Essential CSX Cybersecurity Practice Questions

16/01/22, 08:24 Flashcard CSX Cybersecurity Fundamentals: Practice Questions | Quizlet
CSX Cybersecurity Fundamentals: Practice Questi... Fai l'upgrade

Studia
CSX Cybersecurity Fundamentals: Practice

Questions
7 studenti nell'ultimo giorno
Termini in questo set (140)
- Redundancy
Three common controls used to protect the
- Backups
availability of information are
- access controls
Providing strategic direction, Governance has several goals, including

Ensuring that objectives are
achieved, Verifying that
organizational resources are
being used appropriately,
Ascertaining whether risk is
being managed properly.
- Protect,
According to the NIST framework, which of the
- Recover
following are considered key functions necessary
- Identify for the protection of digital assets?
Protecting information assets The best definition for cybersecurity?

by addressing threats to
information that is processed,
stored or transported by
interworked information
systems
Cybersecurity role that is charged with the duty of

Cybersecurity management
managing incidents and remediation?
https://quizlet.com/310579879/csx-cybersecurity-fundamentals-practice-questions-flash-cards/#_=_ 1/19
CSX Cybersecurity
risk to an organization's digital Fundamentals:
The core duty Practice Questi...
of cybersecurity is to identify, Studia
assets. respond and manage
is anything capable of acting A threat

against an asset in a manner
that can cause harm.
is something of value worth A asset

protecting.
is a weakness in the design, A vulnerability

implementation, operation or
internal controls in a process
that could be exploited to
violate the system security
The path or route used to gain access to the

attack vector
target asset is known as a
In an attack, the container that delivers the exploit

payload
to the target is called
communicate required and Policies

prohibited activities and
behaviors.
is a class of malware that Rootkit

hides the existence of other
malware by modifying the
underlying operating system.
provide details on how to Procedures

comply with policies and
standards.
CSX
containCybersecurity
step-by-step Fundamentals:
Guidelines Practice Questi... Studia
instructions to carry out

procedures.
also called malicious code, is Malware

software designed to gain
access to targeted computer
systems, steal information or
disrupt computer operations.
are used to interpret policies Standards

in specific situations.
are solutions to software Patches

programming and coding
errors.
includes many components Identity Management

such as directory services,
authentication and
authorization services, and
user management capabilities
such as provisioning and
deprovisioning.
Detect and block traffic from The Internet perimeter should

infected internal end points,
Eliminate threats such as email
spam, viruses and worms,
Control user traffic bound
toward the Internet, Monitor
and detect network ports for
rogue activity.
ensures that data are Transport layer of the OSI

transferred reliably in the
correct sequence
CSX Cybersecurity
coordinates and manages Fundamentals: Practice
Session layer of the OSI Questi... Studia
user connections
Encryption is an essential but best states the role of encryption within an overall
incomplete form of access cybersecurity program
control
Asset value, criticality, The number and types of layers needed for
reliability of each control and defense in depth are a function of
degree of exposure.
Least privilege or access System hardening should implement the principle

control of
Accounting management, Which of the following are considered functional

Fault management, areas of network management as defined by ISO?
Performance management,
Security management
Multiple guests coexisting on Virtualization involves

the same server in isolation of
one another
Vulnerability management begins with an

Maintaining an asset
understanding of cybersecurity assets and their
inventory.
locations, which can be accomplished by
Preparation, Detection and Arrange the steps of the incident response

analysis, Investigation, process into the correct order
Mitigation and recovery,
Postincident analysis
Which element of an incident response plan

