ALA - Cybersecurity
To get to the bottom of the odd computer problems she was having, Priya listed these symptoms: files mysteriously disappearing, system configurations unexpectedly altered, and two icons showing up for applications she did not download. What malware could have been installed on Priya's computer?
A rootkit
What is the correct definition of a cybersecurity exploit?
A tool or technique for taking advantage of a cybersecurity vulnerability to break into a system and cause harm.
Who can be considered an insider in terms of cybersecurity?
A vendor who has developed products for the organization A repair worker with a badge to access company areas An employee who has access to company IT resources
When employers deactivate former employees' username and passwords, they are using which tool that ensures confidentiality?
Access control Authentication
From the following list, select all the examples of internal threats to cybersecurity.
An accidental erasure of data The leakage of sensitive information An attack by an authorized user
What do the three categories of the Detect (DE) function of the NIST Cybersecurity Framework include?
Analysis, observation, detection
Remote employees of a corporation are required to log into their company's virtual private network (VPN) before accessing files on the corporation's shared drive where corporate data are unreadable to unauthorized users. This is an example of which of the following tools that ensure confidentiality?
Authentication Access control Encryption
How does generative AI contribute to the training of cybersecurity professionals?
By generating realistic and up-to-date training simulations
Select all options that describe the categories of the Recover (RC) function of the NIST Cybersecurity Framework.
Communication with all stakeholders Improvements to cybersecurity plans Restoration of impaired systems
How does cybersecurity help preserve the integrity of data, information, and systems?
Cybersecurity tools such as user-access controls, file permission, and version controls help prevent unauthorized changes. Cybersecurity threat mitigation includes measures to protect the consistency, accuracy, and dependability of these assets. Cybersecurity systems are designed to detect unauthorized or unanticipated changes to data that suggest a loss of integrity.
What are key aspects of Security Behavior and Culture Programs in organizations?
Enhancing overall security posture Promoting secure employee behavior
What challenges do hybrid environments pose for cybersecurity?
Ensuring data compliance across multiple jurisdictions Balancing flexibility and control Managing different security protocols for cloud and on-premises systems
Select all options that describe steps in cybersecurity risk analysis.
Estimate the likelihood of occurrence of threats Estimate potential losses Assign value to assets
What is the primary role of intrusion detection systems (IDSs) in cybersecurity?
Generate alerts for suspicious activities.
Why is preserving the integrity of data, information, and systems an important cybersecurity goal?
If the consistency, accuracy, or dependability of these assets has been compromised, they lose their usefulness and value.
The five categories of the Respond (RS) function of the NIST Cybersecurity Framework include planning, analysis, and mitigation. From the list below, select the remaining two categories.
Improvements to cybersecurity response plans Communication
How does a rootkit pose a cybersecurity threat?
Installed on a computer's operating system, a rootkit bypasses security functions. A range of malicious actions is possible because the invader has the same access as the computer's owner or user.
What are key factors that increase the risk of supply chain attacks in hybrid environments?
Integration of cloud services and on-premises infrastructure Third-party vulnerabilities Global interconnectivity of organizational supply chains
Which of the following are true regarding the use of GenAI in cybersecurity?
It can be utilized by cybercriminals to design attacks that evade detection. It can analyze data trends to anticipate cybersecurity vulnerabilities. It helps develop cybersecurity professionals' skills through realistic simulations.
What is the goal of the protect stage in the plan-protect-respond cycle?
Limit the impact of a security breach. Ensure uninterrupted delivery of vital services.
Which of the following is an example of an event that may occur during the protect stage of the plan-protect-respond cycle?
Perform routine maintenance on organizational resources. Require all employees to attend training that outlines the different types of security threats their organization faces. Determine levels of access control.
What are the potential applications of GenAI in cybersecurity and cyber defense?
Predicting and preventing cyberattacks before they happen Generating and updating security policies based on new threats
Which best practices help prevent SQL injection attacks?
Prepared statements and parameterized queries Input validation Frequent testing
Which function of the National Institute of Standards Technology (NIST) Cybersecurity Framework involves an organization analyzing cybersecurity risk and reducing potential damage to IT infrastructures?
Protect (PR) function
In which function of the NIST Cybersecurity Framework does an organization's cybersecurity team take quick action to mitigate damage to systems?
Respond (RS) function
Select all options that describe the goals of the Respond (RS) function of the NIST Cybersecurity Framework.
Select all options that describe the goals of the Respond (RS) function of the NIST Cybersecurity Framework.
What makes biometric verification a preferred method of identity verification?
The difficulty in replicating biometric features The uniqueness of biometric features Its convenience
What do many social engineering attacks have in common?
They are conducted via e-mails that offer a reward in exchange for clicking a given link.
Why are prepared statements and parameterized queries effective against SQL injection attacks?
They prevent attackers from altering query intent even if they insert SQL commands.
What is a primary reason that organizations adopt hybrid environments?
To balance scalability and data compliance needs
What is the overall goal of the General Data Protection Regulation (GDPR)?
To ensure EU companies protect the privacy and personal data of EU citizens
What is the purpose of input validation in preventing SQL injection attacks?
To prevent attackers from injecting malicious SQL code To ensure that user input adheres to the expected format
Suppose an organization's system is vulnerable to losing information because its automated backup of data is insufficient or substandard. This type of cybersecurity vulnerability is ______.
a weakness in application software
What is the "DE" function in the National Institute of Standards Technology (NIST) Cybersecurity Framework?
detect function
The term "cybersecurity threat mitigation" refers to all of the policies, procedures, and tools used to ______.
guard against threats such as security incidents, data breaches, and unauthorized network access, and reduce any harm they cause
The need to keep sensitive data, information, and systems confidential ______.
is both a major goal and a requirement for cybersecurity
Adware specifically functions to ______.
present advertisements to users based on their browsing behaviors
Malware that encrypts the victims data files and then demands that a payment is made to the hacker is called __.
ransomware
Which of these threats to cybersecurity typically comes from an external source and usually request payment in return for a decryption program?
ransomware
In which function of the NIST Cybersecurity Framework are an organization's cybersecurity plans corrected due to a cybersecurity event?
recover function
