feat(curriculum): Create Security and Privacy Quiz (#56479)

Co-authored-by: Roy John Lee <royjohnlee@Roys-MacBook-Pro.local>

curriculum/challenges/english/25-front-end-development/quiz-security-and-privacy/66f1b0a939e913ccd3d4fa18.md

@@ -17,439 +17,439 @@ Answer all of the questions below correctly to pass the quiz.
 
 #### --text--
 
-Placeholder question
+What is the difference between security and privacy?
 
 #### --distractors--
 
-Placeholder distractor 1
+Security handles identity verification, whereas privacy handles encryption.
 
 ---
 
-Placeholder distractor 2
+Security ensures the accuracy of data, whereas privacy focuses on data anonymity.
 
 ---
 
-Placeholder distractor 3
+Security monitors data integrity to prevent corruption, whereas privacy restricts the sharing of data between authorized users.
 
 #### --answer--
 
-Placeholder answer
+Security involves protecting data from unauthorized access, whereas privacy involves controlling who can access the data.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+What is the main reason HTTPS is important for websites?
 
 #### --distractors--
 
-Placeholder distractor 1
+It allows for more data storage capacity when visiting a website. 
 
 ---
 
-Placeholder distractor 2
+It restricts websites from accessing specific data from the user.
 
 ---
 
-Placeholder distractor 3
+It protects users from potential malware that may go undetected by the website. 
 
 #### --answer--
 
-Placeholder answer
+It encrypts the information shared between the user and the website.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+What does HTTPS stand for?
 
 #### --distractors--
 
-Placeholder distractor 1
+HighText Transfer Protocol Secure.
 
 ---
 
-Placeholder distractor 2
+HyperText Transfer Protocol Service.
 
 ---
 
-Placeholder distractor 3
+HyperText Transmission Protocol Secure.
 
 #### --answer--
 
-Placeholder answer
+HyperText Transfer Protocol Secure.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+Why does the Same-Origin Policy exist in web browsers? 
 
 #### --distractors--
 
-Placeholder distractor 1
+To allow webpages to access resources from domains without restrictions, thereby enabling seamless integration of content.
 
 ---
 
-Placeholder distractor 2
+To ensure that all webpages are encrypted during data transfer.
 
 ---
 
-Placeholder distractor 3
+To allow scripts to automatically run on all web pages when making a request. 
 
 #### --answer--
 
-Placeholder answer
+To prevent data leaks by restricting web pages from making requests to domains outside of their own.  
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+What does CORS do in web development? 
 
 #### --distractors--
 
-Placeholder distractor 1
+Increases the speed of webpages by preventing them from overloading their cache.
 
 ---
 
-Placeholder distractor 2
+Ensures that all scripts on a web page run in a single-threaded environment.
 
 ---
 
-Placeholder distractor 3
+Encrypts all cross-origin network communications, preventing memory leaks. 
 
 #### --answer--
 
-Placeholder answer
+Enables web pages to securely request resources from different domains.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+Which of the following CORS headers is responsible for permitting HTTP methods for cross-origin requests?
 
 #### --distractors--
 
-Placeholder distractor 1
+`Access-Control-Expose-Headers`
 
 ---
 
-Placeholder distractor 2
+`Access-Control-Allow-Credentials`
 
 ---
 
-Placeholder distractor 3
+`Access-Control-Allow-Headers`
 
 #### --answer--
 
-Placeholder answer
+`Access-Control-Allow-Methods`
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+What is the potential security or privacy risk associated with the use of cookies?
 
 #### --distractors--
 
-Placeholder distractor 1
+Cookies store unencrypted settings and preferences.
 
 ---
 
-Placeholder distractor 2
+Cookies can be accessed by third-party advertisers to cater to user interests.
 
 ---
 
-Placeholder distractor 3
+Cookies enhance page load speed by storing user data; however, this can prevent your local machine from detecting abnormalities.
 
 #### --answer--
 
-Placeholder answer
+Cookies may store session data that can potentially be intercepted or exploited by a malicious user.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+Which of the following best describes a tracking cookie?
 
 #### --distractors--
 
-Placeholder distractor 1
+A cookie that saves a user's login credentials for the current session.
 
 ---
 
-Placeholder distractor 2
+A cookie that stores user settings and preferences to enhance load speed in future sessions.
 
 ---
 
-Placeholder distractor 3
+A cookie that stores user settings and preferences across all devices.
 
 #### --answer--
 
-Placeholder answer
+A cookie that monitors user behavior across all websites for advertising purposes.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+Which of the following is a common web security issue?
 
 #### --distractors--
 
-Placeholder distractor 1
+Insecure Direct Object References 
 
 ---
 
-Placeholder distractor 2
+Distributed Denial of Service
 
 ---
 
-Placeholder distractor 3
+SQL Injection
 
 #### --answer--
 
-Placeholder answer
+Cross-Site Scripting 
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+Which of the following is an effective against Cross-Site Request Forgery attacks?
 
 #### --distractors--
 
-Placeholder distractor 1
+Encrypting all data inputted by the user.
 
 ---
 
-Placeholder distractor 2
+Setting a short cookie expiration date.
 
