WGU C727 Cybersecurity Management I Strategic, Final Exam Practice Questions and Answers Latest Updated

WGU C727 Cybersecurity Management I Strategic, Final Exam Practice Questions and Answers Latest Updated 2023/2024. Enterprise-wide risk management (ERM) (CH1): Typically synonymous with risk management for all sectors; also used to emphasize an integrated and holistic "umbrella" approach delivering objectives by managing risk across an organization, its silos, its risk specialist, and other subfunctions and processes. 5. Maturity model (CH1: A simplified system that "road-maps" improving, desired, anticipated, typical, or logical evolutionary paths of organization actions. The ascending direction implies progression increases organization effectiveness over time (albeit subject to stasis and regression). 6. Cybersecurity (CH2): Cybersecurity is the ongoing application of best practices 3 / 39 intended to ensure and preserve confidentiality, integrity, and availability of digital information as well as the safety of people and environments 7. Pillars of Security CIA and Safety: The pillars of cybersecurity used to be a triadconfidentiality, integrity, and availability. Safety is the newest member of the roster, 4 / 39 making it a lovely quartet, and introduced to address everyday life threats posed bythe Internet of Things (IoT). 8. Confidentiality: In general, there are three accepted degrees of confidentiality: top secret, secret, and confidential. 9. Disclosure of information could cause:: Disclosure of information could cause: Exceptionally grave prejudice Serious harm Harm Disadvantage 10. To properly protect the confidentiality of data, which of the following is most important to define? -Acceptable use policy -Data Classification -Risk appetite -Encryption algoriths: Data Classification Every organization will approach data confidentiality differently but will require some sort of data classification (e.g., public, confidential, secret, top secret). Without having an established classification scheme, and subsequent proper labeling of the 5 / 39 data, it is very difficult to effectively implement data confidentiality. 11. Integrity: Integrity is the set of practices and tools (controls) designed to protect, maintain, and ensure both the accuracy and completeness of data over its entire life cycle. How do you achieve integrity? You do it by implementing digital signatures, write once read many logging mechanisms, and hashing. 12. Availability: Availability, pillar number 3, is the set of practices and tools designed to ensure timely access to data. If your computer is down, availability is compromised. If your Internet connection is moving at a snail's pace, availability is compromised. How do you ensure availability? In one word? Backup. In two words? Redundancy and backup. 13. Safety: Finally, term number 4: safety. It is the newest pillar in cybersecurity, but one whose impact is potentially the most critical. This is where cybersecurity incidents could result in injuries, environmental disasters, and even loss of life. You may be a user of a connected medical device, potentially putting you at mortal risk if that device is hacked. Or, you may be in a connected car, plane, or train. Or, you may be in charge of a business that is responsible for water purification for 6 / 39 thousands of people, or of a utility that millions of people rely on for life sustaining services like electricity. 14. Which scenario is an accurate example of a potential threat to availability? -Jane sends an email to Bob pretending to be Alice. -You are unable to access a file that you are not authorized to open. -John successfully intercepts and reads an email from Alice to Bob. -Your favourite website says it is down for planned maintenance.: -Your favourite website says it is down for planned maintenance. Despite being planned downtime, the website is still unavailable to you when you visit, which impacts the availability of the service. Pretending to be someone else in an email impacts integrity, as the email source has been spoofed and the sender is not verified. Intercepting someone else's email is an example of a confidentiality breach, as John has been able to read a message intended for Bob. Not being able taccess a file seems like it could be an availability issue, however availability relates to a service that is down for authorized users. A file that cannot be accessed by an unauthorized user is a security control working as intended. 15. Success in cybersecurity, therefore, will be the absence of impact on confidentiality, integrity, and availability of digital information no matter where 7 / 39 it is (stationary/stored, traveling/transmitted, or processed).: 16. Cybersecurity is the ongoing application of best practices intended to ensure and preserve confidentiality, integrity, and availability of digital information as well as the safety of people and environments.: 17. When it comes to cybersecurity the main standards that apply are (alphabetically):: The European Telecommunications Standards Institute (ETSI) TR 103 family of standards The IASME standards for small and medium sized enterprises (IASME stands for Information Assurance for Small and Medium sized Enterprises) The Information Security Forum (ISF) Standard of Good Practice (SoGP) The International Society for Automation (ISA) ISA62443 standards for industrial automation and control systems The Internet Engineering Task Force (IETF) via their Request For Comments (RFC) 2196 memorandum The Information Systems Audit and Control Association, now known only as ISACA, through their COBIT framework and Cybersecurity Nexus (CSX) resources The Institute for Security and Open Methodologies (ISECOM) with their Open Source Security Testing Methodology Manual (OSSTMM) and the Open Source Cybersecurity Playbook 8 / 39 The ISO 27000 family of standards (ISO 27000-ISO27999) 9 / 39 The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) The North American Electric Reliability Corporation (NERC), which via its Critical Infrastructure Protection (CIP) family of standards addresses electric systems and network security 18. NIST CSF Standard: identify, protect, detect, respond, and recover: The identify function is where you develop an understanding of what your risks are, what your assets are, and what your capabilities are. Protect is your set of plans and actions that put in place the right controls (remembercontrols do stuff) to protect the assets. Detect is the set of plans and actions that you will use to identify, classify, etc., an attack against your assets. Respond is the set of activities that you engage in response to an attack. Finally, recover refers to whatever plans or protocols you have in place to bring things back to normal after an attack. 