Cybersecurity Quiz

A cybersecurity exploit allows a hacker or intruder to

remotely access a network, gain privileges, and make unauthorized changes.

A university's network was severely compromised by a systemwide attack that made accessing records impossible. All files were encrypted and the tech team didn't have the key. Administrators received what was essentially a ransom note: the network would be restored after they paid a million dollars to an unknown actor. Which factors most strongly influenced university administrators' decision whether or not to comply? More than one answer may be correct.

Whether the university's tech support team could decrypt the files themselves. Whether law enforcement could be identified and force the bad actor to decrypt the files.

Why is establishing authentication procedures a common cybersecurity goal?

Verifying that users are authorized to access systems, data, and resources is fundamental to preventing their unauthorized use.

Who is responsible for calculating probable maximum loss?

a company's cybersecurity analysts

Software-based keyloggers often infect a system through

a malicious email or link opened by an unsuspecting user.

Which of the following is a goal of confidentiality as defined by the CIA triad?

making sure the right people have access to secure information

Spyware's basic function is to

capture the user's account data, passwords, keystrokes, and more.

In addition to planning, analysis, and mitigation, select the remaining two categories of the respond (RS) function of the NIST Cybersecurity Framework from the list below.

communication improvements to cybersecurity response plans

What is the "DE" function in the National Institute of Standards Technology (NIST) Cybersecurity Framework?

detect function

Which of the following are reasons why states are making cybersecurity measures a high priority? More than one answer may be correct.

the acceleration of new technologies the proliferation of cyber threats to data and technology

The term virus is a useful way to identify this malware for which of the following reasons? More than one answer may be correct.

Both biological and computer viruses have the ability to reproduce themselves. A virus needs a host body or computer system to do its work.

Which of the following statements describe Internet robots, or bots? More than one answer may be correct.

Bots are used for both legitimate and malicious purposes. Malicious bots can compromise a user's control of the computer. "Good bots" have useful functions and do not pose security risks.

All data in transit is by nature protected from malicious attacks since it is in motion and not stable.

FALSE

A man-in-the-mobile and a man-in-the-middle attack have what similar qualities? More than one answer may be correct.

Harvesting personal information is the goal of each cyber intrusion. The user may not know the malware has infected the device.

Currently, one of the biggest vector opportunities for cybercriminals is MitMo.

TRUE

The Stored Communications Act prohibits which activity?

accessing the communications of an organization without authorization

Which of the following would be prohibited under the Electronic Communications Protection Act?

an employee leaking confidential emails they were not authorized to receive

Which of the following names a type of cybersecurity threat? More than one answer may be correct.

an event or act that may lead to asset loss a condition that may lead to asset loss a harmful result or consequence of asset loss

What is a cybersecurity threat?

an event or condition that can lead to IT asset loss and the negative consequences of such loss

What are the three categories of the detect (DE) function of the NIST Cybersecurity Framework?

analysis, observation, detection

Which of the NIST Cybersecurity Framework functions investigates an organization's cybersecurity management in the context of their business needs and resources?

identify (ID) function

Describe the purpose of a cybersecurity risk analysis. More than one answer may be correct.

identify a company's assets calculate potential loss due to security threats determine how to respond to a potential loss

Cybersecurity threat mitigation is best defined as the policies, procedures, and tools that help an organization

identify cybersecurity threats, prevent them from being realized, and minimize damage from them.

One surveillance technology that relies on how the user enters data is a

keylogger.

Adrian and Frank began the online process of applying for a short-term loan for their business. They created an account with a username and password, looked over the privacy statement, reviewed the security policy, and accepted the terms of use. After logging on, however, they became increasingly uncomfortable answering so many detailed questions about income, employment, and more. What specific risk might they have remembered from studying cybersecurity?

man-in-the-middle (MitM)

Where are data in transit found?

on a cellular network

From the following list, select all the primary components of cybersecurity threat mitigation.

policies and procedures for threat prevention tools and procedures for threat identification policies, tools, and strategies for threat "curing" or minimization

What part of the plan-protect-respond cycle is occurring when an organization limits access to sensitive documents on a server to only those with the required security clearance?

protect

Which NIST Cybersecurity Framework function involves correcting an organization's cybersecurity plans due to a cybersecurity event?

recover (RC) function

Which function of the NIST Cybersecurity Framework calls for an organization to implement plans for resilience?

recover (RC) function

Which of the following must remain confidential to achieve cybersecurity goals? More than one answer may be correct.

the logins and passwords of authorized users private or sensitive data and information the specifications of the organization's IT systems

What does the General Data Protection Regulation (GDPR) strive to achieve?

to ensure EU companies protect the privacy and personal data of EU citizens

Why is a denial-of-service attack (DoS attack) a threat to data availability?

