A piece of malware designed to spread across networks by exploiting vulnerabilities in networked devices is called a _______.
- Ransomware
- Trojan Horse
- Virus
- Worm
A worm is a type of malware that is designed to self-replicate and spread across networks by exploiting vulnerabilities in networked devices. Unlike viruses, worms don't need a host file to propagate.
An effective incident reporting procedure should prioritize which aspect to ensure timely remediation?
- Incident Classification
- Incident Escalation
- Incident Identification
- Incident Notification
An effective incident reporting procedure should prioritize incident classification to ensure timely remediation. Properly classifying incidents based on their severity and impact helps in allocating resources efficiently. Critical incidents can be addressed with higher priority, leading to timely remediation and reduced potential damage.
What differentiates SCP from SFTP in terms of functionality and usage?
- SCP and SFTP are identical in functionality and usage.
- SCP is a file transfer protocol that only supports file transfer. SFTP, on the other hand, is an interactive file transfer protocol that also allows file and directory manipulation, remote file viewing, and more.
- SCP is a more secure version of SFTP.
- SCP is a text-based protocol, whereas SFTP is binary-based.
SCP (Secure Copy Protocol) and SFTP (SSH File Transfer Protocol) have distinct differences in functionality. SCP is primarily for file transfer, while SFTP is more versatile, offering interactive features like file management and remote access.
A company wants to ensure that their inter-branch communication over the internet is secure, confidential, and has data integrity. Which protocol would best serve this purpose?
- FTP
- HTTP
- HTTPS
- Telnet
HTTPS (Hypertext Transfer Protocol Secure) is a secure communication protocol that provides encryption, data integrity, and confidentiality over the internet.
An attacker sets up a rogue wireless access point with the same SSID as a legitimate network to trick users into connecting to it. What is this type of attack called?
- Brute Force Attack
- Denial-of-Service Attack
- Man-in-the-Middle Attack
- Phishing Attack
This is a "Man-in-the-Middle Attack" where the attacker intercepts communication between a user and a legitimate network by positioning themselves between them.
A system that combines the features of both firewalls and IDS/IPS is commonly referred to as a _______.
- DMZ (Demilitarized Zone)
- NAT (Network Address Translation)
- SIEM (Security Information and Event Management)
- UTM (Unified Threat Management)
A UTM (Unified Threat Management) system combines the functionalities of both firewalls and IDS/IPS, providing comprehensive security.
What is the primary purpose of a software patch?
- Add new features
- Enhance user interface
- Fix software vulnerabilities
- Improve system performance
The primary purpose of a software patch is to fix software vulnerabilities. Software vulnerabilities can be exploited by malicious actors to compromise a system's security. Patches are essential for maintaining a secure and stable software environment.
Which VPN protocol operates at Layer 2 of the OSI model and is often used for remote access?
- IPsec
- L2TP
- OpenVPN
- PPTP
The VPN protocol that operates at Layer 2 of the OSI model is "L2TP" (Layer 2 Tunneling Protocol), which is commonly used for remote access VPN connections.
GDPR introduces the role of a _______ to ensure compliance within organizations.
- Compliance Officer
- Data Officer
- Data Privacy Officer
- Data Protection Officer
GDPR (General Data Protection Regulation) introduces the role of a Data Protection Officer (DPO) to ensure compliance within organizations. The DPO is responsible for monitoring data protection activities, advising on data protection obligations, and serving as a contact point for data protection authorities.
After implementing a strict CSP on a website, a developer notices that some of the third-party widgets are not functioning. Which of the following is the most likely reason?
- The widgets are not properly configured
- The widgets lack a Content Security Policy
- The widgets need browser extensions to function
- The widgets violate the Same-Origin Policy
The most likely reason for the third-party widgets not functioning after implementing a strict CSP (Content Security Policy) is that the widgets violate the Same-Origin Policy. CSP restricts the sources from which content can be loaded on a web page, and if the widgets come from a different origin, they may be blocked.