Chapter 1

Question 1

The three key objectives of cybersecurity programs are?

Answer 1

confidentiality, integrity, and availability

Question 2

Confidentiality ensures that?

Answer 2

unauthorized individuals are not able to gain access to sensitive information

Question 3

Integrity ensures that?

Answer 3

there are no unauthorized modifications to information or systems, either intentionally or unintentionally.

Question 4

Availability ensures that?

Answer 4

information and systems are ready to meet the needs of legitimate users at the time those users request them

Question 5

what is Nonrepudiation?

Answer 5

Nonrepudiation means that
someone who performed some action, such as sending a message, cannot later deny having taken that action

Question 6

what is a common example of nonrepudiation?

Answer 6

Digital Signatures

Question 7

The three key threats to cybersecurity programs are?

Answer 7

disclosure, alteration, and denial. (DAD)

Question 8

Disclosure is also known as?

Answer 8

Data Loss

Question 9

Disclosure is a violation of which principle?

Answer 9

Confidentiality

Question 10

what is the full meaning of PII?

Answer 10

Personal Identifiable Information

Question 11

what is the full meaning of AUP?

Answer 11

Acceptable Use Policy

Question 12

HIPAA stands for?

Answer 12

Health Insurance Portability and Accountability Act

Question 13

——– controls enforce confidentiality, integrity, and
availability in the digital space

Answer 13

Technical

Question 14

examples of technical controls are:

Answer 14

firewall rules, access control lists, intrusion prevention systems, and encryption

Question 15

Operational controls are?

Answer 15

the processes that we put in place to manage technology in a secure manner.

Question 16

user access
reviews, log monitoring, and vulnerability management are examples of?

Answer 16

Operational Controls

Question 17

Managerial controls are?

Answer 17

procedural mechanisms that focus on the mechanics of the risk management process.

Question 18

examples of Managerial controls are?

Answer 18

periodic risk assessments, security planning exercises, and the incorporation of security into the organization’s change management, service acquisition, and project management practices.

Question 19

Physical controls are security controls that impact the physical world. T/F?

Answer 19

True

Question 20

what is the full meaning of PCI DSS?

Answer 20

The Payment Card Industry Data Security Standard

Question 21

Data at rest is?

Answer 21

is stored data that resides on hard drives, tapes, in the cloud, or on other storage media

Question 22

data that is in motion/transit over a network is?

Answer 22

Data in Transit

Question 23

The data stored in memory while processing takes
place is called?

Answer 23

Data in Use

Question 24

—– uses software agents installed on systems that
search those systems for the presence of sensitive information.

Answer 24

Agent-Based DLP

Question 25

Agentless (network-based) DLP systems are?

Answer 25

dedicated devices that sit
on the network and monitor outbound network traffic, watching for any transmissions that contain unencrypted sensitive information.