Week 1
Week 1 practice quiz
Test your knowledge: Introduction to cybersecurity
Practice Quiz. • 8 min. • 4 total points available.4 total points
Question 1
Fill in the blank: Cybersecurity is the practice of ensuring _____ by protecting networks, devices, people, and data from unauthorized access or criminal exploitation.
1 point
confidentiality, integrity, and availability of information
compliance, instructions, and accuracy
continuity, infrastructure, and attainment of business goals
customer trust, increased revenue, and advancement
Question 2
What are the primary responsibilities of an entry-level security analyst? Select three answers.
1 point
Search for weaknesses
Monitor systems
Create compliance laws
Protect information
Question 3
Fill in the blank: Performing _____ enables security professionals to review an organization's security records, activities, and related documents.
1 point
software developments
penetration tests
security audits
ethical hacking
Question 4
In what ways do security teams bring value to an organization? Select two answers.
1 point
Increasing operational expenses
Achieving regulatory compliance
Reducing business productivity
Protecting against external and internal threats
Week 1 practice quiz
Test your knowledge: Core skills for cybersecurity professionals
Practice Quiz. • 8 min. • 4 total points available.4 total points
Question 1
Which of the following proficiencies are transferable skills, likely to be applicable in almost any field? Select three answers.
1 point
Programming
Problem-solving
Written and verbal communication
Analysis
Question 2
Which of the following proficiencies are technical skills that are needed to become an entry-level security analyst? Select two answers.
1 point
Collaboration
Regulation writing
Programming
Data analysis
Question 3
Fill in the blank: _____ identify, analyze, and preserve criminal evidence within networks, computers, and electronic devices.
1 point
Business intelligence professionals
Ethical hackers
Security operations center analysts
Digital forensic investigators
Question 4
What are examples of sensitive personally identifiable information (SPII) that cybersecurity professionals need to protect? Select two answers.
1 point
Medical records
Email addresses
Last names
Bank account numbers
Quiz 1
Graded Quiz. • 45 min. • 9 total points available.9 total points
Question 1
Fill in the blank: The purpose of _____ is to protect networks, devices, people, and data from unauthorized access or criminal exploitation.
1 point
cybersecurity
business continuity
planning
change-management
Question 2
What occurs during a security audit?
1 point
Review of an organization’s security records, activities, and other related documents
Prioritizing tasks, processes, and procedures
Ethical hacking of an organization's internal network to identify vulnerabilities
Analyzing the efficiency of an organization's internal network
Question 3
Someone outside of an organization attempts to gain access to its private information. What type of threat does this scenario describe?
1 point
Ethical
Internal
Accidental
External
Question 4
Fill in the blank: Identity theft is the act of stealing _____ to commit fraud while impersonating a victim.
1 point
business records
personal information
hardware
trade secrets
Question 5
What is regulatory compliance?
1 point
Threats and risks from employees and external vendors
Laws and guidelines that require implementation of security standards
Expenses and fines associated with vulnerabilities
Sites and services that require complex passwords to access
Question 6
Which of the following proficiencies are examples of technical skills? Select two answers.
1 point
Automating tasks with programming
Communicating with employees
Applying computer forensics
Prioritizing collaboration
Question 7
Fill in the blank: Security _____ and event management (SIEM) tools enable security professionals to identify and analyze threats, risks, and vulnerabilities.
1 point
identity
information
improvement
intelligence
Question 8
A security professional investigates an alert about an unknown user accessing a system within their organization. What is the purpose of computer forensics in this situation?
1 point
Establish new security frameworks, controls, and regulations for the business
Implement tools that help detect an incident
Identify, analyze, and preserve criminal evidence
Make upgrades to network security
Question 9
Which of the following statements accurately describe personally identifiable information (PII) and sensitive personally identifiable information (SPII)? Select all that apply.
1 point
The theft of SPII is often more damaging than the theft of PII.
SPII is a type of PII that falls under stricter handling guidelines.
An example of PII is someone’s email address.
An example of SPII is someone’s last name.
____________________________________________________________________________
Week 2
Week 2 Practice Quiz
Test your knowledge: The history of cybersecurity
Practice Quiz. • 8 min. • 4 total points available.4 total points
Question 1
Fill in the blank: A computer virus is malicious _____ that interferes with computer operations and causes damage.
1 point
formatting
sequencing
code
hardware
Question 2
What is one way that the Morris worm helped shape the security industry?
1 point
It made organizations more aware of the significant financial impact of security incidents.
It prevented the development of illegal copies of software.
It inspired threat actors to develop new types of social engineering attacks.
It led to the development of computer response teams.
Question 3
What were the key impacts of the Equifax breach? Select two answers.
