In a PKI (Public Key Infrastructure) system, the private key is used to _______ a message, while the public key is used to _______ it.
- Encode, Decode
- Encrypt, Decrypt
- Hash, Validate
- Sign, Verify
In a PKI system, the private key is used to sign a message, providing proof of the sender's identity and ensuring data integrity. The public key is used to verify the signature, allowing recipients to confirm the sender's identity and data authenticity.
What mechanism does IPsec use to ensure data integrity and confidentiality at the same time?
- AH (Authentication Header)
- ESP (Encapsulating Security Payload)
- PPTP (Point-to-Point Tunneling Protocol)
- SSL (Secure Sockets Layer)
IPsec uses ESP, the Encapsulating Security Payload, to provide both data integrity and confidentiality. ESP encapsulates the original packet and adds encryption and integrity checks.
A process in which an operating system ensures that an application only accesses the resources necessary for its legitimate purpose is called what?
- Clustering
- Multithreading
- Sandboxing
- Virtualization
The process in which an operating system ensures that an application only accesses the resources necessary for its legitimate purpose is called "Sandboxing." Sandboxing is a security mechanism that isolates applications, preventing them from making unauthorized changes to a system or accessing resources they shouldn't. It enhances security by containing potentially harmful processes.
Which of the following best describes a "zero-day" vulnerability?
- A vulnerability known for zero days
- A vulnerability that's been exploited zero times
- A vulnerability that's undisclosed to the vendor
- A vulnerability with no known exploits
A "zero-day" vulnerability is one that's undisclosed to the software or hardware vendor, meaning there are no patches or fixes available. It's called "zero-day" because it's effectively day zero of the vendor's awareness.
Which of the following is a primary goal of operating system hardening?
- Enhancing security by reducing vulnerabilities
- Expanding network connectivity
- Increasing system performance
- Simplifying user interfaces
The primary goal of operating system hardening is to enhance security by reducing vulnerabilities. This involves configuring the OS to minimize potential attack vectors and make it more resistant to security threats and exploits.
A company hired an ethical hacker to assess its security posture. After the assessment, the hacker provided a detailed report showing several vulnerabilities but did not exploit any. Which type of test did the hacker most likely perform?
- Penetration Test
- Red Team Exercise
- Security Audit
- Vulnerability Assessment
The hacker likely performed a Vulnerability Assessment, which identifies vulnerabilities without exploiting them. A Penetration Test would involve exploiting vulnerabilities.
In the context of incident response, a _______ is a collection of data that provides detailed information about an event that has occurred.
- Framework
- Log
- Policy
- Report
The correct answer is "Log." A log contains detailed data about events and incidents, aiding in incident response, forensics, and post-incident analysis.
Sarah, an IT administrator, notices that several unauthorized devices have been connecting to the company's wireless network. To ensure only company devices can connect, she considers implementing a security measure based on hardware addresses. Which security measure is she thinking of?
- MAC (Media Access Control) Filtering
- SSID Hiding
- WEP (Wired Equivalent Privacy)
- WPA3 (Wi-Fi Protected Access 3)
Sarah is considering implementing MAC (Media Access Control) filtering to control which devices can connect to the wireless network. It allows her to permit or deny devices based on their unique hardware addresses.
Which layer of the OSI model is primarily concerned with end-to-end communication and network security?
- Layer 2 - Data Link
- Layer 3 - Network
- Layer 5 - Session
- Layer 7 - Application
Layer 3, the Network layer, is primarily concerned with end-to-end communication, routing, and network security by controlling data packet routing.
An organization's new software automatically adjusts user permissions based on their job role and revokes access to certain files when an employee changes departments. This approach to managing user rights is an example of what?
- Attribute-Based Access Control (ABAC)
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Role-Based Access Control (RBAC)
This approach to managing user rights is an example of "Role-Based Access Control (RBAC)." RBAC assigns permissions based on a user's role or job function, simplifying permission management and reducing the risk of unauthorized access.