Home » Cyber Security Quiz » Page 65

Why is it essential for companies to have a documented incident response procedure?

  • Enhances Reputation
  • Legal Requirement
  • Minimizes Impact
  • Reduces Costs
Having a documented incident response procedure minimizes the impact of a security incident. It enables an organized and efficient response, reducing downtime, data loss, and financial damage. It's crucial for a company's resilience.
Discuss it

Which web security assessment tool focuses specifically on spidering and analyzing web pages to find potential vulnerabilities?

  • Burp Suite
  • Metasploit
  • Snort
  • Wireshark
Burp Suite is a popular web security assessment tool that focuses on spidering and analyzing web pages to find potential vulnerabilities. It's widely used for web application security testing, including scanning for common web vulnerabilities like SQL injection and Cross-Site Scripting (XSS).
Discuss it

A popular tool that helps in identifying vulnerabilities in web applications by scanning their source code is called a what?

  • Firewall
  • Intrusion Detection System (IDS)
  • Static Application Security Testing (SAST) tool
  • Web Application Firewall (WAF)
A popular tool used to identify vulnerabilities in web applications by scanning their source code is called a "Static Application Security Testing (SAST)" tool. SAST tools analyze the source code to identify security issues and vulnerabilities early in the development process.
Discuss it

Which type of attack aims at making a service unavailable by overwhelming it with traffic?

  • Buffer Overflow Attack
  • DDoS (Distributed Denial of Service)
  • Man-in-the-Middle Attack
  • Phishing Attack
A "DDoS" attack stands for Distributed Denial of Service and is designed to make a service unavailable by overwhelming it with traffic, often from multiple sources.
Discuss it

Which type of threat actor is typically motivated by political or ideological beliefs rather than financial gain?

  • Cybercriminal
  • Hacktivist
  • Insider Threat
  • Script Kiddie
Hacktivists are individuals or groups that use hacking skills to promote political or ideological causes. They're motivated by beliefs rather than financial gain. Insider Threats are employees with access to sensitive data, Cybercriminals seek financial gain, and Script Kiddies are amateur hackers.
Discuss it

Sarah, a security analyst, sees an alert from the IDS indicating a potential attack. She reviews the logs and finds no evidence of a breach or unauthorized activity. What kind of alert might this be considered?

  • Evasion Attack Alert
  • False Positive Alert
  • Intrusion Alert
  • True Positive Alert
In this case, it is likely a 'False Positive Alert,' indicating that the IDS incorrectly identified benign network traffic or normal behavior as an attack.
Discuss it

Which protocol is primarily used to secure web traffic between a browser and a server?

  • FTP
  • HTTP
  • HTTPS
  • SMTP
HTTPS (Hypertext Transfer Protocol Secure) is the protocol used for secure web traffic. It provides data encryption, authentication, and secure connections between a browser and a server.
Discuss it

To ensure that personal apps do not access company data on a BYOD device, organizations implement _______ solutions.

  • DNS
  • IDS
  • MDM
  • VPN
To ensure that personal apps do not access company data on a BYOD (Bring Your Own Device) device, organizations implement MDM (Mobile Device Management) solutions. MDM allows organizations to control and secure mobile devices used by their employees.
Discuss it

Stored and reflected are two types of which web application security vulnerability?

  • Cross-Site Request Forgery
  • Cross-Site Scripting (XSS)
  • Information Disclosure
  • SQL Injection
"Stored" and "Reflected" are two types of Cross-Site Scripting (XSS) vulnerabilities, which involve injecting malicious scripts into web pages that are viewed by other users.
Discuss it

A company's network administrator notices that an external IP address is repeatedly trying to access the company's internal resources. However, the firewall denies each attempt, and the source IP changes frequently. What type of attack might this represent?

  • DDoS Attack
  • Man-in-the-Middle (MitM) Attack
  • Port Scanning
  • Spear Phishing
This scenario suggests 'Port Scanning,' where an attacker systematically scans a range of ports on a network to identify vulnerabilities or open services.
Discuss it