(1) Foundations of Cybersecurity Flashcards
Fill in the blank: Cybersecurity is the practice of ensuring _____ by protecting networks, devices, people, and data from unauthorized access or criminal exploitation.
compliance, instructions, and accuracy
continuity, infrastructure, and attainment of business goals
customer trust, increased revenue, and advancement
confidentiality, integrity, and availability of information
confidentiality, integrity, and availability of information
Cybersecurity is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation.
What are the primary responsibilities of an entry-level security analyst? Select three answers.
Monitor systems
Protect information
Create compliance laws
Search for weaknesses
Monitor systems
Protect information
Search for weaknesses
The primary responsibilities of an entry-level security analyst are as follows: Monitor systems, protect information, and search for weaknesses.
Fill in the blank: Performing _____ enables security professionals to review an organization’s security records, activities, and related documents.
software developments
penetration tests
security audits
ethical hacking
security audits
Performing security audits enables security professionals to review an organization’s security records, activities, and related documents.
In what ways do security teams bring value to an organization? Select two answers.
Reducing business productivity
Protecting against external and internal threats
Increasing operational expenses
Achieving regulatory compliance
Protecting against external and internal threats
Achieving regulatory compliance
Achieving regulatory compliance and protecting against external and internal threats are ways that security teams bring value to an organization.
Which of the following proficiencies are transferable skills, likely to be applicable in almost any field? Select three answers.
Problem-solving
Written and verbal communication
Analysis
Programming
Problem-solving
Written and verbal communication
Analysis
Analysis, problem-solving, and written and verbal communication skills are transferable entry-level security analyst skills.
Which of the following proficiencies are technical skills that are needed to become an entry-level security analyst? Select two answers.
Regulation writing
Data analysis
Programming
Collaboration
Programming and data analysis are technical skills, which are needed to become an entry-level security analyst.
Fill in the blank: _____ identify, analyze, and preserve criminal evidence within networks, computers, and electronic devices.
Digital forensic investigators
Business intelligence professionals
Ethical hackers
Security operations center analysts
Digital forensic investigators
Digital forensic investigators identify, analyze, and preserve criminal evidence within networks, computers, and electronic devices.
What are examples of sensitive personally identifiable information (SPII) that cybersecurity professionals need to protect? Select two answers.
Email addresses
Last names
Bank account numbers
Medical records
Bank account numbers
Medical records
Medical records and bank account numbers are examples of sensitive personally identifiable information. SPII is a specific type of PII that requires stricter protections because it can be significantly more damaging to individuals if it is stolen.
Fill in the blank: Cybersecurity aims to protect networks, devices, people, and data from _____ or unauthorized access.
changing business priorities
poor financial management
market shifts
criminal exploitation
criminal exploitation
A security professional collaborates with information technology teams to deploy an application that helps identify risks and vulnerabilities. What does this scenario describe?
Installing detection software
Ethical hacking
Conducting a security audit
Upgrading network capacity
Installing detection software
Someone outside of an organization attempts to gain access to its private information. What type of threat does this scenario describe?
Internal
Ethical
Accidental
External
External
Fill in the blank: Identity theft is the act of stealing _____ to commit fraud while impersonating a victim.
business records
trade secrets
personal information
hardware
personal information
What is regulatory compliance?
Expenses and fines associated with vulnerabilities
Sites and services that require complex passwords to access
Laws and guidelines that require implementation of security standards
Threats and risks from employees and external vendors
Laws and guidelines that require implementation of security standards
Which of the following proficiencies are examples of technical skills? Select two answers.
Automating tasks with programming
Applying computer forensics
Communicating with employees
Prioritizing collaboration
Automating tasks with programming
Applying computer forensics
Fill in the blank: Security information and _____ management (SIEM) tools enable security professionals to identify and analyze threats, risks, and vulnerabilities.
event
emergency
employer
enterprise
event
What do security professionals typically do with SIEM tools?
Identify and analyze security threats, risks, and vulnerabilities
Locate and preserve criminal evidence
Educate others about potential security threats, risks, and vulnerabilities
Identify threat actors and their locations
Identify and analyze security threats, risks, and vulnerabilities
Which of the following statements accurately describe personally identifiable information (PII) and sensitive personally identifiable information (SPII)? Select all that apply.
The theft of PII is often more damaging than the theft of SPII.
Both PII and SPII are vulnerable to identity theft.
An example of PII is someone’s date of birth.
An example of SPII is someone’s financial information.
Both PII and SPII are vulnerable to identity theft.
An example of PII is someone’s date of birth.
An example of SPII is someone’s financial information.