By flooding a system with incoming messages, a DoS attack forces the system to shut down, rendering it inaccessible to the users who legitimately have access to it.

Who is protected by California's SB-327 for IoT Security and who is accountable for ensuring the guidelines are met?

California's SB-327 for IoT Security helps to protect consumers; the responsibility lies with makers of devices that connect with the Internet.

From the following list, select all of the ways in which cybersecurity helps preserve the integrity of data, information, and systems.

Cybersecurity policies and procedures are designed to protect the consistency, accuracy, and dependability of these assets. Cybersecurity tools such as user-access controls, file permission, and version controls help prevent unauthorized changes. Cybersecurity systems are designed to detect unauthorized or unanticipated changes to data that suggest a loss of integrity.

Which type of cybersecurity breach makes a computer, network, or online service malfunction or become unavailable to users?

DDOS attacks

How does the cybersecurity goal of preserving data integrity relate to the goal of authenticating users?

Data integrity is more easily preserved if users must be authorized to access data and make changes.

Determine which of the following is an example of data that has integrity.

Data that are used to set sales goals for account executives are stored on a secure server; managers are allowed read-only access to the sales data for the reps they directly manage.

Which of the following is considered a cybersecurity threat to data at rest? More than one answer may be correct.

Data will be altered by unauthorized users. Data will be viewed by unauthorized users.

Although bothersome, seeing multiple ads for products you have searched is never considered an invasion of privacy.

FALSE

California's SB-327 for IoT requires companies to anonymize collected data to protect consumer privacy.

FALSE

Which statement accurately describes the need to keep sensitive data, information, and systems confidential?

It is both a major goal and a requirement for cybersecurity.

Which of the following statements describes a keylogger most accurately?

It is surveillance malware that captures confidential information through keyboard input.

Which of the following statements best illustrates why a rootkit is described as creating a back door?

Like an intruder coming through a back door, a rootkit allows an unknown user into an operating system.

Why are probable loss calculations important?

Organizations have limited funds to use toward system protections.

A ransomware attack involves a multi-step process of file encryption, making demands of the target, untraceable payment, and possible file decryption.

TRUE

According to the National Institute of Standards Technology (NIST), the RS function of the framework includes communications with internal and external stakeholders.

TRUE

Cybersecurity vulnerabilities can be intentionally exploited or accidentally allowed to compromise system security.

TRUE

Explain the purpose of the National Institute of Standards Technology (NIST) Cybersecurity Framework.

The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks.

Why is it important to preserve the integrity of data, information, and systems?

These assets lose their usefulness and value if their consistency, accuracy, or dependability is compromised.

What do all cybersecurity threats have in common?

They are connected to the loss of information, software, or hardware.

Which of the following is an example of data in process? More than one answer may be correct.

a username that has been submitted for authentication a password that has been submitted for authentication credit card information used to pay for an order placed on Amazon

"Cybersecurity threat mitigation" includes all of the policies, procedures, and tools that help organizations

anticipate and counter threats from security vulnerabilities or incidents and reduce their impact.

Social engineering is used to target people whom

are not cautious about giving out confidential or sensitive information.

Which of the elements of the CIA triad does properly maintaining all hardware serve?

availability

Malicious bots are cybersecurity risks because they

can reproduce and link to an outside server.

Which of the following are areas covered by state-specific cybersecurity laws? More than one answer may be correct.

increasing cybersecurity at the state and local level addressing security needs of mobile devices protecting critical infrastructure from cyber threats

If an organization's automated backup system is vulnerable to data loss or corruption, its cybersecurity vulnerability is a weakness or flaw in its

software.

As of 2020, all legislation that has been passed to protect elections from cybersecurity threats are part of

state-specific cybersecurity laws.

In which situation should the origin of information be authenticated to protect data integrity?

when electronic votes are submitted during an election

Ransomware is typically introduced into a network by a ________ and to an individual computer by a Trojan horse.

worm