 ---
 
-Placeholder distractor 3
+Using SSL certificates to securely transmit data and verify domain ownership.
 
 #### --answer--
 
-Placeholder answer
+Using CSRF tokens and SameSite cookies to validate all requests.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+What is the purpose of Content Security Policy (CSP)
 
 #### --distractors--
 
-Placeholder distractor 1
+To encrypt all user login credentials before sending them to the server
 
 ---
 
-Placeholder distractor 2
+To protect data from unauthorized access. 
 
 ---
 
-Placeholder distractor 3
+To monitor user behavior and activity on a website
 
 #### --answer--
 
-Placeholder answer
+To restrict the sources of resources and prevent the execution of malicious scripts.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+What is the role of permission policies in web security?
 
 #### --distractors--
 
-Placeholder distractor 1
+To prevent the installation of unauthorized software.
 
 ---
 
-Placeholder distractor 2
+To grant or deny access to data that is stored on the user's device.
 
 ---
 
-Placeholder distractor 3
+To restrict all JavaScript and TypeScript execution within the user's browser.
 
 #### --answer--
 
-Placeholder answer
+To specify which browser features a website is allowed to use (e.g., camera access or location).
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+Which one of these is an example of Personally Identifiable Information (PII)?
 
 #### --distractors--
 
-Placeholder distractor 1
+City or Zip Code
 
 ---
 
-Placeholder distractor 2
+Gender
 
 ---
 
-Placeholder distractor 3
+Device Type
 
 #### --answer--
 
-Placeholder answer
+Name or Email
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+What is the consequence of a PII data breach?
 
 #### --distractors--
 
-Placeholder distractor 1
+Minor inconvenience with no long-term impact.
 
 ---
 
-Placeholder distractor 2
+Increase search engine ranking.
 
 ---
 
-Placeholder distractor 3
+Increase transparency of user data for internal reporting.
 
 #### --answer--
 
-Placeholder answer
+Identity theft, financial loss, and legal consequences.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+What are key strategies for organizations to protect PII while ensuring user privacy and confidentiality?
 
 #### --distractors--
 
-Placeholder distractor 1
+Allow unrestricted access to employee data for transparency.
 
 ---
 
-Placeholder distractor 2
+Sharing PII with third-party vendors to create better market insights.
 
 ---
 
-Placeholder distractor 3
+Using unencrypted storage systems for faster and easier data access.
 
 #### --answer--
 
-Placeholder answer
+Minimizing data collection and only gathering essential information from users.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+Which of the following statements is true about GDPR and COPPA?
 
 #### --distractors--
 
-Placeholder distractor 1
+GDPR is a United States regulation, whereas COPPA is an EU regulation. 
 
 ---
 
-Placeholder distractor 2
+GDPR and COPPA only apply to large corporations.
 
 ---
 
-Placeholder distractor 3
+GDPR focuses on encryption for all websites, while COPPA only applies to companies considered financial institutions
 
 #### --answer--
 
-Placeholder answer
+COPPA focuses on protecting children's data and GDPR is concerned with protecting all user data within the EU.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+Under GDPR, what is required from organizations when collecting user data? 
 
 #### --distractors--
 
-Placeholder distractor 1
+User data must be fully anonymized to protect privacy. 
 
 ---
 
-Placeholder distractor 2
+All data must be encrypted upon collection.
 
 ---
 
-Placeholder distractor 3
+Organizations are not allowed collect data from users that are not residing in the EU.
 
 #### --answer--
 
-Placeholder answer
+Organizations must acquire consent from users before collecting any data. 
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+What is the key difference between authentication and authorization? 
 
 #### --distractors--
 
-Placeholder distractor 1
+Authentication determines access rights, whereas authorization allows users to manage their data.
 
 ---
 
-Placeholder distractor 2
+Authentication grants permissions, and authorization verifies credentials. 
 
 ---
 
-Placeholder distractor 3
+Authentication ensures data integrity and authorization is responsible for encrypting the data.
 
 #### --answer--
 
-Placeholder answer
+Authentication involves verifying a user's identity, while authorization determines their access rights.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+How does Two-Factor Authentication (2FA) contribute to the authentication process?
 
 #### --distractors--
 
-Placeholder distractor 1
+It replaces all passwords with QR codes.
 
 ---
 
-Placeholder distractor 2
+It allows users to enter their password more seamlessly.
 
 ---
 
-Placeholder distractor 3
+It provides a more secure and streamlined verification process.
 
 #### --answer--
 
-Placeholder answer
+It adds an extra layer of security by requiring additional verification.
 
 ### --question--
 
 #### --text--
 
-Placeholder question
+Which of the following is an example of an authorization process?
 
 #### --distractors--
 
-Placeholder distractor 1
+Sending a user's verification code to different devices.
 
 ---
 
-Placeholder distractor 2
+Allowing employees unrestricted access to all company data. 
 
 ---
 
-Placeholder distractor 3
+Verifying if the email is associated with a human during sign-up.
 
 #### --answer--
 
-Placeholder answer
+Allowing users with a manager role to view employee records.