CyberRookie CSX Fundamentals - Quiz 104 questions- WITH
COMPLETE ANSWERS
Three common controls used to protect the availability of information are Correct Answer:
Redundancy, backups and access controls
Governance has several goals, including Correct Answer: Providing strategic direction,
Ensuring that objectives are achieved, Verifying that organizational resources are being used
appropriately, Ascertaining whether risk is being managed properly.
According to the NIST framework, which of the following are considered key functions
necessary for the protection of digital assets? Correct Answer: Protect, Recover, Identify
The best definition for cybersecurity? Correct Answer: Protecting information assets by
addressing threats to information that is processed, stored or transported by interworked
information systems
Cybersecurity role that is charged with the duty of managing incidents and remediation? Correct
Answer: Cybersecurity management
The core duty of cybersecurity is to identify, respond and manage Correct Answer: risk to an
organization's digital assets.
A threat Correct Answer: is anything capable of acting against an asset in a manner that can
cause harm.
A asset Correct Answer: is something of value worth protecting.
A vulnerability Correct Answer: is a weakness in the design, implementation, operation or
internal controls in a process that could be exploited to violate the system security
The path or route used to gain access to the target asset is known as a Correct Answer: attack
vector
In an attack, the container that delivers the exploit to the target is called Correct Answer:
payload
Policies Correct Answer: communicate required and prohibited activities and behaviors.
Rootkit Correct Answer: is a class of malware that hides the existence of other malware by
modifying the underlying operating system.
Procedures Correct Answer: provide details on how to comply with policies and standards.
Guidelines Correct Answer: contain step-by-step instructions to carry out procedures.
, Malware Correct Answer: also called malicious code, is software designed to gain access to
targeted computer systems, steal information or disrupt computer operations.
Standards Correct Answer: are used to interpret policies in specific situations.
Patches Correct Answer: are solutions to software programming and coding errors.
Identity Management Correct Answer: includes many components such as directory services,
authentication and authorization services, and user management capabilities such as provisioning
and deprovisioning.
The Internet perimeter should Correct Answer: Detect and block traffic from infected internal
end points, Eliminate threats such as email spam, viruses and worms, Control user traffic bound
toward the Internet, Monitor and detect network ports for rogue activity.
Transport layer of the OSI Correct Answer: ensures that data are transferred reliably in the
correct sequence
Session layer of the OSI Correct Answer: coordinates and manages user connections
There key benefits of the DMZ system are Correct Answer: An intruder must penetrate three
separate devices, Private network addresses are not disclosed to the Internet, Internal systems do
not have direct access to the Internet
best states the role of encryption within an overall cybersecurity program Correct Answer:
Encryption is an essential but incomplete form of access control
The number and types of layers needed for defense in depth are a function of Correct Answer:
Asset value, criticality, reliability of each control and degree of exposure.
Put the steps of the penetration testing phase into the correct order Correct Answer: Planning,
Discovery, Attack, Reporting
System hardening should implement the principle of Correct Answer: Least privilege or access
control
Which of the following are considered functional areas of network management as defined by
ISO? Correct Answer: Accounting management, Fault management, Performance management,
Security management
Virtualization involves Correct Answer: Multiple guests coexisting on the same server in
isolation of one another
Vulnerability management begins with an understanding of cybersecurity assets and their
locations, which can be accomplished by Correct Answer: Maintaining an asset inventory.
COMPLETE ANSWERS
Three common controls used to protect the availability of information are Correct Answer:
Redundancy, backups and access controls
Governance has several goals, including Correct Answer: Providing strategic direction,
Ensuring that objectives are achieved, Verifying that organizational resources are being used
appropriately, Ascertaining whether risk is being managed properly.
According to the NIST framework, which of the following are considered key functions
necessary for the protection of digital assets? Correct Answer: Protect, Recover, Identify
The best definition for cybersecurity? Correct Answer: Protecting information assets by
addressing threats to information that is processed, stored or transported by interworked
information systems
Cybersecurity role that is charged with the duty of managing incidents and remediation? Correct
Answer: Cybersecurity management
The core duty of cybersecurity is to identify, respond and manage Correct Answer: risk to an
organization's digital assets.
A threat Correct Answer: is anything capable of acting against an asset in a manner that can
cause harm.
A asset Correct Answer: is something of value worth protecting.
A vulnerability Correct Answer: is a weakness in the design, implementation, operation or
internal controls in a process that could be exploited to violate the system security
The path or route used to gain access to the target asset is known as a Correct Answer: attack
vector
In an attack, the container that delivers the exploit to the target is called Correct Answer:
payload
Policies Correct Answer: communicate required and prohibited activities and behaviors.
Rootkit Correct Answer: is a class of malware that hides the existence of other malware by
modifying the underlying operating system.
Procedures Correct Answer: provide details on how to comply with policies and standards.
Guidelines Correct Answer: contain step-by-step instructions to carry out procedures.
, Malware Correct Answer: also called malicious code, is software designed to gain access to
targeted computer systems, steal information or disrupt computer operations.
Standards Correct Answer: are used to interpret policies in specific situations.
Patches Correct Answer: are solutions to software programming and coding errors.
Identity Management Correct Answer: includes many components such as directory services,
authentication and authorization services, and user management capabilities such as provisioning
and deprovisioning.
The Internet perimeter should Correct Answer: Detect and block traffic from infected internal
end points, Eliminate threats such as email spam, viruses and worms, Control user traffic bound
toward the Internet, Monitor and detect network ports for rogue activity.
Transport layer of the OSI Correct Answer: ensures that data are transferred reliably in the
correct sequence
Session layer of the OSI Correct Answer: coordinates and manages user connections
There key benefits of the DMZ system are Correct Answer: An intruder must penetrate three
separate devices, Private network addresses are not disclosed to the Internet, Internal systems do
not have direct access to the Internet
best states the role of encryption within an overall cybersecurity program Correct Answer:
Encryption is an essential but incomplete form of access control
The number and types of layers needed for defense in depth are a function of Correct Answer:
Asset value, criticality, reliability of each control and degree of exposure.
Put the steps of the penetration testing phase into the correct order Correct Answer: Planning,
Discovery, Attack, Reporting
System hardening should implement the principle of Correct Answer: Least privilege or access
control
Which of the following are considered functional areas of network management as defined by
ISO? Correct Answer: Accounting management, Fault management, Performance management,
Security management
Virtualization involves Correct Answer: Multiple guests coexisting on the same server in
isolation of one another
Vulnerability management begins with an understanding of cybersecurity assets and their
locations, which can be accomplished by Correct Answer: Maintaining an asset inventory.
