Cybersecurity

In cybersecurity, the term "integrity" refers to safety of IT assets, such that data maintains its integrity so long as it is not stolen, deleted, or lost.

False.

Spyware's basic function is to

capture the user's account data, passwords, keystrokes, and more.

What are the core actions of the protect (PR) function?

controlling access to systems and preventing unauthorized access

What is the "DE" function in the National Institute of Standards Technology (NIST) Cybersecurity Framework?

detect function

In cybersecurity risk analysis, PML (probable maximum loss) is used to

help determine spending needed to adequately secure an organization's IT infrastructure.

The term virus is a useful way to identify this malware for which of the following reasons? More than one answer may be correct.

Both biological and computer viruses have the ability to reproduce themselves. A virus needs a host body or computer system to do its work.

Which of the following statements describe Internet robots, or bots? More than one answer may be correct.

Bots are used for both legitimate and malicious purposes. Malicious bots can compromise a user's control of the computer "Good bots" have useful functions and do not pose security risks.

Why is a denial-of-service attack (DoS attack) a threat to data availability?

By flooding a system with incoming messages, a DoS attack forces the system to shut down, rendering it inaccessible to the users who legitimately have access to it.

How does the cybersecurity goal of preserving data integrity relate to the goal of authenticating users?

Data integrity is more easily preserved if users must be authorized to access data and make changes.

Which of the following is considered a cybersecurity threat to data at rest? More than one answer may be correct.

Data will be altered by unauthorized users. Data will be viewed by unauthorized users.

Authenticating the identity of a user, process, or device serves one purpose: to prevent unauthorized access to an organization's assets or resources.

False, authentication is also done to ensure that people are given necessary access to data and information.

What is the goal of the protect stage in the plan-protect-respond cycle? More than one answer may be correct.

Ensure critical infrastructure services can be delivered without interruption. Reduce the impact of an adverse cybersecurity event.

A man-in-the-mobile and a man-in-the-middle attack have what similar qualities? More than one answer may be correct.

Harvesting personal information is the goal of each cyber intrusion. The user may not know the malware has infected the device.

How does a cybersecurity exploit threaten the safety of a system?

It is a tool or technique for taking advantage of a system vulnerability to cause harm.

How are data in process different from data at rest or data in storage?

It is held in the device's RAM until it can be processed by the CPU or GPU.

Which of the following statements describes a keylogger most accurately?

It is surveillance malware that captures confidential information through keyboard input.

Why are probable loss calculations important?

Organizations have limited funds to use toward system protections.

Which of the following is an example of an event that may occur during the protect stage of the plan-protect-respond cycle? More than one answer may be correct.

Provide employees with information regarding the specific types of security threats their organization faces. Make sure resources are protected through routine maintenance. Limit remote access to sensitive data.

Explain the purpose of the National Institute of Standards Technology (NIST) Cybersecurity Framework.

The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks.

Which of these statements support the assertion that MitMo is a growing security risk? More than one answer may be correct.

The world is flooded with smartphones and other mobile devices. Mobile devices function in many of the same ways that computers do.

Malicious bots are cybersecurity risks because they

can reproduce and link to an outside server.

How does spyware potentially harm the individual user?

This malware steals confidential information from the user.

A ransomware attack involves a multi-step process of file encryption, making demands of the target, untraceable payment, and possible file decryption.

True

What is the goal of the planning phase of the plan-protect-respond cycle?

Understand common threats that an organization may face and determine how vulnerable they are to such threats.

A university's network was severely compromised by a systemwide attack that made accessing records impossible. All files were encrypted and the tech team didn't have the key. Administrators received what was essentially a ransom note: the network would be restored after they paid a million dollars to an unknown actor. Which factors most strongly influenced university administrators' decision whether or not to comply? More than one answer may be correct.

Whether the university's tech support team could decrypt the files themselves. Whether law enforcement could be identified and force the bad actor to decrypt the files.

