CyberSecurity Fundamentals (Section 1,5 And 6)
-
Three common controls used to protect the availability of information are:
-
A. Redundancy, backups and access controls.
-
B. Encryption, file permissions and access controls.
-
C. Access controls, logging and digital signatures.
-
D. Hashes, logging and backups.
-
Cyber security is the practice of ensuring the integrity, confidentiality, and availability of information. It helps prevent dangerous accidents like hard drive failures or power outages, and from attacks by adversaries. If you are planning to get the certificate from Nexus on cyber security the quiz below will help with your revision of section 1,5 and 6.
Quiz Preview
- 2.
2. Select all that apply. Governance has several goals, including:
-
A. Providing strategic direction.
-
B. Ensuring that objectives are achieved.
-
C. Verifying that organizational resources are being used appropriately.
-
D. Directing and monitoring security activities.
-
E. Ascertaining whether risk is being managed properly.
Correct Answer(s)
A. A. Providing strategic direction.
A. B. Ensuring that objectives are achieved.
A. C. Verifying that organizational resources are being used appropriately.
A. E. Ascertaining whether risk is being managed properly.Explanation
Governance has several goals, including providing strategic direction, ensuring that objectives are achieved, verifying that organizational resources are being used appropriately, and ascertaining whether risk is being managed properly. These goals help guide and oversee the organization's activities, ensuring that it is moving in the right direction, achieving its goals, using its resources effectively, and managing risks effectively. By achieving these goals, governance helps in the overall success and sustainability of the organization.Rate this question:
-
- 3.
Choose three. According to the NIST framework, which of the following are considered key functions necessary for the protection of digital assets?
-
Encrypt
-
Protect
-
Investigate
-
Recover
-
Identify
Correct Answer(s)
A. Protect
A. Recover
A. IdentifyExplanation
According to the NIST framework, three key functions necessary for the protection of digital assets are protect, recover, and identify. Protecting digital assets involves implementing security measures to prevent unauthorized access or data breaches. Recovering digital assets involves having a plan and procedures in place to restore data or systems in the event of a disruption or incident. Identifying digital assets involves understanding and categorizing the assets to prioritize protection efforts and allocate resources effectively.Rate this question:
-
- 4.
Which of the following is the best definition for cybersecurity?
-
A. The process by which an organization manages cybersecurity risk to an acceptable level
-
B. The protection of information from unauthorized access or disclosure
-
C. The protection of paper documents, digital and intellectual property, and verbal or visual communications
-
D. Protecting information assets by addressing threats to information that is processed, stored or transported by interworked information systems
Correct Answer
A. D. Protecting information assets by addressing threats to information that is processed, stored or transported by interworked information systemsExplanation
Option d is the best definition for cybersecurity because it encompasses the protection of information assets from threats that may occur during processing, storage, or transportation through interconnected information systems. This definition highlights the importance of addressing potential risks and vulnerabilities in order to safeguard sensitive information.Rate this question:
-
- 5.
Which of the following cybersecurity roles is charged with the duty of managing incidents and remediation?
-
A. Board of directors
-
B. Executive committee
-
C. Cybersecurity management
-
D. Cybersecurity practitioners
Correct Answer
A. C. Cybersecurity managementExplanation
Section 1Rate this question:
-
- 6.
Which element of an incident response plan involves obtaining and preserving evidence?
-
Preparation
-
Identification
-
Containment
-
Eradication
Correct Answer
A. ContainmentExplanation
Containment involves isolating and limiting the impact of an incident to prevent further damage. In the context of an incident response plan, obtaining and preserving evidence is crucial for conducting a thorough investigation and identifying the cause of the incident. By containing the incident, organizations can ensure that the evidence remains intact and uncontaminated, allowing for a more effective response and potential legal actions if necessary.Rate this question:
-
- 7.
Select three. The chain of custody contains information regarding:
-
A. Disaster recovery objectives, resources and personnel.
-
B. Who had access to the evidence, in chronological order.
-
C. Labor, union and privacy regulations.
-
D. Proof that the analysis is based on copies identical to the original evidence.
-
E. The procedures followed in working with the evidence.
Correct Answer(s)
A. B. Who had access to the evidence, in chronological order.
A. D. Proof that the analysis is based on copies identical to the original evidence.
A. E. The procedures followed in working with the evidence.Explanation
The chain of custody contains information regarding who had access to the evidence, in chronological order. This is important for maintaining the integrity and reliability of the evidence by providing a clear record of everyone who handled it. It also includes proof that the analysis is based on copies identical to the original evidence, ensuring that any findings are accurate and valid. Additionally, the procedures followed in working with the evidence are documented in the chain of custody to ensure that proper protocols were followed throughout the process.Rate this question:
-
- 8.
. NIST defines a(n) as a “violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.”
-
Disaster
-
Event
-
Threat
-
Incident
Correct Answer
A. IncidentExplanation
An incident, as defined by NIST, refers to a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. This term is used to describe any event that compromises the security of a computer system or network. It can include unauthorized access, data breaches, malware infections, or any other security breach. Therefore, the correct answer is "Incident."Rate this question:
-
- 9.
