Introduction to Cybersecurity Tools and Cyber Attacks Week Three Flashcards
Encrypting your email is an example of addressing which aspect of the CIA Triad?
Confidentiality
You fail to backup your files and then drop your laptop breaking it into many small pieces. You have just failed to address which aspect of the CIA Triad?
Avaliability
The use of digital signatures is an example of which concept?
Non-repudiation
Trudy forwards a message from Alice to Bob, but changes the timestamp on Alice’s message before sending it to make it look like it came in later. This is a violation of which aspect of the CIA Triad?
Integrity
Managers in the Singapore office at your company can access documents that managers in other offices cannot access, nor can non-manager employees in the Singapore office. Which two access criteria types were likely involved in setting this up?
Physical Location and Groups
In incident management, an event that has a negative impact on some aspect of the network or data is called what?
Incident
In incident management, a data inventory, data classification and data management process are part of which key concept?
E-Discovery
Which phase of the Incident Response Process do steps like Identify cyber security incident, Define objectives and investigate situation and Take appropriate action fall into?
Phase 2: Respond
In the context of security standards and compliance, which two of these items are goals of frameworks and best practices?
They help translate the business needs into technical or operational needs
They seek to improve performance, controls, and metrics
A company document that says employees may not do online shopping while at work would be which of the following?
Policy
Which three of these are compliance standards that must be adhered to by companies is some industries / countries?
SOX, PCI/DSS, and HIPPA
A method of evaluating computer and network security by simulating an attack on a computer system or network from external or internal threats is know as which of the following?
A pentest
The OWASP “Top 10” provides guidance on what?
The top 10 application vulnerabilities reported each year.
Which two key components are part of incident response?
Response Team and Investigation
Which is not part of the Sans Institutes Audit process?
Help to translate the business needs into technical or operational needs
Which key concept to understand incident response is defined as “data inventory, helps to understand the current tech status, data classification, data management, we could use automated systems. Understand how you control data retention and backup.”
E-Discovery
Which is not included as part of the IT Governance process?
Audits
Trudy reading Alice’s message to Bob is a violation of which aspect of the CIA Triad?
Confidentiality
A hash is a mathematical algorithm that helps assure which aspect of the CIA Triad?
Integrity
A successful DOS attack against your company’s servers is a violation of which aspect of the CIA Triad?
Avaliability
Which of these is an example of the concept of non-repudiation?
Alice sends a message to Bob and Bob knows for a certainty that it came from Alice and no one else.
You have been asked to establish access to corporate documents in such a way that they can be read from anywhere, but only modified while the employees are in the office. Which 2 access criteria types were likely involved in setting this up?
Physical location and Transaction type
In incident management, an observed change to the normal behavior of a system, environment or process is called what?
Event
In incident management, tools like SIEM, SOA and UBA are part of which key concept?
Automated System
Which phase of the Incident Response Process do steps like Carry out a post incident review and Communicate and build on lessons learned fall into?
Follow Up
In the context of security standards and compliance, which two of these are considered normative and compliance items?
They serve as an enforcement mechanism for government, industry or clients.
They are rules to follow for a specific industry.
A company document that details how an employee should request Internet access for her computer would be which of the following?
Procedure
Which of these is a methodology by which to conduct audits?
OCTAVE
Mile 2 CPTE Training teaches you how to do what?
Conduct a pentest