Austin Ward
Assessment 2 Study Guide
LINK TO ASSESSMENT 1 STUDY GUIDE HERE:
https://docs.google.com/document/d/1nzPZvMvKoq5Bmk5pcMv-UbB0OX7xKToJ/edit?usp=
sharing&ouid=102043581923753801596&rtpof=true&sd=true
From the first study guide, you’ll need to know:
- Computer Hardware
- Emerging Technology
- Primary and Foreign Keys
- Source Documents
- Big Data
- Database Design
- Attributes
Question 3: What are the risks associated with data management and how does that impact my
organization?
Found in: Week 7 Asynch. Content
● What is cybersecurity?
- The application of technologies, processes, and controls to reduce the risk of
cyber-attacks.
- Aims to protect the systems, networks, programs, and data from unauthorized
exploitation.
- Phishing is an example of a social engineering attack.
- Cyber risk strategies are intended to:
1. Reduce the risk of attacks.
2. Limit financial and operational effects.
- Everybody needs cybersecurity, even regular people, because most cybersecurity
attacks are automated and aim to exploit common vulnerabilities rather than specific
websites or organizations.
- Some common cyber threats include:
1. Malware (Covered further down)
2. Ransomware (Covered further down)
3. Botnet (A network of private computers infected with malicious software and
controlled as a group without the owners’ knowledge to send spam messages)
4. RATs (Remote Access Trojans) (Malware designed to allow an attacker to
remotely control an infected computer)
5. Trojans (Covered further down)
6. Rootkits (A set of software tools that enable an unauthorized user to gain control
of a computer system without being detected)
7. Bootkits (Modifies the startup code of the PC/runs when the computer boots up).
8. Spyware (Covered further down)
9. Virus (Covered further down)
Page 1
Austin Ward
-
-
-
-
-
-
-
10. Worms (Covered further down)
DDoS stands for Distributed Denial-of-Service Attack and is covered further down.
The internet is insecure because it was not designed to be as big as it is today.
Vulnerable system examples include:
1. Networks.
2. Devices.
3. Applications.
4. Data Centers.
An effective cybersecurity approach should be dynamic and adaptive, and include
people, processes, and technology that complement each other.
The videos define/explain the three inclusions as:
1. People: End-users and cybersecurity professionals. End-users are regular people
that use devices. They need to understand security practices like backing up data
and learn about emerging threats. Cybersecurity professionals can include a chief
information security officer, security engineers, security architects, and security
analysts. Help people learn and respond to threats.
2. Processes: Help people know how to respond to or prevent a threat. Outlined in a
business continuity or a disaster recovery framework. Should explain how threats
are detected, removed, and protected.
3. Technology: Helps processes work together. Some examples of tools to carry out
cybersecurity are firewalls, anti-malware/anti-virus software, DNS filters, and
intrusion detection systems.
With the growth of the internet of things and the idea of a connected world,
organizations need to take precautions when safeguarding:
1. Personal information
2. Intellectual information
3. Sensitive information
What are two ways to start building a cyber defense strategy?
1. Staying informed about threat intelligence
2. Being cautious about internet activity
Laws like GDPR and DPA 2018 make organizations face significant fines for
cybersecurity breaches, but other non-monetary costs are to be considered as well,
like reputational damage.
Attackers are learning to use an expanding variety of tactics like phishing (and other
social engineering tactics) and malware (like ransomware).
Common types of cyber threats include data breaches, identity theft, malware,
ransomware, phishing attacks, and social engineering.
New regulations and reporting requirements make cybersecurity risk oversight a
challenge. Boards need reassurance from management that their risk strategies will
reduce the risk of attacks.
Includes areas such as application security, network security, cloud security, data loss
prevention, identity and access information, mobile security, and endpoint security.
Approaches should be dynamic and adaptive to combat attacks.
Page 2
Austin Ward
-
Some examples of policies all end-users should follow are password strength rules
(having a capital letter, 8-character passwords, a special character, etc.) and
mandatory system updates (Windows updating automatically).
● What are Nick Espinosa’s five “laws” of cybersecurity?
1. If there is a vulnerability, it will be exploited. No exceptions.
2. Everything is vulnerable in some way.
3. Humans trust even when they shouldn’t.
4. With innovation comes opportunity for exploitation.
5. When in doubt, see law #1.
● What are 10 different types of cyber attacks we should watch out for in 2023?
