Policies that dictate the criteria for granting access to specific information or systems are called _______ policies.
- Access Control
- Authentication
- Authorization
- Encryption
"Authorization" policies specify who can access what in a system, setting the criteria for granting access to specific resources.
Regularly updating and patching network devices is a key _______ in network security.
- Password
- Principle
- Protocol
- Vulnerability
One of the key principles in network security is regularly updating and patching network devices to fix vulnerabilities and security issues.
To prevent unauthorized access to a wireless network, administrators can implement MAC address _______.
- Broadcasting
- Encryption
- Filtering
- Hiding
MAC address filtering allows or denies access to a network based on the unique hardware address of a device, enhancing security by controlling device access.
A financial institution wants to ensure that even if their data is intercepted during transmission, the intruder wouldn't be able to understand it. They decide to transform this data into a code to prevent unauthorized access. What process are they using?
- Compression
- Decryption
- Encryption
- Hashing
The financial institution is using encryption. Encryption is the process of transforming data into a code to prevent unauthorized access during transmission. It ensures that even if data is intercepted, it remains unintelligible to unauthorized individuals or intruders.
The U.S. federal law that requires financial institutions to explain how they share and protect their customers' private information is known as the _______.
- Computer Fraud and Abuse Act
- Gramm-Leach-Bliley Act
- Patriot Act
- Sarbanes-Oxley Act
The correct answer is the "Gramm-Leach-Bliley Act." This law mandates financial institutions to disclose their information-sharing practices and safeguard customers' private data.
In the context of CSP, what does the 'nonce' attribute help with?
- Controlling content caching
- Enforcing secure data transmission
- Handling session management
- Preventing Cross-Site Scripting (XSS) attacks
In the context of Content Security Policy (CSP), the 'nonce' attribute is used to prevent Cross-Site Scripting (XSS) attacks. It allows a server to generate a unique cryptographic nonce for each page load. The nonce is included in the CSP header, and the browser only executes scripts with a matching nonce, effectively blocking any unauthorized scripts from running on the page.
A(n) _______ test in penetration testing is where the attacker has no prior knowledge of the target system.
- Black Box
- External
- Gray Box
- White Box
In penetration testing, a "Black Box" test is when the tester has no prior knowledge of the system, simulating an external attacker's approach.
In the context of incident response, a _______ is a collection of data that provides detailed information about an event that has occurred.
- Framework
- Log
- Policy
- Report
The correct answer is "Log." A log contains detailed data about events and incidents, aiding in incident response, forensics, and post-incident analysis.
Zero-day exploits target vulnerabilities that are known to the software vendor but:
- The vendor can't reproduce the issue
- The vendor has not yet released a patch
- The vendor is actively working on a fix
- The vendor refuses to acknowledge the vulnerability
Zero-day exploits target vulnerabilities that are known to the software vendor but do not yet have an official patch or fix available. Hackers exploit these vulnerabilities before the vendor can respond with a patch, potentially causing significant damage or security breaches.
After a ransomware attack, a company realizes they have lost access to their critical data. Fortunately, they have a recent backup stored in a remote location. This situation highlights the importance of which data protection principle?
- Authentication
- Availability
- Confidentiality
- Integrity
This situation highlights the importance of data availability. Data protection principles ensure the confidentiality, integrity, and availability of data. In this case, the company's ability to access the backup data stored in a remote location demonstrates the principle of data availability.