CyberSecurity Fundamentals Quiz: Exam!

The statement is true because an IDS (Intrusion Detection System) only detects and alerts about attacks, while an IPS (Intrusion Prevention System) not only detects but also actively blocks or prevents attacks from occurring. The IPS can analyze network traffic in real-time and take immediate action to stop malicious activities, such as blocking suspicious IP addresses or terminating suspicious connections. This proactive approach makes the IPS more effective in protecting the network against cyber threats compared to the IDS.

The correct answer is "Protecting information assets by addressing threats to information that is processed, stored or transported by internetworked information systems." This definition encompasses the core concept of cybersecurity, which is safeguarding information assets from potential threats that may arise during the processing, storage, or transportation of information through interconnected information systems. It highlights the importance of addressing these threats to ensure the security and integrity of the information.

Cloud computing, social media, and mobile computing have provided increased levels of access and connectivity, creating more opportunities for cybercrime. Cloud computing allows for remote storage and access to data, making it vulnerable to unauthorized access and data breaches. Social media platforms provide a vast amount of personal information, which can be exploited by cybercriminals for identity theft and phishing attacks. Mobile computing, including smartphones and tablets, have become essential in today's world, but they also pose security risks such as malware infections and data breaches due to their constant connectivity to the internet.

An asset is something of value worth protecting. It refers to any valuable resource or property that an individual or organization owns and can be used to generate income or provide future benefits. Assets can include physical possessions, such as real estate or vehicles, as well as intangible assets like intellectual property or investments. Protecting assets is important to ensure their continued value and usefulness, as well as to safeguard against potential risks or threats.

Malware, also known as malicious code, refers to software that is specifically created with the intention of gaining unauthorized access to computer systems, causing disruption, or stealing sensitive information. It encompasses various forms of malicious software such as viruses, worms, trojans, ransomware, and spyware. The primary purpose of malware is to compromise the security and integrity of targeted computer systems, often resulting in financial loss, data breaches, and system malfunction.

The transport layer of the OSI model ensures that data are transferred reliably in the correct sequence. It is responsible for segmenting and reassembling data, as well as providing error detection and correction. On the other hand, the session layer coordinates and manages user connections. It establishes, maintains, and terminates connections between users, allowing them to communicate and exchange data.

A vulnerability refers to a flaw or weakness in the design, implementation, operation, or internal controls of a process. This vulnerability can be exploited by malicious actors to violate the security of a system. In other words, a vulnerability is a potential entry point or loophole that can be used to compromise the security of a system.

Cloud computing is defined as "a model for enabling convenient, on-demand network access to a shared pool of configurable resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management or service provider interaction." This definition perfectly aligns with the concept of cloud computing, which involves accessing and utilizing various resources and services over the internet, without the need for physical infrastructure or direct management. Therefore, the correct answer is cloud computing.

NIST defines an incident as a "violation of imminent threat of violation of computer security policies, acceptable use policies, or standard security practices." This means that an incident refers to any unauthorized or malicious activity that compromises the security of computer systems or networks. It can include actions such as unauthorized access, data breaches, malware infections, or any other security breach that goes against established policies and practices.

Redundancy, backups, and access controls are three common controls used to protect the availability of information. Redundancy refers to having multiple copies or backups of data or systems to ensure that if one fails, there are others to take its place and maintain availability. Backups involve regularly creating copies of data and storing them in a secure location, so that in the event of data loss or system failure, the information can be restored. Access controls restrict unauthorized access to information, ensuring that only authorized individuals can access and modify it, thereby preserving its availability.

A threat refers to anything that has the potential to cause harm or act against an asset. It can be any entity, action, event, or circumstance that poses a risk to the security or well-being of the asset. Threats can come in various forms such as natural disasters, cyberattacks, theft, or even human errors. Identifying and understanding threats is crucial in order to implement appropriate measures to protect assets and mitigate potential harm.

System hardening should implement the principle of least privilege, which means that users and processes should only have the minimum privileges necessary to perform their tasks. This helps to minimize the potential damage that can be caused by unauthorized access or malicious activities. Additionally, access control should also be implemented to ensure that only authorized individuals or processes can access specific resources or perform certain actions. These two principles work together to enhance the security of the system and protect against potential threats.

