From 81cbd18bf263d2ace703b04924f7dbbeff71b41f Mon Sep 17 00:00:00 2001 From: Roy John Lee Date: Mon, 7 Oct 2024 00:59:59 -0700 Subject: [PATCH] feat(curriculum): Create Security and Privacy Quiz (#56479) Co-authored-by: Roy John Lee --- .../66f1b0a939e913ccd3d4fa18.md | 200 +++++++++--------- 1 file changed, 100 insertions(+), 100 deletions(-) diff --git a/curriculum/challenges/english/25-front-end-development/quiz-security-and-privacy/66f1b0a939e913ccd3d4fa18.md b/curriculum/challenges/english/25-front-end-development/quiz-security-and-privacy/66f1b0a939e913ccd3d4fa18.md index 027bbea383e..edae60aef00 100644 --- a/curriculum/challenges/english/25-front-end-development/quiz-security-and-privacy/66f1b0a939e913ccd3d4fa18.md +++ b/curriculum/challenges/english/25-front-end-development/quiz-security-and-privacy/66f1b0a939e913ccd3d4fa18.md @@ -17,439 +17,439 @@ Answer all of the questions below correctly to pass the quiz. #### --text-- -Placeholder question +What is the difference between security and privacy? #### --distractors-- -Placeholder distractor 1 +Security handles identity verification, whereas privacy handles encryption. --- -Placeholder distractor 2 +Security ensures the accuracy of data, whereas privacy focuses on data anonymity. --- -Placeholder distractor 3 +Security monitors data integrity to prevent corruption, whereas privacy restricts the sharing of data between authorized users. #### --answer-- -Placeholder answer +Security involves protecting data from unauthorized access, whereas privacy involves controlling who can access the data. ### --question-- #### --text-- -Placeholder question +What is the main reason HTTPS is important for websites? #### --distractors-- -Placeholder distractor 1 +It allows for more data storage capacity when visiting a website. --- -Placeholder distractor 2 +It restricts websites from accessing specific data from the user. --- -Placeholder distractor 3 +It protects users from potential malware that may go undetected by the website. #### --answer-- -Placeholder answer +It encrypts the information shared between the user and the website. ### --question-- #### --text-- -Placeholder question +What does HTTPS stand for? #### --distractors-- -Placeholder distractor 1 +HighText Transfer Protocol Secure. --- -Placeholder distractor 2 +HyperText Transfer Protocol Service. --- -Placeholder distractor 3 +HyperText Transmission Protocol Secure. #### --answer-- -Placeholder answer +HyperText Transfer Protocol Secure. ### --question-- #### --text-- -Placeholder question +Why does the Same-Origin Policy exist in web browsers? #### --distractors-- -Placeholder distractor 1 +To allow webpages to access resources from domains without restrictions, thereby enabling seamless integration of content. --- -Placeholder distractor 2 +To ensure that all webpages are encrypted during data transfer. --- -Placeholder distractor 3 +To allow scripts to automatically run on all web pages when making a request. #### --answer-- -Placeholder answer +To prevent data leaks by restricting web pages from making requests to domains outside of their own. ### --question-- #### --text-- -Placeholder question +What does CORS do in web development? #### --distractors-- -Placeholder distractor 1 +Increases the speed of webpages by preventing them from overloading their cache. --- -Placeholder distractor 2 +Ensures that all scripts on a web page run in a single-threaded environment. --- -Placeholder distractor 3 +Encrypts all cross-origin network communications, preventing memory leaks. #### --answer-- -Placeholder answer +Enables web pages to securely request resources from different domains. ### --question-- #### --text-- -Placeholder question +Which of the following CORS headers is responsible for permitting HTTP methods for cross-origin requests? #### --distractors-- -Placeholder distractor 1 +`Access-Control-Expose-Headers` --- -Placeholder distractor 2 +`Access-Control-Allow-Credentials` --- -Placeholder distractor 3 +`Access-Control-Allow-Headers` #### --answer-- -Placeholder answer +`Access-Control-Allow-Methods` ### --question-- #### --text-- -Placeholder question +What is the potential security or privacy risk associated with the use of cookies? #### --distractors-- -Placeholder distractor 1 +Cookies store unencrypted settings and preferences. --- -Placeholder distractor 2 +Cookies can be accessed by third-party advertisers to cater to user interests. --- -Placeholder distractor 3 +Cookies enhance page load speed by storing user data; however, this can prevent your local machine from detecting abnormalities. #### --answer-- -Placeholder answer +Cookies may store session data that can potentially be intercepted or exploited by a malicious user. ### --question-- #### --text-- -Placeholder question +Which of the following best describes a tracking cookie? #### --distractors-- -Placeholder distractor 1 +A cookie that saves a user's login credentials for the current session. --- -Placeholder distractor 2 +A cookie that stores user settings and preferences to enhance load speed in future sessions. --- -Placeholder distractor 3 +A cookie that stores user settings and preferences across all devices. #### --answer-- -Placeholder answer +A cookie that monitors user behavior across all websites for advertising purposes. ### --question-- #### --text-- -Placeholder question +Which of the following is a common web security issue? #### --distractors-- -Placeholder distractor 1 +Insecure Direct Object References --- -Placeholder distractor 2 +Distributed Denial of Service --- -Placeholder distractor 3 +SQL Injection #### --answer-- -Placeholder answer +Cross-Site Scripting ### --question-- #### --text-- -Placeholder