In the context of incident response, a _______ is a collection of data that provides detailed information about an event that has occurred.
- Framework
- Log
- Policy
- Report
The correct answer is "Log." A log contains detailed data about events and incidents, aiding in incident response, forensics, and post-incident analysis.
Sarah, an IT administrator, notices that several unauthorized devices have been connecting to the company's wireless network. To ensure only company devices can connect, she considers implementing a security measure based on hardware addresses. Which security measure is she thinking of?
- MAC (Media Access Control) Filtering
- SSID Hiding
- WEP (Wired Equivalent Privacy)
- WPA3 (Wi-Fi Protected Access 3)
Sarah is considering implementing MAC (Media Access Control) filtering to control which devices can connect to the wireless network. It allows her to permit or deny devices based on their unique hardware addresses.
Which layer of the OSI model is primarily concerned with end-to-end communication and network security?
- Layer 2 - Data Link
- Layer 3 - Network
- Layer 5 - Session
- Layer 7 - Application
Layer 3, the Network layer, is primarily concerned with end-to-end communication, routing, and network security by controlling data packet routing.
An organization's new software automatically adjusts user permissions based on their job role and revokes access to certain files when an employee changes departments. This approach to managing user rights is an example of what?
- Attribute-Based Access Control (ABAC)
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Role-Based Access Control (RBAC)
This approach to managing user rights is an example of "Role-Based Access Control (RBAC)." RBAC assigns permissions based on a user's role or job function, simplifying permission management and reducing the risk of unauthorized access.
Policies that dictate the criteria for granting access to specific information or systems are called _______ policies.
- Access Control
- Authentication
- Authorization
- Encryption
"Authorization" policies specify who can access what in a system, setting the criteria for granting access to specific resources.
Regularly updating and patching network devices is a key _______ in network security.
- Password
- Principle
- Protocol
- Vulnerability
One of the key principles in network security is regularly updating and patching network devices to fix vulnerabilities and security issues.
To prevent unauthorized access to a wireless network, administrators can implement MAC address _______.
- Broadcasting
- Encryption
- Filtering
- Hiding
MAC address filtering allows or denies access to a network based on the unique hardware address of a device, enhancing security by controlling device access.
Which type of attack targets vulnerabilities in a website's database by inserting malicious SQL code?
- Cross-Site Scripting
- Denial of Service Attack
- Phishing Attack
- SQL Injection
SQL Injection is an attack where an attacker inserts malicious SQL code into input fields to manipulate or extract data from a database.
Spear phishing and vishing are both techniques used in what kind of cyber attack?
- DDoS Attack
- Malware Attack
- Man-in-the-Middle Attack
- Social Engineering
Spear phishing and vishing are both types of social engineering attacks. Social engineering is a category of cyberattacks that manipulate individuals into revealing confidential information, typically through deceptive or manipulative means. Spear phishing targets specific individuals, while vishing involves voice communication.
A cryptographic method that requires two paired keys – one private and one public – is known as _______.
- Asymmetric Key
- Encryption
- Hashing
- Symmetric Key
An Asymmetric Key (or Public Key) cryptographic method uses two keys, one public and one private, for secure communication. Data encrypted with one key can only be decrypted with the other, providing a high level of security.