An effective incident reporting procedure should prioritize which aspect to ensure timely remediation?
- Incident Classification
- Incident Escalation
- Incident Identification
- Incident Notification
An effective incident reporting procedure should prioritize incident classification to ensure timely remediation. Properly classifying incidents based on their severity and impact helps in allocating resources efficiently. Critical incidents can be addressed with higher priority, leading to timely remediation and reduced potential damage.
What differentiates SCP from SFTP in terms of functionality and usage?
- SCP and SFTP are identical in functionality and usage.
- SCP is a file transfer protocol that only supports file transfer. SFTP, on the other hand, is an interactive file transfer protocol that also allows file and directory manipulation, remote file viewing, and more.
- SCP is a more secure version of SFTP.
- SCP is a text-based protocol, whereas SFTP is binary-based.
SCP (Secure Copy Protocol) and SFTP (SSH File Transfer Protocol) have distinct differences in functionality. SCP is primarily for file transfer, while SFTP is more versatile, offering interactive features like file management and remote access.
A company wants to ensure that their inter-branch communication over the internet is secure, confidential, and has data integrity. Which protocol would best serve this purpose?
- FTP
- HTTP
- HTTPS
- Telnet
HTTPS (Hypertext Transfer Protocol Secure) is a secure communication protocol that provides encryption, data integrity, and confidentiality over the internet.
An attacker sets up a rogue wireless access point with the same SSID as a legitimate network to trick users into connecting to it. What is this type of attack called?
- Brute Force Attack
- Denial-of-Service Attack
- Man-in-the-Middle Attack
- Phishing Attack
This is a "Man-in-the-Middle Attack" where the attacker intercepts communication between a user and a legitimate network by positioning themselves between them.
The _______ protocol of IPsec ensures authentication and data integrity but not confidentiality.
- AH (Authentication Header)
- DNS (Domain Name System)
- ESP (Encapsulating Security Payload)
- IKE (Internet Key Exchange)
The AH (Authentication Header) in IPsec provides authentication and data integrity, but it doesn't offer confidentiality.
A multinational company with its headquarters in the US is collecting and processing personal data of European citizens. A customer from France requests a copy of all the personal data the company has about him. Which regulation mandates the company to honor this request?
- CCPA
- FERPA
- GDPR
- HIPAA
GDPR (General Data Protection Regulation) is the European Union's regulation that mandates data protection and privacy for European citizens. It requires organizations, regardless of where they are based, to comply with strict data protection rules when processing personal data of European citizens.
How does a network-based IDS (NIDS) differ from a host-based IDS (HIDS)?
- NIDS is software-based; HIDS is hardware-based
- NIDS monitors host system logs and activities; HIDS monitors network traffic
- NIDS monitors network traffic; HIDS monitors host system logs and activities
- NIDS relies on anomaly detection; HIDS relies on signature-based detection
NIDS and HIDS are distinct intrusion detection systems. NIDS monitors network traffic for suspicious activities, while HIDS focuses on monitoring the activities and logs of a specific host system. They differ in their monitoring scope.
An employee in the finance department is found accessing confidential HR records without a valid reason. This action is indicative of which type of security concern?
- Firewall
- Insider Threat
- Phishing
- Ransomware
This situation points to an insider threat. An insider threat occurs when someone within an organization misuses their access or privileges to compromise security, such as unauthorized access to sensitive data.
An employee receives an email from her bank asking her to verify her account details due to recent security breaches. The email contains a link to a website that looks similar to her bank's website. She becomes suspicious because the email has typos and the URL seems off. This email is likely an example of which type of attack?
- Phishing
- Spear Phishing
- Malware
- Social Engineering
This scenario is an example of "Phishing." Phishing attacks involve sending deceptive emails, often impersonating trusted entities, to trick recipients into revealing sensitive information or clicking on malicious links. In this case, the email's typos and suspicious URL are typical signs of phishing.
A system that combines the features of both firewalls and IDS/IPS is commonly referred to as a _______.
- DMZ (Demilitarized Zone)
- NAT (Network Address Translation)
- SIEM (Security Information and Event Management)
- UTM (Unified Threat Management)
A UTM (Unified Threat Management) system combines the functionalities of both firewalls and IDS/IPS, providing comprehensive security.