b.) It configures browser to only allow what is needed
c.) It will detect and block some attacks from the threat actor
d.) It causes harm to the computer

Which of the following should you do when you access your information system from an unsecured
workstation, such as an internet cafe, or using a borrowed computer?

a.) Never ever use any website that is https://

b.) Always use the Incognito or Private Mode of Web Browser.
c.) Always change your password every time you access your account on different devices.
d.) Always click the “Remember Password” button.

What is the most basic protection that can be done for desktops, laptops, tablets and smartphones?

a.) Configure browser to only allow is needed

b.) Keep the Operating System up to date
c.) Adjust setting as necessary
d.) Never update software security patches

For whom and for what is information assurance?

a.) Selected personnel accessing the PAF Information Assurance using the PAF network.
b.) All PAF personnel using the PAF information system, network infrastructure, and digital
devices.
c.) Personnel using the PAF network only

Which strategy do retailers employ to make sure that their online customers can't afterwards dispute
making the purchase?

a.) Confidentiality
b.) Authenticity
c.) Non-repudiation
d.) Availability

If you are accessing websites that are http:// , what will happen to all the data that are passing through
the wires?

a.) All the data are unencrypted and may be intercepted.

b.) All the data are secured.
c.) All the data are protected
d.) All the data are encrypted and cannot be intercepted.
 PAF INSURANCE ASSURANCE AND CYBERSECURITY AWARENESS TRAINING
REVIEWER

It involves assurance that all information systems are protected and not tampered with. This also
ensures that the data is an accurate and unchanged representation of the original secure information.

a.) Integrity
b.) Non repudiation
c.) Confidentiality
d.) Authenticity

It is the accessibility and readiness of a system or resource to carry out its intended functions at any
time.

a.) integrity
b.) clarity
c.) availability
d.) authenticity

Bitdefender, Kaspersky, McAfee, and Avast are just some third-party _____________ that can be used to
______________ our PAF information system.

a.) software ; install

b.) antivirus ; protect
c.) virus ; harm
d.) brand ; sell

When is it necessary to change your account's password?

a.) Every three months

b.) Every six months
c.) Every month
d.) Every two months

It is defined as Information Operations that protect and defend the information and its systems by
ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

a.) Information Technology

b.) Information Center
c.) Information Assurance
d.) Information System

Which part of the CIA triad has been compromised when an unauthorized person can access someone
else’ personal information?

a.) Non Repudiation

b.) Authenticity
c.) Confidentiality
d.) Integrity
 PAF INSURANCE ASSURANCE AND CYBERSECURITY AWARENESS TRAINING
REVIEWER

Your officemate test results from his most recent exam have accidentally been sent to you. Which part of
the CIA triad has been compromised?

a.) Integrity
b.) Authenticity
c.) Confidentiality
d.) Availability

Which of the following can help to ensure the integrity of the data?

a.) Send the document twice

b.) Use excel file with a password
c.) Use encryption and hash algorithm
d.) Save in exclusive USB

What is the most common access method to an outside network?

a.) Email
b.) Voice over internet protocol
c.) Microsoft word
d.) Web browser

Which attack could be done by anyone with physical access?

a.) Insider attack from Local Network

b.) Insider attack from Local System

MODULE 2 - CYBERSECURITY

Publishing malicious apps, repackaging legitimate apps, using fake security apps and smishing are
examples of ______________________.

a.) computer based-social engineering

b.) homebased social engineering
c.) Mobile based social engineering

It is the practice of sending an illegitimate email falsely claiming to be from a legitimate site in an
attempt to acquire a user's personal information.

a.) Mimic
b.) Phishing
c.) Vishing

A type of social engineering which gathers sensitive information by interaction.

a.) Computer based Social Engineering

b.) Person based Social Engineering
c.) Mobile based Social Engineering
d.) Human Based Social Engineering
 PAF INSURANCE ASSURANCE AND CYBERSECURITY AWARENESS TRAINING
REVIEWER

These terms are used to describe those who seek to exploit weaknesses in software and computer
systems for their own gain, except for?

a.) intruder
b.) ethical hacker
c.) hacker
d.) attacker

It refers when an authorized individual unintentionally permits an unauthorized person or device to get
access to, pass through, or connect to a secure door or network.

