Digital certificates are issued by trusted third parties called what?

  • Certificate Authorities
  • Domain Registrars
  • Internet Service Providers
  • Social Media Companies
Digital certificates are issued by trusted third parties known as Certificate Authorities (CAs). These entities validate the identity of individuals, organizations, or websites and issue digital certificates, which are used to establish trust and enable secure communication on the internet.

What encryption technique involves two interdependent cryptographic keys, one public and one private?

  • AES
  • DES
  • RSA
  • SSL
RSA (Rivest-Shamir-Adleman) is an encryption technique that uses two interdependent cryptographic keys, a public key for encryption and a private key for decryption. This method ensures secure communication and data protection.

In file system security, what restricts or allows specific actions (like reading, writing, executing) on a file or a directory?

  • ACL
  • BIOS
  • Firewall
  • SMTP
Access Control Lists (ACLs) are used to restrict or allow specific actions on files or directories. They define who can access the file or directory, what actions they can perform (e.g., read, write, execute), and under what conditions they can do so.

In a VPN, what is the role of a "tunneling protocol"?

  • It encrypts data in transit
  • It establishes connections
  • It manages user authentication
  • It routes traffic to external servers
A "tunneling protocol" plays a crucial role in VPNs by encapsulating data in a secure "tunnel," encrypting it, and ensuring safe transit through untrusted networks.

An employee using their access to steal confidential company data for personal gain is an example of which type of insider threat?

  • Espionage
  • Fraud
  • Negligence
  • Sabotage
This is an example of the "Fraud" type of insider threat. Fraud involves malicious activities by insiders, typically for personal gain. In this case, the employee is using their access to commit an act of fraud by stealing confidential data for their benefit.

What would be the primary objective of a whaling attack?

  • Extract personal information from random individuals
  • Gain access to sensitive company data
  • Impersonate a specific individual
  • Target a large number of individuals
The primary objective of a whaling attack is to impersonate a specific individual, usually a high-ranking executive or influential person within an organization. Attackers aim to deceive others into believing they are this individual to gain access to sensitive information or resources.

When an attacker introduces malicious code into a software system, causing it to behave in unintended ways, this is known as what?

  • Code Injection
  • Exploiting a Vulnerability
  • Malware Injection
  • Software Compromise
Code Injection occurs when an attacker inserts malicious code into a software system, leading to unintended and potentially harmful behavior.

When setting up a home wireless network, which feature allows devices to connect to the network without entering a password, but has potential security risks?

  • MAC Address Filtering
  • WEP (Wired Equivalent Privacy)
  • WPA3
  • WPS (Wi-Fi Protected Setup)
WPS allows easy device connection but poses security risks. Attackers can exploit it. Other methods like WPA3 are more secure for home networks.

Which header is used to define a Content Security Policy for a web application?

  • Content-Security-Policy
  • X-Content-Security-Policy
  • X-Frame-Options
  • X-XSS-Protection
The header used to define a Content Security Policy for a web application is "Content-Security-Policy." It specifies the policy rules for content sources, script execution, and other security directives for the web page.

When using web security assessment tools, what is the primary benefit of dynamic analysis over static analysis?

  • Identifies vulnerabilities in the source code before deployment
  • Identifies vulnerabilities that can be exploited in real-time
  • Provides insights into network infrastructure weaknesses
  • Scans for vulnerabilities without executing the application
Dynamic analysis is beneficial as it identifies vulnerabilities that can be exploited in real-time while the application is running. It helps to discover issues that might not be evident during static analysis, as it simulates real-world usage scenarios and interactions with the application.