Which technology encrypts the entire hard drive, ensuring that the data on the disk is secure even if the computer is lost or stolen?
- AES
- BitLocker
- Firewall
- TPM
BitLocker is a full-disk encryption feature included with Microsoft Windows. It encrypts the entire hard drive, making it unreadable without the proper decryption key. This ensures the security of data on the disk, even if the computer is lost or stolen.
One of the primary components of DLP is _______ detection, which analyzes communication patterns for potential data exfiltration.
- Anomaly
- Behavioral
- Intrusion
- Malware
One of the primary components of DLP (Data Loss Prevention) is Anomaly detection, which analyzes communication patterns for potential data exfiltration. Anomaly detection looks for unusual patterns that may indicate data breaches or unauthorized access.
A cloud service provider promises to maintain certain security measures to protect its customer's data. To ensure this, the customer asks for a third-party attestation regarding the provider's security practices. This is an example of seeking which type of assurance?
- Regulatory compliance assurance
- Service Level Agreement (SLA) assurance
- Third-party security assessment
- Vendor self-assessment assurance
Seeking a third-party security assessment ensures an independent evaluation of the cloud provider's security measures, providing customers with assurance that their data will be adequately protected.
A _______ is a list maintained by a Certificate Authority that contains all the certificates it has revoked.
- CA (Certificate Authority)
- CRL (Certificate Revocation List)
- CSR (Certificate Signing Request)
- PKI (Public Key Infrastructure)
A CRL (Certificate Revocation List) is a crucial component of a Public Key Infrastructure (PKI). It is a list maintained by a Certificate Authority (CA) and contains all the certificates it has revoked before their expiration dates. This helps ensure the security of digital certificates and public keys.
What is the primary purpose of a strong password policy in user authentication?
- Enhancing user creativity
- Improving user experience
- Increasing security
- Reducing login times
The primary purpose of a strong password policy in user authentication is to increase security. A strong password policy enforces the use of complex passwords, making it more difficult for unauthorized users to gain access to accounts through brute force or dictionary attacks.
When a policy violation occurs, the CSP can be configured to send a report to a specified URI using the _______ directive.
- content-uri
- policy-uri
- report-uri
- security-uri
The correct directive for configuring CSP to send a report to a specified URI is report-uri. This directive is essential for monitoring and resolving policy violations by receiving reports on security incidents.
A financial institution enforces a policy where users must change their passwords every 45 days, and the new password cannot be any of the last five passwords used. This policy is primarily designed to mitigate which type of threat?
- Brute Force Attacks
- Credential Theft
- Insider Threats
- Password Guessing Attacks
The password policy is designed to mitigate Password Guessing Attacks, where attackers attempt to guess user passwords to gain unauthorized access.
In the context of wireless networks, what does WPA stand for?
- Wi-Fi Printing Adapter
- Wi-Fi Protected Access
- Wireless Personal Area
- Wireless Public Access
WPA stands for Wi-Fi Protected Access, a security protocol used in wireless networks to protect data and control access, providing enhanced security compared to older WEP (Wired Equivalent Privacy) standards.
Sarah, a new employee, is having trouble accessing a secure office. A friendly co-worker she hasn't met offers to let her in using his access card. This scenario is an example of which social engineering technique?
- Tailgating
- Phishing
- Spear Phishing
- Vishing
This scenario is an example of "Tailgating." Tailgating involves an unauthorized person following an authorized person into a secured area. In this case, Sarah's friendly co-worker is exploiting her trust to gain access to the secure office.
Security awareness training primarily aims to address which of the following risks?
- External threats like hackers
- Insider threats
- Natural disasters
- Network downtime
Security awareness training is designed to address insider threats. This training helps employees recognize and prevent security breaches, making them more vigilant against unintentional or malicious actions that could harm the organization's security.