When setting up a home wireless network, which feature allows devices to connect to the network without entering a password, but has potential security risks?
- MAC Address Filtering
- WEP (Wired Equivalent Privacy)
- WPA3
- WPS (Wi-Fi Protected Setup)
WPS allows easy device connection but poses security risks. Attackers can exploit it. Other methods like WPA3 are more secure for home networks.
Which header is used to define a Content Security Policy for a web application?
- Content-Security-Policy
- X-Content-Security-Policy
- X-Frame-Options
- X-XSS-Protection
The header used to define a Content Security Policy for a web application is "Content-Security-Policy." It specifies the policy rules for content sources, script execution, and other security directives for the web page.
When using web security assessment tools, what is the primary benefit of dynamic analysis over static analysis?
- Identifies vulnerabilities in the source code before deployment
- Identifies vulnerabilities that can be exploited in real-time
- Provides insights into network infrastructure weaknesses
- Scans for vulnerabilities without executing the application
Dynamic analysis is beneficial as it identifies vulnerabilities that can be exploited in real-time while the application is running. It helps to discover issues that might not be evident during static analysis, as it simulates real-world usage scenarios and interactions with the application.
Under HIPAA, 'covered entities' include health care providers, health plans, and _______.
- Business Associates
- Government Agencies
- Insurance Companies
- Pharmaceutical Manufacturers
Under HIPAA (Health Insurance Portability and Accountability Act), 'covered entities' include health care providers, health plans, and Business Associates. Business Associates are individuals or entities that perform functions or activities that involve the use or disclosure of protected health information on behalf of covered entities.
To ensure that the browser enforces the CSP but does not block or report any content, the _______ directive is used.
- allow-all
- default-src
- enforce
- report-only
To ensure that the browser enforces the Content Security Policy (CSP) but only reports violations without blocking content, the report-only directive is used. This is useful for monitoring policy violations without impacting user experience.
Charlie is developing a web application. He ensures that every form input is validated and sanitized before it's processed. Despite this, an attacker is able to inject a script that steals user session cookies. Which vulnerability in the application did the attacker most likely exploit?
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- SQL Injection
The attacker likely exploited a Cross-Site Scripting (XSS) vulnerability, allowing them to inject malicious scripts into the web application despite input validation and sanitization.
The practice of deliberately leaving vulnerabilities open in a system as a trap to detect and monitor intruders is termed as what?
- Ethical Hacking
- Honeypot
- Penetration Testing
- Zero-Day Exploitation
A "Honeypot" is a cybersecurity mechanism that intentionally exposes vulnerabilities to lure and monitor potential intruders and threats.
Jane, an IT manager, receives an email detailing a potential security incident. However, the email does not contain enough specifics to act upon. To improve the quality and consistency of incident reports, Jane might consider implementing what?
- Incident Response Plan
- Regular Software Updates
- Security Awareness Training
- Security Incident Reporting Guidelines
Jane should consider implementing Security Incident Reporting Guidelines. These guidelines provide a structured format for reporting security incidents, including the specific details and information required. They help ensure that incident reports contain enough information for the IT team to act upon effectively.
In many operating systems, the _______ acts as a central policy that defines security-related computer settings.
- Antivirus
- Firewall
- Operating System
- Router
In many operating systems, the Operating System acts as a central policy that defines security-related computer settings. This includes user access controls, permissions, and various security configurations.
What is the primary purpose of an incident reporting procedure in an organization?
- To assign blame
- To improve system performance
- To prevent all incidents
- To identify and address security incidents
The primary purpose of an incident reporting procedure in an organization is to identify and address security incidents. This process is essential for recognizing and responding to events that could potentially harm the organization's information security. Incident reporting helps in containment and recovery, minimizing the impact of security breaches.