How does a network-based IDS (NIDS) differ from a host-based IDS (HIDS)?
- NIDS is software-based; HIDS is hardware-based
- NIDS monitors host system logs and activities; HIDS monitors network traffic
- NIDS monitors network traffic; HIDS monitors host system logs and activities
- NIDS relies on anomaly detection; HIDS relies on signature-based detection
NIDS and HIDS are distinct intrusion detection systems. NIDS monitors network traffic for suspicious activities, while HIDS focuses on monitoring the activities and logs of a specific host system. They differ in their monitoring scope.
An employee in the finance department is found accessing confidential HR records without a valid reason. This action is indicative of which type of security concern?
- Firewall
- Insider Threat
- Phishing
- Ransomware
This situation points to an insider threat. An insider threat occurs when someone within an organization misuses their access or privileges to compromise security, such as unauthorized access to sensitive data.
An employee receives an email from her bank asking her to verify her account details due to recent security breaches. The email contains a link to a website that looks similar to her bank's website. She becomes suspicious because the email has typos and the URL seems off. This email is likely an example of which type of attack?
- Phishing
- Spear Phishing
- Malware
- Social Engineering
This scenario is an example of "Phishing." Phishing attacks involve sending deceptive emails, often impersonating trusted entities, to trick recipients into revealing sensitive information or clicking on malicious links. In this case, the email's typos and suspicious URL are typical signs of phishing.
A system that combines the features of both firewalls and IDS/IPS is commonly referred to as a _______.
- DMZ (Demilitarized Zone)
- NAT (Network Address Translation)
- SIEM (Security Information and Event Management)
- UTM (Unified Threat Management)
A UTM (Unified Threat Management) system combines the functionalities of both firewalls and IDS/IPS, providing comprehensive security.
What is the primary purpose of a software patch?
- Add new features
- Enhance user interface
- Fix software vulnerabilities
- Improve system performance
The primary purpose of a software patch is to fix software vulnerabilities. Software vulnerabilities can be exploited by malicious actors to compromise a system's security. Patches are essential for maintaining a secure and stable software environment.
Which VPN protocol operates at Layer 2 of the OSI model and is often used for remote access?
- IPsec
- L2TP
- OpenVPN
- PPTP
The VPN protocol that operates at Layer 2 of the OSI model is "L2TP" (Layer 2 Tunneling Protocol), which is commonly used for remote access VPN connections.
GDPR introduces the role of a _______ to ensure compliance within organizations.
- Compliance Officer
- Data Officer
- Data Privacy Officer
- Data Protection Officer
GDPR (General Data Protection Regulation) introduces the role of a Data Protection Officer (DPO) to ensure compliance within organizations. The DPO is responsible for monitoring data protection activities, advising on data protection obligations, and serving as a contact point for data protection authorities.
After implementing a strict CSP on a website, a developer notices that some of the third-party widgets are not functioning. Which of the following is the most likely reason?
- The widgets are not properly configured
- The widgets lack a Content Security Policy
- The widgets need browser extensions to function
- The widgets violate the Same-Origin Policy
The most likely reason for the third-party widgets not functioning after implementing a strict CSP (Content Security Policy) is that the widgets violate the Same-Origin Policy. CSP restricts the sources from which content can be loaded on a web page, and if the widgets come from a different origin, they may be blocked.
Mobile Device Management (MDM) solutions are primarily used to enforce what within an organization's BYOD policy?
- Data encryption
- Enforcing security policies and configurations
- Monitoring device location
- Restricting personal app usage
MDM solutions are primarily used to enforce security policies and configurations within an organization's Bring Your Own Device (BYOD) policy. These policies can include things like password requirements, app restrictions, and encryption settings to ensure that personal devices used for work are secure and compliant with company standards.
Which security measure can prevent attackers from capturing session IDs by listening to network traffic between the client and server?
- Cross-Site Request Forgery
- HTTPS Encryption
- Rate Limiting
- Secure Cookies
HTTPS (HyperText Transfer Protocol Secure) encryption is a security measure that encrypts data in transit between the client and server, making it difficult for attackers to capture session IDs by eavesdropping on network traffic. It's a fundamental method for ensuring data privacy and security during transmission.