Intro to Cyber Ops

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which of the following is an example of failing to maintain confidentiality?

An unauthorized process or program accesses a data item

In the context of access control, a subject proves their asserted identity by providing something they know, something they possess, or something they are. What is this called?

Authentication

In the context of access control, once a subject is authenticated, they are then provided a certain level of access to certain objects. What is this called?

Authorization

An email to one of the sales team members was intercepted and successfully read by an attacker, it was a failure of which of the following?

Confidentiality

Which of the following best describe possible motives for a cyber attack?

Crime Hacktivism Cyber Espionage

Controls can be applied to which of the following?

Data, programs, systems, and physical devices Communications links

A company has implemented two-factor authentication using Biometrics. This is a fool proof authentication method.

False

A distributed denial of service (DDoS) attack is an attack against confidentiality.

False

An attack that saps computer resources thus denying their use for legitimate purposes is an example of a failure of Integrity.

False

As Chief Executive Officer of a Fortune 1000 company, you conclude that the value of an asset depends upon the asset's monetary value alone.

False?

Which of the following best describes a non-human threat to a computer system?

Floods, fires, and earthquakes

Which of the following best describes a Nation-State Actor?

Highly-skilled and well-supported hackers who conduct cyber espionage, theft, terrorism, and offensive cyber attacks.

You are creating a Risk Management Plan. When considering the probability of the occurrence of harm (harm is actualized threat), which of of the following could be a type of threat to a computer system?

Human Threats Malicious Threats Non-Malicious Threats

Which of the following best describes a non-malicious threat to a computer system?

Human error

In access control, a subject first makes an assertion to their identity. What is this called?

Identification

Which of the following best describes Identification?

Identification is when a subject claims to be a specific identity

One component of risk is the potential harm, or the amount of damage that can be done to an asset. What is this component called?

Impact

The "I" in the C-I-A triad stands for which of the following?

Integrity

Harm is best characterized by which of the following acts?

Interception & Interruption Modification & Fabrication

An object or service is thought to be available if which of the following are true?

It is present in a usable form. It has enough capacity to meet the service's needs. It is making clear progress, and, if in wait mode, it has a bounded waiting time.

Which of the following best describes a White Hat hacker?

Lawful and authorized hackers who are skilled cyber experts that are hired to conduct vulnerability assessments, security audits, and/or penetration tests to determine the security posture of an organization.

One component of risk deals with the probability of a threat causing harm to an asset. Select this component of risk from the list below.

Likelihood

Which of the following best describes a Script Kiddie?

Low-skilled hacker who typically uses automated tools designed by others.

Which of the following is needed by a threat to successfully carry out an attack?

Method Motive Opportunity

The three primary aspects of Integrity are best described by which of the following?

Only authorized actions Separation and protection of resources Error detection and correction

In authentication, which of the following best describes "something the user knows"?

Password

As a consultant, you support the systems and networks for several small businesses. From the list below, which activities could result in a vulnerability?

Poor Design Improper Implementation Improper Configuration

The risk that remains after mitigating risk with controls is called what?

Residual Risk

Which of the following best describes a category of an attacker?

Script kiddies and black hats

Which of the following best describes a method a threat would use to execute a cyber attack?

Social Engineering Client-side Attacks Network Attacks

All systems and networks have vulnerabilities. The entire set of a system or network's vulnerabilities is called:

The attack surface

A control is an action, device, procedure, or technique that removes or reduces a vulnerability.

True

A threat is a set of circumstances that, if realized, could result in harm.

True

A vulnerability is a weakness that is subject to being exploited.

True

An attacker must have a motive or reason to want to conduct an attack.

True

Authentication is the process of proving an identity and it occurs when subjects provide the appropriate credentials to prove their identity.

True

Confidentiality is the protection of information from unauthorized access.

True

Every password can be guessed; password strength is determined by the number of guesses required.

True

Human threats can be either malicious or non-malicious

True

Humans that exploit a vulnerability execute an attack on a victim.

True

In Access Control, a person, process, or program is (or is not) authorized to access a data item in a particular way.

True

Integrity is maintained when the information remains unchanged during storage, transmission, and usage.

True

Method refers to the skills, knowledge, tools, and other things with which to perpetrate the attack.

True

Opportunity is defined as the time and access an attacker would need to execute an attack.

True

The "A" in the C-I-A triad states that objects and services should be available when authorized users need to access them

True

The C-I-A triad represent the most critical properties of information/cyber security.

True

The vulnerability-threat-control paradigm states that "A threat is blocked by the control of a vulnerability."

True

Your new role as the Chief Information Security Officer involves protection of the items valued by the company. These protected items are called assets.

True


Set pelajaran terkait

CH 26 Saving, Investment and the Financial System

View Set

Ch. 04 Group 1 - Chapter 04: Section 4.1-4.4

View Set

Psychology Chapter 3: Khan Academy Questions

View Set