Cybersecurity BCOR

Recently, TechJury compiled a list of cybersecurity statistics that show the impact of different malware and network attacks. What percentage of cyberattacks are aimed at small businesses?

43 percent

Explain how the trojan "EventBot" works. More than one answer may be correct.

Aimed at Android devices Steals financial information Reads and intercepts SMS messages

Which of the following statements describe Internet robots, or bots? More than one answer may be correct.

Bots are used for both legitimate and malicious purposes Malicious bots can compromise a user's control of the comp "Good bots" have useful functions and do not pose security risks

From the following list, select all of the ways in which cybersecurity helps preserve the integrity of data, information, and systems.

Cybersecurity policies and procedures are designed to protect the consistency, accuracy, and dependability of these assets Cybersecurity systems are designed to detect unauthorized or unanticipated changes to data that suggest a loss of integrity Cybersecurity tools such as user-access controls, file permission, and version controls help prevent unauthorized changes

From the following list, select all the actions that are considered cyberattacks.

DoS attacks DDoS attacks information theft

From the following list, select all the possible warning signs of social engineering attacks

Emails or texts containing links to more info or a free download Emails or web pages that request personal information in exchange for a free offer Strange emails from known, trusted personal contacts or organizations

Describe the goals of the respond (RS) function of the NIST Cybersecurity Framework. More than one answer may be correct.

Establish procedures that enable action in the event of a cybersecurity incident Be able to quickly analyze a detected cybersecurity issue Be prepared to swiftly mitigate harm caused by a cybersecurity event

A man-in-the-mobile and a man-in-the-middle attack have what similar qualities? More than one answer may be correct.

Harvesting personal information is the goal of each cyber intrusion The user may not know the malware has infected the device

How does a Network Address Translation (NAT) type of firewall work?

It hides internal IP addresses

How are data in process different from data at rest or data in storage?

It is held in the device's RAM until it can be processed by the CPU or GPU

Man-in-the-mobile (MitMo) occurs when

Malware infects smartphones and other mobile devices

Why are probable loss calculations important?

Organizations have limited funds to use toward system protections.

From the following list, select all the primary components of cybersecurity threat mitigation.

Policies and procedures for threat prevention Tools for threat identification Policies, tools, and strategies for threat "curing" or minimization

Why is data that is located in the RAM of a device considered data in transit?

RAM only holds data and instructions temporarily; nothing is permanently stored in RAM

Explain the purpose of the National Institute of Standards Technology (NIST) Cybersecurity Framework.

The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks

Which of the following statements explains why a rootkit poses a cybersecurity threat? More than one answer may be correct.

The invader has the same access as the host, the comp's owner or user A rootkit bypasses security functions because it is installed on the operating system

How does spyware potentially harm the individual user?

This malware steals confidential information from the user

What is the purpose of social engineering in conjunction with ransomware?

Tricks victims into allowing access to data

From the following list, select all situations that lead you to suspect the presence of adware.

When looking up info on Dallas Cowboys, you notice an ad for a Cowboys jersey You have been looking for a car bike rack, and four out of five ads popping up on your browser show types of racks After you buy drawing program you get ads for other creative tech

Who is protected by California's SB-327 for IoT Security and who is accountable for ensuring the guidelines are met?

helps to protect consumers; responsibility lies with makers of devices that connect with the internet

What does the General Data Protection Regulation (GDPR) regulate?

how companies protect personal data

An email that appears to be from a legitimate company is most likely to be a social engineering cybersecurity attack if

it contains a link to a free offer that seems too good to be true

How does conducting an inventory of where its critical data is stored most help a business to minimize the damage from natural disasters? More than one answer may be correct.

it helps ensure geographic data redundancy it helps with retrieving data immediately after a disaster

The security firewall serving Vantage's email program catches an impressive number of both irrelevant and illegitimate messages, to the point where employees usually do not even see them. Occasionally, however, an unsolicited message will catch managing partner Carl's eye. Because one new message looks to come from a potential new client, he's interested but careful, aware that the boutique consulting firm has a very targeted marketing system and clients usually do not appear out of thin air. What type of security concern is causing Carl's suspicion?

phishing

Describe the categories of the Recover (RC) function of the NIST Cybersecurity Framework. More than one answer may be correct.