Virtualization involves the creation of multiple guests that can coexist on the same server while being isolated from one another. This means that each guest operates independently and does not have access to the resources or data of other guests. This allows for efficient utilization of server resources and improved security by preventing guest-to-guest interactions.

The term "payload" refers to the container that carries and delivers the exploit to the target during an attack. It contains the malicious code or software that is designed to exploit vulnerabilities in the target system. The payload is responsible for executing the intended actions of the attacker, such as gaining unauthorized access, causing damage, or stealing information.

A LAN, or Local Area Network, is a network that covers a small, local area, typically within a single building or a few buildings. It connects a limited number of devices, such as computers, printers, and servers, allowing them to communicate and share resources. LANs are commonly used in homes, offices, schools, and small businesses to facilitate local communication and data sharing.

Most operating systems have two modes of operation - kernel mode and user mode. In kernel mode, the operating system has full access to the hardware and can execute privileged instructions for the internal operation of the system. In user mode, applications and user processes run, and they have limited access to the hardware and cannot execute privileged instructions. This separation of modes helps to ensure the stability and security of the system by preventing user processes from interfering with the critical operations of the operating system.

Cybersecurity management is responsible for managing incidents and remediation. This role involves overseeing the overall cybersecurity strategy, implementing security measures, and coordinating incident response efforts. They are in charge of identifying and addressing security incidents, coordinating with relevant teams to mitigate risks, and ensuring that appropriate remediation actions are taken to prevent future incidents. This role plays a crucial role in maintaining the security of an organization's systems and data.

Maintaining an asset inventory is crucial for vulnerability management as it involves keeping track of all cybersecurity assets and their locations. By maintaining an asset inventory, organizations can have a comprehensive understanding of their systems, devices, and software, which enables them to identify potential vulnerabilities and address them effectively. This practice helps in prioritizing and planning vulnerability assessments, patching, and other security measures, leading to an overall improved cybersecurity posture.

A rootkit is a type of malware that is designed to conceal the presence of other malicious software by altering the operating system. It achieves this by modifying system files, processes, and configurations, making it difficult for antivirus programs and other security measures to detect and remove the hidden malware. Rootkits often grant unauthorized access to the attacker, allowing them to control the compromised system remotely and carry out malicious activities undetected.

Encryption plays a crucial role in a cybersecurity program as it is an essential form of access control. It helps protect sensitive data by converting it into a coded form that can only be accessed by authorized individuals with the decryption key. However, encryption alone is not sufficient to ensure complete security. Other security measures such as firewalls, authentication protocols, and intrusion detection systems are also necessary to create a comprehensive cybersecurity program. Therefore, while encryption is essential, it is considered incomplete without the implementation of other security measures.

A firewall is a system or combination of systems that enforces a boundary between two or more networks, typically forming a barrier between a secure and open environment such as the Internet. Firewalls are designed to monitor and control incoming and outgoing network traffic based on predetermined security rules. They help protect the internal network from unauthorized access and potential threats from the outside world, acting as a barrier between the secure internal network and the less secure external network, such as the Internet.

Containment is the element of an incident response plan that involves obtaining and preserving evidence. Containment refers to the process of isolating and controlling the incident to prevent further damage or compromise. During this phase, it is crucial to gather and secure evidence related to the incident, which can be used for forensic analysis, identifying the root cause, and potential legal actions. By containing the incident and preserving evidence, organizations can effectively investigate and mitigate the impact of the incident.

The chain of custody contains information regarding who had access to the evidence, in chronological order. This is important because it helps establish the integrity and reliability of the evidence by documenting who has handled it and when. It also helps ensure that the evidence has not been tampered with or altered. Additionally, the chain of custody includes proof that the analysis is based on copies identical to the original evidence, which is crucial for maintaining the accuracy and validity of the analysis. Lastly, the chain of custody includes the procedures followed in working with the evidence, which helps ensure that proper protocols were followed throughout the handling and analysis process.

A demilitarized zone (DMZ) is a network that acts as a buffer between an organization's internal network and the external network, such as the internet. It is designed to provide additional security by isolating public servers, VPN termination, and modem pools from the internal network. The DMZ allows external users to access these resources while keeping them separate from the internal network, reducing the risk of unauthorized access to sensitive information.

Patches are solutions to software programming and coding errors. When errors or bugs are identified in software, patches are created to fix these issues. These patches are essentially updates or modifications to the code that address and resolve the specific problems. By applying patches, developers can ensure that the software functions correctly and efficiently, improving its overall performance and user experience.

