A mandatory _______ policy is a type of security policy that relies on labels (attached to objects and users) to determine access.
- Access Control
- Mandatory Access
- Password
- Role-Based
A mandatory access control (MAC) policy is a security policy that enforces access controls based on labels assigned to subjects (users) and objects (resources). The labels define the sensitivity and integrity of objects and the clearances of subjects. Access is granted or denied based on these labels.
In terms of certificate management, what refers to the process of ensuring a certificate is still valid and has not been revoked?
- Certificate Authority (CA)
- Certificate Revocation List (CRL)
- Certificate Signing Request (CSR)
- Public Key Infrastructure (PKI)
Certificate Revocation List (CRL) is a vital component of certificate management. It is a list of certificates that have been revoked before their expiration date. It is used to verify whether a certificate is still valid and hasn't been compromised.
An organization with a global presence wants to ensure its employees can access internal resources securely from anywhere in the world without exposing the network to external threats. Which solution would best fit this requirement?
- Cloud Computing
- IoT (Internet of Things)
- MPLS (Multiprotocol Label Switching)
- SD-WAN (Software-Defined Wide Area Network)
SD-WAN (Software-Defined Wide Area Network) is a technology that allows secure and efficient access to internal resources from anywhere while minimizing exposure to external threats. It's an ideal solution for a global organization.
The tool _______ is known for its ability to automate the scanning of web applications and can detect over 3000 web vulnerabilities.
- Burp Suite
- Metasploit
- Nmap
- OWASP ZAP
The tool known for automating the scanning of web applications and detecting a wide range of web vulnerabilities, including over 3000, is Burp Suite. It's widely used by security professionals for web application security testing.
The process of restoring a system or data from a backup following a disaster or data corruption is termed as what?
- Data Archiving
- Data Deduplication
- Data Migration
- Disaster Recovery
Disaster Recovery is the process of restoring systems, data, and infrastructure after a disaster, such as a natural catastrophe or a major data breach. It ensures that a business can continue operations after a disruptive event.
One of the primary ways to mitigate insider threats is to implement strict _______ controls.
- Access
- Administrative
- Network
- Security
One of the primary ways to mitigate insider threats is to implement strict security controls. Security controls can include measures like access restrictions, monitoring, and policies designed to prevent unauthorized access and data breaches.
Which secure coding practice helps prevent SQL injection attacks by ensuring that user input does not run as code?
- Code Encryption
- Database Backups
- Input Validation
- Password Hashing
Input Validation is a practice that checks and sanitizes user input to prevent it from being executed as SQL code, thereby thwarting SQL injection.
What is the primary difference between a security standard and a security regulation?
- Standards are legally binding, while regulations are recommendations
- Standards are long-term, while regulations are short-term
- Standards are technical, while regulations are organizational
- Standards are voluntary, while regulations are mandatory
The primary difference lies in the legal status. Security standards are usually voluntary and serve as best practices, while security regulations are legally binding and mandatory, often enforced by governments or industry bodies.
In the context of insider threats, what term describes the unintentional actions of employees that lead to security breaches?
- Espionage
- Fraud
- Negligence
- Sabotage
Negligence in the context of insider threats refers to the unintentional actions or mistakes made by employees that can compromise security. This could include actions like clicking on a malicious link in an email, inadvertently sharing sensitive information, or misconfiguring security settings, all of which can lead to security breaches.
David is setting up a new computer for his company's CEO. He wants to ensure that even if the laptop is lost or stolen, the data on it cannot be accessed without proper authentication. Which of the following would be the most effective solution?
- Antivirus Software
- Biometric Authentication
- Firewall
- Full Disk Encryption
The most effective solution for ensuring that data on a lost or stolen laptop cannot be accessed without proper authentication is Full Disk Encryption. Full Disk Encryption encrypts the entire contents of the hard drive, making the data inaccessible without the correct decryption key or password.
A company recently suffered a data breach. Upon investigation, it was found that they failed to encrypt customer data, which is a requirement under the regulation they adhere to. This situation could result in what kind of repercussions for the company?
- Enhanced public image
- Improved customer trust
- Legal penalties
- Reduced operational costs
The failure to encrypt customer data, especially when it's a requirement under regulation, can lead to legal penalties and fines due to non-compliance with data protection laws.
A company has remote employees who often access the company's internal network from public Wi-Fi hotspots. Which technology can ensure that the data transmitted between the remote employees and the company remains confidential and secure?
- Encryption
- Firewall
- Intrusion Detection System (IDS)
- VPN (Virtual Private Network)
A Virtual Private Network (VPN) is the most suitable solution to ensure data confidentiality and security when accessing internal resources over public networks. It encrypts the data, making it secure from eavesdroppers.