1. Malware Attack. Refers to malicious software. Can enter a computer when a person
clicks on a suspicious link, opens a malicious email attachment, or uses a
contaminated USB drive.
2. Phishing Attack. A form of social engineering. The attacker poses as a reliable
contact and sends the victim phony emails (e.g. “I am a Nigerian prince and you are
my only family, click on this link and I will put millions in your account). Victim
opens an attachment or clicks on a malicious link, giving attackers access to
confidential information and log-in credentials.
3. Password Attack. Involves the use of software and password-cracking techniques to
decode your passwords. Can take different forms including password cracking
(figuring out what the password is), brute force (trying every possible password until
one works), and keylogger attacks (software is secretly put on your system to track
your keyboard clicks).
4. Man-in-the-Middle Attack (MITM). Also called eavesdropping attacks. The attacker
interferes with two-party communication to hijack the connection between a client
and host. The client-server communication is cut off, and now the hacker is the only
path for communication.
5. Structures Query Language (SQL) Injection Attack. Happens when a hacker alters a
standard SQL query on a database-driven website. It is spread by injecting malicious
code into a search box of a weak website, which compels the server to provide
sensitive data.
6. Distributed Denial-of-Service (DDoS) Attack. Hackers exploit systems, servers, or
networks by overloading them with traffic (how much data is going in or out) to
saturate their bandwidth and deplete their resources. The servers get overloaded with
fulfilling incoming requests, which leads the hosted website to stop working or
function slowly. An example would be a hacker sending millions of requests to
Microsoft’s Xbox servers to overload them and let nobody else log on.
7. Insider Threat. Someone on the inside is the hazard, like a company employee who is
knowledgeable about the processes of the company and has access to data. Can be
caused by greed, malice, or ignorance.
Page 3
Austin Ward
8. Cryptojacking. Hackers get access to another person’s computer to mine
cryptocurrencies. They infect a website or trick the user into clicking a malicious link.
Most of the time the person infected will have no idea it is going on in the
background unless their computer starts getting slow.
9. Zero-Day Exploit. After a network vulnerability is disclosed, a zero-day exploit
occurs. In most circumstances, there is no fix for the issue. The supplier informs
customers of the problem as a result, but the information also reaches the attackers.
The developer may need any length of time to address the problem. (A Zero-Day
Vulnerability is when it is discovered by hackers before the vendor has become aware
of it and because they are unaware, the attacks are more successful. A Zero-Day
Exploit is the method the hackers use. A Zero-Day Attack is the use of the exploit to
cause damage or steal data).
10. Watering Hole Attack. The hacker chooses a certain group within a company or
community. The hacker chooses websites the targeted group often visits. The
attackers infect the sites with malware which in turn affects the victims’ machines.
● How can malware make entries on your computer?
- Questionable file downloads
- Visiting infected websites
- Emails with seemingly benign links or attachments
● What are the different types of malware attacks?
- Viruses: Attached to an executable file (like a program you download) which means
the virus may exist on the system but will not spread until the user opens the infected
program. Requires spread of a host file.
- Worms: Can replicate themselves and infect multiple computers on a network.
- Trojans: Poses as trustworthy software so you will install it. Looks legitimate and
users are tricked into installing it on their system. Look to find personal and financial
information. It is standalone software, does not require a host or human help.
- Spyware: Secretly takes all your private information. Logs keystrokes to take
passwords.
- Ransomware: Shuts down access to the network’s essential parts until a ransom is
paid. Holds the PC hostage and asks for money. Can say things like “Your files will
be deleted in 24 hours unless you send us Bitcoin”.
- Adware: Displays banner advertising and other commercial content on a user’s
screen.
● What is social engineering in relation to cybersecurity?
- Also known as human hacking. Takes advantage of human behaviors and natural
tendencies. Exploits human psychology to manipulate people into making security
mistakes and giving away confidential information. Tricks the user into doing
something they did not know.
- Requires extensive research and steps.
Page 4
Austin Ward
-
-
-
Can be conducted anywhere where human interaction is involved.This includes both
online and offline interactions.
Steps are:
1. Identify the victims and do background research.
2. Engage with the target using a fake story.
3. Execute the attack using the information gained from the victim.
4. Remove the traces of the attack.
Types are:
1. Phishing. Most common type. Tricks victims by attackers giving a sense of
urgency, curiosity, or fear. Conducted through emails or text messages or catchy
pop-ups.
