Chapter 4

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Consensus tactic:

"social Proof" Everyone's done it already, so you should to

Whaling:

Aimed at senior employees like CEO's

Phishing:

Broad term for fraudulent acquisition of data

What type of malicious actor is most likely to use hybrid warfare? A. A Script kiddie B. A Hacktivist C. An internal threat D. A nation-state

D

Dictionary attack:

Uses a list of words for potential passwords.

Alan reads Susan's password from across the room as she logs in. What type of technique has he used? A. Man-in-the-room attack B. Shoulder Surfering C. A man-in-the-middle attack D. Pretexting

B

Authority tactic:

Claiming to be a manager, CEO, etc., to seem in charge

Sharif receives a bill for services that he does not believe his company requested or had performed. What type of social engineering technique is this? A. Credential harvesting B. A hoax C. Reconnaissance D. An invoice scam

D

Skimming attacks are often associated with what next step by attackers? A. Phishing B. Dumpster diving C. Vishing D. Cloning

D

Typosquatters:

Misspelled URL's to conduct attacks

SPIM:

Spam over Instant Messaging

Spear phishing:

Targets specific individuals

Charles wants to find out about security procedures inside his target company, but he doesn't want the people he is talking to realize that he is gathering information about the organization. He engages staff members in casual conversation to get them to talk about the security procedures without noticing that they have done so. What term describes this process in social engineering efforts? A. Elicitation B. Suggestion C. Pharming D. Prepending

A

Watering hole:

Attacking on commonly visited websites

Alex discovers that the network routers that his organization has recently ordered are running a modified firmware version that does not match the hash provided by the manufacturer when he compares them. What type of attack should Alex categorize this attack as? A. An influence campaign B. A hoax C. A supply chain attack D. A Pharming attack

C

Dumpster diving:

Getting potential information via trash

Shoulder surfing:

Looking over a persons shoulder to get passwords or data

Scarcity tactic:

Making something seem more desirable than it is

Smishing:

Phishing via text messages

Vishing:

Phishing via voice/telephone

Credential harvesting:

Process of gathering credentials like usernames, passwords, etc.

Urgency tactic:

Relies on creating a feeling that an action must be done quickly

Familiarity tactic:

Rely on you liking the individual or organization

Password Spraying:

Single password or small set against many accounts

Pretexting:

Using a made up scenario to justify why you are approaching someone

Identity fraud:

Using someone elses identity

Elliciting information:

Gathering information without a target knowing, usually through a casual conversation 'finessing'

Brute Force:

Going through potential passwords until one works

Selah infects the ads on a website that users from her target company frequently visit with malware as part of her penetration test. What technique has she used? A. Watering hole attack B. Vishing C. Whaling D. Typosquatting

A

Which of the following is the best description of tailgating? A. Following someone through a door they just unlocked B. Figuring out how to unlock a secured area C. Sitting close to someone in a meeting D. Stealing information from someone's desk

A

Alaina discovers that someone has set up a website that looks exactly like her organizations banking website. Which of the following best describes this sort of attack? A. Phishing B. Pharming C. Typosquatting D. Tailgating

B

Ben searches through an organizations trash looking for sensitive documents, internal notes, and other useful information. What term describes this type of activity? A. Waste engineering B. Dumpster diving C. Trash pharming D. Dumpster harvesting

B

Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords? A. MDFsum B. John the Ripper C. GPG D. Netcat

B

What type of phishing targets specific groups of employees, such as all managers in the financial department of a company? A. Smishing B. Spear phishing C. Whaling D. Vishing

B

Nicole accidentally types www.smazon.com into her browser and discovers that she is directed to a different site loaded with ads and pop-ups. Which of the following is the most accurate description of the attack she has experienced? A. DNS Hijacking B. Pharming C. Typosquatting D. Hosts file compromise

C

Luccas organization runs a hybrid datacenter with systems in Microsofts Azure cloud and in a local facility. Which of the following attacks is one that he can establish controls for in both locations? A. Shoulder surfing B. Tailgating C. Dumpster diving D. Phishing

D

When you combine phishing with Voice over IP, it is known as: A. Spoofing B. Spooning C. Whaling D. Vishing

D

Tailgating:

Following someone through a secured door/area

Trust tactic:

Like familiarity, but work on building a connection first

Pharming:

Redirecting traffic away from legit ones

Intimidation tactic:

Scaring or bullying someone to get them to do what you want


Set pelajaran terkait

Ch 16 PrepU Nursing Management during Postpartum period, PrepU: Chapter 15: Postpartum Adaptations, OB - Chapter 15: Postpartum Adaptations, Ricci, Kyle & Carman: Maternity and Pediatric Nursing, Second Edition: Chapter 15: Postpartum Adaptations; Pr…

View Set

Conduction, Convection, Radiation

View Set