Which layer of the OSI model does SSL/TLS primarily operate at?
- Application
- Data Link Layer
- Physical Layer
- Transport Layer
SSL/TLS (Secure Sockets Layer/Transport Layer Security) primarily operates at the Application Layer (Layer 7) of the OSI model. It provides encryption and security for application-level data.
A hospital's electronic record system was breached, exposing patient records. The hospital is based in the United States. Which regulation mandates that the hospital notify affected patients of the breach?
- CCPA
- FERPA
- GDPR
- HIPAA
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that mandates the protection of health information privacy and security. It requires healthcare organizations to notify affected patients in the event of a data breach involving their protected health information.
A company's IT department is implementing a system where every employee's email will have a digital signature. The primary reason for this implementation is to:
- Accelerate email delivery
- Ensure confidentiality
- Prevent email loss
- Verify sender identity
The primary reason for implementing digital signatures on emails is to verify the sender's identity. Digital signatures provide authentication, ensuring that the email indeed comes from the claimed sender and has not been altered in transit.
Which part of the HIPAA regulation sets the standards for protecting electronic protected health information?
- Title I
- Title II
- Title III
- Title IV
Title II of the HIPAA (Health Insurance Portability and Accountability Act) regulation sets the standards for protecting electronic protected health information (ePHI). It includes the Security Rule, which outlines the requirements for securing ePHI.
A company conducts a simulated phishing attack on its employees as part of its security training. A majority of employees report the email and don't click on the links. This type of simulation is primarily used to assess what?
- Employee Awareness
- Encryption Strength
- Firewall Effectiveness
- Malware Detection
This simulation primarily assesses employee awareness. Conducting simulated phishing attacks helps gauge how well employees can recognize and respond to phishing attempts, contributing to an overall culture of cybersecurity awareness.
Under GDPR, organizations must report data breaches to the relevant supervisory authority within how many hours of becoming aware?
- 24 hours
- 48 hours
- 72 hours
- 96 hours
Under the General Data Protection Regulation (GDPR), organizations must report data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach. This prompt reporting requirement is designed to ensure swift action and notification to protect individuals' privacy.
In the context of access control, the decision to grant or deny a user's request is referred to as _______.
- Authentication
- Authorization
- Validation
- Verification
Authorization is the process of deciding whether a user's request should be granted or denied. It's the step that follows authentication and validation and determines the level of access a user has to resources based on their permissions or privileges.
The process of examining code for security vulnerabilities before it's executed in a live environment is known as?
- Code Review
- Dynamic Testing
- Pre-execution Analysis
- Runtime Analysis
Code review is the process of examining code for security vulnerabilities before it's executed in a live environment. This helps identify and fix security issues in the code.
In TLS, what cryptographic process is used to establish a shared secret between the client and server without ever transmitting the secret itself?
- DES Encryption
- Diffie-Hellman Key Exchange
- MD5 Hash Algorithm
- RSA Key Exchange
In TLS, the Diffie-Hellman Key Exchange is used to establish a shared secret without transmitting the secret itself. This process allows secure key exchange even if eavesdroppers are present.
Which of the following is a globally recognized standard for information security management?
- Commercial Off-the-Shelf Software (COTS)
- Company Trademark Policy
- ISO/IEC 27001
- Internal Company Policy
ISO/IEC 27001 is a globally recognized standard for information security management systems (ISMS). It provides a systematic approach for managing sensitive company information, ensuring its confidentiality, integrity, and availability.