Foundations of Cybersecurity Flashcards
(13 cards)
Compliance
is the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches.
Security controls
are safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture.
Security Frameworks
are guidelines used for building plans to help mitigate risks and threats to data and privacy.
Question 1
Fill in the blank: Cybersecurity aims to protect networks, devices, people, and data from _____ or criminal exploitation.
poor financial management
unauthorized access
changing business priorities
market shifts
unauthorized access
What are some key benefits associated with an organization meeting regulatory compliance? Select two answers.
Identifying trends
Avoiding fines
Recruiting employees
Upholding ethical obligations
Avoiding fines
Upholding ethical obligations
What do security professionals typically do with SIEM tools?
Locate and preserve criminal evidence
Identify and analyze security threats, risks, and vulnerabilities
Identify threat actors and their locations
Educate others about potential security threats, risks, and vulnerabilities
Identify and analyze security threats, risks, and vulnerabilities
Which of the following statements accurately describe personally identifiable information (PII) and sensitive personally identifiable information (SPII)? Select all that apply.
An example of SPII is someone’s financial information.
Both PII and SPII are vulnerable to identity theft.
The theft of PII is often more damaging than the theft of SPII.
An example of PII is someone’s date of birth.
Correct
Both PII and SPII are vulnerable to identity theft.
An example of PII is someone’s date of birth.
Watering hole attack
A threat actor attacks a website frequently visited by a specific group of users.
What is one way that the Morris worm helped shape the security industry?
It inspired threat actors to develop new types of social engineering attacks.
It made organizations more aware of the significant financial impact of security incidents.
It led to the development of computer response teams.
It prevented the development of illegal copies of software.
It led to the development of computer response teams.
The Morris worm helped shape the security industry because it led to the development of computer emergency response teams, now commonly referred to as computer security incident response teams (CSIRTs).
Fill in the blank: Examples of security _____ include security and risk management and security architecture and engineering.
data
assets
networks
domains
Domain
Examples of security domains include security and risk management and security architecture and engineering.
A security professional is asked to destroy and dispose of old hard drives that include confidential customer information. Which security domain is this task related to?Question 2
A security professional is asked to destroy and dispose of old hard drives that include confidential customer information. Which security domain is this task related to?
Security and risk management
Communication and network security
Asset security
Software development security
Assets Security
Your supervisor asks you to audit user permissions for payroll data to ensure no unauthorized employees have access to it. Which security domain is this audit related to?
Security assessment and testing
Software development security
Security operations
Asset security
Security assessment and testing
