Midterm

Question 1

is a documented, structured framework designed to help organizations detect, contain, eradicate, and recover from cybersecurity incidents like data breaches, or ransomware.

Answer 1

Incident Response Plan

Question 2

The priority of any incident response is to protect life, health and safety. When any decision related to priorities is to be made, always choose safety first.

Answer 2

Incident Response Plan

Question 3

The primary goal of incident management is to be prepared.

Answer 3

Incident Response Plan

Question 4

The incident response process is aimed at reducing the impact of an incident so the organization can resume the interrupted operations as soon as possible. Note that incident response planning is a subset of the greater discipline of Business Continuity Management (BCM).

Answer 4

Incident Response Plan

Question 5

are wired devices that know the addresses of the devices connected to them and route traffic to that port/device rather than retransmitting to all devices.

Answer 5

Switch

Question 6

Any observable occurrence in a network or system.

Answer 6

Event

Question 7

measures the degree to which something is whole and complete, internally consistent and correct.

Answer 7

Integrity

Question 8

(also known as managerial controls) are directives, guidelines or advisories aimed at the people within the organization.

Answer 8

Administrative Control

Question 9

is a standard that defines wired connections of networked devices.

Answer 9

Ethernet

Question 10

is the strategic oversight, administration, and implementation of technology systems – including hardware, software, and networks – to achieve organizational goals.

Answer 10

I.T. Management

Question 11

are those with permissions beyond those of normal users, such as managers and administrators.

Answer 11

Privileged Account

Question 12

The inverse action occurs as data moves up the OSI model layers from Physical to Application.

Answer 12

De-encapsulation

Question 13

are essential tools in managing and controlling network traffic and protecting the network.

Answer 13

Firewall

Question 14

is a network device used to filter traffic. It is typically deployed between a private network and the internet, but it can also be deployed between departments (segmented networks) within an organization (overall network).

Answer 14

Firewall

Question 15

It filter traffic based on a defined set of rules, also called filters or access control lists.

Answer 15

Firewall

Question 16

is a standard of permitting only minimum access necessary for users or programs to fulfill their function.

Answer 16

Principle of Least Privilege

Question 17

It was developed to establish a common way to describe the communication structure for interconnected computer systems.

Answer 17

OSI Model

Question 18

relates to making decisions about the best actions to take regarding the identified and prioritized risk.

Answer 18

Risk Treatment

Question 19

guides the actions of emergency response personnel until the end goal is reached—which is to see the business restored to full last-known reliable operations.

Answer 19

Disaster Recovery Plan (DRP)

Question 20

is a crucial principle in information security that ensures that a party in a transaction cannot deny the authenticity of their signature on a document or the sending of a message itself. It provides proof of the origin, delivery, and integrity of the data.

Answer 20

Non-repudiation

Question 21

It is a legal term and is defined as the protection against an individual falsely denying having performed a particular action.

Answer 21

Non-repudiation

Question 22

any occurrence – malicious or accidental – that negatively impacts an organization’s systems or data, threatening the confidentiality, integrity, or availability (CIA) of information.

Answer 22

Adverse Events

Question 23

Events with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges, defacement of a web page or execution of malicious code that destroys data.

Answer 23

Adverse Events

Question 24

Ensuring that information and resources are accessible to authorized users when needed.

Answer 24

Availability

Question 25

The lower layer and is responsible for receiving bits from the physical connection medium and converting them into a frame.

Answer 25

Transport Layer

Question 26

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image or reputation), organizational assets, individuals, other organizations or the nation through an information system via unauthorized access, destruction, disclosure, modification of information and/or denial of service.

Answer 26

Threat

Question 27

also known as the host or application layer, is responsible for managing the integrity of a connection and controlling the session as well as establishing, maintaining and terminating communication sessions between two computers.

Answer 27

Upper Layer

Question 28

a chronological, tamper-evident, and time-stamped record of system activities, transactions, and user actions. is a step-by-step record by which accounting, triad details, or other many types of transactions including accounting transaction and trades in brokerage accounts.

Answer 28

Audit Trail

Question 29

measure of the importance assigned to information by its owner, or the purpose of denoting its need for protection.

Answer 29

Sensitivity

Question 30

is the most common type of risk management and includes taking actions to prevent or reduce the possibility of a risk event or its impact.

Answer 30

Risk Mitigation

Question 31

is a software application – such as WordPress, Drupal, or Joomla – that enables users to create, manage, and publish digital content without advanced technical expertise.

Answer 31

Content Management System

Question 32

A particular attack. It is named this way because these attacks exploit system vulnerabilities.

Answer 32

Exploit

Question 33

A cloud provides network access to traditional computing resources such as processing power and storage.

Answer 33

Infrastructure as a Service

Question 34

is a passive, noninvasive attack to observe the operation of a device. Methods include power monitoring, timing and fault analysis attacks.

Answer 34

Side-channel attack

Question 35

The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other than an authorized purpose.

Answer 35

Breach

Question 36

The process of verifying or proving the user’s identification.