2. Spear Phishing. More specific version of phishing. Designated attack on a person
that possesses critical information, like targeting someone you know who has
access to data within a company.
3. Baiting. Provides a fake offer to take advantage of greed or curiosity. For
example, a website may offer you a “Free $1000 Amazon gift card for you being
a giveaway winner if you click here.”
4. Scareware. Has no real benefit to users. Tricks user into downloading software by
creating a sense of fear, like a website giving a pop-up that says “We have
detected your computer is infected. Click here for our virus removal tool.”
5. Pretexting. Intruders impersonate a bank official, police officer, or other authority
by making a sense of trust and gathering information.
Prof. Perez already gave us the answers for the questions he said he was going to put
onto the exam about this topic on this Canvas page.
Prevention Tactics:
1. Avoid email attachments before scanning with antivirus.
2. Avoid sharing personal info.
3. Be careful of tempting offers.
4. Use two-factor authentication.
5. Install antivirus.
● What are the top 10 cyber-attacks in the world?
1. Estonia. In 2007, the Estonian government decided to move the Bronze Soldier statue
from Tallinn’s center to a less prominent military cemetery in city outskirts.
Unprecedented levels of internet traffic took down Estonian banks’ online services,
media outlets, broadcasters, and government bodies. Botnets sent mass amounts of
spam and vast amounts of automated online requests (the previously mentioned
DDoS attacks). Russia is believed to be behind these tasks.
2. Ukraine Power Grid. In 2015, several parts of Ukraine had a power outage due to a
cyber-attack. Information systems of 3 energy distribution companies in Ukraine were
compromised. First victorious attack on a power grid. Was started by a phishing
email. Around 230,000 people were left in the dark from 1 to 6 hours. Russia-based
hackers were responsible for this.
Page 5
Austin Ward
3. NASA. In 1999, a cyber attack caused a 21-day shutdown of NASA computers. The
hacker was a 15-year-old. He penetrated a US Dept of Defense division’s computers
and installed a backdoor (a covert method of bypassing normal authentication so they
can log in later whenever they want) and intercepted government emails. Some of
these emails contained usernames and passwords. Helped the kid steal a piece of
NASA software and crack the computers that support the international space station,
which cost the group $41,000. First person to carry out a hack against the American
space agency.
4. Sony Pictures. In late 2014, there was a leak of confidential data from the film studio
Sony Pictures. Information about Sony employees, their emails, copies of unreleased
Sony films, future propositions, and other crucial data were leaked. It was carried out
by a hacker group named Guardians of Peace. Their goal was that Sony withdraw its
then-upcoming comedy film “The Interview” about North Korean leader Kim Jong
Un, which prompted the company to pull it from theaters due to threats. The US
intelligence officials arrived at the theory that the attack was in a way related to the
government of North Korea.
5. TJX. In 2006, TJX, the retailer company (T.J. Maxx, Marshalls, HomeGoods,
HomeSense) identified that 45.6 million debit and credit card details were stolen from
one of its systems. Happened over 18 months by an unknown amount of intruders.
One of the first largest ever cyber attacks involving the loss of personal data. Banks
had to reissue and block thousands of transactions. The group was found, and they
were from Miami. Occurred because of weak encryption at two of its Marshalls stores
in Miami.
6. Stuxnet. In 2010, a deadly computer worm had an unusual goal of aiming at
destroying the equipment the computers controlled. Had the purpose of damaging
Iran’s nuclear infrastructure. Infected more than 200K computers including 14
industrial sites and a uranium-enrichment plant in Iran. Initially spread through
Microsoft Windows and targeted Siemens industrial control systems. Believed to
have been tampering with Iran’s nuclear infrastructure for a while before being
discovered. One of the first discovered malware capable of hampering hardware
systems. Believed to be a cyberweapon created by US and Israeli intelligence.
7. The Home Depot. In 2014, 56 million payment cards were compromised along with
53 million customer email addresses. Happened over 6 months. Used a 3rd party’s info
to enter the perimeter of Home Depot’s network and was able to insert malware on
the self-checkout systems.
8. Sony PlayStation. In 2011, executives noticed abnormal activity on the network.
Around 77 million PS users’ accounts were compromised and prevented users from
using PS3 and PSP consoles. Had to turn off the network. Later confirmed personal
information from each of the 77 million accounts were exposed. The outage lasted 23
days and released daily announcements. Invested $170 million to investigate, build
better systems, and cover the expenses of caring for affected consumers.
