CyberRookie CSX Fundamentals questions with
complete answers
Acceptable interruption window Correct Answer: The maximum period of time that a system
can be unavailable before compromising the achievement of the enterprise's business objectives.
Acceptable use policy Correct Answer: A policy that establishes an agreement between users
and the enterprise and defines for all parties' the ranges of use that are approved before gaining
access to a network or the Internet.
Access control list (ACL) Correct Answer: An internal computerized table of access rules
regarding the levels of computer access permitted to logon IDs and computer terminals. Also
referred to as access control tables.
Access path Correct Answer: The logical route that an end user takes to access computerized
information. Typically includes a route through the operating system, telecommunications
software, selected application software and the access control system.
Access rights Correct Answer: The permission or privileges granted to users, programs or
workstations to create, change, delete or view data and files within a system, as defined by rules
established by data owners and the information security policy.
Accountability Correct Answer: The ability to map a given activity or event back to the
responsible party.
Advanced Encryption Standard (AES) Correct Answer: A public algorithm that supports keys
from 128 bits to 256 bits in size.
Advanced persistent threat (APT) Correct Answer: An adversary that possesses sophisticated
levels of expertise and significant resources which allow it to create opportunities to achieve its
objectives using multiple attack vectors (NIST SP800-61).
Adversary Correct Answer: A threat agent.
Adware Correct Answer: A software package that automatically plays, displays or downloads
advertising material to a computer after the software is installed on it or while the application is
being used. In most cases, this is done without any notification to the user or without the user's
consent and may also refer to software that displays advertisements.
Alert situation Correct Answer: The point in an emergency procedure when the elapsed time
passes a threshold and the interruption is not resolved and initiates a series of escalation steps.
Alternate facilities Correct Answer: Locations and infrastructures from which emergency or
backup processes are executed, when the main premises are unavailable or destroyed; includes
other buildings, offices or data processing centers.
,Alternate process Correct Answer: Automatic or manual process designed and established to
continue critical business processes from point-of-failure to return-to-normal.
Analog Correct Answer: A transmission signal that varies continuously in amplitude and time
and is generated in wave formation. Analog signals are used in telecommunications.
Anti-malware Correct Answer: A technology widely used to prevent, detect and remove many
categories of malware, including computer viruses, worms, Trojans, keyloggers, malicious
browser plug-ins, adware and spyware.
Antivirus software Correct Answer: An application software deployed at multiple points in an
IT architecture. It is designed to detect and potentially eliminate virus code before damage is
done and repair or quarantine files that have already been infected.
Application layer Correct Answer: In the Open Systems Interconnection (OSI) communications
model, provides services for an application program to ensure that effective communication with
another application program in a network is possible.
Architecture Correct Answer: Description of the fundamental underlying design of the
components of the business system, or of one element of the business system (e.g., technology),
the relationships among them, and the manner in which they support enterprise objectives.
Asset Correct Answer: Something of either tangible or intangible value that is worth protecting,
including people, information, infrastructure, finances and reputation.
Asymmetric key (public key) Correct Answer: A cipher technique in which different
cryptographic keys are used to encrypt and decrypt a message. See public key encryption.
Attack Correct Answer: An actual occurrence of an adverse event.
Attack mechanism Correct Answer: A method used to deliver the exploit. Unless the attacker is
personally performing the attack it may involve a payload, or container, that delivers the exploit
to the target.
Attack vector Correct Answer: A path or route used by the adversary to gain access to the target
(asset). There are two types: ingress and egress (also known as data exfiltration).
Audit trail Correct Answer: A visible trail of evidence enabling one to trace information
contained in statements or reports back to the original input source.
Authentication Correct Answer: The act of verifying the identity of a user and the user's
eligibility to access computerized information and also designed to protect against fraudulent
logon activity. It can also refer to the verification of the correctness of a piece of data.
Authenticity Correct Answer: Undisputed authorship.
, Availability Correct Answer: Ensuring timely and reliable access to and use of information.
Back door Correct Answer: A means of regaining access to a compromised system by installing
software or configuring existing software to enable remote access under attacker-defined
conditions.
Bandwidth Correct Answer: The range between the highest and lowest transmittable
frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes
per second or Hertz (cycles per second).
Bastion Correct Answer: System heavily fortified against attacks.
Biometrics Correct Answer: A security technique that verifies an individual's identity by
analyzing a unique physical attribute, such as a handprint.
Block cipher Correct Answer: A public algorithm that operates on plaintext in blocks (strings or
groups) of bits.
Botnet Correct Answer: A term derived from "robot network;" is a large automated and
distributed network of previously compromised computers that can be simultaneously controlled
to launch large-scale attacks such as a denial-of-service attack on selected victims.
Boundary Correct Answer: Logical and physical controls to define a perimeter between the
organization and the outside world.
Bridges Correct Answer: Data link layer devices developed in the early 1980s to connect local
area networks (LANs) or create two separate LAN or wide area network (WAN) network
segments from a single segment to reduce collision domains. They act as store-and-forward
devices in moving frames toward their destination.
Bring your own device (BYOD) Correct Answer: An enterprise policy used to permit partial or
full integration of user-owned mobile devices for business purposes.
Broadcast Correct Answer: A method to distribute information to multiple recipients
simultaneously.
Brute force Correct Answer: A class of algorithms that repeatedly try all possible combinations
until a solution is found.
Brute force attack Correct Answer: Repeatedly trying all possible combinations of passwords or
encryption keys until the correct one is found.
