Chapter 4 Review Questions
Alex discovers that the network routers that his organization has recently ordered are running a modified firmware version that does not match the hash provided by the manufacturer when he compares them. What type of attack should Alex categorize this attack as?
A supply chain attack
Selah infects the ads on a website that users from her target company frequently visit with malware as part of her penetration test. What technique has she used?
A watering hole attack
Sharif receives a bill for services that he does not believe his company requested or had performed. What type of social engineering technique is this?
An invoice scam
Ben searches through an organization's trash looking for sensitive documents, internal notes, and other useful information. What term describes this type of activity?
Dumpster diving
Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords?
John the Ripper
Alaina suspects that her organization may be targeted by a SPIM attack. What technology is she concerned about?
Spam over Instant Messaging
When you combine Phishing with VOIP, it is known as?
Vishing
What type of malicious actor is most likely to use hybrid warfare?
A nation-state
Skimming attacks are often associated with that next step by attackers?
Cloning
What technique is most commonly associated with the use of malicious flash drives by penetration testers?
Distributing them in parking lots as though they were dropped
Which of the following is the best description of Tailgating?
Following someone through a door they just unlocked.
Alaina discovers that someone has set up a website that looks exactly like her organization's banking website. Which of the following terms best describes this sort of attack?
Pharming
Lucca's organization runs a hybrid datacenter with systems in Microsoft Azure cloud and in a local facility. Which of the following attacks is one that he can establish controls for in both locations?
Phishing
Alan reads Susan's password from across the room as she logs in. What type of technique has he used?
Shoulder Surfing
What type of phishing targets specific groups of employees, such as all managers in the financial department of a company?
Spear Phishing
Naomi receives a report of Smishing. What type of attack should she be looking for?
Test message based Phishing
Nicole accidentally types www.smazon.com into her browser and discovers that she is directed to a different site loaded with ads and pop-ups. Which of the following is the most accurate description of the attack she has experienced?
Typosquatting