GRANBY COLLEGES OF SCIENCE & TECHNOLOGY

College of Information and Communication Technology

Naic, Cavite, Philippines
Tel: (046) 412-0437

Page | 1
Name: Score:
Year and Section: Date:

MIDTERM EXAMINATION
COMPUTER SECURITY AND INFORMATION ASSURANCE

GENERAL INSTRUCTION: This is a closed book exam, and no reference books and materials are allowed. No electronic
devices are allowed. All answer should be in uppercase. Any form of erasures or alterations are considered WRONG.
I. IDENTIFICATION: Identify what is being asked in the following sentence. Indicate your answer in the space
provided. 2pts each
1. _____________________is a type of malware that restricts your access to systems and files, typically by
encryption and then demands a ransom to restore access?
2. _____________________A type of security policies that is a documented the outlines the rules and procedures for
remote access to an organization's network and resources.
3. _____________________is a vast subject that consists of hacking the different software-based technological
systems such as laptops, desktops, etc.
4. _____________________the gathering of information about a potential system or network (the fine art of gathering
target information) and also known as fingerprinting.
5. _____________________Protecting information from unauthorized access and disclosure
6. _____________________A type of hackers that acting for morally good reason.
7. _____________________This security measure is designed to establish the validity of a transmission, message, or
originator, or a means of verifying an individual’s authorization to receive specific information.
8. _____________________is a set of rules, procedures, and guidelines that dictate how an organization or system
should maintain the confidentiality, integrity, and availability of sensitive information and systems.
9. _____________________is programming code that is designed to execute or explode when a certain condition is
reached.
10. _____________________is a comprehensive document that outlines the measures an organization will take to
protect its sensitive information and systems.
11. _____________________A type of security plan that specifies the steps that should be taken to keep the business
running in the event of a disruption, such as a power outage or cyber-attack.
12. _____________________The propagation of laptops, tablets and other portable devices increases the risk that
they will be lost or stolen.
13. _____________________A type of security policies that set of rules and guidelines that define how passwords
should be created, managed, and used.
14. _____________________refers to the body of technologies, processes, and practices designed to protect
networks, devices, programs, and data from attack, damage, or unauthorized access.
15. _____________________where legal proceedings are concerned.
16. _____________________Measures that protect and defend information and information systems by ensuring their
availability, integrity, authentication, confidentiality, and non-repudiation.
17. _____________________is the creation and application of technologies to produce and deliver goods and services
with minimal human intervention.
 GRANBY COLLEGES OF SCIENCE & TECHNOLOGY
College of Information and Communication Technology
Naic, Cavite, Philippines
Tel: (046) 412-0437

Page | 2
18. _____________________is the collection, reporting, and analysis of website data.
19. _____________________is an integration of sensors, controls, and actuators designed to perform a function with
minimal or no human intervention.
20. _____________________data has not been altered in an unauthorized manner (access level)
21. _____________________refers to the practice of creating fake emails or SMS that appear to come from someone
you trust, such as: Bank, Credit Card Company, Popular Websites
22. _____________________also known as malicious software
23. _____________________is the process of discovering, interpreting, and communicating significant patterns in
data.
24. _____________________is a program or software designed to look like a useful or legitimate file.
25. _____________________is someone who hacks into government networks and systems to draw attention to a
political or social cause
26. _____________________also known as penetration testing or white-hat hacking, involves the same tools, tricks,
and techniques that hackers use.
27. _____________________is a big data and predictive analytics are redefining how businesses succeed.
28. _____________________is a branch of engineering that involves the conception, design, manufacture and
operation of robots.
29. _____________________identifies the risks faced by an organization and outlines the steps that should be taken
to manage those risks.
30. _____________________the industry that is extremely vast and progressive.
31. _____________________are hired by organizations to bug-test a new software or system network before it’s
released.
32. _____________________are amateur hackers who don’t possess the same level of skill or expertise as more
advanced hackers in the field.
33. _____________________are individuals who employ a cyberattack from within the organization they work for.
34. _____________________is a crucial componentof the overall risk management process within an organization,
providing a detailed description of the security measures in place and serving as a reference for system security.
35. _____________________is the science of analyzing raw data to make conclusions about that information.

