The U.S. federal law that requires financial institutions to explain how they share and protect their customers' private information is known as the _______.
- Computer Fraud and Abuse Act
- Gramm-Leach-Bliley Act
- Patriot Act
- Sarbanes-Oxley Act
The correct answer is the "Gramm-Leach-Bliley Act." This law mandates financial institutions to disclose their information-sharing practices and safeguard customers' private data.
In the context of CSP, what does the 'nonce' attribute help with?
- Controlling content caching
- Enforcing secure data transmission
- Handling session management
- Preventing Cross-Site Scripting (XSS) attacks
In the context of Content Security Policy (CSP), the 'nonce' attribute is used to prevent Cross-Site Scripting (XSS) attacks. It allows a server to generate a unique cryptographic nonce for each page load. The nonce is included in the CSP header, and the browser only executes scripts with a matching nonce, effectively blocking any unauthorized scripts from running on the page.
A(n) _______ test in penetration testing is where the attacker has no prior knowledge of the target system.
- Black Box
- External
- Gray Box
- White Box
In penetration testing, a "Black Box" test is when the tester has no prior knowledge of the system, simulating an external attacker's approach.
In the context of incident response, a _______ is a collection of data that provides detailed information about an event that has occurred.
- Framework
- Log
- Policy
- Report
The correct answer is "Log." A log contains detailed data about events and incidents, aiding in incident response, forensics, and post-incident analysis.
Sarah, an IT administrator, notices that several unauthorized devices have been connecting to the company's wireless network. To ensure only company devices can connect, she considers implementing a security measure based on hardware addresses. Which security measure is she thinking of?
- MAC (Media Access Control) Filtering
- SSID Hiding
- WEP (Wired Equivalent Privacy)
- WPA3 (Wi-Fi Protected Access 3)
Sarah is considering implementing MAC (Media Access Control) filtering to control which devices can connect to the wireless network. It allows her to permit or deny devices based on their unique hardware addresses.
Which layer of the OSI model is primarily concerned with end-to-end communication and network security?
- Layer 2 - Data Link
- Layer 3 - Network
- Layer 5 - Session
- Layer 7 - Application
Layer 3, the Network layer, is primarily concerned with end-to-end communication, routing, and network security by controlling data packet routing.
An organization's new software automatically adjusts user permissions based on their job role and revokes access to certain files when an employee changes departments. This approach to managing user rights is an example of what?
- Attribute-Based Access Control (ABAC)
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Role-Based Access Control (RBAC)
This approach to managing user rights is an example of "Role-Based Access Control (RBAC)." RBAC assigns permissions based on a user's role or job function, simplifying permission management and reducing the risk of unauthorized access.
A _______ is a piece of code that attaches itself to a legitimate program and propagates to other programs and systems.
- Firewall
- Router
- Switch
- Worm
A worm is a self-replicating piece of malicious code that can attach itself to legitimate programs and propagate to other systems without any user intervention. Unlike viruses, worms do not require a host program to attach to.
Zero-day exploits target vulnerabilities that are known to the software vendor but:
- The vendor can't reproduce the issue
- The vendor has not yet released a patch
- The vendor is actively working on a fix
- The vendor refuses to acknowledge the vulnerability
Zero-day exploits target vulnerabilities that are known to the software vendor but do not yet have an official patch or fix available. Hackers exploit these vulnerabilities before the vendor can respond with a patch, potentially causing significant damage or security breaches.
After a ransomware attack, a company realizes they have lost access to their critical data. Fortunately, they have a recent backup stored in a remote location. This situation highlights the importance of which data protection principle?
- Authentication
- Availability
- Confidentiality
- Integrity
This situation highlights the importance of data availability. Data protection principles ensure the confidentiality, integrity, and availability of data. In this case, the company's ability to access the backup data stored in a remote location demonstrates the principle of data availability.