Chapter 4
Consensus tactic:
"social Proof" Everyone's done it already, so you should to
Whaling:
Aimed at senior employees like CEO's
Phishing:
Broad term for fraudulent acquisition of data
What type of malicious actor is most likely to use hybrid warfare? A. A Script kiddie B. A Hacktivist C. An internal threat D. A nation-state
D
Dictionary attack:
Uses a list of words for potential passwords.
Alan reads Susan's password from across the room as she logs in. What type of technique has he used? A. Man-in-the-room attack B. Shoulder Surfering C. A man-in-the-middle attack D. Pretexting
B
Authority tactic:
Claiming to be a manager, CEO, etc., to seem in charge
Sharif receives a bill for services that he does not believe his company requested or had performed. What type of social engineering technique is this? A. Credential harvesting B. A hoax C. Reconnaissance D. An invoice scam
D
Skimming attacks are often associated with what next step by attackers? A. Phishing B. Dumpster diving C. Vishing D. Cloning
D
Typosquatters:
Misspelled URL's to conduct attacks
SPIM:
Spam over Instant Messaging
Spear phishing:
Targets specific individuals
Charles wants to find out about security procedures inside his target company, but he doesn't want the people he is talking to realize that he is gathering information about the organization. He engages staff members in casual conversation to get them to talk about the security procedures without noticing that they have done so. What term describes this process in social engineering efforts? A. Elicitation B. Suggestion C. Pharming D. Prepending
A
Watering hole:
Attacking on commonly visited websites
Alex discovers that the network routers that his organization has recently ordered are running a modified firmware version that does not match the hash provided by the manufacturer when he compares them. What type of attack should Alex categorize this attack as? A. An influence campaign B. A hoax C. A supply chain attack D. A Pharming attack
C
Dumpster diving:
Getting potential information via trash
Shoulder surfing:
Looking over a persons shoulder to get passwords or data
Scarcity tactic:
Making something seem more desirable than it is
Smishing:
Phishing via text messages
Vishing:
Phishing via voice/telephone
Credential harvesting:
Process of gathering credentials like usernames, passwords, etc.
Urgency tactic:
Relies on creating a feeling that an action must be done quickly
Familiarity tactic:
Rely on you liking the individual or organization
Password Spraying:
Single password or small set against many accounts
Pretexting:
Using a made up scenario to justify why you are approaching someone
Identity fraud:
Using someone elses identity
Elliciting information:
Gathering information without a target knowing, usually through a casual conversation 'finessing'
Brute Force:
Going through potential passwords until one works
Selah infects the ads on a website that users from her target company frequently visit with malware as part of her penetration test. What technique has she used? A. Watering hole attack B. Vishing C. Whaling D. Typosquatting
A
Which of the following is the best description of tailgating? A. Following someone through a door they just unlocked B. Figuring out how to unlock a secured area C. Sitting close to someone in a meeting D. Stealing information from someone's desk
A
Alaina discovers that someone has set up a website that looks exactly like her organizations banking website. Which of the following best describes this sort of attack? A. Phishing B. Pharming C. Typosquatting D. Tailgating
B
Ben searches through an organizations trash looking for sensitive documents, internal notes, and other useful information. What term describes this type of activity? A. Waste engineering B. Dumpster diving C. Trash pharming D. Dumpster harvesting
B
Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords? A. MDFsum B. John the Ripper C. GPG D. Netcat
B
What type of phishing targets specific groups of employees, such as all managers in the financial department of a company? A. Smishing B. Spear phishing C. Whaling D. Vishing
B
Nicole accidentally types www.smazon.com into her browser and discovers that she is directed to a different site loaded with ads and pop-ups. Which of the following is the most accurate description of the attack she has experienced? A. DNS Hijacking B. Pharming C. Typosquatting D. Hosts file compromise
C
Luccas organization runs a hybrid datacenter with systems in Microsofts Azure cloud and in a local facility. Which of the following attacks is one that he can establish controls for in both locations? A. Shoulder surfing B. Tailgating C. Dumpster diving D. Phishing
D
When you combine phishing with Voice over IP, it is known as: A. Spoofing B. Spooning C. Whaling D. Vishing
D
Tailgating:
Following someone through a secured door/area
Trust tactic:
Like familiarity, but work on building a connection first
Pharming:
Redirecting traffic away from legit ones
Intimidation tactic:
Scaring or bullying someone to get them to do what you want