II. TRUE or FALSE: Write security if the statement is true or cybersecurity if the statement is false. Write your
answer in the space provided. 2pts each

1. _________________Cybersecurity is IT's responsibility. The everyday end users in the office don't need to worry
about this topic.
2. _________________Software and application updates are not important and can just be ignored.
3. _________________Major companies like Netflix, Google, PayPal and FedEx are often the spoofed sender of
phishing messages.
4. _________________Analytics helps an organization make better decisions
5. _________________Attachments should always be treated with caution, even if you know the sender.
6. _________________Using two-factor authentication is not an effective tool for securing your accounts.
7. _________________Analytics decrease the efficiency of the work
8. _________________Risk Control focuses on implementing solutions to manage risks effectively. It includes risk
avoidance, prevention, and reduction.
 GRANBY COLLEGES OF SCIENCE & TECHNOLOGY
College of Information and Communication Technology
Naic, Cavite, Philippines
Tel: (046) 412-0437

Page | 3
9. _________________I have anti-virus protection, so when it comes to network security, I'm all set.
10. _________________Automation needs large capital expenditure
11. _________________Automation can increased productivity
12. _________________Analytics can have higher production rates
13. _________________Ethical Hacking helps in closing the open holes in the system network.
14. _________________Systematic Risk is also called asset-specific risk, this type of risk is specific to an individual
investment. It represents uncertainties related to a particular company or asset.
15. _________________The automation keeps you updated of your customer behavioural changes
16. _________________Improving quantity of products and services
17. _________________Security Policy is a comprehensive document that outlines an organization's approach to
managing and mitigating information security risks. It provides a structured framework for implementing security
measures and controls to safeguard sensitive information, systems, and networks.
18. _________________Interest Rate Risk is related to a company's capital structure. It includes factors such as the
degree of financial leverage (debt burden) and the company's ability to manage its financial obligations
19. _________________Operational Planning is the most detailed level of planning, focusing on day to day activities
and processes required to meet tactical objectives. It involves short term planning to support daily operations.
20. _________________Planning misalignment refers to a situation where there is a lack of coherence or
synchronization between different levels of planning within an organization.

III. MULTIPLE CHOICE. Choose and encircle the word of the correct answer from the options given in each item.
2pts each
1. A technology firm maintains an alternate site that is running 24/7, and operations can be moved to this location
in the event of a major disaster. (Confidentiality, Integrity, Availability)
2. A hospital only allows authorized healthcare personnel within one department access to patient Personal
Identifiable Information. When employees move to another department, that access is revoked. (Confidentiality,
Integrity, Availability)
3. Employees need to have key cards in order to enter their company offices. (Confidentiality, Integrity,
Availability)
4. A company hashes their data files in order to monitor whether information has been tampered with.
(Confidentiality, Integrity, Availability)
5. Only authorized personnel at a company have write access to certain files. All other employees have only read
access to these files. (Confidentiality, Integrity, Availability)
6. A company employs redundant servers, which means that these systems are duplicated, and in the event of a
malfunction, one server will fail over to other. (Confidentiality, Integrity, Availability)
7. A company's network infrastructure uses load balancers which will distribute the "load" of tasks such as file
requests and data routing to a variety of servers, thereby ensuring that no single device is overburdened.
(Confidentiality, Integrity, Availability)
8. A hacker uses a man-in-the-middle attack to intercept wireless traffic from users. (Confidentiality, Integrity,
Availability)
9. A hacker was able to crack a hashed message and change its contents. (Confidentiality, Integrity, Availability)
10. A hacker launched a DoS attack which flooded a website with unwanted traffic from a number of computers and
took the site offline. (Confidentiality, Integrity, Availability)
 GRANBY COLLEGES OF SCIENCE & TECHNOLOGY
College of Information and Communication Technology
Naic, Cavite, Philippines
Tel: (046) 412-0437

