A phishing attack that involves multiple methods, such as emails and phone calls, to deceive victims is known as?
- Smishing
- Spear Phishing
- Vishing
- Whaling
Whaling is a type of phishing attack that specifically targets high-profile individuals or senior executives within an organization. It often involves various methods, such as emails, phone calls, and even in-person social engineering, to deceive victims and gain sensitive information or access.
The use of multiple layers of security measures, including both malware detection and patch management, is referred to as a _______ approach.
- Defense-in-Depth
- Multi-Factor Authentication
- Redundant Backup
- Single Sign-On
Defense-in-Depth is a security strategy that employs multiple layers of security controls and measures to protect against various security threats. This approach includes not only malware detection but also patch management, firewalls, intrusion detection systems, and more, creating a robust security posture.
What term describes the GDPR requirement for organizations to design data protection into their products and processes from the outset?
- Data Encryption
- Data Minimization
- Data Portability
- Data Protection by Design and by Default
GDPR (General Data Protection Regulation) requires organizations to implement "Data Protection by Design and by Default." This means that data protection must be an integral part of product and process development, ensuring data security from the start rather than added as an afterthought.
The principle of "_______" ensures that critical tasks or functions are not controlled by a single individual.
- Access Control
- Defense in Depth
- Least Privilege
- Vulnerability Scanning
The principle of "Least Privilege" is a security concept that restricts individual users' access rights to the minimum levels necessary to accomplish their tasks. It ensures that no single person has excessive access, reducing the risk of unauthorized actions or potential damage.
In the context of mobile security, what does BYOD stand for?
- Bring Your Own Data
- Bring Your Own Device
- Build Your Own Device
- Business Yearning Over Devices
BYOD stands for "Bring Your Own Device." This policy allows employees to use their personal devices (such as smartphones, tablets, or laptops) for official work purposes. It can enhance flexibility and productivity but also poses security challenges that need to be addressed.
A primary technique to mitigate code injection attacks is to avoid executing code that is:
- Dynamic
- Encoded
- Trusted
- Untrusted
Mitigating code injection attacks involves not executing untrusted code. Untrusted code can contain malicious commands that may lead to security vulnerabilities.
When developing cybersecurity policies, what factor is crucial to ensure its effectiveness across the organization?
- Compliance with legal regulations
- Employee awareness and adherence
- Involving only the IT department
- Strong encryption techniques
Effective cybersecurity policies require not just compliance with regulations but also the active involvement of all employees. Employee awareness, understanding, and adherence to policies play a crucial role in ensuring organizational security.
Mike, an IT professional, finds a USB drive in the parking lot with a label reading "Salary Details 2023". Curious, he plugs it into his office computer, leading to the installation of malware. Which social engineering technique successfully targeted Mike?
- Spear Phishing
- Baiting
- Tailgating
- Pretexting
This scenario is an example of "Baiting." Baiting involves leaving physical devices, such as infected USB drives, in places where individuals might find them and be tempted to use them. Mike's curiosity led to the installation of malware.
What is the primary difference between SSL and its successor, TLS?
- SSL is faster
- SSL is older
- TLS is a separate protocol
- TLS is more secure
The primary difference is that TLS (Transport Layer Security) is an updated version of SSL (Secure Sockets Layer). They serve the same purpose, but TLS has addressed vulnerabilities present in SSL, making it more secure. TLS is a separate protocol with improvements over SSL.
A _______ is a set of predefined rules in a firewall that determines whether to allow or block specific traffic.
- Access Control List (ACL)
- DNS Server
- Encryption Algorithm
- Intrusion Detection System
An Access Control List (ACL) is a set of rules used in a firewall to control traffic by allowing or blocking based on defined criteria.