19. Here are the five functions of the NIST Cybersecurity Framework: Identify Develop understanding of risks, assets, and capabilities. Protect Create plans and actions for putting adequate controls in place. Detect Identify and classify an attack against assets. 10 / 39 Respond Perform activities and actions as the result of an attack. Recover Bring systems and processes back to normal. 20. Question : A system administrator has been assigned the responsibility of securing a newly deployed system. As part of her tasks, she disables unneeded ports, protocols, and services, removes unnecessary software, and enables secure communication protocols for system management. What is this an example of? -Reducing the attack surface -Turning on system security -Implementing ISO 27001 -Preventing a denial of service: Reducing the attack surface The attack surface references the potential areas of vulnerability within a system that an attacker may launch an attack against. By reducing the attack surface (such as removing unneeded services or software), the potential attacker has less of a "surface" to attack, making a successful breach more difficult and increasing the overall security posture of the system. 11 / 39 21. Controls are actions that mitigate risk: (prevent, detect, correct, or compensate against risk.): *Preventive controls are designed to prevent the attack fromreaching the asset in the first place. A nondigital preventive control might be a pair of big burly guys, armed to the teeth, who physically guard your assets. Digital preventive controls include, as we already discussed, cybersecurity awareness training as well as more technical controls like firewalls, intrusion prevention systems(IPS; designed to both detect and thwart an attack). *Detective controls are designed to identify that an attack is occurring, including what kind of an attack, where it came from, what it used, and, if you're lucky, who may be behind it. For example, motion detectors that set off sirens waking up the aforementioned big burly guys and send them to go chase the intruder are detective controls. These days, these motion detectors can take the form of sophisticated cameras, detecting motion, plus capturing images and sounds. Digital detective controls include antivirus and antimalware systems, as well as intrusion detection systems (IDS; designed to detect abnormal patterns in networks or systems and raise the alarm). *Corrective controls are designed to minimize the damage from an attack. Examples include restoring from backup, patching the systems with the latest security fixes, 12 / 39 upgrading to the latest version of applications and operating systems, and the like. *Compensating controls are designed to compensate for the failure or absence of other controls and mitigate the damage from an attack. Examples include having a hot failover site (a geographically separate site that mirrors your environment, available the instant you need it), isolating critical systems from the Internet (aka air gapping), and, in general, backup and disaster recovery plans that can keep thelights on while everyone else is in the dark 22. Type of Controls and examples: Preventive Security guards, locked doors, andfirewalls Detective Intrusion detection system, motion detectors, and security cameras Corrective Data restoration, system patch installation, and software upgrades Compensating Redundant network connection, battery backup, and system isolation 23. threat: the impending prospect of something bad happening A threat is a combination of a threat agent and an action. An example of a threat would be a script kiddie exploiting a cross-site scripting vulnerability on a website. The script kiddie is the threat agent performing the action (exploiting the vulnerability). 13 / 39 24. attack: the realization of a threat 25. Threat Agents: Cybercriminals Motives: "Show me the money," plain and simple. Insiders (e.g., employees) Motives: money and revenge, not necessarily in that order. Nation States Motives: cyberwarfare or intellectual property theft, competitive intelligence gathering, etc. Corporations Motives: cyber corporate warfare or intellectual property theft, competitive intelligence gathering, etc. Hacktivists Motives: activism of one sort or another, often but not always altruistically motivated (freedom of speech, fight against injustice, etc.). 14 / 39 Cyber Fighters Motives: nationally motivated "patriots" like the Yemen and Iranian Cyber Army. Cyberterrorists Motives: to create fear, chaos. Terrorist by any other name. Script Kiddies Motives: young people "hacking for the fun of it" and causing havoc, be it intentional or not. 26. An incident handler assigned to the security operations center receives an alert about an attack on the organization's website. Upon further investigation, she finds that a script kiddie has successfully used a cross-site scripting attack to deface the website. What is the threat agent in this scenario? -The script kiddie exploiting the vulnerability -The script kiddie -The cross-site scripting vulnerability -The incident handler: The script kiddie A threat is a combination of a threat agent and an action. An example of a threat 15 / 39 would be a script kiddie exploiting a cross-site scripting vulnerability on a website. The script kiddie is the threat agent performing the action (exploiting the vulnerability). 27. ENISA has noted these four key trends that influence the activities of threat agents, still holding true today:: Consumerization of cybercrime: Just as Lowe's and Home Depot made home renovations more available to the masses, new tools are making cybercrime broadly accessible. There are many do it yoursehacking kits available for purchase or even free download. It is also fairly easy to hire a hacker to attack a target. Worse: There are both franchising opportunities and affiliate programs for cybercriminals as well as exciting new commercial avenues like ransomware as a service whereby you can get your own custom ransomwa for little money up front for a percentage of the extorted profits. A financial win win for everyone involved, unless, of course, you're one of the victims. All this leads to: Low barriers to entry for technical novices: If you're motivated, you can start your career as a cybercriminal easily. There are hacker universities in which you can get training, and when you purchase some of the ready made hacking kits you can evenget expert tech support! Dark net mystique: The dark net is now like how the Internet was in the 1990s. It is perceived as being used only by dangerous geeks, and normal users are 16 / 39 discouraged from peeking in. For that matter, one has to jump through a whole set of technical hoops to gain access, further making the dark net an excellent hideout for cybercriminals.