chapter 3 ethical hacker pro

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following best describes a lock shim? A cut to the number nine position. A thin, stiff piece of metal. A small, angled, and pointed tool. When the pins are scraped quickly.

A thin, stiff piece of metal.

Which of the following best describes an inside attacker? An agent who uses their technical knowledge to bypass security. An unintentional threat actor; the most common threat. A good guy who tries to help a company see their vulnerabilities. An attacker with lots of resources and money at their disposal.

An unintentional threat actor; the most common threat.

Any attack involving human interaction of some kind is referred to as: Attacker manipulation An opportunistic attack Social engineering A white hat hacker

Social engineering

You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this? Spam Surf Spim Hoax

Spim

Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). Which camera is more vandal-resistant than other cameras? A dome camera A Pan Tilt Zoom camera A c-mount camera A bullet camera

A dome camera

Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following is the best solutions for securing Joe's workstation? Apply multifactor authentication on his computer. Configure the screen saver to require a password. Set a strong password, that require special characters. Change the default account names and passwords.

Configure the screen saver to require a password.

While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future? Cable locks Mantraps Anti-passback Scrubbing

Mantraps

A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying him physical access. Which of the following areas of physical security is the security guard currently in? Physical control Security sequence Security factors Layered defense

Security sequence

You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization? Replace the biometric locks with smart cards. Train the receptionist to keep her iPad in a locked drawer. Require users to use workstation screensaver passwords. Move the receptionist's desk into the secured area.

Train the receptionist to keep her iPad in a locked drawer.

You get a call from one of your best customers. The customer is asking about your company's employees, teams, and managers. What should you do? You should provide the information as part of quality customer service. You should not provide any information except your manager's name and number. You should not provide any information and forward the call to the help desk. You should put the caller on hold and then hang up.

You should not provide any information and forward the call to the help desk.

Which of the following best describes a script kiddie? A hacker whose main purpose is to draw attention to their political views. A hacker willing to take more risks because the payoff is a lot higher. A hacker who helps companies see the vulnerabilities in their security. A hacker who uses scripts written by much more talented individuals.

A hacker who uses scripts written by much more talented individuals.

Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack? Host file modification DNS cache poisoning Social networking Feigning ignorance

DNS cache poisoning

Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in? Research phase Elicitation phase Exploitation phase Development phase

Development phase

Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique? Impersonation Preloading Elictitation Interrogation

Elictitation

Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control? Employee and visitor safety Physical access controls Physical access logs Perimeter barriers

Employee and visitor safety

You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future? Why employees should wear their badge at all times. How to prevent piggybacking and tailgating. What to do if you encounter a person without a badge. Why employees should never share their ID badge with anyone.

How to prevent piggybacking and tailgating.

Which of the following best describes a physical barrier used to deter an aggressive intruder? Anti-passback system Large flowerpots Alarmed carrier PDS Double-entry doors

Large flowerpots

On her way to work, Angela accidentally left her backpack with a company laptop at the coffee shop. What type of threat has she caused the company? Man-made threat External threat Cloud threat Environmental threat

Man-made threat

Social engineers are master manipulators. Which of the following are tactics they might use? Moral obligation, ignorance, and threatening Keylogging, shoulder surfing, and moral obligation Eavesdropping, ignorance, and threatening Shoulder surfing, eavesdropping, and keylogging

Moral obligation, ignorance, and threatening

The U.S. Department of Commerce has an agency with the goal of protecting organizational operations, assets, and individuals from threats such as malicious cyber-attacks, natural disasters, structural failures, and human errors. Which of the following agencies was created for this purpose? NIST JPCERT NVD CAPEC

NIST

Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system? Environmental attack Man-made attack Physical attack Opportunistic attack

Physical attack

Using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share is called: Impersonation Pretexting Preloading Footprinting

Pretexting

Important aspects of physical security include which of the following? Identifying what was broken into, what is missing, and the extent of the damage. Influencing the target's thoughts, opinions, and emotions before something happens. Implementing adequate lighting in parking lots and around employee entrances. Preventing interruptions of computer services caused by problems such as fire.

Preventing interruptions of computer services caused by problems such as fire.

What are the three factors to keep in mind with physical security? Implementation, detection, and recovery Detection, implementation, and prevention Detection, prevention, and implementation Prevention, detection, and recovery

Prevention, detection, and recovery

Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to? Eavesdropping Spam and spim Shoulder surfing Keyloggers

Shoulder surfing

You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data? Write junk data on the discs. Degauss the discs. Shred the discs. Delete the data on the discs.

Shred the discs.

You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option? Use differential backups and store them on a shelf next to the backup device. Use incremental backups and store them in a drawer in your office. Use incremental backups and store them in a locked fireproof safe. Use differential backups and store them in a locked room.

Use incremental backups and store them in a locked fireproof safe.

An attack that targets senior executives and high-profile victims is referred to as: Whaling Scrubbing Vishing Pharming

Whaling


Conjuntos de estudio relacionados

Pharmacology / Chapter 4: The Nursing Process and Pharmacology

View Set

Chapter 8: Interest Rates and Bond Valuation

View Set

MH Exam 2 - Personality Disorders & Eating Disorders

View Set

ECON: Chapter 16: Business Strategy

View Set

Salesforce Process Automation Accredited Professional

View Set