An employee loses their personal smartphone, which they also use for work-related tasks. They immediately report the loss to the IT department, which then remotely wipes the device. This action is most likely in accordance with which organizational policy?
- BYOD Policy
- Data Retention Policy
- Mobile Device Management (MDM) Policy
- Privacy Policy
This action is most likely in accordance with the Mobile Device Management (MDM) Policy. MDM policies often include provisions for remote device wiping to protect sensitive company data when a device is lost or stolen. It allows IT departments to remotely erase company data and applications from the device to prevent data breaches.
Which advanced cryptographic protocol allows two parties to securely compute a function over their inputs while keeping those inputs private?
- DES
- Diffie-Hellman
- Homomorphic Encryption
- RSA
Homomorphic Encryption is an advanced cryptographic technique that allows two parties to perform computations on their encrypted data without revealing the data to each other. This is particularly useful in secure multi-party computation and privacy-preserving data analysis.
In the context of regulations, what does GDPR stand for?
- General Data Privacy Requirement
- General Data Protection Requirement
- Global Data Privacy Regulation
- Global Data Protection Regulation
GDPR stands for the General Data Protection Regulation, which is a European Union regulation designed to protect the privacy and data of EU citizens. It has global implications for organizations dealing with EU citizens' data.
What common practice involves creating a duplicate copy of data to ensure its availability in case of data loss?
- Data Archiving
- Data Compression
- Data Encryption
- Data Mirroring
Data Mirroring is the practice of creating a duplicate copy of data on another storage device. This is done in real-time or near-real-time to ensure data availability in case of data loss or hardware failure. It provides redundancy and high availability.
In an out-of-band SQL injection attack, data is retrieved using:
- A separate channel
- API endpoints
- HTTP GET requests
- The same channel with UNION statements
In an out-of-band SQL injection, attackers retrieve data via a separate channel, such as a DNS request, rather than through the same channel as the main application.
Which of the following best describes the primary purpose of a certificate authority (CA) in the SSL/TLS handshake process?
- Authenticating users
- Handling encryption keys
- Issuing digital certificates
- Providing web hosting
A Certificate Authority (CA) in the SSL/TLS handshake process primarily issues digital certificates. These certificates are used to verify the authenticity of a website, ensuring that the connection is secure and that data is encrypted.
Under GDPR, individuals have the right to access their personal data and the right to _______ it.
- Alter the Data
- Correct the Data
- Delete the Data
- Share the Data
Under the General Data Protection Regulation (GDPR), individuals have the right to access their personal data held by organizations. This means they can request to correct or update the data if it's inaccurate. This helps individuals maintain the accuracy of their personal information.
In the context of threat intelligence, what refers to a set of indicators related to a specific cybersecurity threat?
- Threat Assessment
- Threat Intelligence Report
- Threat Landscape
- Threat Signature
A "Threat Signature" is a set of indicators that characterize a specific cybersecurity threat, helping in its identification and mitigation.
A _______ VPN provides a secure connection between multiple networks over the internet.
- Endpoint-to-Endpoint
- PPTP
- SSL
- Site-to-Site
A Site-to-Site VPN connects entire networks securely over the internet. It's commonly used to connect remote offices or cloud services to the main network.
In the context of social engineering, what does "baiting" usually involve?
- Hiding behind a mask
- Impersonating someone
- Offering something enticing to the victim
- Threatening the victim
Baiting in social engineering involves offering something enticing to the victim. This could be in the form of a free download, a prize, or anything that would make the victim want to take an action that benefits the attacker.