Containment
involves obtaining and preserving evidence
CSX Cybersecurity
Who had access to the Fundamentals: Practice
Select three. The Questi...
chain of custody contains Studia
evidence, in chronological information regarding

order, Proof that the analysis
is based on copies identical
to the original evidence, The
procedures followed in
working with the evidence
"violation or imminent threat NIST defines a Threat as a

of violation of computer
security policies, acceptable
use policies, or standard
security practices."
The estimated probability of Select all that apply. A business impact analysis
the identified threats actually (BIA) should identify
occurring, The efficiency and
effectiveness of existing risk
mitigation controls, A list of
potential vulnerabilities,
dangers and/or threats.
is defined as "a model for Cloud computing

enabling convenient, on-
demand network access to a
shared pool of configurable
resources (e.g., networks,
servers, storage, applications
and services) that can be
rapidly provisioned and
released with minimal
management or service
provider interaction
CSX Cybersecurity
APTs typically originate from Fundamentals: Practice
Select all that apply. Questi...
Which of the following Studia
sources such as organized statements about advanced persistent threats

crime groups, activists or (APTs) are true?
governments, APTs use
obfuscation techniques that
help them remain
undiscovered for months or
even years, APTs are often
long-term, multi-phase
projects with a focus on
reconnaissance
The reorientation of Smart devices, BYOD strategies and freely

technologies and services available applications and services are all
designed around the examples of:
individual end user.
Which three elements of the current threat

- cloud computing
landscape have provided increased levels of

- social media
access and connectivity, and therefore increased

- mobile computing
opportunities for cybercrime
To which of the following layers of the Open

Data Link Systems Interconnect (OSI) model would one
map Ethernet?
Which of the following interpret requirements and

Standards
apply them to specific situations?
Business continuity plans (BCPs) associated with

Business needs organizational information systems should be
developed primarily on the basis of:
Consists of two or more A segmented network

security zones

Which cybersecurity Questi...
principle is most important
Studia
Nonrepudiation when attempting to trace the source of malicious

activity?
Wireless Protected Access 2 Which of the following offers the strongest

(WPA2) protection for wireless network traffic?
Outsourcing poses the greatest risk to an

Core business functions
organization when it involves:
On a regular basis Risk assessments should be performed
Maintaining a high degree of confidence

Chain of custody
regarding the integrity of evidence requires a(n):
A firewall that tracks open connection-oriented

Stateful
protocol sessions is said to be:
During which phase of the system development

Planning lifecycle (SDLC) should security first be
considered?
A cybersecurity architecture designed around the

System-centric
concept of a perimeter is said to be:
A passive network hub operates at which layer of

Physical
the OSI model?
Updates in cloud-computing environments can be

Homogeneous
rolled out quickly because the environment is:
During which phase of the six-phase incident

Eradication
response model is the root cause determined?
CSX Cybersecurity
Payload
Fundamentals: Practice
The attack mechanism Questi...
directed against a system is
Studia
commonly called a(n):
At the perimeter, to allow for Where should an organization's network terminate

effective internal monitoring virtual private network (VPN) tunnels?
Asymmetric key encryption is In practical applications:

used to securely obtain
symmetric keys
Which two factors are used to calculate the

Threat and vulnerability
likelihood of an event?
What is one advantage of a firewall implemented

Flexibility
in software over a firewall appliance?
A business continuity plan (BCP) is not complete

Detailed procedures
unless it includes:
Under the US-CERT model for incident

Malicious code categorization, a CAT-3 incident refers to which of
the following?
An interoperability error is what type of

Emergent
vulnerability?
Operate in specialized Securing Supervisory Control and Data

environments and often have Acquisition (SCADA) systems can be challenging
non-standard design because they
elements
Insecure protocols could Virtual systems should be managed using a

result in a compromise of dedicated virtual local area network (VLAN)
privileged user credentials because
CSX
SecurityCybersecurity
continuous Fundamentals:
Describes the Practice Questi...
activities required to identify the
Studia
monitoring, detection and occurrence of a cybersecurity incident

evaluating
anomalies/incidents
This key function ensures that organizational

objectives and stakeholder needs are aligned with
Governance
desired outcomes through effective decision
making and prioritization.
Protecting a company's digital The primary objective of cybersecurity is

assets
The activity that ensures business processes

Recovery
continue after a security incident
Asset management Which is associated with identifying digital assets
Adherence to required laws Responsibilities and/or duties of Governance, Risk

and regulations, Management and Compliance (GRC)
Implementation of required
procedures, Development of
internal controls to mitigate
risk, Adherence to voluntary
contractual requirements.
In most information security organizations, which