The correct answer is "asset value, criticality, reliability of each control, and degree of exposure." When implementing defense in depth, the number and types of layers needed depend on several factors. The value and criticality of the assets being protected are important considerations, as higher-value assets may require more layers of defense. The reliability of each control is also crucial, as ineffective controls may necessitate additional layers. Additionally, the degree of exposure to potential threats should be taken into account when determining the appropriate number and types of layers for defense in depth.

Policies are a set of guidelines or rules that communicate the required and prohibited activities and behaviors within an organization or community. They provide a framework for individuals to understand what is expected of them and what actions are not allowed. By clearly outlining these policies, organizations can promote a safe and productive environment, ensuring that everyone is aware of the standards and consequences associated with their actions.

According to the NIST cybersecurity framework, the key functions necessary for the protection of digital assets are protect, recover, and identify. Protect refers to implementing safeguards to ensure the security and integrity of digital assets. Recover involves developing and implementing plans and procedures to restore digital assets and capabilities after a cybersecurity incident. Identify entails developing and implementing processes to understand the organization's cybersecurity risks and vulnerabilities. These three functions work together to enhance the overall cybersecurity posture of an organization and safeguard its digital assets.

An attack vector refers to the specific path or method that an attacker uses to gain unauthorized access to a target asset. It can be a vulnerability in a system, a malicious email attachment, a compromised website, or any other means that allows the attacker to exploit weaknesses and infiltrate the target. By understanding the attack vector, security measures can be implemented to mitigate the risk and protect the asset from potential attacks.

A VLAN (Virtual Local Area Network) is a network that is logically created instead of physically connected. It allows for great flexibility as it enables the grouping of devices into separate virtual networks, regardless of their physical location. This allows for efficient management and control of network resources, as well as improved security and performance. VLANs can be easily reconfigured and modified without the need for physical changes to the network infrastructure, making them highly flexible.

Procedures provide details on how to comply with policies and standards. They outline the specific steps and actions that need to be followed in order to adhere to the established guidelines and regulations. Procedures serve as a guide for individuals or organizations to ensure that they are meeting the required standards and following the prescribed protocols. They provide a systematic approach to achieving compliance and help in maintaining consistency and uniformity in operations.

Guidelines provide general guidance and recommendations on what to do in particular circumstances. They serve as a set of instructions or suggestions that help individuals or organizations make informed decisions or take appropriate actions. Guidelines are typically based on expert knowledge, best practices, or established standards, and they aim to provide a framework for achieving desired outcomes or addressing specific situations. By following guidelines, individuals or organizations can navigate through complex or unfamiliar scenarios with a sense of direction and clarity.

Standards are used to interpret policies in specific situations. Standards provide guidelines and criteria that help determine how policies should be applied and implemented in different scenarios. They help ensure consistency and fairness in decision-making by providing a framework for interpreting policies and making judgments. Standards help bridge the gap between general policies and their practical application, allowing for flexibility while still maintaining a level of uniformity and objectivity.

BYOD (Bring Your Own Device) refers to the practice of allowing employees to use their personal devices for work purposes. The benefits of BYOD include cost shifting to the user, as employees are responsible for purchasing and maintaining their own devices, reducing the financial burden on the organization. Additionally, worker satisfaction increases as employees are able to use devices they are comfortable with and prefer. However, the explanation does not mention the security risk being known to the user, which is another benefit of BYOD as employees are more likely to take responsibility for securing their own devices.

The key benefits of the DMZ system are that an intruder must penetrate three separate devices, which adds an extra layer of security. Additionally, private network addresses are not disclosed to the internet, reducing the risk of unauthorized access. Lastly, internal systems do not have direct access to the internet, minimizing the potential for attacks on the internal network.

Identity management includes many components such as directory services, authentication and authorization services, and user management capabilities such as provisioning and deprovisioning. This means that identity management is a comprehensive system that handles various aspects of managing user identities, including managing user access rights, verifying user identities, and managing user accounts and privileges.

The internet perimeter should detect and block traffic from infected internal end points because this helps prevent the spread of malware and other threats within the network. It should also eliminate threats such as email spam, viruses, and worms to protect the network and its users. Additionally, it should control user traffic bound toward the internet to ensure that only authorized and safe connections are made. Lastly, it should monitor internal and external network ports for rogue activity to identify and mitigate any unauthorized or suspicious behavior.

