In an incident reporting procedure, a _______ is typically designated to coordinate the response and recovery efforts.
- CEO
- CISO
- CSIRT
- CTO
In an incident reporting procedure, a CSIRT (Computer Security Incident Response Team) is typically designated to coordinate the response and recovery efforts. A CSIRT is a team of experts responsible for the protection against and management of cybersecurity incidents.
Which of the following is a benefit of encrypting an individual file rather than an entire disk?
- Complete security
- Enhanced performance
- Selective protection
- Simplified management
Encrypting an individual file offers the benefit of selective protection. It allows you to choose specific files or folders to encrypt, offering security where it's needed most without affecting the performance or management of the entire disk. This is especially useful when you only need to protect certain sensitive files rather than an entire disk.
Charlie is developing a web application. He ensures that every form input is validated and sanitized before it's processed. Despite this, an attacker is able to inject a script that steals user session cookies. Which vulnerability in the application did the attacker most likely exploit?
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- SQL Injection
The attacker likely exploited a Cross-Site Scripting (XSS) vulnerability, allowing them to inject malicious scripts into the web application despite input validation and sanitization.
The practice of deliberately leaving vulnerabilities open in a system as a trap to detect and monitor intruders is termed as what?
- Ethical Hacking
- Honeypot
- Penetration Testing
- Zero-Day Exploitation
A "Honeypot" is a cybersecurity mechanism that intentionally exposes vulnerabilities to lure and monitor potential intruders and threats.
Jane, an IT manager, receives an email detailing a potential security incident. However, the email does not contain enough specifics to act upon. To improve the quality and consistency of incident reports, Jane might consider implementing what?
- Incident Response Plan
- Regular Software Updates
- Security Awareness Training
- Security Incident Reporting Guidelines
Jane should consider implementing Security Incident Reporting Guidelines. These guidelines provide a structured format for reporting security incidents, including the specific details and information required. They help ensure that incident reports contain enough information for the IT team to act upon effectively.
In many operating systems, the _______ acts as a central policy that defines security-related computer settings.
- Antivirus
- Firewall
- Operating System
- Router
In many operating systems, the Operating System acts as a central policy that defines security-related computer settings. This includes user access controls, permissions, and various security configurations.
What is the primary purpose of an incident reporting procedure in an organization?
- To assign blame
- To improve system performance
- To prevent all incidents
- To identify and address security incidents
The primary purpose of an incident reporting procedure in an organization is to identify and address security incidents. This process is essential for recognizing and responding to events that could potentially harm the organization's information security. Incident reporting helps in containment and recovery, minimizing the impact of security breaches.
In the context of incident response, a _______ is a collection of data that provides detailed information about an event that has occurred.
- Framework
- Log
- Policy
- Report
The correct answer is "Log." A log contains detailed data about events and incidents, aiding in incident response, forensics, and post-incident analysis.
Sarah, an IT administrator, notices that several unauthorized devices have been connecting to the company's wireless network. To ensure only company devices can connect, she considers implementing a security measure based on hardware addresses. Which security measure is she thinking of?
- MAC (Media Access Control) Filtering
- SSID Hiding
- WEP (Wired Equivalent Privacy)
- WPA3 (Wi-Fi Protected Access 3)
Sarah is considering implementing MAC (Media Access Control) filtering to control which devices can connect to the wireless network. It allows her to permit or deny devices based on their unique hardware addresses.
Which layer of the OSI model is primarily concerned with end-to-end communication and network security?
- Layer 2 - Data Link
- Layer 3 - Network
- Layer 5 - Session
- Layer 7 - Application
Layer 3, the Network layer, is primarily concerned with end-to-end communication, routing, and network security by controlling data packet routing.