cybersecurity

Cybersecurity challenges members to demonstrate their understanding of how to protect systems, networks, and data from digital threats such as viruses, malware, phishing, and spyware. Through an objective test, members explore cybersecurity concepts, tools, and best practices used to defend against and respond to cyberattacks.

Event Overview

Division: Collegiate
Event Type: Individual
Event Category: Objective Test, 100-multiple choice questions (breakdown of question by competencies below)
Objective Test Time: 50 minutes

Career Cluster Framework Connection: Digital Technology
NACE Competency Alignment: Career & Self-Development, Critical Thinking, Professionalism, Technology

Items Competitor Must Provide: Sharpened pencil, computer, conference-provided nametag, photo identification, attire that meets the Florida FBLA Dress Code.

FBLA Must Provide: Test login information (link and password)

 Competencies

· Security Fundamentals

· Cyber Threats and Vulnerabilities

· Security and Design

· Network and Data Security

· Security Operations and Management

· Security Protocols and Threat Mitigation

Test questions are based on the knowledge areas and objectives outlined for this event. Detailed objectives can be found in the study guide included in these guidelines.

State

Eligibility

·         FBLA membership dues are paid by 11:59 pm Eastern Time on February 1st of the current program year.

·         Members must be registered for the SLC and pay the state conference registration fee in order to participate in competitive events.

·         Members must stay within the official FBLA housing block of the official FBLA hotel to be eligible to compete.

·         Each chapter may submit six students in this event.

·         On the state level, each member can compete in up to three different events in the following combinations: three objective tests OR two objective tests and one performance OR two objective tests and one production or one objective test and two production OR one objective test, one performance, and one production. Students may enter the Christopher Heider, Rob Kelleher, Who’s Who event, and one Chapter event (Community Service, State of the Chapter) in addition to their above chosen events.

·         Picture identification (physical or digital: driver’s license, passport, state-issued identification, or school-issued identification) matching the conference nametag is required when checking in for competitive events.

·         If competitors are late for an objective test, they may be either disqualified or permitted to begin late with no extension of the time as scheduled.

·         Participants must adhere to the Florida FBLA dress code established by the Florida Board of Directors or they will not be permitted to participate in the competitive event.

Recognition

·         The number of competitors will determine the number of winners. The maximum number of winners for each competitive event is 4.

Event Administration

·         This event is an objective test administered prior to the SLC.

·         No reference or study materials may be brought to the testing site.

·         No calculators may be brought into the testing site; online calculators will be provided through the testing software.

Tie Breaker

·         Ties are broken by comparing the correct number of answers to the last 10 questions on the test. If a tie remains, answers to the last 20 questions on the test will be reviewed to determine the winner. If a tie remains, the competitor who completed the test in a shorter amount of time will place higher.

Americans with Disabilities Act (ADA)

·         FBLA complies with the Americans with Disabilities Act (ADA) by providing reasonable accommodations for competitors. Accommodation requests must be submitted through the conference registration system by the official registration deadline. All requests will be reviewed, and additional documentation may be required to determine eligibility and appropriate support.

Penalty Points

·         Competitors may be disqualified if they violate the Competitive Event Guidelines or the Honor Code.

Electronic Devices

·        Unless approved as part of a documented accommodation, all cell phones, smartwatches, electronic devices, and headphones must be turned off and stored away before the competition begins. Visible devices during the event will be considered a violation of the FBLA Honor Code.

