An organization's proactive approach to anticipate and respond to future security incidents is termed as _______ management.
- Incident
- Risk
- Security
- Vulnerability
The correct answer is "Risk Management." It encompasses identifying potential security threats, assessing their impact, and implementing strategies to mitigate them.
In which type of attack does an attacker trick a victim into submitting a malicious request on their behalf?
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Distributed Denial of Service (DDoS)
- Man-in-the-Middle (MitM)
Cross-Site Request Forgery (CSRF) is an attack in which the attacker tricks a victim into submitting a malicious request, often without the victim's knowledge, on their behalf.
The process of converting data into a code to prevent unauthorized access is known as _______.
- Authentication
- Encryption
- Firewall
- Hacking
Encryption is the process of converting data into a code to prevent unauthorized access. It ensures that even if unauthorized users gain access to the data, they cannot read or use it without the decryption key. Encryption is crucial for data security and privacy.
In file system security, what restricts or allows specific actions (like reading, writing, executing) on a file or a directory?
- ACL
- BIOS
- Firewall
- SMTP
Access Control Lists (ACLs) are used to restrict or allow specific actions on files or directories. They define who can access the file or directory, what actions they can perform (e.g., read, write, execute), and under what conditions they can do so.
In a VPN, what is the role of a "tunneling protocol"?
- It encrypts data in transit
- It establishes connections
- It manages user authentication
- It routes traffic to external servers
A "tunneling protocol" plays a crucial role in VPNs by encapsulating data in a secure "tunnel," encrypting it, and ensuring safe transit through untrusted networks.
An employee using their access to steal confidential company data for personal gain is an example of which type of insider threat?
- Espionage
- Fraud
- Negligence
- Sabotage
This is an example of the "Fraud" type of insider threat. Fraud involves malicious activities by insiders, typically for personal gain. In this case, the employee is using their access to commit an act of fraud by stealing confidential data for their benefit.
What would be the primary objective of a whaling attack?
- Extract personal information from random individuals
- Gain access to sensitive company data
- Impersonate a specific individual
- Target a large number of individuals
The primary objective of a whaling attack is to impersonate a specific individual, usually a high-ranking executive or influential person within an organization. Attackers aim to deceive others into believing they are this individual to gain access to sensitive information or resources.
When an attacker introduces malicious code into a software system, causing it to behave in unintended ways, this is known as what?
- Code Injection
- Exploiting a Vulnerability
- Malware Injection
- Software Compromise
Code Injection occurs when an attacker inserts malicious code into a software system, leading to unintended and potentially harmful behavior.
When setting up a home wireless network, which feature allows devices to connect to the network without entering a password, but has potential security risks?
- MAC Address Filtering
- WEP (Wired Equivalent Privacy)
- WPA3
- WPS (Wi-Fi Protected Setup)
WPS allows easy device connection but poses security risks. Attackers can exploit it. Other methods like WPA3 are more secure for home networks.
Which header is used to define a Content Security Policy for a web application?
- Content-Security-Policy
- X-Content-Security-Policy
- X-Frame-Options
- X-XSS-Protection
The header used to define a Content Security Policy for a web application is "Content-Security-Policy." It specifies the policy rules for content sources, script execution, and other security directives for the web page.