A hospital's electronic record system was breached, exposing patient records. The hospital is based in the United States. Which regulation mandates that the hospital notify affected patients of the breach?
- CCPA
- FERPA
- GDPR
- HIPAA
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that mandates the protection of health information privacy and security. It requires healthcare organizations to notify affected patients in the event of a data breach involving their protected health information.
A company's IT department is implementing a system where every employee's email will have a digital signature. The primary reason for this implementation is to:
- Accelerate email delivery
- Ensure confidentiality
- Prevent email loss
- Verify sender identity
The primary reason for implementing digital signatures on emails is to verify the sender's identity. Digital signatures provide authentication, ensuring that the email indeed comes from the claimed sender and has not been altered in transit.
Which part of the HIPAA regulation sets the standards for protecting electronic protected health information?
- Title I
- Title II
- Title III
- Title IV
Title II of the HIPAA (Health Insurance Portability and Accountability Act) regulation sets the standards for protecting electronic protected health information (ePHI). It includes the Security Rule, which outlines the requirements for securing ePHI.
The process of ensuring that both parties in a communication are who they claim to be, especially in the SSL/TLS handshake, is known as what?
- Authentication
- Authorization
- Decryption
- Encryption
Authentication is the process of verifying the identity of parties in a communication. In SSL/TLS, it ensures that the client and server are who they claim to be, typically using digital certificates.
Which component of a digital certificate proves the identity of the certificate's subject?
- Certificate Authority's Signature
- Private Key
- Public Key
- Subject's Name
The Subject's Name in a digital certificate is what proves the identity of the certificate's subject. It typically contains information about the entity or individual the certificate is issued to, such as their name and organization.
For secure file transfers, SFTP operates on the _______ layer, while SCP operates on the _______ layer of the OSI model.
- Application, Data Link
- Data Link, Physical
- Presentation, Transport
- Transport, Network
For secure file transfers, SFTP (Secure File Transfer Protocol) operates at the Presentation layer of the OSI model, providing encryption, compression, and data formatting services. In contrast, SCP (Secure Copy Protocol) operates at the Transport layer of the OSI model, providing secure and efficient file transfer over a network.
For which reason might an organization regularly update its cybersecurity procedures?
- Branding Enhancement
- Business Expansion
- Compliance
- Cost Reduction
Organizations may regularly update their cybersecurity procedures to maintain compliance with evolving regulations and standards. Compliance is crucial as non-compliance can lead to legal issues and data breaches. Keeping procedures up-to-date helps an organization adapt to changing legal requirements.
A backup technique that captures every version of a file or database record every time it changes is referred to as _______ backup.
- Differential
- Full
- Incremental
- Versioning
A backup technique that captures every version of a file or database record every time it changes is referred to as "Versioning" backup. This type of backup maintains a history of changes, allowing you to restore a file or record to a specific point in time.
Which header can be used by web applications to instruct the browser to block certain types of attacks by declaring which sources are legitimate?
- Access-Control-Allow-Origin
- Content-Security-Policy
- Cross-Origin Resource Sharing
- Referrer-Policy
The "Content-Security-Policy" header is used to instruct the browser to block certain types of attacks, such as XSS, by specifying which sources are considered legitimate for loading content.
A software company releases a critical security update for its widely-used application. After a week, a major cyber attack targets organizations that have not applied this update. This scenario underscores the importance of what?
- Firewall Configuration
- Intrusion Detection
- Patch Management
- Secure Coding
This scenario highlights the critical importance of patch management. Failing to apply security updates promptly can leave systems vulnerable to known exploits.