Buffer overflow Correct Answer: Occurs when a program or process tries to store more data in a
buffer (temporary data storage area) than it was intended to hold corrupting or overwriting the
valid data held in them.
complete answers
Acceptable interruption window Correct Answer: The maximum period of time that a system
can be unavailable before compromising the achievement of the enterprise's business objectives.
Acceptable use policy Correct Answer: A policy that establishes an agreement between users
and the enterprise and defines for all parties' the ranges of use that are approved before gaining
access to a network or the Internet.
Access control list (ACL) Correct Answer: An internal computerized table of access rules
regarding the levels of computer access permitted to logon IDs and computer terminals. Also
referred to as access control tables.
Access path Correct Answer: The logical route that an end user takes to access computerized
information. Typically includes a route through the operating system, telecommunications
software, selected application software and the access control system.
Access rights Correct Answer: The permission or privileges granted to users, programs or
workstations to create, change, delete or view data and files within a system, as defined by rules
established by data owners and the information security policy.
Accountability Correct Answer: The ability to map a given activity or event back to the
responsible party.
Advanced Encryption Standard (AES) Correct Answer: A public algorithm that supports keys
from 128 bits to 256 bits in size.
Advanced persistent threat (APT) Correct Answer: An adversary that possesses sophisticated
levels of expertise and significant resources which allow it to create opportunities to achieve its
objectives using multiple attack vectors (NIST SP800-61).
Adversary Correct Answer: A threat agent.
Adware Correct Answer: A software package that automatically plays, displays or downloads
advertising material to a computer after the software is installed on it or while the application is
being used. In most cases, this is done without any notification to the user or without the user's
consent and may also refer to software that displays advertisements.
Alert situation Correct Answer: The point in an emergency procedure when the elapsed time
passes a threshold and the interruption is not resolved and initiates a series of escalation steps.
Alternate facilities Correct Answer: Locations and infrastructures from which emergency or
backup processes are executed, when the main premises are unavailable or destroyed; includes
other buildings, offices or data processing centers.
,Alternate process Correct Answer: Automatic or manual process designed and established to
continue critical business processes from point-of-failure to return-to-normal.
Analog Correct Answer: A transmission signal that varies continuously in amplitude and time
and is generated in wave formation. Analog signals are used in telecommunications.
Anti-malware Correct Answer: A technology widely used to prevent, detect and remove many
categories of malware, including computer viruses, worms, Trojans, keyloggers, malicious
browser plug-ins, adware and spyware.
Antivirus software Correct Answer: An application software deployed at multiple points in an
IT architecture. It is designed to detect and potentially eliminate virus code before damage is
done and repair or quarantine files that have already been infected.
Application layer Correct Answer: In the Open Systems Interconnection (OSI) communications
model, provides services for an application program to ensure that effective communication with
another application program in a network is possible.
Architecture Correct Answer: Description of the fundamental underlying design of the
components of the business system, or of one element of the business system (e.g., technology),
the relationships among them, and the manner in which they support enterprise objectives.
Asset Correct Answer: Something of either tangible or intangible value that is worth protecting,
including people, information, infrastructure, finances and reputation.
Asymmetric key (public key) Correct Answer: A cipher technique in which different
cryptographic keys are used to encrypt and decrypt a message. See public key encryption.
Attack Correct Answer: An actual occurrence of an adverse event.
Attack mechanism Correct Answer: A method used to deliver the exploit. Unless the attacker is
personally performing the attack it may involve a payload, or container, that delivers the exploit
to the target.
Attack vector Correct Answer: A path or route used by the adversary to gain access to the target
(asset). There are two types: ingress and egress (also known as data exfiltration).
Audit trail Correct Answer: A visible trail of evidence enabling one to trace information
contained in statements or reports back to the original input source.
Authentication Correct Answer: The act of verifying the identity of a user and the user's
eligibility to access computerized information and also designed to protect against fraudulent
logon activity. It can also refer to the verification of the correctness of a piece of data.
Authenticity Correct Answer: Undisputed authorship.
, Availability Correct Answer: Ensuring timely and reliable access to and use of information.
Back door Correct Answer: A means of regaining access to a compromised system by installing
software or configuring existing software to enable remote access under attacker-defined
conditions.
Bandwidth Correct Answer: The range between the highest and lowest transmittable
frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes
per second or Hertz (cycles per second).
Bastion Correct Answer: System heavily fortified against attacks.
Biometrics Correct Answer: A security technique that verifies an individual's identity by
analyzing a unique physical attribute, such as a handprint.
Block cipher Correct Answer: A public algorithm that operates on plaintext in blocks (strings or
groups) of bits.
Botnet Correct Answer: A term derived from "robot network;" is a large automated and
distributed network of previously compromised computers that can be simultaneously controlled
to launch large-scale attacks such as a denial-of-service attack on selected victims.
Boundary Correct Answer: Logical and physical controls to define a perimeter between the
organization and the outside world.
Bridges Correct Answer: Data link layer devices developed in the early 1980s to connect local
area networks (LANs) or create two separate LAN or wide area network (WAN) network
segments from a single segment to reduce collision domains. They act as store-and-forward
devices in moving frames toward their destination.
Bring your own device (BYOD) Correct Answer: An enterprise policy used to permit partial or
full integration of user-owned mobile devices for business purposes.
Broadcast Correct Answer: A method to distribute information to multiple recipients
simultaneously.
Brute force Correct Answer: A class of algorithms that repeatedly try all possible combinations
until a solution is found.
Brute force attack Correct Answer: Repeatedly trying all possible combinations of passwords or
encryption keys until the correct one is found.
Buffer overflow Correct Answer: Occurs when a program or process tries to store more data in a
buffer (temporary data storage area) than it was intended to hold corrupting or overwriting the
valid data held in them.
