Exam 16: Cybersecurity

The purpose of a ________, also called an IP probe, is to identify which hosts are active in the network by sending a communication to each IP address to see if there is a response packet.

What is an unusual links red flag?

What is an incorrect sender address red flag?

The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). One of the control families is Access Control. What ID does Access Control family use?

Which of the following is an example of a Denial-of-Service internal control?

What is polite tailgating?

Match the cybersecurity threat to the following control activity: -Ensure that the information system uniquely identifies and authenticates devices before establishing a connection.

What is a Botnet attack?

The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). The NIST-800-53 document is divided into 18 control families. One of the control families is Configuration Management. What ID does Configuration Management family use?

What is a Denial-of-service attack?

What two categories do cyberattacks fall into?

Cybersecurity programs are subject to different resource constraints and business needs depending on the size of the company. Who might be responsible for leading the cybersecurity program in a larger organization?

What is it called when a company performs sweeps and scans to detect and classify loopholes in their infrastructure?

RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Maeve, an Internal Auditor, started with RAM Manufacturing a month ago. Maeve arrives at work, parks her car and walks to a side entrance. There she finds Justin waiting. Justin tells her that he works for an equipment repair company, has been called out to RAM Manufacturing to make repairs on a piece of equipment and forgot his ID in his work truck. He asks if Maeve could let him enter the side entrance. Maeve has never met Justin before. What should Maeve do?

RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Maeve, the VP of Internal Audit is working with the chief technology officer, Justin, to propose an enterprise-wide data strategy project to the audit committee. Maeve suggests that the Internal Audit department perform a review of the company's data management and privacy procedures. This review will involve interviewing various departments throughout RAM Manufacturing to ask questions such as: • What guidelines are in place for data privacy? • How is data being shared? • Are communications masked or encrypted securely? • What are the differences between internal communications and communications with third parties? • Where is data being stored? • What procedures are in place for data retention? • Do these procedures meet regulatory standards? Maeve and Justin must decide which framework(s) to use as guidance for proposing recommendations for this project to the audit committee. What framework would you recommend? Justify your answer.

What is an urgency red flag?

A business can protect itself from DoS and DDoS attacks by ensuring that ________, routers, and intrusion detection systems are up-to-date, are properly configured, and will automatically block the ports where fake requests enter the system.

What are some of the things that attackers may do once they have broken into a network?

The terms "hacker" and "attacker" are used to refer to

Match the cybersecurity threat to the following control activity: -Prohibit password reuse for a specified number of generations.