Cybersecurity and Methods of Securing Information
A man-in-the-mobile and a man-in-the-middle attack have what similar qualities? (2) a. harvesting personal information is the goal of each cyber intrusion b. the user may not know the malware has infected the device c. disrupting the device operating system is a common symptom of attack d. the malware relies on programming computer code
a. b.
A university's network was severely compromised by a systemwide attack that made accessing records impossible. All files were encrypted and the tech team didn't have the key. Administrators received what was essentially a ransom note: the network wold be restored after they paid a million dollars to an unknown actor. Which factors strongly influenced university administrators decision whether or not to comply? (2) a. whether the university's tech support team could decrypt the files themselves b. whether law enforcement could be identified and force the bad actor to decrypt the files c. whether the tech team could locate records and perform other functions manually d. whether the university could receive backup help from local government.
a. b.
In a DoS attack, what happens after a hacker has established a botnet? (2) a. the hacker now has a group of network computers under their control b. the hacker directs zombie computer to simultaneously contact a target IP address c. the hacker uses software to gain unauthorized access to a network of computers d. the hacker can capture data packets sent over the Internet to steal information
a. b.
What does the General Data Protection Regulation (GDPR) strive to achieve? a. to ensure EU companies protect the privacy and personal data of EU citizens b. to ensure EU workers protect the security of their company's data c. to ensure U.S. workers protect the security of their company's data d. to ensure U.S. companies protect the privacy and personal data of U.S. citizens
a. to ensure EU companies protect the privacy and personal data of EU citizens
What is the purpose of social engineering in conduction with ransomware? a. tricks victims into allowing access to data b. encrypts the victim's data c. uses computer code to access data d. tricks victim's computers into sharing information.
a. tricks victims into allowing access to data
Recently, TechJury compiled a list of cybersecurity statistics that show the impact of different malware and network attacks. What percentage of cyberattacks are aimed at small businesses? a. 37% b. 43% c. 22% d. 29%
b. 43%
Alyssa says that no one would risk selling operable or effective malware programs, even on the Dark Web. Why is she wrong? a. it is not possible for authorities to identify the author of malware b. criminal hackers do make money by selling actual malware c. the U.S. Cyber Command tells malware to catch potential hackers d. it is not possible for authorities to track the sale or purchase of malware
b. criminal hackers do make money by selling actual malware
A Trojan horse succeeds through a. a back door b. deceptive access c. quick replication d. input tracking
b. deceptive access
A cybercriminal uses spyware to record all actions typed on a keyboard. This type of spyware is called a(n) a. common logger b. keystroke logger c. touch logger d. input logger
b. keystroke logger
How does spyware potentially harm the individual user? a. spyware erases data without the user's knowledge b. this malware steals confidential information from the suer c. as a virus, spyware replicates itself and invades many areas of a system d. spyware effects changes in a user's operating system
b. this malware steals confidential information from the user
A ___ deliberately modifies the normal operations of a computer or network through the use of malicious code. A. cyberintruder b. cyberthreat c. cyberattack d. computer application
c. cyberattack
Which function of the NIST Cybersecurity Framework calls for an organization to implement plans for resilience? a. respond (RC) function b. protect (PR) function c. identify (ID) function d. recover (RC) function
d. recover (RC) function
Rootkits are typically used to allow tackers to do which of the following? (2) a. create a backdoor into a computer b. remotely control the operations of a computer c. encrypt files d. install drivers
a. b.
In the context of California's SB-327 for IoT Security, an "internet-connected device" ______. (3) a. connects to the internet b. has a bluetooth address c. has an Internet Protocol (IP) address d. has a video camera for online meetings
a. b. c.
The term virus is a useful way to identify this malware for which of the following reasons? (2) a. both biological and computer viruses have the ability to reproduce themselves b. a virus needs a host body or computer system to do its work c. viruses invade a network or biological organism in order to control them d. a computer system or a host body typically builds resistance to a virus over time
a. b.
Which of the following is considered a cybersecurity threat to data at rest? (2) a. data will be altered by unauthorized users b. data will be viewed by unauthorized users data will become irrelevant d. data will be intercepted y unauthorized users
a. b.
What are keystroke loggers? (3) a. keystroke loggers can be hardware devices and software applications b. keystroke loggers can record passwords and confidential information c. organizations often install keystroke loggers to monitor user behavior d. keystroke loggers to monitor user behavior
a. b. c,
According to Norton, which of the following steps should be taken to defend against rootkits? (3) a. don't ignore software updates b. be aware of phishing emails c. watch out for drive-by downloads d. purchase a Mac computer
a. b. c.
