Unit 3 Practice Ethical Hacker
You are a security consultant hired to evaluate physical security. All employees must pass a locked door to enter the work area, restricted using a bio fingerprint lock. The receptionist is next to this door, and she uses an Ipad to log security events and complete other tasks. What could be done to add additional security?
Train receptionist to keep Ipad in a locked drawer
What best describes a lock shim?
A thin stiff piece of metal
Joe is often called away from his desk. Joe doesn't want to sign out of his computer every-time he leaves. What is best for securing Joe's workstation?
Configure screen saver to require password
Jason, at home, is attempting to access his music website, where it has a simple form asking for his name email and phone number. Jason knows this isn't the website and that it has been hacked. How was this accomplished?
DNS cache poisoning
Attackers targeting high profile victims and senior executives is known as?
Whaling
Ron wants to get access to a law firm when June is having lunch in her office. Ron notices a dog on June's phone and starts a conversation on dogs. What phase of social engineering is this?
Developmemt
Cctv can be preventive (live events) or investigative (record events for playback). What camera is more vandal resistant?
Dome camera
You get a call from you best customer. They are asking about your company's employees teams and managers. What should you do?
Don't provide any information and forward the call to the help desk.
Compliments, misinfo, feigning ignorance, and being a good listener are tactics of which social engineering technique?
Elicitation
Emergency lighting on protected power that auto turns on when the power goes off is part of which physical control?
Employee/visitor safety
What best describes a script kiddie?
Hacker using scripts written by much more talented individuals
You are implementing procedures requiring employee authentication. You observe employees holding the door for others to pass through. What training should you do?
How to prevent piggybacking/tailgating
You have implemented regular backups for a Windows system, done daily with an image backup weekly. Your company has decided not to store redundant copies of the backup media off-site. What would be the best backup storage?
Incremental, storing them in a locked fireproof safe
What best describes a physical barrier used to deter aggressive intruders?
Large flowerpots
When going to work, Angela realizes she forgot the company laptop at the coffee shop. What type of threat has she caused?
Man made
When reviewing cameras, you notice a person piggybacking who had no security badge. What can be implemented to prevent this?
Mantraps
Social engineers are master manipulators. What techniques might they use?
Moral obligation ignorance and threatening
The US DoC has an agency with the goal of protecting organizational operations assets and individuals from threats like malicious cyber attacks natural disasters structural failures and human error. What agency was created for this purpose?
NIST
What type of attack involves changing the boot order on a PC to gain computer access by bypassing the operating system?
Physical
Using a fictitious scenario to persuade people to perform actions or give info they aren't authorized to share is?
Pretexting
Important aspects of physical security include?
Preventing interruptions of service caused bu problems like fire
What are three factors to keep in mind with physical security?
Prevention detection and recovery
A person has jumped the fence but was detained by a security guard shortly after. What area of physical security is the guard in?
Security sequence
Brandon helps Fred with his computer and as Fred is typing in his login info Brandon watches him. Brandon tells Fred its not good to have people watch you type. What social engineering attack is this?
Shoulder surfing
You have DVDs with files from your latest project and you need to prevent from sensitive information from being compromised. What should you do?
Shred discs
Attacks involving human interaction are?
Social engineering
You instant message a coworker and get a malicious link. What type of social engineering attack is this?
Spim
What best describes an inside attacker?
Unintentional threat actor, most common threat.
