Cyber Security — Set 3

Correct Answer: D. Updating software to fix security vulnerabilities

Patch management involves testing and deploying small pieces of code provided by software vendors. These patches often fix critical security bugs that could otherwise be exploited by hackers. Consistent patching is one of the most effective ways to prevent cyberattacks.

Correct Answer: A. Random data added to a password before it is hashed

Salting makes it much harder for attackers to use pre-calculated tables to crack passwords. It ensures that two identical passwords will result in different hashes. This is a standard security practice for protecting user databases.

Correct Answer: C. Protecting individual devices like laptops and phones

The correct answer is 'Protecting individual devices like laptops and phones'. Endpoints refer to any device that connects to a network from the outside. Modern endpoint security uses AI to detect threats that traditional antivirus software might miss. It is crucial for organizations with 'Bring Your Own Device' (BYOD) policies.

Correct Answer: C. Trying every possible combination of a password until one works

Brute force attacks rely on computational power to guess passwords or encryption keys. Attackers often use dictionaries of common words to speed up the process. Using long, complex passwords and account lockout policies can prevent these attacks.

Correct Answer: A. Giving users only the access they need for their specific job

PoLP limits the potential damage if an account is compromised by a hacker. It prevents a regular user from accessing sensitive administrative settings or data. This principle is a core part of a zero-trust security model.

Correct Answer: C. A simulated cyberattack to find security weaknesses

Pentesting is conducted by ethical hackers to identify flaws before malicious actors find them. The results are summarized in a report with recommendations for fixing the issues. Regular testing is vital for maintaining the security of web applications.

Correct Answer: D. Keylogger

Keyloggers can steal sensitive information like passwords, credit card details, and private messages. They can be installed either as software or as a physical device on a keyboard. Using an on-screen keyboard can sometimes help bypass basic software-based keyloggers.

Correct Answer: A. Encrypting data that is stored on a disk or database

Encryption at rest protects data from being read if the physical storage device is stolen. It is different from 'encryption in transit,' which protects data moving over a network. This is a common requirement for data privacy regulations like GDPR.

Correct Answer: C. Malware that provides administrative access while hiding its presence

The correct answer is 'Malware that provides administrative access while hiding its presence'. Rootkits embed themselves deep within the operating system, often making them invisible to standard antivirus programs. They allow attackers to maintain persistent control over a compromised system. Specialized removal tools or a complete system wipe are often needed to get rid of them.

Correct Answer: D. Cross-Site Scripting (XSS)

XSS allows attackers to execute code in the victim's browser to steal session cookies or data. The website itself is used as a vehicle to deliver the malicious script to its users. Sanitizing user input is the most common way to prevent XSS vulnerabilities.