Cybersecurity
Recently, TechJury compiled a list of cybersecurity statistics that show the impact of different malware and network attacks. What percentage of cyberattacks are aimed at small businesses?
43%
Who performs probable maximum loss calculations?
A company's cybersecurity analysts
Which of the following is an example of data in process?
A password that has been submitted for authentication A username that has been submitted for authentication A food order placed through Uber Eats
Which of the following is an example of data in transit?
A person uses an app on their smartphone to check their bank balance. At home, a person sends a photo taken on their smartphone to display on their smart TV.
What is the correct definition of a cybersecurity exploit?
A tool or technique for taking advantage of a cybersecurity vulnerability to break into a system and cause harm.
According to the CIA triad, in which of the following examples is an organization ensuring data integrity?
Access to important data is limited so that only certain employees are able to modify that data. During an acquisition, logistics data are securely transferred to the acquiring company's servers.
examples of internal threats to cybersecurity
An accidental erasure of data The leakage of sensitive information An attack by an authorized user
What do the three categories of the Detect (DE) function of the NIST Cybersecurity Framework include?
Analysis, observation, detection
Who are the prime targets of MitM attacks?
Anyone who uses online financial applications Anyone who logs in to shop online Software as a source (SaaS) businesses
Security risk can be calculated using the following calculation: Risk = Threat x Vulnerability x
Asset
When employers deactivate former employees' username and passwords, they are using which tool that ensures confidentiality?
Authentication Access control
Which of the elements of the CIA triad does serve in maintaining a properly functioning, error-free operating system?
Availability
describe the goals of the Respond (RS) function of the NIST Cybersecurity Framework.
Be able to quickly analyze a detected cybersecurity issue Establish procedures that enable action in the event of a cybersecurity incident Be prepared to swiftly mitigate harm caused by a cybersecurity event
Who does California's SB-327 for IoT Security aim to protect and who bears the responsibility?
California's SB-327 for IoT Security helps to protect consumers; the responsibility lies with makers of devices that connect with the Internet.
Which of the following is an example of event that may occur during the respond stage of the plan-protect-respond cycle?
Communicating with all appropriate parties Determining the impact of a security breach Executing the appropriate response plans
Describe the categories of the Recover (RC) function of the NIST Cybersecurity Framework.
Communication with all stakeholders Restoration of impaired systems Improvements to cybersecurity plans
Which of the following statements explain why a computer virus is so named?
Computer viruses have the ability to reproduce themselves within a system. An invaded computer inadvertently plays host to the malware.
describe the goals of the National Institute of Standards Technology (NIST) Cybersecurity Framework
Create an atmosphere where organizations can effectively discuss cybersecurity risks internally and with those outside of the organization Give guidance to organizations who wish to understand potential security breaches Help organizations develop appropriate policies and procedures to mitigate data breaches
Which of the following is prohibited by the Computer Fraud and Abuse Act?
Cyber blackmail Intentionally destroying a computer
Which of the following is an example of a task that might be completed during the planning stage of the plan-protect-respond cycle?
Having an authorized user attempt to hack into the system to determine vulnerabilities. Determine what security flaws exist. Determine the degree of vulnerability that exists.
Which of the following is a best practice for ensuring that data are available?
Having standby equipment available to take over in a situation where the main system fails. Ensuring that the data server has an appropriate amount of bandwidth. Storing data on multiple hard drives.
Which function of the NIST Cybersecurity Framework involves an organization gaining deeper understanding of cybersecurity management in the context of their business needs and resources?
Identify (ID) function
describe the purposes of a cybersecurity risk analysis.
Identify a company's assets Determine how to respond to a potential loss Calculate potential loss due to security threats
Why is preserving the integrity of data, information, and systems an important cybersecurity goal?
If the consistency, accuracy, or dependability of these assets has been compromised, they lose their usefulness and value.
Which of the following are considered cybersecurity breaches?
Impersonation Viruses Spyware Distributed Denial of Service (DDOS)
The five categories of the Respond (RS) function of the NIST Cybersecurity Framework include planning, analysis, and mitigation. From the list below, select the remaining two categories.
Improvements to cybersecurity response plans Communication
Data at rest or storage can be found in which of the following places?
In the cloud On an external hard drive
How does a rootkit pose a cybersecurity threat?
Installed on a computer's operating system, a rootkit bypasses security functions. A range of malicious actions is possible because the invader has the same access as the computer's owner or user.
A movie streaming company is offering an online deal on HD movies to new customers who live in a certain country. How can authentication help the company protect its assets and resources from fraudulent use of the deal?
It can grant the customer access to the appropriate movies. It can verify that the customer lives in the correct country. It can verify that the customer is new to the company or service.
true statements about packet sniffers.
Legitimate sniffers are used for routine examination and problem detection Unauthorized sniffers are used to steal information
What is the goal of the protect stage in the plan-protect-respond cycle?
Limit the impact of a security breach. Ensure uninterrupted delivery of vital services.
Applying for credit or even a mortgage online is a straightforward process. After creating an account with a unique user name and password, a customer reads a privacy statement, reviews the security policy, and accepts the terms of use. Then they proceed to log in and fill out an application, answering detailed questions about household income, employment, and more. What cybersecurity risk is particularly relevant to this process?
