Terms

Question 1

Compliance

Answer 1

Is the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches

Question 2

Security Frameworks

Answer 2

Are guidelines used for building plans to help mitigate risks and threats to data and privacy

Question 3

Security Controls

Answer 3

Are safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture

Question 4

Security Posture

Answer 4

Is an organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization

Question 5

Threat Actor

Answer 5

Is any person or group who presents a security risk. This risk can relate to computers, applications, networks, and data. Also known as a malicious attacker.

Question 6

Internal Threat

Answer 6

A current or former employee, external vendor, or trusted partner who poses a security risk

Question 7

Network Security

Answer 7

Is the practice of keeping an organization’s network infrastructure secure from unauthorized access. This includes data, services, systems, and devices that are stored in an organization’s network

Question 8

Cloud Security

Answer 8

The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Question 9

Programming

Answer 9

Is a process that can be used to create a specific set of instructions for a computer to execute tasks. These tasks can include:

-Automation of repetitive tasks (e.g., searching a list of malicious domains)
-Reviewing web traffic
-Alerting suspicious activity

Question 10

Transferable skills (There are 5 of them)

Answer 10

Skills from other areas that can apply to different careers

-Communication
-Problem-solving
-Time management
-Growth mindset
-Diverse perspectives

Question 11

Communication

Answer 11

As a cybersecurity analyst, you will need to communicate and collaborate with others. Understanding others’ questions or concerns and communicating information clearly to individuals with technical and non-technical knowledge will help you mitigate security issues quickly

Question 12

Problem-solving

Answer 12

One of your main tasks as a cybersecurity analyst will be to proactively identify and solve problems. You can do this by recognizing attack patterns, then determining the most efficient solution to minimize risk. Don’t be afraid to take risks, and try new things. Also, understand that it’s rare to find a perfect solution to a problem. You’ll likely need to compromise.

Question 13

Time management

Answer 13

Having a heightened sense of urgency and prioritizing tasks appropriately is essential in the cybersecurity field. So, effective time management will help you minimize potential damage and risk to critical assets and data. Additionally, it will be important to prioritize tasks and stay focused on the most urgent issue

Question 14

Growth mindset

Answer 14

This is an evolving industry, so an important transferable skill is a willingness to learn. Technology moves fast, and that’s a great thing! It doesn’t mean you will need to learn it all, but it does mean that you’ll need to continue to learn throughout your career. Fortunately, you will be able to apply much of what you learn in this program to your ongoing professional development

Question 15

Diverse perspectives

Answer 15

The only way to go far is together. By having respect for each other and encouraging diverse perspectives and mutual respect, you’ll undoubtedly find multiple and better solutions to security problems.

Question 16

Technical skills (There are 5 of them)

Answer 16

Skills that require knowledge of specific tools, procedures, and policies

-Programming languages
-Security information and event management (SIEM) tools
-Intrusion detection systems (IDSs)
-Threat landscape knowledge
-Incident response

Question 17

Programming languages

Answer 17

By understanding how to use programming languages, cybersecurity analysts can automate tasks that would otherwise be very time consuming. Examples of tasks that programming can be used for include searching data to identify potential threats or organizing and analyzing information to identify patterns related to security issues.

Question 18

Security information and event management (SIEM) tools

Answer 18

SIEM tools collect and analyze log data, or records of events such as unusual login behavior, and support analysts’ ability to monitor critical activities in an organization. This helps cybersecurity professionals identify and analyze potential security threats, risks, and vulnerabilities more efficiently.

Question 19

Intrusion detection systems (IDSs)

Answer 19

Cybersecurity analysts use IDSs to monitor system activity and alerts for possible intrusions. It’s important to become familiar with IDSs because they’re a key tool that every organization uses to protect assets and data. For example, you might use an IDS to monitor networks for signs of malicious activity, like unauthorized access to a network.

Question 20

Threat landscape knowledge

Answer 20

Being aware of current trends related to threat actors, malware, or threat methodologies is vital. This knowledge allows security teams to build stronger defenses against threat actor tactics and techniques. By staying up to date on attack trends and patterns, security professionals are better able to recognize when new types of threats emerge such as a new ransomware variant.

Question 21

Incident response

Answer 21

Cybersecurity analysts need to be able to follow established policies and procedures to respond to incidents appropriately. For example, a security analyst might receive an alert about a possible malware attack, then follow the organization’s outlined procedures to start the incident response process. This could involve conducting an investigation to identify the root issue and establishing ways to remediate it.

Question 22

Cybersecurity (or security)

Answer 22

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Question 23

Personally identifiable information (PII)

Answer 23

Any information used to infer an individual’s identity

Question 24

Sensitive personally identifiable information (SPII)

Answer 24

A specific type of PII that falls under stricter handling guidelines

Question 25

Threat

Answer 25

Any circumstance or event that can negatively impact assets