A(n) _______ test in penetration testing is where the attacker has no prior knowledge of the target system.
- Black Box
- External
- Gray Box
- White Box
In penetration testing, a "Black Box" test is when the tester has no prior knowledge of the system, simulating an external attacker's approach.
In the context of incident response, a _______ is a collection of data that provides detailed information about an event that has occurred.
- Framework
- Log
- Policy
- Report
The correct answer is "Log." A log contains detailed data about events and incidents, aiding in incident response, forensics, and post-incident analysis.
Sarah, an IT administrator, notices that several unauthorized devices have been connecting to the company's wireless network. To ensure only company devices can connect, she considers implementing a security measure based on hardware addresses. Which security measure is she thinking of?
- MAC (Media Access Control) Filtering
- SSID Hiding
- WEP (Wired Equivalent Privacy)
- WPA3 (Wi-Fi Protected Access 3)
Sarah is considering implementing MAC (Media Access Control) filtering to control which devices can connect to the wireless network. It allows her to permit or deny devices based on their unique hardware addresses.
Which layer of the OSI model is primarily concerned with end-to-end communication and network security?
- Layer 2 - Data Link
- Layer 3 - Network
- Layer 5 - Session
- Layer 7 - Application
Layer 3, the Network layer, is primarily concerned with end-to-end communication, routing, and network security by controlling data packet routing.
An organization's new software automatically adjusts user permissions based on their job role and revokes access to certain files when an employee changes departments. This approach to managing user rights is an example of what?
- Attribute-Based Access Control (ABAC)
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Role-Based Access Control (RBAC)
This approach to managing user rights is an example of "Role-Based Access Control (RBAC)." RBAC assigns permissions based on a user's role or job function, simplifying permission management and reducing the risk of unauthorized access.
Policies that dictate the criteria for granting access to specific information or systems are called _______ policies.
- Access Control
- Authentication
- Authorization
- Encryption
"Authorization" policies specify who can access what in a system, setting the criteria for granting access to specific resources.
Regularly updating and patching network devices is a key _______ in network security.
- Password
- Principle
- Protocol
- Vulnerability
One of the key principles in network security is regularly updating and patching network devices to fix vulnerabilities and security issues.
To prevent unauthorized access to a wireless network, administrators can implement MAC address _______.
- Broadcasting
- Encryption
- Filtering
- Hiding
MAC address filtering allows or denies access to a network based on the unique hardware address of a device, enhancing security by controlling device access.
A financial institution wants to ensure that even if their data is intercepted during transmission, the intruder wouldn't be able to understand it. They decide to transform this data into a code to prevent unauthorized access. What process are they using?
- Compression
- Decryption
- Encryption
- Hashing
The financial institution is using encryption. Encryption is the process of transforming data into a code to prevent unauthorized access during transmission. It ensures that even if data is intercepted, it remains unintelligible to unauthorized individuals or intruders.
The U.S. federal law that requires financial institutions to explain how they share and protect their customers' private information is known as the _______.
- Computer Fraud and Abuse Act
- Gramm-Leach-Bliley Act
- Patriot Act
- Sarbanes-Oxley Act
The correct answer is the "Gramm-Leach-Bliley Act." This law mandates financial institutions to disclose their information-sharing practices and safeguard customers' private data.