Intro to Cybersecurity Midterm 1
Continuity of operations
A business manager is documenting a set of steps for processing orders if the primary internet connection fails which of these would best describe
A usb data blocker
A sec admin is concerned about data exfil resulting in malicious phone charging stations. The best protection is
Vulnerability
Adam is evaluating the security of a web server before it goes live. He believes that na issue in the code allows a cross-site scripting attack against the server. What term describes the issues Adam discovered?
Alice Private Key
Alice would like to send a message to bob using a digital signature. What cryptographic key does alice use to create the digital signature?
5%
Aziz is responsible for the administration of tan e-commerce website that generates 100k per day in revenue for his firm. The website uses a DB that contains sensitive information about the firms customers. He expects that a compromise of the DB would result in 500k of fines. What is the ARO of this attack?
GLBA
Bob is the IS and compliance manager for a financial institution. Which regulation is most likely to directly apply to Bob's employer?
Procedure
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing this update is MANDATORY Which type of document is Chris writing?
Mike's Public Key
David would like to send mike a message using an asymmetric encryption algorithm. What key should he use to encrypt the message?
Create an OS security policy to prevent the use of removalbe media
Elizabeth, a security admin, is concerned about the potential for data exfiltration using external storage drive. Which of the following would be the Best way to prevent this method of data exfiltration?
Recovery time persepctive
Hajar is developing a business impact assessment for her organization. She is working with business unites to determine the target state of recovered data that allows the organization to continue normal processing after a major interruption. Which of the following is Hajar determining?
Data Processor
Helen's organization maitans medical records on behalf of its customers, who are individual physicians. What term best describes the role of Helens organization?
ISO 27002
Juan comes across documentation form his organization related to several IS initiatives using different standards as their reference. Which ISO standard provides current guidance on IS?
PaaS
Keisha is a network admin. She wants a cloud based service that will allow her to load operating system on a vm and manage them as if they were local server. What is keisha looking for?
Credit Cards
Maya is creating a computing infrastructure compliant with PCI DSS. What type of information is she most likely trying to protect?
Confidentiality
Nolan is writing an AAR on a security breach that took place in his organization. The attackers stole thousands of customer records from the organization's database. What cybersecurity principle was most affected?
Transfer
Purchasing an insurance Policy is an example of a _____
YEAH, DO IT!!
READ THE KEY SERVICE GRAPH
Integrity
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If that is correct which of the CIA triad does it affect?
Password lockout
Recent audit has found that existing password policies do not include any restrictions on password attempts. Which of the following would correct this
Audit
The board of directors of Kate's company recently hired an independent firm to review the state of the organization's security controls and certify those results to the board. What term best describes this engagement?
Unavailability of future patches
Tom's organization recently learned that the vendor is discontinuing support for their customer's management CRM system. What should concern Tom the most from a security perspective
Separation of duties
Tomahawk industries develops weapons control system for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following
Deterrent
Tonya is concerned about the risk that an attacker will attempt to gain access to her organizations db server. She is searching for a control that would discourage the attackers from attempting to gain access. What type of security control is she seeking to implement?
Time-based one-time passwords
Trevor is deploying the Google Authenticator mobile application for use in his organization. What type of one-time password system does Google Authenticator use in its default mode?
False
True/False? NIST is a nongovermental organization whose goal is to develop and publish international standards.
Shadow IT
Ursula recently discovered that a group of developers are sharing information over a messaging tool provided by a cloud vendor but not sanctioned by her organization. What term describes this use of technology?
AES
Vince is choosing a symmetric encryption algorithm for use in his organization. He would like to choose the strongest algorith from the choices below. What algorithm should he choose?
IoC
Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information?
HIPAA
What compliance regulation most directly affects the operations of a healthcare provider
To make the organization's personnel aware of existing risk
What is the main purpose of risk identification in an organization?
Likelihood X impact = RE
What is the typical risk equation
Deterrent
What kind of security control is associated with a login banner
Hardware that mirrors the primary site, but no data
What level of technology infrastructure should you expect to find in a cold site alternative data center facility?
Center for Internet Security
What organization is known for creating independent security benchmark covering hardware and software platforms from many different vendors
Stream cipher
What type of cipher operates on one character of text at a time?
Hashes produced by a specific hash function may vary in size
Which of the following is not true of hash functions?
Password complexity requirements
Which of the following technologies is the least effective means of preventing shared accounts
Nation-state actors
Which of the following threat actors typically has the greatest access to resources.
List of applications in use
Which of the following would be commonly provided by a casb
organized crime
Which of these threat actors would be most likely to accack system for direct financial gain
Create specific technology requirements for an organization
Which one of the following is the least common use of the NIST cybersecurity framework?
Symmetric stream substitution
Which set of characteristics describes the Caesar cipher accurately.
Brute Force
Which type of attack does an account lockout policy help to prevent