Cybersecurity

Question 1

What institute has instilled a framework for best practices in managing cyber security risks?

Answer 1

National Institute of Standards and Technology (NIST)

Question 2

What are the five functions the National Institute of Standards and Technology (NIST) bases their framework for cybersecurity on?

Answer 2

• Identify
• Protect
• Detect
• Respond
• Restore

Question 3

To “know how you can be attacked” refers to what function in the NIST cybersecurity framework?

Answer 3

Identify

Question 4

To “put controls in place to prevent the attack” refers to what function in the NIST cybersecurity framework?

Answer 4

Protect

Question 5

To “put controls in place to know when you’ve been attacked” refers to what function in the NIST cybersecurity framework?

Answer 5

Detect

Question 6

To “know how you can stop the attack once it’s been detected” refers to what function in the NIST cybersecurity framework?

Answer 6

Respond

Question 7

To “plan how you will restore normal operations” refers to what function in the NIST cybersecurity framework?

Answer 7

Restore

Question 8

In the context of cybersecurity, what keyword is used to “refer to the idea that data is there when it’s needed”?

Answer 8

Availability

Question 9

In the context of cybersecurity, what keyword is used to “refer to the idea that data is accurate and hasn’t been tampered with”?

Answer 9

Integrity

Question 10

In the context of cybersecurity, what keyword is used to “refer to the idea that data is only accessible by authorized people”?

Answer 10

Confidentiality

Question 11

In the context of cybersecurity, what keyword is used to “refer to a set of data that has value to the organization”?

Answer 11

Information asset

Question 12

In the context of cybersecurity, what keyword is used to “refers to services used or goods purchased to prevent a threat actor from exploiting a vulnerability”?

Answer 12

Control

Question 13

What form of cyberattack makes things unavailable to authorized users?

Answer 13

Denial of Service (DoS)

Question 14

What form of cyberattacked tricks users into divulging their credentials to an attacked?

Answer 14

Phishing

Question 15

What are six key cybersecurity controls?

Answer 15

• Patch updates
• Application whitelisting
• System hardening
• Least privileged access
• MFA authentication
• Backup systems and data

Question 16

List three ways malicious actors harm organizations

Answer 16

• Unauthorized access
• Data unavailability
• Data tampering

Question 17

What three terms ensure data is protected & accurate?

Answer 17

• Availability
• Integrity
• Confidentiality

Question 18

What process estimates the attack probability and impact a service provides, prioritizing issues found?

Answer 18

Cyber risk assessment

Question 19

Three ways attackers compromise systems?

Answer 19

• Exploit misconfigurations
• Exploit software vulnerabilities
• Use real credentials

Question 20

In the context of Cyber Security, what are three control types?

Answer 20

• Preventative (e.g., passwords, updates, training)
• Detective (e.g., antivirus, monitoring)
• Corrective (e.g., incident response, data recovery)

Question 21

In the context of Cyber Security, what are controls? Why are they important?

Answer 21

Technical/procedural defenses to mitigate vulnerabilities and reduce cyber risk.

Question 22

Steps in a cyber risk assessment?

Answer 22

1. Identify assets.
2. Identify threats.
3. Assess vulnerabilities.
4. Analyze impact.
5. Determine likelihood.
6. Prioritize risks.