When performing ethical hacking, what permission level should the hacker ideally have?
- Limited Access
- No Permission
- Root/Administrator Access
- Standard User
Ethical hackers should ideally have Standard User permissions. Giving them full access could lead to unintended consequences, while having no access impedes their work. Standard User access provides a balance of access for testing without causing harm.
Which cryptographic technique ensures that the content of a message or document has not been altered during transmission?
- Compression
- Encryption
- Hashing
- Steganography
Hashing is a cryptographic technique that ensures data integrity. It creates a fixed-size hash value from the original data, and any alteration in the data will result in a different hash value, indicating that the data has been tampered with.
Emily, a system administrator, is configuring a new server. She ensures that only necessary services run, disables default accounts, and sets strong password policies. What process is Emily engaged in?
- Patch Management
- Server Clustering
- Server Hardening
- Server Virtualization
Emily is engaged in the process of "Server Hardening." This involves securing a server by minimizing vulnerabilities, such as disabling unnecessary services, strengthening password policies, and removing or disabling default accounts. The goal is to reduce the server's attack surface.
A common technique used by attackers where they trick users into revealing their passwords by pretending to be legitimate tech support is called _______.
- Phishing
- Ransomware
- Social Engineering
- Spear Phishing
The technique where attackers trick users into revealing their passwords by pretending to be legitimate tech support is known as Social Engineering. It's a psychological manipulation technique to gain confidential information.
During a penetration test, a tester was able to access a company's internal network by mimicking an employee's behavior and tailgating into a secure area. This tester exploited a weakness in what area of security?
- Access Control Systems
- Network Security
- Physical Security
- Social Engineering
The tester exploited a weakness in Social Engineering, as they used tactics to manipulate people into allowing unauthorized physical access.
Which term describes the act of intentionally finding and exploiting vulnerabilities in a system, but with the goal of improving its security?
- Cracking
- Cybercrime Prevention
- Hacking
- Penetration Testing
Penetration Testing is the process of intentionally finding and exploiting vulnerabilities in a system with the goal of improving its security. Unlike malicious hacking or cracking, penetration testing is done with the organization's consent to identify and rectify vulnerabilities before potential attackers can exploit them.
Advanced Persistent Threats (APTs) typically involve long-term attacks that focus on _______ rather than immediate harm.
- DDoS Attacks
- Data Exfiltration
- Exploiting Vulnerabilities
- Phishing Campaigns
APTs aim at "Data Exfiltration," which involves stealing data over an extended period, focusing on long-term gains, not causing immediate harm.
IPsec is a suite of protocols designed to secure what type of communication?
- Internet browsing
- Network
- Wireless connections
IPsec (Internet Protocol Security) is designed to secure network communication, ensuring data integrity and confidentiality. It's often used to create VPNs for secure network connections.
DLP solutions often use _______ to detect sensitive data based on predefined criteria.
- Biometrics
- Encryption
- Firewalls
- Machine Learning
Data Loss Prevention (DLP) solutions often employ Machine Learning algorithms to identify and classify sensitive data. These algorithms learn from historical data and predefined criteria to recognize patterns associated with sensitive information, helping prevent data leaks and breaches.
The GDPR regulation primarily pertains to the protection of personal data for citizens of which region?
- Australia
- Canada
- European Union
- United States
The GDPR (General Data Protection Regulation) primarily pertains to the protection of personal data for citizens of the European Union. It is a comprehensive data protection law that sets strict standards for how organizations handle personal data of EU residents, regardless of where the organization is based.