1.2_ Surveying Cyberspace

Question 1

What is the CIA TRIAD?

Answer 1

These three letters stand for confidentiality, integrity, and availability.

Question 2

The quality of being able to be used or obtained belongs to what part of the triad?

Answer 2

Availability

Question 3

What are some examples of availability attacks?

Answer 3

Hackers taking down a web-connected generator and disabling a critical power supply; using a denial of service attack to bring down a financial service provider’s website, making it impossible for clients to make transactions.

Question 4

Creating regular backups of data is what part of the triad?

Answer 4

Availability

Question 5

The quality of being honest, whole, or undivided is what part of the triad.

Answer 5

Integrity

Question 6

What’s one example of integrity attacks?

Answer 6

Examples of integrity attacks include: intercepting money transfers and changing the dollar amount in “insignificant” ways in order to siphon off the excess; altering university grades to be better or worse.

Question 7

What is the state of being kept secret or private attributed to?

Answer 7

Confidentiality

Question 8

A hospital only allows authorized healthcare personnel within one department access to patient Personal Identifiable Information. When employees move to another department, that access is revoked is what part of the triad?

Answer 8

Confidentiality

Question 9

Only authorized personnel at a company have to write access to certain files. All other employees have only read access to these files is an example of what part of the triad?

Answer 9

Integrity

Question 10

A company employs redundant servers, which means that these systems are duplicated, and in the event of a malfunction, one server will fail over to other.

Answer 10

Availability

Question 11

A hacker uses a man-in-the-middle attack to intercept wireless traffic from users. What part of the triad is this?

Answer 11

Confidentiality

Question 12

The process of identifying, containing and remediating threats on behalf of a company or organization is what cybersecurity domain?

Answer 12

Security operations

Question 13

List all 9 cybersecurity domains

Answer 13

1. Security architecture
2. Security operations
3. Governance:
4. Physical security
5. Threat intelligence
6. Career development:
7. Risk assessment
8. User education
9. Frameworks and standards:

Question 14

Security design that addresses the requirements and potential risks involved in a given scenario or environment. It also specifies when and where to apply security controls is what domain?

Answer 14

Security architecture

Question 15

The framework for managing performance and risk, oversight of compliance and control responsibilities, and defining the cyber mission by mapping the structure, authority, and processes to create an effective program is what domain?

Answer 15

Governance

Question 16

Describe the physical security domain

Answer 16

The protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage. This includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism.

Question 17

Research and analyzation of evidence-based knowledge regarding an existing or emerging menace describe what domain?

Answer 17

Threat intelligence

Question 18

Analyzes what can go wrong, how likely it is to happen, what the potential consequences are, and how tolerable the identified risk describes what domain?

Answer 18

Risk assessment

Question 19

The process of teaching users how to protect themselves from cyber attacks by informing them of risks, exploits, and external threats as well as teaching them the skills needed to combat common attacks describes what domain?

Answer 19

User Education

Question 20

Describe the frameworks and standards domain

Answer 20

The creation of new security frameworks and practices for professionals to adhere to.