a.) Vishing
b.) Tailgating
c.) Piggybacking
d.) Phishing

It is an impersonation technique in which the attacker trick individuals to reveal personal information
using voice technology

a.) Vishing
b.) Spoofing
c.) Mimic
d.) Phishing

A situation in which an unauthorized person can view another user's display or keyboard to learn their
password or other confidential information is referred to as:

a.) Spear phishing

b.) Tailgating
c.) Shoulder surfing
d.) Spoofing

The following are the types of social engineering, except for:

a.) homebased social engineering

b.) computer based-social engineering
c.) mobile based social engineering
d.) creating virus

Cyber Security is protecting networks, devices, & data from unauthorized access & the practice of
ensuring confidentiality, integrity, and ___________.

a.) mendacity
b.) availability
c.) publicity
d.) duplicity
 PAF INSURANCE ASSURANCE AND CYBERSECURITY AWARENESS TRAINING
REVIEWER

While conducting web research that would help in making a better purchasing decision, a user visits a
series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app
intentionally infected with malware. Which social engineering principle applies to this attack scenario?

a.) Authority
b.) Scarcity
c.) Consensus
d.) Intimidation

These are windows that suddenly pop-up, while surfing the internet and ask for the user's information to
login or sign in.

a.) Pop-up Windows

b.) Hoax Letters
c.) Spam Email
d.) Instant Chat Messenger

The most common human-based social engineering technique where the attacker pretends to be
someone legitimate or an authorized person.

a.) Vishing
b.) Phishing
c.) Impersonation

A type of social engineering which is carried out with the use of desktop and laptop

a.) Computer based social engineering

b.) Human based social engineering
c.) Mobile base social engineering

A type of social engineering which published malicious apps and repacking of legitimate apps.

a.) Human based social engineering

b.) Person based social engineering
c.) Mobile based social engineering
d.) Computer based social engineering

Social engineering technique whereby attackers, under the disguise of a legitimate request, attempt to
gain access to confidential information is commonly referred to as:

a.) Phishing
b.) Backdoor access
c.) Privilege escalation
d.) Shoulder surfing
 PAF INSURANCE ASSURANCE AND CYBERSECURITY AWARENESS TRAINING
REVIEWER

An act of unauthorized listening to conversations or reading messages.

a.) Shoulder surfing

b.) Eavesdropping
c.) Dumpster driving
d.) Phishing

It refers to flaws in software, firmware, or hardware that can be exploited by an attacker to perform
unauthorized actions on a system.

a.) Variables
b.) Hardware
c.) Vulnerabilities
d.) Software

These terms are used to describe those who seek to exploit weaknesses in software and computer
systems for their own gain, except for?

a.) Hacker
b.) Attacker
c.) Ethical hacker
d.) Intruder

MODULE 3 – COMPUTER SECURITY

A hardware device or small software program that monitors and records each keystroke on the user's
computer keyboard

a.) keylogger
b.) trojan
c.) root kit
d.) virus

It is used to keep the operating system and other software up-to-date.

a.) backdoors
b.) software updates
c.) malwares
d.) windows

It is one of the Windows security features that lets you see any threats that currently exist on your
device and the device's scanned history.

a.) App and browser control

b.) Account protection
c.) Firewall and network protection
d.) Virus & threat protection
 PAF INSURANCE ASSURANCE AND CYBERSECURITY AWARENESS TRAINING
REVIEWER

Protects computers, information, and services from unauthorized access, change, or destruction.

a.) Document security

b.) File security
c.) Computer security

Self-replicating virus that does not alter files but resides in the computer memory and replicates itself.

a.) rootkit
b.) keylogger
c.) worm
d.) backdoor

A set of programs or utilities that allows someone to maintain root-level access to the system.

a.) rootkit
b.) keylogger
c.) worm
d.) logic bomb

It ensures that system changes are made only with the administrator's approval.

a.) user account control

b.) system patch
c.) antivirus
d.) guest

The following are the main objectives of computer security, except for?

