Cybersecurity Fundamentals Prep Quiz

Encrypt

Protect

Investigate

Recover

Identify

Preparation

Identification

Containment

Eradication

Data Link

Network

Application

Transport

Policies

Standards

Guidelines

Procedures

Available resources

Levels of effort

Projected costs

Business needs

Offers defense in depth superior to a concentric-layers model

Consists of two or more security zones

Maximizes the delay experienced by an attacker

Delivers superior performance for internal applications

Availability

Integrity

Nonrepudiation

Confidentiality

Wireless Protected Access 2 (WPA2)

Wireless Protected Access-Advanced Encryption Standard (WPA-AES)

Wired Equivalent Protection 128-bit (WEP-128)

Wireless Protected Access-Temporary Key Integrity Protocol (WPA-TKIP)

Business support services

Technology infrastructure

Cybersecurity capabilities

Core business functions

At the start of a program

On a regular basis

When an asset changes

When a vulnerability is discovered

Power of attorney

Sworn statement

Chain of custody

Affidavit

State-sponsored

Stateless

Stateful

Stated

Planning

Analysis

Design

Implementation

Data-centric

User-centric

Integrated

System-centric

Data Link

Physical

Network

Transport

Homogeneous

Distributed

Diversified

Secure

Recovery

Identification

Containment

Eradication

Exploit

Vulnerability

Payload

Attack Vector

At an interior router, to reduce network traffic congestion

At a dedicated “honey pot” system in the demilitarized zone (DMZ)

At the destination system, to prevent loss of confidentiality

At the perimeter, to allow for effective internal monitoring

Symmetric key encryption is used to securely distribute asymmetric keys

Asymmetric key encryption is used to securely obtain symmetric keys

Symmetric key encryption is used only for short messages, such as digital signatures

Asymmetric key encryption is used in cases where speed is important

Threat and vulnerability

Vulnerability and asset value

Asset count and asset value

Threat and asset count

Performance

Power consumption

Flexibility

Resiliency

Dedicated resources

Detailed procedures

Network diagrams

Critical processes

Improper usage

Investigation

Denial of service (DoS)

Malicious code

Technical

Process

Emergent

Organizational

Operate in specialized environments and often have non-standard design elements

Are subject to specialized requirements established for national security systems

Support critical infrastructure processes for which any risk of compromise is unacceptable

Cannot be replaced due to aging infrastructure and the complexity of included components

Network topologies do not always property identify the locations of virtual servers

VLAN encryption provides a double layer of protection for virtual system data

Insecure protocols could result in a compromise of privileged user credentials

Segregation of management traffic and use traffic dramatically improves performance

Redundancy, backups and access controls.

Encryption, file permissions and access controls.

Access controls, logging and digital signatures.

Hashes, logging and backups.

Ensuring that objectives are achieved.

Verifying that organizational resources are being used appropriately.

Directing and monitoring security activities.

Ascertaining whether risk is being managed properly.

Providing strategic direction.

The process by which an organization manages cybersecurity risk to an acceptable level

The protection of information from unauthorized access or disclosure

The protection of paper documents, digital and intellectual property, and verbal or visual communications

Protecting information assets by addressing threats to information that is processed, stored or transported by interworked information systems

Board of directors

Executive committee

Cybersecurity management

Cybersecurity practitioners

Disaster recovery objectives, resources and personnel.

Who had access to the evidence, in chronological order.

Labor, union and privacy regulations.

Proof that the analysis is based on copies identical to the original evidence.

The procedures followed in working with the evidence.

Disaster

Event

Threat

Incident

The circumstances under which a disaster should be declared.

The estimated probability of the identified threats actually occurring.

The efficiency and effectiveness of existing risk mitigation controls.

A list of potential vulnerabilities, dangers and/or threats.

Which types of data backups (full, incremental and differential) will be used.

Software as a Service (SaaS)

Cloud computing

Big data

Platform as a Service (PaaS)

APTs typically originate from sources such as organized crime groups, activists or governments.

APTs use obfuscation techniques that help them remain undiscovered for months or even years.

APTs are often long-term, multi-phase projects with a focus on reconnaissance.

The APT attack cycle begins with target penetration and collection of sensitive information.

Although they are often associated with APTs, intelligence agencies are rarely the perpetrators of APT attacks.

The reorientation of technologies and services designed around the individual end user.

The primacy of external threats to business enterprises in today’s threat landscape.

The stubborn persistence of traditional communication methods.

The application layer’s susceptibility to APTs and zero-day exploits.

Organizational risk

Compliance risk

Technical risk

Physical risk

Transactional risk

Text messaging, Bluetooth technology and SIM cards

Web applications, botnets and primary malware

Financial gains, intellectual property and politics

Cloud computing, social media and mobile computing

Governance, compliance

Least privilege, access control

Stateful inspection, remote access

Vulnerability assessment, risk mitigation

Accounting management

Fault management

Firewall management

Performance management

Security management

The creation of a layer between physical and logical access controls.

Multiple guests coexisting on the same server in isolation of one another.

Simultaneous use of kernel mode and user mode.

DNS interrogation, WHOIS queries and network sniffing.

Vulnerability scanning.

Penetration testing.

Maintaining an asset inventory

Using command line tools.

Detect and block traffic from infected internal end points.

Eliminate threats such as email spam, viruses and worms.

Format, encrypt and compress data.

Control user traffic bound toward the Internet.

Monitor and detect network ports for rogue activity.

Presentation, data link

Transport, session

Physical, application

Data link. network

DMZs are based on logical rather than physical connections.

An intruder must penetrate three separate devices.

Private network addresses arc not disclosed to the Internet.

Excellent performance and scalability as Internet usage grows.

Internal systems do not have direct access to the Internet.

Encryption is the primary means of securing digital assets.

Encryption depends upon shared secrets anti is therefore an unreliable means of control.

A program's encryption elements should be handled by a third-party cryptologist.

Encryption is an essential but incomplete form of access control.

Asset value, criticality, reliability of each control and degree of exposure.

Threat agents, governance, compliance and mobile device policy.

Network configuration, navigation controls, user interface and VPN traffic.

Isolation, segmentation, internal controls and external controls.