CSX Cybersecurity Fundamentals:
Practice Questions and Answers Rated
A+
Identity Management - ✔️✔️includes many components such as directory services,
authentication and authorization services, and user management capabilities such as
provisioning and deprovisioning.
Which of the following are considered functional areas of network management as
defined by ISO? - ✔️✔️Accounting management, Fault management, Performance
management, Security management
Governance has several goals, including - ✔️✔️Providing strategic direction, Ensuring
that objectives are achieved, Verifying that organizational resources are being used
appropriately, Ascertaining whether risk is being managed properly.
According to the NIST framework, which of the following are considered key functions
necessary for the protection of digital assets? - ✔️✔️- Protect,
- Recover
- Identify
The best definition for cybersecurity? - ✔️✔️Protecting information assets by
addressing threats to information that is processed, stored or transported by
interworked information systems
Cybersecurity role that is charged with the duty of managing incidents and remediation?
- ✔️✔️Cybersecurity management
The core duty of cybersecurity is to identify, respond and manage - ✔️✔️risk to an
organization's digital assets.
A threat - ✔️✔️is anything capable of acting against an asset in a manner that can
cause harm.
A asset - ✔️✔️is something of value worth protecting.
A vulnerability - ✔️✔️is a weakness in the design, implementation, operation or internal
controls in a process that could be exploited to violate the system security
The path or route used to gain access to the target asset is known as a - ✔️✔️attack
vector
, In an attack, the container that delivers the exploit to the target is called - ✔️✔️payload
Policies - ✔️✔️communicate required and prohibited activities and behaviors.
Rootkit - ✔️✔️is a class of malware that hides the existence of other malware by
modifying the underlying operating system.
Procedures - ✔️✔️provide details on how to comply with policies and standards.
Guidelines - ✔️✔️contain step-by-step instructions to carry out procedures.
Three common controls used to protect the availability of information are - ✔️✔️-
Redundancy
- Backups
- access controls
Malware - ✔️✔️also called malicious code, is software designed to gain access to
targeted computer systems, steal information or disrupt computer operations.
Standards - ✔️✔️are used to interpret policies in specific situations.
Patches - ✔️✔️are solutions to software programming and coding errors.
Transport layer of the OSI - ✔️✔️ensures that data are transferred reliably in the
correct sequence
Session layer of the OSI - ✔️✔️coordinates and manages user connections
best states the role of encryption within an overall cybersecurity program -
✔️✔️Encryption is an essential but incomplete form of access control
The number and types of layers needed for defense in depth are a function of -
✔️✔️Asset value, criticality, reliability of each control and degree of exposure.
System hardening should implement the principle of - ✔️✔️Least privilege or access
control
Virtualization involves - ✔️✔️Multiple guests coexisting on the same server in isolation
of one another
Vulnerability management begins with an understanding of cybersecurity assets and
their locations, which can be accomplished by - ✔️✔️Maintaining an asset inventory.
Practice Questions and Answers Rated
A+
Identity Management - ✔️✔️includes many components such as directory services,
authentication and authorization services, and user management capabilities such as
provisioning and deprovisioning.
Which of the following are considered functional areas of network management as
defined by ISO? - ✔️✔️Accounting management, Fault management, Performance
management, Security management
Governance has several goals, including - ✔️✔️Providing strategic direction, Ensuring
that objectives are achieved, Verifying that organizational resources are being used
appropriately, Ascertaining whether risk is being managed properly.
According to the NIST framework, which of the following are considered key functions
necessary for the protection of digital assets? - ✔️✔️- Protect,
- Recover
- Identify
The best definition for cybersecurity? - ✔️✔️Protecting information assets by
addressing threats to information that is processed, stored or transported by
interworked information systems
Cybersecurity role that is charged with the duty of managing incidents and remediation?
- ✔️✔️Cybersecurity management
The core duty of cybersecurity is to identify, respond and manage - ✔️✔️risk to an
organization's digital assets.
A threat - ✔️✔️is anything capable of acting against an asset in a manner that can
cause harm.
A asset - ✔️✔️is something of value worth protecting.
A vulnerability - ✔️✔️is a weakness in the design, implementation, operation or internal
controls in a process that could be exploited to violate the system security
The path or route used to gain access to the target asset is known as a - ✔️✔️attack
vector
, In an attack, the container that delivers the exploit to the target is called - ✔️✔️payload
Policies - ✔️✔️communicate required and prohibited activities and behaviors.
Rootkit - ✔️✔️is a class of malware that hides the existence of other malware by
modifying the underlying operating system.
Procedures - ✔️✔️provide details on how to comply with policies and standards.
Guidelines - ✔️✔️contain step-by-step instructions to carry out procedures.
Three common controls used to protect the availability of information are - ✔️✔️-
Redundancy
- Backups
- access controls
Malware - ✔️✔️also called malicious code, is software designed to gain access to
targeted computer systems, steal information or disrupt computer operations.
Standards - ✔️✔️are used to interpret policies in specific situations.
Patches - ✔️✔️are solutions to software programming and coding errors.
Transport layer of the OSI - ✔️✔️ensures that data are transferred reliably in the
correct sequence
Session layer of the OSI - ✔️✔️coordinates and manages user connections
best states the role of encryption within an overall cybersecurity program -
✔️✔️Encryption is an essential but incomplete form of access control
The number and types of layers needed for defense in depth are a function of -
✔️✔️Asset value, criticality, reliability of each control and degree of exposure.
System hardening should implement the principle of - ✔️✔️Least privilege or access
control
Virtualization involves - ✔️✔️Multiple guests coexisting on the same server in isolation
of one another
Vulnerability management begins with an understanding of cybersecurity assets and
their locations, which can be accomplished by - ✔️✔️Maintaining an asset inventory.