9. WannaCry Ransomware. In 2017, one of the deadliest cyber attacks ever happened
caused by the WannaCry worm. The victims were the users that used the unsupported
Page 6
Austin Ward
version of Microsoft Windows and had not installed the new security update. Took
place through an exposed port rather than phishing. Attack originated in Asia and
infected over 200K computers in 150 countries in a day. Locked the users out of the
systems and encrypted the data, asking for around $300-$600 in bitcoin. Took a toll
on private and public government organizations. Millions to billions of dollars were
invested to fix it. Emergency patches were released by Microsoft as well as the
discovery of a kill switch which prevented the computers from spreading the worm. It
is believed that North Korea was behind the attack.
10. Melissa Virus. In 1999, a mass-mailing macro virus was released. Targeted Microsoft
Word and Outlook-based systems and created considerable network traffic. Infected
computers via email that looked like an important message. If they open the email,
download the document, and open the document, the virus was released. It would
mass-mail itself to 50 people on their contact list and disable multiple safeguard
features on Word and Outlook. David L. Smith released the virus and caused $80
million of damage. Did not steal data or money but caused havoc. Over 1M email
accounts were disrupted. Agencies were overloaded and some had to pause entirely.
● What are Cisco’s top 10 cyber tips?
1. Keep personal information private.
2. Use caution to avoid bad actors.
3. Update software regularly.
4. Create strong passwords by using parentheses.
5. Use two-factor authentication whenever possible.
6. Be cautious of free Wi-Fi.
7. Don’t leave a cyber footprint on shared or public devices.
8. Manage your privacy settings.
9. Regularly audit applications you have installed as privacy settings can change with
upgrades.
10. Secure tomorrow, together.
Found in: Week 7 Lab Content
● What are some further details on Cyber Attacks?
- 95% of cybersecurity breaches are due to human error.
- Approximately 86% of breaches are financially motivated.
- Today, cyber-crime costs the world most than $6 trillion.
- In 2022, more than 90% of small and midsized businesses reported a cyber-attack that
had a “severe impact” on their business.
● What can make a difference in these attacks?
- Cybersecurity compliance can help combat these attacks. Means adhering to
standards and regulatory requirements set forth by some agency, law, or authority
group.
Page 7
Austin Ward
-
Compliance comes in the form of frameworks and standards.
● What are the details about encryption?
- Cryptography: The study and practice of techniques for secure communication in the
presence of third parties called adversaries.
- Encryption: Turning plaintext (a message you can understand) into ciphertext (a
message that needs to be decrypted) using an algorithm or key.
- Decryption: Turning ciphertext back into plaintext using an algorithm or key.
- Used for centuries to keep sensitive information secret.
- Vital for safe computer communication.
● What is the difference between symmetric encryption and asymmetric encryption?
- Symmetric (Secret) Key Encryption: Sender and receiver use the same key to encrypt
and decrypt messages. A secure channel is needed to share the key before messages
can be securely sent.
- Asymmetric (Public) Key Encryption: Sender and receiver use different keys to
encrypt and decrypt messages.
1. Public Key: In an asymmetric cryptographic scheme, the key that may be widely
published (everyone has access)
2. Private Key: A mathematical key (kept secret by the holder) used to decrypt
messages or files encrypted with the corresponding public key.
● What are some symmetric encryption methods?
- Caesar Cipher: A type of substitution cipher in which each letter in the plaintext
message is replaced by a letter some fixed number (for example 3) positions down the
alphabet. For example, if the message is “HELLO”, and the number is 3, each letter
of the message shifts down 3 in the alphabet to become “KHOOR”.
-
Pig Pen Cipher: A geometric simple substitution cipher. The key is given to you. It
exchanges letters for symbols that are fragments of a grid.
Page 8
Austin Ward
-
-
Simple Transposition Cipher: Plaintext characters are shifted in some regular pattern
to form ciphertext. The example we used in class was making the message
backwards, where “HELLO THERE” became “EREHT OLLEH”
Back Slang Language: A written word is spoken phonemically backwards. Makes a
public conversation private behind the backs of people around you. An example of a
Back Slang language is Pig Latin, where the first consonant or consonant cluster (not
vowels) of the word is moved to the back and then “-ay” is added at the end. “How
Are You” would become “Owhay areay ouyay?”
● What makes asymmetric encryption hard to crack?
