1
1
1
1
1
1
1
1
A website uses "HTTPS" instead of "HTTP." What additional security feature does HTTPS provide?
A user installs a Free Game on their computer. Shortly after, they notice their computer is running slowly and sending data without their knowledge. What type of malware has most likely been installed?
Why is it important to regularly update Software and Operating Systems from a Cybersecurity perspective?
Which of the following best explains why using public Wi-Fi without a VPN can be risky?
A ransomware attack encrypts all files on a company's server and demands payment for the decryption key. Which cybersecurity principle has been most directly violated?
A Social Engineering Attack involves an attacker calling an employee and pretending to be from the IT Department, asking for their password. What is the best term for this specific type of Social Engineering?
How does a Denial of Service (DoS) attack affect a target system?
A School Network Administrator notices unusual spikes in network traffic late at night when no students are present. The traffic appears to be originating from several computers in the Computer Lab and is being sent to an unknown External Server. Using your knowledge of Cybersecurity, what is the most likely explanation, and what should the Administrator do first?
A company is designing a new cybersecurity policy. They must choose between two approaches: (1) Allow all network traffic by default and block only known threats, or (2) Block all network traffic by default and allow only verified, necessary traffic. Which approach is more secure and why?
An attacker wants to gain access to a system protected by a password. The attacker uses an automated tool that systematically tries every possible combination of characters until the correct password is found. If a password is 4 characters long and uses only lowercase letters (26 possibilities per character), how many possible combinations must the attacker try in the worst case? Use the formula 26^n where n is the number of characters.
A Cybersecurity Analyst is reviewing logs and finds that an attacker gained access to a system by exploiting a vulnerability in an outdated web application, then used that access to move to other systems on the network, and finally exfiltrated sensitive data. Which Cybersecurity Strategy, if properly implemented, would have been MOST effective at limiting the attacker's ability to move between systems?
A student is creating a Security plan for their School's Computer Lab. They want to ensure that even if one Security measures fail, other measures will still protect the systems. Which Cybersecurity Principle does this strategy reflect, and which combination of measures best implements it?
An organization discovers that an employee has been sending confidential company data to a personal email account over several months. Which combination of cybersecurity controls, if implemented beforehand, would have been MOST effective at detecting and preventing this insider threat?
A Hacker intercepts encrypted communication between two users. Even though the hacker cannot read the messages now, they store the encrypted data hoping that future advances in computing will allow them to decrypt it. What type of threat does this represent, and what is the best long-term defense against it?
A Cybersecurity Team is evaluating the risk of a potential attack on their system. They know that the probability of a successful attack occurring is 1/5 and the potential financial loss if the attack succeeds is $50,000. Using the formula for expected loss: Expected Loss = Probability × Impact, what is the expected financial loss from this threat?
A School is deciding whether to store student records on a Local Server or in a Cloud-based System. From a Cybersecurity perspective, which of the following represents the most Well-reasoned Analysis of the trade-offs?
A Cybersecurity Analyst notices that a series of failed login attempts are being made on a company's server, each attempt using a slightly different password derived from a list of commonly used passwords. After analyzing the pattern, the analyst determines the attack is automated. Which type of attack is being carried out,
and what is the MOST effective combination of countermeasures to stop it?
_____ are like laws within the boundaries of an Organization.
Which of the following is NOT part of the choice of an Organizational Security Architecture?
Another word or phrase that means "incident candidate" is ______.
Which of the following is NOT a method for testing Contingency plan?
Which of following is NOT one of the three general information Security policy categories?
Privacy of Customer Information may be violated by which of the following?
InfoSec _______ management is the process of designing, implementing, and managing the use of the collective Data elements (called measurements or metrics) to determine the effectiveness of the overall Security program.
Overtime, policies and procedures may become inadequate because of _______.
A Virtual Private Network (VPN) uses Encryption Technology and Security protocols to encrypt traffic transmitted across unsecured Public Networks.
Which of there is NOT one of the major categories of Firewall processing modes?
The principle of limiting User Access Privileges to a specific information required to perform their assigned tasks are known as _________.
Security Industry certifications are often used to help filter Applicants for jobs, but suffer which of the following challenges?
Scanning and Analysis Tools can be used by Organizations and Attackers for which of the following purposes?
______ are a type of Intrusion Detection and Prevention System (IDPS) focused on protecting Information assets by examining communication traffic.
A Project Manager is an important part of any Information Security Project, as that person is responsible for coordinating activities such as ___________.
Which of these is NOT a part of the Organizational Change Model used to support Change Management for Information Security requirements.
The secure Hash function is used in Cryptography to confirm a message's _________.
HyperText Transfer Protocol Secure (HTTPS) is used to provide which of these functions for Web-based communications.
A potential weakness in an Asset or its Defensive Control System is called a ___________.
The Information Security Project Team should consist of people with what rules and experience?
Which group(s) of people are responsible for facilitating the Information Security Program that protects the Organization's ability to function?
The process of using Interpersonal Skills to convince people to reveal or access credentials or valuable information to an attacker is known as ___________.
Shifting risks to other areas or to outside entities is a Risk Treatment known as ____________.
The result of this calculation of likelihood of Threat Event (attack) occurrence multiplied by Impact (or consequence), plus or minus an Element (uncertainity) is known as _________.
Which of these is often the most valuable asset that the Information Security Organization tries to protect?
What does the term "malware" stand for?
What is the primary purpose of a Firewall?
What does "HTTP" stand for?
Which of the following is an example of a strong password?
What is phishing?
What does "VPN" stand for?
Which of the following best describes encryption?
What is two-factor authentication (2FA)?
Which of the following is NOT a type of malware?
What does "CIA" stand for in the context of CyberSecurity?
A student receives an email claiming to be from their school asking for their login credentials. The email contains a link to a website that looks identical to the school's official site. Which type of Cyberattack does this scenario best represents?
A company stores its user passwords as plain text in a database. Why is this considered a poor Cybersecurity practice?
Which of the following actions best demonstrates the concept of "least privilege" in Cybersecurity?