Cybersecurity BCOR

Recently, TechJury compiled a list of cybersecurity statistics that show the impact of different malware and network attacks. What percentage of cyberattacks are aimed at small businesses?

43 percent

According to the CIA triad, in which of the following examples is an organization ensuring data integrity? More than one answer may be correct

A corporation backs up all of its data to a cloud server every night An organization has a formal policy for alerting the IT department when employees leave the company

Explain how the trojan "EventBot" works. More than one answer may be correct.

Aimed at Android devices Steals financial information Reads and intercepts SMS messages

Which of the following threats to cybersecurity come from internal sources?

An accidental erasure of data An attack by an authorized user The leakage of sensitive information

n a DDoS attack, network computers that have been infected by a virus from more than one source computer act as zombies and work together to send out illegitimate messages creating huge volumes of network traffic. The acronym DDoS stands for

Distributed Denial of Service

From the following list, select all the possible warning signs of social engineering attacks

Emails or texts containing links to more info or a free download Emails or web pages that request personal information in exchange for a free offer Strange emails from known, trusted personal contacts or organizations

Describe the goals of the respond (RS) function of the NIST Cybersecurity Framework. More than one answer may be correct.

Establish procedures that enable action in the event of a cybersecurity incident Be able to quickly analyze a detected cybersecurity issue Be prepared to swiftly mitigate harm caused by a cybersecurity event

A man-in-the-mobile and a man-in-the-middle attack have what similar qualities? More than one answer may be correct.

Harvesting personal information is the goal of each cyber intrusion The user may not know the malware has infected the device

How does a Network Address Translation (NAT) type of firewall work?

It hides internal IP addresses

Describe trojan malware.

It is often found attached to free downloads and apps It is often used to find passwords, destroy data, or to bypass firewalls It is like a virus but does not replicate itself

Which of the following statements describes a keylogger most accurately?

It is surveillance malware that captures confidential information through keyboard input

Which of these statements about packet sniffers are true? More than one answer may be correct.

Legitimate sniffers are used for routine examination and problem detection Unauthorized sniffers are used to steal information

Man-in-the-mobile (MitMo) occurs when

Malware infects smartphones and other mobile devices

From the following list, select all the primary components of cybersecurity threat mitigation.

Policies and procedures for threat prevention Tools for threat identification Policies, tools, and strategies for threat "curing" or minimization

Which of the National Institute of Standards Technology (NIST) Cybersecurity Framework functions entails an analysis of cybersecurity risk and reduction of potential damage to IT infrastructures?

Protect (PR) function

Explain the purpose of the National Institute of Standards Technology (NIST) Cybersecurity Framework.

The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks

Which of the following statements explains why a rootkit poses a cybersecurity threat? More than one answer may be correct.

The invader has the same access as the host, the comp's owner or user A rootkit bypasses security functions because it is installed on the operating system

How does spyware potentially harm the individual user?

This malware steals confidential information from the user

What is the purpose of social engineering in conjunction with ransomware?

Tricks victims into allowing access to data

What does the General Data Protection Regulation (GDPR) regulate?

how companies protect personal data

An email that appears to be from a legitimate company is most likely to be a social engineering cybersecurity attack if

it contains a link to a free offer that seems too good to be true

The security firewall serving Vantage's email program catches an impressive number of both irrelevant and illegitimate messages, to the point where employees usually do not even see them. Occasionally, however, an unsolicited message will catch managing partner Carl's eye. Because one new message looks to come from a potential new client, he's interested but careful, aware that the boutique consulting firm has a very targeted marketing system and clients usually do not appear out of thin air. What type of security concern is causing Carl's suspicion?

phishing

From the following list, select the techniques and tools that are used by both white-hat hackers and illegitimate hackers.

rootkits social engineering back door programs

According to the identify (ID) function of the NIST Cybersecurity Framework, what allows an organization to prioritize its efforts where cybersecurity risk is involved?

understanding of its business environment and resources

Ransomware is typically introduced into a network by a ________ and to an individual computer by a Trojan horse.

worm

Which of the following would be included in a risk assessment executive summary that was prepared to help executives make informed decisions about security? More than one answer may be correct.

If a cyberattack were able to breach our security, the medical information and social security numbers of all the patients would be available. Because our organization has multiple government contracts, we need to worry about threats from other countries' governments who seek to fain sensitive information regarding the U.S government All employees are required to go through biannual cybersecurity training. Additional training is required when new threats that could affect our organization become known.

From the following list, select all of the ways in which cybersecurity helps preserve the integrity of data, information, and systems.

Cybersecurity policies and procedures are designed to protect the consistency, accuracy, and dependability of these assets Cybersecurity systems are designed to detect unauthorized or unanticipated changes to data that suggest a loss of integrity Cybersecurity tools such as user-access controls, file permission, and version controls help prevent unauthorized changes

Why are probable loss calculations important?

Organizations have limited funds to use toward system protections.

A university's network was severely compromised by a systemwide attack that made accessing records impossible. All files were encrypted and the tech team didn't have the key. Administrators received what was essentially a ransom note: the network would be restored after they paid a million dollars to an unknown actor. Which factors most strongly influenced university administrators' decision whether or not to comply? More than one answer may be correct.

Whether the university's tech support team could decrypt the files themselves Whether law enforcement could be identified and force the bad actor to decrypt the files