Why is it essential for companies to have a documented incident response procedure?
- Enhances Reputation
- Legal Requirement
- Minimizes Impact
- Reduces Costs
Having a documented incident response procedure minimizes the impact of a security incident. It enables an organized and efficient response, reducing downtime, data loss, and financial damage. It's crucial for a company's resilience.
After completing security awareness training, an employee promptly reports a suspicious email they received, which turns out to be a phishing attempt. This situation emphasizes the importance of which aspect of cybersecurity?
- Encryption
- Endpoint Security
- Human Behavior
- Network Security
The scenario highlights the importance of human behavior in cybersecurity. An educated and vigilant workforce can play a crucial role in identifying and reporting potential security threats, such as phishing attempts.
Which strategy focuses on limiting access to information to only those who require it to perform their job functions?
- Defense in Depth
- Least Privilege
- Social Engineering
- Zero Trust
The strategy of "Least Privilege" focuses on limiting access to information and resources to only those individuals who require it to perform their job functions. This minimizes the potential for insider threats as employees only have access to what's necessary for their role.
The practice of sending fraudulent emails pretending to be from reputable companies to induce individuals to reveal personal information is known as _______.
- Hacking
- Malware
- Phishing
- Spoofing
Sending fraudulent emails pretending to be from reputable companies to trick individuals into revealing personal information is known as Phishing. It's a common method for cybercriminals to obtain sensitive data.
Which protocol is primarily used to secure web traffic between a browser and a server?
- FTP
- HTTP
- HTTPS
- SMTP
HTTPS (Hypertext Transfer Protocol Secure) is the protocol used for secure web traffic. It provides data encryption, authentication, and secure connections between a browser and a server.
Sarah, a security analyst, sees an alert from the IDS indicating a potential attack. She reviews the logs and finds no evidence of a breach or unauthorized activity. What kind of alert might this be considered?
- Evasion Attack Alert
- False Positive Alert
- Intrusion Alert
- True Positive Alert
In this case, it is likely a 'False Positive Alert,' indicating that the IDS incorrectly identified benign network traffic or normal behavior as an attack.
Which type of threat actor is typically motivated by political or ideological beliefs rather than financial gain?
- Cybercriminal
- Hacktivist
- Insider Threat
- Script Kiddie
Hacktivists are individuals or groups that use hacking skills to promote political or ideological causes. They're motivated by beliefs rather than financial gain. Insider Threats are employees with access to sensitive data, Cybercriminals seek financial gain, and Script Kiddies are amateur hackers.
Which type of attack aims at making a service unavailable by overwhelming it with traffic?
- Buffer Overflow Attack
- DDoS (Distributed Denial of Service)
- Man-in-the-Middle Attack
- Phishing Attack
A "DDoS" attack stands for Distributed Denial of Service and is designed to make a service unavailable by overwhelming it with traffic, often from multiple sources.
A popular tool that helps in identifying vulnerabilities in web applications by scanning their source code is called a what?
- Firewall
- Intrusion Detection System (IDS)
- Static Application Security Testing (SAST) tool
- Web Application Firewall (WAF)
A popular tool used to identify vulnerabilities in web applications by scanning their source code is called a "Static Application Security Testing (SAST)" tool. SAST tools analyze the source code to identify security issues and vulnerabilities early in the development process.
An IDS that actively takes actions, such as blocking traffic or terminating sessions, when a threat is detected is referred to as _______.
- Firewall
- Honeypot
- Intrusion Prevention System
- Router
An Intrusion Prevention System (IPS) is an IDS that not only detects threats but also takes proactive measures to block or prevent them.
After a recent audit, a company was advised to segregate their network to ensure sensitive data isn't accessible to all employees. Which network security best practice is being recommended?
- DMZ (Demilitarized Zone)
- IP Address Spoofing
- Network Segmentation
- Port Forwarding
Network Segmentation involves dividing a network into segments to restrict access, reducing the risk of unauthorized access to sensitive data and improving security.
A company's network administrator notices that an external IP address is repeatedly trying to access the company's internal resources. However, the firewall denies each attempt, and the source IP changes frequently. What type of attack might this represent?
- DDoS Attack
- Man-in-the-Middle (MitM) Attack
- Port Scanning
- Spear Phishing
This scenario suggests 'Port Scanning,' where an attacker systematically scans a range of ports on a network to identify vulnerabilities or open services.