Cybersecurity
The purpose of spyware is to
capture the user's account data, passwords, key strokes, and more
Where are data in transit found?
cellular network
The essential function of malicious bots is to
control an individual computer by self-replicating and connecting to a central server
A Trojan horse achieves its purposes through
deceptive access
Ransomware basically holds a target hostage because it
encrypts the victim's data
The goal of the NIST Cybersecurity Framework Protect (PR) function is to
help protect an organization's IT infrastructure from security breaches by offering guidelines on IT infrastructure protection
A keylogger can be accurately described as
technology that captures keyboard input on several types of devices to glean confidential information
Who performs probable maximum loss calculations?
A company's cybersecurity analysts
Which of the following is an example of data in transit? More than one answer may be correct. A person uses an app on their smartphone to check their bank balance. At home, a person sends a photo taken on their smartphone to display on their smart TV. An e-mail stored in a user's e-mail file system. A record of customers' e-commerce histories is saved in a company's cloud-based data center.
A person uses an app on their smartphone to check their bank balance. At home, a person sends a photo taken on their smartphone to display on their smart TV.
To get to the bottom of the odd computer problems she was having, Priya listed these symptoms: files mysteriously disappearing, system configurations unexpectedly altered, and two icons showing up for applications she did not download. What malware could have been installed on Priya's computer?
A rootkit
What is the correct definition of a cybersecurity exploit?
A tool or technique for taking advantage of a cybersecurity vulnerability to break into a system and cause harm.
Which of the following is an example of data in process? More than one answer may be correct. A username that has been submitted for authentication A password that has been submitted for authentication Last quarter's sales figures A food order placed through Uber Eats
A username that has been submitted for authentication A password that has been submitted for authentication A food order placed through Uber Eats
When employers deactivate former employees' username and passwords, they are using which tool that ensures confidentiality? More than one answer may be correct. Physical security Access control Authentication Encryption
Access control Authentication
From the following list, select all the examples of internal threats to cybersecurity. An attack by an authorized user The leakage of sensitive information A Distributed Denial of Service (DDOS) attack A downloaded virus or other malware An accidental erasure of data
An attack by an authorized user The leakage of sensitive information An accidental erasure of data
What do the three categories of the Detect (DE) function of the NIST Cybersecurity Framework include?
Analysis, observation, detection
Who are the prime targets of MitM attacks? More than one answer may be correct. Anyone who uses online financial applications Anyone who logs in to shop online Software as a source (SaaS) businesses Complex, multifunction networks such as those run by large cities
Anyone who uses online financial applications Anyone who logs in to shop online Software as a source (SaaS) businesses
Select all options that describe the device features mandated by California's SB-327 for IoT Security. Transferable from one device to another for any given user Appropriate to the intended use of the device Constructed to protect the device and any data it stores Suitable for the type of data the device will contain and relay
Appropriate to the intended use of the device Constructed to protect the device and any data it stores Suitable for the type of data the device will contain and relay
Select all options that describe steps in cybersecurity risk analysis. Assign value to assets Estimate the likelihood of occurrence of threats Estimate potential losses Train employees on cybersecurity
Assign value to assets Estimate the likelihood of occurrence of threats Estimate potential losses
Which of the elements of the CIA triad does serve in maintaining a properly functioning, error-free operating system?
Availability
Who does California's SB-327 for IoT Security aim to protect and who bears the responsibility?
California's SB-327 for IoT Security helps to protect consumers; the responsibility lies with makers of devices that connect with the Internet.
Which of the following statements explain why a computer virus is so named? More than one answer may be correct. Viruses seek out vulnerable areas of a computer or network in order to take over. Computer viruses have the ability to reproduce themselves within a system. An invaded computer inadvertently plays host to the malware.
Computer viruses have the ability to reproduce themselves within a system. An invaded computer inadvertently plays host to the malware.
Which of the following is prohibited by the Computer Fraud and Abuse Act? More than one answer may be correct Unauthorized interception of communications as they are sent Cyber blackmail Intentionally destroying a computer Unauthorized access to stored e-mail
Cyber blackmail Intentionally destroying a computer
How does cybersecurity help preserve the integrity of data, information, and systems? More than one answer may be correct. Cybersecurity tools focus on protecting these assets while they are being transmitted, since this is when their integrity is vulnerable. Cybersecurity tools such as user-access controls, file permission, and version controls help prevent unauthorized changes. Cybersecurity systems are designed to detect unauthorized or unanticipated changes to data that suggest a loss of integrity. Cybersecurity threat mitigation includes measures to protect the consistency, accuracy, and dependability of these assets.
