In many operating systems, the _______ acts as a central policy that defines security-related computer settings.
- Antivirus
- Firewall
- Operating System
- Router
In many operating systems, the Operating System acts as a central policy that defines security-related computer settings. This includes user access controls, permissions, and various security configurations.
What is the primary purpose of an incident reporting procedure in an organization?
- To assign blame
- To improve system performance
- To prevent all incidents
- To identify and address security incidents
The primary purpose of an incident reporting procedure in an organization is to identify and address security incidents. This process is essential for recognizing and responding to events that could potentially harm the organization's information security. Incident reporting helps in containment and recovery, minimizing the impact of security breaches.
Which method is commonly used by organizations to test the effectiveness of their security awareness training?
- Firewall configurations
- Phishing simulations
- Social engineering
- Virtual private networks (VPNs)
Phishing simulations are commonly used by organizations to test the effectiveness of their security awareness training. They simulate phishing attacks to see how well employees can recognize and respond to phishing attempts.
In a PKI (Public Key Infrastructure) system, the private key is used to _______ a message, while the public key is used to _______ it.
- Encode, Decode
- Encrypt, Decrypt
- Hash, Validate
- Sign, Verify
In a PKI system, the private key is used to sign a message, providing proof of the sender's identity and ensuring data integrity. The public key is used to verify the signature, allowing recipients to confirm the sender's identity and data authenticity.
What mechanism does IPsec use to ensure data integrity and confidentiality at the same time?
- AH (Authentication Header)
- ESP (Encapsulating Security Payload)
- PPTP (Point-to-Point Tunneling Protocol)
- SSL (Secure Sockets Layer)
IPsec uses ESP, the Encapsulating Security Payload, to provide both data integrity and confidentiality. ESP encapsulates the original packet and adds encryption and integrity checks.
A process in which an operating system ensures that an application only accesses the resources necessary for its legitimate purpose is called what?
- Clustering
- Multithreading
- Sandboxing
- Virtualization
The process in which an operating system ensures that an application only accesses the resources necessary for its legitimate purpose is called "Sandboxing." Sandboxing is a security mechanism that isolates applications, preventing them from making unauthorized changes to a system or accessing resources they shouldn't. It enhances security by containing potentially harmful processes.
A financial institution wants to ensure that even if their data is intercepted during transmission, the intruder wouldn't be able to understand it. They decide to transform this data into a code to prevent unauthorized access. What process are they using?
- Compression
- Decryption
- Encryption
- Hashing
The financial institution is using encryption. Encryption is the process of transforming data into a code to prevent unauthorized access during transmission. It ensures that even if data is intercepted, it remains unintelligible to unauthorized individuals or intruders.
The U.S. federal law that requires financial institutions to explain how they share and protect their customers' private information is known as the _______.
- Computer Fraud and Abuse Act
- Gramm-Leach-Bliley Act
- Patriot Act
- Sarbanes-Oxley Act
The correct answer is the "Gramm-Leach-Bliley Act." This law mandates financial institutions to disclose their information-sharing practices and safeguard customers' private data.
In the context of CSP, what does the 'nonce' attribute help with?
- Controlling content caching
- Enforcing secure data transmission
- Handling session management
- Preventing Cross-Site Scripting (XSS) attacks
In the context of Content Security Policy (CSP), the 'nonce' attribute is used to prevent Cross-Site Scripting (XSS) attacks. It allows a server to generate a unique cryptographic nonce for each page load. The nonce is included in the CSP header, and the browser only executes scripts with a matching nonce, effectively blocking any unauthorized scripts from running on the page.
A(n) _______ test in penetration testing is where the attacker has no prior knowledge of the target system.
- Black Box
- External
- Gray Box
- White Box
In penetration testing, a "Black Box" test is when the tester has no prior knowledge of the system, simulating an external attacker's approach.