SY0-601 SEC+ Social Engineering Techniques & Attack Types
Which of these types of phishing variants matches the proper definition?
BEC - Targets companies who outsource, conduct wire transfers, and have suppliers abroad Smishing - A cyber attack that uses SMS texting as the vector Spear phishing - Targets certain employees in certain departments, roles, and responsibilities Whaling - Targets high-level employee or someone in senior management Pharming - Attackers poisons a DNS server to re-direct users to unintentionally go to a fake site
What cryptographic attack takes advantage of an application's ability to give up a more secure method of communication and revert to an order, less-optimal mode?
Downgrade attack
What is most likely the first step in a scam or hoax attack?
IP spoofing
Which of these represents practical reasons for the effectiveness of social engineering?
Lack of acceptable use policy No buy-in from management No policy enforcement Outdated anti-virus tools and utilities
Which of these attacks triggers a certain event occurs such as mouse movement of file access?
Logic bomb
What technologies with learning, reasoning, and decision-making abilities are rapidly being incorporated into security, analysis, defense, and military systems?
Machine learning Robotic technologies Artificial intelligence
What is another term used to describe an influence campaign?
Misinformation operation
Which of these is more related to an on-premise provider as opposed to a cloud-based provider?
More experience and familiarity with systems
Which of these attacks is most likely to be conducted with a cell phone camera?
Shoulder surfing
What technique uses devices that overlay an ATM machine or point-of-scale scanner to steal the information from the victim?
Skimming
Which of these password attacks tries to access many accounts using a few commonly used passwords with a "low-and-slow" methodology?
Spraying
Match the type of common malware with the proper characteristic?
Spyware - Malware that can show advertisements, track information, and make changes to endpoints without user knowledge. Ransomware - Client and server handshakes before the server generates two cryptographic keys Worms - A special form of self-replicating malware that typically spreads without user action Keyloggers - KeyGhost captures passwords, credit card numbers, and other personal information Rat - Infected PC serves a session back to C2C server acting as client
What type of attack involves infiltrating a system through an outside partner, vendor, or provider with access to your systems and/or data?
Supply chain attack
Which of these are terms that describe an attacker sitting on sites under someone else's brand and targeting internet users who erroneously type into their browser address bar?
Typosquatting URL hijacking Sting sites Fake URL