Cyber security IS2200

A computer virus is______.

malware that, when executed, adversely affects performance or damages programs

The purpose of spyware is to ______.

capture the user's account data, passwords, key strokes, and more

Spyware's basic function is to

capture the user's account data, passwords, keystrokes, and more.

The essential function of malicious bots is to ______.

control an individual computer by self-replicating and connecting to a central server

How did the attackers finally steal the account data?

copied it from point-of-sale machines used in transactions

A Trojan horse achieves its purposes through ______.

deceptive access

What is the "DE" function in the National Institute of Standards Technology (NIST) Cybersecurity Framework?

detect function

Ransomware basically holds a target hostage because it ___ .

encrypts the victim's data

From the following list, select all the possible warning signs of social engineering attacks.

strange emails from known, trusted personal contacts and organizations emails or texts containing links to more information or a free download emails or web pages that request personal information in exchange for a free offer

What is the meaning of the term "social engineering" in the area of cybersecurity?

the act of manipulating or tricking people into sharing confidential, personal information

Malicious bots are cybersecurity risks because they

can reproduce and link to an outside server.

Who performs probable maximum loss calculations?

A company's cybersecurity analysts

To get to the bottom of the odd computer problems she was having, Priya listed these symptoms: files mysteriously disappearing, system configurations unexpectedly altered, and two icons showing up for applications she did not download. What malware could have been installed on Priya's computer?

A rootkit

What is the correct definition of a cybersecurity exploit?

A tool or technique for taking advantage of a cybersecurity vulnerability to break into a system and cause harm.

When employers deactivate former employees' username and passwords, they are using which tool that ensures confidentiality? More than one answer may be correct.

Access control Authentication

According to the CIA triad, in which of the following examples is an organization ensuring data integrity? More than one answer may be correct.

Access to important data is limited so that only certain employees are able to modify that data. During an acquisition, logistics data are securely transferred to the acquiring company's servers.

What readily available information did the attackers use in their attack?

All of the answers are correct.

From the following list, select all the examples of internal threats to cybersecurity.

An attack by an authorized user The leakage of sensitive information An accidental erasure of data

What do the three categories of the Detect (DE) function of the NIST Cybersecurity Framework include?

Analysis, observation, detection

Which of the following is an example of data in transit? More than one answer may be correct.

At home, a person sends a photo taken on their smartphone to display on their smart TV. A person uses an app on their smartphone to check their bank balance.

Select all options that describe the goals of the Respond (RS) function of the NIST Cybersecurity Framework.

Be able to quickly analyze a detected cybersecurity issue Be prepared to swiftly mitigate harm caused by a cybersecurity event Establish procedures that enable action in the event of a cybersecurity incident

Why is a denial-of-service attack (DoS attack) a threat to data availability?

By flooding a system with incoming messages, a DoS attack forces the system to shut down, rendering it inaccessible to the users who legitimately have access to it.

Who is protected by California's SB-327 for IoT Security and who is accountable for ensuring the guidelines are met?

California's SB-327 for IoT Security helps to protect consumers; the responsibility lies with makers of devices that connect with the Internet.

The five categories of the Respond (RS) function of the NIST Cybersecurity Framework include planning, analysis, and mitigation. From the list below, select the remaining two categories.

Communication Improvements to cybersecurity response plans

Which of the following statements explain why a computer virus is so named? More than one answer may be correct.

Computer viruses have the ability to reproduce themselves within a system. An invaded computer inadvertently plays host to the malware.

From the following list, select all of the ways in which cybersecurity helps preserve the integrity of data, information, and systems.

Cybersecurity policies and procedures are designed to protect the consistency, accuracy, and dependability of these assets. Cybersecurity tools such as user-access controls, file permission, and version controls help prevent unauthorized changes. Cybersecurity systems are designed to detect unauthorized or unanticipated changes to data that suggest a loss of integrity.

How does cybersecurity help preserve the integrity of data, information, and systems? More than one answer may be correct.