Answer 36

Authentication

Question 37

is often referred to as the media or transport layer and is responsible for receiving bits from the physical connection medium and converting them into a frame.

Answer 37

Lower Layer

Question 38

defines a scenario where a single parent entity governs, influences, or connects to multiple child entities.

Answer 38

One to Many

Question 39

is a device, process, person, user, program, server, client or other entity that responds to a request for service.

Answer 39

Object

Question 40

is the practice of passing the risk to another party, who will accept the financial impact of the harm resulting from a risk being realized in exchange for payment. Typically, this is an insurance policy.

Answer 40

Risk Transference

Question 41

constitutes the foundational physical and virtual components – hardware, software, networks, and data centers – that must be secured.

Answer 41

I.T. Infrastructure

Question 42

is a centralized, 24/7 command unit within an organization that proactively monitors, detects, analyzes, and responds to cybersecurity threats across the entire IT infrastructure.

Answer 42

Security Operations Center

Question 43

(also called a socket) is little more than an address number that both ends of the communication link agree to use when transferring data.

Answer 43

Logical Port

Question 44

are the ends of a network communication link. One end is often at a server where a resource resides, and the other end is often a client making a request to use a network resource.

Answer 44

Endpoint

Question 45

it can be another server, desktop workstation, laptop, tablet, mobile phone or any other end user device.

Answer 45

Endpoint

Question 46

pertaining to the data center should identify when multiple separate utility service entrances are necessary for redundant communication channels and/or mechanisms.

Answer 46

Risk Assessment

Question 47

is usually associated with an internet-based set of computing resources, and typically sold as a service, provided by a cloud service provider (CSP).

Answer 47

Cloud Computing

Question 48

Responsible for Data formatting that is use to encrypt or decrypt data.

Answer 48

Presentation Layer

Question 49

Responsible to start or stop a session.

Answer 49

Session Layer

Question 50

The two-person rule is a security strategy that requires a minimum of two people to be in an area together, making it impossible for a person to be in the area alone.

Answer 50

Two-person Integrity

Question 51

is the right of an individual to control the distribution of information about themselves.

Answer 51

Privacy

Question 52

is based on the security practice that no one person should control an entire high-risk transaction from start to finish.

Answer 52

Segregation of duties

Question 53

it breaks the transaction into separate parts and requires a different person to execute each part of the transaction.

Answer 53

Segregation of duties

Question 54

Port 161 and 162, are commonly used to send and receive data used for managing infrastructure devices.

Answer 54

Simple Network Management Protocol

Question 55

is the decision to attempt to eliminate the risk entirely. This could include ceasing operation for some or all of the activities of the organization that are exposed to a particular risk.

Answer 55

Risk Avoidance

Question 56

is taking no action to reduce the likelihood of a risk occurring. Management may opt for conducting the business function that is associated with the risk without any further action on the part of the organization, either because the impact or likelihood of occurrence is negligible, or because the benefit is more than enough to offset that risk.

Answer 56

Risk Acceptance

Question 57

A previously unknown system vulnerability with the potential of exploitation without risk of detection or prevention because it does not, in general, fit recognized patterns, signatures or methods

Answer 57

Zero Day

Question 58

pertain to the physical, technical and administrative mechanisms that act as safeguards or countermeasures prescribed for an information system to protect the confidentiality, integrity and availability of the system and its information.

Answer 58

Security Control

Question 59

These are all implementations of access control and are part of a layered defense strategy, also known as defense in depth, developed by an organization.

Answer 59

Defense in Depth

Question 60

is the addition of header and possibly a footer (trailer) data by a protocol used at that layer of the OSI model.

Answer 60

Encapsulation

Question 61

is particularly important when discussing Transport, Network and Data Link layers, which all generally include some form of header.

Answer 61

Encapsulation

Question 62

are the detailed steps to complete a task that support departmental or organizational policies.

Answer 62

Procedure

Question 63

Weakness in an information system, system security procedures, internal controls or implementation that could be exploited by a threat source.

Answer 63

Vulnerability

Question 64

allow network administrators to use switches to create software-based LAN segments, which can segregate or consolidate traffic across multiple switch ports.

Answer 64

Virtual local area networks (VLANs)

Question 65

A security event, or combination of events, that constitutes a deliberate security incident in which an intruder gains, or attempts to gain, access to a system or system resource without authorization.

Answer 65

Intrusion

Question 66

establishes the policies, roles, and processes to ensure data is secure, accurate, and available throughout its lifecycle.

Answer 66

Data Governance

Question 67

constitutes the stages data passes through – creation, storage, usage, archiving, and destruction.

Answer 67

Information Lifecycle

Question 68

(also called logical controls) are security controls that computer systems and networks directly implement.

Answer 68

Technical Controls

Question 69

These controls can provide automated protection from unauthorized access or misuse, facilitate detection of security violations and support security requirements for applications and data.

Answer 69

Technical Controls

Question 70

is the framework of policies, procedures, and technologies used to ensure that the right individuals have appropriate, authorized access to technological resources.

