Regularly scheduled backups that only capture the data that has changed since the last full backup are known as what?
- Differential Backups
- Full Backups
- Incremental Backups
- Mirror Backups
Incremental Backups capture only the data that has changed since the last backup, whether it was a full backup or a previous incremental backup. This reduces the backup time and storage space needed.
Security awareness training often includes real-world simulations of _______ to test employees' reactions.
- Attacks
- Guidelines
- Hardware
- Policies
Security awareness training often includes real-world simulations of attacks to test employees' reactions. These simulations help employees practice responding to security incidents and identifying potential threats.
Which regulation focuses specifically on the protection and confidential handling of health information in the United States?
- COPPA
- FERPA
- GDPR
- HIPAA
HIPAA (Health Insurance Portability and Accountability Act) focuses specifically on the protection and confidential handling of health information in the United States. It regulates the use and disclosure of individuals' health information by healthcare providers, health plans, and healthcare clearinghouses, among others.
Which term describes the process of testing patches on non-critical systems before a full-scale rollout?
- Hotfix deployment
- Shadow IT
- Staging
- Zero-day mitigation
The process of testing patches on non-critical systems before a full-scale rollout is called "staging." During staging, patches are applied to a limited number of systems or environments to ensure they do not cause issues before wider deployment.
Heuristic analysis in the context of malware detection refers to what?
- Identifying new, unknown threats based on behavior
- Scanning for known viruses and malware
- Conducting penetration testing on network security
- Analyzing network traffic for performance issues
Heuristic analysis (option 1) involves identifying new, unknown threats based on their behavior rather than relying solely on known virus definitions. It helps detect and mitigate previously unidentified malware and suspicious activities by analyzing patterns and behaviors.
Insider threats can be categorized into malicious and _______. What fills the blank?
- Accidental
- Deliberate
- External
- Unintentional
Insider threats can be categorized into malicious (deliberate) and accidental. Malicious insiders intentionally harm the organization, while accidental insiders do so without intent, often due to negligence or lack of awareness.
An organization's detailed step-by-step approach to handle and report a security breach is known as what?
- Cybersecurity Awareness Program
- Incident Response Plan
- Server Configuration
- System Patch Management
An organization's detailed step-by-step approach to handle and report a security breach is known as an Incident Response Plan. It outlines the actions to take when a security incident occurs, helping mitigate potential damage and protect the organization.
The tool _______ is known for its ability to automate the scanning of web applications and can detect over 3000 web vulnerabilities.
- Burp Suite
- Metasploit
- Nmap
- OWASP ZAP
The tool known for automating the scanning of web applications and detecting a wide range of web vulnerabilities, including over 3000, is Burp Suite. It's widely used by security professionals for web application security testing.
An organization with a global presence wants to ensure its employees can access internal resources securely from anywhere in the world without exposing the network to external threats. Which solution would best fit this requirement?
- Cloud Computing
- IoT (Internet of Things)
- MPLS (Multiprotocol Label Switching)
- SD-WAN (Software-Defined Wide Area Network)
SD-WAN (Software-Defined Wide Area Network) is a technology that allows secure and efficient access to internal resources from anywhere while minimizing exposure to external threats. It's an ideal solution for a global organization.
In terms of certificate management, what refers to the process of ensuring a certificate is still valid and has not been revoked?
- Certificate Authority (CA)
- Certificate Revocation List (CRL)
- Certificate Signing Request (CSR)
- Public Key Infrastructure (PKI)
Certificate Revocation List (CRL) is a vital component of certificate management. It is a list of certificates that have been revoked before their expiration date. It is used to verify whether a certificate is still valid and hasn't been compromised.