John, a network administrator, notices a sudden spike in outbound traffic from a single workstation in the organization. Upon further investigation, he discovers that the workstation is contacting multiple external IP addresses. This could be indicative of which type of threat?
- Botnet Infection
- Data Exfiltration
- Insider Threat
- Malware Infection
The sudden spike in outbound traffic from a workstation contacting multiple external IP addresses is a strong indicator of a botnet infection. A botnet is a network of compromised devices controlled by an attacker, often used for various malicious activities, including sending spam or launching DDoS attacks.
Which layer of the OSI model does SSL/TLS primarily operate at?
- Application
- Data Link Layer
- Physical Layer
- Transport Layer
SSL/TLS (Secure Sockets Layer/Transport Layer Security) primarily operates at the Application Layer (Layer 7) of the OSI model. It provides encryption and security for application-level data.
A hospital's electronic record system was breached, exposing patient records. The hospital is based in the United States. Which regulation mandates that the hospital notify affected patients of the breach?
- CCPA
- FERPA
- GDPR
- HIPAA
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that mandates the protection of health information privacy and security. It requires healthcare organizations to notify affected patients in the event of a data breach involving their protected health information.
In the context of mobile security, what does BYOD stand for?
- Bring Your Own Data
- Bring Your Own Device
- Build Your Own Device
- Business Yearning Over Devices
BYOD stands for "Bring Your Own Device." This policy allows employees to use their personal devices (such as smartphones, tablets, or laptops) for official work purposes. It can enhance flexibility and productivity but also poses security challenges that need to be addressed.
A primary technique to mitigate code injection attacks is to avoid executing code that is:
- Dynamic
- Encoded
- Trusted
- Untrusted
Mitigating code injection attacks involves not executing untrusted code. Untrusted code can contain malicious commands that may lead to security vulnerabilities.
What is the primary purpose of disk encryption?
- Improve disk performance
- Prevent physical damage
- Protect data from unauthorized access
- Reduce storage space
The primary purpose of disk encryption is to protect data from unauthorized access. When data on a disk is encrypted, it is converted into a form that can only be read with the correct decryption key or password, making it inaccessible to unauthorized users. This helps safeguard sensitive information even if the physical disk is lost or stolen.
The process of ensuring that both parties in a communication are who they claim to be, especially in the SSL/TLS handshake, is known as what?
- Authentication
- Authorization
- Decryption
- Encryption
Authentication is the process of verifying the identity of parties in a communication. In SSL/TLS, it ensures that the client and server are who they claim to be, typically using digital certificates.
Which component of a digital certificate proves the identity of the certificate's subject?
- Certificate Authority's Signature
- Private Key
- Public Key
- Subject's Name
The Subject's Name in a digital certificate is what proves the identity of the certificate's subject. It typically contains information about the entity or individual the certificate is issued to, such as their name and organization.
For secure file transfers, SFTP operates on the _______ layer, while SCP operates on the _______ layer of the OSI model.
- Application, Data Link
- Data Link, Physical
- Presentation, Transport
- Transport, Network
For secure file transfers, SFTP (Secure File Transfer Protocol) operates at the Presentation layer of the OSI model, providing encryption, compression, and data formatting services. In contrast, SCP (Secure Copy Protocol) operates at the Transport layer of the OSI model, providing secure and efficient file transfer over a network.
For which reason might an organization regularly update its cybersecurity procedures?
- Branding Enhancement
- Business Expansion
- Compliance
- Cost Reduction
Organizations may regularly update their cybersecurity procedures to maintain compliance with evolving regulations and standards. Compliance is crucial as non-compliance can lead to legal issues and data breaches. Keeping procedures up-to-date helps an organization adapt to changing legal requirements.