BIS 3233 Cybersecurity Study Questions With Accurate Answers 2023
The goal of the NIST Cybersecurity Framework Protect (PR) function is to ______.
help protect an organization's IT infrastructure from security breaches by offering guidelines on IT infrastructure protection
A computer virus is______.
malware that, when executed, adversely affects performance or damages programs
Adrian and Frank began the online process of applying for a short-term loan for their business. They created an account with a username and password, looked over the privacy statement, reviewed the security policy, and accepted the terms of use. After logging on, however, they became increasingly uncomfortable answering so many detailed questions about income, employment, and more. What specific risk might they have remembered from studying cybersecurity?
man-in-the-middle (MitM)
The purpose of spyware is to ______.
capture the user's account data, passwords, key strokes, and more
A Trojan horse succeeds through
deceptive access
Ransomware basically holds a target hostage because it ___ .
encrypts the victim's data
In cybersecurity risk analysis, PML (probable maximum loss) is used to
help determine spending needed to adequately secure an organization's IT infrastructure.
Who performs probable maximum loss calculations?
A company's cybersecurity analysts
What is the correct definition of a cybersecurity exploit?
A tool or technique for taking advantage of a cybersecurity vulnerability to break into a system and cause harm.
Which function of the NIST Cybersecurity Framework involves an organization gaining deeper understanding of cybersecurity management in the context of their business needs and resources?
Identify (ID) function
How does a cybersecurity exploit threaten the safety of a system?
It is a tool or technique for taking advantage of a system vulnerability to cause harm.
Which of these threats to cybersecurity can only come from an external source?
Ransomware
What is the National Institute of Standards Technology (NIST) Cybersecurity Framework?
The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks
Accessing the communications of an organization without authorization was made a criminal violation by which federal cybersecurity law?
The Stored Communications Act
How does spyware potentially harm the individual user?
This malware steals confidential information from the user.
What is a cybersecurity threat?
an event or condition that can lead to IT asset loss and the negative consequences of such loss
In addition to planning, analysis, and mitigation, select the remaining two categories of the respond (RS) function of the NIST Cybersecurity Framework from the list below.
communication improvements to cybersecurity response plans
In the context of California's SB-327 for IoT Security, an "Internet-connected device" ________. More than one answer may be correct.
connects to the Internet has a Bluetooth address has an Internet Protocol (IP) address
The essential function of malicious bots is to ______.
control an individual computer by self-replicating and connecting to a central server
A Trojan horse achieves its purposes through ______.
deceptive access
One surveillance technology that relies on how the user enters data is a
keylogger
Ransomware basically holds a target hostage because it
makes the target's own data inaccessible.
From the following list, select all the primary components of cybersecurity threat mitigation.
policies and procedures for threat prevention tools and procedures for threat identification policies, tools, and strategies for threat "curing" or minimization
Adware specifically functions to ______.
present advertisements to users based on their browsing behaviors
What part of the plan-protect-respond cycle is occurring when an organization limits access to sensitive documents on a server to only those with the required security clearance?
protect
What is the key action called for in the detect (DE) function of the NIST Cybersecurity Framework?
quick identification of a cybersecurity threat
Malware that encrypts the victims data files and then demands that a payment is made to the hacker is called ___
ransomware
Which threat to cybersecurity can only come from outside an organization?
ransomware
Which NIST Cybersecurity Framework function involves correcting an organization's cybersecurity plans due to a cybersecurity event?
recover (RC) function
A keylogger can be accurately described as ______.
technology that captures keyboard input on several types of devices to glean confidential information
Which type of cybersecurity breach can cause the most damage to an organization's systems, data, and information?
viruses
A benign Internet robot that gathers data is called a(n)
web crawler
In which situation should the origin of information be authenticated to protect data integrity?
when electronic votes are submitted during an election
Which of the following statements refer to programs known as spiders, web crawlers, and bots? More than one answer may be correct.
"Good bots" have diverse functions and do not pose security risks. Internet robots are used for both legitimate and malicious purposes. Malicious bots create security risks by compromising a user's control of the computer.
Which of the following is an example of data in transit? More than one answer may be correct.
A person uses an app on their smartphone to pay a bill. A person transfers documents between their laptop and mobile device.
How does a rootkit pose a cybersecurity threat? More than one answer may be correct.
A range of malicious actions is possible because the invader has the same access as the computer's owner or user. Installed on a computer's operating system, a rootkit bypasses security functions.
To get to the bottom of the odd computer problems she was having, Priya listed these symptoms: files mysteriously disappearing, system configurations unexpectedly altered, and two icons showing up for applications she did not download. What malware could have been installed on Priya's computer?
A rootkit
When employers deactivate former employees' username and passwords, they are using which tool that ensures confidentiality? More than one answer may be correct.
Access control Authentication
From the following list, select all the examples of internal threats to cybersecurity.
An attack by an authorized user An accidental erasure of data The leakage of sensitive information
What are the different types of cybersecurity threats? Select all the correct options.
An event or act that could cause the loss of IT assets. The negative consequences or impact of losing IT assets. A condition that could cause the loss of IT assets.