- Private keys are not shared. It would take an incredibly long time to accurately guess
or generate a key that is identical to the private key used to encrypt/decrypt messages
in an asymmetric scheme.
Question 4: How do I take data that is collected and change it to information to use it to solve
business problems?
Found in: Week 9 Asynch. Content
● What is Cybersecurity Compliance?
- Cyber-attacks do not only affect employees and executives, they can affect every
person in contact with an organization and their social circles.
- Standards and regulations must be in place to protect everyday people from
dangerous hackers.
- Cybersecurity compliance includes rules intended to protect the confidentiality,
integrity, and availability of data. They’re usually enforced by governments, law
authorities, and industry leaders.
- Compliance standards vary by industry and organizational size. The standards for a
small fashion business are not the same for a big tech company.
- Following compliance can be difficult because there are so many and are all so
diverse but have advantages.
- Compliance standards safeguard trade secrets, sensitive personal information,
software code, and product details.
- Protective employee and customer data improves:
1. An organization’s reputation
2. Consumer trust and loyalty
- If an organization is not compliant, they risk major litigation, expensive fees, and
destructive attacks. For instance, if customer information is stolen and sold on the
dark web, the company can be sued for negligence. That same store can also be fined
thousands to millions of dollars by government agencies. These events can ruin
reputation, bankrupt via recovery costs, and stop the company from working
altogether.
Page 9
Austin Ward
● IT Security Tutorial – Cybersecurity Standards and Regulations:
- An organization must incorporate safeguards into the security compliance plan to
defend against attacks.
- Over the years, standards, regulations, and guidelines (PCI DSS, HIPAA, SOX, and
GDPR) have reduced data exposure.
- Outline the way an organization should implement security measures to address and
reduce overall risk.
- What is Payment Card Industry Data Security Standard (PCI DSS)?
1. A set of widely accepted requirements to secure credit card transactions
2. It is not a law of government regulation. It is an industry standard developed by
the payment card industry.
3. If you do any credit card transactions, you must comply, otherwise a company
will face hefty fines and may lose the ability to handle credit card transactions.
- What is the Health Insurance Portability and Accountability Act (HIPAA)?
1. Also called the HIPAA Privacy Rule. Legislation that governs data privacy and
security practices that safeguard all patient electronic Protected Health
Information (ePHI) in US medical facilities.
2. Must report any breach activity and anyone who is in violation of the policies and
procedures will face penalties.
- What is the Sarbanes-Oxley (SOX) Act?
1. A set of requirements for public companies. Specifies methods to create and
sustain security controls and procedures.
2. Conducts a yearly audit to reduce fraud and protect investors.
3. Created in 2002 in response to several corporate accounting scandals between the
years 2000 and 2002.
4. Some of the worst corporate accounting scandals of all time include:
a. Waste Management Scandal in 1998. Houston-based, publicly traded waste
management company. Reported $1.7B in fake earnings. The founder and
auditing company took part. Company allegedly falsely increased the
depreciation time length for their property, plant, and equipment on the
balance sheets. A new CEO and management team went through the books
and that is how it was caught. The penalties were a shareholder class-action
lawsuit settlement of $457M and the SEC fined the auditing company $7M.
b. WorldCom Scandal in 2002. Telecommunications company, now MCI, Inc.
Inflated assets by as much as $11B, leading to 30,000 lost jobs and $180B in
losses for investors. CEO did it by underreporting line costs by capitalizing
rather than expensing, and inflated revenues with fake accounting entries. Was
caught by WorldCom’s internal auditing department uncovering $3.8B in
fraud. CFO was fired, controller resigned, and the company filed for
bankruptcy. CEO was sentenced to 25 years for fraud, conspiracy, and filing
false documents with regulators. SOX passed after this.
c. Tyco Scandal in 2002. New Jersey-based blue-chip Swiss security systems
company. The CEO and CFO stole $150M and inflated the company income
Page 10
Austin Ward
-
-
by $500M. Siphoned money through unapproved loans and fraudulent stock
sales. Money was smuggled out of the company disguised as executive
bonuses. Was caught by the SEC and Manhattan D.A. investigations
uncovering questionable accounting practices, including large loans made to
the CEO that were forgiven. They were sentenced to 8-25 years in prison and
a class-action lawsuit forced them to pay $2.92B to investors.
