COURSE 1: FOUNDATIONS OF CYBERSECURITY

Module 2: The Evolution of Cybersecurity

GOOGLE CYBERSECURITY PROFESSIONAL CERTIFICATE

Coursera Study Guide

Enroll in Coursera Google Cybersecurity Professional Certificate

TABLE OF CONTENT

INTRODUCTION – The Evolution of Cybersecurity

Embark on an exploration of the dynamic evolution of cybersecurity threats, tracing their emergence alongside the widespread adoption of computers. Gain insights into the historical and contemporary cyber attacks that have significantly shaped the development of the security field. Delve into the intricacies of these attacks, unraveling their impact on the ever-evolving landscape of cybersecurity.

Furthermore, acquire a comprehensive overview of the eight security domains, providing a structured understanding of the key facets within the realm of cybersecurity. This exploration offers a holistic perspective, allowing you to grasp the historical context and current landscape of cybersecurity threats and countermeasures.

Learning Objectives

  • Identify the most common types of attacks, past and present
  • Identify how security attacks impact business operations
  • Recognize how past and present attacks on business operations have led to the development of the security field
  • Identify the CISSP eight security domains

TEST YOUR KNOWLEDGE: THE HISTORY OF CYBERSECURITY

1. Fill in the blank: A computer virus is malicious _____ that interferes with computer operations and causes damage.

  • code (CORRECT)
  • hardware
  • sequencing
  • formatting

A computer virus is a malicious code that interferes with computer operations and causes damage. A virus is a type of malware.

2. What is one way that the Morris worm helped shape the security industry?

  • It made organizations more aware of the significant financial impact of security incidents.
  • It prevented the development of illegal copies of software. (CORRECT)
  • It led to the development of computer response teams.
  • It inspired threat actors to develop new types of social engineering attacks.

The Morris worm helped shape the security industry because it led to the development of computer emergency response teams, now commonly referred to as computer security incident response teams (CSIRTS).

3. What were the key impacts of the Equifax breach? Select two answers.

  • Millions of customers’ PII was stolen. (CORRECT)
  • Phishing became illegal due to significant public outcry.
  • The significant financial consequences of a breach became more apparent. (CORRECT)
  • Developers were able to track illegal copies of software and prevent pirated licenses.

The key impacts of the Equifax breach were the fact that millions of customers’ PII was stolen and that the significant financial consequences of a breach became more apparent.

4. Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables.

  • True
  • False (CORRECT)

Social engineering, such as phishing, is a manipulation technique that relies on human error (not computer error) to gain private information, access, or valuables.

5. What type of manipulation technique was the LoveLetter attack?

  • Login credentials
  • Unsolicited email
  • Social engineering (CORRECT)
  • Digital communication

The LoveLetter attack was an example of social engineering. Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables.

TEST YOUR KNOWLEDGE: THE EIGHT CISSP SECURITY DOMAINS

1. Fill in the blank: Examples of security _____ include security and risk management and security architecture and engineering.

  • domains (CORRECT)
  • data
  • networks
  • assets

Examples of security domains include security and risk management and security architecture and engineering.

2. A security professional is asked to destroy and dispose of old hard drives that include confidential customer information. Which security domain is this task related to?

  • Asset security (CORRECT)
  • Software development security
  • Communication and network security
  • Security and risk management

This task is related to the asset security domain. This domain focuses on managing and securing digital and physical assets, as well as the storage, maintenance, retention, and destruction of data.

3. Your supervisor asks you to audit user permissions for payroll data to ensure no unauthorized employees have access to it. Which security domain is this audit related to?

  • Asset security
  • Security assessment and testing (CORRECT)
  • Security operations
  • Software development security

This is related to security assessment and testing, which often involves regular audits of user permissions to make sure employees and teams have the correct level of access.

4. You are asked to investigate an alert related to an unknown device that is connected to the company’s internal network. After you complete your investigation, you follow company policies and procedures to implement preventative measures that will stop the potential threat posed by the device. Which security domain is this scenario related to?

  • Asset security
  • Security architecture and engineering
  • Software development security
  • Security operations (CORRECT)

This is related to the security operations domain, which is focused on conducting investigations and implementing preventative measures. In this scenario, following company policies and procedures to stop the potential threat is an example of taking preventative measures.

MODULE 2 CHALLENGE

1. Which of the following threats are examples of malware? Select two answers.

  • Error messages
  • Viruses (CORRECT)
  • Worms (CORRECT)
  • Bugs

2. Fill in the blank: Social engineering is a ______   that exploits human error to gain private information, access, or valuables.

  • manipulation techniques (CORRECT)
  • replicating virus
  • type of malware
  • business breach

Correct!

3. Which of the following threats are most likely to occur in the event of a phishing attack? Select all that apply.

  • Malicious software being deployed (CORRECT)
  • Theft of the organization’s hardware
  • Employees inadvertently revealing sensitive data (CORRECT)
  • Overtaxing systems with too many internal emails

Correct!

4. Which domain involves defining security goals and objectives, risk mitigation, compliance, business continuity, and the law?

  • Security architecture and engineering
  • Security assessment and testing
  • Identity and access management
  • Security and risk management (CORRECT)

Correct!

5. Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?