According to the CIA triad, in which of the following examples is an organization ensuring data integrity? More than one answer may be correct.
An organization has a formal policy for alerting the IT department when employees leave the company. A corporation backs up all of its data to a cloud server every night.
What do the three categories of the Detect (DE) function of the NIST Cybersecurity Framework include?
Analysis, observation, detection
Who are the prime targets of MitM attacks? More than one answer may be correct.
Anyone who uses online financial applications Software as a source (SaaS) businesses Anyone who logs in to shop online
Remote employees of a corporation are required to log into their company's virtual private network (VPN) before accessing files on the corporation's shared drive where corporate data are unreadable to unauthorized users. This is an example of which of the following tools that ensure confidentiality? More than one answer may be correct.
Authentication Encryption Access control
Select all options that describe the goals of the Respond (RS) function of the NIST Cybersecurity Framework
Be able to quickly analyze a detected cybersecurity issue Establish procedures that enable action in the event of a cybersecurity incident Be prepared to swiftly mitigate harm caused by a cybersecurity event
The five categories of the Respond (RS) function of the NIST Cybersecurity Framework include planning, analysis, and mitigation. From the list below, select the remaining two categories.
Communication Improvements to cybersecurity response plans
Which of the following statements explain why a computer virus is so named? More than one answer may be correct.
Computer viruses have the ability to reproduce themselves within a system. An invaded computer inadvertently plays host to the malware.
Select all options that describe the goals of the National Institute of Standards Technology (NIST) Cybersecurity Framework.
Create an atmosphere where organizations can effectively discuss cybersecurity risks internally and with those outside of the organization Help organizations develop appropriate policies and procedures to mitigate data breaches Give guidance to organizations who wish to understand potential security breaches
Which of the following is prohibited by the Computer Fraud and Abuse Act? More than one answer may be correct
Cyber blackmail Intentionally destroying a computer
Which type of cybersecurity breach makes a computer, network, or online service malfunction or become unavailable to users?
DDOS attacks
______ are cybersecurity breaches that make a computer or online service unavailable to its users.
DDOS attacks
Which of the following are reasons why states are making cybersecurity measures a high priority? More than one answer may be correct.
Data and technology continue to be at risk from cyber threats. New technologies continue to advance at a rapid rate.
Determine which of the following is an example of data that has integrity.
Data that are used to set sales goals for account executives are stored on a secure server; managers are allowed read-only access to the sales data for the reps they directly manage.
What is the "DE" function in the National Institute of Standards Technology (NIST) Cybersecurity Framework?
Detect function
Which of the following are areas covered by state-specific cybersecurity laws? More than one answer may be correct
Ensuring state and local governments are protected from cybersecurity threats. Protecting elections from cyber threats. Addressing security needs of smart devices.
A man-in-the-mobile and a man-in-the-middle attack have what similar qualities? More than one answer may be correct.
Harvesting personal information is the goal of each cyber intrusion. The user may not know the malware has infected the device.
Which of the following is an example of a task that might be completed during the planning stage of the plan-protect-respond cycle? More than one answer may be correct.
Having an authorized user attempt to hack into the system to determine vulnerabilities. Determine the degree of vulnerability that exists. Determine what security flaws exist.
A digital music streaming company is promoting its service in a new country with a special discount for residents. How can the company use authentication to help prevent people from exploiting or abusing the deal? More than one answer may be correct.
It can verify that the customer lives in the correct country. It can verify that the customer is new to the company or service. It can grant the customer access only to the music included in the deal.
Which of the following surveillance technologies relies on how data are entered into a system?
Keyloggers
Applying for credit or even a mortgage online is a straightforward process. After creating an account with a unique user name and password, a customer reads a privacy statement, reviews the security policy, and accepts the terms of use. Then they proceed to log in and fill out an application, answering detailed questions about household income, employment, and more. What cybersecurity risk is particularly relevant to this process?
Man-in-the-middle (MitM) attack
From the following list, select all types of events and conditions that are considered cybersecurity threats.
Misuse or abuse of IT assets Errors, weaknesses, or defects in IT assets Unintentional, accidental, and incidental events Intentional events Failure of IT assets
Why are probable loss calculations important?
Organizations have limited funds to use toward system protections.
Why is MitMo a growing security risk? More than one answer may be correct.
People use mobile devices in many of the same ways they use computers. Smartphones and other mobile devices are everywhere.
Which of these defining components mitigate cybersecurity threats? Select all the correct options.
Policies, tools, and strategies used to reduce damage from threats. Security tools and oversight used to identify security threats. Policies and procedures used to protect systems and data.
Which function of the National Institute of Standards Technology (NIST) Cybersecurity Framework involves an organization analyzing cybersecurity risk and reducing potential damage to IT infrastructures?
Protect (PR) function
Why is data that is located in the RAM of a device considered data in transit?
RAM only holds data and instructions temporarily; nothing is permanently stored in RAM.
In which function of the NIST Cybersecurity Framework does an organization's cybersecurity team take quick action to mitigate damage to systems?
Respond (RS) function
From the following list, select all types of cybersecurity vulnerabilities.