Board of Directors
role sets the overall strategic direction
Implement contractual Governance involves all of the following except

obligations
CSX
ProvideCybersecurity
strategic direction, Fundamentals: Practice
Governance involves Questi...
all of the following Studia
Ensure responsible use of

company resources, Evaluate
whether risk is managed
appropriately
Which role is generally responsible for the design,

Cybersecurity practitioners implementation, management processes and
technical controls within a security organization
Cyber risk, investment risk Which of the following falls within the scope of
and financial risk risk management
Which term describes the overall structure

designed to protect an organization from
Information security disclosure of information to unauthorized users,
improper modification of data, and non-access to
systems
Cybersecurity includes The following statement is false:

protection of paper
documents
Cybersecurity is a component All of the following statements are true:

of information security,
Cybersecurity deals with the
protection of digital assets,
Cybersecurity should align
with enterprise information
security objectives
Recognizing risk, Assessing Risk management involves which of the following

impact and likelihood of risk, activities
Developing strategies to
mitigate risk
CSX Cybersecurity
Ensuring information security Fundamentals: Practice
Risk management Questi...
does not involve Studia
objectives are achieved
Information that is processed, Cybersecurity involves the protection of the

stored or transported within following digital assets
internetworked information
systems
Which terms describe the overall concept of

Ongoing, Evolving, Systemic
information security?
Potential consequences of lack of confidentiality

Fraud
except
Disclosure of information Potential consequences of lack of confidentiality

protected by privacy laws,
Legal action against the
enterprise, Interference with
national security
The degree to which a user or program can

File permission
create, modify, read, or write to a file is called
Which information security component considers

Confidentiality the level of sensitivity and legal requirements and
is subject to change over time
The act of verifying identity, Authentication is defined as

The act of verifying a user's
eligibility to access
computerized information
Establishment and maintenance of user profiles

Identity management that define the authentication, authorization and
access controls for each user is called

A cryptology tool Questi...
used to prove message Studia
Hashes integrity using algorithms to create unique

numeric values
Inaccuracy, Erroneous Potential consequences of lack of integrity

decisions, Fraud
Protection of information Integrity is described as

from unauthorized
modification
- Logging
Methods of control that can help protect integrity
- Digital Signatures
- Hashes
- Encryption
Which type of documentation records details of

information or events in an organized record-
Log
keeping system, usually sequenced in the order in
which they occurred
A week of severe rainstorms has flooded your

company's building. All servers have been ruined.
Lack of availability
It is estimated that business will be down for 3
weeks. This is an example of
When two or more controls work in parallel to

Redundancy
protect an asset, it is called
- full
Types of backups
- incremental
- differential
Only copies files that have A differential backup

changed since last full
backup
CSX
Loss of Cybersecurity
functionality and Fundamentals: Practice
Potential consequences Questi...
resulting from lack of
Studia
operational effectiveness, availability include

Loss of productive time,
Interference with enterprise's
objectives
The concept that a message or other piece of

Nonrepudiation
information is genuine is called
The act of verifying identity, Describe authentication

Verification of the correctness
of a piece of data, Designed
to protect against fraudulent
logon activity, Verifying a
user's eligibility to access
computerized information
- Transactional logs
Nonrepudiation is implemented through which
- Digital signatures methods
The process of converting plaintext messages,

Encryption applying a mathematical function to them and
producing ciphertext messages is called:
What control mechanism defines authentication

