CYBER SECURITY
Cybersecurity challenges members to demonstrate their knowledge of protecting systems and data from digital threats such as viruses, malware, phishing, and spyware. Through an objective test, members explore foundational cybersecurity principles, tools, and best practices used to defend against cyberattacks.
Event Overview
Division: High School
Event Type: Individual
Event Category: Objective Test, 100-multiple choice questions (breakdown of question by competencies below)
Objective Test Time: 50 minutes
Career Cluster Framework Connection: Digital Technology
NACE Competency Alignment: Career & Self-Development, Critical Thinking, Professionalism, Technology
Items Competitor Must Provide: Sharpened pencils, Photo Identification, Conference-provided nametag, Attire that meets the Florida FBLA Dress Code
Objective Test Competencies:
· Security Fundamentals
· Cyber Threats and Vulnerabilities
· Security and Design
· Network and Data Security
· Security Operations and Management
Test questions are based on the knowledge areas and objectives outlined for this event. Detailed objectives can be found in the study guide included in these guidelines.
District
Check with your District leadership for District-specific competition information.
State
Eligibility
· FBLA membership dues are paid by 11:59 pm Eastern Time on December 1 (or earlier date specified by District Director) of the current program year.
· Members may compete in an event at the State Leadership Conference (SLC) more than once if they have not previously placed in the top 10 of that event at the National Leadership Conference (NLC). If a member places in the top 10 of an event at the NLC, they are no longer eligible to compete in that event.
· Members must be registered for the SLC and pay the state conference registration fee in order to participate in competitive events.
· Members must stay within the official FBLA housing block of the official FBLA hotel to be eligible to compete.
· Each district may be represented by participant(s) based on the Florida FBLA scaled quota system found on the Florida FBLA website.
· Each member can only compete in one individual/team event and one chapter event (Community Service Project, Local Chapter Annual Business Report).
· Identification: Competitors must present valid photo identification (physical) that matches the name on their conference name badge. Acceptable forms include a driver’s license, passport, state-issued ID, or school ID.
· If competitors are late for an objective test, they may be either disqualified or permitted to begin late with no extension of the time as scheduled.
· Participants must adhere to the Florida FBLA dress code established by the Florida Board of Directors or they will not be permitted to participate in the competitive event.
Recognition
· The number of competitors will determine the number of winners. The maximum number of winners for each competitive event is 5.
Event Administration
· This event is an objective test administered at the SLC.
· No reference or study materials may be brought to the testing site.
· No calculators may be brought into the testing site.
Scoring
· Ties are broken by comparing the correct number of answers to the last 10 questions on the test. If a tie remains, answers to the last 20 questions on the test will be reviewed to determine the winner. If a tie remains, the competitor who completed the test in a shorter amount of time will place higher.
· Results announced at the State Leadership Conference are considered official and will not be changed after the conclusion of the State Leadership Conference.
Americans with Disabilities Act (ADA)
· FBLA complies with the Americans with Disabilities Act (ADA) by providing reasonable accommodations for competitors. Accommodation requests must be submitted through the conference registration system by the official registration deadline. All requests will be reviewed, and additional documentation may be required to determine eligibility and appropriate support.
Penalty Points
· Competitors may be disqualified if they violate the Competitive Event Guidelines or the Honor Code.
Electronic Devices
· Unless approved as part of a documented accommodation, all cell phones, smartwatches, electronic devices, and headphones must be turned off and stored away before the competition begins. Visible devices during the event will be considered a violation of the FBLA Honor Code.
National
If you are competing on the National level, be sure to see the National guidelines at https://www.fbla.org/divisions/fbla/fbla-competitive-events/
Study Guide: Knowledge Areas and Objectives
Security Fundamentals (15 test items)
1. Describe Confidentiality, Integrity, and Availability
2. Describe measures for establishing digital trust (e.g., identity proofing, non-repudiation, attestation)
3. Explain the concepts of authentication, authorization, and accounting
4. Provide examples of Zero Trust
5. Describe examples of deception and disruption technology for defending against attackers (e.g., honeypots, honeynets, honeyfiles)
6. Explain how binary, hexadecimal, and decimal are used in cryptography
7. Explain the purpose of least privilege principles
Cyber Threats and Vulnerabilities (20 test items)
1. Describe web and software sources of security vulnerabilities (e.g., injections, overflows, jailbreaking, race conditions)
2. Discuss attributes of threat actors and their goals (e.g., internal and external threats, financial gain, espionage, data theft)
3. Describe types of viruses
4. Discuss types of security vulnerabilities (e.g., backdoors, zero-days, unpatched software)
5. Discuss social engineering scams and attacks (e.g., phishing, phone scams, email scams)
6. Describe the purpose, methods, and mechanics of a DDoS attack
7. Describe the characteristics of types of malware (e.g., viruses, Trojans, worm, logic bombs)
8. Describe cryptographic attacks (e.g., downgrades, collisions, birthday attacks)
9. Discuss vulnerabilities of wireless networks
Security and Design (20 test items)
1. Explain how using cloud infrastructure affects system security
2. Discuss the security implications of microservice architecture (e.g., more attack surfaces, authentication, increased complexity)
3. Differentiate between logical and physical segmentation
4. Explain how containerization and virtualization can increase security
5. Describe security risks and challenges associated with the Internet of Things
6. Describe the concepts of backups, RAID, and UPS
7. Identify examples of the CIA triad in network design (e.g., UPS, encryption, data integrity)
8. Explain the role of testing in building secure cyber architecture
Network and Data Security (15 test items)
1. Describe the purpose of cryptography
2. Differentiate between public and private key cryptography
3. Discuss shift ciphers, Caesar ciphers, and substitution ciphers
4. Describe the three states of data
5. Describe the importance and use of access control models (e.g., MAC, DAC, RBAC)
6. Discuss authentication and authorization of network resources (e.g., multifactor, certificates, tokens)
7. Describe how blockchains and hashing can be used for authentication and data integrity
Security Operations and Management (10 test items)
1. Describe common security policies (e.g., acceptable use, information security, business continuity, disaster recovery)
2. Discuss elements of disaster prevention and recovery plans
3. Describe types of firewalls (e.g., network-based, NGFW, WAF)
4. Explain the use of firewall access lists and rules to increase security
5. Describe best practices for company messaging, email, and data security
6. Describe the impact of change management on security
Security Protocols and Threat Mitigation (20 test items)
1. Provide examples of secure protocols (e.g., SSH, HTTPS, TLS, WPA2)
2. Describe the purpose of intrusion prevention and detection systems
3. Describe policies and practices to prevent viruses, phishing and email scams
4. Explain methods of obfuscation (e.g., tokenization, data masking, steganography)
5. Describe how strong passwords increase security
6. Describe the purpose of digital certificates and Certificate Authorities (CAs)
7. Describe the importance of patches, updates, and version control for security
8. Explain the use of pen testing for increasing security