An IT administrator is setting up a secure file transfer service for his company. He needs a protocol that provides directory listing, file transfers, and file management capabilities. Which protocol should he consider?

  • FTP
  • HTTP
  • SMTP
  • SSH
The protocol that provides directory listing, file transfers, and file management capabilities is FTP (File Transfer Protocol). FTP is commonly used for these purposes, allowing secure and efficient file transfers.

Alice visits a popular news website and sees a pop-up that says "Hacked!". Upon investigation, it's found that the website itself was not compromised but the script from an ad provider was. What kind of attack was most likely leveraged?

  • Cross-Site Request Forgery (CSRF)
  • Cross-Site Scripting (XSS)
  • Distributed Denial of Service (DDoS)
  • SQL Injection
Alice likely experienced a Cross-Site Scripting (XSS) attack, where malicious code was injected into the ad provider's script, affecting the website's visitors.

A company's IT department receives a report of an email sent to several employees that appears to be from the CEO, asking them to click on a link and enter their credentials. The CEO denies sending such an email. This situation is most likely an example of which type of attack?

  • DDoS Attack
  • Insider Threat
  • Ransomware Attack
  • Spear Phishing
This scenario describes a classic spear-phishing attack. Spear-phishing involves sending targeted, deceptive emails to specific individuals, often impersonating someone the recipient trusts, with the intent of stealing sensitive information or spreading malware.

Alice, a system administrator, notices that some sensitive files have been accessed by unauthorized users. She wants to ensure that, in the future, only specific users can view and modify these files. What security measure should Alice implement?

  • Access Control List (ACL)
  • Encryption
  • Intrusion Detection System (IDS)
  • Two-Factor Authentication (2FA)
Alice should implement Access Control Lists (ACLs) to restrict file access. ACLs define which users or system processes are granted access to objects, as well as what operations are allowed on given objects. In this case, Alice can specify which specific users have access to sensitive files and what type of access they have.

Patch _______ is the process of deciding which patches should be applied to systems and in what order.

  • Deployment
  • Management
  • Prioritization
  • Selection
Patch prioritization is the process of deciding which patches should be applied to systems and in what order. It involves assessing the criticality of vulnerabilities and the potential impact on systems to determine the patching order.

Which term describes the act of intentionally finding and exploiting vulnerabilities in a system, but with the goal of improving its security?

  • Cracking
  • Cybercrime Prevention
  • Hacking
  • Penetration Testing
Penetration Testing is the process of intentionally finding and exploiting vulnerabilities in a system with the goal of improving its security. Unlike malicious hacking or cracking, penetration testing is done with the organization's consent to identify and rectify vulnerabilities before potential attackers can exploit them.

Advanced Persistent Threats (APTs) typically involve long-term attacks that focus on _______ rather than immediate harm.

  • DDoS Attacks
  • Data Exfiltration
  • Exploiting Vulnerabilities
  • Phishing Campaigns
APTs aim at "Data Exfiltration," which involves stealing data over an extended period, focusing on long-term gains, not causing immediate harm.

IPsec is a suite of protocols designed to secure what type of communication?

  • Email
  • Internet browsing
  • Network
  • Wireless connections
IPsec (Internet Protocol Security) is designed to secure network communication, ensuring data integrity and confidentiality. It's often used to create VPNs for secure network connections.

DLP solutions often use _______ to detect sensitive data based on predefined criteria.

  • Biometrics
  • Encryption
  • Firewalls
  • Machine Learning
Data Loss Prevention (DLP) solutions often employ Machine Learning algorithms to identify and classify sensitive data. These algorithms learn from historical data and predefined criteria to recognize patterns associated with sensitive information, helping prevent data leaks and breaches.

Which tool is commonly used to scan a computer system for known malware signatures?

  • Antivirus
  • Browser
  • Firewall
  • VPN
Antivirus software is commonly used to scan a computer system for known malware signatures. It compares files and activities on the computer to a database of known malware signatures to detect and remove malicious software.