Cybersecurity BCOR
Recently, TechJury compiled a list of cybersecurity statistics that show the impact of different malware and network attacks. What percentage of cyberattacks are aimed at small businesses?
43 percent
According to the CIA triad, in which of the following examples is an organization ensuring data integrity? More than one answer may be correct
A corporation backs up all of its data to a cloud server every night An organization has a formal policy for alerting the IT department when employees leave the company
Explain how the trojan "EventBot" works. More than one answer may be correct.
Aimed at Android devices Steals financial information Reads and intercepts SMS messages
Which of the following threats to cybersecurity come from internal sources?
An accidental erasure of data An attack by an authorized user The leakage of sensitive information
n a DDoS attack, network computers that have been infected by a virus from more than one source computer act as zombies and work together to send out illegitimate messages creating huge volumes of network traffic. The acronym DDoS stands for
Distributed Denial of Service
From the following list, select all the possible warning signs of social engineering attacks
Emails or texts containing links to more info or a free download Emails or web pages that request personal information in exchange for a free offer Strange emails from known, trusted personal contacts or organizations
Describe the goals of the respond (RS) function of the NIST Cybersecurity Framework. More than one answer may be correct.
Establish procedures that enable action in the event of a cybersecurity incident Be able to quickly analyze a detected cybersecurity issue Be prepared to swiftly mitigate harm caused by a cybersecurity event
A man-in-the-mobile and a man-in-the-middle attack have what similar qualities? More than one answer may be correct.
Harvesting personal information is the goal of each cyber intrusion The user may not know the malware has infected the device
How does a Network Address Translation (NAT) type of firewall work?
It hides internal IP addresses
Describe trojan malware.
It is often found attached to free downloads and apps It is often used to find passwords, destroy data, or to bypass firewalls It is like a virus but does not replicate itself
Which of the following statements describes a keylogger most accurately?
It is surveillance malware that captures confidential information through keyboard input
Which of these statements about packet sniffers are true? More than one answer may be correct.
Legitimate sniffers are used for routine examination and problem detection Unauthorized sniffers are used to steal information
Man-in-the-mobile (MitMo) occurs when
Malware infects smartphones and other mobile devices
From the following list, select all the primary components of cybersecurity threat mitigation.
Policies and procedures for threat prevention Tools for threat identification Policies, tools, and strategies for threat "curing" or minimization
Which of the National Institute of Standards Technology (NIST) Cybersecurity Framework functions entails an analysis of cybersecurity risk and reduction of potential damage to IT infrastructures?
Protect (PR) function
Explain the purpose of the National Institute of Standards Technology (NIST) Cybersecurity Framework.
The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks
Which of the following statements explains why a rootkit poses a cybersecurity threat? More than one answer may be correct.
The invader has the same access as the host, the comp's owner or user A rootkit bypasses security functions because it is installed on the operating system
How does spyware potentially harm the individual user?
This malware steals confidential information from the user
What is the purpose of social engineering in conjunction with ransomware?
Tricks victims into allowing access to data
What does the General Data Protection Regulation (GDPR) regulate?
how companies protect personal data
An email that appears to be from a legitimate company is most likely to be a social engineering cybersecurity attack if
it contains a link to a free offer that seems too good to be true
The security firewall serving Vantage's email program catches an impressive number of both irrelevant and illegitimate messages, to the point where employees usually do not even see them. Occasionally, however, an unsolicited message will catch managing partner Carl's eye. Because one new message looks to come from a potential new client, he's interested but careful, aware that the boutique consulting firm has a very targeted marketing system and clients usually do not appear out of thin air. What type of security concern is causing Carl's suspicion?
phishing
From the following list, select the techniques and tools that are used by both white-hat hackers and illegitimate hackers.
rootkits social engineering back door programs
According to the identify (ID) function of the NIST Cybersecurity Framework, what allows an organization to prioritize its efforts where cybersecurity risk is involved?
understanding of its business environment and resources
Ransomware is typically introduced into a network by a ________ and to an individual computer by a Trojan horse.
worm
Which of the following would be included in a risk assessment executive summary that was prepared to help executives make informed decisions about security? More than one answer may be correct.
If a cyberattack were able to breach our security, the medical information and social security numbers of all the patients would be available. Because our organization has multiple government contracts, we need to worry about threats from other countries' governments who seek to fain sensitive information regarding the U.S government All employees are required to go through biannual cybersecurity training. Additional training is required when new threats that could affect our organization become known.
From the following list, select all of the ways in which cybersecurity helps preserve the integrity of data, information, and systems.
Cybersecurity policies and procedures are designed to protect the consistency, accuracy, and dependability of these assets Cybersecurity systems are designed to detect unauthorized or unanticipated changes to data that suggest a loss of integrity Cybersecurity tools such as user-access controls, file permission, and version controls help prevent unauthorized changes
Why are probable loss calculations important?
Organizations have limited funds to use toward system protections.
A university's network was severely compromised by a systemwide attack that made accessing records impossible. All files were encrypted and the tech team didn't have the key. Administrators received what was essentially a ransom note: the network would be restored after they paid a million dollars to an unknown actor. Which factors most strongly influenced university administrators' decision whether or not to comply? More than one answer may be correct.
Whether the university's tech support team could decrypt the files themselves Whether law enforcement could be identified and force the bad actor to decrypt the files
