Cybersecurity Fundamentals Quiz

Questions and Answers

Which of the following is not a term that is part of the history of cybersecurity?

computer security

whizbanger (correct)

information security

IT security

Which of the following is the best definition of cybersecurity?

The protection of information when it is used on a computer system or cybernetic network through the application of good security practices.

The application of improved security practices to protect information on cyber-related systems.

The protection of information in all of its forms, wherever it may exist, through the application of good security practices. (correct)

The protection of computer systems through the application of good security practices.

Which of the following is not one of the identified good security practices?

cybersecurity programming (correct)

cybersecurity technology

cybersecurity training and awareness

cybersecurity policy

What are events or circumstances that have the potential to adversely affect operations and assets?

threats

A person who accesses systems and information without authorization and often illegally is called a(n) _______.

hacker

Which of the following is not one of the three core characteristics of information that give it value?

database

What is the term for a threat that represents a situation where we must rely on technology that cannot be easily replaced?

technological obsolescence

What is the aspect of controlling data access that is NOT one of the four main aspects?

analyze

Who is responsible for storing, maintaining, and protecting information?

data custodians

What type of control is intended to discourage or suppress a possible incident?

deterrent

What type of device regulates the movement of information across networks from the outside world?

firewall

What is a false alarm triggered by an IDPS called?

false positive

What is a software program or hardware appliance that can intercept, copy, and interpret network traffic?

Network protocol analyzer

What is the strategy where an organization decides that an asset is not worth fixing or protecting and removes it?

Acceptance

When a vendor delivers a fix for something that’s not working as it should, it is called a(n) _____.

Patch

Who has primary responsibility for the assessment, management, and implementation of information security in the organization?

Chief Information Security Officer (CISO)

What type of social engineering attack involves emails or phone calls to trick individuals out of information?

Phishing

What is the term for when an adversary steals information and then tries to blackmail the victim into paying for its return?

Information Extortion

What is a senior executive who promotes a project and ensures its support, both financially and administratively, at the highest levels of the organization?

Champion

A good cybersecurity program maintains a careful balance between _____.

Access and Security

What type of threat includes malware such as viruses, worms, and macros, as well as denial of service attacks and script injections?

Software Attacks

What is the term for malicious software elements designed to infect a user’s computer and either steal information or damage the computer?

Viruses and Worms

What is the term for an attack that attempts to overwhelm a computer target’s ability to handle incoming communications?

Denial of Service

What is the term for an attack in which an attacker intercepts a communications stream between two users or systems and inserts himself in the conversation?

A Man-in-the-Middle

What is the term for a situation where technology equipment fails due to various reasons?

technical hardware failure

What is the term for a situation where programming or operating systems fail due to various reasons?

technical software failure

What is the term for a situation where we must rely on technology that cannot be easily replaced?

technological obsolescence

What is the principle of limiting users' access to only the specific information required to perform their assigned jobs?

need-to-know

What is the principle of limiting users' access so that authorized individuals should only have the minimum data access and use rights necessary?

least privilege

Who is/are the individual or group that creates or is responsible for a set of information?

owner

Study Notes

Cybersecurity Terms and Concepts

• Cybersecurity is the practice of protecting systems, networks, and data from unauthorized access, use, disclosure, disruption, modification, or destruction.
• Threat represents a situation that could adversely affect operations and assets.
• Hacker is a person who accesses systems and information without authorization and often illegally.
• Confidentiality, Integrity, and Availability are the three core characteristics that give information value
• Single Point of Failure is a technology that cannot be easily replaced.
• Data Access Control is about restricting access to data based on specific requirements.
• Data Custodian is responsible for storing, maintaining, and protecting information.
• Deterrent Controls are intended to discourage or suppress a possible incident.
• Firewall regulates the movement of information across networks from the outside world.
• False Positive is a false alarm triggered by an Intrusion Detection and Prevention System (IDPS).
• Packet Sniffer is a software program or hardware appliance that can intercept, copy, and interpret network traffic.
• Decommissioning is a strategy where an organization decides that an asset is not worth fixing or protecting and removes it.
• Patch is a vendor-delivered fix for something that's not working correctly.
• Chief Information Security Officer (CISO) has the primary responsibility for the assessment, management, and implementation of information security within an organization.
• Phishing is a social engineering attack that involves emails or phone calls to trick individuals out of information.
• Extortion is an attack where a perpetrator steals information and uses it to blackmail their victim.
• Sponsor is a senior executive that supports and promotes a project, ensuring its financial and administrative backing.
• Security Programs must maintain a balance between security and usability.
• Malware includes viruses, worms, macros, denial of service attacks, and script injections.
• Malware is a malicious element that infects a user’s computer to steal information or damage the computer.
• Denial of Service Attack overwhelms a computer target’s ability to handle incoming communications.
• Man-in-the-Middle Attack intercepts communication between users or systems and inserts itself in the conversation.
• Hardware Failure is when technology equipment fails due to various reasons.
• Software Failure is when programming or operating systems fail due to various reasons.
• Principle of Least Privilege limits users' access to only the information needed to perform their jobs.
• Data Minimization ensures that authorized individuals only have access to the minimum amount of data required.
• Data Owner is the individual or group responsible for creating or managing a set of information.

Description

Test your knowledge of cybersecurity basics, including its history, definitions, and concepts. Identify key terms and understand the scope of cybersecurity.