Cyber Security (FBLA)Category: Objective Test
60-minute test administered during the NLC.
Objective Test Competencies: Defend and Attack (virus, spam, spyware); Network Security; Disaster Recovery; Email Security; Intrusion Detection; Authentication; Public Key; Physical Security; Cryptography; Forensics Security; Cyber Security Policy
- No materials may be brought to the testing site.
- Electronic devices must be turned off and out of sight.
- No calculators may be brought into the testing site; calculators will be provided.
- Bring a writing instrument.
The general event guidelines below are applicable to all national competitive events. Please review and follow these guidelines when competing at the national level. When competing at the state level, check the state guidelines since they may differ.
- Dues: Competitors must have paid FBLA national and state dues by 11:59 p.m. Eastern Time on March 1 of the current school year.
- NLC Registration: Participants must be registered for the NLC and pay the national conference registration fee in order to participate in competitive events.
- Deadlines: The state chair, or designee, must register each state competitor on the official online entry forms by 11:59 p.m. Eastern Time on the second Friday in May.
- Each state may submit four (4) entries in all events except LifeSmarts, Virtual Business Finance Challenge, and Virtual Business Management Challenge.
- Each competitor can only compete in one (1) individual/ team event and one (1) chapter event.
- Each competitor must compete in all parts of an event for award eligibility.
- A team shall consist of two or three members. Exceptions are Parliamentary Procedure which must be a team of four or five members, and LifeSmarts which must be a team of two members.
Competitors are not permitted to compete in an event more than once at the NLC unless one of the following circumstances applies:
- Modified Events: A competitor may compete in the same event when the event is modified. Note, if the only modification is a name change, competitors may not compete in the renamed event.
- Team Events: One (1) competitor of the team may have competed in the same event at one (1) previous NLC; however, they may not compete more than twice in the event at the national level.
- Chapter Events: Competitors may compete in a chapter event more than once (American Enterprise Project, Community Service Project, and Partnership with Business Project).
- Individual Entry: A competitor who competed as an individual entry in a team event at the national level may compete in the same event a second time as part of a team, but not a second time as an individual.
- Parliamentary Procedure: Two (2) competitors of the team may have competed in this event at a previous NLC; however, they may not compete more than twice at the national level.
- Pilot Event: Competition in a pilot event does not disqualify a competitor from competing in the same event if it becomes an official competitive event. The participant may compete in another event as well as a pilot event.
- Objective Tests: Ties are broken by comparing the correct number of answers to the last 10 questions on the exam. If a tie remains, the competitor who completed the test in a shorter amount of time will place higher. If this does not break the tie, answers to the last 20 questions will be reviewed and determine the winner.
- Objective and Production Tests: The production test scores will be used to break a tie.
- Objective Tests and Performances: The objective test score will be used to break a tie based on the tie-breaking criteria of objective tests.
- Reports/Projects and Performances: The report/project scores will be used to break a tie.
- Performances: Judges must break ties and all judges’ decisions are final.
- State chair/adviser must register all competitors for NLC competitive events online by 11:59 p.m. Eastern Time on the second Friday in May.
- All prejudged components (reports, websites, projects, statement of assurance) must be received by 11:59 p.m. Eastern Time on the second Friday in May.
- All prejudged projects and reports must be submitted electronically.
- All Statements of Assurance must be submitted online.
- All production tests must be received at FBLA-PBL by 11:59 p.m. Eastern Time on the third Friday in May.
- All production tests must be uploaded online.
- State chair/adviser may make name changes only (no additional entries) by 11:59 p.m. Eastern Time on the first Friday in June. Competitor drops are the only changes allowed after this date and onsite.
The number of competitors will determine the number of winners. The maximum number of winners for each competitive event is 10. Only one (1) award is given to the schools competing in chapter events (American Enterprise Project, Community Service Project, Local Chapter Annual Business Report, and Partnership with Business Project).
Certain events may allow the use of additional materials. Please refer to event guidelines.
Americans with Disabilities Act (ADA)
FBLA‑PBL meets the criteria specified in the Americans with Disabilities Act for all participants who submit a special needs form.
Recording of Presentations
No unauthorized audio or video recording devices will be allowed in any competitive event. Participants in the performance events should be aware the national association reserves the right to record any performance for use in study or training materials.