Cybersecurity tools such as user-access controls, file permission, and version controls help prevent unauthorized changes. Cybersecurity threat mitigation includes measures to protect the consistency, accuracy, and dependability of these assets. Cybersecurity systems are designed to detect unauthorized or unanticipated changes to data that suggest a loss of integrity.

______ are cybersecurity breaches that make a computer or online service unavailable to its users.

DDOS attacks

Which of the following are reasons why states are making cybersecurity measures a high priority? More than one answer may be correct.

Data and technology continue to be at risk from cyber threats. New technologies continue to advance at a rapid rate.

Which of the following is an example of a tool that could be used to ensure data integrity? More than one answer may be correct.

Data are regularly backed up. Data correction codes are used to ensure the data retrieved are the same as when it was stored.

Determine which of the following is an example of data that has integrity.

Data that are used to set sales goals for account executives are stored on a secure server; managers are allowed read-only access to the sales data for the reps they directly manage.

Which of the following is considered a cybersecurity threat to data at rest? More than one answer may be correct.

Data will be stolen. Data will be viewed by unauthorized users.

Which of the following is considered a cybersecurity threat to data at rest? More than one answer may be correct.

Data will be viewed by unauthorized users. Data will be altered by unauthorized users.

What is the "DE" function in the National Institute of Standards Technology (NIST) Cybersecurity Framework?

Detect function

Which of the following is an example of a task that might be completed during the planning stage of the plan-protect-respond cycle? More than one answer may be correct.

Determine the degree of vulnerability that exists. Having an authorized user attempt to hack into the system to determine vulnerabilities. Determine what security flaws exist.

Which of the following are considered cybersecurity breaches? More than one option may be correct.

Distributed Denial of Service (DDOS) Spyware Viruses Impersonation

Which of the following statements accurately describes spyware? More than one answer may be correct.

Downloading software or documents from unvetted sources is one way spyware can be installed. Spyware captures private information by monitoring how users interact online.

Remote employees of a corporation are required to log into their company's virtual private network (VPN) before accessing files on the corporation's shared drive where corporate data are unreadable to unauthorized users. This is an example of which of the following tools that ensure confidentiality? More than one answer may be correct.

Encryption Authentication Access control

Which of the following are areas covered by state-specific cybersecurity laws? More than one answer may be correct

Ensuring state and local governments are protected from cybersecurity threats. Protecting elections from cyber threats. Addressing security needs of smart devices.

Select all options that describe the goals of the National Institute of Standards Technology (NIST) Cybersecurity Framework.

Give guidance to organizations who wish to understand potential security breaches Help organizations develop appropriate policies and procedures to mitigate data breaches Create an atmosphere where organizations can effectively discuss cybersecurity risks internally and with those outside of the organization

Which of the following are assets that can be impacted by a cybersecurity threat? Select all the correct options.

Hardware Information Software

In cybersecurity risk analysis, PML (probable maximum loss) is used to

Help determine spending needed to adequately secure an organization's IT infrastructure.

Which function of the NIST Cybersecurity Framework involves an organization gaining deeper understanding of cybersecurity management in the context of their business needs and resources?

Identify (ID) function

Why is preserving the integrity of data, information, and systems an important cybersecurity goal?

If the consistency, accuracy, or dependability of these assets has been compromised, they lose their usefulness and value.

Data at rest or storage can be found in which of the following places? More than one answer may be correct.

In the cloud On an external hard drive

How does a rootkit pose a cybersecurity threat? More than one answer may be correct.

Installed on a computer's operating system, a rootkit bypasses security functions. A range of malicious actions is possible because the invader has the same access as the computer's owner or user.

Which of the following is prohibited by the Computer Fraud and Abuse Act? More than one answer may be correct

Intentionally destroying a computer Cyber blackmail

Which of the following statements describes a keylogger most accurately?

It is surveillance malware that captures confidential information through keyboard input.

Which of the following surveillance technologies relies on how data are entered into a system?

Keyloggers

What is the goal of the protect stage in the plan-protect-respond cycle? More than one answer may be correct.

