Cybersecurity Fundamentals Prep Quiz

1. Risk assessments should be performed

At the start of a program

On a regular basis

When an asset changes

When a vulnerability is discovered

Risk assessments should be performed on a regular basis to ensure that any potential risks or vulnerabilities are identified and addressed in a timely manner. By conducting regular risk assessments, organizations can stay proactive in managing risks and making informed decisions to mitigate them. This allows for a continuous evaluation of the effectiveness of existing controls and the identification of new risks that may arise over time. Regular risk assessments also help in maintaining compliance with regulatory requirements and industry best practices. Overall, conducting risk assessments on a regular basis is essential for maintaining a proactive and effective risk management approach.

Explanation

Risk assessments should be performed on a regular basis to ensure that any potential risks or vulnerabilities are identified and addressed in a timely manner. By conducting regular risk assessments, organizations can stay proactive in managing risks and making informed decisions to mitigate them. This allows for a continuous evaluation of the effectiveness of existing controls and the identification of new risks that may arise over time. Regular risk assessments also help in maintaining compliance with regulatory requirements and industry best practices. Overall, conducting risk assessments on a regular basis is essential for maintaining a proactive and effective risk management approach.

2. The principle of ________ or ________ should be implemented by System hardening.

Governance, compliance

Least privilege, access control

Stateful inspection, remote access

Vulnerability assessment, risk mitigation

System hardening refers to the process of securing a computer system by reducing its vulnerabilities and minimizing potential attack surfaces. The principle of least privilege ensures that users and processes are only granted the minimum level of access necessary to perform their tasks, reducing the risk of unauthorized access or malicious activities. Access control, on the other hand, involves the implementation of mechanisms to regulate and manage user access to resources within a system. By combining the principles of least privilege and access control, system hardening can effectively enhance security and protect against potential threats.

Explanation

System hardening refers to the process of securing a computer system by reducing its vulnerabilities and minimizing potential attack surfaces. The principle of least privilege ensures that users and processes are only granted the minimum level of access necessary to perform their tasks, reducing the risk of unauthorized access or malicious activities. Access control, on the other hand, involves the implementation of mechanisms to regulate and manage user access to resources within a system. By combining the principles of least privilege and access control, system hardening can effectively enhance security and protect against potential threats.

3. Three common controls used to protect the availability of information are:

Redundancy, backups, and access controls.

Encryption, file permissions, and access controls.

Access controls, logging, and digital signatures.

Hashes, logging, and backups.

Redundancy ensures that there are multiple copies of the information or systems in place, so that if one fails, there are backups available to maintain availability. Backups involve regularly creating copies of data or systems in case of loss or damage, allowing for the restoration of information and maintaining availability. Access controls restrict and manage user access to information, ensuring that only authorized individuals can access it, thereby protecting its availability. Therefore, the combination of redundancy, backups, and access controls is effective in safeguarding the availability of information.

Explanation

Redundancy ensures that there are multiple copies of the information or systems in place, so that if one fails, there are backups available to maintain availability. Backups involve regularly creating copies of data or systems in case of loss or damage, allowing for the restoration of information and maintaining availability. Access controls restrict and manage user access to information, ensuring that only authorized individuals can access it, thereby protecting its availability. Therefore, the combination of redundancy, backups, and access controls is effective in safeguarding the availability of information.

4. The cybersecurity role that is charged with the responsibility of managing incidents and remediation is

Board of directors

Executive committee

Cybersecurity management

Cybersecurity practitioners

Section 1

Explanation

Section 1

5. NIST defines a(n) BLANK as a "violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices."

Disaster

Event

Threat

Incident

NIST defines an incident as a "violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices." This means that an incident refers to any breach or potential breach of security protocols or policies in place. It could involve unauthorized access, data breaches, or any other form of security violation.

Explanation

NIST defines an incident as a "violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices." This means that an incident refers to any breach or potential breach of security protocols or policies in place. It could involve unauthorized access, data breaches, or any other form of security violation.