  • Security architecture and engineering (CORRECT)
  • Communication and network security
  • Identity and access management
  • Security and risk management

Correct!

6. Which domain involves securing digital and physical assets, as well as managing the storage, maintenance, retention, and destruction of data?

  • Security operations
  • Communication and network security
  • Security assessment and testing
  • Asset security (CORRECT)

Correct!

7. A security professional is auditing user permissions at their organization in order to ensure employees have the Correct! access levels. Which domain does this scenario describe?

  • Security and risk management
  • Security assessment and testing (CORRECT)
  • Asset security
  • Communication and network security

Correct!

8. Which of the following tasks may be part of the identity and access management domain? Select three answers.

  • Ensuring users follow established policies (CORRECT)
  • Managing and controlling physical and logical assets (CORRECT)
  • Setting up an employee’s access keycard (CORRECT)
  • Conducting security control testing

Correct!

9. Which domain involves conducting investigations and implementing preventive measures?

  • Security operations (CORRECT)
  • Security and risk management
  • Identity and access management
  • Asset security

Correct!

10. Fill in the blank: A _____   is malicious code written to interfere with computer operations and cause damage to data.

  • software breach
  • spyware attack
  • business disruption
  • computer virus (CORRECT)

Correct!

11. Fill in the blank: Exploiting human error to gain access to private information is an example of _________  engineering.

  • communication
  • digital
  • social (CORRECT)
  • network

Correct!

12. A security professional is researching compliance and the law in order to define security goals. Which domain does this scenario describe?

  • Security assessment and testing
  • Security architecture and engineering
  • Security and risk management (CORRECT)
  • Identity and access management

Correct!

13. Which of the following tasks may be part of the security architecture and engineering domain? Select all that apply.

  • Validating the identities of employees
  • Ensuring that effective systems and processes are in place (CORRECT)
  • Configuring a firewall (CORRECT)
  • Securing hardware

Correct!

14. A security professional is ensuring proper storage, maintenance, and retention of their organization’s data. Which domain does this scenario describe?

  • Asset security (CORRECT)
  • Security assessment and testing
  • Security operations
  • Communication and network security

Correct!

15. Which of the following tasks may be part of the security assessment and testing domain? Select all that apply.

  • Conducting security audits (CORRECT)
  • Collecting and analyzing data
  • Auditing user permissions (CORRECT)
  • Securing physical networks and wireless communications

Correct!

16. Which domain involves keeping data secure by ensuring users follow established policies to control and manage physical assets?

  • Security assessment and testing
  • Security and risk management
  • Communication and network security
  • Identity and access management (CORRECT)

Correct!

17. Which of the following tasks may be part of the security operations domain? Select all that apply.

  • Conducting investigations (CORRECT)
  • Implementing preventive measures (CORRECT)
  • Investigating an unknown device that has connected to an internal network (CORRECT)
  • Using coding practices to create secure applications

Correct!

18. Fill in the blank: Social engineering is a manipulation technique that exploits______   error to gain access to private information.

  • human (CORRECT)
  • computer
  • coding
  • network

Correct!

19. A security professional conducts internal training to teach their coworkers how to identify a social engineering attack. What types of security issues are they trying to avoid? Select all that apply.

  • Phishing attacks (CORRECT)
  • Overtaxing systems with too many internal emails
  • Employees inadvertently revealing sensitive data (CORRECT)
  • Malicious software being deployed (CORRECT)

Correct!

20. Which of the following tasks are part of the security and risk management domain? Select all that apply.

  • Securing physical assets
  • Defining security goals and objectives (CORRECT)
  • Business continuity (CORRECT)
  • Compliance (CORRECT)

Correct!

21. Fill in the blank: The _____  spread globally within a couple of months due to users inserting a disk into their computers that was meant to track illegal copies of medical software.

  • LoveLetter attack
  • Morris worm
  • Brain virus (CORRECT)
  • Equifax breach

Correct!

22. Which of the following tasks may be part of the asset security domain? Select all that apply.

  • Ensuring users follow established policies
  • Data storage and maintenance (CORRECT)          
  • Securing digital and physical assets (CORRECT)
  • Proper disposal of digital assets (CORRECT)

Correct!

23. A security professional is asked to issue a keycard to a new employee. Which domain does this scenario relate to?

  • Security assessment and testing
  • Identity and access management (CORRECT)
  • Security and risk management
  • Communication and network security

Correct!

24. Which security event, related to the successful infiltration of a credit reporting agency, resulted in one of the largest known data breaches of sensitive information, including customers’ social security and credit card numbers?

  • LoveLetter attack
  • Morris worm
  • Equifax breach (CORRECT)
  • Brain virus

Correct!

25. A security professional is asked to teach employees how to avoid inadvertently revealing sensitive data. What type of training should they conduct?

  • Training about network optimization
  • Training about social engineering (CORRECT)
  • Training about security architecture
  • Training about business continuity

Correct!

26. Which domain involves conducting, collecting, and analyzing data, as well as conducting security audits to monitor for risks, threats, and vulnerabilities?

  • Communication and network security
  • Identity and access management
  • Security assessment and testing (CORRECT)
  • Security and risk management

Correct!

Previous Module
Next Module

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe