Foundational cybersecurity concepts — Quiz

Foundational cybersecurity concepts

1. What is the most tactical (as opposed to strategic) goal of information security, as described in the text? (Choose one answer) a) Supporting the enterprise's strategic vision b) Ensuring compliance with regulations like HIPAA and PCI c) Protecting the confidentiality, integrity, and availability (CIA) of information assets d) Implementing advanced technical controls like DLP and SIEM

2. Which of the following sequences most accurately represents the phases of an information security risk assessment? (Choose one answer) a) Identify regulatory requirements, implement security controls, conduct a penetration test, report findings to management b) Identify information assets, assess the likelihood of an attack, assess the potential impact of an attack, and recommend mitigation options c) Develop security policies, deploy intrusion detection systems, measure system uptime, calculate return on investment d) Interview stakeholders, quantify the value of all assets, purchase cyber insurance, schedule the next assessment

3. An attacker uses a tool like sslstrip to force a victim's browser to use an unencrypted HTTP connection instead of HTTPS to intercept their login credentials. This is an example of which type of attack? (Choose one answer) a) Integrity Attack b) Availability Attack c) Confidentiality Attack d) Authentication Attack

4. The AAA framework is crucial for controlling and monitoring system access. Which component of AAA is responsible for determining what a user is allowed to do once their identity is verified? (Choose one answer) a) Authentication b) Authorization c) Accounting d) Auditing

5. Which of the following technologies is specifically highlighted as a key mitigation for ensuring data integrity by providing a way to verify that data has not been altered? (Choose one answer) a) Data Loss Prevention (DLP) b) DDoS Protection (e.g., Cloudflare) c) Hashing (e.g., SHA-256) d) Load Balancers (e.g., Nginx)