6. The element of an incident response plan that involves obtaining and preserving evidence is

Preparation

Identification

Containment

Eradication

Containment is the element of an incident response plan that involves obtaining and preserving evidence. During this phase, the focus is on isolating the affected systems or network segments to prevent further damage and to preserve the evidence for forensic analysis. Containment measures may include disconnecting affected devices from the network, disabling compromised accounts, or implementing firewalls and access controls. By containing the incident, organizations can minimize the impact and gather crucial evidence to understand the nature of the attack and take appropriate actions for eradication and recovery.

Explanation

Containment is the element of an incident response plan that involves obtaining and preserving evidence. During this phase, the focus is on isolating the affected systems or network segments to prevent further damage and to preserve the evidence for forensic analysis. Containment measures may include disconnecting affected devices from the network, disabling compromised accounts, or implementing firewalls and access controls. By containing the incident, organizations can minimize the impact and gather crucial evidence to understand the nature of the attack and take appropriate actions for eradication and recovery.

7. One map Ethernet to which layer of the Open Systems Interconnect (OSI) Model?

Data Link

Network

Application

Transport

Ethernet is a protocol that operates at the Data Link layer of the OSI Model. This layer is responsible for the reliable transfer of data between directly connected network devices. Ethernet provides a set of rules for how data should be formatted, addressed, transmitted, and received over a network. It defines the physical and logical connections between devices and handles error detection and correction. Therefore, Ethernet is closely associated with the Data Link layer of the OSI Model.

Explanation

Ethernet is a protocol that operates at the Data Link layer of the OSI Model. This layer is responsible for the reliable transfer of data between directly connected network devices. Ethernet provides a set of rules for how data should be formatted, addressed, transmitted, and received over a network. It defines the physical and logical connections between devices and handles error detection and correction. Therefore, Ethernet is closely associated with the Data Link layer of the OSI Model.

8. Which all of these are considered as the key functions important for the protection of digital assets according to the NIST framework? Select 3 of these.

Encrypt

Protect

Investigate

Recover

Identify

The NIST (National Institute of Standards and Technology) framework for improving critical infrastructure cybersecurity identifies several key functions that are crucial for the protection of digital assets. Among the options given:

Protect: This function involves implementing the appropriate safeguards to ensure delivery of critical infrastructure services.

Recover: This function focuses on developing and implementing the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

Identify: This function assists in developing an organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

These three—Protect, Recover, and Identify—are considered key functions in the NIST framework for effectively managing and protecting digital assets. "Encrypt" is a subset of the Protect function but not a separate key function in the NIST framework, and "Investigate" typically falls under the Respond function, specifically post-incident activities.

Explanation

The NIST (National Institute of Standards and Technology) framework for improving critical infrastructure cybersecurity identifies several key functions that are crucial for the protection of digital assets. Among the options given:

Protect: This function involves implementing the appropriate safeguards to ensure delivery of critical infrastructure services.

Recover: This function focuses on developing and implementing the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

Identify: This function assists in developing an organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

These three—Protect, Recover, and Identify—are considered key functions in the NIST framework for effectively managing and protecting digital assets. "Encrypt" is a subset of the Protect function but not a separate key function in the NIST framework, and "Investigate" typically falls under the Respond function, specifically post-incident activities.

Submit

9. As defined by ISO, which of these are considered as the functional areas of network management? Select all that apply.

Accounting management

Fault management

Firewall management

Performance management

Security management

The functional areas of network management, as defined by ISO, include accounting management, fault management, performance management, and security management. These areas are crucial for effectively managing and maintaining a network. Accounting management involves tracking network usage and costs. Fault management focuses on identifying and resolving network issues. Performance management involves monitoring and optimizing network performance. Security management deals with protecting the network from unauthorized access and ensuring data confidentiality. Firewall management, although important for network security, is not specifically mentioned as a functional area of network management according to ISO.

Explanation

The functional areas of network management, as defined by ISO, include accounting management, fault management, performance management, and security management. These areas are crucial for effectively managing and maintaining a network. Accounting management involves tracking network usage and costs. Fault management focuses on identifying and resolving network issues. Performance management involves monitoring and optimizing network performance. Security management deals with protecting the network from unauthorized access and ensuring data confidentiality. Firewall management, although important for network security, is not specifically mentioned as a functional area of network management according to ISO.

Submit

10. Arrange these incident response process' steps into the correct order.

Mitigation and recovery

Investigation

Post-incident analysis

Preparation

Detection and analysis