Section 1 - Cybersecurity

Question 1

What are 3 Core Security Objectives that focuses on Protecting Systems and Data?

Confidentiality, Integrity, Availability
Confidentiality, Risk, Authentication
Vulnerability, Exploit, Threat
Non-Repudiation, Integrity Access
Confidentiality, Risk, Availability

Answer 1

Confidentiality, Integrity, Availability

Question 2

What is an expected capability of the GRC Function? (Select All that Apply)

Security Ops
Compliance and Audit
Incident Response
Pen Testing
Risk Analysis

Answer 2

Compliance and Audit

Risk Analysis

Question 3

What technology allows computers to communicate with each other?

Endpoints
Servers
Exploitation
Networking

Answer 3

Networking

Question 4

What threats must a GRC Analyst consider? (Select All that Apply)

Human-Based
Environmental
Natural
Thought

Answer 4

Human-Based
Environmental
Natural

Question 5

What is the typical motivation for a Hactivist based Threat Actor?

Financial
Espionage
Political/Ideological
Curiosity

Answer 5

Political/Ideological

Question 6

What is the CIA Triad?

Confidentiality, Risk, Authentication
Vulnerability, Exploit, Threat
Confidentiality, Integrity, Availability
Non-Repudiation, Integrity Access
Confidentiality, Risk, Availability

Answer 6

Confidentiality, Integrity, Availability

Question 7

Only the people who should have access, do have access. No one else. - Is What?

Answer 7

Confidentiality

Question 8

Data/Systems/Apps are exactly what it should be - Is what?

Answer 8

Integrity

Question 9

The System is there when you need it - Is what?

Answer 9

Availability

Question 10

What are the 5 Layers of NIST Framework?

Answer 10

Identify
Protect
Detect
Respond
Recover

Question 11

Weakness in a Person, Process, Technology.
Not all _________ are Exploitable, but they are still Weaknesses.

What is this?

Answer 11

Vulnerability

Question 12

An attack on a Vulnerability is what?

Answer 12

Exploit

Question 13

How likely and how bad an Exploited Vulnerability is.
All Exploits are BAD, but some could be Low _____, while others are High.
How bad is the Impact?
You can’t close all the ______, you have to calculate the _______ and prioritize High/Med/Low.

What is this?

Answer 13

Risk

Question 14

An actively Exploited Vulnerability is?

Answer 14

Incident

Question 15

Malicious Software, bad guys write the Software, intended to Exploit Vulnerabilities, resulting in an Incident.

What is this?

Answer 15

Malware

Question 16

3 Key Areas for Protecting/Securing Data/Systems/Info - what are they?

Answer 16

People (Staff, Vendors, Maintenance Workers, Guests interacting with the Business, it’s not just Staff that work at the Company, but anyone interacting with the Company.)

Process (All businesses have Processes that are Executed by People.)

Technology (Systems, Apps, Mobile Devices, Cloud, Interconnections - Client Server, B2B, etc..)

Question 17

What does the term “Left of Boom” Mean?

Answer 17

Cybersecurity activities that occur before an Incident.

Question 18

How many Layers are there in the OSI Model?

Answer 18

7

Question 19

What Two Network Layers are related to TCP/IP?

Answer 19

Network Layer & Transport Layer

Question 20

What does DNS do?

Answer 20

DNS Translates Domain Names to IP Addresses.

Question 21

In general, what does a GRC do?

Answer 21

Bolsters defenses, react and handle bad situations.
Limit negative consequences and impact from bad situations.
Can be both Operational and Administrative.
Identify and Protect

Question 22

Name 5 Key Activities of a GRC?

Answer 22

Compliance and Audit - Are we Compliant, can we Demonstrate?
Security Awareness - Mitigating Risk from People
Assess Risk - Are we at Risk? Should we invest in Security?
Install Governance - Policy, Procedures, Standards
Speak “Security” for the Business

Question 23

Know the Enemy - 3 Categories of Threats?

Answer 23

Natural - Nature, Earthquakes, Tsunami, Wildfires, Tornados, etc. etc.. that threaten Protected Assets

Environmental - Air Conditioning, Sprinkler Systems, Water Main Breaks, things in the environment that can threaten Protected Assets.

Human Threats - Cyber Criminals, Hackers, etc..

Question 24

Name 5 Categories of Human Threats?

Answer 24

APT - Advanced Persistent Threats: Well-Funded, Targeted/Tailored Attacks, Nation States, lots of Resources, Experts.

Cyber Criminals - Financial Motivations, Ransomware, Malware, attack Supply Chains, Dark Web Hosting Services. N-Day, they exploit 0-Day Vulnerabilities. Persistent Attacks.

Hacktivists - Political/Ideological Motivations, Denial of Service, Disclosure/Revelation Leaks.

Script Kiddies - Financial, Revenge, Curiosity Motivated. Point and Click, Automated Attacks.

Insider Threats - Financial, can be Good Intentioned, Curiosity. Access and Collection of Data, Exploit of Interconnected Systems. Detailed Understanding of Business Opts. Social Engineering Attacks.