For secure file transfers, SFTP operates on the _______ layer, while SCP operates on the _______ layer of the OSI model.
- Application, Data Link
- Data Link, Physical
- Presentation, Transport
- Transport, Network
For secure file transfers, SFTP (Secure File Transfer Protocol) operates at the Presentation layer of the OSI model, providing encryption, compression, and data formatting services. In contrast, SCP (Secure Copy Protocol) operates at the Transport layer of the OSI model, providing secure and efficient file transfer over a network.
For which reason might an organization regularly update its cybersecurity procedures?
- Branding Enhancement
- Business Expansion
- Compliance
- Cost Reduction
Organizations may regularly update their cybersecurity procedures to maintain compliance with evolving regulations and standards. Compliance is crucial as non-compliance can lead to legal issues and data breaches. Keeping procedures up-to-date helps an organization adapt to changing legal requirements.
A backup technique that captures every version of a file or database record every time it changes is referred to as _______ backup.
- Differential
- Full
- Incremental
- Versioning
A backup technique that captures every version of a file or database record every time it changes is referred to as "Versioning" backup. This type of backup maintains a history of changes, allowing you to restore a file or record to a specific point in time.
Which header can be used by web applications to instruct the browser to block certain types of attacks by declaring which sources are legitimate?
- Access-Control-Allow-Origin
- Content-Security-Policy
- Cross-Origin Resource Sharing
- Referrer-Policy
The "Content-Security-Policy" header is used to instruct the browser to block certain types of attacks, such as XSS, by specifying which sources are considered legitimate for loading content.
A software company releases a critical security update for its widely-used application. After a week, a major cyber attack targets organizations that have not applied this update. This scenario underscores the importance of what?
- Firewall Configuration
- Intrusion Detection
- Patch Management
- Secure Coding
This scenario highlights the critical importance of patch management. Failing to apply security updates promptly can leave systems vulnerable to known exploits.
A phishing attack that involves multiple methods, such as emails and phone calls, to deceive victims is known as?
- Smishing
- Spear Phishing
- Vishing
- Whaling
Whaling is a type of phishing attack that specifically targets high-profile individuals or senior executives within an organization. It often involves various methods, such as emails, phone calls, and even in-person social engineering, to deceive victims and gain sensitive information or access.
The use of multiple layers of security measures, including both malware detection and patch management, is referred to as a _______ approach.
- Defense-in-Depth
- Multi-Factor Authentication
- Redundant Backup
- Single Sign-On
Defense-in-Depth is a security strategy that employs multiple layers of security controls and measures to protect against various security threats. This approach includes not only malware detection but also patch management, firewalls, intrusion detection systems, and more, creating a robust security posture.
The process of converting encrypted data back into its original form is termed as _______.
- Deciphering
- Encoding
- Encryption
- Hashing
The process of converting encrypted data back into its original form is termed as "Deciphering." This process uses the decryption key to transform the encrypted data into its original, readable format.
Which of the following is NOT a recommended practice to prevent SQL injection?
- Sanitizing Input
- Storing Passwords in Plain Text
- Using Dynamic Queries
- Using Prepared Statements
Using dynamic queries is not recommended to prevent SQL injection. It opens the door to SQL injection attacks by allowing user input directly in SQL queries.
In the context of operating systems, what does the principle of "least privilege" refer to?
- Giving users the highest level of access rights
- Providing maximum system resources to all users
- Providing system access based on need
- Denying system access to all users
The principle of "least privilege" (also known as the principle of least privilege, or POLP) refers to providing system access based on the principle of "need to know" and giving users the minimum levels of access rights required to accomplish their tasks. This reduces the risk of unauthorized access and potential security breaches.