A company wants to ensure that their inter-branch communication over the internet is secure, confidential, and has data integrity. Which protocol would best serve this purpose?
- FTP
- HTTP
- HTTPS
- Telnet
HTTPS (Hypertext Transfer Protocol Secure) is a secure communication protocol that provides encryption, data integrity, and confidentiality over the internet.
What differentiates SCP from SFTP in terms of functionality and usage?
- SCP and SFTP are identical in functionality and usage.
- SCP is a file transfer protocol that only supports file transfer. SFTP, on the other hand, is an interactive file transfer protocol that also allows file and directory manipulation, remote file viewing, and more.
- SCP is a more secure version of SFTP.
- SCP is a text-based protocol, whereas SFTP is binary-based.
SCP (Secure Copy Protocol) and SFTP (SSH File Transfer Protocol) have distinct differences in functionality. SCP is primarily for file transfer, while SFTP is more versatile, offering interactive features like file management and remote access.
An effective incident reporting procedure should prioritize which aspect to ensure timely remediation?
- Incident Classification
- Incident Escalation
- Incident Identification
- Incident Notification
An effective incident reporting procedure should prioritize incident classification to ensure timely remediation. Properly classifying incidents based on their severity and impact helps in allocating resources efficiently. Critical incidents can be addressed with higher priority, leading to timely remediation and reduced potential damage.
A piece of malware designed to spread across networks by exploiting vulnerabilities in networked devices is called a _______.
- Ransomware
- Trojan Horse
- Virus
- Worm
A worm is a type of malware that is designed to self-replicate and spread across networks by exploiting vulnerabilities in networked devices. Unlike viruses, worms don't need a host file to propagate.
HIPAA’s Privacy Rule establishes national standards to protect what kind of individual information?
- Financial data
- Personal communication records
- Protected health information (PHI)
- Social Security numbers
HIPAA's Privacy Rule establishes national standards to protect Protected Health Information (PHI). PHI includes health records, medical history, patient identifiers, and other health-related data. These regulations are crucial for ensuring the privacy and security of sensitive health information.
In the context of operating systems, what is the primary purpose of a security policy?
- Control system updates
- Define rules and guidelines for system security
- Manage user accounts
- Optimize system performance
In the context of operating systems, a security policy's primary purpose is to define rules and guidelines for system security. It outlines what actions are allowed and what is prohibited, helping to protect the system from unauthorized access, data breaches, and other security threats. Security policies are crucial for maintaining the integrity and confidentiality of a computer system.
An organization implements a new software solution and within a week receives a message on their server stating that their data has been encrypted and will only be released upon payment. Which type of cybersecurity threat is this scenario depicting?
- Data Breach
- Phishing Attack
- Ransomware Attack
- Zero-Day Exploit
This scenario depicts a ransomware attack. Ransomware is a type of malware that encrypts a victim's data and demands a ransom for the decryption key. It is a serious cybersecurity threat that can lead to data loss and financial losses.
The _______ protocol of IPsec ensures authentication and data integrity but not confidentiality.
- AH (Authentication Header)
- DNS (Domain Name System)
- ESP (Encapsulating Security Payload)
- IKE (Internet Key Exchange)
The AH (Authentication Header) in IPsec provides authentication and data integrity, but it doesn't offer confidentiality.
An employee in the finance department is found accessing confidential HR records without a valid reason. This action is indicative of which type of security concern?
- Firewall
- Insider Threat
- Phishing
- Ransomware
This situation points to an insider threat. An insider threat occurs when someone within an organization misuses their access or privileges to compromise security, such as unauthorized access to sensitive data.
How does a network-based IDS (NIDS) differ from a host-based IDS (HIDS)?
- NIDS is software-based; HIDS is hardware-based
- NIDS monitors host system logs and activities; HIDS monitors network traffic
- NIDS monitors network traffic; HIDS monitors host system logs and activities
- NIDS relies on anomaly detection; HIDS relies on signature-based detection
NIDS and HIDS are distinct intrusion detection systems. NIDS monitors network traffic for suspicious activities, while HIDS focuses on monitoring the activities and logs of a specific host system. They differ in their monitoring scope.
A multinational company with its headquarters in the US is collecting and processing personal data of European citizens. A customer from France requests a copy of all the personal data the company has about him. Which regulation mandates the company to honor this request?
- CCPA
- FERPA
- GDPR
- HIPAA
GDPR (General Data Protection Regulation) is the European Union's regulation that mandates data protection and privacy for European citizens. It requires organizations, regardless of where they are based, to comply with strict data protection rules when processing personal data of European citizens.
Which of the following is a software designed to infiltrate and damage computer systems without the user's knowledge or consent?
- Antivirus
- Browser
- Firewall
- Malware
Malware is a term used to describe any software specifically designed to infiltrate and damage computer systems, often without the user's knowledge or consent. Malware can take various forms, including viruses, worms, Trojans, and spyware, among others.