1 point
Developers were able to track illegal copies of software and prevent pirated licenses.
Phishing became illegal due to significant public outcry.
The significant financial consequences of a breach became more apparent.
Millions of customers' PII was stolen.
Question 4
Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables.
1 point
True
False
Week 2 Practice Quiz
Test your knowledge: The eight CISSP security domains
Practice Quiz. • 8 min. • 4 total points available.4 total points
Question 1
Fill in the blank: Examples of security _____ include security and risk management and security architecture and engineering.
1 point
data
domains
assets
networks
Question 2
A security professional is responsible for ensuring that company servers are configured to securely store, maintain, and retain SPII. These responsibilities belong to what security domain?
1 point
Security and risk management
Software development security
Asset security
Communication and network security
Question 3
Your supervisor asks you to audit the human resources management system at your organization. The objective of your audit is to ensure the system is granting appropriate access permissions to current human resources administrators. Which security domain is this audit related to?
1 point
Software development security
Asset security
Security operations
Security assessment and testing
Question 4
You receive an alert that an unknown device has been connected to your company’s internal network. You follow company policies and procedures to stop the potential threat. Which security domain is this scenario related to?
1 point
Security operations
Software development security
Security architecture and engineering
Asset security
Week 2 Quiz
Weekly challenge 2
Graded Quiz. • 50 min. • 10 total points available.10 total points
Question 1
Which of the following threats are examples of malware? Select two answers.
1 point
Error messages
Viruses
Worms
Bugs
Question 2
What historical event resulted in one of the largest known thefts of sensitive data, including social security numbers and credit card numbers?
1 point
Equifax breach
Brain virus
Morris worm
LoveLetter attack
Question 3
Fill in the blank: Social engineering is a _____ that exploits human error to gain private information, access, or valuables.
1 point
type of malware
business breach
manipulation technique
replicating virus
Question 4
A security professional is asked to teach employees how to avoid inadvertently revealing sensitive data. What type of training should they conduct?
1 point
Training about network optimization
Training about security architecture
Training about business continuity
Training about social engineering
Question 5
A security professional is researching compliance and the law in order to define security goals. Which domain does this scenario describe?
1 point
Security and risk management
Security assessment and testing
Identity and access management
Security architecture and engineering
Question 6
Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?
1 point
Communication and network security
Identity and access management
Security and risk management
Security architecture and engineering
Question 7
Which domain involves securing digital and physical assets, as well as managing the storage, maintenance, retention, and destruction of data?
1 point
Security assessment and testing
Security operations
Communication and network security
Asset security
Question 8
Which of the following tasks may be part of the security assessment and testing domain? Select all that apply.
1 point
Collecting and analyzing data
Auditing user permissions
Conducting security audits
Securing physical networks and wireless communications
Question 9
A security professional is setting up access keycards for new employees. Which domain does this scenario describe?
1 point
Communication and network security
Security and risk management
Identity and access management
Security assessment and testing
Question 10
Which of the following tasks may be part of the security operations domain? Select all that apply.
1 point
Using coding practices to create secure applications
Implementing preventive measures
Investigating an unknown device that has connected to an internal network
Conducting investigations
______________________________________________________________________________
Week 3
Week 3 practice quiz
Test your knowledge: Frameworks and controls
Practice Quiz. • 8 min. • 4 total points available.4 total points
Question 1
Fill in the blank: A security _____ is a set of guidelines used for building plans to help mitigate risk and threats to data and privacy.
1 point
regulation
framework
control
lifecycle
Question 2
An organization requires its employees to complete a new data privacy training program each year to reduce the risk of a data breach. What is this training requirement an example of?
1 point
Personally identifiable information (PII)
Security control
Data confidentiality
Cybersecurity Framework (CSF)
Question 3
What is a foundational model that informs how organizations consider risk when setting up systems and security policies?
1 point
General Data Protection Regulation law (GDPR)
Sensitive personally identifiable information (SPII)
Confidentiality, integrity, and availability (CIA) triad
Cybersecurity Framework (CSF)
Question 4
Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk.
1 point
True
False
Week 3 practice quiz
Test your knowledge: Ethics in cybersecurity
Practice Quiz. • 8 min. • 4 total points available.4 total points
Question 1
An employee trained to handle PII and SPII leaves confidential patient information unlocked in a public area. Which ethical principles does this violate? Select all that apply.
1 point
Remaining unbiased
Confidentiality
Laws
Privacy protections
Question 2
Fill in the blank: Privacy protection means safeguarding _____ from unauthorized use.