Sample Practice Materials
2. Define the various virus types and describe the common symptoms caused by viruses and their potential effects.
3. Define concepts such as phishing, social engineering, spoofing, identify theft, and spamming
4. Describe importance and process of incidence reporting.
5. Implement security preventive maintenance techniques such as installing service packs and patches.
6. Assess security threats, diagnose, and troubleshoot hardware, software, and data security issues.
7. Implement virus protection and removal procedures to recover information from failures and security breaches (e.g., malware and viral infection)
8. Explain the impact of malware protection, including antivirus software, spam, adware, spyware filtering, and patch management.
9. Scan storage devices and equipment for viruses and spyware and disinfect as needed.
10. Install and configure anti-X software (e.g., anti-virus, anti-spyware, and anti-spam).
11. Identify potential sources of virus infection and describe methods of preventing the spread of computer virus.
12. Identify how to protect privacy and personal security online (e.g., to avoid fraud, identity theft and other hazards).
13. Explain the benefits and demonstrate the use of privacy, password, and protection utilities.
2. Explain principles of basic network security (e.g., IP spoofing, packet sniffing, password compromise, and encryption).
3. Determine threats and analyze risks to network perimeters.
4. Determine the impact on network functionality of a particular security implementation (e.g., port blocking/filter, authentication, and encryption).
5. Identify the following security protocols and describe their purpose and function: IPSEC, L2TP, SSL, WEP, WPA, and 802.1x.
6. Identify specific access levels that need to be accommodated.
7. Match security system design to identified security requirements.
8. Develop, document and implement a network security plan (e.g., install, configure, upgrade, and optimize security).
9. Train users about malicious software prevention technologies.
10. Diagnose and troubleshoot hardware, software, and data security issues.
11. Implement hardware and software network security solutions (e.g., VPN, SSL, and firewall).
12. Identify the purposes and characteristics of access control and permissions, auditing and event logging.
13. Know and implement user security policies and procedures to maintain, monitor, and support the security and integrity of a network.
14. Implement secured access to network resources.
15. Describe the importance and demonstrate forms of network security (e.g., password strategies and user accounts).
16. Illustrate fundamental legal issues involved with security management.
17. Design an audit policy and incident response procedures.
18. Manage and distribute critical software updates that resolve known security vulnerabilities and other stability issues.
19. Explain the importance of educating users and supervisors in regard to network security.
20. Implement security controls such as MAC or DAC to ensure user policies are enabled.
21. Implement server and Web-based services security features.
22. Describe what a firewall is, its uses, and how it works
23. Explain the characteristics, uses, and benefits of software firewalls and hardware firewalls
24. Install and update a firewall.
25. Configure personal firewall protection.
26. Describe the four basic firewall techniques ( e.g., proxy server, packet filter, application gateway, and circuit-level gateway).
27. Implement global, domain, and local account policies
28. Distinguish among the following security methods: DMX (including dual-homed and triple-homed firewalls), VLan, intranet, extranet, PKI
2. Describe the purpose and characteristics of disaster recovery: backup/restore, offsite storage, hot and cold spares, and hot, warm, and cold sites.
3. Differentiate between disaster recovery and business continuity
4. Design a disaster recovery plan.
5. Compare different options of backing up and securing data and restoring a system and perform system backup.
6. Select and test a disaster recovery plan against several disaster scenarios.
7. Demonstrate the ability to recover operating systems (e.g., boot methods, recovery console, ASR, and ERD).
8. Backup and restore files and directories.
9. Implement procedures used to recover information from failures and security breaches (e.g., malware and viral infection).
10. Identify method for avoiding common computer system disasters (e.g., UPS and RAID).
11. Compare/contract streaming file-by-file backup systems.
12. Establish process for archiving files.
13. Use the features of a server operating system to prevent a disaster or recover when one occurs.
14. Identify and maintain battery backup equipment.
15. Install surge suppression protection.
16. Develop and document a plan to avoid data loss, including backups and remote storage
2. Define E-Mail and Instant Messaging protocol.
3. Recognize social engineering and address social engineering situations.
4. Identify netiquette including the use of e-mail, social networking, blogs, texting, and chatting.
5. Explain the benefits and demonstrate the use of privacy, password, and protection utilities.
6. Discuss security issues and guidelines for legal and responsible electronic communications and Internet use for business (e.g., includes copyright, netiquette, privacy issues, and ethics).