Access controls
and authorization protocols for users?
- redundancy
Three common controls used to protect the
- backups
availability of information are:
- access controls
CSX Cybersecurity
-providing strategic direction
Governance has Questi...
several goals, including: Studia
- ensuring that objectives are

achieved
- verifying that organizational

resources are being used
appropriately
- ascertaining whether risk is

being managed . properly
- Identify
According to the NIST cybersecurity framework,
- Protect
what are considered key functions necessary for
- Detect
the protection of digital assets?
- Respond
- Recover
Protecting information assets What is the best definition for cybersecurity?

by addressing threats to
information that is processed,
stored or transported by
internetworked information
systems
What cybersecurity role is charged with the duty

Cybersecurity management
of managing incidents and remediation?
The core duty of cybersecurity is to identify,

cyberrisk mitigate, and manage _____________ to an
organizations digital assets.
A(n) __________ is anything capable of acting against

threat
an asset in a manner that can cause harm.
A(n) __________ is something of value worth

asset
protecting
CSX Cybersecurity Fundamentals:

A(n) __________ is Practice
a weakness inQuesti...
the design, Studia
implementation, operation or internal controls in a

vulnerability
process that could be exploited to violate the
system security.
The path or route used to gain access to the

attack vector
target asset is known as a(n) __________
In an attack, the container that delivers the exploit

payload
to the target is called a(n) __________
__________ communicate required and prohibited

Policies
activities and behaviors.
__________ is a class of malware that hides the

Rootkit existence of other malware by modifying the
underlying operating system.
__________ provide details on how to comply with

Procedures
policies and standards.
__________ provide general guidance and

Guidelines recommendations on what to do in particular
circumstances.
__________ also called malicious code, is software

designed to gain access to targeted computer
Malware
systems, steal information or disrupt computer
operations.
__________ are used to interpret policies in specific

Standards
situations
__________ are solutions to software programming

Patches
and coding errors.

__________ includes Questi...
many components such as Studia
directory services, authentication and

Identity Management authorization services, and user management
capabilities such as provisioning and
deprovisioning.
- detect and block traffic from The Internet perimeter should:

infected internal end points
- eliminate threats such as

email spam, viruses and
worms
- control user traffic bound

toward the Internet
- monitor internal and

external network ports for
rogue activity
The _________ layer of the OSI model ensures that

data are transferred reliably in the correct
Transport, session
sequence, and the __________ layer coordinates and
manages user connections.
- an intruder must penetrate The key benefits of the DMZ system are:
three separate devices
- private network addresses

are not disclosed to the
internet
- internal systems do not have

direct access to the Internet
Encryption is an essential but Which of the following best states the role of
incomplete form of access encryption within an overall cybersecurity
control. program?
asset value, criticality, The number and types of layers needed for
reliability of each control and defense in depth are a function of:
degree of exposure.
CSX Cybersecurity
- Planning
The steps of the penetrationQuesti...
testing phase inStudia
the
- Discovery
correct order are:
- Attack
- Reporting
Least privilege, access System hardening should implement the principle

control of __________ or __________.
- Accounting management
What are considered functional areas of network
- Fault management management as defined by ISO?
- Performance management
- Security management
Multiple guests coexisting on Virtualization involves:

the same server in isolation of
one another
Vulnerability management begins with an

maintaining an asset
understanding of cybersecurity assets and their
inventory.
locations, which can be accomplished by:
- Preparation
The steps of incident response in order are:
- Detection and analysis
- Investigation
- Mitigation and recovery
- Post-incident analysis
Which element of an incident response plan

