CyberSecurity Course 1 Exam
What is the term for software that is designed to harm devices or networks?
Malware
What term is used to describe publicly available systems, such as Linux?
Open-source
A security team uses a _____ to help them document organizational processes from beginning to end.
playbook
The _____ spread globally within a couple of months due to users inserting a disk into their computers that was meant to track illegal copies of medical software.
Brain virus
As a security analyst, you are tasked with auditing your organization's network to identify security related issues. How might a network protocol analyzer (packet sniffer) help you perform this task?
By capturing and analyzing data traffic on the network
Which security event, related to the successful infiltration of a credit reporting agency, resulted in one of the largest known data breaches of sensitive information, including customers' social security and credit card numbers?
Equifax Breach
The ethical principle of _____ involves adhering to compliance regulations.
Guidelines
Which of the following statements correctly describe logs?
Logs help identify vulnerabilities and potential security breaches. A business might log errors that occurred as a result of high network traffic.
Which domain involves conducting investigations and implementing preventive measures?
Security operations
A key aspect of the CIA triad is ensuring that only _____ can access specific assets.
authorized users
To request information from a _____, security professionals can use SQL.
database
Some of the most dangerous threat actors are _____ because they often know where to find sensitive information, can access it, and may have malicious intent.
disgruntled employees
Which domain involves securing digital and physical assets, as well as managing the storage, maintenance, retention, and destruction of data?
Asset security
You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on confidentiality, integrity, and what else?
Availability
Which of the following are core components of security frameworks? Select two answers.
Implementing security processes and
Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?
Security architecture and engineering
A security professional is auditing user permissions at their organization in order to ensure employees have the correct access levels. Which domain does this scenario describe?
Security assessment and testing
Which of the following threats are examples of malware? Select two answers. Worms Viruses Bugs Error messages
Virus and Worms
Which of the following statements accurately describe the NIST CSF? Select all that apply.
-Its purpose is to help manage cybersecurity risk. -It consists of standards, guidelines, and best practices. -Security teams use it as a baseline to manage risk.
What are some key benefits of programming languages? 3 apply.
Complete repetitive tasks with a high degree of efficiency Can be used to create a specific set of instructions for a computer to execute tasks Execute repetitive processes very accurately
Which of the following tasks are part of the security and risk management domain? Select all that apply.
Compliance Defining security goals and objectives Business continuity
Which of the following tasks may be part of the security assessment and testing domain? Select all that apply.
Conducting security audits Auditing user permissions Collecting and analyzing data
Which of the following threats are most likely to occur in the event of a phishing attack? Select all that apply.
Employees inadvertently revealing sensitive data Malicious software being deployed
A security professional conducts internal training to teach their coworkers how to identify a social engineering attack. What types of security issues are they trying to avoid? Select all that apply.
Employees inadvertently revealing sensitive data Phishing attacks Malicious software being deployed
What are some key benefits of using Python to perform security tasks? 3 apply.
It simplifies repetitive tasks. It helps security professionals be more accurate. It is designed for high levels of accuracy.
Which of the following tasks may be part of the identity and access management domain? Select three answers.
Managing and controlling physical and logical assets Ensuring users follow established policies Setting up an employee's access keycard
Which of the following tasks can be performed using SIEM tools? Select three answers.
Monitoring critical activities Analyzing filtered events and patterns Saving time by reducing the amount of data to be reviewed
Question 6 Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?
Security architecture and engineering
A security professional has been tasked with implementing strict password policies on workstations to reduce the risk of password theft. This is an example of _____.
Security control
A security professional overhears two employees discussing an exciting new product that has not been announced to the public. The security professional chooses to follow company guidelines with regards to confidentiality and does not share the information about the new product with friends. Which concept does this scenario describe?
Security ethics
A cybersecurity analyst needs to collect data from multiple places to analyze filtered events and patterns. What type of tool should they use?
Security information and event management (SIEM)
Social engineering is a manipulation technique that exploits _____ error to gain access to private information.
human
Which domain involves keeping data secure by ensuring users follow established policies to control and manage physical assets?
identity and access management
Social engineering is a _____ that exploits human error to gain private information, access, or valuables.
manipulation technique
The ethical principle of _____ involves safeguarding a company database that contains sensitive information about employees.
privacy protection
A security professional is researching compliance and the law in order to define security goals. Which domain does this scenario describe?
security and risk management
. Which domain involves conducting investigations and implementing preventive measures?
security operations