Alice receives an email with a signed document from Bob. She verifies the digital signature using Bob's public key and finds it valid. This ensures that the document was:
- Authenticated
- Encrypted
- Not tampered with
- Sent securely
When Alice verifies the digital signature using Bob's public key, it ensures that the document was not tampered with. Digital signatures provide data integrity, and if the signature is valid, it means the document has not been altered since it was signed by Bob.
Which countermeasure involves training employees to recognize and report suspicious requests or messages?
- Antivirus Software
- Firewall Configuration
- Intrusion Detection System
- User Awareness Training
User Awareness Training is a proactive security measure that educates employees on recognizing and reporting suspicious activities, requests, or messages. This helps organizations prevent falling victim to various forms of cyberattacks, including phishing and social engineering.
A _______ is a program or piece of code that appears harmless but carries a malicious intent.
- Denial of Service (DoS)
- Firewall Bypass
- Trojan Horse
- Worm
A "Trojan Horse" is a type of malware that disguises itself as a benign program but contains malicious code, named after the Greek myth.
Which of the following best describes an "insider threat"?
- A malicious actor outside the organization trying to breach security
- A security breach caused by unintentional employee actions
- A security measure that guards against external threats
- A virus or malware designed to infiltrate a network
An "insider threat" refers to a security breach caused by unintentional or malicious actions by employees or individuals with privileged access to the organization's systems. This threat can result from actions like sharing sensitive data, falling victim to phishing attacks, or intentionally causing harm.
An organization's IT department notices that a large volume of files containing sensitive financial data is being uploaded to a cloud storage service. This is against the company's policy. Which system would be best suited to detect and prevent such actions?
- DLP (Data Loss Prevention) System
- IDS (Intrusion Detection System)
- NAT (Network Address Translation)
- VPN (Virtual Private Network)
A DLP (Data Loss Prevention) system is designed to monitor and protect data while it is in use, in motion, and at rest. It can detect and prevent the unauthorized transfer or sharing of sensitive data, such as financial information, to cloud storage services.
_______ attacks specifically target high-ranking officials within an organization.
- Botnet
- DDoS
- Malware
- Spear Phishing
Spear Phishing attacks specifically target high-ranking officials within an organization. These attacks are highly targeted, personalized, and often aim to trick executives into revealing sensitive information or taking malicious actions.
What is the primary purpose of a digital signature in electronic documents?
- Data Compression
- Data Duplication
- Data Encryption
- Ensuring Authenticity
The primary purpose of a digital signature in electronic documents is to ensure authenticity. It provides a way to verify that the document has not been tampered with and that it was indeed signed by the claimed sender. Digital signatures use cryptographic techniques to achieve this.
The security measure that ensures only approved applications run on a system is called _______.
- Anti-virus
- Application Whitelisting
- Firewall
- Intrusion Detection
Application Whitelisting is a security measure that only allows approved applications to run on a system. It creates a list of trusted applications, and only those on the list can execute. This helps prevent the execution of unauthorized or malicious software.
Which wireless security protocol was developed as an improvement over WEP due to its vulnerabilities?
- WPA
- WPA-Enterprise
- WPA2
- WPA3
WPA3 was developed as a stronger alternative to WEP and WPA, addressing their vulnerabilities. It enhances Wi-Fi security through encryption and authentication.
The act of monitoring and potentially manipulating network traffic to extract information or disrupt the communication is known as _______.
- Cyberbullying
- Encryption
- Packet Sniffing
- Social Engineering
"Packet Sniffing" is the practice of intercepting and examining data packets in a network to gather information, often used in network security analysis.