INTRODUCTION – Protect Against Threats, Risks and Vulnerabilities

TEST YOUR KNOWLEDGE: FRAMEWORKS AND CONTROLS

1. Fill in the blank: A security ______   is a set of guidelines used for building plans to help mitigate risk and threats to data and privacy.

2. An organization requires its employees to complete a new data privacy training program each year to reduce the risk of a data breach. What is this training requirement an example of?

3. What is a foundational model that informs how organizations consider risk when setting up systems and security policies?

4. Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk.

5. What is the CIA triad?

TEST YOUR KNOWLEDGE: ETHICS IN CYBERSECURITY

1. An employee trained to handle Pll and SPII leaves confidential patient information unlocked in a public area. Which ethical principles does this violate? Select all that apply.

2. Fill in the blank: Privacy protection means safeguarding _____ from unauthorized use.

3. You receive a text message on your personal device from your manager stating that they cannot access the company’s secured online database. They’re updating the company’s monthly party schedule and need another employee’s birth date right away. Your organization’s policies and procedures state that employee information should never be accessed or shared through personal communication channels. What should you do?

4. You work for a U.S.-based utility company that suffers a data breach. Several hacktivist groups claim responsibility for the attack. However, there is no evidence to verify their claims. What is the most ethical way to respond to this incident?

MODULE 3 CHALLENGE

1. What are some of the primary purposes of security frameworks? Select three answers.

2. Which of the following are core components of security frameworks? Select two answers.

3. Fill in the blank: A security professional implements encryption and multi-factor authentication (MFA) to better protect customers’ private data. This is an example of using _____

4. You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on confidentiality, availability, and what else?

5. Fill in the blank: A key aspect of the CIA triad is ensuring that only ______ can access specific assets.

6. Which of the following statements accurately describe the NIST CSF? Select all that apply.

7. For what reasons might disgruntled employees be some of the most dangerous threat actors? Select two answers.

8. A security professional overhears two employees discussing an exciting new product that has not been announced to the public. The security professional chooses to follow company guidelines with regards to confidentiality and does not share the information about the new product with friends. Which concept does this scenario describe?

9. Fill in the blank: The ethical principle of ______ involves safeguarding a company database that contains sensitive information about employees.

10. Which ethical principle describes the rules that are recognized by a community and enforced by a governing entity?

11. Fill in the blank: A security professional has been tasked with implementing strict password policies on workstations to reduce the risk of password theft. This is an example of

12. You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on integrity, availability, and what else?

13. Fill in the blank: As a security professional, you monitor the potential threats associated with _____ because they often have access to sensitive information, know where to find it, and may have malicious intent.

14. A security professional is updating software on a coworker’s computer and happens to see a very interesting email about another employee. The security professional chooses to follow company guidelines with regards to privacy protections and does not share the information with coworkers. Which concept does this scenario describe?

15. A security professional working at a bank is running late for a meeting. They consider saving time by leaving files on their desk that contain client account numbers. However, after thinking about company guidelines with regards to compliance, the security professional takes the time to properly store the files. Which concept does this scenario describe?

16. Fill in the blank: The ethical principle of _____ involves safeguarding an organization’s human resources records that contain personal details about employees.

17. You are a security professional working for a state motor vehicle agency that stores drivers’ national identification numbers and banking information. Which ethical principle involves adhering to rules that are intended to protect these types of data?

18. Which of the following are core components of security frameworks? Select two answers.

19. You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on confidentiality, integrity, and what else?

20. Fill in the blank: ____ are items perceived as having value to an organization.

21. Which of the following statements accurately describe the NIST CSF? Select all that apply.

22. Fill in the blank: Some of the most dangerous threat actors are ______ because they often know where to find sensitive information, can access it, and may have malicious intent.

23. Which ethical principle describes safeguarding personal information from unauthorized use?

24. Fill in the blank: The ethical principle of _____  involves adhering to compliance regulations.

25. Fill in the blank: A security professional has been tasked with implementing safeguards to reduce suspicious activity on their company’s network. They use ______ to help them reduce this type of risk.

26. What are some of the primary purposes of security frameworks? Select three answers.