Chapter 4
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?
Elicitation
Important aspects of physical security include which of the following?
Preventing interruptions of computer services caused by problems such as fire
Which of the following BEST describes a physical barrier used to deter an aggressive intruder
Large flowerpots
Which of the following best describes a script kiddie
A hacker who uses scripts written by much more talented individuals.
A security analyst and their team go through the entire list of assets in the company and assign each item a level of priority. Then they group the assets in the same levels together so they can create defense strategies for each group. What is this process called?
Bundling critical assets
Robyn, a new employee, needs to choose a password to log into the system. She doesn't want to forget it, but she needs to meet certain criteria required by security. What should she do?
Choose a password that's easy to remember but doesn't include any personal information.
The following output was displayed using the Social Engineering Toolkit (SET). Which attack method was used to capture the user's input?
Credential harvesting attack method
What is vandalism?
Damaging or defacing assets
Ron, a hacker, wants to gain access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?
Development phase
A physical storage device controlling data backups has failed, causing corruption for a weekly full backup. It failed on Saturday. On Monday, you noticed the errors and have since run a restore of needed data and a full backup to ensure continuity. The failed device has been replaced. Since each work day creates unique data to be backed up, which type of backup would be the preferred method to make certain each day's data was properly maintained while ensuring efficiency? (The time required for backup is not a primary concern, but the time needed to restore data is, as is backup data storage space.)
Differential backup (A differential backup is the best solution because it backs up all changes to data and only requires the last full backup and the current differential to restore.)
A speaker was invited to a company-wide training meeting. When he arrived, he identified himself at the front desk, and the receptionist gave him directions on how to find the conference room. What important step did the receptionist miss?
Escorting him to the conference room
Gathering information about a system, its components, and how they work together is known as which of the following?
Footprinting
The receptionist receives a call from a customer who asks for the customer support manager's name and email address to send them a thank you email. How should the receptionist proceed?
Forward the call to the help desk
A company is in the process of hiring Jill, a new technician. HR has checked the background and references of the candidate. What are some next steps in the hiring process that HR should take?
Have her sign an NDA and AUPs
You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future?
How to prevent piggybacking and tailgating.
A company has a list of high-value assets (HVAs). As a security analyst, what must you do to help protect those assets? (Select two.)
Make sure the response team can easily identify the HVAs Make sure an incident involving one of the HVAs is always high priority.
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future?
Mantraps
Which of the following are tactics social engineers might use?
Moral obligation, ignorance, and threatening
What are the three factors to keep in mind with physical security?
Prevention, detection, and recovery
Which of the following BEST describes what asset criticality does?
Prioritizes systems for scanning and remediation.
A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying them physical access. Which of the following areas of physical security is the security guard currently in?
Security sequence
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?
Shoulder surfing
You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data?
Shred the discs
Any attack involving human interaction of some kind is referred to as which of the following?
Social engineering
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?
Spim
Which of the following indicate the email highlighted below may be suspicious? (Select two.)
There are several spelling mistakes in the email. The link in the email is to an IP address; it is not to Microsoft's website.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. They use an iPad application to log any security events that may occur. They also use their iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization?
Train the receptionist to keep his or her iPad in a locked drawer.
You want to properly dispose of papers with sensitive content. You want to ensure that it's nearly impossible for a dumpster diver to put the information back together. What should you do?
Use a crosscut shredder
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option?
Use incremental backups and store them in a locked, fireproof safe.
A resentful employee hacks into a company's website and replaces all the text and images with obscene material. They also replace all links with malicious ones. This is an example of which of the following?
Vandalism