Limit the impact of a security breach. Ensure uninterrupted delivery of vital services.

Select all options that describe standards set forth by the General Data Protection Regulation (GDPR) for compliance by companies who handle individuals' data.

Make collected data anonymous Hire a data protection officer Notify citizens of data breaches

Which of the following statements refer to programs known as spiders, web crawlers, and bots? More than one answer may be correct.

Malicious bots create security risks by compromising a user's control of the computer. "Good bots" have diverse functions and do not pose security risks. Internet robots are used for both legitimate and malicious purposes.

Applying for credit or even a mortgage online is a straightforward process. After creating an account with a unique user name and password, a customer reads a privacy statement, reviews the security policy, and accepts the terms of use. Then they proceed to log in and fill out an application, answering detailed questions about household income, employment, and more. What cybersecurity risk is particularly relevant to this process?

Man-in-the-middle (MitM) attack

Which of the following was not a consequence of the data breach?

Many Target employees went to prison.

Where are data in transit found?

On a cellular network

Which of the following is an example of an event that may occur during the protect stage of the plan-protect-respond cycle? More than one answer may be correct.

Perform routine maintenance on organizational resources. Require all employees to attend training that outlines the different types of security threats their organization faces. Determine levels of access control.

Which of these defining components mitigate cybersecurity threats? Select all the correct options.

Policies, tools, and strategies used to reduce damage from threats. Policies and procedures used to protect systems and data. Security tools and oversight used to identify security threats.

For a cybersecurity plan to succeed, which of the following must remain confidential? Select all correct answer options.

Private or sensitive data and information The logins and passwords of authorized users The organization's digital or computer systems

Which function of the National Institute of Standards Technology (NIST) Cybersecurity Framework involves an organization analyzing cybersecurity risk and reducing potential damage to IT infrastructures?

Protect (PR) function

Which of these threats to cybersecurity can only come from an external source?

Ransomware

Why is MitMo a growing security risk? More than one answer may be correct.

Smartphones and other mobile devices are everywhere. People use mobile devices in many of the same ways they use computers.

In which function of the NIST Cybersecurity Framework does an organization's cybersecurity team take quick action to mitigate damage to systems?

Respond (RS) function

Which of the following browsing situations may reveal that adware is at work? More than one answer may be correct.

Shortly after you buy and download a writing enhancement program, you begin seeing ads for special keyboards, styluses, and other assistive technology. In searching the term database management, the first item you see in the results list is an ad for a particular online database. You have been looking for a new winter coat, and three out of five ads popping up on your browser currently show the type of coat you have been considering.

Who are the prime targets of MitM attacks? More than one answer may be correct.

Software as a source (SaaS) businesses Anyone who uses online financial applications Anyone who logs in to shop online

Although the attackers were able to obtain data for many credit card accounts, many others remained safe. Why?

Target had encrypted the contents of its customer account database.

A keylogger can be accurately described as ______.

Technology that captures keyboard input on several types of devices to glean confidential information

Explain the purpose of the National Institute of Standards Technology (NIST) Cybersecurity Framework.

The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks.

What is the National Institute of Standards Technology (NIST) Cybersecurity Framework?

The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks.

Accessing the communications of an organization without authorization was made a criminal violation by which federal cybersecurity law?

The Stored Communications Act

Which of these statements support the assertion that MitMo is a growing security risk? More than one answer may be correct.

The world is flooded with smartphones and other mobile devices. Mobile devices function in many of the same ways that computers do.

Why is it important to preserve the integrity of data, information, and systems?

These assets lose their usefulness and value if their consistency, accuracy, or dependability is compromised.

Which is the most common characteristic of social engineering cybersecurity attacks?

They are conducted via emails that offer a reward in exchange for clicking a given link.

Members of a project team at a mid-size company are trained in online safety, and their network is protected by a firewall. But the worst-case scenario has happened: a competitor has obtained protected information, possibly directly from a member's computer. George, the firm's system manager, sees some evidence of a Trojan horse that was engineered to steal passwords. What first steps should he and his security team take to uncover the source? More than one answer may be correct.

