What is the primary goal of cybersecurity?
Protecting Internet-connected networks, devices, or data from attacks.
Cybersecurity aims to prevent unauthorized access, changes, or destruction of data and to ensure normal business operations are not interrupted.
What is a Denial of Service (DOS) attack?
An attack where a website or server is accessed so frequently that legitimate users cannot connect to it.
Distributed Denial of Service (DDOS) attacks use multiple systems in multiple locations to attack one site or server to make stopping or blocking the attack difficult.
What are the two main types of access controls for cybersecurity?
- Logical access controls
- Physical access controls
Logical access controls focus on data access, and physical access controls secure equipment and premises.
What is two-factor authentication as a cybersecurity measure?
It requires two independent, simultaneous actions before access to a system is granted.
What is the purpose of encryption in cybersecurity?
To protect both stored data and data that could be intercepted during transmission.
If a hacker gains access to encrypted files, they cannot read the information.
What is a buffer overflow attack?
An attack designed to send too much data to the buffer in a computer’s memory, causing it to crash, permitting the attacker to run malicious code, or even allowing for a complete takeover of the system.
Buffer overflow attacks can be easily prevented by the software programs adequately checking the amount of data received. This common preventative measure should be included during software development.
What is a logic bomb?
A sequence of code that executes a malicious task when triggered by a specific event.
Logic bombs are commonly used by insider threats and are not designed to propagate themselves like viruses.
What is phishing?
A high-tech scam using spam email to deceive people into disclosing sensitive personal information.
Phishing often involves emails that appear to come from trusted sources, and awareness is the best defense.
What is a zero-day exploit?
An attack that takes advantage of existing, previously undiscovered software vulnerabilities.
The best defenses against zero-day exploits are to ensure that all security updates are applied as soon as they are released and to have an incident response plan in the event of a zero-day attack.
Zero-day exploits can be used on a wide scale until the vulnerability is publicly discovered and fixed.
What is the role of ethical hackers?
To attempt to attack a secured system with the company’s permission to find vulnerabilities.
Ethical hackers report vulnerabilities to the owner or manager so they can be remedied.
What is ransomware?
Malware that encrypts data on a system and requires a specific key to decrypt it. Only the attacker knows the key and demands a ransom for the key, usually in cryptocurrency.
Ransomware is typically installed through malicious attachments or downloads appearing to come from trusted sources.
What is the function of advanced firewalls, and how do they differ from traditional firewalls?
Traditional firewalls filter packets carrying data by permitting or denying access based on the information in the packet header about the source and the destination internet Protocol (IP) addresses, protocols, and ports.
Advanced firewalls can filter packets based on applications and can distinguish between safe applications and unwanted applications because they base their detection on packet contents rather than on information in packet headers.
Advanced firewalls, or Next Generation Firewalls (NGFW), can block malware from entering a network.
What are some examples of physical access controls?
- Walls and fences
- Locked gates and doors
- Manned guard posts
- Monitored security cameras
Physical access controls aim to reduce or eliminate the risk of harm to employees and loss of organizational assets.
What is social engineering in the context of cybersecurity?
A tactic where an individual poses as a trustworthy coworker to obtain passwords or other confidential information.
Social engineering exploits human psychology to gain unauthorized access to systems or data.
What is the purpose of vulnerability testing?
To scan networks, systems, and applications to find security flaws.
Vulnerability testing is a proactive measure to identify potential security weaknesses before they can be exploited.
What is a significant limitation of card access systems?
A lost or stolen card can be used by anyone until it is deactivated.
Card access systems provide an audit trail but are vulnerable to unauthorized use if the card is not promptly deactivated if lost or stolen.
How are biometric access systems used?
Biometric access systems use physical characteristics such as blood vessel patterns on the retina, handprints, or voice authentication to authorize access.
Biometric access systems are used as both physical access controls and as logical access controls.
Why are biometric access systems usually combined with other access controls?
No single system is completely error-free.
Combining biometric systems with other access controls helps to enhance security by compensating for potential errors in biometric recognition.
How can controls limit what activities can be performed remotely?
Certain activities can be restricted to specific physical locations, such as limiting changes to employee pay rates to computers in the payroll department.
This method prevents unauthorized remote access even if credentials are compromised.
-
A.1. Financial Statements and Reporting Basics84
-
A.1. Integrated and External Reporting20
-
A.2. Receivables and Inventory83
-
A.2. Investments and Consolidations45
-
A.2. Fixed and Intangible Assets34
-
A.2. Liabilities and Equity Transactions78
-
A.2. Revenue Recognition and Long-Term Contracts38
-
A.2. GAAP vs IFRS and Income Measurement14
-
B.1. Strategic Planning76
-
B.2. Budgeting Concepts and Standard Setting49
-
B.3. Forecasting and Probability45
-
B.4. Budget Methodologies26
-
B.5. Profit Planning and Budget Schedules35
-
B.5. Cost Estimation and Budget Reporting16
-
B.5. Top-Level Planning8
-
C.1. Cost and Variance Measures129
-
C.2. Responsibility Centers and Transfer Pricing37
-
C.3. Performance Metrics42
-
D.1. Cost Classifications and Costing Methods56
-
D.1. Joint and Byproduct Costing28
-
D.2. Costing Systems: Process, Job-Order, and Life-Cycle23
-
D.3. Overhead and Cost Allocation89
-
D.4. Supply Chain and Lean Management39
-
D.5. Business Process Improvement and Quality45
-
E.1. Corporate Governance and Internal Control Framework72
-
E.1. Transaction and Safeguarding Controls37
-
E.1. External Audit and Reporting25
-
E.2. System and Application Controls63
-
E.2. Cybersecurity and Continuity Planning36
-
F.1. Information Systems and Transaction Cycles40
-
F.1. Databases and ERP Systems27
-
F.2. Data Governance and Management14
-
F.2. Cybersecurity: Threats and Defenses19
-
F.3. Tech-Enabled Finance Transformation10
-
F.3. Emerging Tech: AI, Cloud, Blockchain56
-
F.4. Data Analytics and Business Intelligence35
-
F.4. Analytical Models and Simulation45
-
F.4. Data Visualization26
