What is the primary difference between SSL and its successor, TLS?
- SSL is faster
- SSL is older
- TLS is a separate protocol
- TLS is more secure
The primary difference is that TLS (Transport Layer Security) is an updated version of SSL (Secure Sockets Layer). They serve the same purpose, but TLS has addressed vulnerabilities present in SSL, making it more secure. TLS is a separate protocol with improvements over SSL.
A _______ is a set of predefined rules in a firewall that determines whether to allow or block specific traffic.
- Access Control List (ACL)
- DNS Server
- Encryption Algorithm
- Intrusion Detection System
An Access Control List (ACL) is a set of rules used in a firewall to control traffic by allowing or blocking based on defined criteria.
The process of converting encrypted data back into its original form is termed as _______.
- Deciphering
- Encoding
- Encryption
- Hashing
The process of converting encrypted data back into its original form is termed as "Deciphering." This process uses the decryption key to transform the encrypted data into its original, readable format.
Which of the following is NOT a recommended practice to prevent SQL injection?
- Sanitizing Input
- Storing Passwords in Plain Text
- Using Dynamic Queries
- Using Prepared Statements
Using dynamic queries is not recommended to prevent SQL injection. It opens the door to SQL injection attacks by allowing user input directly in SQL queries.
In the context of operating systems, what does the principle of "least privilege" refer to?
- Giving users the highest level of access rights
- Providing maximum system resources to all users
- Providing system access based on need
- Denying system access to all users
The principle of "least privilege" (also known as the principle of least privilege, or POLP) refers to providing system access based on the principle of "need to know" and giving users the minimum levels of access rights required to accomplish their tasks. This reduces the risk of unauthorized access and potential security breaches.
In the context of encryption, what ensures that data remains unchanged from its source and has not been accidentally or maliciously altered?
- Data Authentication
- Data Availability
- Data Confidentiality
- Data Integrity
Data Integrity, in encryption, ensures that data remains unchanged from its source and has not been accidentally or maliciously altered. This is vital to ensure the trustworthiness of data in transit or storage.
Firewalls that operate at the network layer and make decisions based on IP addresses are called _______ firewalls.
- Application Firewall
- Packet Filtering Firewall
- Proxy Firewall
- Stateful Firewall
Packet Filtering Firewalls operate at the network layer and make decisions based on IP addresses and ports.
Which of the following best describes an "insider threat"?
- A malicious actor outside the organization trying to breach security
- A security breach caused by unintentional employee actions
- A security measure that guards against external threats
- A virus or malware designed to infiltrate a network
An "insider threat" refers to a security breach caused by unintentional or malicious actions by employees or individuals with privileged access to the organization's systems. This threat can result from actions like sharing sensitive data, falling victim to phishing attacks, or intentionally causing harm.
An organization's IT department notices that a large volume of files containing sensitive financial data is being uploaded to a cloud storage service. This is against the company's policy. Which system would be best suited to detect and prevent such actions?
- DLP (Data Loss Prevention) System
- IDS (Intrusion Detection System)
- NAT (Network Address Translation)
- VPN (Virtual Private Network)
A DLP (Data Loss Prevention) system is designed to monitor and protect data while it is in use, in motion, and at rest. It can detect and prevent the unauthorized transfer or sharing of sensitive data, such as financial information, to cloud storage services.
_______ attacks specifically target high-ranking officials within an organization.
- Botnet
- DDoS
- Malware
- Spear Phishing
Spear Phishing attacks specifically target high-ranking officials within an organization. These attacks are highly targeted, personalized, and often aim to trick executives into revealing sensitive information or taking malicious actions.