6.1 Summarize confidentiality, integrity, and availability concerns.
Which of the following examples illustrates a successful phishing attack?
A user replies to an email with his bank account number because the message indicated he was required to do so.
What is a social engineering attack?
An attack that depends on human factors and deception rather than technology
What technique would a hacker use to target the availability of network services?
Compromise hosts with bot malware to launch a coordinated attack that overwhelms a web service
What security practice can a company use to protect its valuable data from catastrophic natural threats?
Creating backup data on servers in other facilities across the country
What term describes the threat of someone stealing hard copies that have been thrown out?
Dumpster Diving
What technique can be used to prevent eavesdropping on a data network?
Encrypting data in-transit
What action can help mitigate the risk of replay attacks?
Ensuring that applications use encryption and time-stamping to make certain that the tokens cannot be misused
Which is a availability-factor to consider when choosing a third-party cloud service provider?
Fault Tolerance
As you are about to enter a secured building, a stranger waiting outside tells you he is a recent hire and asks you to let him in because he forgot his swipe card. What kind of security attack is this?
Impersonation
What action can help mitigate the risk of impersonation attacks?
Implementing strong identity controls, such as badging systems for building access and multi-factor authentication for network access
What best practice can prevent a malicious person from snooping on a victim's computer when the victim walks away?
Locking the Windows computer by holding down the "Windows Logo Key" and pressing the "L" key
What action can help mitigate against the risk of Man-in-the-Middle (MitM) attacks?
Making senders and receivers authenticate themselves and use encryption to validate messages
How can an administrator reduce the impact of hardware failures?
Provisioning redundant servers and configure a service to fail-over to a working server
You no longer need the data on a hard copy. How can you ensure confidentiality when disposing of the data?
Put it through a shredder.
You find you are unable to control your computer, and a message on the screen states that you must pay a fee before you can once again assume control of your computer. Which type of malware is infecting your computer?
Ransomware
What is an email-based threat that presents various advertising materials, promotional content, or money-making schemes to users?
Spam
In which type of email-based social engineering attack does a person pretend to be someone else for the purpose of identity concealment by manipulating an IP address, MAC address, or email header?
Spoofing
If someone claims to be receiving spam, what problem is occurring?
The person is receiving advertising or promotional schemes through instant messaging.
While working at your desk, you get a call from your bank. The representative tells you that he needs to confirm your account number and password. What is the likely reason for this call?
This is most likely an illegitimate attempt to extract information from you.
If the IT administrator asks you to prevent snooping by sanitizing an old hard drive, what action should you take?
Thoroughly delete and overwrite any traces or bits of sensitive data on the hard drive.
What is the best tactic for defeating social engineering?
Training users to recognize and respond to social engineering situations
What action is an example of an appropriate redundancy measure?
Using a backup power generator in a hospital to provide electricity to critical life-support systems.
What action can help mitigate the risk of unexpected power outages?
Using a backup source, which provides a means to safely close down a server
How do cyber criminals typically use wiretapping to steal information?
Using a hardware device that inserts the hacker between two hosts
