A company's IT department receives a report of an email sent to several employees that appears to be from the CEO, asking them to click on a link and enter their credentials. The CEO denies sending such an email. This situation is most likely an example of which type of attack?
- DDoS Attack
- Insider Threat
- Ransomware Attack
- Spear Phishing
This scenario describes a classic spear-phishing attack. Spear-phishing involves sending targeted, deceptive emails to specific individuals, often impersonating someone the recipient trusts, with the intent of stealing sensitive information or spreading malware.
Alice, a system administrator, notices that some sensitive files have been accessed by unauthorized users. She wants to ensure that, in the future, only specific users can view and modify these files. What security measure should Alice implement?
- Access Control List (ACL)
- Encryption
- Intrusion Detection System (IDS)
- Two-Factor Authentication (2FA)
Alice should implement Access Control Lists (ACLs) to restrict file access. ACLs define which users or system processes are granted access to objects, as well as what operations are allowed on given objects. In this case, Alice can specify which specific users have access to sensitive files and what type of access they have.
During a penetration test, a tester was able to access a company's internal network by mimicking an employee's behavior and tailgating into a secure area. This tester exploited a weakness in what area of security?
- Access Control Systems
- Network Security
- Physical Security
- Social Engineering
The tester exploited a weakness in Social Engineering, as they used tactics to manipulate people into allowing unauthorized physical access.
Which term describes the act of intentionally finding and exploiting vulnerabilities in a system, but with the goal of improving its security?
- Cracking
- Cybercrime Prevention
- Hacking
- Penetration Testing
Penetration Testing is the process of intentionally finding and exploiting vulnerabilities in a system with the goal of improving its security. Unlike malicious hacking or cracking, penetration testing is done with the organization's consent to identify and rectify vulnerabilities before potential attackers can exploit them.
Advanced Persistent Threats (APTs) typically involve long-term attacks that focus on _______ rather than immediate harm.
- DDoS Attacks
- Data Exfiltration
- Exploiting Vulnerabilities
- Phishing Campaigns
APTs aim at "Data Exfiltration," which involves stealing data over an extended period, focusing on long-term gains, not causing immediate harm.
IPsec is a suite of protocols designed to secure what type of communication?
- Internet browsing
- Network
- Wireless connections
IPsec (Internet Protocol Security) is designed to secure network communication, ensuring data integrity and confidentiality. It's often used to create VPNs for secure network connections.
DLP solutions often use _______ to detect sensitive data based on predefined criteria.
- Biometrics
- Encryption
- Firewalls
- Machine Learning
Data Loss Prevention (DLP) solutions often employ Machine Learning algorithms to identify and classify sensitive data. These algorithms learn from historical data and predefined criteria to recognize patterns associated with sensitive information, helping prevent data leaks and breaches.
Which tool is commonly used to scan a computer system for known malware signatures?
- Antivirus
- Browser
- Firewall
- VPN
Antivirus software is commonly used to scan a computer system for known malware signatures. It compares files and activities on the computer to a database of known malware signatures to detect and remove malicious software.
In the context of firewalls, what does the term "stateful inspection" refer to?
- A method for tracking network packets
- A process for encrypting data transmissions
- A technique for blocking network traffic
- A way to filter website content
"Stateful inspection" in firewalls refers to the method of tracking the state of active connections and making decisions based on the context of the traffic, enhancing security by understanding the state of network connections.
The principle that emphasizes using multiple layers of security measures to protect information and systems is called what?
- Defense-in-Depth
- Encryption
- Single Sign-On (SSO)
- Two-Factor Authentication
Defense-in-Depth is a security strategy that advocates implementing multiple layers of security measures. This approach helps to provide redundancy and ensure that even if one layer is breached, other layers can still protect the system. Single Sign-On, Two-Factor Authentication, and Encryption are important security concepts but not the same as Defense-in-Depth.