The process of ensuring that both parties in a communication are who they claim to be, especially in the SSL/TLS handshake, is known as what?
- Authentication
- Authorization
- Decryption
- Encryption
Authentication is the process of verifying the identity of parties in a communication. In SSL/TLS, it ensures that the client and server are who they claim to be, typically using digital certificates.
Which policy allows employees to use their personal devices for official work, but also emphasizes security measures to protect company data?
- BYOB Policy
- COPE Policy
- CYOD Policy
- BYOD Policy
The policy that allows employees to use their personal devices for official work but also emphasizes security measures to protect company data is the BYOD (Bring Your Own Device) policy. This policy outlines guidelines and security measures to ensure that sensitive company information remains secure when accessed on personal devices.
Which type of malware typically does not replicate itself but allows unauthorized access to the affected computer?
- Trojan
- Worm
- Virus
- Spyware
A Trojan horse (option 1) is a type of malware that disguises itself as a legitimate software or file to trick users into downloading it. Unlike viruses or worms, Trojans typically do not replicate themselves. Once executed, they can provide unauthorized access to the affected computer.
Firewalls that operate at the network layer and make decisions based on IP addresses are called _______ firewalls.
- Application Firewall
- Packet Filtering Firewall
- Proxy Firewall
- Stateful Firewall
Packet Filtering Firewalls operate at the network layer and make decisions based on IP addresses and ports.
In the context of encryption, what ensures that data remains unchanged from its source and has not been accidentally or maliciously altered?
- Data Authentication
- Data Availability
- Data Confidentiality
- Data Integrity
Data Integrity, in encryption, ensures that data remains unchanged from its source and has not been accidentally or maliciously altered. This is vital to ensure the trustworthiness of data in transit or storage.
In the context of operating systems, what does the principle of "least privilege" refer to?
- Giving users the highest level of access rights
- Providing maximum system resources to all users
- Providing system access based on need
- Denying system access to all users
The principle of "least privilege" (also known as the principle of least privilege, or POLP) refers to providing system access based on the principle of "need to know" and giving users the minimum levels of access rights required to accomplish their tasks. This reduces the risk of unauthorized access and potential security breaches.
Which of the following is NOT a recommended practice to prevent SQL injection?
- Sanitizing Input
- Storing Passwords in Plain Text
- Using Dynamic Queries
- Using Prepared Statements
Using dynamic queries is not recommended to prevent SQL injection. It opens the door to SQL injection attacks by allowing user input directly in SQL queries.
The process of converting encrypted data back into its original form is termed as _______.
- Deciphering
- Encoding
- Encryption
- Hashing
The process of converting encrypted data back into its original form is termed as "Deciphering." This process uses the decryption key to transform the encrypted data into its original, readable format.
A _______ is a set of predefined rules in a firewall that determines whether to allow or block specific traffic.
- Access Control List (ACL)
- DNS Server
- Encryption Algorithm
- Intrusion Detection System
An Access Control List (ACL) is a set of rules used in a firewall to control traffic by allowing or blocking based on defined criteria.
What is the primary difference between SSL and its successor, TLS?
- SSL is faster
- SSL is older
- TLS is a separate protocol
- TLS is more secure
The primary difference is that TLS (Transport Layer Security) is an updated version of SSL (Secure Sockets Layer). They serve the same purpose, but TLS has addressed vulnerabilities present in SSL, making it more secure. TLS is a separate protocol with improvements over SSL.
Mike, an IT professional, finds a USB drive in the parking lot with a label reading "Salary Details 2023". Curious, he plugs it into his office computer, leading to the installation of malware. Which social engineering technique successfully targeted Mike?
- Spear Phishing
- Baiting
- Tailgating
- Pretexting
This scenario is an example of "Baiting." Baiting involves leaving physical devices, such as infected USB drives, in places where individuals might find them and be tempted to use them. Mike's curiosity led to the installation of malware.
When developing cybersecurity policies, what factor is crucial to ensure its effectiveness across the organization?
- Compliance with legal regulations
- Employee awareness and adherence
- Involving only the IT department
- Strong encryption techniques
Effective cybersecurity policies require not just compliance with regulations but also the active involvement of all employees. Employee awareness, understanding, and adherence to policies play a crucial role in ensuring organizational security.