1 point
business networks
personal information
documentation
compliance processes
Question 3
You receive a text message on your personal device from your manager stating that they cannot access the company’s secured online database. They’re updating the company’s monthly party schedule and need another employee’s birth date right away. Your organization’s policies and procedures state that employee information should never be accessed or shared through personal communication channels. What should you do?
1 point
Request identification from your manager to ensure the text message is authentic; then, provide the birth date.
Give your manager the employee's birth date; a party is a friendly gesture.
Ask your manager to provide proof of their inability to access the database.
Respectfully decline, then remind your manager of the organization's guidelines.
Question 4
You work for a U.S.-based utility company that suffers a data breach. Several hacktivist groups claim responsibility for the attack. However, there is no evidence to verify their claims. What is the most ethical way to respond to this incident?
1 point
Improve the company's defenses to help prevent future attacks.
Escalate the situation by involving other organizations that have been targeted.
Conduct cyberattacks against each hacktivist group that claimed responsibility.
Target a specific hacktivist group as a warning to the others.
Week 3 Quiz
Question 1
What are some of the primary purposes of security frameworks? Select three answers.
1 point
Protecting PII data
Safeguarding specific individuals
Managing organizational risks
Aligning security with business goals
Question 2
Which of the following are core components of security frameworks? Select two answers.
1 point
Establishing regulatory compliance measures
Implementing security processes
Monitoring personally identifiable information
Setting guidelines to achieve security goals
Question 3
Fill in the blank: A security professional implements encryption and multi-factor authentication (MFA) to better protect customers' private data. This is an example of using _____.
1 point
security teams
security controls
organizational upgrades
networking regulations
Question 4
You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on confidentiality, integrity, and what else?
1 point
Activity
Accuracy
Applications
Availability
Question 5
Fill in the blank: A key aspect of the CIA triad is ensuring that only _____ can access specific assets.
1 point
internet providers
business competitors
social media sites
authorized users
Question 6
Which of the following statements accurately describe the NIST CSF? Select all that apply.
1 point
Security teams use it as a baseline to manage risk.
It is only effective at managing short-term risk.
Its purpose is to help manage cybersecurity risk.
It is a voluntary framework.
Question 7
Fill in the blank: As a security professional, you monitor the potential threats associated with _____ because they often have access to sensitive information, know where to find it, and may have malicious intent.
1 point
governing agencies
external vendors
disgruntled employees
existing customers
Question 8
A security professional overhears two employees discussing an exciting new product that has not been announced to the public. The security professional chooses to follow company guidelines with regards to confidentiality and does not share the information about the new product with friends. Which concept does this scenario describe?
1 point
Data encryption
Preserving evidence
Security controls
Security ethics
Question 9
Fill in the blank: The ethical principle of _____ involves safeguarding an organization’s human resources records that contain personal details about employees.
1 point
non-bias
unlimited access
privacy protection
honesty
Question 10
You are a security professional working for a state motor vehicle agency that stores drivers' national identification numbers and banking information. Which ethical principle involves adhering to rules that are intended to protect these types of data?
1 point
Investigations
Laws
Guidelines
Restrictions
______________________________________________________________________________
Week 4
Week 4 practice quiz
Test your knowledge: Important cybersecurity tools
Practice Quiz. • 8 min. • 4 total points available.4 total points
Question 1
What tool is designed to capture and analyze data traffic within a network?
1 point
network protocol analyzer (packet sniffer)
Structured Query Language (SQL)
playbook
security information and event management (SIEM)
Question 2
What type of tool uses dashboards to organize data into categories and allows analysts to identify potential security incidents as they happen?
1 point
network protocol analyzers (packet sniffers)
SIEM
Python
Linux
Question 3
What can cybersecurity professionals use logs for?
1 point
To identify vulnerabilities and potential security breaches
To research and optimize processing capabilities within a network
To analyze data traffic within a network
To select which security team members will respond to an incident
Question 4
Fill in the blank: A _____ is a manual that provides details about operational actions.
1 point
directory
case history
checklist
Playbook
Week 4 practice quiz
Test your knowledge: Core cybersecurity knowledge and skills
Practice Quiz. • 8 min. • 4 total points available.4 total points
Question 1
What do security professionals use to interact with and request information from a database?
1 point
Python
Confidentiality, integrity, availability (CIA) triad
Linux
Structured Query Language (SQL)
Question 2
What is programming typically used for? Select two answers.
1 point
Enable open-source operations
Create a specific set of instructions for a computer to execute tasks
Complete repetitive tasks and processes
Record events that occur within an organization’s systems
Question 3
Fill in the blank: Linux is an open-source _____ that can be used to examine logs.
1 point
programming language
algorithm
database
operating system
Question 4
A playbook is a manual that only provides details about how to respond to an incident.
1 point
True
False
No comments:
Post a Comment