In which encryption method is a pair of keys used, where one key encrypts the data and the other decrypts it?
- Asymmetric Encryption
- Hashing
- Steganography
- Symmetric Encryption
Asymmetric Encryption, also known as Public Key Encryption, uses a pair of keys – a public key for encryption and a private key for decryption. This approach allows secure communication without both parties needing to share the same secret key.
Which of the following is NOT a directive that can be used in a Content Security Policy?
- script-src
- font-src
- cookie-policy
- frame-ancestors
"cookie-policy" is not a valid directive in a Content Security Policy (CSP). CSPs define directives to control the sources from which certain types of content can be loaded. The other options like "script-src," "font-src," and "frame-ancestors" are valid directives used in CSP for different content types.
During a web application assessment, a security consultant observes that even though the application has a CSP header, it uses the unsafe-inline directive for scripts. What potential risk does this pose?
- It allows any script to run on the page
- It disallows all inline scripts
- It only allows scripts from external sources
- It restricts all scripting entirely
Using the unsafe-inline directive for scripts in a CSP is risky because it allows any inline script to run on the page. This essentially undermines the security benefits of CSP by permitting potentially harmful inline scripts, which is a security vulnerability.
What is the primary purpose of security compliance?
- Ensuring Data Privacy
- Meeting Regulatory Standards
- Preventing Employee Mistakes
- Protecting Against All Threats
The primary purpose of security compliance is to meet regulatory standards and ensure that an organization follows legal and industry-specific rules and guidelines to protect sensitive data and systems.
_______ is a type of malware that encrypts user data and demands a ransom for the decryption key.
- Adware
- Ransomware
- Spyware
- Trojan
Ransomware is a type of malware that encrypts a user's data and demands a ransom for the decryption key. It's a malicious tool used by cybercriminals to extort money from victims. Paying the ransom is discouraged, as there's no guarantee the data will be restored.
What is "tailgating" in the realm of social engineering?
- Creating fake social media accounts
- Following an authorized person into a secured area
- Intercepting email communication
- Manipulating a person through flattery
Tailgating is a social engineering technique where an attacker gains unauthorized physical access to a secured area by following an authorized person. It relies on the trust of the authorized person to allow the attacker entry.
What primary purpose does a firewall serve in a network?
- Distribute IP addresses
- Filter and control network traffic
- Physically connect devices
- Provide network speed optimization
A firewall primarily serves to filter and control network traffic, allowing or denying packets based on specified criteria, enhancing network security.
What is the primary purpose of a Web Application Firewall (WAF)?
- To block malicious web traffic
- To design web interfaces
- To manage web application sessions
- To speed up web application loading
A Web Application Firewall (WAF) primarily serves to block malicious web traffic and protect web applications from various cyber threats and attacks.
In the context of operating system security, which mechanism dictates how privileges are escalated or restricted for processes?
- ACL (Access Control List)
- DAC (Discretionary Access Control)
- MAC (Mandatory Access Control)
- UAC (User Account Control)
MAC (Mandatory Access Control) is a security mechanism that dictates how privileges are escalated or restricted for processes. It enforces a predefined set of access rules and is commonly used in high-security environments such as military and government systems.
An IT administrator is setting up a secure file transfer service for his company. He needs a protocol that provides directory listing, file transfers, and file management capabilities. Which protocol should he consider?
- FTP
- HTTP
- SMTP
- SSH
The protocol that provides directory listing, file transfers, and file management capabilities is FTP (File Transfer Protocol). FTP is commonly used for these purposes, allowing secure and efficient file transfers.