Cybersecurity threat mitigation includes measures to protect the consistency, accuracy, and dependability of these assets. Cybersecurity systems are designed to detect unauthorized or unanticipated changes to data that suggest a loss of integrity. Cybersecurity tools such as user-access controls, file permission, and version controls help prevent unauthorized changes.
______ are cybersecurity breaches that make a computer or online service unavailable to its users.
DDOS
What is the "DE" function in the National Institute of Standards Technology (NIST) Cybersecurity Framework?
Detect function
Which of the following are reasons why states are making cybersecurity measures a high priority? More than one answer may be correct. Data and technology continue to be at risk from cyber threats. New technologies continue to advance at a rapid rate. Only states can require compliance with certain privacy statutes addressed by cybersecurity laws. Federal cybersecurity laws only protect governments, not private businesses.
Data and technology continue to be at risk from cyber threats. New technologies continue to advance at a rapid rate.
Which of the following is an example of a tool that could be used to ensure data integrity? More than one answer may be correct. Data correction codes are used to ensure the data retrieved are the same as when it was stored. Data are regularly backed up. Hard copies of all important datasets are kept in a locked warehouse. Data input is completely automated.
Data correction codes are used to ensure the data retrieved are the same as when it was stored. Data are regularly backed up.
Which of the following is considered a cybersecurity threat to data at rest? More than one answer may be correct. Data will become irrelevant. Data will be viewed by unauthorized users. Data will be intercepted. Data will be stolen.
Data will be viewed by unauthorized users. Data will be stolen.
Which of the following is an example of an event that may occur during the protect stage of the plan-protect-respond cycle? More than one answer may be correct. Determine levels of access control. Require all employees to attend training that outlines the different types of security threats their organization faces. Determine what data hackers would be able to access during a cybersecurity threat. Perform routine maintenance on organizational resources.
Determine levels of access control. Require all employees to attend training that outlines the different types of security threats their organization faces. Perform routine maintenance on organizational resources.
Which of the following statements accurately describes spyware? More than one answer may be correct. Downloading software or documents from unvetted sources is one way spyware can be installed. Spyware captures private information by monitoring how users interact online. Browsing history is a common way users are exposed to spyware. Spyware can be replicated and passed from user to user.
Downloading software or documents from unvetted sources is one way spyware can be installed. Spyware captures private information by monitoring how users interact online.
According to the CIA triad, in which of the following examples is an organization ensuring data integrity? More than one answer may be correct. During an acquisition, logistics data are securely transferred to the acquiring company's servers. The source spreadsheets containing the sales data for each region are made available to all employees. A company has a long-standing policy to disable the usernames and passwords for executives after their employment has ended, but not for lower level employees who have left the company. Access to important data is limited so that only certain employees are able to modify that data.
During an acquisition, logistics data are securely transferred to the acquiring company's servers. Access to important data is limited so that only certain employees are able to modify that data.
Remote employees of a corporation are required to log into their company's virtual private network (VPN) before accessing files on the corporation's shared drive where corporate data are unreadable to unauthorized users. This is an example of which of the following tools that ensure confidentiality? More than one answer may be correct. Encryption Physical security Access control Authentication
Encryption Access control Authentication
Which of the following is a best practice for ensuring that data are available? More than one answer may be correct. Ensuring that the data server has an appropriate amount of bandwidth. Appropriately encrypting data. Having standby equipment available to take over in a situation where the main system fails. Storing data on multiple hard drives.
Ensuring that the data server has an appropriate amount of bandwidth. Having standby equipment available to take over in a situation where the main system fails. Storing data on multiple hard drives.
Which of the following is an example of event that may occur during the respond stage of the plan-protect-respond cycle? More than one answer may be correct. Executing the appropriate response plans Determining the impact of a security breach Executing the appropriate measures to ensure data cannot be breached Communicating with all appropriate parties
Executing the appropriate response plans Determining the impact of a security breach Communicating with all appropriate parties
Which of the following is an example of a task that might be completed during the planning stage of the plan-protect-respond cycle? More than one answer may be correct. Having an authorized user attempt to hack into the system to determine vulnerabilities. Determine what security flaws exist. Determine the degree of vulnerability that exists. Develop a business continuity plan for instances where data are hacked.
