(1) Foundations of Cybersecurity Flashcards

Question 1

Q

Fill in the blank: Cybersecurity is the practice of ensuring _____ by protecting networks, devices, people, and data from unauthorized access or criminal exploitation.

compliance, instructions, and accuracy

continuity, infrastructure, and attainment of business goals

customer trust, increased revenue, and advancement

confidentiality, integrity, and availability of information

Answer

A

confidentiality, integrity, and availability of information

Cybersecurity is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation.

Question 2

Q

What are the primary responsibilities of an entry-level security analyst? Select three answers.

Monitor systems

Protect information

Create compliance laws

Search for weaknesses

Answer

A

Monitor systems

Protect information

Search for weaknesses

The primary responsibilities of an entry-level security analyst are as follows: Monitor systems, protect information, and search for weaknesses.

Question 3

Q

Fill in the blank: Performing _____ enables security professionals to review an organization’s security records, activities, and related documents.

software developments

penetration tests

security audits

ethical hacking

Answer

A

security audits

Performing security audits enables security professionals to review an organization’s security records, activities, and related documents.

Question 4

Q

In what ways do security teams bring value to an organization? Select two answers.

Reducing business productivity

Protecting against external and internal threats

Increasing operational expenses

Achieving regulatory compliance

Answer

A

Protecting against external and internal threats

Achieving regulatory compliance

Achieving regulatory compliance and protecting against external and internal threats are ways that security teams bring value to an organization.

Question 5

Q

Which of the following proficiencies are transferable skills, likely to be applicable in almost any field? Select three answers.

Problem-solving

Written and verbal communication

Analysis

Programming

Answer

A

Problem-solving

Written and verbal communication

Analysis

Analysis, problem-solving, and written and verbal communication skills are transferable entry-level security analyst skills.

Question 6

Q

Which of the following proficiencies are technical skills that are needed to become an entry-level security analyst? Select two answers.

Regulation writing

Data analysis

Programming

Collaboration

Answer

A

Programming and data analysis are technical skills, which are needed to become an entry-level security analyst.

Question 7

Q

Fill in the blank: _____ identify, analyze, and preserve criminal evidence within networks, computers, and electronic devices.

Digital forensic investigators

Business intelligence professionals

Ethical hackers

Security operations center analysts

Answer

A

Digital forensic investigators

Digital forensic investigators identify, analyze, and preserve criminal evidence within networks, computers, and electronic devices.

Question 8

Q

What are examples of sensitive personally identifiable information (SPII) that cybersecurity professionals need to protect? Select two answers.

Email addresses

Last names

Bank account numbers

Medical records

Answer

A

Bank account numbers

Medical records

Medical records and bank account numbers are examples of sensitive personally identifiable information. SPII is a specific type of PII that requires stricter protections because it can be significantly more damaging to individuals if it is stolen.

Question 9

Q

Fill in the blank: Cybersecurity aims to protect networks, devices, people, and data from _____ or unauthorized access.

changing business priorities

poor financial management

market shifts

criminal exploitation

Answer

A

criminal exploitation

Question 10

Q

A security professional collaborates with information technology teams to deploy an application that helps identify risks and vulnerabilities. What does this scenario describe?

Installing detection software

Ethical hacking

Conducting a security audit

Upgrading network capacity

Answer

A

Installing detection software

Question 11

Q

Someone outside of an organization attempts to gain access to its private information. What type of threat does this scenario describe?

Internal

Ethical

Accidental

External

Question 12

Q

Fill in the blank: Identity theft is the act of stealing _____ to commit fraud while impersonating a victim.

business records

trade secrets

personal information

hardware

Answer

A

personal information

Question 13

Q

What is regulatory compliance?

Expenses and fines associated with vulnerabilities

Sites and services that require complex passwords to access

Laws and guidelines that require implementation of security standards

Threats and risks from employees and external vendors

Answer

A

Laws and guidelines that require implementation of security standards

Question 14

Q

Which of the following proficiencies are examples of technical skills? Select two answers.

Automating tasks with programming

Applying computer forensics

Communicating with employees

Prioritizing collaboration

Answer

A

Automating tasks with programming

Applying computer forensics

Question 15

Q

Fill in the blank: Security information and _____ management (SIEM) tools enable security professionals to identify and analyze threats, risks, and vulnerabilities.

event

emergency

employer

enterprise

Question 16

Q

What do security professionals typically do with SIEM tools?

