After a ransomware attack, a company realizes they have lost access to their critical data. Fortunately, they have a recent backup stored in a remote location. This situation highlights the importance of which data protection principle?
- Authentication
- Availability
- Confidentiality
- Integrity
This situation highlights the importance of data availability. Data protection principles ensure the confidentiality, integrity, and availability of data. In this case, the company's ability to access the backup data stored in a remote location demonstrates the principle of data availability.
Which encryption protocol is commonly used by modern VPNs to secure data?
- ARP (Address Resolution Protocol)
- DHCP (Dynamic Host Configuration Protocol)
- HTTP (Hypertext Transfer Protocol)
- TLS (Transport Layer Security)
Modern VPNs commonly use TLS (Transport Layer Security) for data encryption. TLS ensures data confidentiality and integrity when transmitted over the internet.
Which of the following is a globally recognized standard for information security management?
- Commercial Off-the-Shelf Software (COTS)
- Company Trademark Policy
- ISO/IEC 27001
- Internal Company Policy
ISO/IEC 27001 is a globally recognized standard for information security management systems (ISMS). It provides a systematic approach for managing sensitive company information, ensuring its confidentiality, integrity, and availability.
Which method of encryption uses the same key for both encryption and decryption processes?
- Asymmetric Key Encryption
- Public Key Encryption
- Secure Sockets Layer
- Symmetric Key Encryption
Symmetric Key Encryption, also known as Private Key Encryption, uses the same key for both the encryption and decryption processes. It's efficient for fast and secure data transfer, but it requires a secure way to share the key between the sender and receiver.
In cybersecurity, a detailed step-by-step approach on how to respond to and manage a security breach is termed a(n) _______.
- Incident Response Plan
- Penetration Test Plan
- Security Policy
- Vulnerability Assessment
An "Incident Response Plan" outlines the actions to take when a security breach occurs, helping to manage and respond to such incidents.
John, a network administrator, notices a sudden spike in outbound traffic from a single workstation in the organization. Upon further investigation, he discovers that the workstation is contacting multiple external IP addresses. This could be indicative of which type of threat?
- Botnet Infection
- Data Exfiltration
- Insider Threat
- Malware Infection
The sudden spike in outbound traffic from a workstation contacting multiple external IP addresses is a strong indicator of a botnet infection. A botnet is a network of compromised devices controlled by an attacker, often used for various malicious activities, including sending spam or launching DDoS attacks.
Which layer of the OSI model does SSL/TLS primarily operate at?
- Application
- Data Link Layer
- Physical Layer
- Transport Layer
SSL/TLS (Secure Sockets Layer/Transport Layer Security) primarily operates at the Application Layer (Layer 7) of the OSI model. It provides encryption and security for application-level data.
A hospital's electronic record system was breached, exposing patient records. The hospital is based in the United States. Which regulation mandates that the hospital notify affected patients of the breach?
- CCPA
- FERPA
- GDPR
- HIPAA
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that mandates the protection of health information privacy and security. It requires healthcare organizations to notify affected patients in the event of a data breach involving their protected health information.
A company's IT department is implementing a system where every employee's email will have a digital signature. The primary reason for this implementation is to:
- Accelerate email delivery
- Ensure confidentiality
- Prevent email loss
- Verify sender identity
The primary reason for implementing digital signatures on emails is to verify the sender's identity. Digital signatures provide authentication, ensuring that the email indeed comes from the claimed sender and has not been altered in transit.
Which part of the HIPAA regulation sets the standards for protecting electronic protected health information?
- Title I
- Title II
- Title III
- Title IV
Title II of the HIPAA (Health Insurance Portability and Accountability Act) regulation sets the standards for protecting electronic protected health information (ePHI). It includes the Security Rule, which outlines the requirements for securing ePHI.