What is one way that the Morris worm helped shape the security industry?
It prevented the development of illegal copies of software.
It inspired threat actors to develop new types of social engineering attacks.
It led to the development of computer response teams.
It made organizations more aware of the significant financial impact of security incidents.
It led to the development of computer response teams.
The Morris worm helped shape the security industry because it led to the development of computer emergency response teams, now commonly referred to as computer security incident response teams (CSIRTs).
What were the key impacts of the Equifax breach? Select two answers.
Developers were able to track illegal copies of software and prevent pirated licenses.
Millions of customers’ PII was stolen.
The significant financial consequences of a breach became more apparent.
Phishing became illegal due to significant public outcry.
Millions of customers’ PII was stolen.
The significant financial consequences of a breach became more apparent.
The key impacts of the Equifax breach were the fact that millions of customers’ PII was stolen and that the significant financial consequences of a breach became more apparent.
Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables.
True
False
False
Social engineering, such as phishing, is a manipulation technique that relies on human error (not computer error) to gain private information, access, or valuables.
Fill in the blank: Examples of security _____ include security and risk management and security architecture and engineering.
domains
data
assets
networks
domains
Examples of security domains include security and risk management and security architecture and engineering.
A security professional is asked to destroy and dispose of old hard drives that include confidential customer information. Which security domain is this task related to?
Software development security
Communication and network security
Security and risk management
Asset security
Asset security
This task is related to the asset security domain. This domain focuses on managing and securing digital and physical assets, as well as the storage, maintenance, retention, and destruction of data.
Your supervisor asks you to audit user permissions for payroll data to ensure no unauthorized employees have access to it. Which security domain is this audit related to?
Asset security
Security assessment and testing
Security operations
Software development security
Security assessment and testing
This is related to security assessment and testing, which often involves regular audits of user permissions to make sure employees and teams have the correct level of access.
You are asked to investigate an alert related to an unknown device that is connected to the company’s internal network. After you complete your investigation, you follow company policies and procedures to implement preventative measures that will stop the potential threat posed by the device. Which security domain is this scenario related to?
Asset security
Security architecture and engineering
Software development security
Security operations
Security operations
This is related to the security operations domain, which is focused on conducting investigations and implementing preventative measures. In this scenario, following company policies and procedures to stop the potential threat is an example of taking preventative measures.
Fill in the blank: A _____ is malicious code written to interfere with computer operations and cause damage to data.
computer virus
spyware attack
software breach
business disruption
computer virus
Which security event, related to the successful infiltration of a credit reporting agency, resulted in one of the largest known data breaches of sensitive information, including customers’ social security and credit card numbers?
LoveLetter attack
Brain virus
Equifax breach
Morris worm
Equifax breach
Fill in the blank: Exploiting human error to gain access to private information is an example of _____ engineering.
communication
digital
social
network
social
A security professional conducts internal training to teach their coworkers how to identify a social engineering attack. What types of security issues are they trying to avoid? Select all that apply.
Employees inadvertently revealing sensitive data
Overtaxing systems with too many internal emails
Malicious software being deployed
Phishing attacks
Employees inadvertently revealing sensitive data
Malicious software being deployed
Phishing attacks
Which domain involves defining security goals and objectives, risk mitigation, compliance, business continuity, and the law?
Security assessment and testing
Security and risk management
Identity and access management
Security architecture and engineering
Security and risk management
Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?
Security and risk management
Identity and access management
Security architecture and engineering
Communication and network security
Security architecture and engineering
A security professional is ensuring proper storage, maintenance, and retention of their organization’s data. Which domain does this scenario describe?
Security assessment and testing
Communication and network security
Asset security
Security operations
Asset security
Which domain involves conducting, collecting, and analyzing data, as well as conducting security audits to monitor for risks, threats, and vulnerabilities?
Identity and access management
Security and risk management
Security assessment and testing
Communication and network security
Security assessment and testing
A security professional is asked to issue a keycard to a new employee. Which domain does this scenario relate to?
Security and risk management
Identity and access management
Communication and network security
Security assessment and testing
Identity and access management
Which of the following tasks may be part of the security operations domain? Select all that apply.
Implementing preventive measures
Investigating an unknown device that has connected to an internal network
Using coding practices to create secure applications
Conducting investigations
Implementing preventive measures
Investigating an unknown device that has connected to an internal network
Conducting investigations
Fill in the blank: A security _____ is a set of guidelines used for building plans to help mitigate risk and threats to data and privacy.
framework
control
lifecycle
regulation
framework
Security frameworks are guidelines used for building plans to help mitigate risk and threats to data and privacy.
