Cybersecurity Leadership
How does Zero Trust influence leadership decisions in cybersecurity?
Never Trust, Always Verify
What are the three primary types of security controls?
Preventative, Detective, and Corrective
Why is patch management critical in cybersecurity?
It mitigates vulnerabilities, preventing exploitation by attackers.
What are the four phases of Incident Response?
Preparation, Detection & Analysis, Containment & Eradication, Recovery & Lessons Learned
What is the role on an Intrusion Detection System (IDS)?
Monitors network traffic for suspicious activity and alerts security teams.
What is the role of a CISO in an organization?
Oversees cybersecurity strategy, manages risk, and ensures security compliance.
What is an example of a technical security control?
Firewalls, encryption, access control lists (ACLs)
What is the difference between hotfixes, patches, and updates?
Hotfix: urgent fix for a specific issue
Patch: fixes security vulnerabilities
Update: improves functionality and security
A company detects unauthorized access to a sensitive database. What immediate action should be taken?
Isolate affected systems, revoke unauthorized access, and begin forensic analysis
What is the Cyber Kill Chain, and why is it useful?
A framework describing stages of a cyberattack, helping analysts detect and disrupt malicious activity.
A new CEO ignores security recommendations. How can cybersecurity leadership influence them?
Use risk assessments and ROI metrics to demonstrate the business impact of security policies.
A company wants to secure access to sensitive systems but allow flexibility for remote employees what control type is most effective?
Adaptive authentication or multi-factor authentication (MFA)
A recent patch caused system instability. What should be done?
Roll back the patch and investigate compatibility issues before reapplying
What is the difference between qualitative and quantitative risk analysis?
Quantitative: uses measurable data to calculate risk probability
An employee reports their system behaving strangely. How should cybersecurity professionals investigate?
Check system logs, scan for malware, analyze recent updates, and validate user activities.
What is the purpose of a security awareness training program?
Educates employees on cybersecurity risks and best practices to reduce human erros.
How does a compensating control work in cybersecurity?
Provides an alternative security measure when primary controls are insufficient or impractical
What is the role of a patch management policy?
Defines procedures for evaluating, testing, and deploying security patches across an organization.
Ensures rapid recovery and minimal impact after a cyber event, maintaining critical operations
How does endpoint detection and response (EDR) enhance security?
A company is expanding to multiple locations. What governance framework should they implement to maintain consistent security practices?
NIST Cybersecurity Framework or ISO 27001 for global standardization.
Employees frequently bypass access restrictions by sharing credentials. What control method should be enforced?
Implement unique user accounts with role based access control (RBAC) and enforce password policies
A company delays patching critical systems due to operational concerns. What risk does this pose?
Increased likelihood of exploit due to known invulnerabilities.
A cybersecurity incident is causing system downtime, but leadership refuses to acknowledge the severity. How should analysts handle the situation?
Provide metrics on downtime cost, reputation damage, and regulatory consequences to push for action
A network administrator notices a spike in outgoing traffic from a server. What could this indicate?
Possible data exfiltration due to malware or a compromised system