Which secure coding principle emphasizes the importance of denying everything by default and only granting permissions intentionally?
- Defense in Depth
- Fail-Safe Defaults
- Principle of Least Privilege
- Security through Obscurity
The Principle of Least Privilege advocates limiting permissions to the minimum necessary, ensuring that by default, access is denied, and permissions are granted intentionally.
An encryption system that uses the same key to encrypt and decrypt information is known as _______ encryption.
- Asymmetric
- Private
- Public
- Symmetric
Symmetric encryption, also known as private-key encryption, uses the same key for both encryption and decryption. This means that the sender and the recipient must both have access to the same secret key. It is typically faster and less computationally intensive compared to asymmetric encryption.
The process of hiding a wireless network by not broadcasting its SSID is known as _______.
- MAC Filtering
- Network Masking
- SSID Concealing
- SSID Encryption
SSID Concealing, also known as SSID hiding, is a security measure where the network name (SSID) is not broadcast, making it less visible to potential attackers.
How does AWS Lambda handle scaling automatically?
- Based on the incoming traffic and workload
- By manually adjusting the compute capacity
- By periodically checking system metrics
- Through scheduled scaling events
AWS Lambda handles scaling automatically by dynamically adjusting resources based on the incoming traffic and workload, providing efficient and scalable compute capabilities for serverless applications.
Which of the following attacks involves the injection of malicious scripts into web pages viewed by other users?
- Cross-Site Scripting (XSS)
- Distributed Denial of Service (DDoS)
- Phishing
- SQL Injection
Cross-Site Scripting (XSS) is an attack where an attacker injects malicious scripts into web pages, which are then viewed by other users, potentially leading to data theft or manipulation.
Regular _______ sessions are essential to ensure that employees are up-to-date with the latest security policies and practices.
- Evaluation
- Maintenance
- Reporting
- Training
Regular training sessions are essential to ensure that employees are up-to-date with the latest security policies and practices. Security training helps employees recognize and respond to security threats effectively.
Insider threats can be particularly challenging to detect because they often exploit legitimate _______ rather than external vulnerabilities.
- Permissions
- Software Bugs
- System Flaws
- Weak Passwords
Insider threats often exploit legitimate "Permissions" granted to them as part of their job. This can make it challenging to distinguish malicious behavior from regular activities, increasing the risk of data breaches.
In penetration testing, what is the significance of a "red team" versus a "blue team"?
- Red team consists of internal employees, blue team is external
- Red team defends, blue team simulates attackers
- Red team simulates attackers, blue team defends
- Red team tests for software vulnerabilities
In penetration testing, the "red team" simulates attackers, often from an external perspective, while the "blue team" defends, typically from an internal perspective, helping to identify security weaknesses and prepare for real-world threats.
_______ is a type of malware that encrypts the user's files and demands payment in exchange for the decryption key.
- Adware
- Ransomware
- Trojan
- Worm
Ransomware is a type of malware that encrypts the user's files and demands payment in exchange for the decryption key. It is a significant threat to data security and has been responsible for many high-profile cyberattacks.
In public-key cryptography, the decryption key is kept private and is known as the _______ key.
- Cipher
- Private
- Public
- Secret
In public-key cryptography, the decryption key is kept private, known as the "Private Key." This key is kept secret by the owner and is used to decrypt data that has been encrypted with the corresponding public key.