5. Possibly the most famous is the Enron Scandal in 2001. Houston-based
commodities, energy, and service corporation. Shareholders lost $74B, thousands
of their employees and investors lost their retirement accounts, and many
employees lost their jobs. The CEO and former CEO were the main players.
Former CEO died before serving time, the other one was given 24 years in prison.
Company filed for bankruptcy. The same auditing firm was found guilty of
fudging Enron’s accounts. Did it by keeping huge debts off balance sheets. Was
caught by whistleblower as well as high stock prices fueling suspicions.
6. Sections 301 and 404 indirectly deal with information assurance and data
integrity.
7. All companies must monitor and manage all data and financial transactions.
Companies must provide an annual report on internal security controls and their
effectiveness. Financial reports must be accurate and complete with no
unauthorized transactions or data manipulation.
What is the General Data Protection Regulation (GDPR)?
1. A comprehensive data privacy law that gives consumers control of their data.
2. Affects all EU companies that provide goods and services to, or that monitor, E
citizens.
3. A company can face over 4% of global turnover if broken.
Standards and regulations provide guidelines so that companies can do their due care
and due diligence to ensure data privacy and security.
● What is the NIST (National Institute of Standards and Technology) Cybersecurity
Framework?
- NIST Cybersecurity Framework (CSF) calls for actions any IT and security team can
do to create resilience-by-default.
- The actions are:
1. Identify. See everything. This is not just an inventory of resources; we need to put
our finger on hidden weaknesses and vulnerabilities. 99% of successful attacks hit
existing vulnerabilities that were either hidden or unresolved.
2. Protect. Build a moat. Gives us techniques to safeguard data. Access Controls to
solve overly permissive pathways to the goods. Data Security to blanket
information and prevent its escape. Protective Technology so we don’t have to do
all of this by hand. Training to keep our users in the know about cybersecurity
principles.
3. Detect. Invites us to go looking for trouble. Once we have a strong baseline, we
can fine-tune what makes something an anomaly. We can watch the baseline with
Page 11
Austin Ward
-
a keen eye to see if anomalies pop up. Reflect on what we’ve found so we can get
better at detection.
4. Respond. Shows us how to plan, communicate, analyze, mitigate, and improve
Incident Response. Response planning and communication give us the connective
tissue that helps diffuse security incidents with analysis and mitigation directed
toward the goal of swift recovery.
5. Recover. This is where we iterate and adapt. NIST pushes us to learn from what’s
happened and adjust controls to bounce back stronger than ever.
NIST security measures can help protect us against the unknown future.
● What is Data?
- Takes many forms and is used by humans and computers to create information.
- A computer decides what to do with a piece of data based on its “type”.
- Different data types are read by computers differently and can be processed into
various types of information.
● What are common data types?
- Numeric
1. Integer: Number with NO decimal (3, -14, 0)
2. Double: Number with a varying number of pieces after the decimal (up to 15
digits of precision) (2.134, 8.99999)
3. Fixed Decimal: A number with a set number of pieces after the decimal (example
would need to be determined by a set length)
- Text
1. String: A fixed length string of Latin-1 characters (also known as ISO 8859-1)
that uses an 8-bit encoding scheme to represent 256 different characters available
for use (includes 128 characters of ASCII (English alphabet plus some
punctuation and control letters) plus additional characters used in West European
languages like French, Spanish, and German) (“cat”, “phenomenal”, “ABC123”)
2. Variable String: String fields that can change size to accommodate different
lengths of strings.
- Booleans
1. Boolean: An expression that has only two possible values (TRUE or FALSE)
- Date
1. Date: Can be in several standard formats (mm/dd/yyyy, yyyy-mm-dd).
2. Some programs convert dates to strings by default. Be careful with this as dates
cannot be in string form to be used in many formulas and functions as strings are
not technically numbers like dates are.
- Geolocator
1. Latitude and Longitude: Coordinates that tell computers where a data point is
located on Earth.
2. City, State, Country: Some programs accept these data inputs as geolocation fields
and can locate a place based on its name.
Page 12
Austin Ward
-
Note: These are nowhere near the amount of data types there are. Other (more
common) types (not for this exam) are floats (represent decimal numbers use a fixed
number of bits to represent the fractional and integer parts of a number, not the same
as a fixed decimal where all are assigned the same number of decimals), chars (store a
single character, not the same as a string), shorts (like integers, but smaller range (16
bits, so -32768 to 32767)), and long (32-bit, so -2147483648 to 2147483647).
● What is the difference between human and computer logic?