Man in the Middle Attack (MitM)
describe standards set forth by the General Data Protection Regulation (GDPR) for compliance by companies who handle individuals' data.
Notify citizens of data breaches Make collected data anonymous Hire a data protection officer
Where are data in transit found?
On a cellular network
true statements about state-sponsored cyberwarefare.
Originate and are executed by foreign governments. Can be used to send warnings or to create conflict between countries. Attacks can be directly launched by a foreign government or by a group or individual who has been paid by to execute the attack
Which of the following is an example of an event that may occur during the protect stage of the plan-protect-respond cycle?
Perform routine maintenance on organizational resources. Require all employees to attend training that outlines the different types of security threats their organization faces. Determine levels of access control.
Which of these defining components mitigate cybersecurity threats?
Policies and procedures used to protect systems and data. Policies, tools, and strategies used to reduce damage from threats. Security tools and oversight used to identify security threats.
Which function of the National Institute of Standards Technology (NIST) Cybersecurity Framework involves an organization analyzing cybersecurity risk and reducing potential damage to IT infrastructures?
Protect (PR) function
Which of these threats to cybersecurity can only come from an external source?
Ransomware
In which function of the NIST Cybersecurity Framework are an organization's cybersecurity plans corrected due to a cybersecurity event?
Recover (RC) function
In which function of the NIST Cybersecurity Framework does an organization's cybersecurity team take quick action to mitigate damage to systems?
Respond (RS)
In what stage of the plan-protect-respond cycle is the cause of an incident investigated?
Responding stage
Why is MitMo a growing security risk?
Smartphones and other mobile devices are everywhere. People use mobile devices in many of the same ways they use computers.
true statements about keystroke loggers.
Software based keystroke loggers are often a Trojan that is installed without the user's knowledge Keystroke loggers can record passwords and confidential information Can be hardware devices and software applications
According to the Federal Emergency Management Agency (FEMA), which of the following are steps businesses can take to help protect systems, data, and information from natural disasters?
Store data in different areas across the United States (geographic data redundancy) Utilize off-site cloud storage Create a business continuity plan
describe the device features mandated by California's SB-327 for IoT Security.
Suitable for the type of data the device will contain and relay Constructed to protect the device and any data it stores Appropriate to the intended use of the device
According to National Institute for Standards _________________, once a cybersecurity risk assessment has been conducted and the various questions in the risk assessment have been answered, an organization will be able to decide what to protect.
Technology
What is the National Institute of Standards Technology (NIST) Cybersecurity Framework?
The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks.
Accessing the communications of an organization without authorization was made a criminal violation by which federal cybersecurity law?
The Stored Communications Act
For a cybersecurity plan to succeed, which of the following must remain confidential? Select all correct answer options.
The organization's digital or computer systems Private or sensitive data and information The logins and passwords of authorized users
What do many social engineering attacks have in common?
They are conducted via e-mails that offer a reward in exchange for clicking a given link.
What is the overall goal of the General Data Protection Regulation (GDPR)?
To ensure EU companies protect the privacy and personal data of EU citizens
What is the goal of the planning phase of the plan-protect-respond cycle?
Understand the steps needed to design effective information security architecture.
How are data in process different from data at rest or data in transit?
Unlike data in transit or storage, it can be found in a device's RAM or CPU.
types of cybersecurity vulnerabilities
Weaknesses in system security procedures Weaknesses or flaws in system security implementation Weaknesses or flaws in a system's security design Weaknesses or flaws in system security control Security weaknesses in an operating system or application software
Which of the following browsing situations may reveal that adware is at work
You have been looking for a new winter coat, and three out of five ads popping up on your browser currently show the type of coat you have been considering. In searching the term database management, the first item you see in the results list is an ad for a particular online database. Shortly after you buy and download a writing enhancement program, you begin seeing ads for special keyboards, styluses, and other assistive technology.
Suppose an organization's system is vulnerable to losing information because its automated backup of data is insufficient or substandard. This type of cybersecurity vulnerability is ______.
a weakness in application software
A group of computers under the control of a hacker is referred to as a
botnet
The purpose of spyware is to ______.
capture the user's account data, passwords, key strokes, and more
The essential function of malicious bots is to ______.
control an individual computer by self-replicating and connecting to a central server
A deliberate misuse of computers and networks via the Internet that uses malicious code to modify the normal operations of a computer or network is called a
cyberattack
A crime in which a computer is the object of the crime or is used to commit a criminal offense is called
cybercrime
Cyberattacks that originate and are executed by foreign governments is called state-sponsored _______________. These attacks can be directly launched by a foreign government or by a group or individual who has been paid by to execute the attack.
cyberwarfare
A Trojan horse achieves its purposes through ______.
deceptive access
A ___________________ denial-of-service (DDoS) attack takes place when a hacker gains unauthorized access and control of a network of computers that are connected to the Internet.
distributed
The goal of the NIST Cybersecurity Framework Protect (PR) function is to ______.
