CSX Cybersecurity Fundamentals
UPDATED QUESTIONS and CORRECT
Answers
- Redundancy
- Backups
- access controls - CORRECT ANSWER - Three common controls used to protect the
availability of information are
Providing strategic direction, Ensuring that objectives are achieved, Verifying that organizational
resources are being used appropriately, Ascertaining whether risk is being managed properly. -
CORRECT ANSWER - Governance has several goals, including
- Protect,
- Recover
- Identify - CORRECT ANSWER - According to the NIST framework, which of the
following are considered key functions necessary for the protection of digital assets?
Protecting information assets by addressing threats to information that is processed, stored or
transported by interworked information systems - CORRECT ANSWER - The best
definition for cybersecurity?
Cybersecurity management - CORRECT ANSWER - Cybersecurity role that is charged
with the duty of managing incidents and remediation?
risk to an organization's digital assets. - CORRECT ANSWER - The core duty of
cybersecurity is to identify, respond and manage
is anything capable of acting against an asset in a manner that can cause harm. - CORRECT
ANSWER - A threat
,is something of value worth protecting. - CORRECT ANSWER - A asset
is a weakness in the design, implementation, operation or internal controls in a process that could
be exploited to violate the system security - CORRECT ANSWER - A vulnerability
attack vector - CORRECT ANSWER - The path or route used to gain access to the target
asset is known as a
payload - CORRECT ANSWER - In an attack, the container that delivers the exploit to the
target is called
communicate required and prohibited activities and behaviors. - CORRECT ANSWER -
Policies
is a class of malware that hides the existence of other malware by modifying the underlying
operating system. - CORRECT ANSWER - Rootkit
provide details on how to comply with policies and standards. - CORRECT ANSWER -
Procedures
contain step-by-step instructions to carry out procedures. - CORRECT ANSWER -
Guidelines
also called malicious code, is software designed to gain access to targeted computer systems,
steal information or disrupt computer operations. - CORRECT ANSWER - Malware
are used to interpret policies in specific situations. - CORRECT ANSWER - Standards
, are solutions to software programming and coding errors. - CORRECT ANSWER -
Patches
includes many components such as directory services, authentication and authorization services,
and user management capabilities such as provisioning and deprovisioning. - CORRECT
ANSWER - Identity Management
Detect and block traffic from infected internal end points, Eliminate threats such as email spam,
viruses and worms, Control user traffic bound toward the Internet, Monitor and detect network
ports for rogue activity. - CORRECT ANSWER - The Internet perimeter should
ensures that data are transferred reliably in the correct sequence - CORRECT ANSWER -
Transport layer of the OSI
coordinates and manages user connections - CORRECT ANSWER - Session layer of the
OSI
Encryption is an essential but incomplete form of access control - CORRECT ANSWER -
best states the role of encryption within an overall cybersecurity program
Asset value, criticality, reliability of each control and degree of exposure. - CORRECT
ANSWER - The number and types of layers needed for defense in depth are a function of
Least privilege or access control - CORRECT ANSWER - System hardening should
implement the principle of
Accounting management, Fault management, Performance management, Security management -
CORRECT ANSWER - Which of the following are considered functional areas of network
management as defined by ISO?
Multiple guests coexisting on the same server in isolation of one another - CORRECT
ANSWER - Virtualization involves
UPDATED QUESTIONS and CORRECT
Answers
- Redundancy
- Backups
- access controls - CORRECT ANSWER - Three common controls used to protect the
availability of information are
Providing strategic direction, Ensuring that objectives are achieved, Verifying that organizational
resources are being used appropriately, Ascertaining whether risk is being managed properly. -
CORRECT ANSWER - Governance has several goals, including
- Protect,
- Recover
- Identify - CORRECT ANSWER - According to the NIST framework, which of the
following are considered key functions necessary for the protection of digital assets?
Protecting information assets by addressing threats to information that is processed, stored or
transported by interworked information systems - CORRECT ANSWER - The best
definition for cybersecurity?
Cybersecurity management - CORRECT ANSWER - Cybersecurity role that is charged
with the duty of managing incidents and remediation?
risk to an organization's digital assets. - CORRECT ANSWER - The core duty of
cybersecurity is to identify, respond and manage
is anything capable of acting against an asset in a manner that can cause harm. - CORRECT
ANSWER - A threat
,is something of value worth protecting. - CORRECT ANSWER - A asset
is a weakness in the design, implementation, operation or internal controls in a process that could
be exploited to violate the system security - CORRECT ANSWER - A vulnerability
attack vector - CORRECT ANSWER - The path or route used to gain access to the target
asset is known as a
payload - CORRECT ANSWER - In an attack, the container that delivers the exploit to the
target is called
communicate required and prohibited activities and behaviors. - CORRECT ANSWER -
Policies
is a class of malware that hides the existence of other malware by modifying the underlying
operating system. - CORRECT ANSWER - Rootkit
provide details on how to comply with policies and standards. - CORRECT ANSWER -
Procedures
contain step-by-step instructions to carry out procedures. - CORRECT ANSWER -
Guidelines
also called malicious code, is software designed to gain access to targeted computer systems,
steal information or disrupt computer operations. - CORRECT ANSWER - Malware
are used to interpret policies in specific situations. - CORRECT ANSWER - Standards
, are solutions to software programming and coding errors. - CORRECT ANSWER -
Patches
includes many components such as directory services, authentication and authorization services,
and user management capabilities such as provisioning and deprovisioning. - CORRECT
ANSWER - Identity Management
Detect and block traffic from infected internal end points, Eliminate threats such as email spam,
viruses and worms, Control user traffic bound toward the Internet, Monitor and detect network
ports for rogue activity. - CORRECT ANSWER - The Internet perimeter should
ensures that data are transferred reliably in the correct sequence - CORRECT ANSWER -
Transport layer of the OSI
coordinates and manages user connections - CORRECT ANSWER - Session layer of the
OSI
Encryption is an essential but incomplete form of access control - CORRECT ANSWER -
best states the role of encryption within an overall cybersecurity program
Asset value, criticality, reliability of each control and degree of exposure. - CORRECT
ANSWER - The number and types of layers needed for defense in depth are a function of
Least privilege or access control - CORRECT ANSWER - System hardening should
implement the principle of
Accounting management, Fault management, Performance management, Security management -
CORRECT ANSWER - Which of the following are considered functional areas of network
management as defined by ISO?
Multiple guests coexisting on the same server in isolation of one another - CORRECT
ANSWER - Virtualization involves
