Which type of IDS analyzes network traffic patterns and compares them with known attack signatures?
- Anomaly-based Intrusion Detection System
- Antivirus Software
- Host-based Intrusion Detection System
- Network-based Intrusion Detection System
A network-based IDS (NIDS) analyzes network traffic patterns and compares them with known attack signatures to identify malicious activity within a network, making it a crucial component of network security.
What is the primary purpose of Data Loss Prevention (DLP) solutions?
- Enhance network performance
- Ensure fast data transfer
- Prevent unauthorized access
- Prevent unauthorized data loss
Data Loss Prevention (DLP) solutions are primarily designed to prevent unauthorized data loss. They help organizations monitor, detect, and prevent the unauthorized sharing or leakage of sensitive information, ensuring data security and compliance with data protection regulations.
An organization has detected an ongoing cyber attack. They've isolated the affected systems and are now focused on removing the threat and securing the systems to prevent the same attack in the future. Which phase of incident response are they currently in?
- Containment
- Eradication and Recovery
- Identification and Detection
- Preparation and Prevention
The organization is in the 'Eradication and Recovery' phase of incident response, where they are actively working to remove the threat and recover affected systems. This phase follows detection and containment.
To effectively mitigate insider threats, organizations should focus on both technological solutions and fostering a culture of _______.
- Access Control
- Least Privilege
- Security Awareness
- Vulnerability Scanning
Organizations should focus on fostering a culture of "Security Awareness" to mitigate insider threats. This involves educating employees about security best practices and encouraging a shared responsibility for protecting the organization's data and systems.
SFTP and SCP both use which protocol as their underlying method for secure communication?
- HTTPS
- SSH
- SSL
- TLS
Both SFTP (SSH File Transfer Protocol) and SCP (Secure Copy Protocol) use the SSH (Secure Shell) protocol for secure communication. SSH provides secure authentication and encrypted data transfer over an insecure network.
Sarah, a web security analyst, receives a report that a certain page on the company's website is vulnerable to an XSS attack. She decides to implement a CSP. Which of the following directives should she prioritize to mitigate this specific threat?
- font-src
- img-src
- media-src
- script-src
To mitigate the threat of XSS (Cross-Site Scripting) attacks, Sarah should prioritize the script-src directive when implementing a CSP. This directive controls which scripts are allowed to execute on a web page, and by restricting this, she can mitigate the risk of malicious script execution.
HIPAA’s Privacy Rule establishes national standards to protect what kind of individual information?
- Financial data
- Personal communication records
- Protected health information (PHI)
- Social Security numbers
HIPAA's Privacy Rule establishes national standards to protect Protected Health Information (PHI). PHI includes health records, medical history, patient identifiers, and other health-related data. These regulations are crucial for ensuring the privacy and security of sensitive health information.
A piece of malware designed to spread across networks by exploiting vulnerabilities in networked devices is called a _______.
- Ransomware
- Trojan Horse
- Virus
- Worm
A worm is a type of malware that is designed to self-replicate and spread across networks by exploiting vulnerabilities in networked devices. Unlike viruses, worms don't need a host file to propagate.
An effective incident reporting procedure should prioritize which aspect to ensure timely remediation?
- Incident Classification
- Incident Escalation
- Incident Identification
- Incident Notification
An effective incident reporting procedure should prioritize incident classification to ensure timely remediation. Properly classifying incidents based on their severity and impact helps in allocating resources efficiently. Critical incidents can be addressed with higher priority, leading to timely remediation and reduced potential damage.
What differentiates SCP from SFTP in terms of functionality and usage?
- SCP and SFTP are identical in functionality and usage.
- SCP is a file transfer protocol that only supports file transfer. SFTP, on the other hand, is an interactive file transfer protocol that also allows file and directory manipulation, remote file viewing, and more.
- SCP is a more secure version of SFTP.
- SCP is a text-based protocol, whereas SFTP is binary-based.
SCP (Secure Copy Protocol) and SFTP (SSH File Transfer Protocol) have distinct differences in functionality. SCP is primarily for file transfer, while SFTP is more versatile, offering interactive features like file management and remote access.