Cybersecurity Practice Warm-up
Which of the following is an example of data in transit? More than one answer may be correct.
A person transfers documents between their laptop and mobile device and a text message is stored on a user's mobile device.
The deactivation of access to corporate systems and documents after an employee leaves a company is an example of which tool that ensures confidentiality? More than one answer may be correct.
Access control
Social engineering is used to target people whom
Are not cautious about giving out confidential or sensitive information.
Which of the elements of the CIA triad does properly maintaining all hardware serve?
Availability
Why is a denial-of-service attack (DoS attack) a threat to data availability?
By flooding a system with incoming messages, a DoS attack forces the system to shut down, rendering it inaccessible to the users who legitimately have access to it.
Determine which of the following is an example of data that has integrity.
Data that are used to set sales goals for account executives are stored on a secure server; managers are allowed read-only access to the sales data for the reps they directly manage.
Which of the following is an example of a task that might be completed during the planning stage of the plan-protect-respond cycle? More than one answer may be correct.
Determine security weaknesses and determine existing vulnerabilities by having an employee attempt to hack into a system.
In cybersecurity, the term "integrity" refers to safety of IT assets, such that data maintains its integrity so long as it is not stolen, deleted, or lost.
False, in cybersecurity, data's "integrity" is its consistency, accuracy, or dependability, not its safety.
How are data in process different from data at rest or data in storage?
It is held in the device's RAM until it can be processed by the CPU or GPU.
A corporation that was recently the victim of hacking that was caused by a high-level employee falling for a phishing scheme institutes a required, annual, self-paced training module that alerts employees to the most common recent phishing attacks. The institution of this new training requirement represents which phase of the plan-protect-respond cycle?
Respond
Hacking into an organization's email servers is a crime that can be prosecuted under the Stored Communications Act.
True, the Stored Communications Act prohibits the intentional unauthorized access of an organization's electronic communication services, including email.
Currently, one of the biggest vector opportunities for cybercriminals is MitMo.
True, worldwide use mobile devices has opened up a huge opportunity for cybercriminals.
Why is establishing authentication procedures a common cybersecurity goal?
Verifying that users are authorized to access systems, data, and resources is fundamental to preventing their unauthorized use.
Data at rest or storage can be found in which of the following places? More than one answer may be correct.
a database in a datacenter, on a memory card, and within the computer's RAM
Conrad was disturbed to find evidence of applications he did not download, system configurations unexpectedly altered, and files mysteriously that disappeared and moved. Which cybersecurity threat best explains the problems he was having?
a rootkit
Describe steps in cybersecurity risk analysis. More than one answer may be correct.
assign value to assets, estimate potential losses, and estimate the likelihood of occurrence of threats
Cybersecurity threat mitigation is best defined as the policies, procedures, and tools that help an organization
identify cybersecurity threats, prevent them from being realized, and minimize damage from them.
Ransomware basically holds a target hostage because it
makes the target's own data inaccessible.
Which function of the NIST Cybersecurity Framework calls for an organization to implement plans for resilience?
recover (RC) function
A cybersecurity exploit allows a hacker or intruder to
remotely access a network, gain privileges, and make unauthorized changes.
What is the meaning of the term "social engineering" in the area of cybersecurity?
the act of manipulating or tricking people into sharing confidential, personal information
What does the General Data Protection Regulation (GDPR) strive to achieve?
to ensure EU companies protect the privacy and personal data of EU citizens
According to the identify (ID) function of the NIST Cybersecurity Framework, what allows an organization to prioritize its efforts where cybersecurity risk is involved?
understanding of its business environment and resources
From the following list, select all the examples of different cybersecurity breaches.
viruses, spyware, impersonation, and security patches
The NIST Cybersecurity Framework is a
voluntary guide for organizations.
