CSX Cybersecurity Fundamentals Quiz

Detailed procedures

A business continuity plan (BCP) is not complete unless it includes:

On a regular basis

Risk assessments should be performed:

Insecure protocols could result in a compromise of privileged user credentials

Virtual systems should be managed using a dedicated virtual local area network (VLAN) because:

Wireless Protected Access 2 (WPA2)

Which of the following offers the strongest protection for wireless network traffic?

System-centric

A cybersecurity architecture designed around the concept of a perimeter is said to be:

Stateful

A firewall that tracks open connection-oriented protocol sessions is said to be:

Physical

A passive network hub operates at which layer of the OSI model?

Emergent

An interoperability error is what type of vulnerability?

Business needs

Business continuity plans (BCPs) associated with organizational information systems should be developed primarily on the basis of:

Segmented network

Consists of two or more security zones.

Eradication

During which phase of the six-phase incident response model is the root cause determined?

Planning

During which phase of the system development lifecycle (SDLC) should security first be considered?

Asymmetric key encryption is used to securely obtain symmetric keys

In practical applications:

Chain of custody

Maintaining a high degree of confidence regarding the integrity of evidence requires a(n):

Core business functions

Outsourcing poses the greatest risk to an organization when it involves:

Operate in specialized environments and often have non-standard design elements

Securing Supervisory Control and Data Acquisition (SCADA) systems can be challenging because they:

Payload

The attack mechanism directed against a system is commonly called a(n):

Malicious code

Under the US-CERT model for incident categorization, a CAT-3 incident refers to which of the following?

Homogeneous

Updates in cloud-computing environments can be rolled out quickly because the environment is:

Heuristic

What kind of anti-malware program evaluates system processes based on their observed behaviors?

At the perimeter, to allow for effective internal monitoring

Where should an organization's network terminate virtual private network (VPN) tunnels?

Nonrepudiation

Which cybersecurity principle is most important when attempting to trace the source of malicious activity?

Standards

Which of the following interpret requirements and apply them to specific situations?

Threat and vulnerability

Which two factors are used to calculate the likelihood of an event?

Users

Who has the greatest influence over access security in a password authentication environment?