Week 1
Which of the following statements accurately describe personally identifiable information (PII) and sensitive personally identifiable information (SPII)? Select all that apply. - The theft of PII is often more damaging than the theft of SPII. - An example of PII is someone's date of birth. - Both PII and SPII are vulnerable to identity - An example of SPII is someone's financial information.
An example of PII is someone's date of birth. Both PII and SPII are vulnerable to identity An example of SPII is someone's financial information.
Which of the following proficiencies are transferable skills likely to be applicable in almost any field? Select all that apply. - Written and verbal communication - Programming - Analysis - Problem-solving
Analysis, problem-solving, and written and verbal communication skills are transferable entry-level security analyst skills.
Fill in the blank: _____ identify, analyze, and preserve criminal evidence within networks, computers, and electronic devices. - Ethical hackers - Business intelligence professionals - Digital forensic investigators - Security operations center analysts
Digital forensic investigators identify, analyze, and preserve criminal evidence within networks, computers, and electronic devices.
An individual is in their first job as an entry-level security professional. They take training to learn more about the specific tools, procedures, and policies that are involved in their career. What does this scenario describe? - Gaining new technical skills - Transferring capabilities from one career to another - Understanding different perspectives - Improving management capabilities
Gaining new technical skills
Transferable skills:
Skills from other areas that can apply to different careers
Fill in the blank: Cybersecurity aims to protect networks, devices, people, and data from _____ or criminal exploitation. - changing business priorities - unauthorized access - poor financial management - market shifts
unauthorized access
Internal threat:
A current or former employee, external vendor, or trusted partner who poses a security risk
Sensitive personally identifiable information (SPII):
A specific type of PII that falls under stricter handling guidelines
An employee receives an email that they believe to be legitimate. They click on a compromised link within the email. What type of internal threat does this scenario describe? - Accidental - Intentional - Abusive - Operational
Accidental
In what ways do security teams bring value to an organization? Select two answers. - Reducing business productivity - Increasing operational expenses - Protecting against external and internal threats - Achieving regulatory compliance
Achieving regulatory compliance and protecting against external and internal threats are ways that security teams bring value to an organization.
Threat:
Any circumstance or event that can negatively impact assets
Personally identifiable information (PII):
Any information used to infer an individual's identity
Threat actor:
Any person or group who presents a security risk
What are the three key elements of the CIA triad? - Continuity, invulnerability, and attainment of business goals - Customer trust, increased revenue, and advancement - Confidentiality, integrity, and availability of information - Compliance standards, instructions, and access
Confidentiality, integrity, and availability of information are the three key elements of the security field, known as the CIA triad. They involve protecting an organization's assets and the people that the organization serves.
What do security professionals typically do with SIEM tools? - Educate others about potential security threats, risks, and vulnerabilities - Identify threat actors and their locations - Identify and analyze security threats, risks, and vulnerabilities - Locate and preserve criminal evidence
Identify and analyze security threats, risks, and vulnerabilities
What is regulatory compliance? - Threats and risks from employees and external vendors - Laws and guidelines that require implementation of security standards - Sites and services that require complex passwords to access - Expenses and fines associated with vulnerabilities
Laws and guidelines that require the implementation of security standards
What are examples of sensitive personally identifiable information (SPII) that cybersecurity professionals need to protect? Select two answers. - Last names - Bank account numbers - Email addresses - Medical records
Medical records and bank account numbers are examples of sensitive personally identifiable information. SPII is a specific type of PII that requires stricter protections because it can be significantly more damaging to individuals if it is stolen.
Fill in the blank: Performing _____ enables security professionals to review an organization's security records, activities, and related documents. - ethical hacking - software developments - security audits - penetration tests
Performing security audits enables security professionals to review an organization's security records, activities, and related documents.
Which of the following proficiencies are technical skills that are needed to become an entry-level security analyst? Select all that apply. - Programming - Regulation writing - Software development - Data analysis
Programming and data analysis are technical skills that are needed to become an entry-level security analyst.
What occurs during a security audit? - Ethical hacking of an organization's internal network to identify vulnerabilities - Review of an organization's security records, activities, and other related documents - Prioritizing tasks, processes, and procedures - Analyzing the efficiency of an organization's internal network
Review of an organization's security records, activities, and other related documents
Technical skills:
Skills that require knowledge of specific tools, procedures, and policies
What is identity theft? - A data breach that affects an entire organization - Failing to maintain and secure user, customer, and vendor data - Stealing personal information to commit fraud while impersonating a victim - Trying to gain access to an organization's private networks
Stealing personal information to commit fraud while impersonating a victim
Cybersecurity (or security):
The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation
Network security:
The practice of keeping an organization's network infrastructure secure from unauthorized access
What are the primary responsibilities of an entry-level security analyst? Select three answers. - Search for weaknesses - Protect information - Create compliance laws - Monitor systems
The primary responsibilities of an entry-level security analyst are as follows: Monitor systems, protect information, and search for weaknesses.
Cloud security:
The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users
Fill in the blank: Security information and _____ management (SIEM) tools enable security professionals to identify and analyze threats, risks, and vulnerabilities. - event - enterprise - employer - emergency
event
