Cybersecurity Midterm
A firewall is an example of a security control providing:
Access Control
Which term refers to an individual, group, organization, or government that conducts or has the intent to conduct detrimental activities?
Adversary
Which two factors contributed to the lack of security controls built into the predecessor to the Internet, Arpanet?
Arpanet's scientists and researchers were motivated by simply making the system work. AND Arpanet was a research project with the goal of sharing information among a relatively small number of computers.
Which term refers to an attempt that exploits a weakness and compromises system integrity, availability, or confidentiality?
Attack
Which statement explains one of the challenges of cyberwarfare?
Attribution is difficult due to the ability to hide and change locations, and mask identities.
Requiring a password to log onto a system is a form of:
Authentification
Ransomware attacks such as WannaCry that lock files until a ransom is paid compromises:
Availability
Victims of WannaCry ransomware were either locked out of their computers or unable to access their files. Which principle(s) of information security were violated in this attack?
Availability
What is the term used to describe ensuring that authorized parties are able to access the information when it is needed?
Availability
Which statement describes why information assets must be identified for cybersecurity purposes?
Because you cannot protect what you have not identified
Inappropriate file access to, or disclosure of, protectively marked information, whether by an adversary or accidentally, is a loss of:
Confidentiality
The process of granting access to information technology (IT) system resources (including files) only to authorized users is a primary control for:
Confidentiality
Using cryptographic hashes (especially for passwords) can be used as a control for:
Confidentiality
User error resulting in the access to, modification of, and disclosure confidential information assets represents a loss of:
Confidentiality and Integrity
Which two items are benefits of IoT devices?
Convenience and saving time through automation AND Connectivity provides easier access to information
Which statement describes one of the lessons learned from the Mirai Botnet?
Convenience and usability of many IoT devices is a tradeoff for privacy and security.
How does the actual location of a data center impact access and control of the information stored in it
Data protection laws can extend beyond national borders. AND Government policies on cyber sovereignty affect the rules governing the free flow of information and access to content.
___ensures you have rights over your own health information, no matter what form it is in. The government also created a Security Rule to require specific protections to safeguard your electronic health information.
HIPAA
A student is unsure of whether a game executable file is safe to download from a website. Which security measure, if available on the website, would verify that the downloaded file is legitimate?
Hash-based verification
What security controls ensure confidentiality?
Identification, authentication, and authorization
The comparison of cryptographic file hashes can be used as a control for:
Integrity
Due to a hacking attempt of the school's data management system, the IT Director disables access to the gradebook from outside of the school building. Which principle(s) of information security have been impacted by this decision?
Loss of Availability (?)
A business traveler uses a computer in a hotel business center to access a personal email account. A hidden keylogger (malware) is installed on the computer. Later in the evening the business traveler attempts to again access the personal email account and realizes she is locked out of her account. Which principle(s) of the CIA Triad have been violated?
Loss of confidentiality and availability
A bank ATM requires the use of a bank card and a PIN to conduct a transaction. If a bank card is lost or stolen, what additional security measures ensure prevention and detection?
PIN changes require identification and authentication. AND Multiple failed PIN attempts can block the card.
What essential steps are needed to assure confidentiality of data?
Response mechanisms Prevention Detection (All of the choices)
The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and the additional safeguards that mitigate this impact is known as:
Risk Assesment
Select two true statements about the Stuxnet attack?
Stuxnet was the first cyberattack known to cause physical damage to a system. AND Stuxnet was able to attack a system that was not connected to the Internet.
Which statement describes the relationship between the Internet, the Web, and Cyberspace?
The Internet refers to the network of networks, the Web refers to content accessed by a browser, and Cyberspace encompasses the information environment.
What two factors have influenced the rapid adoption of IoT devices and thus increased the attack surface? Select two answers.
The convenience of IoT devices AND The open architecture of the Internet
A complex system has multiple components in it. System security is a characteristic of a system that has:
The interactions of the components are secure Each system component individually secured Software and hardware that is secure (All of the choices)
A programmer discovers that Personally Identifiable Information (PII) is collected from his application and is being shared with a third-party vendor in violation of the terms of use of the software. What ethical obligation does the programmer have in this case?
The programmer has an obligation to respect privacy. Personal information gathered for a specific purpose should not be used for other purposes without the person's consent.
Fire, flood, or an adverse weather event impacting the security of information assets is known as a:
Threat
Nation-state sponsored espionage activity is an example
Threat
Which term refers to a circumstance or event with the potential to have an adverse effect on organizational operations?
Threat
Which statement describes the purpose of a data classification system for cybersecurity?
To identify information assets and protect them from a loss of confidentiality, integrity and availability
A software bug that can cause a buffer overflow in a computer program resulting in a loss of confidentiality, integrity, or availability is known as a:
Vulnerability
Human error resulting in a loss of confidentiality, integrity, or availability to an information resource is known as a:
Vulnerability
Which term refers to a weakness in an information system, system security procedures, internal controls, or implementation?
Vulnerability
