For a stricter CSP policy, which value would you set for default-src to ensure that only specific sources are allowed?

  • 'none'
  • 'self'
  • 'strict-dynamic'
  • 'unsafe-inline'
In a strict CSP policy, you would set the 'default-src' value to 'none' to ensure that no resources are allowed by default. To allow only specific sources, you would then specify those sources individually in other CSP directives, like 'script-src', 'style-src', etc.

The security measure that ensures only approved applications run on a system is called _______.

  • Anti-virus
  • Application Whitelisting
  • Firewall
  • Intrusion Detection
Application Whitelisting is a security measure that only allows approved applications to run on a system. It creates a list of trusted applications, and only those on the list can execute. This helps prevent the execution of unauthorized or malicious software.

Which wireless security protocol was developed as an improvement over WEP due to its vulnerabilities?

  • WPA
  • WPA-Enterprise
  • WPA2
  • WPA3
WPA3 was developed as a stronger alternative to WEP and WPA, addressing their vulnerabilities. It enhances Wi-Fi security through encryption and authentication.

The act of monitoring and potentially manipulating network traffic to extract information or disrupt the communication is known as _______.

  • Cyberbullying
  • Encryption
  • Packet Sniffing
  • Social Engineering
"Packet Sniffing" is the practice of intercepting and examining data packets in a network to gather information, often used in network security analysis.

What is the primary purpose of using a Virtual Private Network (VPN)?

  • Browse the web anonymously
  • Improve computer performance
  • Securely connect to a private network
  • Stream high-quality videos
The primary purpose of a VPN is to securely connect to a private network over the internet, ensuring data privacy and security, often used for remote work or accessing sensitive information.

In the context of data protection, what is the primary purpose of data encryption?

  • Data Availability
  • Data Compression
  • Data Confidentiality
  • Data Integrity
The primary purpose of data encryption is Data Confidentiality. It ensures that unauthorized users cannot access or read sensitive data. It transforms the data into an unreadable format, which can only be deciphered with the appropriate decryption key.

Which encryption technique transforms plaintext into ciphertext by applying an algorithm and a key, where the size of the key determines the number of possible transformations?

  • Asymmetric Encryption
  • Hashing
  • Steganography
  • Symmetric Encryption
Symmetric Encryption is a technique where the same key is used for both encryption and decryption. It transforms plaintext into ciphertext using a mathematical algorithm and a secret key. The key size determines the number of possible transformations, which affects the security of the encryption.

The HIPAA Security Rule focuses specifically on the security of _______.

  • Health Information
  • Healthcare Providers
  • Medical Facilities
  • Patient Records
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule primarily addresses the security of protected health information (PHI) and electronic health records. It sets standards for securing health information, ensuring the confidentiality, integrity, and availability of patient data.

In which encryption method is a pair of keys used, where one key encrypts the data and the other decrypts it?

  • Asymmetric Encryption
  • Hashing
  • Steganography
  • Symmetric Encryption
Asymmetric Encryption, also known as Public Key Encryption, uses a pair of keys – a public key for encryption and a private key for decryption. This approach allows secure communication without both parties needing to share the same secret key.

Which of the following is NOT a directive that can be used in a Content Security Policy?

  • script-src
  • font-src
  • cookie-policy
  • frame-ancestors
"cookie-policy" is not a valid directive in a Content Security Policy (CSP). CSPs define directives to control the sources from which certain types of content can be loaded. The other options like "script-src," "font-src," and "frame-ancestors" are valid directives used in CSP for different content types.