CSX Cybersecurity Fundamentals:
Practice Questions
- Redundancy
- Backups
- access controls - Answer- Three common controls used to protect the availability of
information are
Providing strategic direction, Ensuring that objectives are achieved, Verifying that
organizational resources are being used appropriately, Ascertaining whether risk is
being managed properly. - Answer- Governance has several goals, including
- Protect,
- Recover
- Identify - Answer- According to the NIST framework, which of the following are
considered key functions necessary for the protection of digital assets?
Protecting information assets by addressing threats to information that is processed,
stored or transported by interworked information systems - Answer- The best
definition for cybersecurity?
Cybersecurity management - Answer- Cybersecurity role that is charged with the
duty of managing incidents and remediation?
risk to an organization's digital assets. - Answer- The core duty of cybersecurity is to
identify, respond and manage
is anything capable of acting against an asset in a manner that can cause harm. -
Answer- A threat
is something of value worth protecting. - Answer- A asset
is a weakness in the design, implementation, operation or internal controls in a
process that could be exploited to violate the system security - Answer- A
vulnerability
attack vector - Answer- The path or route used to gain access to the target asset is
known as a
payload - Answer- In an attack, the container that delivers the exploit to the target is
called
communicate required and prohibited activities and behaviors. - Answer- Policies
is a class of malware that hides the existence of other malware by modifying the
underlying operating system. - Answer- Rootkit
, provide details on how to comply with policies and standards. - Answer- Procedures
contain step-by-step instructions to carry out procedures. - Answer- Guidelines
also called malicious code, is software designed to gain access to targeted computer
systems, steal information or disrupt computer operations. - Answer- Malware
are used to interpret policies in specific situations. - Answer- Standards
are solutions to software programming and coding errors. - Answer- Patches
includes many components such as directory services, authentication and
authorization services, and user management capabilities such as provisioning and
deprovisioning. - Answer- Identity Management
Detect and block traffic from infected internal end points, Eliminate threats such as
email spam, viruses and worms, Control user traffic bound toward the Internet,
Monitor and detect network ports for rogue activity. - Answer- The Internet perimeter
should
ensures that data are transferred reliably in the correct sequence - Answer-
Transport layer of the OSI
coordinates and manages user connections - Answer- Session layer of the OSI
Encryption is an essential but incomplete form of access control - Answer- best
states the role of encryption within an overall cybersecurity program
Asset value, criticality, reliability of each control and degree of exposure. - Answer-
The number and types of layers needed for defense in depth are a function of
Least privilege or access control - Answer- System hardening should implement the
principle of
Accounting management, Fault management, Performance management, Security
management - Answer- Which of the following are considered functional areas of
network management as defined by ISO?
Multiple guests coexisting on the same server in isolation of one another - Answer-
Virtualization involves
Maintaining an asset inventory. - Answer- Vulnerability management begins with an
understanding of cybersecurity assets and their locations, which can be
accomplished by
Preparation, Detection and analysis, Investigation, Mitigation and recovery,
Postincident analysis - Answer- Arrange the steps of the incident response process
into the correct order
Practice Questions
- Redundancy
- Backups
- access controls - Answer- Three common controls used to protect the availability of
information are
Providing strategic direction, Ensuring that objectives are achieved, Verifying that
organizational resources are being used appropriately, Ascertaining whether risk is
being managed properly. - Answer- Governance has several goals, including
- Protect,
- Recover
- Identify - Answer- According to the NIST framework, which of the following are
considered key functions necessary for the protection of digital assets?
Protecting information assets by addressing threats to information that is processed,
stored or transported by interworked information systems - Answer- The best
definition for cybersecurity?
Cybersecurity management - Answer- Cybersecurity role that is charged with the
duty of managing incidents and remediation?
risk to an organization's digital assets. - Answer- The core duty of cybersecurity is to
identify, respond and manage
is anything capable of acting against an asset in a manner that can cause harm. -
Answer- A threat
is something of value worth protecting. - Answer- A asset
is a weakness in the design, implementation, operation or internal controls in a
process that could be exploited to violate the system security - Answer- A
vulnerability
attack vector - Answer- The path or route used to gain access to the target asset is
known as a
payload - Answer- In an attack, the container that delivers the exploit to the target is
called
communicate required and prohibited activities and behaviors. - Answer- Policies
is a class of malware that hides the existence of other malware by modifying the
underlying operating system. - Answer- Rootkit
, provide details on how to comply with policies and standards. - Answer- Procedures
contain step-by-step instructions to carry out procedures. - Answer- Guidelines
also called malicious code, is software designed to gain access to targeted computer
systems, steal information or disrupt computer operations. - Answer- Malware
are used to interpret policies in specific situations. - Answer- Standards
are solutions to software programming and coding errors. - Answer- Patches
includes many components such as directory services, authentication and
authorization services, and user management capabilities such as provisioning and
deprovisioning. - Answer- Identity Management
Detect and block traffic from infected internal end points, Eliminate threats such as
email spam, viruses and worms, Control user traffic bound toward the Internet,
Monitor and detect network ports for rogue activity. - Answer- The Internet perimeter
should
ensures that data are transferred reliably in the correct sequence - Answer-
Transport layer of the OSI
coordinates and manages user connections - Answer- Session layer of the OSI
Encryption is an essential but incomplete form of access control - Answer- best
states the role of encryption within an overall cybersecurity program
Asset value, criticality, reliability of each control and degree of exposure. - Answer-
The number and types of layers needed for defense in depth are a function of
Least privilege or access control - Answer- System hardening should implement the
principle of
Accounting management, Fault management, Performance management, Security
management - Answer- Which of the following are considered functional areas of
network management as defined by ISO?
Multiple guests coexisting on the same server in isolation of one another - Answer-
Virtualization involves
Maintaining an asset inventory. - Answer- Vulnerability management begins with an
understanding of cybersecurity assets and their locations, which can be
accomplished by
Preparation, Detection and analysis, Investigation, Mitigation and recovery,
Postincident analysis - Answer- Arrange the steps of the incident response process
into the correct order
