Which encryption protocol is commonly used by modern VPNs to secure data?
- ARP (Address Resolution Protocol)
- DHCP (Dynamic Host Configuration Protocol)
- HTTP (Hypertext Transfer Protocol)
- TLS (Transport Layer Security)
Modern VPNs commonly use TLS (Transport Layer Security) for data encryption. TLS ensures data confidentiality and integrity when transmitted over the internet.
Which type of attack targets vulnerabilities in a website's database by inserting malicious SQL code?
- Cross-Site Scripting
- Denial of Service Attack
- Phishing Attack
- SQL Injection
SQL Injection is an attack where an attacker inserts malicious SQL code into input fields to manipulate or extract data from a database.
In cybersecurity, a detailed step-by-step approach on how to respond to and manage a security breach is termed a(n) _______.
- Incident Response Plan
- Penetration Test Plan
- Security Policy
- Vulnerability Assessment
An "Incident Response Plan" outlines the actions to take when a security breach occurs, helping to manage and respond to such incidents.
John, a network administrator, notices a sudden spike in outbound traffic from a single workstation in the organization. Upon further investigation, he discovers that the workstation is contacting multiple external IP addresses. This could be indicative of which type of threat?
- Botnet Infection
- Data Exfiltration
- Insider Threat
- Malware Infection
The sudden spike in outbound traffic from a workstation contacting multiple external IP addresses is a strong indicator of a botnet infection. A botnet is a network of compromised devices controlled by an attacker, often used for various malicious activities, including sending spam or launching DDoS attacks.
Which layer of the OSI model does SSL/TLS primarily operate at?
- Application
- Data Link Layer
- Physical Layer
- Transport Layer
SSL/TLS (Secure Sockets Layer/Transport Layer Security) primarily operates at the Application Layer (Layer 7) of the OSI model. It provides encryption and security for application-level data.
A hospital's electronic record system was breached, exposing patient records. The hospital is based in the United States. Which regulation mandates that the hospital notify affected patients of the breach?
- CCPA
- FERPA
- GDPR
- HIPAA
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that mandates the protection of health information privacy and security. It requires healthcare organizations to notify affected patients in the event of a data breach involving their protected health information.
A company's IT department is implementing a system where every employee's email will have a digital signature. The primary reason for this implementation is to:
- Accelerate email delivery
- Ensure confidentiality
- Prevent email loss
- Verify sender identity
The primary reason for implementing digital signatures on emails is to verify the sender's identity. Digital signatures provide authentication, ensuring that the email indeed comes from the claimed sender and has not been altered in transit.
Which part of the HIPAA regulation sets the standards for protecting electronic protected health information?
- Title I
- Title II
- Title III
- Title IV
Title II of the HIPAA (Health Insurance Portability and Accountability Act) regulation sets the standards for protecting electronic protected health information (ePHI). It includes the Security Rule, which outlines the requirements for securing ePHI.
A company conducts a simulated phishing attack on its employees as part of its security training. A majority of employees report the email and don't click on the links. This type of simulation is primarily used to assess what?
- Employee Awareness
- Encryption Strength
- Firewall Effectiveness
- Malware Detection
This simulation primarily assesses employee awareness. Conducting simulated phishing attacks helps gauge how well employees can recognize and respond to phishing attempts, contributing to an overall culture of cybersecurity awareness.
Under GDPR, organizations must report data breaches to the relevant supervisory authority within how many hours of becoming aware?
- 24 hours
- 48 hours
- 72 hours
- 96 hours
Under the General Data Protection Regulation (GDPR), organizations must report data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach. This prompt reporting requirement is designed to ensure swift action and notification to protect individuals' privacy.