Having an authorized user attempt to hack into the system to determine vulnerabilities. Determine what security flaws exist. Determine the degree of vulnerability that exists.
Select all options that describe the goals of the National Institute of Standards Technology (NIST) Cybersecurity Framework. Help organizations develop appropriate policies and procedures to mitigate data breaches Give guidance to organizations who wish to understand potential security breaches Create an atmosphere where organizations can effectively discuss cybersecurity risks internally and with those outside of the organization Ensure that all organizations handling data follow strict cybersecurity guidelines.
Help organizations develop appropriate policies and procedures to mitigate data breaches Give guidance to organizations who wish to understand potential security breaches Create an atmosphere where organizations can effectively discuss cybersecurity risks internally and with those outside of the organization
Which function of the NIST Cybersecurity Framework involves an organization gaining deeper understanding of cybersecurity management in the context of their business needs and resources?
Identify (ID) function
From the following list, select all options that describe the purposes of a cybersecurity risk analysis. Identify a company's assets Calculate potential loss due to security threats Determine how to respond to a potential loss Train employees on cybersecurity
Identify a company's assets Calculate potential loss due to security threats Determine how to respond to a potential loss
Why is preserving the integrity of data, information, and systems an important cybersecurity goal?
If the consistency, accuracy, or dependability of these assets has been compromised, they lose their usefulness and value.
Select all options that describe the categories of the Recover (RC) function of the NIST Cybersecurity Framework. Improvements to cybersecurity plans Restoration of impaired systems Communication with all stakeholders Mitigate system damage caused by a cybersecurity event
Improvements to cybersecurity plans Restoration of impaired systems Communication with all stakeholders
The five categories of the Respond (RS) function of the NIST Cybersecurity Framework include planning, analysis, and mitigation. From the list below, select the remaining two categories. Improvements to cybersecurity response plans Communication Access control Restoration of impaired systems
Improvements to cybersecurity response plans Communication
How does a rootkit pose a cybersecurity threat? More than one answer may be correct. The malware can spread to access and control a network without the host computer user's awareness. Installed on a computer's operating system, a rootkit bypasses security functions. A range of malicious actions is possible because the invader has the same access as the computer's owner or user. A rootkit invasion usually can be fixed by restarting the computer.
Installed on a computer's operating system, a rootkit bypasses security functions. A range of malicious actions is possible because the invader has the same access as the computer's owner or user.
Which of the following statements refer to programs known as spiders, web crawlers, and bots? More than one answer may be correct. "Good bots" have diverse functions and do not pose security risks. Malicious bots create security risks by compromising a user's control of the computer. Malware bots have decreased in number as users have become more aware of cybersecurity risks. Internet robots are used for both legitimate and malicious purposes.
Internet robots are used for both legitimate and malicious purposes. "Good bots" have diverse functions and do not pose security risks. Malicious bots create security risks by compromising a user's control of the computer.
A movie streaming company is offering an online deal on HD movies to new customers who live in a certain country. How can authentication help the company protect its assets and resources from fraudulent use of the deal? More than one answer may be correct. It can verify that the customer lives in the correct country. It can verify that the customer is new to the company or service. It can prevent the customer from trying to record a movie. It can grant the customer access to the appropriate movies.
It can verify that the customer lives in the correct country. It can verify that the customer is new to the company or service. It can grant the customer access to the appropriate movies.
Which of the following surveillance technologies relies on how data are entered into a system?
Keyloggers
What is the goal of the protect stage in the plan-protect-respond cycle? More than one answer may be correct. Limit the impact of a security breach. Draft statements for the media to use in the event of a cybersecurity breach. Ensure that systems are impenetrable to security threats. Ensure uninterrupted delivery of vital services.
Limit the impact of a security breach. Ensure uninterrupted delivery of vital services.
Accessing the communications of an organization without authorization was made a criminal violation by which federal cybersecurity law?
The Stored Communications Act
Applying for credit or even a mortgage online is a straightforward process. After creating an account with a unique user name and password, a customer reads a privacy statement, reviews the security policy, and accepts the terms of use. Then they proceed to log in and fill out an application, answering detailed questions about household income, employment, and more. What cybersecurity risk is particularly relevant to this process?