Containment
involves obtaining and preserving evidence?
CSX Cybersecurity
- Who had access to the Fundamentals: Practice
The chain of custody Questi...
contains information Studia
evidence, in chronological regarding:

order.
- Proof that the analysis is

based on copies identical to
the original evidence.
- The procedures followed in

working with the evidence.
NIST defines a(n) __________ as a "violation or

imminent threat of violation of computer security
Incident
policies, acceptable use policies, or standard
security practices."
- the estimated probability of A business . impact analysis (BIA) should identify:

the identified threats actually
occurring.
- the efficiency and

effectiveness of existing risk
mitigation controls.
- a list of potential
vulnerabilities, dangers
and/or threats.
__________ is defined as "a model for enabling

convenient, on-demand network access to a
shared pool of configurable resources (e.g.,
Cloud computing networks, servers, storage, applications and
services) that can be rapidly provisioned and
released with minimal management or service
provider interaction."
CSX Cybersecurity
- APTs typically originate from Fundamentals: Practice
Which of the following Questi...
statements about Studia
sources such as organized advanced persistent threats (APTs) are true?

crime groups, activists or
governments.
- APTs use obfuscation

techniques that help them
remain undiscovered for
months or even years.
- APTs are often long-term,

multi-phase projects with a
focus on reconnaissance.
- Costs shift to the user

Which of the following are benefits to BYOD?
- Worker satisfaction
increases
- Organizational risk
Choose three. Which types of risk are typically
- Technical risk
associated with mobile devices?
- Physical risk
Which three elements of the current threat

Cloud computing, social landscape have provided increased levels of
media, and mobile computing access and connectivity, and, therefore, increased
opportunities for cybercrime?

Essential CSX Cybersecurity Practice Questions

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Essential CSX Cybersecurity Practice Questions

Uploaded by

Copyright:

Available Formats

16/01/22, 08:24 Flashcard CSX Cybersecurity Fundamentals: Practice Questions | Quizlet

CSX Cybersecurity Fundamentals: Practice Questi... Fai l'upgrade

CSX Cybersecurity Fundamentals: Practice

Termini in questo set (140)

Providing strategic direction, Governance has several goals, including

Protecting information assets The best definition for cybersecurity?

Cybersecurity role that is charged with the duty of

is anything capable of acting A threat

is something of value worth A asset

is a weakness in the design, A vulnerability

The path or route used to gain access to the

In an attack, the container that delivers the exploit

communicate required and Policies

is a class of malware that Rootkit

provide details on how to Procedures

instructions to carry out

also called malicious code, is Malware

are used to interpret policies Standards

are solutions to software Patches

includes many components Identity Management

Detect and block traffic from The Internet perimeter should

ensures that data are Transport layer of the OSI

Least privilege or access System hardening should implement the principle

Accounting management, Which of the following are considered functional

Multiple guests coexisting on Virtualization involves

Vulnerability management begins with an

Preparation, Detection and Arrange the steps of the incident response

Which element of an incident response plan

evidence, in chronological information regarding

"violation or imminent threat NIST defines a Threat as a

is defined as "a model for Cloud computing

sources such as organized statements about advanced persistent threats

The reorientation of Smart devices, BYOD strategies and freely

Which three elements of the current threat

landscape have provided increased levels of

access and connectivity, and therefore increased

To which of the following layers of the Open

Which of the following interpret requirements and

Business continuity plans (BCPs) associated with

Consists of two or more A segmented network

CSX Cybersecurity Fundamentals: Practice

Nonrepudiation when attempting to trace the source of malicious

Wireless Protected Access 2 Which of the following offers the strongest

Outsourcing poses the greatest risk to an

On a regular basis Risk assessments should be performed

Maintaining a high degree of confidence

A firewall that tracks open connection-oriented

During which phase of the system development

A cybersecurity architecture designed around the

A passive network hub operates at which layer of

Updates in cloud-computing environments can be

During which phase of the six-phase incident

commonly called a(n):

At the perimeter, to allow for Where should an organization's network terminate

Asymmetric key encryption is In practical applications:

Which two factors are used to calculate the

What is one advantage of a firewall implemented

A business continuity plan (BCP) is not complete

Under the US-CERT model for incident

An interoperability error is what type of

Operate in specialized Securing Supervisory Control and Data

Insecure protocols could Virtual systems should be managed using a

monitoring, detection and occurrence of a cybersecurity incident