7. Scan e-mail messages and attachments received to ensure they are not spam.
8. Establish and manage spam/junk mail folders.
9. Identify issues regarding unsolicited e-mail (spam) and how to minimize or control unsolicited mail.
10. Identify contamination protection strategies for e-mail.
2. Assess security threats and develop plan to address.
3. Analyze and inspect the system’s configuration and vulnerabilities to detect inadvisable settings.
4. Inspect the password files to detect inadvisable passwords.
5. Inspect other system areas to detect policy violations.
6. Assess system and file integrity.
7. Recognize patterns typical of attacks.
8. Analyze abnormal activity patterns.
9. Track user policy violations.
10. Demonstrate an understanding of Internet use and security issues.
11. Investigate security issues related to Internet technology (e.g., virus, firewalls, spam, system backup, passwords, wireless, and data encryption).
12. Identify types of intrusion detection and recommend tools to protect against each type.
2. Discuss the need for authentication and non-repudiation of information (e.g., PKI).
3. Describe the steps to achieve authentication and confidentiality.
4. Provide for user authentication (e.g., assign passwords and access level).
5. Identify and resolve a network configuration with incorrect protocols, client software misconfiguration, authentication misconfiguration, and insufficient rights/permissions.
6. Evaluate electronic sources of information for authenticity.
7. Identify authentication protocols (e.g., CHAP, MS-CHAP, PAP, RADIUS, Kerbero, and EAP.)
8. Explain and implement Secure Sockets Layer (SSL) authentication.
9. Explain and install a certificate.
10. Describe concepts related to logon authentication.
11. Educate employees on how to properly handle passwords.
12. Establish policies on choosing a secure password.
13. Describe the biometrics authentication method.
14. Give an example of a two factor authentication security process.
15. Discuss the need for dual-role authentication.
2. Describe the advantages and risks associated with a public key infrastructure.
3. Identify and analyze precautions included in programs used on networks (e.g., self-metering, security keys, and required configuration settings).
4. Explain the purpose of temporary certificates and single sign-on.
5. Describe Web of Trust and when it is appropriate to use.
6. Describe certificate authority and its role in security.
7. Distinguish between public key encryption and digital signatures.
8. Describe cryptographic protocols and applications, like digital cash, password-authenticated key agreement, multi-party key agreement, and time stamping service.
2. Identify names, purposes, and characteristics of hardware and software security issues including wireless, data, and physical security.
3. Describe basic physical security risks inherent to computer hardware and software.
4. Describe physical security best practices for enterprises.
5. Describe risk-mitigation techniques (e.g., policies, procedures, hardware, and software).
6. Establish and implement controls for physical site access and security.
7. Identify and analyze environmental hazards (e.g., fire, flood, moisture, temperature, electricity,) and establish environmental security controls to protect and restore.
8. Perform a physical configuration audit.
9. Train and test employees in area of physical security awareness.
10. Describe the physical security components of a Disaster Recovery/Business Continuity Plan.
2. Identify levels of encryption.
3. Describe the types of cryptography algorithms (e.g., secret key, public key, and hash functions).
4. Describe trust models such as web of trust, Kerberos, and certificates.
5. Identify cryptography applications used for password protection and private communication. (IP security protocol, clipper, Identify Base Encryption, Internet Security Association and Key Management Protocol, and Secure sockets Layer).
6. Illustrate concepts of data encryption and its use with protecting network resources.
7. Identify uses for VPN and network data encryption.
8. Define the advantages and risks associated with passwords.
9. Explain how passwords are stored.
10. Describe DES (Data Encryption Standards) and explain how it operates.
11. Explain the purpose and use of AES (Advanced Encryption Standard).
12. Explain export controls associated with cryptography.
2. Identify recoverable evidence in computer hardware and mobile devices.
3. Preserve evidence in an acceptable forensically manner.
4. Review time line of computer files based on the creation, file modification, and file access.
5. Identify past Internet browsing, downloads, and e-mail communications.
6. Examine and analyze evidence.
7. Differentiate between operating systems from a forensics standpoint.
8. Use computer forensics software tools to cross validate findings in computer evidence-related cases.
9. Prepare a report of findings.
10. Identify forensic analysis tools and their uses
11. Describe Legislative Acts governing Digital Forensics.
- Information Technology
- Information Techology