Cybersecurity Quiz
A cybersecurity exploit allows a hacker or intruder to
remotely access a network, gain privileges, and make unauthorized changes.
A university's network was severely compromised by a systemwide attack that made accessing records impossible. All files were encrypted and the tech team didn't have the key. Administrators received what was essentially a ransom note: the network would be restored after they paid a million dollars to an unknown actor. Which factors most strongly influenced university administrators' decision whether or not to comply? More than one answer may be correct.
Whether the university's tech support team could decrypt the files themselves. Whether law enforcement could be identified and force the bad actor to decrypt the files.
Why is establishing authentication procedures a common cybersecurity goal?
Verifying that users are authorized to access systems, data, and resources is fundamental to preventing their unauthorized use.
Who is responsible for calculating probable maximum loss?
a company's cybersecurity analysts
Software-based keyloggers often infect a system through
a malicious email or link opened by an unsuspecting user.
Which of the following is a goal of confidentiality as defined by the CIA triad?
making sure the right people have access to secure information
Spyware's basic function is to
capture the user's account data, passwords, keystrokes, and more.
In addition to planning, analysis, and mitigation, select the remaining two categories of the respond (RS) function of the NIST Cybersecurity Framework from the list below.
communication improvements to cybersecurity response plans
What is the "DE" function in the National Institute of Standards Technology (NIST) Cybersecurity Framework?
detect function
Which of the following are reasons why states are making cybersecurity measures a high priority? More than one answer may be correct.
the acceleration of new technologies the proliferation of cyber threats to data and technology
The term virus is a useful way to identify this malware for which of the following reasons? More than one answer may be correct.
Both biological and computer viruses have the ability to reproduce themselves. A virus needs a host body or computer system to do its work.
Which of the following statements describe Internet robots, or bots? More than one answer may be correct.
Bots are used for both legitimate and malicious purposes. Malicious bots can compromise a user's control of the computer. "Good bots" have useful functions and do not pose security risks.
All data in transit is by nature protected from malicious attacks since it is in motion and not stable.
FALSE
A man-in-the-mobile and a man-in-the-middle attack have what similar qualities? More than one answer may be correct.
Harvesting personal information is the goal of each cyber intrusion. The user may not know the malware has infected the device.
Currently, one of the biggest vector opportunities for cybercriminals is MitMo.
TRUE
The Stored Communications Act prohibits which activity?
accessing the communications of an organization without authorization
Which of the following would be prohibited under the Electronic Communications Protection Act?
an employee leaking confidential emails they were not authorized to receive
Which of the following names a type of cybersecurity threat? More than one answer may be correct.
an event or act that may lead to asset loss a condition that may lead to asset loss a harmful result or consequence of asset loss
What is a cybersecurity threat?
an event or condition that can lead to IT asset loss and the negative consequences of such loss
What are the three categories of the detect (DE) function of the NIST Cybersecurity Framework?
analysis, observation, detection
Which of the NIST Cybersecurity Framework functions investigates an organization's cybersecurity management in the context of their business needs and resources?
identify (ID) function
Describe the purpose of a cybersecurity risk analysis. More than one answer may be correct.
identify a company's assets calculate potential loss due to security threats determine how to respond to a potential loss
Cybersecurity threat mitigation is best defined as the policies, procedures, and tools that help an organization
identify cybersecurity threats, prevent them from being realized, and minimize damage from them.
One surveillance technology that relies on how the user enters data is a
keylogger.
Adrian and Frank began the online process of applying for a short-term loan for their business. They created an account with a username and password, looked over the privacy statement, reviewed the security policy, and accepted the terms of use. After logging on, however, they became increasingly uncomfortable answering so many detailed questions about income, employment, and more. What specific risk might they have remembered from studying cybersecurity?
man-in-the-middle (MitM)
Where are data in transit found?
on a cellular network
From the following list, select all the primary components of cybersecurity threat mitigation.
policies and procedures for threat prevention tools and procedures for threat identification policies, tools, and strategies for threat "curing" or minimization
What part of the plan-protect-respond cycle is occurring when an organization limits access to sensitive documents on a server to only those with the required security clearance?
protect
Which NIST Cybersecurity Framework function involves correcting an organization's cybersecurity plans due to a cybersecurity event?
recover (RC) function
Which function of the NIST Cybersecurity Framework calls for an organization to implement plans for resilience?
recover (RC) function
Which of the following must remain confidential to achieve cybersecurity goals? More than one answer may be correct.
the logins and passwords of authorized users private or sensitive data and information the specifications of the organization's IT systems
What does the General Data Protection Regulation (GDPR) strive to achieve?
to ensure EU companies protect the privacy and personal data of EU citizens
Why is a denial-of-service attack (DoS attack) a threat to data availability?