Identify and analyze security threats, risks, and vulnerabilities

Locate and preserve criminal evidence

Educate others about potential security threats, risks, and vulnerabilities

Identify threat actors and their locations

Answer

A

Identify and analyze security threats, risks, and vulnerabilities

Question 17

Q

Which of the following statements accurately describe personally identifiable information (PII) and sensitive personally identifiable information (SPII)? Select all that apply.

The theft of PII is often more damaging than the theft of SPII.

Both PII and SPII are vulnerable to identity theft.

An example of PII is someone’s date of birth.

An example of SPII is someone’s financial information.

Answer

A

Both PII and SPII are vulnerable to identity theft.

An example of PII is someone’s date of birth.

An example of SPII is someone’s financial information.

Question 18

Q

What is one way that the Morris worm helped shape the security industry?

It prevented the development of illegal copies of software.

It inspired threat actors to develop new types of social engineering attacks.

It led to the development of computer response teams.

It made organizations more aware of the significant financial impact of security incidents.

Answer

A

It led to the development of computer response teams.

The Morris worm helped shape the security industry because it led to the development of computer emergency response teams, now commonly referred to as computer security incident response teams (CSIRTs).

Question 19

Q

What were the key impacts of the Equifax breach? Select two answers.

Developers were able to track illegal copies of software and prevent pirated licenses.

Millions of customers’ PII was stolen.

The significant financial consequences of a breach became more apparent.

Phishing became illegal due to significant public outcry.

Answer

A

Millions of customers’ PII was stolen.

The significant financial consequences of a breach became more apparent.

The key impacts of the Equifax breach were the fact that millions of customers’ PII was stolen and that the significant financial consequences of a breach became more apparent.

Question 20

Q

Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables.

True

False

Answer

A

False

Social engineering, such as phishing, is a manipulation technique that relies on human error (not computer error) to gain private information, access, or valuables.

Question 21

Q

Fill in the blank: Examples of security _____ include security and risk management and security architecture and engineering.

domains

data

assets

networks

Answer

A

domains

Examples of security domains include security and risk management and security architecture and engineering.

Question 22

Q

A security professional is asked to destroy and dispose of old hard drives that include confidential customer information. Which security domain is this task related to?

Software development security

Communication and network security

Security and risk management

Asset security

Answer

A

Asset security

This task is related to the asset security domain. This domain focuses on managing and securing digital and physical assets, as well as the storage, maintenance, retention, and destruction of data.

Question 23

Q

Your supervisor asks you to audit user permissions for payroll data to ensure no unauthorized employees have access to it. Which security domain is this audit related to?

Asset security

Security assessment and testing

Security operations

Software development security

Answer

A

Security assessment and testing

This is related to security assessment and testing, which often involves regular audits of user permissions to make sure employees and teams have the correct level of access.

Question 24

Q

You are asked to investigate an alert related to an unknown device that is connected to the company’s internal network. After you complete your investigation, you follow company policies and procedures to implement preventative measures that will stop the potential threat posed by the device. Which security domain is this scenario related to?

Asset security

Security architecture and engineering

Software development security

Security operations

Answer

A

Security operations

This is related to the security operations domain, which is focused on conducting investigations and implementing preventative measures. In this scenario, following company policies and procedures to stop the potential threat is an example of taking preventative measures.

Question 25

Q

Fill in the blank: A _____ is malicious code written to interfere with computer operations and cause damage to data.

computer virus

spyware attack

software breach

business disruption

Answer

A

computer virus

Question 26

Q

Which security event, related to the successful infiltration of a credit reporting agency, resulted in one of the largest known data breaches of sensitive information, including customers’ social security and credit card numbers?

LoveLetter attack

Brain virus

Equifax breach

Morris worm

Answer

A

Equifax breach

Question 27

Q

Fill in the blank: Exploiting human error to gain access to private information is an example of _____ engineering.

communication

digital

social

network

Question 28

Q

A security professional conducts internal training to teach their coworkers how to identify a social engineering attack. What types of security issues are they trying to avoid? Select all that apply.