- Humans can complete complex abstract thinking. Our brains can process multiple
thought strains at one time.
- Computers can only think in TRUE or FALSE (1s and 0s). Multiple of these 1s and
0s chained together build everything we see on a computer or anything a computer
does. This is called binary. They think objectively, not subjectively.
● Can a computer think?
- Computers can only process that information in chains of YES or NO, TRUE or
FALSE, 1 or 0
- Computers will only do what we tell them to do and they only process instructions
one step at a time.
● What are some computer programming algorithms?
- Sequence: Logic occurs when computers are given a list of steps to perform. These
steps are performed in the given sequence each time the program is initiated. We will
primarily use sequence in the class. (Orange in the image).
- Decision: Logic forces the computer to make a choice between a YES or NO answer.
Then proceed based on that answer down a different path. (Yellow in the image).
- Repetition: Algorithms occur when a program may need to run through a set of steps
more than once depending on the given input. Often begin with a decision. (Blue in
image).
Page 13
Austin Ward
Found in: Week 9 Lab Content
1. Cybersecurity is the application of technology, processes, and controls to reduce the risk
of: Cyber-attacks (other options were compliance, burnout, cyber assurance).
2. [Blank] is turning plaintext into ciphertext using an algorithm or key: Encryption (other
options were cryptography, decryption, keying).
3. Which of the following is not required to be included in an effective cybersecurity
approach? Money (other options were people, technology, processes).
4. Organizations need to take precautions when safeguarding: All of these (other options
were personal information, sensitive information, intellectual information).
5. According to Cloudwards, what percentage of data was recovered by paying ransomware
victims in 2021? 65% (other options were 80%, 75%, 70%).
6. Phishing is a form of: Social engineering attack (other options were community attack.
All of these, symmetric attack).
7. 95% of cybersecurity breaches are due to: Human error (other options were conditional
formatting, hackers, ransomware).
8. Social engineering is also known as: Human hacking (other options were phishing,
man-in-the-middle, interpretational hacking).
9. Cybersecurity compliance is rules intended to protect the: Confidentiality, integrity,
availability (other options were accuracy, prominence, confidence; value, veracity,
variety; amount, appearance, account).
10. Which of the following is not an action included in the NIST framework? Deter (other
options were detect, identity, respond).
11. Human and computers understand data: Differently (other options were constantly,
increasingly, similarly).
12. Which of the following is not a common datatype? Foreign (other options were boolean,
string, integer).
13. Which of the following would be considered data? A single point on a graph (other
options were a bar chart, all of these, a cluster of points). (in most contexts, it would be
all of these, as the word “data” is plural and “datum” is singular but he is referring to
aggregation which was not specified).
14. Which datatype would the following be: 865-867-5309? Text (other options were integer,
double, numeric). (There may be numbers, but there are also dashes, which makes it a
string).
15. Which of the following statements is true? Data becomes information when it is
aggregated (other options were information and data are the same thing, data becomes
information when it is disaggregated, information becomes data when it is aggregated).
16. Which of the following would be an effective question to ask a computer? Is a dog a
mammal? (other options were is Smokey the best mascot, all of these, what is the best
type of cuisine).
17. How do computers process information? One step at a time (other options were multiple
steps at a time, the same way as people do, it depends on the primary key).
Page 14
Austin Ward
18. The graphic below is an example of a(n): Algorithm (other options were primary key,
database, entity relationship diagram)
19. The graphic below is an example of a: Repetition algorithm (other options were decision
algorithm, sequence algorithm, hierarchical database)
20. [Blank] forces a computer to make a choice between a YES or NO answer. Then, proceed
down a path based on that answer. Decision programming logic (other options were
sequence programming logic, repetition programming logic, algorithmic programming
logic).
21. You do not need to learn how to code in this class, because Alteryx is what type of
environment? Drag and drop (other options were visualization, virtual, spreadsheet).
Found in: Week 4 Asynch. Quiz
1. Which of the following is not a typical event in the Procure to Pay business process?
Deliver Goods/Services to Customer
2. In regard to Big Data, differences in the types/sources of data (structured, unstructured or
semi-structured) are referred to as: Variety
Page 15
Austin Ward
3. ________________ combine both data and methods (i.e. instructions for processing the
data) into a single processing element. Objects
4. Which of the following scenarios would most likely benefit from real time processing
instead of batch processing? Ticket Processing (sports or airline)
5. Kyle works in the Receiving Department at Jefferson Appliances. When goods are
received from suppliers, Kyle inspects them and sends them to the warehouse. He then
forwards a copy of the receiving report to Sarah, the account payables clerk in the
Accounting Department. When it is time to pay for the goods, Sarah prepares and mails a
check to the supplier.