The SDLC includes IT processes for managing and controlling project activity, which refers to the systematic approach used to manage and control the development of software systems. It also includes an objective for each phase of the life cycle, which provides a clear goal and direction for that particular phase. Additionally, the SDLC involves incremental steps or deliverables that lay the foundation for the next phase, ensuring a smooth transition and progression throughout the development process. These three elements are essential components of the SDLC and contribute to its effectiveness and success.

The functional areas of network management as defined by ISO include accounting management, fault management, performance management, and security management. These areas are essential for effectively managing and maintaining a network infrastructure. Accounting management involves tracking and managing network resources and expenses. Fault management focuses on identifying, isolating, and resolving network issues. Performance management involves monitoring and optimizing network performance. Security management is responsible for implementing and maintaining network security measures. Firewall management, although important for network security, is not specifically mentioned as a functional area in the ISO definition.

Mobile devices are typically associated with organizational risk because they can pose a threat to the organization's data security and confidentiality. Technical risk is also a concern as mobile devices can be vulnerable to hacking, malware, and other technical issues. Additionally, physical risk is a factor as mobile devices can be lost, stolen, or damaged, potentially leading to the loss of sensitive information. Compliance risk, on the other hand, refers to the risk of not adhering to legal and regulatory requirements and is not directly related to mobile devices. Transactional risk is also not specifically associated with mobile devices.

Governance is the process of establishing and implementing policies and procedures to guide an organization towards its goals. One of the goals of governance is to provide strategic direction, which involves setting the overall direction and vision for the organization. Another goal is to ensure that objectives are achieved, meaning that the organization is able to meet its intended targets and goals. Governance also aims to verify that organizational resources are being used appropriately, ensuring that resources are allocated effectively and efficiently. Lastly, governance is responsible for ascertaining whether risk is being managed properly, meaning that the organization is identifying and addressing potential risks in a timely and effective manner.

Advanced persistent threats (APTs) are typically initiated by various sources such as organized crime groups, activists, or governments. APTs employ obfuscation techniques to stay hidden for extended periods, sometimes even years. These attacks are often characterized by being long-term projects that involve multiple phases, with a primary emphasis on reconnaissance.

The core duty of cybersecurity is to identify, mitigate, and manage cyberrisk to an organization's digital assets. Cyberrisk refers to the potential threats and vulnerabilities that can compromise the security and integrity of an organization's digital systems and data. By effectively identifying and assessing these risks, cybersecurity professionals can implement appropriate measures and controls to protect the organization's digital assets from potential attacks, breaches, or unauthorized access. This includes implementing security protocols, conducting regular risk assessments, monitoring for potential threats, and responding to incidents in a timely manner.

The correct order of the incident response process involves several key phases. It begins with "Preparation," where organizations establish policies, procedures, and teams for incident response. "Detection and Analysis" follow, involving monitoring for security incidents and analyzing their nature and scope. Upon detection, the next steps are "Containment" to limit the incident's impact and "Eradication" to remove the threat. "Recovery" focuses on restoring affected systems and services, and finally, "Lessons Learned" involves post-incident analysis to enhance future incident response efforts based on identified improvements and insights gained from the incident.

Penetration testing is a method for evaluating the security of a computer system or network by simulating an attack by a malicious actor. It is typically conducted in a series of phases, each with its own objectives and activities. The correct order of the penetration testing phases is:

Planning: This phase involves defining the scope of the test, identifying the target systems and networks, and obtaining the necessary permissions.

Discovery: This phase involves gathering information about the target systems and networks, such as identifying open ports, vulnerabilities, and potential attack vectors.

Attack: This phase involves attempting to exploit the identified vulnerabilities to gain access to the target systems and networks.

Reporting: This phase involves documenting the findings of the penetration test, including the vulnerabilities that were identified and exploited, and providing recommendations for remediation.

A Business Impact Analysis (BIA) should identify the efficiency and effectiveness of existing risk mitigation controls to determine if they are sufficient in mitigating potential risks. It should also identify a list of potential vulnerabilities, dangers, and/or threats that the organization may face, in order to prioritize and address them appropriately. Additionally, the BIA should determine which types of data backups (full, incremental, and differential) will be used to ensure the availability and integrity of critical data in case of a disaster.