Man-in-the-middle (MitM) attack
From the following list, select all types of events and conditions that are considered cybersecurity threats. Misuse or abuse of IT assets Insufficient IT assets for long-term goals Intentional events Failure of IT assets Errors, weaknesses, or defects in IT assets Unintentional, accidental, and incidental events
Misuse or abuse of IT assets Intentional events Failure of IT assets Errors, weaknesses, or defects in IT assets Unintentional, accidental, and incidental events
Select all options that describe standards set forth by the General Data Protection Regulation (GDPR) for compliance by companies who handle individuals' data. Notify citizens of data breaches Make collected data anonymous Ensure system security updates are installed regularly Hire a data protection officer
Notify citizens of data breaches Make collected data anonymous Hire a data protection officer
Data at rest or storage can be found in which of the following places? More than one answer may be correct. On an external hard drive Displayed within an app on a smartphone Within the computer's RAM In the cloud
On an external hard drive In the cloud
Why is MitMo a growing security risk? More than one answer may be correct. People use mobile devices in many of the same ways they use computers. Smartphones and other mobile devices are everywhere. Cybercriminals are having difficulty translating computer-based malicious software to malware that works in mobile networks.
People use mobile devices in many of the same ways they use computers. Smartphones and other mobile devices are everywhere.
Which of these defining components mitigate cybersecurity threats? Select all the correct options. Policies, tools, and strategies used to reduce damage from threats. Security tools and oversight used to identify security threats. Human resources such as IT staff trained in cybersecurity. Policies and procedures used to protect systems and data.
Policies and procedures used to protect systems and data. Security tools and oversight used to identify security threats. Policies, tools, and strategies used to reduce damage from threats.
Which function of the National Institute of Standards Technology (NIST) Cybersecurity Framework involves an organization analyzing cybersecurity risk and reducing potential damage to IT infrastructures? Multiple choice question.
Protect (PR) function
Which of the following are areas covered by state-specific cybersecurity laws? More than one answer may be correct Protecting elections from cyber threats. Addressing security needs of smart devices. Ensuring state and local governments are protected from cybersecurity threats. Outlining specific ways individuals' data must be protected.
Protecting elections from cyber threats. Addressing security needs of smart devices. Ensuring state and local governments are protected from cybersecurity threats.
Malware that encrypts the victims data files and then demands that a payment is made to the hacker is called
Ransomware
Which of these threats to cybersecurity can only come from an external source? Intentional attacks on systems and data Responses to impersonation Ransomware
Ransomware
In which function of the NIST Cybersecurity Framework are an organization's cybersecurity plans corrected due to a cybersecurity event?
Recover (RC) function
In which function of the NIST Cybersecurity Framework does an organization's cybersecurity team take quick action to mitigate damage to systems?
Respond (RS) function
In what stage of the plan-protect-respond cycle is the cause of an incident investigated?
Responding stage
Which of the following browsing situations may reveal that adware is at work? More than one answer may be correct. While shopping at a large online retailer, you are constantly presented with items "you might also like." Shortly after you buy and download a writing enhancement program, you begin seeing ads for special keyboards, styluses, and other assistive technology. In searching the term database management, the first item you see in the results list is an ad for a particular online database. You have been looking for a new winter coat, and three out of five ads popping up on your browser currently show the type of coat you have been considering.
Shortly after you buy and download a writing enhancement program, you begin seeing ads for special keyboards, styluses, and other assistive technology. In searching the term database management, the first item you see in the results list is an ad for a particular online database. You have been looking for a new winter coat, and three out of five ads popping up on your browser currently show the type of coat you have been considering.
Which of the following are assets that can be impacted by a cybersecurity threat? Select all the correct options. Peripheral devices Software Information Hardware
Software Information Hardware
Your grandfather learns that his identity has been stolen, and you suspect that social engineering attacks are responsible. To help him protect his personal information, you tell him how to recognize the most common attacks. From the following list, select all the possible warning signs. Strange e-mails from his friends, family members, or seemingly trustworthy organizations. E-mails or texts that ask him to click a given link for more information or a free download. Phone calls from his service providers that ask him to verify his account information. E-mails or web pages that ask him to provide personal information to enter a contest or receive a free offer.