Describe the categories of the Recover (RC) function of the NIST Cybersecurity Framework? (3) a. restarting of impaired systems b. improvements to cybersecurity plans c. communication with all stakeholders d. mitigate system damage caused by a cybersecurity event
a. b. c.
Describe the goals of the National Institute of Standards Technology (NIST) Cybersecurity Framework. (3) a. give guidance to organizations who wish to understand potential security breaches b. help organizations develop appropriate policies and procedures to mitigate data breaches c. create an atmosphere where organizations can effectively discuss cybersecurity risks internally and externally d. ensure that all organizations handling data follow strict cybersecurity guidelines.
a. b. c.
Explain how the trojan "EventBot" works. (3) a. aimed at android devices b. steals financial information c. reads and intercepts SMS messages d. can be stopped by two-factor authentication
a. b. c.
From the following list, select all the steps that the Federal Emergency Management Agency (FEMA) recommends businesses take to help protect their systems, data, and information from natural disasters. (3) a. create a business continuity plan b. utilize offsite cloud storage c. store data in different areas across the country d. only store data in areas free from natural
a. b. c.
Mohammed is experiencing issues with his work computer. He speaks to the IT department and they identify various symptoms of a computer virus. What are symptoms of a computer virus? (3) a. the operating system may not launch properly b. critical files may be automatically deleted c. the user may receive unexpected error messages d. the computer may exhibit poor battery performance
a. b. c.
Select three accurate statements that use correct terminology to describe the process denial-of-service (DoS) attacks. a. a hacker uses software to infect computer, laptops, desktops, tablets, and IoT devices, turning each into a zombie b. a DoS attack takes place when a hacker gains unauthorized access to and control of a network of internet-connected computers c. when an IP address is targeted, each zombie computer simultaneously sends requests to that IP address; this can cause the targeted server to slow or even shut down d. a group of computers under the control of a hacker is called a distributed net
a. b. c.
What are keystroke loggers? (3) a. keystroke loggers can be hardware devices and software applications b. keystroke loggers can record passwords and confidential information c. organizations often install keystroke loggers to monitor user behavior d. keystroke loggers cannot be used to monitor employees
a. b. c.
Which of the following is an example of an event that may occur during the respond stage of the plan-protect-respond cycle? (3) a. communicating with law enforcement b. ensuring the appropriate recovery activities occur c. figuring out which areas of the organization were affected by the security breach d. executing the appropriate measures to ensure data cannot be breached
a. b. c.
Which statement about white-hat hackers is true? (3) a. they use the same techniques and tools as illegitimate hackers b. they use breach and attack simulation technologies to automate their work c. their goal is to find gaps in network security and to test security defenses d. they can be prosecuted for their activities which are illegal in most countries
a. b. c.
From the following list, select all examples of different cybersecurity breaches. (4) a. viruses b. spyware c. impersonation d. Distributed Denial of service (DDOS) e. security patches
a. b. c. d.
Which of the following are areas covered by state-specific cybersecurity laws? (3) a. increasing cybersecurity at the state and local level b. addressing security needs of mobile devices c. protecting critical infrastructure form cyber threats d. outlining specific ways individuals data must be protected
a. b. c.
A ____ is committed when a computer is the object of the crime or a computer is used to commit a criminal offense a. cybercrime b. cyberbullying c. cyberattack d. cyberstalking
a. cybercrime
Why is it important to preserve the integrity of data, information, and systems? a. these assets lose their usefulness and value if their consistency, accuracy, or dependability is compromised. b. these assets can only lose integrity during transmissions, which also must be protected for other reasons c. these assets are more appealing to hackers if they are not adequately protected from unauthorized use or harm d. these assets are more vulnerable to hackers if they have been obtained in an unethical or illegal manner.
a. these assets lose their usefulness and value if their consistency, accuracy, or dependability is compromised.
Which of the following acts is an example of social engineering? a. designing secure social networks to facilitate the sharing of opinions and information b. constructing networks that are open to the public and secured against criminal use c. manipulating people in order to obtain and misuse their personal information d. using crowdsourcing to obtain valuable information and populate new databases
c. manipulating people in order to obtain and misuse their personal information
What is the difference between a DDoS attack and a DoS attack? a. a DoS attack starts with a hacker and a DDoS attack comes from an organization b. a DoS attack uses one powerful computer to infect a network and a DDoS creates zombie computers c. a DoS attack is carried out with many source devices and a DDoS is carried out with one source device d. a DoS is carried out with ones source device and a DDoS attack is carried out with many source devices
d.
Which of the Cybersecurity Framework functions calls for quick action on the part of an organizations cybersecurity team to mitigate damage to systems? a. protect (PR) function b. detect (DE) function c. recover (RC) function d. respond (RS) function
d. respond (RS) function
