Welcome to Week 1 of our Cybersecurity+ training! Dive into foundational and advanced topics including security frameworks, attack vectors, cryptographic protocols, and certification-level test content. Study deeply using NSA.gov and CompTIA.org.
Diffie-Hellman is a method of securely exchanging cryptographic keys over a public channel. It uses asymmetric encryption, meaning it relies on a key pair: one public and one private. This makes it ideal for initial key exchange in secure communications.
Question: Which protocol uses asymmetric encryption for secure key exchange?
XSS (Cross-Site Scripting) is an attack that injects malicious code into websites viewed by other users. Itβs one of the top threats according to OWASP. XSS attacks are prevented by properly sanitizing user inputs and using frameworks with built-in protection.
Question: What attack involves injecting malicious code into a dynamic input field of a web application?
Defense in Depth is a multi-layered security strategy. It uses a combination of technical, physical, and administrative controls like firewalls, antivirus, monitoring, and user training to protect systems at multiple levels.
Question: Which of the following best describes the concept of "Defense in Depth"?
Strong password policies are essential for reducing attack vectors. Best practices include minimum length (e.g., 12 characters), complexity (mix of characters), expiration policies, and multi-factor authentication (MFA).
Question: Which of these is the most secure configuration for password policies?
A DMZ (Demilitarized Zone) in cybersecurity separates external-facing systems (like web servers) from internal networks. This way, public access doesn't compromise sensitive internal resources.
Question: What is the purpose of a DMZ in network security?