In the context of operating systems, what does the principle of "least privilege" refer to?
- Giving users the highest level of access rights
- Providing maximum system resources to all users
- Providing system access based on need
- Denying system access to all users
The principle of "least privilege" (also known as the principle of least privilege, or POLP) refers to providing system access based on the principle of "need to know" and giving users the minimum levels of access rights required to accomplish their tasks. This reduces the risk of unauthorized access and potential security breaches.
In the context of encryption, what ensures that data remains unchanged from its source and has not been accidentally or maliciously altered?
- Data Authentication
- Data Availability
- Data Confidentiality
- Data Integrity
Data Integrity, in encryption, ensures that data remains unchanged from its source and has not been accidentally or maliciously altered. This is vital to ensure the trustworthiness of data in transit or storage.
Firewalls that operate at the network layer and make decisions based on IP addresses are called _______ firewalls.
- Application Firewall
- Packet Filtering Firewall
- Proxy Firewall
- Stateful Firewall
Packet Filtering Firewalls operate at the network layer and make decisions based on IP addresses and ports.
Which type of malware typically does not replicate itself but allows unauthorized access to the affected computer?
- Trojan
- Worm
- Virus
- Spyware
A Trojan horse (option 1) is a type of malware that disguises itself as a legitimate software or file to trick users into downloading it. Unlike viruses or worms, Trojans typically do not replicate themselves. Once executed, they can provide unauthorized access to the affected computer.
Which policy allows employees to use their personal devices for official work, but also emphasizes security measures to protect company data?
- BYOB Policy
- COPE Policy
- CYOD Policy
- BYOD Policy
The policy that allows employees to use their personal devices for official work but also emphasizes security measures to protect company data is the BYOD (Bring Your Own Device) policy. This policy outlines guidelines and security measures to ensure that sensitive company information remains secure when accessed on personal devices.
When developing cybersecurity policies, what factor is crucial to ensure its effectiveness across the organization?
- Compliance with legal regulations
- Employee awareness and adherence
- Involving only the IT department
- Strong encryption techniques
Effective cybersecurity policies require not just compliance with regulations but also the active involvement of all employees. Employee awareness, understanding, and adherence to policies play a crucial role in ensuring organizational security.
Mike, an IT professional, finds a USB drive in the parking lot with a label reading "Salary Details 2023". Curious, he plugs it into his office computer, leading to the installation of malware. Which social engineering technique successfully targeted Mike?
- Spear Phishing
- Baiting
- Tailgating
- Pretexting
This scenario is an example of "Baiting." Baiting involves leaving physical devices, such as infected USB drives, in places where individuals might find them and be tempted to use them. Mike's curiosity led to the installation of malware.
Alice receives an email with a signed document from Bob. She verifies the digital signature using Bob's public key and finds it valid. This ensures that the document was:
- Authenticated
- Encrypted
- Not tampered with
- Sent securely
When Alice verifies the digital signature using Bob's public key, it ensures that the document was not tampered with. Digital signatures provide data integrity, and if the signature is valid, it means the document has not been altered since it was signed by Bob.
Which countermeasure involves training employees to recognize and report suspicious requests or messages?
- Antivirus Software
- Firewall Configuration
- Intrusion Detection System
- User Awareness Training
User Awareness Training is a proactive security measure that educates employees on recognizing and reporting suspicious activities, requests, or messages. This helps organizations prevent falling victim to various forms of cyberattacks, including phishing and social engineering.
A _______ is a program or piece of code that appears harmless but carries a malicious intent.
- Denial of Service (DoS)
- Firewall Bypass
- Trojan Horse
- Worm
A "Trojan Horse" is a type of malware that disguises itself as a benign program but contains malicious code, named after the Greek myth.