Page | 4

IV. MODIFIED IDENTIFICATION. Identity what is being asked on the following question. Choose your answers on
the box. Write your answer on the space provided. 2pts each
Access Control Risk Identification Risk Management Strategic Planning Bring Your Own
Policy Device (BYOD)
Policy)
Operational Risk Security Plan Physical Security Resistance to Risk Management
Policy Change Framework (RMF)
Legal Risk Risk Financing Risk Analysis Disaster Recovery Avoidance
Plan

Security Policy Loss Prevention Systematic Risk Risk Control Business

and Reduction Continuity Plan

1. _____________________ Is a set of rules, procedures, and guidelines that dictate how an organization or system should
maintain the confidentiality, integrity, and availability of sensitive information and systems.
2. _____________________This principle involves identifying the risks presented in a given scenario. Whether it's crossing
the street, purchasing a home, or making business decisions, understanding the risks is essential.
3. _____________________ Is the highest level of planning, concerned with defining the organization's long term goals,
objectives, and overall direction. It involves making decisions that shape the organization's future.
4. _____________________is the systematic process of identifying, assessing, and mitigating threats or uncertainties that
can affect an organization. It involves analyzing the likelihood and impact of risks, developing strategies to minimize harm,
and monitoring the effectiveness of those measures.
5. _____________________focuses on implementing solutions to manage risks effectively. It includes risk avoidance,
prevention, and reduction.
6. _____________________Specifies the steps that should be taken to keep the business running in the event of a
disruption, such as a power outage or cyber attack.
7. _____________________This principle deals with how an organization funds its risk management efforts. It includes
insurance, self-insurance, and other financial strategies.
8. _____________________This type of risk is also known as market risk. It represents the overall impact of the market on
an investment.
9. _____________________When risk cannot be avoided, the effect of loss can often be minimized in terms of frequency
and severity.
 GRANBY COLLEGES OF SCIENCE & TECHNOLOGY
College of Information and Communication Technology
Naic, Cavite, Philippines
Tel: (046) 412-0437

10. _____________________Define who can access Page

what |resources,
5
under what conditions, and with what level of
privileges or restrictions.
11. _____________________relates to a company's day-to-day operations. It includes supply chain disruptions, product
delivery issues, and other operational challenges.
12. _____________________is a comprehensive document that outlines an organization's approach to managing and
mitigating information security risks. It provides a structured framework for implementing security measures and controls to
safeguard sensitive information, systems, and networks.
13. _____________________This policy outlines the procedures for securing an organization's physical assets, such as
facilities, equipment, and personnel.
14. _____________________Pushback against new policies can disrupt planned security measures.
15. _____________________provides a comprehensive, flexible, repeatable, and measurable 7-step process that any
organization can use to manage information security and privacy risk for organizations and systems and links to a suite of
NIST standards and guidelines.
16. _____________________Outlines the rules and procedures for employees who use their personal devices to access an
organization's resources and systems.
17. _____________________After identifying risks, the next step is analyzing them. This involves gathering data and
assessing the potential impact.
18. _____________________Outlines the steps that should be taken to recover from a disaster, such as a cyber attack or
natural disaster
19. _____________________Many times it is not possible to completely avoid risk but the possibility should not be
overlooked.
20. _____________________Legal uncertainties arise from lawsuits, regulatory compliance, and the freedom to operate.
Companies must manage legal risks to avoid financial losses.
V. ESSAY: Write your insight about the given scenario.

1. One of the staff members in ITS subscribes to several free IT magazines. Among the questions she was asked to
activate her subscriptions, one magazine asked for her month of birth, a second asked for her year of birth, and a
third asked for her mother's maiden name. What do you think might be going on here?
2. You receive an email from your bank telling you there is a problem with your account. The email provides
instructions and a link so you can log in to your account and fix the problem. What should you do?

BONUS QUESTION: Give one example of UCSC’s password requirements to secure your credentials.