Strange e-mails from his friends, family members, or seemingly trustworthy organizations. E-mails or texts that ask him to click a given link for more information or a free download. E-mails or web pages that ask him to provide personal information to enter a contest or receive a free offer.
What is the National Institute of Standards Technology (NIST) Cybersecurity Framework?
The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks.
For a cybersecurity plan to succeed, which of the following must remain confidential? Select all correct answer options. The logins and passwords of authorized users The organizations' cybersecurity goals The organization's digital or computer systems Private or sensitive data and information The value of systems, data, and information
The logins and passwords of authorized users The organization's digital or computer systems Private or sensitive data and information
What do many social engineering attacks have in common?
They are conducted via e-mails that offer a reward in exchange for clicking a given link.
Members of a project team at a mid-size company are trained in online safety, and their network is protected by a firewall. But the worst-case scenario has happened: a competitor has obtained protected information, possibly directly from a member's computer. George, the firm's system manager, sees some evidence of a Trojan horse that was engineered to steal passwords. What first steps should he and his security team take to uncover the source? More than one answer may be correct. The entire team should try to work collaboratively with the competitor to uncover the problem. They should comb through e-mails with an eye to a message with a clickable link. The security team should examine everyone's activity log, looking for any downloaded files or programs. George should contact law enforcement and ask officers to interview team members.
They should comb through e-mails with an eye to a message with a clickable link. The security team should examine everyone's activity log, looking for any downloaded files or programs.
What is the overall goal of the General Data Protection Regulation (GDPR)?
To ensure EU companies protect the privacy and personal data of EU citizens
What is the goal of the planning phase of the plan-protect-respond cycle?
Understand the steps needed to design effective information security architecture.
How are data in process different from data at rest or data in transit?
Unlike data in transit or storage, it can be found in a device's RAM or CPU.
Which of the following are considered cybersecurity breaches? More than one option may be correct. Security patches Distributed Denial of Service (DDOS) Viruses Impersonation Spyware
Viruses Spyware Impersonation Distributed Denial of Service (DDOS)
From the following list, select all types of cybersecurity vulnerabilities. Weaknesses or flaws in system security control Weaknesses in system security procedures Security weaknesses in an operating system or application software Weaknesses or flaws in system security implementation Weaknesses in the database of known vulnerabilities Weaknesses or flaws in a system's security design
Weaknesses or flaws in system security control Weaknesses in system security procedures Weaknesses or flaws in a system's security design Weaknesses or flaws in system security implementation Security weaknesses in an operating system or application software
Suppose an organization's system is vulnerable to losing information because its automated backup of data is insufficient or substandard. This type of cybersecurity vulnerability is
a weakness in the application software
The main characteristics that define cybersecurity threats are disruptions that are minor, threats that may cause the loss of IT assets, and hazards that always result in asset loss events that can lead to IT asset loss, conditions that can lead to IT asset loss, and the consequences of such loss threats caused by intentional actions or events, unintentional or accidental events, and incidental or minor events dangers that threaten the security of data and information, threaten a system's software, and threaten its hardware
events that can lead to IT asset loss, conditions that can lead to IT asset loss, and the consequences of such loss
The term "cybersecurity threat mitigation" refers to all of the policies, procedures, and tools used to
guard against threats such as security incidents, data breaches, and unauthorized network access, and reduce any harm they cause
In cybersecurity, the probable maximum loss (PML) is used to
help determine spending needed to adequately secure an organization's IT infrastructure
The need to keep sensitive data, information, and systems confidential
is both a major goal and a requirement for cybersecurity
The cybersecurity risks known as Man-in-the-mobile (MitMo) are realized when
malware infects smartphones and other mobile devices
A computer virus is
malware that, when executed, adversely affects performance or damages programs
Adware specifically functions to
present advertisements to users based on their browsing behaviors
In cybersecurity, the term "social engineering" refers to
the unlawful manipulation of people in order to obtain and misuse their personal information
The Identify (ID) function of the NIST Cybersecurity Framework focuses on organizational detection of cybersecurity events in a timely fashion understanding of how to manage cybersecurity risks development of a plan of restoration in the event of a cybersecurity breach implementation of an action plan in the event of a cybersecurity breach
understanding of how to manage cybersecurity risks
Establishing authentication procedures is a common cybersecurity goal because
verifying that prospective users are authorized to access resources is the first step in keeping unauthorized users out