A primary technique to mitigate code injection attacks is to avoid executing code that is:
- Dynamic
- Encoded
- Trusted
- Untrusted
Mitigating code injection attacks involves not executing untrusted code. Untrusted code can contain malicious commands that may lead to security vulnerabilities.
In the context of mobile security, what does BYOD stand for?
- Bring Your Own Data
- Bring Your Own Device
- Build Your Own Device
- Business Yearning Over Devices
BYOD stands for "Bring Your Own Device." This policy allows employees to use their personal devices (such as smartphones, tablets, or laptops) for official work purposes. It can enhance flexibility and productivity but also poses security challenges that need to be addressed.
The principle of "_______" ensures that critical tasks or functions are not controlled by a single individual.
- Access Control
- Defense in Depth
- Least Privilege
- Vulnerability Scanning
The principle of "Least Privilege" is a security concept that restricts individual users' access rights to the minimum levels necessary to accomplish their tasks. It ensures that no single person has excessive access, reducing the risk of unauthorized actions or potential damage.
What term describes the GDPR requirement for organizations to design data protection into their products and processes from the outset?
- Data Encryption
- Data Minimization
- Data Portability
- Data Protection by Design and by Default
GDPR (General Data Protection Regulation) requires organizations to implement "Data Protection by Design and by Default." This means that data protection must be an integral part of product and process development, ensuring data security from the start rather than added as an afterthought.
The use of multiple layers of security measures, including both malware detection and patch management, is referred to as a _______ approach.
- Defense-in-Depth
- Multi-Factor Authentication
- Redundant Backup
- Single Sign-On
Defense-in-Depth is a security strategy that employs multiple layers of security controls and measures to protect against various security threats. This approach includes not only malware detection but also patch management, firewalls, intrusion detection systems, and more, creating a robust security posture.
A phishing attack that involves multiple methods, such as emails and phone calls, to deceive victims is known as?
- Smishing
- Spear Phishing
- Vishing
- Whaling
Whaling is a type of phishing attack that specifically targets high-profile individuals or senior executives within an organization. It often involves various methods, such as emails, phone calls, and even in-person social engineering, to deceive victims and gain sensitive information or access.
A software company releases a critical security update for its widely-used application. After a week, a major cyber attack targets organizations that have not applied this update. This scenario underscores the importance of what?
- Firewall Configuration
- Intrusion Detection
- Patch Management
- Secure Coding
This scenario highlights the critical importance of patch management. Failing to apply security updates promptly can leave systems vulnerable to known exploits.
Which header can be used by web applications to instruct the browser to block certain types of attacks by declaring which sources are legitimate?
- Access-Control-Allow-Origin
- Content-Security-Policy
- Cross-Origin Resource Sharing
- Referrer-Policy
The "Content-Security-Policy" header is used to instruct the browser to block certain types of attacks, such as XSS, by specifying which sources are considered legitimate for loading content.
A backup technique that captures every version of a file or database record every time it changes is referred to as _______ backup.
- Differential
- Full
- Incremental
- Versioning
A backup technique that captures every version of a file or database record every time it changes is referred to as "Versioning" backup. This type of backup maintains a history of changes, allowing you to restore a file or record to a specific point in time.
For which reason might an organization regularly update its cybersecurity procedures?
- Branding Enhancement
- Business Expansion
- Compliance
- Cost Reduction
Organizations may regularly update their cybersecurity procedures to maintain compliance with evolving regulations and standards. Compliance is crucial as non-compliance can lead to legal issues and data breaches. Keeping procedures up-to-date helps an organization adapt to changing legal requirements.
For secure file transfers, SFTP operates on the _______ layer, while SCP operates on the _______ layer of the OSI model.
- Application, Data Link
- Data Link, Physical
- Presentation, Transport
- Transport, Network
For secure file transfers, SFTP (Secure File Transfer Protocol) operates at the Presentation layer of the OSI model, providing encryption, compression, and data formatting services. In contrast, SCP (Secure Copy Protocol) operates at the Transport layer of the OSI model, providing secure and efficient file transfer over a network.
Which component of a digital certificate proves the identity of the certificate's subject?
- Certificate Authority's Signature
- Private Key
- Public Key
- Subject's Name
The Subject's Name in a digital certificate is what proves the identity of the certificate's subject. It typically contains information about the entity or individual the certificate is issued to, such as their name and organization.