Home » Quiz » Page 1740

What is the primary purpose of a Web Application Firewall (WAF)?

  • To block malicious web traffic
  • To design web interfaces
  • To manage web application sessions
  • To speed up web application loading
A Web Application Firewall (WAF) primarily serves to block malicious web traffic and protect web applications from various cyber threats and attacks.
Discuss it

In the context of operating system security, which mechanism dictates how privileges are escalated or restricted for processes?

  • ACL (Access Control List)
  • DAC (Discretionary Access Control)
  • MAC (Mandatory Access Control)
  • UAC (User Account Control)
MAC (Mandatory Access Control) is a security mechanism that dictates how privileges are escalated or restricted for processes. It enforces a predefined set of access rules and is commonly used in high-security environments such as military and government systems.
Discuss it

An IT administrator is setting up a secure file transfer service for his company. He needs a protocol that provides directory listing, file transfers, and file management capabilities. Which protocol should he consider?

  • FTP
  • HTTP
  • SMTP
  • SSH
The protocol that provides directory listing, file transfers, and file management capabilities is FTP (File Transfer Protocol). FTP is commonly used for these purposes, allowing secure and efficient file transfers.
Discuss it

Alice visits a popular news website and sees a pop-up that says "Hacked!". Upon investigation, it's found that the website itself was not compromised but the script from an ad provider was. What kind of attack was most likely leveraged?

  • Cross-Site Request Forgery (CSRF)
  • Cross-Site Scripting (XSS)
  • Distributed Denial of Service (DDoS)
  • SQL Injection
Alice likely experienced a Cross-Site Scripting (XSS) attack, where malicious code was injected into the ad provider's script, affecting the website's visitors.
Discuss it

A company's IT department receives a report of an email sent to several employees that appears to be from the CEO, asking them to click on a link and enter their credentials. The CEO denies sending such an email. This situation is most likely an example of which type of attack?

  • DDoS Attack
  • Insider Threat
  • Ransomware Attack
  • Spear Phishing
This scenario describes a classic spear-phishing attack. Spear-phishing involves sending targeted, deceptive emails to specific individuals, often impersonating someone the recipient trusts, with the intent of stealing sensitive information or spreading malware.
Discuss it

Alice, a system administrator, notices that some sensitive files have been accessed by unauthorized users. She wants to ensure that, in the future, only specific users can view and modify these files. What security measure should Alice implement?

  • Access Control List (ACL)
  • Encryption
  • Intrusion Detection System (IDS)
  • Two-Factor Authentication (2FA)
Alice should implement Access Control Lists (ACLs) to restrict file access. ACLs define which users or system processes are granted access to objects, as well as what operations are allowed on given objects. In this case, Alice can specify which specific users have access to sensitive files and what type of access they have.
Discuss it

Patch _______ is the process of deciding which patches should be applied to systems and in what order.

  • Deployment
  • Management
  • Prioritization
  • Selection
Patch prioritization is the process of deciding which patches should be applied to systems and in what order. It involves assessing the criticality of vulnerabilities and the potential impact on systems to determine the patching order.
Discuss it

The principle that emphasizes using multiple layers of security measures to protect information and systems is called what?

  • Defense-in-Depth
  • Encryption
  • Single Sign-On (SSO)
  • Two-Factor Authentication
Defense-in-Depth is a security strategy that advocates implementing multiple layers of security measures. This approach helps to provide redundancy and ensure that even if one layer is breached, other layers can still protect the system. Single Sign-On, Two-Factor Authentication, and Encryption are important security concepts but not the same as Defense-in-Depth.
Discuss it

When an IDS generates an alert for an activity that isn't actually malicious, it's termed as a _______.

  • False Negative
  • False Positive
  • True Negative
  • True Positive
When an IDS generates an alert for non-malicious activity, it's called a 'False Positive,' indicating a potential security concern that is, in fact, benign.
Discuss it

When an attacker leaves a malware-infected USB drive in a public place hoping someone will find it and plug it into a computer, this technique is known as?

  • Baiting
  • Pharming
  • Phishing
  • Spoofing
This technique is called "baiting." It involves leaving a device (in this case, a malware-infected USB drive) in a location where someone may find it and plug it into a computer out of curiosity. Once connected, the malware can infect the victim's computer.
Discuss it