CSX EXAM PRACTICE QUESTIONS
Threat
Anything that is capable of acting against an asset in a manner that can result in harm
In practical applications:
Asymmetric key encryption is used to securely obtain symmetric keys
Which of the following is the best definition for cybersecurity? A. The protection of information from unauthorized access or disclosure B. Protecting information assets by addressing threats to information that is processed, stored, or transported by internet worked systems C. The protection of paper documents, digital and intellectual property, and verbal or visual communications
B. Protecting information assets by addressing threats to information that is processed, stored, or transported by internet worked systems
Which three elements of the current threat landscape have provided increased levels of access and connectivity and therefore increased opportunities for cyber crime? A. Text messaging, Bluetooth technology and SIM cards B. Web applications, botnets, and primary malware C. Cloud computing, social media, and mobile computing
C. Cloud computing, social media, and mobile computing
Maintaining a high degree of confidence regarding the integrity of evidence requires a(n):
Chain of custody
Outsourcing poses the greatest risk to an organization when it involves:
Core business functions
Privacy
Is a state of being free from unsanctioned intrusion
Security
Is action
Privacy
Is the outcome
A passive network hub operates at which layer of the OSI model?
Physical
Who has the greatest influence over access security in a password authentication environment?
Users
Likelihood
the possibility that something will happen
Vulnerability
A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events
Which of the following statements about advanced persistent threats (APTs) are true? A. APTs typically originate from sources such as organized crime groups, activities or governance B. APTs use obfuscation techniques that help them remain undiscovered for months or even years C.APTs are often long-term multiphase projects with a focus on reconnaissance D. The APT attack cycle begins with target penetration and collection of sensitive information
A. APTs typically originate from sources such as organized crime groups, activities or governance B. APTs use obfuscation techniques that help them remain undiscovered for months or even years C.APTs are often long-term multiphase projects with a focus on reconnaissance
The number and types of layers needed for defense in depth are a function of A. Asset value, criticality, reliability of each control and degree of exposure B. Network configuration navigation controls user interface and VPN traffic C. Isolation segmentation internal controls and external controls
A. Asset value, criticality, reliability of each control and degree of exposure
Which of the following are legal issues that may affect investigations? A. Evidence collection and storage B. Chain of custody of evidence C. Searching or monitoring communications D. Interviews or interrogations E. Education or training F. Labor, union, and privacy regulation
A. Evidence collection and storage B. Chain of custody of evidence C. Searching or monitoring communications D. Interviews or interrogations F. Labor, union, and privacy regulation
The core duty of cyber security is to: A. Manage risk B. Secure endpoints C. Protect enterprise infrastructure
A. Manage risk
intent
An actor or event with the potential to adversely impact an information system
Impact
An adverse effect that results from an event occurring
Where should an organization's network terminate virtual private network (VPN) tunnels?
At the perimeter, to allow for effective internal monitoring
Which of the following common controls protect the availability of information: A. Access controls, file permissions, encryption B. Access controls, backups, redundancy C. Access controls, logging, encryption
B. Access controls, backups, redundancy
___ is defined as a model for enabling convenient on demand network access to a shared pool of confit viable resources that can be rapidly provisioned and released with minimal management or service provider interaction A. Software as a a service (Saas) B. Cloud computing C. Platform as a service (Paas)
B. Cloud computing
Which element of an incident response plan (IRP) involves obtaining and preserving evidence? A. Identification B. Containment C. Eradication
B. Containment
Which of the following cybersecurity roles is charged with the duty of managing incidents and remediation A.Board of Directors B. Cybersecurity management C. Executive management
B. Cybersecurity management
Which of the following terms designates the process of implementing security controls on a computer system? A. Cybersecurity B. System hardening C. Patching
B. System hardening
Business continuity plans (BCPs) associated with organizational information systems should be developed primarily on the basis of:
Business needs
Which of the following is not true of likelihood? A. Measures frequency of an event occurring B. Is often a component of external factors C. Does not take into account current controls and countermeasures
C. Does not take into account current controls and countermeasures
Which of the following best describes the role of encryption within an overall cybersecurity program? A. Encryption is the primary means of securing digital assets B. Encryption depends upon shared secrets and is therefore an unreliable means of control C. Encryption is an essential but incomplete form of access control
C. Encryption is an essential but incomplete form of access control
NIST defines a(n) ________________ as a "violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices." A. Event B. Threat C. Incident
C. Incident
Vulnerability management begins with an understanding of IT assets and their locations, which can be accomplished by: A. Vulnerability scanning B. Penetration testing C. Maintaining an asset inventory
C. Maintaining an asset inventory
Which of the following are foundational tenets of security that inform security controls? A. Availability, integrity B. Confidentiality, non repudiation C. Need-to-know, principle of least privilege
C. Need-to-know, principle of least privilege
Policies
Communicate required and prohibited activities and behaviors
A segmented network:
Consists of two or more security zones
Put the steps of the penetration testing phase into the correct order. a. Attack b. Discovery c. Reporting d. Planning
D. Planning B.Discovery A. Attack C. Reporting
An interoperability error is what type of vulnerability?
Emergent
During which phase of the six-phase incident response model is the root cause determined?
Eradication
What kind of anti-malware program evaluates system processes based on their observed behaviors?
Heuristic
Virtual systems should be managed using a dedicated virtual local area network (VLAN) because:
Insecure protocols could result in a compromise of privileged user credentials
Standards
Interpret policies in specific situations
Privacy
Is a consequence
Security
Is a process
Privacy
Is the result of successful actions
Under the US-CERT model for incident categorization, a CAT-3 incident refers to which of the following?
Malicious code
Which cybersecurity principle is most important when attempting to trace the source of malicious activity?
Nonrepudiation
Securing Supervisory Control and Data Acquisition (SCADA) systems can be challenging because they:
Operate in specialized environments and often have non-standard design elements
The attack mechanism directed against a system is commonly called a(n):
Payload
During which phase of the system development lifecycle (SDLC) should security first be considered?
Planning
Procedures
Provide details on how to comply with policies and standards
Guidelines
Provide strong general recommendations such as what to do in particular circumstances
Asset
Something of either tangible or intangible cakes that is worth protecting including people information infrastructure finances and reputation
Which of the following interpret requirements and apply them to specific situations?
Standards
A firewall that tracks open connection-oriented protocol sessions is said to be:
Stateful
A cybersecurity architecture designed around the concept of a perimeter is said to be:
System-centric
Risk
The combination of the likelihood of an event and it's impact
Capability
The knowledge and skill set required by a threat to carry out an event.
Opportunity
The resources and position required by a threat to carry out action
Which two factors are used to calculate the likelihood of an event?
Threat and vulnerability
Which of the following offers the strongest protection for wireless network traffic?
Wireless Protected Access 2 (WPA2)
A business continuity plan (BCP) is not complete unless it includes:
detailed procedures
Updates in cloud-computing environments can be rolled out quickly because the environment is:
homogeneous
Security
is the strategy
Risk assessments should be performed:
on a regular basis