Answer 70

Access Governance

Question 71

are commonly issued in the form of laws, usually from government (not to be confused with governance) and typically carry financial penalties for noncompliance.

Answer 71

Regulation

Question 72

is a measure of the extent to which an entity is threatened by a potential circumstance or event.

Answer 72

Risk

Question 73

It is often expressed as a combination of: The adverse impacts that would arise if the circumstance or event occurs; and The likelihood of occurrence.

Answer 73

Risk

Question 74

An event that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system or the information the system processes, stores or transmits.

Answer 74

Incident

Question 75

How data moves through the network.

Answer 75

Network Interface Layer

Question 76

refers to the series of stages that information goes through from its initial creation or collection to its final disposal. It includes the processes of creation, capture, classification, storage, use, sharing, archiving, and disposal of records to ensure proper governance and compliance.

Answer 76

Information Life Cycle

Question 77

is a comprehensive framework of policies, processes, and technologies designed to manage, secure, and improve the quality, availability, and usability of an organization’s data throughout its lifecycle. It ensures data integrity and compliance, driving better business decisions while mitigating risks related to security and privacy.

Answer 77

Data Governance

Question 78

Are created by switches to logically segment a network without altering its physical topology.

Answer 78

VLAN

Question 79

Is not necessarily an encrypted tunnel. It is simply a point-to-point connection between two hosts that allows them to communicate

Answer 79

VLAN

Question 80

- Is an inherent weakness or flaw in a system or component, which, if triggered or acted upon, could cause a risk event to occur.

Answer 80

Vulnerability

Question 81

uses multiple types of access controls in literal or theoretical layers to help an organization avoid a monolithic security stance.

Answer 81

Defense in Depth

Question 82

Is a safeguard or countermeasure to designed to preserve Confidentiality, Integrity and Availability of data or the CIA Triad.

Answer 82

Security Control

Question 83

the process of identifying, estimation and prioritizing risks to an organization’s operations (including its mission, functions, image and reputation), assets, individuals, other organizations and even the nation.

Answer 83

Risk Assessment

Question 84

improves an organization’s threat detection, response and prevention capabilities by unifying and coordinating all cybersecurity technologies and operations.

Answer 84

Security Operations Center

Question 85

is a centralized function or team responsible for improving an organization’s cybersecurity posture and preventing, detecting, and responding to threats

Answer 85

Security Operations Center

Question 86

is the foundation for deploying, operating, and managing a company’s technology resources and applications. It’s the collection of hardware, software, networks, facilities, and related services that deliver IT operations.

Answer 86

I.T. Infrastructure

Question 87

type of relationship exists when a customer can place multiple orders

Answer 87

One-to-Many

Question 88

A relationship signifies the relationship or connection between two entities where one entity is associated with multiple instances of the other entity but each instance of the second entity is associated with only one instance of the first entity

Answer 88

One-to-Many

Question 89

is a process to prove the identity of the requestor.

Answer 89

Authentication

Question 90

provide basic computing resources to consumers. This includes servers, storage, and in some cases, networking resources.

Answer 90

Infrastructure as a Service

Question 91

is software that helps users create, manage, store, and modify their digital content.

Answer 91

Content Management System

Question 92

It is also responsible for transforming data received from the Application Layer into a format that any system can understand. And finally, it allows applications to communicate and determines whether a remote communication partner is available and accessible.

Answer 92

Upper Layer

Question 93

is something or someone that aims to exploit a vulnerability to thwart protection efforts.

Answer 93

Threat

Question 94

Permits data to move among devices

Answer 94

Transport Layer

Question 95

- Cen be defined as (1) timely and reliable access to information and ability to use it, and (2) for authorized users, timely and reliable access to data and information services.

Answer 95

Availability

Question 96

Is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.

Answer 96

Disaster Recovery Plan (DRP)

Question 97

serves as an abstract framework, or theoretical model, for how protocols should function in an ideal world, on ideal hardware.

Answer 97

OSI Model

Question 98

It has become a common conceptual reference that is used to understand the communication of various hierarchical components from software interfaces to physical hardware.

Answer 98

OSI Model

Question 99

is the practice of overseeing and coordinating an organization’s technology resources to meet its needs and goals. It includes everyday tasks like budgeting, staffing, and tech support, along with more strategic efforts like network planning, software development, and managing changes.

Answer 99

I.T. Management

Question 100

This standard defines the way data is formatted over the wire to ensure disparate devices can communicate over the same cables.

Answer 100

Ethernet

Question 101

They provide frameworks, constraints and standards for human behavior, and should cover the entire scope of the organization’s activities and its interactions with external parties and stakeholders.

Answer 101

Administrative Control

Question 102

maintaining the accuracy and reliability of data, ensuring it is not altered or tampered with.

Answer 102

Integrity

Question 103

can also create separate broadcast domains when used to create VLANs.

Answer 103

Switch

Question 104

To prepare for incidents, here are the components commonly found in an incident response plan: Preparation, Detection and Analysis, Containment, Post-Incident Activity.

Answer 104

Incident Response Plan