Home » Cyber Security Quiz » Page 84

The HIPAA Security Rule focuses specifically on the security of _______.

  • Health Information
  • Healthcare Providers
  • Medical Facilities
  • Patient Records
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule primarily addresses the security of protected health information (PHI) and electronic health records. It sets standards for securing health information, ensuring the confidentiality, integrity, and availability of patient data.
Discuss it

What is the primary purpose of a Web Application Firewall (WAF)?

  • To block malicious web traffic
  • To design web interfaces
  • To manage web application sessions
  • To speed up web application loading
A Web Application Firewall (WAF) primarily serves to block malicious web traffic and protect web applications from various cyber threats and attacks.
Discuss it

In the context of operating system security, which mechanism dictates how privileges are escalated or restricted for processes?

  • ACL (Access Control List)
  • DAC (Discretionary Access Control)
  • MAC (Mandatory Access Control)
  • UAC (User Account Control)
MAC (Mandatory Access Control) is a security mechanism that dictates how privileges are escalated or restricted for processes. It enforces a predefined set of access rules and is commonly used in high-security environments such as military and government systems.
Discuss it

An IT administrator is setting up a secure file transfer service for his company. He needs a protocol that provides directory listing, file transfers, and file management capabilities. Which protocol should he consider?

  • FTP
  • HTTP
  • SMTP
  • SSH
The protocol that provides directory listing, file transfers, and file management capabilities is FTP (File Transfer Protocol). FTP is commonly used for these purposes, allowing secure and efficient file transfers.
Discuss it

Alice visits a popular news website and sees a pop-up that says "Hacked!". Upon investigation, it's found that the website itself was not compromised but the script from an ad provider was. What kind of attack was most likely leveraged?

  • Cross-Site Request Forgery (CSRF)
  • Cross-Site Scripting (XSS)
  • Distributed Denial of Service (DDoS)
  • SQL Injection
Alice likely experienced a Cross-Site Scripting (XSS) attack, where malicious code was injected into the ad provider's script, affecting the website's visitors.
Discuss it

A company's IT department receives a report of an email sent to several employees that appears to be from the CEO, asking them to click on a link and enter their credentials. The CEO denies sending such an email. This situation is most likely an example of which type of attack?

  • DDoS Attack
  • Insider Threat
  • Ransomware Attack
  • Spear Phishing
This scenario describes a classic spear-phishing attack. Spear-phishing involves sending targeted, deceptive emails to specific individuals, often impersonating someone the recipient trusts, with the intent of stealing sensitive information or spreading malware.
Discuss it

Alice, a system administrator, notices that some sensitive files have been accessed by unauthorized users. She wants to ensure that, in the future, only specific users can view and modify these files. What security measure should Alice implement?

  • Access Control List (ACL)
  • Encryption
  • Intrusion Detection System (IDS)
  • Two-Factor Authentication (2FA)
Alice should implement Access Control Lists (ACLs) to restrict file access. ACLs define which users or system processes are granted access to objects, as well as what operations are allowed on given objects. In this case, Alice can specify which specific users have access to sensitive files and what type of access they have.
Discuss it

Patch _______ is the process of deciding which patches should be applied to systems and in what order.

  • Deployment
  • Management
  • Prioritization
  • Selection
Patch prioritization is the process of deciding which patches should be applied to systems and in what order. It involves assessing the criticality of vulnerabilities and the potential impact on systems to determine the patching order.
Discuss it

Which type of phishing attack targets a specific individual or organization?

  • Pharming
  • Smishing
  • Spear Phishing
  • Vishing
Spear Phishing is a highly targeted form of phishing where the attacker tailors the attack to a specific individual or organization. It often involves researching the target to create a convincing email or message.
Discuss it

In operating system hardening, why might an administrator choose to disable unused services and protocols?

  • To increase system performance
  • To reduce software licensing costs
  • To minimize security risks
  • To improve user experience
Administrators might choose to disable unused services and protocols in operating system hardening to minimize security risks. Unused services and protocols can be exploited by attackers, leading to vulnerabilities and potential breaches. By disabling them, administrators reduce the attack surface and enhance the system's security posture.
Discuss it