Ethical Hacking Module 3
Which of the following best describes a lock shim? A cut to the number nine position When the pins are scraped quickly A thin, stiff piece of metal A small, angled, and pointed tool
A thin, stiff piece of metal
Which of the following best describes an insider attacker? A good guy who tries to help a company see their vulnerabilities An agent who uses their technical knowledge to bypass security An unintentional threat actor; the most common threat An attacker with lots of resources and money at their disposal
An unintentional threat actor; the most common threat
You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future? Why employees should wear their badge at all times How to prevent piggybacking and tailgating Why employees should never share their ID badge with anyone What to do if you encounter a person without a badge
How to prevent piggybacking and tailgating
Any attack involving human interaction of some kind is referred to as: Social engineering An opportunistic attack Attacker manipulation A white hat hacker
Social engineering
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this? Spam Hoax Surf Spim
Spim
Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following is the best solutions for securing Joe's workstation? Configure the screen saver to require a password Apply multifactor authentication on his computer Set a strong password, that require special characters Change the default account names and passwords
Configure the screen saver to require a password
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future? Anti-passback Scrubbing Cable locks Mantraps
Mantraps
Social engineers are master manipulators. Which of the following are tactics they might use? Eavesdropping, ignorance, and threatening Keylogging, shoulder surfing, and moral obligation Shoulder surfing, eavesdropping, and keylogging Moral obligation, ignorance, and threatening
Moral obligation, ignorance, and threatening
A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying him physical access. Which of the following areas of physical security is the security guard currently in? Security factors Layered defense Security sequence Physical control
Security sequence
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization? Require users to use workstation screensaver passwords Train the receptionist to keep her iPad in a locked drawer Move the receptionist's desk into the secured area Replace the biometric locks with smart cards
Train the receptionist to keep her iPad in a locked drawer
Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). Which camera is more vandal-resistant than other cameras? A Pan Tilt Zoom camera A bullet camera A dome camera A c-mount camera
A dome camera
Which of the following best describes a script kiddie? A hacker whose main purpose is to draw attention to their political views A hacker who uses scripts written by much more talented individuals A hacker willing to take more risks because the payoff is a lot higher A hacker who helps companies see the vulnerabilities in their security
A hacker who uses scripts written by much more talented individuals
Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack? Feigning ignorance Host file modification DNS cache poisoning Social networking
DNS cache poisoning
Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in? Development phase Elicitation phase Research phase Exploitation phase
Development phase
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique? Elictitation Interrogation Preloading Impersonation
Elictitation
Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control? Physical access controls Perimeter barriers Physical access logs Employee and visitor safety
Employee and visitor safety
Which of the following best describes a physical barrier used to deter an aggressive intruder? Anti-passback system Double-entry doors Large flowerpots Alarmed carrier PDS
Large flowerpots
On her way to work, Angela accidentally left her backpack with a company laptop at the coffee shop. What type of threat has she caused the company? Environmental threat Cloud threat Man-made threat External threat
Man-made threat
The U.S. Department of Commerce has an agency with the goal of protecting organizational operations, assets, and individuals from threats such as malicious cyber-attacks, natural disasters, structural failures, and human errors. Which of the following agencies was created for this purpose? NIST NVD JPCERT CAPEC
NIST
Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system? Physical attack Opportunistic attack Man-made attack Environmental attack
Physical attack
Using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share is called: Pretexting Footprinting Impersonation Preloading
Pretexting
Important aspects of physical security include which of the following? Implementing adequate lighting in parking lots and around employee entrances Influencing the target's thoughts, opinions, and emotions before something happens Preventing interruptions of computer services caused by problems such as fire Identifying what was broken into, what is missing, and the extent of the damage
Preventing interruptions of computer services caused by problems such as fire
What are the three factors to keep in mind with physical security? Prevention, detection, and recovery Implementation, detection, and recovery Detection, prevention, and implementation Detection, implementation, and prevention
Prevention, detection, and recovery
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to? Spam and spim Shoulder surfing Eavesdropping Keyloggers
Shoulder surfing
You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data? Write junk data on the discs Degauss the discs Delete the data on the discs Shred the discs
Shred the discs
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option? Use incremental backups and store them in a drawer in your office Use incremental backups and store them in a locked fireproof safe Use differential backups and store them in a locked room Use differential backups and store them on a shelf next to the backup device
Use incremental backups and store them in a locked fireproof safe
An attack that targets senior executives and high-profile victims is referred to as: Pharming Scrubbing Vishing Whaling
Whaling
You get a call from one of your best customers. The customer is asking about your company's employees, teams, and managers. what should you do? You should provide the information as part of quality customer service You should put the caller on hold and then hang up You should not provide any information and forward the call to the help desk You should not provide any information except your manager's name and number
You should not provide any information and forward the call to the help desk