Select all that apply. A business impact analysis (BIA) should identify:
-
A. The circumstances under which a disaster should be declared.
-
B. The estimated probability of the identified threats actually occurring.
-
C. The efficiency and effectiveness of existing risk mitigation controls.
-
D. A list of potential vulnerabilities, dangers and/or threats.
-
E. Which types of data backups (full, incremental and differential) will be used.
Correct Answer(s)
A. B. The estimated probability of the identified threats actually occurring.
A. C. The efficiency and effectiveness of existing risk mitigation controls.
A. D. A list of potential vulnerabilities, dangers and/or threats.Explanation
The business impact analysis (BIA) is a process that helps identify and prioritize potential risks and their potential impact on the business. It should include assessing the estimated probability of identified threats actually occurring, as this helps in determining the level of risk and the need for risk mitigation measures. It should also evaluate the efficiency and effectiveness of existing risk mitigation controls to ensure they are adequate. Additionally, the BIA should provide a comprehensive list of potential vulnerabilities, dangers, and threats that the business may face, enabling the organization to develop appropriate strategies to address them.Rate this question:
-
- 10.
____________________ is defined as “a model for enabling convenient, on-demand network access to a shared pool of configurable resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management or service provider interaction.”
-
A. Software as a Service (SaaS)
-
B. Cloud computing
-
C. Big data
-
D. Platform as a Service (PaaS)
Correct Answer
A. B. Cloud computingExplanation
Cloud computing is defined as "a model for enabling convenient, on-demand network access to a shared pool of configurable resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management or service provider interaction." This means that cloud computing allows users to access and use resources such as networks, servers, storage, applications, and services over the internet on-demand, without the need for extensive management or interaction with the service provider. This definition aligns with the concept of cloud computing, making it the correct answer.Rate this question:
-
- 11.
Select all that apply. Which of the following statements about advanced persistent threats (APTs) are true?
-
A. APTs typically originate from sources such as organized crime groups, activists or governments.
-
B. APTs use obfuscation techniques that help them remain undiscovered for months or even years.
-
C. APTs are often long-term, multi-phase projects with a focus on reconnaissance.
-
D. The APT attack cycle begins with target penetration and collection of sensitive information.
-
E. Although they are often associated with APTs, intelligence agencies are rarely the perpetrators of APT attacks.
Correct Answer(s)
A. A. APTs typically originate from sources such as organized crime groups, activists or governments.
A. B. APTs use obfuscation techniques that help them remain undiscovered for months or even years.
A. C. APTs are often long-term, multi-phase projects with a focus on reconnaissance.Explanation
APTs, or advanced persistent threats, are typically initiated by organized crime groups, activists, or governments. They employ obfuscation techniques to evade detection for extended periods, sometimes lasting months or even years. APTs are characterized as long-term, multi-phase projects that prioritize reconnaissance. The APT attack cycle commences with infiltrating the target and gathering sensitive information. While APTs are often associated with intelligence agencies, they are rarely the ones behind these attacks.Rate this question:
-
- 12.
Smart devices, BYOD strategies and freely available applications and services are all examples of:
-
A. The reorientation of technologies and services designed around the individual end user.
-
B. The primacy of external threats to business enterprises in today’s threat landscape.
-
C. The stubborn persistence of traditional communication methods.
-
D. The application layer’s susceptibility to APTs and zero-day exploits.
Correct Answer
A. A. The reorientation of technologies and services designed around the individual end user.Explanation
The answer suggests that smart devices, BYOD strategies, and freely available applications and services are all examples of the reorientation of technologies and services designed around the individual end user. This means that these advancements in technology and strategies are focused on catering to the needs and preferences of individual users, rather than following traditional communication methods or being influenced primarily by external threats.Rate this question:
-
- 13.
Choose three. Which types of risk are typically associated with mobile devices?
-
A. Organizational risk
-
B. Compliance risk
-
C. Technical risk
-
D. Physical risk
-
E. Transactional risk
Correct Answer(s)
A. A. Organizational risk
A. C. Technical risk
A. D. Physical riskExplanation
Mobile devices are typically associated with organizational risk because they can pose security threats to the organization's network and data. Technical risk is also associated with mobile devices as they can be vulnerable to malware, hacking, and other technical issues. Physical risk is another type of risk associated with mobile devices as they can be lost, stolen, or damaged, leading to potential data breaches or unauthorized access. Transactional risk, on the other hand, is not typically associated with mobile devices as it refers to risks related to financial transactions, which may not be directly linked to mobile devices.Rate this question:
-
- 14.
Which three elements of the current threat landscape have provided increased levels of access and connectivity, and therefore increased opportunities for cybercrime?
-
A. Text messaging, Bluetooth technology and SIM cards
-
B. Web applications, botnets and primary malware
-
C. Financial gains, intellectual property and politics
-
D. Cloud computing, social media and mobile computing
Correct Answer
A. D. Cloud computing, social media and mobile computingExplanation
Cloud computing, social media, and mobile computing have provided increased levels of access and connectivity, leading to increased opportunities for cybercrime. Cloud computing allows for remote storage and access to data, making it easier for cybercriminals to target and exploit sensitive information. Social media platforms provide a vast amount of personal data that can be used for identity theft and phishing attacks. Mobile computing has become increasingly popular, providing cybercriminals with more targets and opportunities for attacks through mobile apps and insecure Wi-Fi networks. Overall, these three elements have significantly expanded the threat landscape and made it easier for cybercriminals to carry out their activities.Rate this question:
-
Quiz Review Timeline (Updated): Mar 22, 2023 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 22, 2023Quiz Edited by
ProProfs Editorial Team -
Jan 20, 2016Quiz Created by
Louis.dejaeger.m
Back to top