From the perspective of Jefferson Appliances, which business process is being described
above? Procure to Pay
6. Which of the following is considered the point of sale in the Order to Cash business
process? When the order is shipped out
7. Which of the following is not an information processing event as described in this class?
Distribute
8. _____________________ contain data awaiting some action to complete their
processing. Suspense Files
9. Which of the following is an example of a master file? Customer
10. A company keeps data about each completed sale of inventory during the current month.
What type of file is this data kept in? Transaction File
Found in: Week 5 Asynch. Quiz
1. Which source document tells me what goods are in the box? Packing Slip (not picking
slip)
2. In the database, each record is made up of a collection of columns called fields. True.
3. Extract, Transform, and Load describe the stages of: Building a data warehouse.
4. With a Schema on Write database, structure is given to my database: Upon creating the
database.
5. In Procure to Pay, the external party that the business primarily deals with is the
customer. False.
6. Sally is the Sales Director at Rose’s Flower Shop. When a customer comes into the shop,
Sally talks with the customer about their floral design wishes. She then gives the
customer a quote on the cost of their chosen design. Most of the time, customers will
agree to the quote. Once they reach an agreement, Sally will begin picking the florals to
be used in their arrangement.
From the perspective of Rose's Flower Shop, which business event(s) are being described
above? Both Negotiate a Sales Order and Select and Inspect Goods.
7. For most companies, the Conversion process lies between the Procure to Pay and Order
to Cash processes. True.
8. If the Customer_ID field is the primary key in the Customer table, what is Customer_ID
called when it shows up in the Orders Table? Foreign Key.
Page 16
Austin Ward
9. Relational databases are an example of: Schema on write databases.
10. All of the information (name, title, address, phone #) about a particular individual
employee is stored in the same: Record.
Found in: Week 6 Asynch. Quiz
1. What source document is used to authorize the selecting and inspecting of goods?
Packing Slip.
2. In the database, each record is made up of a collection of columns called fields. True.
3. For some companies, traditional operational databases are not enough. Which of the
following explains why? All of these are reasons. They cannot process large volumes of
data in real time, you need specially trained professionals to oversee them, they are
expensive to scale out or up.
4. If the Customer_ID field is the primary key in the Customer table, what is Customer_ID
called when it shows up in the Orders Table? Foreign Key.
5. In the OTC process, what is the name of the source document that I send my customer to
bill them? Sales Invoice.
6. All of the information (name, title, address, phone #) about a particular individual
employee is stored in the same: Record.
7. Which of the following is used to build and manage data structures in an information
system? Database Management System.
8. In Procure to Pay, the external party that the business primarily deals with is the
customer. False.
9. Which of these is a composite attribute? Customer Address.
10. Technologies like bar code scanners, RFID tags and touch screens are used by businesses
in which information processing step? Record.
Found in: Week 9 Asynch Quiz
1. General Data Protection Regulation (GDPR) was created to protect consumers’ credit
card information collected by companies. False.
2. Which of the following computer algorithm types is used when a computer is forced to
make a choice between a YES and NO answer and then proceed down a different path
based on the answer? Decision algorithm.
3. To a computer, the criteria of “1” and 1 mean the same thing. False.
4. What is the data type that is represented when data is able to only be TRUE of FALSE?
Boolean.
5. According to Nick Espinosa in his Ted Talk, what is the first law of Cybersecurity? If
there is a vulnerability, it will be exploited.
6. What type of cyber threat occurs when a target is flooded with too much fake traffic from
multiple sources which essentially causes it to crash? Distributed Denial of Service
(DDoS) Attack.
Page 17
Austin Ward
7. Which of these is not a type of malware? All of these are types of malware. Trojan horse,
virus, ransomware.
8. Which of these is not one of Cisco’s top 10 cyber tips? All of these are on the list.
Manage your privacy settings, update software regularly, use two-step verification
whenever possible.
9. Which of these is the European law that protects consumer data and privacy? GDPR
(General Data Protection Regulation).
10. According to Cloudwards, what was the largest single ransomware demand made in
2021? (March 2021 Acer attack) $50 million.
Page 18