National

If competing at the National level, be sure to see the National guidelines at https://www.fbla.org/collegiate/competitive-events/

Study Guide: Knowledge Areas and Objectives

Security Fundamentals (10 test items)

1. Describe examples of confidentiality, integrity, and availability in cybersecurity operations

2. Discuss measures for establishing digital trust (e.g., identity proofing, non-repudiation, attestation)

3. Explain how authentication, authorization, and accounting are implemented in practice

4. Analyze principles of Zero Trust present in security architectures

5. Discuss examples of binary and hexadecimal in cybersecurity

6. Perform basic arithmetic involving binary and hexadecimal

7. Analyze examples of least privilege principles

Cyber Threats and Vulnerabilities (20 test items)

1. Analyze the causes of SQL injection and buffer overflow vulnerabilities (e.g., poor input validation, memory management)

2. Analyze the causes, mechanics, and consequences of race conditions (e.g., critical sections, information leak, crash)

3. Discuss attributes of threat actors and their goals (e.g., internal and external threats, financial gain, espionage, data theft)

4. Analyze how different viruses infiltrate systems and spread (e.g., boot sector, polymorphic, macro)

5. Analyze how backdoors, zero-days, and outdated software can lead to cybersecurity incidents

6. Discuss social engineering scams and attacks (e.g., phishing, phone scams, email scams)

7. Describe the purpose, methods, and mechanics of a DDoS attack

8. Analyze effects of and defense against types of malware (e.g., viruses, Trojans, worms)

9. Describe the consequences and mechanics of cryptographic attacks on enterprise systems

10. Evaluate the security of a wireless network

Security and Design (20 test items)

1. Analyze the security benefits and drawbacks of cloud infrastructure (e.g., IaaS, SaaS, PaaS)

2. Recommend changes to cybersecurity policies based on system architecture (e.g., microservice, cloud-based, hybrid)

3. Discuss use cases and examples of logical and physical segmentation (e.g., VLANs, subnets, air-gapped systems)

4. Analyze security use cases for containerization and virtualization in enterprise systems

5. Recommend a backup schedule based on an organization's needs (e.g., differential, incremental, full)

6. Recommend RAID levels based on an organization's needs (e.g., level 0, level 5)

7. Discuss types of testing used in cybersecurity

8. Analyze the impact of physical network design decisions on cybersecurity

9. Discuss key considerations in designing secure systems (e.g., availability, resilience, cost, responsiveness)

10. Discuss ways to increase resilience and recovery in design (e.g., load balancing, clustering, multi-cloud, platform diversity, backups)

Network and Data Security (20 test items)

1. Discuss the role of cryptography in ensuring confidentiality, integrity, authentication, and non-repudiation

2. Analyze the benefits and drawbacks of public and private key cryptography

3. Describe the mechanics of public and private key cryptography

4. Discuss types of ciphers (e.g., shift, Caesar, substitution)

5. Discuss logical access control methods (e.g., access control lists, group policies, passwords)

6. Analyze differences between access control models (e.g., MAC, DAC, RBAC)

7. Analyze network authentication methods (e.g., multifactor, certificates, tokens)

8. Describe the characteristics of effective and ineffective hash functions (e.g., collisions, distribution, efficiency)

9. Discuss the advantages and disadvantages of using blockchain for data integrity and authentication

Security Operations and Management (10 test items)

1. Discuss common security policies (e.g., acceptable use, information security, business continuity, disaster recovery)

2. Discuss elements of disaster prevention and recovery plans

3. Discuss the use cases of different types of firewalls (e.g., network-based, NGFW, WAF)

4. Evaluate messaging, email, and data security policies for risk management

5. Describe change management practices

Security Protocols and Threat Mitigation (20 test items)

1. Describe the purposes of SSH, HTTPS, TLS, and WPA protocols

2. Explain how intrusion detection and prevention systems work (e.g., signature-based, anomaly-based, NIDS)

3. Evaluate the effectiveness of policies and practices for preventing viruses, phishing, and email scams

4. Analyze different types of obfuscation (e.g., code, data, network)

5. Explain how digital certificates and Certificate Authorities (CAs) contribute to security

6. Explain how patches, updates, and version control prevent attacks

7. Discuss examples of penetration testing

8. Describe a VPN and its uses in cybersecurity

9. Describe security protocols used by VPNs and their characteristics (e.g., TLS, OpenVPN, L2TP, IPsec)