Cisco 1

Question 1

the ongoing effort to protect these networked systems and all of the data from unauthorized use or harm

Answer 1

Cybersecurity

Question 2

Your Data

Answer 2

1. Data on your computing devices
2. medical data
3. employment
4. information online
5. your identity
6. education data
7. financial data

Question 3

Every time you go to the doctor’s office, more information is added to your electronic health records (EHRs). The prescription from your family doctor becomes part of your EHR. Your EHR includes your physical health, mental health, and other personal information that may not be medically-related.

Answer 3

Medical Records

Question 4

As you progress through your education, information about your grades and test scores, your attendance, courses taken, awards and degrees rewarded, and any disciplinary reports may be in your education record. This record may also include contact information, health and immunization records, and special education records including individualized education programs (IEPs).

Answer 4

Education Records

Question 5

Your financial record may include information about your income and expenditures. Tax records could include paycheck stubs, credit card statements, your credit rating and other banking information. Your employment information can include your past employment and your performance.

Answer 5

Employment and Financial Records

Question 6

Your computing devices do not just store your data. Now these devices have become the portal to your data and generate information about you.

Answer 6

Your Computing Devices

Question 7

Besides stealing your money for a short-term monetary gain, the criminals want long-term profits by stealing your identity.

Answer 7

They Want Your Identity

Question 8

Your online credentials are valuable. These credentials give the thieves access to your accounts. You may think the frequent flyer miles you have earned are not valuable to cybercriminals

Answer 8

They Want Your Money

Question 9

Types of Organizational Data

Answer 9

1. Traditional Data
2. Internet of Things and Big Data

Question 10

• Corporate data includes personnel information, intellectual properties, and financial data.
• The personnel information includes application materials, payroll, offer letters, employee agreements, and any information used in making employment decisions. Intellectual property, such as patents, trademarks and new product plans, allows a business to gain economic advantage over its competitors.

Answer 10

Traditional Data

Question 11

• With the emergence of the Internet of Things (IoT), there is a lot more data to manage and secure. IoT is a large network of physical objects, such as sensors and equipment that extend beyond the traditional computer network
• This data has created a new area of interest in technology and business called “Big Data”.

Answer 11

Internet of Things and Big Data

Question 12

• Another term for confidentiality would be privacy.
• Company policies should restrict access to the information to authorized personnel and ensure that only those authorized individuals view this data.

Answer 12

Confidentiality

Question 13

• accuracy, consistency, and trustworthiness of the data during its entire life cycle.
• Data must be unaltered during transit and not changed by unauthorized entities.

Answer 13

Integrity

Question 14

used to verify the integrity of files, or strings of characters, after they have been transferred from one device to another across your local network or the Internet.

Answer 14

checksum

Question 15

Maintaining equipment, performing hardware repairs, keeping operating systems and software up to date, and creating backups ensure the availability of the network and data to the authorized users.

Answer 15

Availability

Question 16

The Consequences of a Security Breach

Answer 16

1. ruined reputation
2. vandalism
3. theft
4. revenue lost
5. damaged intellectual property

Question 17

• online password manager
• detected unusual activity on its network in July 2015.
• It turned out that hackers had stolen user email addresses, password reminders, and authentication hashes. Fortunately for the users, the hackers were unable to obtain anyone’s encrypted password vaults

Answer 17

LastPass

Question 18

• The customers had shared photos and used the chat features through the toy tablets.
• The information was not secured properly, and the company website did not support secure SSL communication

Answer 18

Vtech

Question 19

• one of the nationwide consumer credit reporting agencies in the United States.
• The attackers exploited a vulnerability in the Apache Struts web application software. The company believes that millions of U.S. consumers’ sensitive personal data were accessed by the cyber criminals between May and July of 2017.

Answer 19

Equifax Inc.

Question 20

Types of Attackers

Answer 20

1. Amateurs
2. Hackers
3. Organized Hackers

Question 21

application materials. payroll, offer letter, employee agreements

Answer 21

personnel

Question 22

patent, trademarks, product plans, trade secrets

Answer 22

intellectual

Question 23

income statements, balance sheets, cash flow statements

Answer 23

financial

Question 24

large network of physical devices

Answer 24

IoT

Question 25

data from IoT

Answer 25

Big data

Question 26

• These people are sometimes called Script Kiddies.
• They are usually attackers with little or no skill, often using existing tools or instructions found on the Internet to launch attacks.
• Some of them are just curious, while others are trying to demonstrate their skills and cause harm.

