INFOTECH COLLEGE OF ARTS AND SCIENCES – Sucat Campus

8347 CAP Bldg. Dr. A. Santos Ave., San Antonio, Paranaque City
PRELIMINARY EXAM
Information Assurance and Security 1
BSIT3-1A & B
Mr. E. Tonio

50 points
Write your answer in your booklet. Do not forget to write your name, section, and subject.
Instructions: Select the correct option for each question.

Part 1: Multiple Choice (30 points) 2 points each!

1. What is the primary purpose of an Intrusion a) ISO (International Organization for

Detection System (IDS) in information security? Standardization)
a) To encrypt sensitive data b) CIA (Central Intelligence Agency)
b) To authenticate users c) FBI (Federal Bureau of Investigation)
c) To detect and respond to unauthorized access or d) NSA (National Security Agency)
attacks
d) To ensure data availability 12. What is the primary purpose of a Security
Information and Event Management (SIEM) system?
2. In the context of cryptography, what is the term for a) To manage digital certificates
a mathematical function that takes a variable and b) To monitor and analyze security events in
transforms it into a fixed-size string of characters? real-time
a) Hash function c) To encrypt data during transmission
b) Key exchange d) To secure physical access to data centers
c) Symmetric encryption
d) Digital signature 13. What is a buffer overflow attack in the context of
cybersecurity?
3. Which of the following authentication methods a) An attack that floods a target system with traffic
relies on a physical characteristic of an individual, b) An attack that exploits weaknesses in password
such as a fingerprint or retina scan? policies
a) Two-factor authentication c) An attack that tricks users into revealing
b) Biometric authentication sensitive information
c) Multi-factor authentication d) An attack that overflows a program's memory
d) Token-based authentication buffer to execute malicious code

4. What is the primary goal of a Public Key 14. Which type of malware is designed to encrypt a
Infrastructure (PKI) in information security? victim's data and demand a ransom for its decryption
a) To encrypt data at rest key?
b) To protect against malware attacks a) Worm
c) To manage digital certificates and enable secure b) Trojan
communication c) Ransomware
d) To ensure physical security of data centers d) Spyware

5. Which encryption algorithm is known for its ability 15. In the context of information security, what is the
to withstand attacks by quantum computers due to term for a deliberate deception to secure an unfair
its mathematical properties? gain?
a) RSA a) Espionage
b) Advanced Encryption Standard (AES) b) Insider threat
c) Data Encryption Standard (DES) c) Deception attack
d) Quantum Encryption Algorithm (QEA) d) Cybersecurity fraud

6. What is a zero-day vulnerability in the context of

cyber threats?
a) A vulnerability that has been known for zero days Acronyms 2 points each (20 points)
b) A vulnerability that is already patched
c) A vulnerability that is exploited before a patch is 1. IDS
available 2. PKI
d) A vulnerability that affects zero computers
3. AES
7. True or False: A VPN (Virtual Private Network)
ensures the complete confidentiality and integrity of 4. VPN
data transmitted over the Internet. 5. SIEM
8. True or False: Social engineering attacks primarily 6. XSS
target technical vulnerabilities in software and
hardware. 7. RBAC
8. DDoS
9. True or False: The primary goal of the CIA triad is to
ensure the availability of data. 9. PoLP
10. True or False: Two-factor authentication (2FA) and 10. ISMS
multi-factor authentication (MFA) are the same
concepts and can be used interchangeably.

11. Which organization develops and publishes

security standards and guidelines for information
security management systems (ISMS)?

1 of page 2