Employees inadvertently revealing sensitive data

Overtaxing systems with too many internal emails

Malicious software being deployed

Phishing attacks

Answer

A

Employees inadvertently revealing sensitive data

Malicious software being deployed

Phishing attacks

Question 29

Q

Which domain involves defining security goals and objectives, risk mitigation, compliance, business continuity, and the law?

Security assessment and testing

Security and risk management

Identity and access management

Security architecture and engineering

Answer

A

Security and risk management

Question 30

Q

Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?

Security and risk management

Identity and access management

Security architecture and engineering

Communication and network security

Answer

A

Security architecture and engineering

Question 31

Q

A security professional is ensuring proper storage, maintenance, and retention of their organization’s data. Which domain does this scenario describe?

Security assessment and testing

Communication and network security

Asset security

Security operations

Answer

A

Asset security

Question 32

Q

Which domain involves conducting, collecting, and analyzing data, as well as conducting security audits to monitor for risks, threats, and vulnerabilities?

Identity and access management

Security and risk management

Security assessment and testing

Communication and network security

Answer

A

Security assessment and testing

Question 33

Q

A security professional is asked to issue a keycard to a new employee. Which domain does this scenario relate to?

Security and risk management

Identity and access management

Communication and network security

Security assessment and testing

Answer

A

Identity and access management

Question 34

Q

Which of the following tasks may be part of the security operations domain? Select all that apply.

Implementing preventive measures

Investigating an unknown device that has connected to an internal network

Using coding practices to create secure applications

Conducting investigations

Answer

A

Implementing preventive measures

Investigating an unknown device that has connected to an internal network

Conducting investigations

Question 35

Q

Fill in the blank: A security _____ is a set of guidelines used for building plans to help mitigate risk and threats to data and privacy.

framework

control

lifecycle

regulation

Answer

A

framework

Security frameworks are guidelines used for building plans to help mitigate risk and threats to data and privacy.

Question 36

Q

An organization requires its employees to complete a new data privacy training program each year to reduce the risk of a data breach. What is this training requirement an example of?

Personally identifiable information (PII)

Security control

Data confidentiality

Cybersecurity Framework (CSF)

Answer

A

Security control

Security controls are safeguards designed to reduce specific security risks.

Question 37

Q

What is a foundational model that informs how organizations consider risk when setting up systems and security policies?

Cybersecurity Framework (CSF)

Confidentiality, integrity, and availability (CIA) triad

Sensitive personally identifiable information (SPII)

General Data Protection Regulation law (GDPR)

Answer

A

Confidentiality, integrity, and availability (CIA) triad

The CIA triad is a foundational model that helps inform how organizations consider risk when setting up systems and security policies.

Question 38

Q

Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk.

True

False

Answer

A

True

Security teams use the NIST CSF as a baseline to manage short and long-term risk. The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

Question 39

Q

An employee trained to handle PII and SPII leaves confidential patient information unlocked in a public area. Which ethical principles does this violate? Select all that apply.

Privacy protections

Laws

Remaining unbiased

Confidentiality

Answer

A

Privacy protections

Laws

Confidentiality

This violates laws, confidentiality, and privacy protections.

Question 40

Q

Fill in the blank: Privacy protection means safeguarding _____ from unauthorized use.

personal information

documentation

compliance processes

business networks

Answer

A

personal information

Privacy protection means safeguarding personal information from unauthorized use. Ensuring user permissions are correct helps prevent individuals from accessing protected information that they are not authorized to access.

Question 41

Q

You receive a text message on your personal device from your manager stating that they cannot access the company’s secured online database. They’re updating the company’s monthly party schedule and need another employee’s birth date right away. Your organization’s policies and procedures state that employee information should never be accessed or shared through personal communication channels. What should you do?

Respectfully decline, then remind your manager of the organization’s guidelines.

Request identification from your manager to ensure the text message is authentic; then, provide the birth date.

Give your manager the employee’s birth date; a party is a friendly gesture.

Ask your manager to provide proof of their inability to access the database.

Answer

A

Respectfully decline, then remind your manager of the organization’s guidelines.

You should respectfully decline and remind your manager of the organization’s guidelines. Your role as a security analyst is to follow the policies and procedures of your company.

Question 42

Q

You work for a U.S.-based utility company that suffers a data breach. Several hacktivist groups claim responsibility for the attack. However, there is no evidence to verify their claims. What is the most ethical way to respond to this incident?

