CyberSecurity Fundamentals (Section 1,5 And 6)

A. Redundancy, backups and access controls.

B. Encryption, file permissions and access controls.

C. Access controls, logging and digital signatures.

D. Hashes, logging and backups.

A. Providing strategic direction.

B. Ensuring that objectives are achieved.

C. Verifying that organizational resources are being used appropriately.

D. Directing and monitoring security activities.

E. Ascertaining whether risk is being managed properly.

Encrypt

Protect

Investigate

Recover

Identify

A. The process by which an organization manages cybersecurity risk to an acceptable level

B. The protection of information from unauthorized access or disclosure

C. The protection of paper documents, digital and intellectual property, and verbal or visual communications

D. Protecting information assets by addressing threats to information that is processed, stored or transported by interworked information systems

A. Board of directors

B. Executive committee

C. Cybersecurity management

D. Cybersecurity practitioners

Preparation

Identification

Containment

Eradication

A. Disaster recovery objectives, resources and personnel.

B. Who had access to the evidence, in chronological order.

C. Labor, union and privacy regulations.

D. Proof that the analysis is based on copies identical to the original evidence.

E. The procedures followed in working with the evidence.

Disaster

Event

Threat

Incident

A. The circumstances under which a disaster should be declared.

B. The estimated probability of the identified threats actually occurring.

C. The efficiency and effectiveness of existing risk mitigation controls.

D. A list of potential vulnerabilities, dangers and/or threats.

E. Which types of data backups (full, incremental and differential) will be used.

A. Software as a Service (SaaS)

B. Cloud computing

C. Big data

D. Platform as a Service (PaaS)

A. APTs typically originate from sources such as organized crime groups, activists or governments.

B. APTs use obfuscation techniques that help them remain undiscovered for months or even years.

C. APTs are often long-term, multi-phase projects with a focus on reconnaissance.

D. The APT attack cycle begins with target penetration and collection of sensitive information.

E. Although they are often associated with APTs, intelligence agencies are rarely the perpetrators of APT attacks.

A. The reorientation of technologies and services designed around the individual end user.

B. The primacy of external threats to business enterprises in today’s threat landscape.

C. The stubborn persistence of traditional communication methods.

D. The application layer’s susceptibility to APTs and zero-day exploits.

A. Organizational risk

B. Compliance risk

C. Technical risk

D. Physical risk

E. Transactional risk

A. Text messaging, Bluetooth technology and SIM cards

B. Web applications, botnets and primary malware

C. Financial gains, intellectual property and politics

D. Cloud computing, social media and mobile computing