In the context of regulations, what does GDPR stand for?
- General Data Privacy Requirement
- General Data Protection Requirement
- Global Data Privacy Regulation
- Global Data Protection Regulation
GDPR stands for the General Data Protection Regulation, which is a European Union regulation designed to protect the privacy and data of EU citizens. It has global implications for organizations dealing with EU citizens' data.
What common practice involves creating a duplicate copy of data to ensure its availability in case of data loss?
- Data Archiving
- Data Compression
- Data Encryption
- Data Mirroring
Data Mirroring is the practice of creating a duplicate copy of data on another storage device. This is done in real-time or near-real-time to ensure data availability in case of data loss or hardware failure. It provides redundancy and high availability.
In an out-of-band SQL injection attack, data is retrieved using:
- A separate channel
- API endpoints
- HTTP GET requests
- The same channel with UNION statements
In an out-of-band SQL injection, attackers retrieve data via a separate channel, such as a DNS request, rather than through the same channel as the main application.
Which of the following best describes the primary purpose of a certificate authority (CA) in the SSL/TLS handshake process?
- Authenticating users
- Handling encryption keys
- Issuing digital certificates
- Providing web hosting
A Certificate Authority (CA) in the SSL/TLS handshake process primarily issues digital certificates. These certificates are used to verify the authenticity of a website, ensuring that the connection is secure and that data is encrypted.
Under GDPR, individuals have the right to access their personal data and the right to _______ it.
- Alter the Data
- Correct the Data
- Delete the Data
- Share the Data
Under the General Data Protection Regulation (GDPR), individuals have the right to access their personal data held by organizations. This means they can request to correct or update the data if it's inaccurate. This helps individuals maintain the accuracy of their personal information.
A _______ VPN provides a secure connection between multiple networks over the internet.
- Endpoint-to-Endpoint
- PPTP
- SSL
- Site-to-Site
A Site-to-Site VPN connects entire networks securely over the internet. It's commonly used to connect remote offices or cloud services to the main network.
In the context of social engineering, what does "baiting" usually involve?
- Hiding behind a mask
- Impersonating someone
- Offering something enticing to the victim
- Threatening the victim
Baiting in social engineering involves offering something enticing to the victim. This could be in the form of a free download, a prize, or anything that would make the victim want to take an action that benefits the attacker.
Which secure coding principle emphasizes the importance of denying everything by default and only granting permissions intentionally?
- Defense in Depth
- Fail-Safe Defaults
- Principle of Least Privilege
- Security through Obscurity
The Principle of Least Privilege advocates limiting permissions to the minimum necessary, ensuring that by default, access is denied, and permissions are granted intentionally.
An encryption system that uses the same key to encrypt and decrypt information is known as _______ encryption.
- Asymmetric
- Private
- Public
- Symmetric
Symmetric encryption, also known as private-key encryption, uses the same key for both encryption and decryption. This means that the sender and the recipient must both have access to the same secret key. It is typically faster and less computationally intensive compared to asymmetric encryption.
Which of the following attacks involves the injection of malicious scripts into web pages viewed by other users?
- Cross-Site Scripting (XSS)
- Distributed Denial of Service (DDoS)
- Phishing
- SQL Injection
Cross-Site Scripting (XSS) is an attack where an attacker injects malicious scripts into web pages, which are then viewed by other users, potentially leading to data theft or manipulation.