Sarah, a new employee, is having trouble accessing a secure office. A friendly co-worker she hasn't met offers to let her in using his access card. This scenario is an example of which social engineering technique?
- Tailgating
- Phishing
- Spear Phishing
- Vishing
This scenario is an example of "Tailgating." Tailgating involves an unauthorized person following an authorized person into a secured area. In this case, Sarah's friendly co-worker is exploiting her trust to gain access to the secure office.
Security awareness training primarily aims to address which of the following risks?
- External threats like hackers
- Insider threats
- Natural disasters
- Network downtime
Security awareness training is designed to address insider threats. This training helps employees recognize and prevent security breaches, making them more vigilant against unintentional or malicious actions that could harm the organization's security.
What is the primary purpose of a cybersecurity policy within an organization?
- Educating employees on threats
- Establishing a secure perimeter
- Protecting against malware
- Setting up firewalls
The primary purpose of a cybersecurity policy is to establish a secure perimeter. This means defining and maintaining boundaries to protect an organization's assets, information, and technology infrastructure from external threats. It is a proactive approach to safeguarding an organization's digital assets.
What is the main reason behind using anti-CSRF tokens in web forms?
- Avoiding Distributed Denial of Service (DDoS) Attacks
- Mitigating Cross-Site Scripting Attacks
- Preventing Data Breaches
- Protecting Against Cross-Site Request Forgery
Anti-CSRF tokens are primarily used to protect against Cross-Site Request Forgery (CSRF) attacks. These tokens help ensure that requests made to a server are legitimate and not generated by malicious entities. By including these tokens in web forms, developers can prevent attackers from tricking users into making unwanted actions without their knowledge.
Blind SQL Injection is a type of SQL injection where:
- Attackers extract data blindly
- Attackers inject code
- Attackers manipulate queries
- Attackers use UNION-based techniques
Blind SQL Injection occurs when attackers blindly extract data from a database without directly knowing the query's result. This is typically done using boolean-based queries.
After implementing a new firewall rule, a company's remote employees suddenly cannot access the internal network through the VPN. The IT team suspects the rule is blocking the VPN traffic. To address this issue without compromising security, what should they consider adjusting in the firewall?
- Rule Complexity
- Rule Logging
- Rule Priority
- Rule Timing
Adjusting the 'Rule Priority' allows the company to ensure that the VPN traffic is processed before other rules, resolving the issue without compromising security.
What is the primary purpose of implementing a Content Security Policy (CSP) on a website?
- Enable cookies for third-party domains
- Enhance search engine optimization (SEO)
- Mitigate Cross-Site Scripting (XSS) attacks
- Optimize website loading speed
The primary purpose of implementing a Content Security Policy (CSP) on a website is to mitigate Cross-Site Scripting (XSS) attacks. CSP defines and enforces the security policies for web content by specifying which sources of content are allowed, thereby reducing the risk of XSS attacks by controlling where resources can be loaded from.