Imagine that you’re helping your company develop new cybersecurity policies and procedures. In a meeting, you summarize famous cybersecurity case studies to demonstrate the need for various types of policies. One case study you summarize is the 2022 Cash App breach examined in this course.

What lesson should you highlight from this breach?

A retail company hosts its own website and handles a significant volume of email traffic. The company is trying to protect internal sensitive data.

What setup would continue to provide website and email access without compromising the security of their internal network?

Imagine that you’re a cybersecurity consultant hired by a local government organization. Script kiddies have targeted the organization recently, and the organization wants to safeguard itself for future attacks from this group.

What should you recommend that the organization do to protect itself from script kiddies?

Imagine that ransomware infects your company’s servers.

What would the attacker likely demand for the restoration of your files?

Anders leads the cybersecurity team for SecureNest Investments, a prominent national financial institution. He learns through threat intelligence that a hacktivist group might attack his organization in response to the CEO’s alleged support for a controversial political candidate. He plans to discuss the situation with company leadership and detail his plan for combatting this threat.

What is the most appropriate strategy for Anders to outline in his plan?

Olimpia is a cybersecurity analyst at a medium-sized healthcare facility. She’s interested in using artificial intelligence (AI) to enhance her organization’s attack detection and defense. To bring AI to her workplace, first, she must discuss the technology’s benefits with her supervisor and explain how she would use it.

What is one way that Olimpia can use an AI system to improve attack detection at her organization?

DataVista Technologies, a tech startup, has just experienced a malware attack that resulted in a data breach. The company hires Mustafa, a cybersecurity consultant, to investigate the attack and help prevent future ones like it. Mustafa decides to apply the Cyber Kill framework to better understand the attack and explain it to his client. He identifies events in the attack that correspond to the framework. The attacker probed the DataVista Technologies servers for vulnerabilities, chose the malware for the attack, and then sent the malware to some employees through email. In the fourth step of the Cyber Kill framework, the malware was activated.

Which of the following events in the attack corresponds to the Cyber Kill framework’s fourth step, exploitation?

Rafael is a cybersecurity consultant. His client is a new startup company. He recommends that they set up multiple technical controls to protect systems and sensitive data. 

 Which of the following controls relates to the technology element of cybersecurity? 

Sabine is an aspiring investigative journalist planning to publish a blog post examining a local politician. To aid her research, she plans to use an analyst tool that searches for links between the data sets that she compiles.

Which guideline for gathering open-source information will help Sabine’s analyst tool perform better?

One rigorously debated topic in cybersecurity ethics is the concept of active defense. 

What is the ethical debate surrounding active defense in cybersecurity?