Chp2SecurityAwareness
How can an attacker use a hoax?
A hoax could convince a user that malware is circulating and that he should change his security settings.
The process of providing proof that the user is "genuine" or authentic is known as.
Authentication
6.Each of the following is a step to deter identity theft except: a--Keep personal information in a secure location. b--Carry a copy of a Social Security card in a wallet instead of the original. c--Shred financial documents that contain personal information. d--Do not provide personal information either over the phone or through an email message.
Carry a copy of a social security card instead of the original
Each of the following may be performed by an identity thief except: a--Produce counterfeit checks or debit cards and then remove all money from the bank account. b--File for bankruptcy under the person's name to avoid paying debts they have incurred or to avoid eviction. c--Open a bank account in the person's name and write bad checks on that account. d--Send malware into a bank's online accounting system.
Send malware into a bank online accounting system.
Relying on deceiving someone to obtain secure information is known as.
Social engineering
20.Each of the following could be performed in a shoulder surfing attack except: a--Watching the victim insert her plastic card into an ATM b--Observing a person entering a password on a computer keyboard c--Viewing a person writing down his Social Security number on a paper form d--Watching a person enter a PIN at a register in a store
a--Watching the victim insert her plastic card into an ATM
13.What is a vishing attack?
a--an attack that uses a phone instead of email or a website
16.Michelle pretends to be a manager from another city and calls Eric to trick him into giving her his password. What social-engineering attack has Michelle performed? a--pretexting b--aliasing c--character spoofing d--duplicity
a--pretexting
10.Which technique do attackers use today to uncover a password? a--online guessing b--offline cracking c--hash regeneration d--digest reproduction
b--offline cracking
11.Which of these password attacks is the most thorough? a--dictionary attack b--short crack attack c--brute force attack d--grill attack
brute force attack
17.Why are long passwords stronger than short passwords?
c) Long passwords require attackers to make many more attempts to uncover the password.
14.A user who enters americanbank.net into a web browser instead of the correct americanbank.com and is then taken to a fake look-alike site is the victim of a--site redirection naming attack (SRNA) b--URL targeting c--typo squatting d--jacket attacking
c--typo squatting
Which of the following is NOT a characteristic of a weak password? a. personal information in a password b. a password with fewer than six characters c. a password that uses both letters and numbers d. a common dictionary word
c. password that uses both letters and numbers
19.Each of the following is typically found in an email used for a phishing attack except: a--Official logos of the actual site. b--Web links that are close variations of a legitimate address. c--An urgent request to take immediate action. d--The telephone number of the actual site.
d--The telephone number of the actual site.
18.Each of the following is a password manager except: a--password management application b--password generator c--online vault d--hashing repository
d--hashing repository
9.Each of the following is a characteristic of a strong password except: a--It must be lengthy. b--It must be easy to memorize. c--It must be complex. d--It must not be repeated on multiple accounts.
it must be easy to memorize
Observing someone entering a keypad code from a distance is known as.
shoulder surfing
The goal of a phishing attack is.
to trick a user into surrendering personal information
A_____is a unique name for identification.
username
7.Passwords are based on which means of authentication?
what you know