Spear phishing and vishing are both techniques used in what kind of cyber attack?
- DDoS Attack
- Malware Attack
- Man-in-the-Middle Attack
- Social Engineering
Spear phishing and vishing are both types of social engineering attacks. Social engineering is a category of cyberattacks that manipulate individuals into revealing confidential information, typically through deceptive or manipulative means. Spear phishing targets specific individuals, while vishing involves voice communication.
A cryptographic method that requires two paired keys – one private and one public – is known as _______.
- Asymmetric Key
- Encryption
- Hashing
- Symmetric Key
An Asymmetric Key (or Public Key) cryptographic method uses two keys, one public and one private, for secure communication. Data encrypted with one key can only be decrypted with the other, providing a high level of security.
Which layer of the OSI model does SSL/TLS primarily operate at?
- Application
- Data Link Layer
- Physical Layer
- Transport Layer
SSL/TLS (Secure Sockets Layer/Transport Layer Security) primarily operates at the Application Layer (Layer 7) of the OSI model. It provides encryption and security for application-level data.
A hospital's electronic record system was breached, exposing patient records. The hospital is based in the United States. Which regulation mandates that the hospital notify affected patients of the breach?
- CCPA
- FERPA
- GDPR
- HIPAA
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that mandates the protection of health information privacy and security. It requires healthcare organizations to notify affected patients in the event of a data breach involving their protected health information.
A company's IT department is implementing a system where every employee's email will have a digital signature. The primary reason for this implementation is to:
- Accelerate email delivery
- Ensure confidentiality
- Prevent email loss
- Verify sender identity
The primary reason for implementing digital signatures on emails is to verify the sender's identity. Digital signatures provide authentication, ensuring that the email indeed comes from the claimed sender and has not been altered in transit.
Which part of the HIPAA regulation sets the standards for protecting electronic protected health information?
- Title I
- Title II
- Title III
- Title IV
Title II of the HIPAA (Health Insurance Portability and Accountability Act) regulation sets the standards for protecting electronic protected health information (ePHI). It includes the Security Rule, which outlines the requirements for securing ePHI.
A company conducts a simulated phishing attack on its employees as part of its security training. A majority of employees report the email and don't click on the links. This type of simulation is primarily used to assess what?
- Employee Awareness
- Encryption Strength
- Firewall Effectiveness
- Malware Detection
This simulation primarily assesses employee awareness. Conducting simulated phishing attacks helps gauge how well employees can recognize and respond to phishing attempts, contributing to an overall culture of cybersecurity awareness.
Under GDPR, organizations must report data breaches to the relevant supervisory authority within how many hours of becoming aware?
- 24 hours
- 48 hours
- 72 hours
- 96 hours
Under the General Data Protection Regulation (GDPR), organizations must report data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach. This prompt reporting requirement is designed to ensure swift action and notification to protect individuals' privacy.
In the context of access control, the decision to grant or deny a user's request is referred to as _______.
- Authentication
- Authorization
- Validation
- Verification
Authorization is the process of deciding whether a user's request should be granted or denied. It's the step that follows authentication and validation and determines the level of access a user has to resources based on their permissions or privileges.
The process of examining code for security vulnerabilities before it's executed in a live environment is known as?
- Code Review
- Dynamic Testing
- Pre-execution Analysis
- Runtime Analysis
Code review is the process of examining code for security vulnerabilities before it's executed in a live environment. This helps identify and fix security issues in the code.