An organization requires its employees to complete a new data privacy training program each year to reduce the risk of a data breach. What is this training requirement an example of?
Personally identifiable information (PII)
Security control
Data confidentiality
Cybersecurity Framework (CSF)
Security control
Security controls are safeguards designed to reduce specific security risks.
What is a foundational model that informs how organizations consider risk when setting up systems and security policies?
Cybersecurity Framework (CSF)
Confidentiality, integrity, and availability (CIA) triad
Sensitive personally identifiable information (SPII)
General Data Protection Regulation law (GDPR)
Confidentiality, integrity, and availability (CIA) triad
The CIA triad is a foundational model that helps inform how organizations consider risk when setting up systems and security policies.
Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk.
True
False
True
Security teams use the NIST CSF as a baseline to manage short and long-term risk. The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
An employee trained to handle PII and SPII leaves confidential patient information unlocked in a public area. Which ethical principles does this violate? Select all that apply.
Privacy protections
Laws
Remaining unbiased
Confidentiality
Privacy protections
Laws
Confidentiality
This violates laws, confidentiality, and privacy protections.
Fill in the blank: Privacy protection means safeguarding _____ from unauthorized use.
personal information
documentation
compliance processes
business networks
personal information
Privacy protection means safeguarding personal information from unauthorized use. Ensuring user permissions are correct helps prevent individuals from accessing protected information that they are not authorized to access.
You receive a text message on your personal device from your manager stating that they cannot access the company’s secured online database. They’re updating the company’s monthly party schedule and need another employee’s birth date right away. Your organization’s policies and procedures state that employee information should never be accessed or shared through personal communication channels. What should you do?
Respectfully decline, then remind your manager of the organization’s guidelines.
Request identification from your manager to ensure the text message is authentic; then, provide the birth date.
Give your manager the employee’s birth date; a party is a friendly gesture.
Ask your manager to provide proof of their inability to access the database.
Respectfully decline, then remind your manager of the organization’s guidelines.
You should respectfully decline and remind your manager of the organization’s guidelines. Your role as a security analyst is to follow the policies and procedures of your company.
You work for a U.S.-based utility company that suffers a data breach. Several hacktivist groups claim responsibility for the attack. However, there is no evidence to verify their claims. What is the most ethical way to respond to this incident?
Escalate the situation by involving other organizations that have been targeted.
Improve the company’s defenses to help prevent future attacks.
Conduct cyberattacks against each hacktivist group that claimed responsibility.
Target a specific hacktivist group as a warning to the others.
Improve the company’s defenses to help prevent future attacks.
Defending against future attacks is the most ethical way to approach this situation. Counterattacks are illegal in the U.S. except for by approved employees of the federal government or military personnel.
What are some of the primary purposes of security frameworks? Select three answers.
Managing organizational risks
Protecting PII data
Aligning security with business goals
Safeguarding specific individuals
Managing organizational risks
Protecting PII data
Aligning security with business goals
Which of the following are core components of security frameworks? Select two answers.
Implementing security processes
Monitoring and communicating results
Managing data requests
Establishing regulatory compliance measures
Implementing security processes
Monitoring and communicating results
Fill in the blank: A security professional has been tasked with implementing safeguards to reduce suspicious activity on their company’s network. They use _____ to help them reduce this type of risk.
public websites
private information
security controls
security ethics
security controls
You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on integrity, availability, and what else?
Confidentiality
Consent
Communication
Conformity
Confidentiality
Fill in the blank: A key aspect of the CIA triad is ensuring that only _____ can access specific assets.
internet providers
social media sites
authorized users
business competitors
authorized users
Which of the following statements accurately describe the NIST CSF? Select all that apply.
It is only effective at managing short-term risk.
Security teams use it as a baseline to manage risk.
Its purpose is to help manage cybersecurity risk.
It is a voluntary framework.
Security teams use it as a baseline to manage risk.
Its purpose is to help manage cybersecurity risk.
It is a voluntary framework.
Fill in the blank: As a security professional, you monitor the potential threats associated with _____ because they often have access to sensitive information, know where to find it, and may have malicious intent.
disgruntled employees
external vendors
existing customers
governing agencies
disgruntled employees
A security professional working at a bank is running late for a meeting. They consider saving time by leaving files on their desk that contain client account numbers. However, after thinking about company guidelines with regards to compliance, the security professional takes the time to properly store the files. Which concept does this scenario describe?