Answer 26

Amateurs

Question 27

• This group of attackers break into computers or networks to gain access.
• Depending on the intent of the break-in, these attackers are classified as white, gray, or black hats.

Answer 27

Hackers

Question 28

• attackers break into networks or computer systems to discover weaknesses so that the security of these systems can be improved.
• These break-ins are done with prior permission and any results are reported back to the owner

Answer 28

white hat

Question 30

attackers take advantage of any vulnerability for illegal personal, financial or political gain

Answer 30

black hat

Question 31

• are somewhere between white and black hat attackers
• may report the vulnerability to the owners of the system if that action coincides with their agenda.

Answer 31

Gray hat

Question 32

• These hackers include organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers.
• Cyber criminals are usually groups of professional criminals focused on control, power, and wealth.
• The criminals are highly sophisticated and organized, and they may even provide cybercrime as a service to other criminals.

Answer 32

Organized Hackers

Question 33

• Attacks can be originated from within an organization or from outside of the organization, as shown in the figure.
• An internal user, such as an employee or contract partner, can accidently or intentionally

Answer 33

Internal Security Threats

Question 34

An internal user, such as an employee or contract partner, can accidently or intentionally

Answer 34

• Mishandle confidential data
• Threaten the operations of internal servers or network infrastructure devices
• Facilitate outside attacks by connecting infected USB media into the corporate computer system
• Accidentally invite malware onto the network through malicious email or websites

Question 35

from amateurs or skilled attackers can exploit vulnerabilities in network or computing devices, or use social engineering to gain access.

Answer 35

External Security Threats

Question 36

• Internet-based conflict that involves the penetration of computer systems and networks of other nations.
• These attackers have the resources and expertise to launch massive Internet-based attacks against other nations to cause damage or disrupt services, such as shutting down a power grid
• attacks against an enemy state, causing comparable harm

Answer 36

Cyberwarfare

Question 37

• has become another important dimension of warfare, where nations can carry out conflicts without the clashes of traditional troops and machines.
• This allows countries with minimal military presence to be as strong as other nations in cyberspace

Answer 37

Cyberspace

Question 38

• malware that was designed to damage Iran’s nuclear enrichment plant.

Answer 38

Stuxnet

Question 39

• attack that followed the release of film “The Interview”
• presented a negative portrayal of Kim Jong Un

Answer 39

Sony Pictures Hack

Question 40

• 2007 where Estonia suffered numbe rof significant cyber attacks
• Estonian government websites, media outlets, banks were oveload with masive denial of service

Answer 40

Bronze Soldier

Question 41

• crowdstrike claims that Russian organized cybercrime group to target Ukranian rocker forces

Answer 41

Fancy Bear

Question 42

7 types of cyberwarfare attacks

Answer 42

1. Espionage
2. Sabotage
3. Denial of service attacks
4. Electrical Power Grid
5. Propaganda Attacks
6. Economic Disruption
7. Surprise Attacks

Question 43

• attacks against critical infratructure are common
• Ukrain has been targeted with attacks against its power grid

Answer 43

critical infrastructure attacks

Question 44

deny legitimate user access by overwhelming with spam requests

Answer 44

distributed denial of service attacks
(DDoS)

Question 45

deny access to important files by encrypting or deleting files

Answer 45

ransomware and wipers

Question 46

exploitation happens through SMS

Answer 46

smishing

Question 47

scam execution is through voice call

Answer 47

vishing

Question 48

deliver malware through email

Answer 48

phishing

Question 49

by sowing disinformation to damage nation-state ability to effectively defend itself

Answer 49

propaganda

Question 50

infiltrate government and military networks to collect intelligence

Answer 50

espionage

Question 51

The Purpose of Cyberwarfare

Answer 51

• gain advantage over adversaries, whether they are nations or competitors.
• can sabotage the infrastructure of other nations and cost lives in the targeted nations
• may allow an attacker to pretend to be an authorized user to access sensitive information or equipment.