restoration of impaired systems improvements to cybersecurity plans communication with all stakeholders

According to the identify (ID) function of the NIST Cybersecurity Framework, what allows an organization to prioritize its efforts where cybersecurity risk is involved?

understanding of its business environment and resources

In which situation should the origin of information be authenticated to protect data integrity?

when electronic votes are submitted during an election

Ransomware is typically introduced into a network by a ________ and to an individual computer by a Trojan horse.

worm

According to the CIA triad, in which of the following examples is an organization ensuring data integrity? More than one answer may be correct

A corporation backs up all of its data to a cloud server every night An organization has a formal policy for alerting the IT department when employees leave the company

Which of the following is an example of data in transit? More than one answer may be correct.

A person uses an app on their smartphone to pay a bill A person transfers documents between their laptop and computer

Which of the following threats to cybersecurity come from internal sources?

An accidental erasure of data An attack by an authorized user The leakage of sensitive information

n a DDoS attack, network computers that have been infected by a virus from more than one source computer act as zombies and work together to send out illegitimate messages creating huge volumes of network traffic. The acronym DDoS stands for

Distributed Denial of Service

Which of the following would be included in a risk assessment executive summary that was prepared to help executives make informed decisions about security? More than one answer may be correct.

If a cyberattack were able to breach our security, the medical information and social security numbers of all the patients would be available. Because our organization has multiple government contracts, we need to worry about threats from other countries' governments who seek to fain sensitive information regarding the U.S government All employees are required to go through biannual cybersecurity training. Additional training is required when new threats that could affect our organization become known.

Describe trojan malware.

It is often found attached to free downloads and apps It is often used to find passwords, destroy data, or to bypass firewalls It is like a virus but does not replicate itself

Which of the following statements describes a keylogger most accurately?

It is surveillance malware that captures confidential information through keyboard input

Which of the following statements describes a keylogger most accurately?

It is surveillance malware that captures information through keyboard input

Which of these statements about packet sniffers are true? More than one answer may be correct.

Legitimate sniffers are used for routine examination and problem detection Unauthorized sniffers are used to steal information

Which of the National Institute of Standards Technology (NIST) Cybersecurity Framework functions entails an analysis of cybersecurity risk and reduction of potential damage to IT infrastructures?

Protect (PR) function

Breanna, IS manager at a mid-size service firm, picks up some evidence that a Trojan horse engineered to steal passwords has accessed the system. All members of project teams are trained in online safety, and their network is protected by a firewall. But the worse-case scenario has happened: a competitor has received protected information, possibly directly from a member's computer. What first steps should Breanna and the security team take to solve the problem? More than one answer may be correct.

They should review everyone's activity log, looking for any downloaded files or programs The security group should sift through emails for a message with clickable links

A university's network was severely compromised by a systemwide attack that made accessing records impossible. All files were encrypted and the tech team didn't have the key. Administrators received what was essentially a ransom note: the network would be restored after they paid a million dollars to an unknown actor. Which factors most strongly influenced university administrators' decision whether or not to comply? More than one answer may be correct.

Whether the university's tech support team could decrypt the files themselves Whether law enforcement could be identified and force the bad actor to decrypt the files

Explain how the trojan "EventBot" works. More than one answer may be correct.

aimed at android devices steals fin info reads and intercepts SMS messages

The infection of a digital device by a computer virus happens in stages. What is the second step in this process?

an action such as running or opening a file activates the virus

Imagine you are speaking with a friend about how to protect yourself from phishing scams. Your friend, who works in cybersecurity, gives you some advice about what to do if you receive a phishing message. Which of the following statements would be considered good advice?

banks and credit card companies will never ask you to provide personal info via email messages if you receive a suspicious message, contact institution that message was allegedly sent from Contact US-CERT to report the suspected scam

When should an organization answer the question "Is this the highest priority security risk?"

before data security strategies are created

From the following list, select the techniques and tools that are used by both white-hat hackers and illegitimate hackers.

rootkits social engineering back door programs

What is the only way to guarantee that computers and networks are safe from cyberattacks?

take them offline

From the following list, select all the examples of cybercrimes.

trojan horse viruses computer hacking digital identity theft