They should comb through e-mails with an eye to a message with a clickable link. The security team should examine everyone's activity log, looking for any downloaded files or programs.

How did the attackers gain access to Target's IT systems?

They used malware to capture access credentials.

What is the overall goal of the General Data Protection Regulation (GDPR)?

To ensure EU companies protect the privacy and personal data of EU citizens

What is the goal of the planning phase of the plan-protect-respond cycle?

Understand the steps needed to design effective information security architecture.

From the following list, select all types of cybersecurity vulnerabilities.

Weaknesses in system security procedures Weaknesses or flaws in system security control Security weaknesses in an operating system or application software Weaknesses or flaws in a system's security design Weaknesses or flaws in system security implementation

From the following list, select all situations that lead you to suspect the presence of adware.

When looking up information on the Dallas Cowboys, you notice an ad for a Dallas Cowboys jersey. You have been looking for a car bike rack, and four out of five ads popping up on your browser show types of racks and other sporting gear. After you buy and download a drawing program, you begin seeing ads for interactive drawing games and other creative technology.

Suppose an organization's system is vulnerable to losing information because its automated backup of data is insufficient or substandard. This type of cybersecurity vulnerability is ______.

a weakness in application software

The Stored Communications Act prohibits which activity?

accessing the communications of an organization without authorization

Which type of event or condition may represent a cybersecurity threat? More than one answer may be correct

an intentional event or action that damages computer hardware an unintentional or accidental event that deletes important network data or information the incorrect use or abuse of a computer assets an error, flaw, or weakness in a network asset

California's SB-327 for IoT Security mandates that security features of Internet-ready devices must be ________. More than one answer may be correct.

appropriate to the intended use of the device suitable for the type of data the device will contain and relay constructed to protect the device and any data it stores

The main characteristics that define cybersecurity threats are ______.

events that can lead to IT asset loss, conditions that can lead to IT asset loss, and the consequences of such loss

Describe the goals of the National Institute of Standards Technology (NIST) Cybersecurity Framework. More than one answer may be correct.

give guidance to organizations who wish to understand potential security breaches help organizations develop appropriate policies and procedures to mitigate data breaches create an atmosphere where organizations can effectively discuss cybersecurity risks internally and with those outside of the organization

The term "cybersecurity threat mitigation" refers to all of the policies, procedures, and tools used to ______.

guard against threats such as security incidents, data breaches, and unauthorized network access, and reduce any harm they cause

In cybersecurity, the probable maximum loss (PML) is used to______.

help determine spending needed to adequately secure an organization's IT infrastructure

The goal of the NIST Cybersecurity Framework Protect (PR) function is to ______.

help protect an organization's IT infrastructure from security breaches by offering guidelines on IT infrastructure protection

The need to keep sensitive data, information, and systems confidential ______.

is both a major goal and a requirement for cybersecurity

What are causes of the costs estimated included during a risk analysis? More than one answer may be correct.

malware attacks system downtime security breaches

The cybersecurity risks known as Man-in-the-mobile (MitMo) are realized when ______.

malware infects smartphones and other mobile devices

Where are data in transit found?

on a cellular network

What does the identify (ID) function of the NIST Cybersecurity Framework focus on?

organizational understanding of how to manage cybersecurity risks

Adware specifically functions to ______.

present advertisements to users based on their browsing behaviors

Malware that encrypts the victims data files and then demands that a payment is made to the hacker is called

ransomware

A cybersecurity exploit is ______.

the means by which a hacker capitalizes on a cybersecurity vulnerability to gain access to and harm a system

What was the most likely motivation of the hackers who attacked Target?

to make money

The Identify (ID) function of the NIST Cybersecurity Framework focuses on organizational______.

understanding of how to manage cybersecurity risks

In which situation should the origin of information be authenticated to protect data integrity?

when electronic votes are submitted during an election