Cybersecurity Fundamentals Quiz

Questions and Answers

A denial-of-service (DoS) attack occurs when legitimate _________ are unable to access ________, ______ or other network resources due to the actions of malicious cyber threat factors.

users, Information systems, devices

Which of the following certifications would satisfy IAM level II and IAM level III?

CEH

CISSP

CompTIA A+

Security+ (correct)

Which of the following categories require a privileged access agreement?

End Users

Guests

Contractors

IA Management (correct)

In accordance with AR 25-2, whose responsibility is it to ensure all users receive initial and annual IA awareness training?

IASO

A ________ and _________ are network infrastructure devices.

All

Shoulder Surfing is a good thing because people can get valuable information. You should never try to protect against this behavior.

False

What is the current DoD repository for sharing security authorization packages and risk assessment data with Authorizing officials?

Army Portfolio Management System (APMS)

What are the three main cloud computing service models?

Software as a Service, Platform as a Service, Infrastructure as a Service

Interoperability is a weakness in Cloud Computing.

True

Encryption is a way to send a message in ____________.

code

What is a Distributed Denial-of-Service attack?

It occurs when multiple machines are operating together to attack one target.

What are the four objectives of planning for security?

Identify, design, test, and monitor

What is a Virtual Private Network used for?

Allows employees to connect securely to their network when away from the office.

A precursor is a sign that an incident may occur in the future.

True

What are the two common denial-of-service attacks?

Rootkits and botnets

An indication is a sign that an incident may never occur.

False

SSID stands for?

Service Set Identifier

What does LAMP stand for?

Linux, Apache, MySQL, and PHP

Viruses, Worms, and Trojan horses are types of malicious code.

True

What are rootkits?

A piece of software that can be installed and hidden on your computer without your knowledge.

How often do all cybersecurity workforce personnel take the Cybersecurity Fundamental training IAW DA PAM 25-2-6?

Every year

How can I protect myself against fake antiviruses?

All

What does an Incident Response Plan allows for?

A timely and controlled response to security incidents, and attempts to mitigate any damage or loss.

What is website security?

Both A & B

According to DoD 8570.01-M, the IA technical category consists of how many levels?

I, II, & III

Individual networks may be affected by DoS attacks without being directly targeted.

True

_____________ your wireless data prevents anyone who might be able to access your network from viewing it.

Encrypting

Study Notes

Denial-of-Service (DoS) Attacks

• A DoS attack prevents legitimate users from accessing information systems, devices, or network resources due to malicious actions.
• A Distributed Denial-of-Service (DDoS) attack involves multiple machines attacking a single target simultaneously.
• Common types of DoS attacks include rootkits and botnets.

Security Certifications and Training

• Security+ certification meets the requirements for IAM Level II and Level III.
• It is the responsibility of the Information Assurance Security Officer (IASO) to provide initial and annual Information Assurance (IA) awareness training to all users.

Privileged Access and Security Management

• IA Management requires a privileged access agreement to safeguard sensitive information.
• The DoD repository for security authorization packages and risk assessments is the Army Portfolio Management System (APMS).

Cloud Computing

• Three primary cloud computing service models are Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
• Interoperability is identified as a weakness in cloud computing systems.

Security Practices and Tools

• Encryption transforms messages into code to secure data transmission.
• A Virtual Private Network (VPN) allows secure employee connections to company networks remotely.

Incident Management

• Planning for security includes four objectives: identify, design, test, and monitor responses to threats.
• Incident Response Plans facilitate timely and controlled responses to security incidents, minimizing potential damage.

Wireless Security and Data Protection

• SSID stands for Service Set Identifier, used to identify Wi-Fi networks.
• Encrypting wireless data secures it from unauthorized access.

Malware and Computer Security

• Viruses, worms, and Trojan horses are all types of malicious code posing risks to systems.
• Rootkits are software that can be covertly installed, remaining hidden from users.

Education and Continuous Training

• Cybersecurity personnel are required to complete Cybersecurity Fundamental training annually as per DA PAM 25-2-6.
• Protections against fake antivirus software encompass multiple strategies and tool implementations.

Indications and Precursors

• A precursor indicates potential future incidents, serving as an early warning system.
• Indications confirm that an incident has occurred or is imminent, contrasting with precursors.

Comprehensive Understanding of Security

• Website security encompasses both technical and procedural safeguards to protect online platforms.
• Individual networks can suffer from DoS attacks without being the direct focus of the attack, highlighting the widespread nature of such threats.

Description

Test your knowledge on key concepts in cybersecurity, including Denial-of-Service attacks, security certifications, privileged access management, and cloud computing. This quiz covers essential principles and practices necessary for securing information systems and networks.