Security weaknesses in an operating system or application software Weaknesses or flaws in system security control Weaknesses in system security procedures Weaknesses or flaws in a system's security design Weaknesses or flaws in system security implementation
Which of the following browsing situations may reveal that adware is at work? More than one answer may be correct.
Shortly after you buy and download a writing enhancement program, you begin seeing ads for special keyboards, styluses, and other assistive technology. You have been looking for a new winter coat, and three out of five ads popping up on your browser currently show the type of coat you have been considering. In searching the term database management, the first item you see in the results list is an ad for a particular online database.
Which of the following statements accurately describes spyware? More than one answer may be correct.
Spyware captures private information by monitoring how users interact online. Downloading software or documents from unvetted sources is one way spyware can be installed.
For a cybersecurity plan to succeed, which of the following must remain confidential? Select all correct answer options.
The logins and passwords of authorized users The organization's digital or computer systems Private or sensitive data and information
Why is it important to preserve the integrity of data, information, and systems?
These assets lose their usefulness and value if their consistency, accuracy, or dependability is compromised.
Members of a project team at a mid-size company are trained in online safety, and their network is protected by a firewall. But the worst-case scenario has happened: a competitor has obtained protected information, possibly directly from a member's computer. George, the firm's system manager, sees some evidence of a Trojan horse that was engineered to steal passwords. What first steps should he and his security team take to uncover the source? More than one answer may be correct.
They should comb through e-mails with an eye to a message with a clickable link. The security team should examine everyone's activity log, looking for any downloaded files or programs.
What is the goal of the planning phase of the plan-protect-respond cycle?
Understand common threats that an organization may face and determine how vulnerable they are to such threats.
What is the goal of the planning phase of the plan-protect-respond cycle?
Understand the steps needed to design effective information security architecture.
Why is establishing authentication procedures a common cybersecurity goal?
Verifying that users are authorized to access systems, data, and resources is fundamental to preventing their unauthorized use.
Which of the following are considered cybersecurity breaches? More than one option may be correct.
Viruses Impersonation Distributed Denial of Service (DDOS) Spyware
Conrad was disturbed to find evidence of applications he did not download, system configurations unexpectedly altered, and files mysteriously that disappeared and moved. Which cybersecurity threat best explains the problems he was having?
a rootkit
Which of the following threats to cybersecurity come from internal sources? More than one answer may be correct.
an accidental erasure of data an attack by an authorized user the leakage of sensitive information
Which of the following is an example of an activity that would be useful during the planning stage of the plan-protect-respond cycle?
attempting to exploit flaws from the outside, simulating attacks that a hacker would try
Most organizations require employees to login in to view files that are posted to a shared drive, allowing different access to the files based on employee position within the organization and preventing unauthorized employees or other people from accessing all files. This is an example of which of the following tools that ensure confidentiality? More than one answer may be correct.
authentication encryption access control
The main characteristics that define cybersecurity threats are ______.
events that can lead to IT asset loss, conditions that can lead to IT asset loss, and the consequences of such loss
Which of these online functions are most susceptible to MitM attacks? More than one answer may be correct.
financial applications e-commerce
The term "cybersecurity threat mitigation" refers to all of the policies, procedures, and tools used to ______.
guard against threats such as security incidents, data breaches, and unauthorized network access, and reduce any harm they cause
In cybersecurity, the probable maximum loss (PML) is used to______.
help determine spending needed to adequately secure an organization's IT infrastructure
What does the General Data Protection Regulation (GDPR) regulate?
how companies protect personal data
Which of the NIST Cybersecurity Framework functions investigates an organization's cybersecurity management in the context of their business needs and resources?
identify (ID) function
Describe the purpose of a cybersecurity risk analysis. More than one answer may be correct.
identify a company's assets calculate potential loss due to security threats determine how to respond to a potential loss
The need to keep sensitive data, information, and systems confidential ______.
is both a major goal and a requirement for cybersecurity
The cybersecurity risks known as Man-in-the-mobile (MitMo) are realized when ______.
malware infects smartphones and other mobile devices
Which of the following acts is an example of social engineering?
manipulating people in order to obtain and misuse their personal information
What does the identify (ID) function of the NIST Cybersecurity Framework focus on?
organizational understanding of how to manage cybersecurity risks
Which of the following is a goal of an information technology disaster recovery plan (IT DRP)?
outline specific recovery times for information technology to resume after an issue occurs
For which type of cybersecurity vulnerability do organizations maintain and share databases of known problems?
security weaknesses in operating systems or application software
Which of the following must remain confidential to achieve cybersecurity goals? More than one answer may be correct.
the logins and passwords of authorized users private or sensitive data and information the specifications of the organization's IT systems
A cybersecurity exploit is ______.
the means by which a hacker capitalizes on a cybersecurity vulnerability to gain access to and harm a system
What does the General Data Protection Regulation (GDPR) strive to achieve?
to ensure EU companies protect the privacy and personal data of EU citizens
The Identify (ID) function of the NIST Cybersecurity Framework focuses on organizational______.
understanding of how to manage cybersecurity risks
Ransomware is typically introduced into a network by a ________ and to an individual computer by a Trojan horse.
worm