1.Learning Aim C1

Question 1

What is a cybersecurity protection plan?

Answer 1

A plan that assesses the vulnerabilities within a network and devices

Question 2

Who can perform vulnerability assessments?

Answer 2

Internal teams or external groups such as white-hat hackers

Question 3

What is the purpose of independent third-party reviews?

Answer 3

To verify that all vulnerabilities and threats are mitigated in system designs

Question 4

What is penetration testing?

Answer 4

Simulating a cyber attack to identify vulnerabilities in a system or network

Question 5

What do port scanners do?

Answer 5

Scan a computer for open ports that may be exploited by hackers

Question 6

What is the function of a registry checker?

Answer 6

Performs backups of the registry and checks for errors on start-up

Question 7

What do website vulnerability scanners search for?

Answer 7

Vulnerabilities such as cross-site scripting (XSS), SQL injection, and insecure server configuration

Question 8

What is vulnerability detection and management software?

Answer 8

Software that analyzes IT systems for threats and identifies key flaws

Question 9

What does assessing user vulnerabilities involve?

Answer 9

Auditing access requirements, training completed, and complexity of passwords set by staff

Question 10

What are the benefits of third-party reviews?

Answer 10

Access to specialist cybersecurity skills and cost savings from preventing attacks

Question 11

What is the role of a white-hat hacker?

Answer 11

A specialist who performs penetration testing for organizations

Question 12

What is the OWASP Top 10?

Answer 12

A list identifying the most common threats to web applications

Question 13

Fill in the blank: Injection flaws involve an interpreter being tricked into executing _______.

Answer 13

unauthorized commands

Question 14

Fill in the blank: Broken authentication allows for _______ to be exploited.

Answer 14

passwords, keys, and session tokens

Question 15

Fill in the blank: Sensitive data exposure occurs when data lacks sufficient _______.

Answer 15

protections

Question 16

Fill in the blank: Security misconfiguration includes insecure default _______.

Answer 16

configurations

Question 17

True or False: Cross-site scripting involves executing scripts to hijack user sessions.

Answer 17

True

Question 18

What are the consequences of insufficient logging and monitoring?

Answer 18

Allows continuous attacks, leading to further data tampering and destruction