Cybersecurity Fundamentals Quiz

Data encryption is the process of converting data into a physical form. It is important in cybersecurity to make data more accessible.

Data encryption is the process of sharing data with unauthorized users. It is important in cybersecurity to increase collaboration.

Data encryption is the process of converting data into a code to prevent unauthorized access. It is important in cybersecurity to protect sensitive information from being accessed by hackers or unauthorized users.

Data encryption is the process of deleting data from a system. It is important in cybersecurity to reduce storage space.

Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses a pair of public and private keys for encryption and decryption.

Symmetric encryption uses a pair of public and private keys for encryption and decryption.

Asymmetric encryption uses the same key for both encryption and decryption.

Symmetric encryption is more secure than asymmetric encryption.

Click on any link in an email without verifying its legitimacy

Be cautious of unsolicited emails, avoid clicking on suspicious links, and verify the legitimacy of requests for personal information.

Always respond to emails requesting personal information

Ignore any suspicious emails and click on all links

An example of a real-life phishing attack is when employees of a company receive an email that appears to be from their CEO requesting them to transfer funds to a specific account. The impact of this phishing attack could result in financial loss for the company and damage to its reputation.

A real-life example of a phishing attack is when a person receives an email claiming they've won a lottery and need to provide personal information to claim the prize. The impact of this phishing attack could result in financial gain for the individual.

A real-life example of a phishing attack is when a company's employees receive an email from their IT department asking for their login credentials. The impact of this phishing attack could result in improved cybersecurity for the company.

A real-life example of a phishing attack is when a student receives an email from their professor asking for their social security number. The impact of this phishing attack could result in improved communication between the student and professor.

Never updating software or systems

Sharing passwords with colleagues and friends

Using strong, unique passwords, enabling two-factor authentication, keeping software and systems updated, being cautious of phishing attempts, and regularly backing up data.

Clicking on any link or attachment in emails without verifying the source

Giving unrestricted access to all resources

Limiting access rights to only senior employees

Allowing access to unnecessary resources

Limiting access rights to only necessary resources

Governance in cybersecurity is only important for large organizations, but small businesses can ignore it completely.

Governance in cybersecurity involves establishing policies, procedures, and controls to ensure that the organization's information assets are protected. It is important because it helps in managing risks, ensuring compliance with regulations, and aligning cybersecurity efforts with business goals.

Governance in cybersecurity involves creating unnecessary bureaucracy and slowing down the organization's operations. It is not important at all.

The role of governance in cybersecurity is to limit the organization's ability to innovate and adapt to new technologies. It is not important because it hinders progress.

Compliance with cybersecurity standards is not important in an organization

Cyber attacks are not a real threat to organizations

Trust is not affected by cybersecurity compliance

Compliance with cybersecurity standards helps protect sensitive data, prevent cyber attacks, and maintain trust.

ISO/IEC 27001, NIST Cybersecurity Framework, CIS Controls, PCI DSS

OSHA, EPA, FDA

HIPAA, FERPA, GDPR

FBI, CIA, NSA

Defense-in-depth is a cybersecurity strategy that uses multiple layers of security controls to protect against potential threats. It is significant in cybersecurity because it provides redundancy and ensures that if one layer is breached, there are additional layers to prevent further access.

Defense-in-depth is a cybersecurity strategy that only uses one layer of security controls.

Defense-in-depth is not significant in cybersecurity because it is too complex to implement.

Defense-in-depth is a cybersecurity strategy that focuses on protecting physical assets rather than digital ones.