A1

Question 1

What are the three objective groups under COSO and what do they do?

Answer 1

1. Compliance objectives
   based on adherence to governmental laws and compliance regulations. As it relates to cybersecurity, this includes compliance with industry standards such as NIST, HIPPA, and GDR.
2. Operating objectives
   They focus on the effectiveness and efficiency of business operations.
   Include performance measures and safeguards that can help increase the likelihood that an organization’s IT assets are protected against cybersecurity threats and fraud.
3. Reporting objectives\
   focus on transparency, reliability, timeliness, and trustworthiness as determined by standard setting bodies, regulators, and an organization’s own policies.
   Increasing the likelihood that cybersecurity controls are in place so that they do not affect internal and external financial and non-financial reporting.

Question 2

What does a VPN do?

Answer 2

Provides an encrypted communication tunnel across the internet that allows remote users secure access to a network.

Question 3

What does a Pocket Switch network do?

Answer 3

Allows transmission of data across a shared network and not the internet.

Question 4

What is digital inscription?

Answer 4

The broad idea of encoding a message and not really the specifics through where the information is being transmitted.

Question 5

What is Need to Know?

Answer 5

Only given what they must know for the job.
Focuses on data needed to perform a job.

Question 6

What is Least Privilege?

Answer 6

Minimal authority is given.
The applications needed to perform the job.

Question 7

What does NIST do?

Answer 7

Establish a zero-trust network.

Question 8

What is a digital signature?

Answer 8

Not very protective.
Electronic stamp of authentication that is usually encrypted and attached to a message.

Question 9

What are biometrics?

Answer 9

No Voice authentication!!
The use of human physical characteristics or impressions (Fasce recognition or fingerprints)

Question 10

What is a token?

Answer 10

A Form of multifactor authentication where the token is what gives you that secondary PIN.

Question 11

What is context-aware authentication?

Answer 11

Identifies devise’s location, time of access, and IP location so that people can’t access data outside of the company.

Question 12

What is a digital Certificate?

Answer 12

A form of verification that works almost like a passport of license set up by the organization.

Question 13

What is Batch Processing?

Answer 13

Not a form of access control or denial just an information processor.
Batch processing procedures include collection and grouping of input documents/transactions by type of transaction.

Question 14

What is the Defense-in-depth cybersecurity strategy?

Answer 14

Focuses on multilayer security containing more than one for of authentication not just technological but physical as well.

Question 14

What does the Identify NIST cybersecurity framework function do?

Answer 14

Supports the location and identification of vulnerabilities in a system.

Question 15

What is Discretionary access control?

Answer 15

Owners can grant access to others based on their own judgement or delegate tasks to other custodians as the owner sees fit.

Question 16

What is Role based access control?

Answer 16

Administer access based on a user’s job role instead of individually assigning permissions.

Question 17

What is a rule-based access control?

Answer 17

Access to areas, devices, or databases according to a predetermined set of rules or access permissions independent of the user’s role or position within the organization.

Question 18

What is an access control list (ACL)?

Answer 18

A list of rules that outlines which users have permission to access certain resources, such as a file, folder, directory, or other IT resource.

Question 19

What is asymmetric and symmetric encryption?

Answer 19

Asymmetric is when information is sent with a private key and a public key. (One to encrypt and another to decrypt)

Symmetric sends information with only a one key

Question 20

What is data obfuscation?

Answer 20

The process of replacing production data or sensitive information with data the is less valuable to unauthorized users.

Question 21

What is data masking?

Answer 21

A form of encryption that keeps the data in the same format but covers up a part of the data -*-4567

Question 22

What is data Tokenization?

Answer 22

Form of encryption when data is randomized, and a token can reverse it 1234 input key 5749.

Question 23

What is encryption?

Answer 23

The randomization of a data set that can be brought back to normal using a key.

Question 24

What is cypher?

Answer 24

The application of encryption algorithms.
result of applying encryption algorithms that encode unencrypted messages into an encrypted form.

Question 25

What is hashing?

Answer 25

Primarily used for data integrity verification.