IT1914 Information Systems Security

Questions and Answers

What is the primary role of a security architect?

• To assess security policies
• To consult with clients on security measures
• To design and implement complex security systems (correct)
• To monitor network traffic

A cybersecurity professional exclusively works in IT departments.

False (B)

What type of consultation do security consultants provide?

They provide advice on security measures and policies to protect assets.

A career in cybersecurity often leads to high-demand positions such as __________.

security analyst

Match the following cybersecurity roles with their responsibilities:

Security Architect = Designs security systems Security Consultant = Advises on security policies Security Analyst = Monitors for threats Penetration Tester = Identifies vulnerabilities

What is the main goal of cybersecurity?

To protect against digital attacks (B)

Cybersecurity professionals only focus on the technical aspects of security.

False (B)

Name one task of cybersecurity professionals.

Analyzing and evaluating threats.

A successful cybersecurity approach has multiple layers of protection spread across _____ .

computers, networks, programs, or data

Which of the following career paths involves anticipating hacker tactics?

Security Architect (C)

Security consultants create contingency plans for when security breaches occur.

True (A)

What is one characteristic of a successful Security Architect?

Ability to think like a hacker.

Match the following cybersecurity roles with their descriptions:

Security Architect = Maintains computer system security Security Consultant = Advises on security measures and contingency plans Security Analyst = Evaluates security threats and organization response Chief Information Security Officer = Oversees the overall information security strategy

What is the main purpose of obfuscation in cyber attacks?

To confuse and disorient forensic experts (A)

Obfuscation is considered the first stage of a cyber attack.

False (B)

Name one technique hackers use for successful obfuscation.

Log cleaning

Malicious programs allow attackers to hide in multiple systems and regain access through __________.

obfuscation

Which of the following is NOT a cybersecurity risk impacting organizations?

Obsolescence of hardware (C)

Match the following cybersecurity risks with their descriptions:

Technology = Brings vulnerabilities due to digital transformation Supply Chain = New openings into chains due to third-party reliance Internet of Things (IoT) = Potential security risk from numerous devices Operational Data = Exposed data from mobile and edge devices

What is essential for companies to address IoT security risks in the future?

Effective inventory and monitoring process

The rapid expansion of operational data will decrease cyber risks.

False (B)

What is the primary goal of phishing?

To steal sensitive data (B)

Paying a ransom guarantees the recovery of files.

False (B)

What are remote administration tools used for?

To grant hackers control over the infected computer.

_____ are malware that tracks keystrokes, enabling attackers to steal login credentials.

Keyloggers

Which of the following is associated with the buying and selling of malware?

Crimeware (C)

Unpatched systems are more secure than updated systems.

False (B)

What is Social Engineering?

A tactic to trick a user into revealing sensitive information.

Match the following cyber threats with their descriptions:

Phishing = Fraudulent emails to steal data Malware = Software designed to cause damage Crimeware = Trading malware on the Dark Web Crypting services = Encrypting malware to evade detection

Which of the following is NOT a security mechanism used to ensure data integrity?

Access control lists (ACLs) (C)

Data integrity can be compromised by non-human-caused events such as server crashes.

True (A)

What is the purpose of implementing redundancy in information systems?

To mitigate serious consequences during hardware issues.

________ ensures that information and resources are available to those who need them.

Availability

Match the following security measures with their corresponding focus area:

Access control lists = Authorization and access management Data encryption = Data integrity Redundant systems = Availability Hashing = Data integrity

What is the main goal of Data Classification Standards?

To establish a framework for classifying data based on sensitivity (D)

Data classification has no impact on security controls.

False (B)

Name one method used to implement availability.

Hardware maintenance, software patching, or network optimization.

Study Notes

Cybersecurity Overview

• Cybersecurity protects systems, networks, and programs from digital attacks aimed at sensitive information.
• Effective cybersecurity involves multiple layers of protection across technology, processes, and people within an organization.

Cybersecurity Professionals Tasks

• Stay updated on technology and security threats through various mediums.
• Analyze and evaluate potential threats continuously.
• Conduct comprehensive system checks to identify vulnerabilities.
• Implement security measures and establish protocols.
• Create reports for stakeholders regarding security matters.
• Educate employees about security importance and best practices.

Cybersecurity Career Paths

• Security Architect: Responsible for maintaining computer system security, anticipating hacker tactics, and staying updated on security developments.
• Security Consultant: Advises and supervises security measures, assesses threats, and develops contingency plans for breaches.

Cyberattack Anatomy

• Malicious Software: Allows attackers to remain undetected while regaining access to systems.
• Obfuscation: Techniques used by hackers to hide the origins of an attack, such as spoofing and log cleaning.

Cybersecurity Risks

• Technology Risks: Digital transformation increases vulnerabilities; organizations must manage new sets of risks.
• Supply Chain Risks: Increasing reliance on third-party vendors opens new pathways for cyberattacks.
• Internet of Things (IoT): Growing IoT device integration creates additional security challenges; companies must improve monitoring and management.
• Ransomware and Malware: Paying ransom doesn’t guarantee file recovery; malware includes various threats like spyware and trojans.

Common Cyberattack Methods

• Social Engineering: Manipulating users into revealing sensitive information.
• Phishing: Fraudulent emails designed to steal personal data.
• Crypting Services: Tools to encrypt malware, making it harder to detect.
• Remote Administration Tools: Malware that allows attackers to control infected systems.
• Keyloggers: Track keystrokes to steal confidential information.

CIA Triad Principles

• Confidentiality: Protects sensitive information from unauthorized access through encryption and access controls.
• Integrity: Ensures information remains accurate and unaltered; achieved via data encryption and hashing.
• Availability: Ensures information is accessible to authorized users; maintained through redundant systems and proper hardware/software upkeep.

Data Classification Standards

• Establish a framework for classifying data based on sensitivity and value.
• Understanding the data management lifecycle involves continuously assessing and reclassifying data as necessary.

Description

This quiz covers the crucial aspects of cybersecurity, focusing on the roles and tasks of cybersecurity professionals. Participants will explore the importance of protecting systems, networks, and programs against various digital attacks. Understanding these principles is essential for anyone entering the field of information systems security.