Cybersecurity Fundamentals and Practices Study Guide

Questions
1. What is the primary benefit of implementing Multi-Factor Authentication (MFA)
according to the sources?
2. List two examples of Endpoint Protection tools mentioned in the sources.
3. Explain the concept of "Shadow IT" and why employees should avoid it.
4. What is the "3-2-1 backup rule" and why is it important in the context of ransomware
defense?
5. Identify two types of biometric authentication technologies discussed in the sources.
6. According to the "Rules for AI Tools.pdf" source, what is a key privacy risk associated
with AI tools?
7. What is the main advantage of using passkeys over traditional passwords?
8. Explain the purpose of DNS filtering as a secure browsing practice.
9. What role does a Security Information and Event Management (SIEM) platform play in
cybersecurity monitoring?
10. Briefly describe the "Grandma's Rule" concept as applied to online safety for families.
Answers
1. MFA significantly increases security by requiring more than one form of verification,
stopping 99.9% of automated attacks. It acts as a double defense against unauthorized
access.
2. Examples include CrowdStrike Falcon, Microsoft Defender, SentinelOne, and Tanium.
3. Shadow IT refers to the use of unauthorized software and devices within a company.
Employees should avoid it because it creates unmonitored risks and security
vulnerabilities for the organization.
4. The 3-2-1 backup rule suggests having at least three copies of your data, stored on two
different types of media, with one copy stored offsite or offline. This is important for
ransomware defense as it ensures you can recover your data even if your primary
systems are encrypted.
5. Biometric authentication technologies discussed include Facial Recognition, Fingerprint
Scanners, Iris Scans, and Voice Recognition.
 6. A key privacy risk is the potential for AI tools to access sensitive data, such as
screenshots and personally identifiable information, leading to potential data leaks.
7. The main advantage of using passkeys is that they are phishing-resistant and do not
require memorization, addressing major weaknesses of traditional passwords. They use
standards like FIDO for secure device and biometric authentication.
8. DNS filtering with tools like Cloudflare Gateway guards against malicious domains by
preventing connections to known harmful websites, thus enhancing secure browsing.
9. A SIEM platform like Splunk or Microsoft Sentinel analyzes security logs and events from
across an enterprise. Its purpose is to provide early detection of potential security
threats and incidents.
10. Grandma's Rule in online safety encourages users to think about whether they would be
comfortable sharing specific information or actions with their grandmother. It acts as a
simple guideline for acceptable online behavior, particularly regarding direct messages
and sharing content.
Essay Format Questions
1. Analyze the concept of Zero Trust Architecture as presented in the sources. Discuss its
key principles and how different tools and practices contribute to implementing a Zero
Trust model across endpoint, network, and access management layers.
2. Evaluate the evolving landscape of authentication methods, contrasting traditional
passwords with modern approaches like MFA, password less authentication (Passkeys),
and biometrics. Discuss the advantages and disadvantages of each, drawing on
information from the sources.
3. Discuss the significant cybersecurity risks associated with Artificial Intelligence (AI) tools,
based on the information provided. Propose a comprehensive governance framework
for AI tools within an organization, integrating the recommended rules and security
measures from the sources.
4. Examine the various threats employees face in the digital workplace, including phishing,
social engineering, and the risks associated with Shadow IT and public Wi-Fi. Propose a
multi-faceted approach to employee cybersecurity training and awareness, incorporating
the best practices and recommended techniques from the sources.
5. Compare and contrast the cybersecurity considerations for personal online safety versus
corporate cybersecurity settings. Discuss how individual best practices align with or
differ from company policies and regulations, and explain the importance of aligning
personal habits with corporate guidelines to mitigate overall risk.
Glossary of Key Terms
• AI (Artificial Intelligence): The simulation of human intelligence processes by machines,
especially computer systems, used in cybersecurity for tasks like threat detection,
response automation, and monitoring.
• Biometrics: Authentication methods that verify identity based on unique biological or
behavioral characteristics, such as fingerprints, facial features, or voice patterns.
• Browser Isolation: A security technique that isolates web browsing sessions in a
separate environment to prevent malware downloads and protect the user's device from
web-based threats.
• Cloud Jacking: A type of cyberattack where an attacker gains unauthorized access to a
cloud account or service, often through misconfigurations or compromised credentials.
• DevSecOps: A practice that integrates security activities throughout the software
development lifecycle, emphasizing collaboration between development, security, and
operations teams.