By flooding a system with incoming messages, a DoS attack forces the system to shut down, rendering it inaccessible to the users who legitimately have access to it.
Who is protected by California's SB-327 for IoT Security and who is accountable for ensuring the guidelines are met?
California's SB-327 for IoT Security helps to protect consumers; the responsibility lies with makers of devices that connect with the Internet.
From the following list, select all of the ways in which cybersecurity helps preserve the integrity of data, information, and systems.
Cybersecurity policies and procedures are designed to protect the consistency, accuracy, and dependability of these assets. Cybersecurity tools such as user-access controls, file permission, and version controls help prevent unauthorized changes. Cybersecurity systems are designed to detect unauthorized or unanticipated changes to data that suggest a loss of integrity.
Which type of cybersecurity breach makes a computer, network, or online service malfunction or become unavailable to users?
DDOS attacks
How does the cybersecurity goal of preserving data integrity relate to the goal of authenticating users?
Data integrity is more easily preserved if users must be authorized to access data and make changes.
Determine which of the following is an example of data that has integrity.
Data that are used to set sales goals for account executives are stored on a secure server; managers are allowed read-only access to the sales data for the reps they directly manage.
Which of the following is considered a cybersecurity threat to data at rest? More than one answer may be correct.
Data will be altered by unauthorized users. Data will be viewed by unauthorized users.
Although bothersome, seeing multiple ads for products you have searched is never considered an invasion of privacy.
FALSE
California's SB-327 for IoT requires companies to anonymize collected data to protect consumer privacy.
FALSE
Which statement accurately describes the need to keep sensitive data, information, and systems confidential?
It is both a major goal and a requirement for cybersecurity.
Which of the following statements describes a keylogger most accurately?
It is surveillance malware that captures confidential information through keyboard input.
Which of the following statements best illustrates why a rootkit is described as creating a back door?
Like an intruder coming through a back door, a rootkit allows an unknown user into an operating system.
Why are probable loss calculations important?
Organizations have limited funds to use toward system protections.
A ransomware attack involves a multi-step process of file encryption, making demands of the target, untraceable payment, and possible file decryption.
TRUE
According to the National Institute of Standards Technology (NIST), the RS function of the framework includes communications with internal and external stakeholders.
TRUE
Cybersecurity vulnerabilities can be intentionally exploited or accidentally allowed to compromise system security.
TRUE
Explain the purpose of the National Institute of Standards Technology (NIST) Cybersecurity Framework.
The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks.
Why is it important to preserve the integrity of data, information, and systems?
These assets lose their usefulness and value if their consistency, accuracy, or dependability is compromised.
What do all cybersecurity threats have in common?
They are connected to the loss of information, software, or hardware.
Which of the following is an example of data in process? More than one answer may be correct.
a username that has been submitted for authentication a password that has been submitted for authentication credit card information used to pay for an order placed on Amazon
"Cybersecurity threat mitigation" includes all of the policies, procedures, and tools that help organizations
anticipate and counter threats from security vulnerabilities or incidents and reduce their impact.
Social engineering is used to target people whom
are not cautious about giving out confidential or sensitive information.
Which of the elements of the CIA triad does properly maintaining all hardware serve?
availability
Malicious bots are cybersecurity risks because they
can reproduce and link to an outside server.
Which of the following are areas covered by state-specific cybersecurity laws? More than one answer may be correct.
increasing cybersecurity at the state and local level addressing security needs of mobile devices protecting critical infrastructure from cyber threats
If an organization's automated backup system is vulnerable to data loss or corruption, its cybersecurity vulnerability is a weakness or flaw in its
software.
As of 2020, all legislation that has been passed to protect elections from cybersecurity threats are part of
state-specific cybersecurity laws.
In which situation should the origin of information be authenticated to protect data integrity?
when electronic votes are submitted during an election
Ransomware is typically introduced into a network by a ________ and to an individual computer by a Trojan horse.
worm