In the context of regulations, what does GDPR stand for?
- General Data Privacy Requirement
- General Data Protection Requirement
- Global Data Privacy Regulation
- Global Data Protection Regulation
GDPR stands for the General Data Protection Regulation, which is a European Union regulation designed to protect the privacy and data of EU citizens. It has global implications for organizations dealing with EU citizens' data.
What common practice involves creating a duplicate copy of data to ensure its availability in case of data loss?
- Data Archiving
- Data Compression
- Data Encryption
- Data Mirroring
Data Mirroring is the practice of creating a duplicate copy of data on another storage device. This is done in real-time or near-real-time to ensure data availability in case of data loss or hardware failure. It provides redundancy and high availability.
Under GDPR, individuals have the right to access their personal data and the right to _______ it.
- Alter the Data
- Correct the Data
- Delete the Data
- Share the Data
Under the General Data Protection Regulation (GDPR), individuals have the right to access their personal data held by organizations. This means they can request to correct or update the data if it's inaccurate. This helps individuals maintain the accuracy of their personal information.
In an out-of-band SQL injection attack, data is retrieved using:
- A separate channel
- API endpoints
- HTTP GET requests
- The same channel with UNION statements
In an out-of-band SQL injection, attackers retrieve data via a separate channel, such as a DNS request, rather than through the same channel as the main application.
Which of the following best describes the primary purpose of a certificate authority (CA) in the SSL/TLS handshake process?
- Authenticating users
- Handling encryption keys
- Issuing digital certificates
- Providing web hosting
A Certificate Authority (CA) in the SSL/TLS handshake process primarily issues digital certificates. These certificates are used to verify the authenticity of a website, ensuring that the connection is secure and that data is encrypted.
Which of the following attacks involves the injection of malicious scripts into web pages viewed by other users?
- Cross-Site Scripting (XSS)
- Distributed Denial of Service (DDoS)
- Phishing
- SQL Injection
Cross-Site Scripting (XSS) is an attack where an attacker injects malicious scripts into web pages, which are then viewed by other users, potentially leading to data theft or manipulation.
The process of hiding a wireless network by not broadcasting its SSID is known as _______.
- MAC Filtering
- Network Masking
- SSID Concealing
- SSID Encryption
SSID Concealing, also known as SSID hiding, is a security measure where the network name (SSID) is not broadcast, making it less visible to potential attackers.
Regular _______ sessions are essential to ensure that employees are up-to-date with the latest security policies and practices.
- Evaluation
- Maintenance
- Reporting
- Training
Regular training sessions are essential to ensure that employees are up-to-date with the latest security policies and practices. Security training helps employees recognize and respond to security threats effectively.
Insider threats can be particularly challenging to detect because they often exploit legitimate _______ rather than external vulnerabilities.
- Permissions
- Software Bugs
- System Flaws
- Weak Passwords
Insider threats often exploit legitimate "Permissions" granted to them as part of their job. This can make it challenging to distinguish malicious behavior from regular activities, increasing the risk of data breaches.
In penetration testing, what is the significance of a "red team" versus a "blue team"?
- Red team consists of internal employees, blue team is external
- Red team defends, blue team simulates attackers
- Red team simulates attackers, blue team defends
- Red team tests for software vulnerabilities
In penetration testing, the "red team" simulates attackers, often from an external perspective, while the "blue team" defends, typically from an internal perspective, helping to identify security weaknesses and prepare for real-world threats.