elp protect an organization's IT infrastructure from security breaches by offering guidelines on IT infrastructure protection
Ransomware basically holds a target hostage because it ___ .
encrypts the victim's data
The main characteristics that define cybersecurity threats are
events that can lead to IT asset loss, conditions that can lead to IT asset loss, and the consequences of such loss
The term "cybersecurity threat mitigation" refers to all of the policies, procedures, and tools used to ______.
guard against threats such as security incidents, data breaches, and unauthorized network access, and reduce any harm they cause
In cybersecurity, the probable maximum loss (PML) is used to______.
help determine spending needed to adequately secure an organization's IT infrastructure
The need to keep sensitive data, information, and systems confidential ______.
is both a major goal and a requirement for cybersecurity
Which of the following surveillance technologies relies on how data are entered into a system?
keyloggers
The cybersecurity risks known as Man-in-the-mobile (MitMo) are realized when ______.
malware infects smartphones and other mobile devices
A computer virus is______.
malware that, when executed, adversely affects performance or damages programs
Activities where white-hat hackers are paid to hack into private networks and applications is referred to as _______________ testing.
penetration
Adware specifically functions to ______.
present advertisements to users based on their browsing behaviors
Malware that encrypts the victims data files and then demands that a payment is made to the hacker is called
ransomware
To get to the bottom of the odd computer problems she was having, Priya listed these symptoms: files mysteriously disappearing, system configurations unexpectedly altered, and two icons showing up for applications she did not download. What malware could have been installed on Priya's computer?
rootkit
A keylogger can be accurately described as ______.
technology that captures keyboard input on several types of devices to glean confidential information
A cybersecurity exploit is ______.
the means by which a hacker capitalizes on a cybersecurity vulnerability to gain access to and harm a system
In cybersecurity, the term "social engineering" refers to ______.
the unlawful manipulation of people in order to obtain and misuse their personal information
The Identify (ID) function of the NIST Cybersecurity Framework focuses on organizational______.
understanding of how to manage cybersecurity risks
Establishing authentication procedures is a common cybersecurity goal because ______.
verifying that prospective users are authorized to access resources is the first step in keeping unauthorized users out
Which of the following statements refer to programs known as spiders, web crawlers, and bots?
"Good bots" have diverse functions and do not pose security risks. Internet robots are used for both legitimate and malicious purposes. Malicious bots create security risks by compromising a user's control of the computer.
Which of the following are assets that can be impacted by a cybersecurity threat?
Hardware Software Information
How does cybersecurity help preserve the integrity of data, information, and systems?
Cybersecurity threat mitigation includes measures to protect the consistency, accuracy, and dependability of these assets. Cybersecurity tools such as user-access controls, file permission, and version controls help prevent unauthorized changes. Cybersecurity systems are designed to detect unauthorized or unanticipated changes to data that suggest a loss of integrity.
______ are cybersecurity breaches that make a computer or online service unavailable to its users. Multiple choice question. Spyware
DDOS attacks
Which of the following are reasons why states are making cybersecurity measures a high priority?
Data and technology continue to be at risk from cyber threats. New technologies continue to advance at a rapid rate.
Which of the following is an example of a tool that could be used to ensure data integrity?
Data correction codes are used to ensure the data retrieved are the same as when it was stored. Data are regularly backed up.
Which of the following is considered a cybersecurity threat to data at rest?
Data will be stolen. Data will be viewed by unauthorized users.
A hacker launches an attack on a network that is designed to interrupt or stop network traffic by flooding it with too many requests. This would be considered a _____ attack.
Denial of service (DoS)
Malware is designed to do which of the following?
Destroy data Incapacitate networks and computers Steal information
What is the "DE" function in the National Institute of Standards Technology (NIST) Cybersecurity Framework?
Detect function
Which of the following are examples of cyberattacks?
DoS attacks Information theft DDoS attacks
Which of the following statements accurately describes spyware?
Downloading software or documents from unvetted sources is one way spyware can be installed. Spyware captures private information by monitoring how users interact online.
Your grandfather learns that his identity has been stolen, and you suspect that social engineering attacks are responsible. To help him protect his personal information, you tell him how to recognize the most common attacks.
E-mails or web pages that ask him to provide personal information to enter a contest or receive a free offer. E-mails or texts that ask him to click a given link for more information or a free download. Strange e-mails from his friends, family members, or seemingly trustworthy organizations.
Remote employees of a corporation are required to log into their company's virtual private network (VPN) before accessing files on the corporation's shared drive where corporate data are unreadable to unauthorized users. This is an example of which of the following tools that ensure confidentiality?
Encryption Authentication Access control
Which of the following are areas covered by state-specific cybersecurity laws?
Ensuring state and local governments are protected from cybersecurity threats. Protecting elections from cyber threats. Addressing security needs of smart devices.
describe steps in cybersecurity risk analysis
Estimate potential losses Estimate the likelihood of occurrence of threats Assign value to assets
types of events and conditions that are considered cybersecurity threats
Failure of IT assets Unintentional, accidental, and incidental events Misuse or abuse of IT assets Intentional events Errors, weaknesses, or defects in IT assets