Escalate the situation by involving other organizations that have been targeted.

Improve the company’s defenses to help prevent future attacks.

Conduct cyberattacks against each hacktivist group that claimed responsibility.

Target a specific hacktivist group as a warning to the others.

Answer

A

Improve the company’s defenses to help prevent future attacks.

Defending against future attacks is the most ethical way to approach this situation. Counterattacks are illegal in the U.S. except for by approved employees of the federal government or military personnel.

Question 43

Q

What are some of the primary purposes of security frameworks? Select three answers.

Managing organizational risks

Protecting PII data

Aligning security with business goals

Safeguarding specific individuals

Answer

A

Managing organizational risks

Protecting PII data

Aligning security with business goals

Question 44

Q

Which of the following are core components of security frameworks? Select two answers.

Implementing security processes

Monitoring and communicating results

Managing data requests

Establishing regulatory compliance measures

Answer

A

Implementing security processes

Monitoring and communicating results

Question 45

Q

Fill in the blank: A security professional has been tasked with implementing safeguards to reduce suspicious activity on their company’s network. They use _____ to help them reduce this type of risk.

public websites

private information

security controls

security ethics

Answer

A

security controls

Question 46

Q

You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on integrity, availability, and what else?

Confidentiality

Consent

Communication

Conformity

Answer

A

Confidentiality

Question 47

Q

Fill in the blank: A key aspect of the CIA triad is ensuring that only _____ can access specific assets.

internet providers

social media sites

authorized users

business competitors

Answer

A

authorized users

Question 48

Q

Which of the following statements accurately describe the NIST CSF? Select all that apply.

It is only effective at managing short-term risk.

Security teams use it as a baseline to manage risk.

Its purpose is to help manage cybersecurity risk.

It is a voluntary framework.

Answer

A

Security teams use it as a baseline to manage risk.

Its purpose is to help manage cybersecurity risk.

It is a voluntary framework.

Question 49

Q

Fill in the blank: As a security professional, you monitor the potential threats associated with _____ because they often have access to sensitive information, know where to find it, and may have malicious intent.

disgruntled employees

external vendors

existing customers

governing agencies

Answer

A

disgruntled employees

Question 50

Q

A security professional working at a bank is running late for a meeting. They consider saving time by leaving files on their desk that contain client account numbers. However, after thinking about company guidelines with regards to compliance, the security professional takes the time to properly store the files. Which concept does this scenario describe?

Security ethics

Preserving evidence

Security controls

Public finance

Answer

A

Security ethics

Question 51

Q

Fill in the blank: The ethical principle of _____ involves safeguarding a company database that contains sensitive information about employees.

unrestricted access

non-bias

honesty

privacy protection

Answer

A

privacy protection

Question 52

Q

Fill in the blank: The ethical principle of _____ involves adhering to compliance regulations.

protections

laws

restrictions

guidelines

Question 53

Q

What tool is designed to capture and analyze data traffic within a network?

Structured Query Language (SQL)

network protocol analyzer (packet sniffer)

security information and event management (SIEM)

playbook

Answer

A

network protocol analyzer (packet sniffer)

A packet sniffer, also known as a network protocol analyzer, is a tool designed to capture and analyze data traffic within a network.

Question 54

Q

What type of tool uses dashboards to organize data into categories and allows analysts to identify potential security incidents as they happen?

Linux

Python

SIEM

network protocol analyzers (packet sniffers)

Answer

A

SIEM

SIEM tools use dashboards to organize data into categories and allow analysts to identify potential security incidents, such breaches, as they happen.

Question 55

Q

What can cybersecurity professionals use logs for?

To analyze data traffic within a network

To select which security team members will respond to an incident

To research and optimize processing capabilities within a network

To identify vulnerabilities and potential security breaches

Answer

A

To identify vulnerabilities and potential security breaches

Cybersecurity professionals can use logs to identify vulnerabilities and potential security breaches, as well as other potential security incidents.

Question 56

Q

Fill in the blank: A _____ is a manual that provides details about operational actions.

playbook

Brainscape's Knowledge GenomeTM

(1) Foundations of Cybersecurity Flashcards

Brainscape's Knowledge Genome^TM