The Stored Communications Act prohibits which activity?

accessing the communications of an organization without authorization

Which of the following names a type of cybersecurity threat? More than one answer may be correct.

an event or act that may lead to asset loss a condition that may lead to asset loss a harmful result or consequence of asset loss

What is a cybersecurity threat?

an event or condition that can lead to IT asset loss and the negative consequences of such loss

California's SB-327 for IoT Security mandates that security features of Internet-ready devices must be ________. More than one answer may be correct.`

appropriate to the intended use of the device suitable for the type of data the device will contain and relay constructed to protect the device and any data it stores

Social engineering is used to target people whom

are not cautious about giving out confidential or sensitive information.

Most organizations require employees to login in to view files that are posted to a shared drive, allowing different access to the files based on employee position within the organization and preventing unauthorized employees or other people from accessing all files. This is an example of which of the following tools that ensure confidentiality? More than one answer may be correct.

authentication encryption access control

Describe the goals of the respond (RS) function of the NIST Cybersecurity Framework. More than one answer may be correct.

establish procedures that enable action in the event of a cybersecurity incident be able to quickly analyze a detected cybersecurity issue be prepared to swiftly mitigate harm caused by a cybersecurity event

From the following list, select all the types of problems that create a cybersecurity vulnerability.

faulty procedures for upholding system security flaws in the design of system security poor setup or implementation of system security insufficient control or management of system security

Which of these online functions are most susceptible to MitM attacks? More than one answer may be correct.

financial applications e-commerce

Describe the goals of the National Institute of Standards Technology (NIST) Cybersecurity Framework. More than one answer may be correct.

give guidance to organizations who wish to understand potential security breaches help organizations develop appropriate policies and procedures to mitigate data breaches create an atmosphere where organizations can effectively discuss cybersecurity risks internally and with those outside of the organization

Which of the NIST Cybersecurity Framework functions investigates an organization's cybersecurity management in the context of their business needs and resources?

identify (ID) function

Describe the purpose of a cybersecurity risk analysis. More than one answer may be correct.

identify a company's assets calculate potential loss due to security threats determine how to respond to a potential loss

Which of the following are areas covered by state-specific cybersecurity laws? More than one answer may be correct.

increasing cybersecurity at the state and local level addressing security needs of mobile devices protecting critical infrastructure from cyber threats

Which of the following is a best practice for ensuring that data are available? More than one answer may be correct.

keeping current with all system upgrades preventing bottlenecks

Ransomware basically holds a target hostage because it

makes the target's own data inaccessible.

What are causes of the costs estimated included during a risk analysis? More than one answer may be correct.

malware attacks system downtime security breaches

Adrian and Frank began the online process of applying for a short-term loan for their business. They created an account with a username and password, looked over the privacy statement, reviewed the security policy, and accepted the terms of use. After logging on, however, they became increasingly uncomfortable answering so many detailed questions about income, employment, and more. What specific risk might they have remembered from studying cybersecurity?

man-in-the-middle (MitM)

From the following list, select all the primary components of cybersecurity threat mitigation.

policies and procedures for threat prevention tools and procedures for threat identification policies, tools, and strategies for threat "curing" or minimization

Bad actors seeking to create computer viruses primarily must know how to

program code.

Which of the National Institute of Standards Technology (NIST) Cybersecurity Framework functions entails an analysis of cybersecurity risk and reduction of potential damage to IT infrastructures?

protect (PR) function`

Which threat to cybersecurity can only come from outside an organization?

ransomware

Describe the categories of the Recover (RC) function of the NIST Cybersecurity Framework. More than one answer may be correct.

restoration of impaired systems improvements to cybersecurity plans communication with all stakeholders

Which of the following must remain confidential to achieve cybersecurity goals? More than one answer may be correct.

the logins and passwords of authorized users private or sensitive data and information the specifications of the organization's IT systems

What does the General Data Protection Regulation (GDPR) strive to achieve?

to ensure EU companies protect the privacy and personal data of EU citizens

What is the goal of the NIST Cybersecurity Framework Protect (PR) function?

to help protect an organization's IT infrastructure from security breaches by offering guidelines on IT infrastructure protection

From the following list, select all the examples of different cybersecurity breaches.

viruses spyware impersonation Distributed Denial of Service (DDOS)

A benign Internet robot that gathers data is called a(n)

web crawler.

In which situation should the origin of information be authenticated to protect data integrity?

when electronic votes are submitted during an election