question +Which of the following is an effective against Cross-Site Request Forgery attacks? #### --distractors-- -Placeholder distractor 1 +Encrypting all data inputted by the user. --- -Placeholder distractor 2 +Setting a short cookie expiration date. --- -Placeholder distractor 3 +Using SSL certificates to securely transmit data and verify domain ownership. #### --answer-- -Placeholder answer +Using CSRF tokens and SameSite cookies to validate all requests. ### --question-- #### --text-- -Placeholder question +What is the purpose of Content Security Policy (CSP) #### --distractors-- -Placeholder distractor 1 +To encrypt all user login credentials before sending them to the server --- -Placeholder distractor 2 +To protect data from unauthorized access. --- -Placeholder distractor 3 +To monitor user behavior and activity on a website #### --answer-- -Placeholder answer +To restrict the sources of resources and prevent the execution of malicious scripts. ### --question-- #### --text-- -Placeholder question +What is the role of permission policies in web security? #### --distractors-- -Placeholder distractor 1 +To prevent the installation of unauthorized software. --- -Placeholder distractor 2 +To grant or deny access to data that is stored on the user's device. --- -Placeholder distractor 3 +To restrict all JavaScript and TypeScript execution within the user's browser. #### --answer-- -Placeholder answer +To specify which browser features a website is allowed to use (e.g., camera access or location). ### --question-- #### --text-- -Placeholder question +Which one of these is an example of Personally Identifiable Information (PII)? #### --distractors-- -Placeholder distractor 1 +City or Zip Code --- -Placeholder distractor 2 +Gender --- -Placeholder distractor 3 +Device Type #### --answer-- -Placeholder answer +Name or Email ### --question-- #### --text-- -Placeholder question +What is the consequence of a PII data breach? #### --distractors-- -Placeholder distractor 1 +Minor inconvenience with no long-term impact. --- -Placeholder distractor 2 +Increase search engine ranking. --- -Placeholder distractor 3 +Increase transparency of user data for internal reporting. #### --answer-- -Placeholder answer +Identity theft, financial loss, and legal consequences. ### --question-- #### --text-- -Placeholder question +What are key strategies for organizations to protect PII while ensuring user privacy and confidentiality? #### --distractors-- -Placeholder distractor 1 +Allow unrestricted access to employee data for transparency. --- -Placeholder distractor 2 +Sharing PII with third-party vendors to create better market insights. --- -Placeholder distractor 3 +Using unencrypted storage systems for faster and easier data access. #### --answer-- -Placeholder answer +Minimizing data collection and only gathering essential information from users. ### --question-- #### --text-- -Placeholder question +Which of the following statements is true about GDPR and COPPA? #### --distractors-- -Placeholder distractor 1 +GDPR is a United States regulation, whereas COPPA is an EU regulation. --- -Placeholder distractor 2 +GDPR and COPPA only apply to large corporations. --- -Placeholder distractor 3 +GDPR focuses on encryption for all websites, while COPPA only applies to companies considered financial institutions #### --answer-- -Placeholder answer +COPPA focuses on protecting children's data and GDPR is concerned with protecting all user data within the EU. ### --question-- #### --text-- -Placeholder question +Under GDPR, what is required from organizations when collecting user data? #### --distractors-- -Placeholder distractor 1 +User data must be fully anonymized to protect privacy. --- -Placeholder distractor 2 +All data must be encrypted upon collection. --- -Placeholder distractor 3 +Organizations are not allowed collect data from users that are not residing in the EU. #### --answer-- -Placeholder answer +Organizations must acquire consent from users before collecting any data. ### --question-- #### --text-- -Placeholder question +What is the key difference between authentication and authorization? #### --distractors-- -Placeholder distractor 1 +Authentication determines access rights, whereas authorization allows users to manage their data. --- -Placeholder distractor 2 +Authentication grants permissions, and authorization verifies credentials. --- -Placeholder distractor 3 +Authentication ensures data integrity and authorization is responsible for encrypting the data. #### --answer-- -Placeholder answer +Authentication involves verifying a user's identity, while authorization determines their access rights. ### --question-- #### --text-- -Placeholder question +How does Two-Factor Authentication (2FA) contribute to the authentication process? #### --distractors-- -Placeholder distractor 1 +It replaces all passwords with QR codes. --- -Placeholder distractor 2 +It allows users to enter their password more seamlessly. --- -Placeholder distractor 3 +It provides a more secure and streamlined verification process. #### --answer-- -Placeholder answer +It adds an extra layer of security by requiring additional verification. ### --question-- #### --text-- -Placeholder question +Which of the following is an example of an authorization process? #### --distractors-- -Placeholder distractor 1 +Sending a user's verification code to different devices. --- -Placeholder distractor 2 +Allowing employees unrestricted access to all company data. --- -Placeholder distractor 3 +Verifying if the email is associated with a human during sign-up. #### --answer-- -Placeholder answer +Allowing users with a manager role to view employee records.