38 Questions
What type of data is considered sensitive and should be treated as such to ensure compliance with privacy regulations?
Patient data, including medical records
Which of the following is a technology that monitors and analyzes the activity and behavior of endpoints?
EDR
What is the primary function of EDR?
To detect and prevent malicious software
What is the main difference between EDR and IDS?
EDR is endpoint-based, while IDS is network-based
What is the purpose of creating an inbound firewall rule?
To block access from a malicious IP address
What is the correct syntax for an inbound firewall rule to block a specific IP address?
access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0
What is the primary goal of privacy regulations like HIPAA?
To protect sensitive patient data
What is the main difference between EDR and ACL?
EDR monitors network traffic, while ACL controls access to resources
What is the primary goal of a bug bounty program?
To identify vulnerabilities in an application or system
What is the term used to describe the use of unauthorized or unapproved IT resources within an organization?
Shadow IT
What type of attack involves tricking victims into clicking on malicious links or providing personal information through text messages?
Smishing
What is the primary benefit of a bug bounty program?
Improved security posture
What type of phishing uses text messages to entice individuals into providing personal or sensitive information?
Smishing
What is the term used to describe the act of a company's Chief Executive Officer asking an employee to purchase several gift cards through a text message?
Smishing
What is the best response to a smishing attack in a company?
Add a smishing exercise to the annual company training and issue a general email warning
What is the primary risk of shadow IT?
Risk to the organization's security posture, data integrity, and regulatory compliance
What type of attack tries common passwords across several accounts to find a match?
Password spraying
What is the most likely type of attack in the given log?
Password spraying
What is the purpose of a bug bounty program in terms of security testing?
To identify vulnerabilities in an application or system
What is the main characteristic of password spraying?
Tries a single password across multiple accounts
What type of attack involves an employee receiving a text message from an unknown number claiming to be the company's Chief Executive Officer?
Smishing
Which type of threat actor is most likely to use large financial resources to attack critics?
Nation-state
What is a common tactic used by BEC attackers?
Stealing money from unsuspecting victims
What is the process of determining the resources needed to meet the current and future demands of an organization?
Capacity planning
What is the main purpose of capacity planning in business continuity strategy?
To estimate staff requirements during a disruption
What is a likely motivation behind a fraudulent email claiming to be from the CEO?
To steal money from unsuspecting victims
What should an employee do upon receiving a suspicious email claiming to be from the CEO?
Verify the authenticity of the email with the CEO
What is a common approach used by attackers to steal money from victims?
Requesting gift cards for a supposed business purpose
What is a compensating control used for in security?
To reduce the likelihood or impact of an attack
What is the primary function of a host-based firewall?
To monitor and filter network traffic on a single host
What is a likely response to a fraudulent email claiming to be from the CEO?
Verify the authenticity of the email with the CEO
What is a benefit of capacity planning in business continuity strategy?
Estimating staff requirements during a disruption
What is required for an organization to properly manage its restore process in the event of system failure?
Disaster Recovery Plan (DRP)
What is the most likely occurrence when an internal system sends a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours?
A worm is propagating across the network
What is the purpose of a network segmentation strategy?
To limit the exposure of a system to potential threats
What is a legacy Linux system?
An older version of the Linux operating system that may not be compatible with the latest security updates or patches
What is the main goal of a disaster recovery plan (DRP)?
To restore the normal operations of an organization in the event of a system failure
What is a possible reason why a system may have known vulnerabilities or weaknesses?
The system is not compatible with the latest security updates or patches
Study Notes
Sensitive Patient Data
- Patient data, including medical records, diagnoses, treatments, and personal information, is considered sensitive and should be treated as such to ensure compliance with privacy regulations like HIPAA (Health Insurance Portability and Accountability Act) in the United States.
Endpoint Detection and Response (EDR)
- EDR is a technology that monitors and analyzes the activity and behavior of endpoints, such as computers, laptops, mobile devices, and servers.
- EDR helps detect and prevent malicious software, such as viruses, malware, and Trojans, from infecting endpoints and spreading across the network.
- EDR provides visibility and response capabilities to contain and remediate threats.
Compensating Control
- A compensating control is a security measure that mitigates the risk of a vulnerability or weakness that cannot be resolved by the primary control.
- A compensating control reduces the likelihood or impact of an attack, but does not prevent or eliminate the vulnerability or weakness.
- Example: A host-based firewall on a legacy Linux system that allows connections from only specific internal IP addresses.
Disaster Recovery Plan (DRP)
- A DRP is a set of policies and procedures that aim to restore the normal operations of an organization in the event of a system failure, natural disaster, or other emergency.
- A DRP is required for an organization to properly manage its restore process in the event of system failure.
DNS Queries
- An unusual amount of DNS queries to systems on the internet over short periods of time during non-business hours may indicate that an internal system is sending malicious traffic.
Bug Bounty
- A bug bounty is a program that rewards security researchers for finding and reporting vulnerabilities in an application or system.
- Bug bounties are used by companies to improve their security posture and incentivize ethical hacking.
Smishing
- Smishing is a type of phishing attack that uses text messages or common messaging apps to trick victims into clicking on malicious links or providing personal information.
- Example: A fraudulent text message claiming to be from the CEO, asking an employee to purchase gift cards.
Shadow IT
- Shadow IT is the use of unauthorized or unapproved IT resources within an organization.
- Example: The marketing department setting up its own project management software without telling the appropriate departments.
Business Continuity Strategy
- Capacity planning is the process of determining the resources needed to meet the current and future demands of an organization.
- Capacity planning helps a company develop a business continuity strategy by estimating how many staff members would be required to sustain the business in the case of a disruption.
Threat Actors
- A threat actor is an entity that poses a threat to an organization's security.
- Example: A threat actor using large financial resources to attack a critic.
Password Spraying
- Password spraying is a type of brute-force attack that tries common passwords across several accounts to find a match.
Test your knowledge on HIPAA compliance and network security concepts, including data protection, virus protection, and access control.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free