• DNS Filtering: Blocking access to known malicious or inappropriate websites by
preventing the resolution of their domain names through the Domain Name System
(DNS).
• Endpoint Protection: Security measures and tools designed to protect individual devices
(endpoints) such as laptops, desktops, and mobile phones from cyber threats.
• Encryption: The process of converting data into a code to prevent unauthorized access.
Data can be encrypted at rest (stored) or in transit (being transmitted).
• FIDO2: A set of open standards enabling passwordless authentication using
cryptographic keys, often combined with biometrics or hardware tokens.
• Full-Disk Encryption: Encrypting all data stored on a computer's hard drive, making it
unreadable without the correct decryption key.
• Incident Response Plan: A documented set of procedures to follow when a security
incident occurs, outlining steps for detection, containment, eradication, and recovery.
• IDS/IPS (Intrusion Detection System/Intrusion Prevention System): Security tools that
monitor network or system activities for malicious behavior and can either alert on or
block suspicious traffic.
• IoT (Internet of Things): The network of physical objects—"things"—embedded with
sensors, software, and other technologies for the purpose of connecting and exchanging
data with other devices and systems over the internet.
• MFA (Multi-Factor Authentication): A security process where a user provides two or
more verification factors to gain access to a resource, such as a password (something
you know), a phone (something you have), and a fingerprint (something you are).
• Micro-segmentation: Dividing a network into smaller, isolated segments to restrict the
lateral movement of attackers and limit the blast radius of a breach.
• NGFW (Next-Generation Firewall): Advanced firewalls that combine traditional firewall
functions with additional security features like intrusion prevention, application control,
and threat intelligence.
• NIST CSF (National Institute of Standards and Technology Cybersecurity Framework): A
voluntary framework that provides a structured approach for organizations to manage
and reduce cybersecurity risk.
• OSINT (Open-Source Intelligence): Information gathered from publicly available sources,
used in cybersecurity to gain context about threats, vulnerabilities, and potential targets.
• OT (Operational Technology): Hardware and software used to monitor and control
physical processes, devices, and infrastructure, common in industrial settings.
• Passkeys: A modern, phishing-resistant alternative to passwords that uses cryptographic
keys stored on a user's device for authentication.
• Passwordless Authentication: Authentication methods that do not rely on traditional
passwords, often using biometrics, hardware tokens, or cryptographic keys.
• Phishing: A type of social engineering attack where attackers attempt to trick individuals
into revealing sensitive information or performing harmful actions, often through
deceptive emails or websites.
• PoLP (Principle of Least Privilege): A security principle where users are granted only the
minimum level of access or permissions necessary to perform their required tasks.
• QR Code Phishing (Quishing): A phishing attack that uses malicious QR codes to direct
users to fake websites or download malware, often targeting mobile users.
• Ransomware: A type of malware that encrypts a victim's data and demands a ransom
payment for the decryption key.
• SBOM (Software Bill of Materials): A formal list of ingredients that make up a software
application, including libraries, modules, and dependencies, used for supply chain risk
management.
• Shadow IT: The use of IT systems, devices, software, applications, and services without
explicit IT department approval.
• SIEM (Security Information and Event Management): A security solution that collects
and analyzes security logs and event data from various sources across an organization's
IT infrastructure to provide real-time monitoring and incident detection.
• Social Engineering: Psychological manipulation of people into performing actions or
divulging confidential information.
• SOAR (Security Orchestration, Automation, and Response): Security platforms that help
organizations automate and orchestrate security workflows and incident response
processes.
• Supply Chain Risk Management: The process of identifying, assessing, and mitigating
risks associated with the third-party vendors and components used in an organization's
products or services.
• Threat Intelligence: Information about potential or current threats that can be used to
anticipate and prevent cyberattacks.
• VPN (Virtual Private Network): A technology that creates a secure, encrypted
connection over a less secure network, such as the internet, often used for remote work.
• WebAuthn: A web standard that enables strong, passwordless authentication using
public-key cryptography, part of the FIDO2 specification.
• Zero Trust Architecture: A security model that assumes no user or device can be trusted
by default, requiring strict verification for all access requests regardless of location.
• ZTNA (Zero Trust Network Access): A security model that replaces traditional VPNs,
providing secure access to applications based on identity and context, without placing
the user directly on the network.