a.) Confidentiality
b.) Availability
c.) Integrity
d.) Authenticity

_____ keeps the user abreast of the latest online threats without the user having to visit the vendors
website to stay up to date

a.) Dont update at all

b.) Seasonal updates
c.) Automatic updates

It is triggered when a logical condition is met or on a specific date.

a.) keylogger
b.) rootkit
c.) trojan
d.) logic bomb
 PAF INSURANCE ASSURANCE AND CYBERSECURITY AWARENESS TRAINING
REVIEWER

A program that replicates by copying itself to another program, system boot sector, or documents and
alters or damages the computer files and applications

a.) virus
b.) keylogger
c.) trojan
d.) backdoor

Software vendors usually develop this to address system security flaws

a.) backdoor
b.) malware
c.) patches
d.) worms

Which type of malware is likely the most impactful?

a.) keylogger
b.) works
c.) ransomware
d.) virus

What does UAC stand for?

a.) User Access Control

b.) User Account Control
c.) Unauthorized Access Control
d.) Unauthorized Account Code

Which antivirus approach enables the AV software to either delete or repair the file by removing or
isolating the virus if a piece of code in the file matches that of any virus in the dictionary?

a.) AV software emulates the beggining of each new executable code

b.) Suspicious Behaviour Approach
c.) Virus Dictionary Approach

The shortcut key to lock your Windows computer.

a.) windows key + K

b.) windows key + S
c.) windows key + L
d.) windows key + X

A program that seems to be legitimate but acts maliciously when executed

a.) system patch

b.) worms
c.) ransomware
d.) trojan
 PAF INSURANCE ASSURANCE AND CYBERSECURITY AWARENESS TRAINING
REVIEWER

Which threat to the system security refers to an unauthorized mean of accessing the system and
bypassing the security mechanisms?

a.) backdoor
b.) virus
c.) rootkit
d.) worm

Which password is more secure?

a.) P@ssw0rd
b.) pass123
c.) KeepY0urPassw0rdSafe!
d.) keeppasswordsafe!

Which of the following can be applied to prevent system compromised?

a.) Apply security patches in a timely manner

b.) Accessing the system and bypassing the security mechanism
c.) Install programs that allows someone to maintain root-level access to the system.
d.) Installing program that replicates by copying itself to other programs

______ centralizes the management of users, computers and other objects within the Philippine Air
Force Network.

a.) Telephone directory

b.) File directory
c.) Active directory

Module 4 - FILE MANAGEMENT AND RECOVERY

How would you create multiple levels of security that significantly reduce the risk of a data breach?

a.) By encrypting all your folders and subfolders

b.) By sorting your files once a week
c.) By keeping your files organized
d.) By making duplicate copies of critical datas

It is the process of naming, storing and retrieving the files in an organized and efficient way.

a.) file recovery

b.) file management
c.) data organization

These are copies of files and folders that Windows automatically saves as part of a restore point.

a.) previous versions

b.) file restoration
c.) backup
 PAF INSURANCE ASSURANCE AND CYBERSECURITY AWARENESS TRAINING
REVIEWER

In Recuva, it tells you the possibility of recovering the file.

a.) state
b.) filename
c.) path

This is where you store or keep your data.

a.) folder
b.) cabinet
c.) storage media

It is a file recovery tool that is used to recover deleted files from a medium

a.) File Restoration

b.) Data Backup
c.) Recuva

It is the process of obtaining deleted or damaged files on a medium.

a.) data backup

b.) file recovery
c.) archive

It is a collection of information that the computer stores together as one object.

a.) folder
b.) properties
c.) computer file

These are files that are sometimes referred to as shadow copies.

a.) new versions

b.) previous versions
c.) current versions

Recuva shows all the files that it can find. Each file displayed has a color indication for the likelihood of a
successful recovery. Which color denotes excellent possibility for recovery?

a.) green
b.) yellow
c.) red
d.) orange
 PAF INSURANCE ASSURANCE AND CYBERSECURITY AWARENESS TRAINING
REVIEWER

It is one of the best practices in file management in which you create multiple categories of folders, and
within those categories, there are more specific categories of folders.

a.) Hierarchical System

b.) Delete and Archive
c.) Creating backup
d.) Consisten Naming Convention