Security ethics
Preserving evidence
Security controls
Public finance
Security ethics
Fill in the blank: The ethical principle of _____ involves safeguarding a company database that contains sensitive information about employees.
unrestricted access
non-bias
honesty
privacy protection
privacy protection
Fill in the blank: The ethical principle of _____ involves adhering to compliance regulations.
protections
laws
restrictions
guidelines
laws
What tool is designed to capture and analyze data traffic within a network?
Structured Query Language (SQL)
network protocol analyzer (packet sniffer)
security information and event management (SIEM)
playbook
network protocol analyzer (packet sniffer)
A packet sniffer, also known as a network protocol analyzer, is a tool designed to capture and analyze data traffic within a network.
What type of tool uses dashboards to organize data into categories and allows analysts to identify potential security incidents as they happen?
Linux
Python
SIEM
network protocol analyzers (packet sniffers)
SIEM
SIEM tools use dashboards to organize data into categories and allow analysts to identify potential security incidents, such breaches, as they happen.
What can cybersecurity professionals use logs for?
To analyze data traffic within a network
To select which security team members will respond to an incident
To research and optimize processing capabilities within a network
To identify vulnerabilities and potential security breaches
To identify vulnerabilities and potential security breaches
Cybersecurity professionals can use logs to identify vulnerabilities and potential security breaches, as well as other potential security incidents.
Fill in the blank: A _____ is a manual that provides details about operational actions.
playbook
directory
case history
checklist
playbook
A playbook is a manual that provides details about operational actions. Playbooks provide guidance when handling a security incident before, during, and after it has occurred.
What do security professionals use to interact with and request information from a database?
Linux
Python
Structured Query Language (SQL)
Confidentiality, integrity, availability (CIA) triad
Structured Query Language (SQL)
Security professionals use Structured Query Language (SQL) to interact with and request information from a database.
What is programming typically used for? Select two answers.
Enable open-source operations
Complete repetitive tasks and processes
Record events that occur within an organization’s systems
Create a specific set of instructions for a computer to execute tasks
Complete repetitive tasks and processes
Create a specific set of instructions for a computer to execute tasks
Programming is typically used to complete repetitive tasks and processes and create a specific set of instructions for a computer to execute tasks.
Fill in the blank: Linux is an open-source _____ that can be used to examine logs.
programming language
operating system
database
algorithm
operating system
Linux is an open-source operating system that can be used to examine logs.
A playbook is a manual that only provides details about how to respond to an incident.
True
False
False
A playbook is a manual that provides details about any operational action, including incident response, security or compliance reviews, access management, and many other organizational tasks that require a documented process from beginning to end.
Which of the following statements correctly describe logs? Select two answers.
A log is used as a formal guide to incident response.
A business might log each time an employee signs into their computer.
A log is a record of events that occur within an organization’s systems.
Security professionals use logs to visualize data.
A business might log each time an employee signs into their computer.
A log is a record of events that occur within an organization’s systems.
Which of the following tasks can be performed using SIEM tools? Select three answers.
Collecting and analyzing data
Helping security analysts identify potential breaches
Requesting security data from government agencies
Providing alerts for specific types of risks and threats
Collecting and analyzing data
Helping security analysts identify potential breaches
Providing alerts for specific types of risks and threats
A cybersecurity analyst needs to collect data from multiple places to analyze filtered events and patterns. What type of tool should they use?
network protocol analyzer (packet sniffer)
Playbook
Linux operating system
Security information and event management (SIEM)
Security information and event management (SIEM)
Fill in the blank: Security professionals use _____ to help them manage a security incident before, during, and after it has occurred.
spreadsheets
playbooks
programming
charts
playbooks
As a security analyst, you are monitoring network traffic and detect a large number of failed login attempts. Which of the following tools would help you investigate this incident? Select two answers.
An antivirus software
A network protocol analyzer (packet sniffer)
A cryptographic encoder
An intrusion detection system (IDS)
A network protocol analyzer (packet sniffer)
An intrusion detection system (IDS)
What are some key benefits of programming languages? Select all that apply.
They execute repetitive processes accurately.
They install security hardware.
They filter through data points faster than humans can working manually.
They can be used to create a specific set of instructions for a computer to execute tasks.
They execute repetitive processes accurately.
They filter through data points faster than humans can working manually.
They can be used to create a specific set of instructions for a computer to execute tasks.
A security team wants to examine logs to understand what is occurring within their systems. Why might they choose Linux to perform this task? Select two answers.
It is open source.
It is an efficient programming language.
It allows for text-based commands by users.
It is proprietary.
It is open source.
It allows for text-based commands by users.
Fill in the blank: Security professionals can use _____ to interact with and request information from a database.
SQL
network protocol analyzers (packet sniffers)
logs
playbooks
SQL
