Security + 3 D

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Social engineering

Phishing. Spear. phishing. Whaling. Vishing. Tailgating. Impersonation. Dumpster diving. Shoulder surfing. Hoax. Watering hole. attack Principles. (reasons for effectiveness)

Attackers use Voice over IP (VoIP) to pretend to be from a trusted organization and ask victims to verify personal information or send money.

Vishing

Traffic filters

are not countermeasures for social engineering because they do not focus on solving the human problem inherent in social engineering attacks.

Port scanning and war dialing

are technical attacks that seek to take advantage of vulnerabilities in systems or networks.

The individual is engaging in which type of social project and requesting sensitive information. The individual is engaging in which type of social engineering

Authority

Principles (reasons for effectiveness)

Authority. Intimidation. Consensus. Scarcity. Familiarity. Trust. Urgency.

What is the primary countermeasure to social engineering?

Awareness

Which of the following is a common social engineering attack?

Distributing hoax virus information emails

Tailgating or Piggybacking

Entering a secure building by following an authorized employee through a secure door without providing identification.

Dumpster diving is a low-tech way to gathering information that may be useful in gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Establish and enforce a document destruction policy

Virus Hoa

False reports about non-existent viruses that often claim to do impossible things that cause recipients to take drastic action, like shutting down their network.

Passive Social Engineering

Gathering information or gaining access to secure areas by taking advantage of peoples' unintentional acti

Active Social Engineering

Gathering information or gaining access to secure areas through direct interaction with users

Heavy management oversigh

Heavy management oversight may provide some safeguards to social engineering, but it is less effective than awareness.

Eavesdropping

Listening to a conversation between employees discussing sensitive topics

Shoulder Surfin

Looking over the shoulder of someone working on a computer to view usernames, passwords, or account numbers

An attacker convinces personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access

Masquerading

What is the weakest point in an organization's security infrastructure?

People

Which of the following attacks tricks victims into providing confidential information (such as identity information or login credentials) through emails or websites that impersonate an online identity that the victim trusts

Phishing

Attackers attempts to make the person believe that if they don't act quickly, they will miss out on an item, opportunity or experience. on

Scarcity

Which of the following are examples of social engineering? (Select two

Shoulder surfing. Dumpster diving

Attackers send emails with specific information about the victim (such as which online banks they use) that ask them to verify personal information or send money.

Spear phishing

Dumpster Diving

The process of looking in the trash for sensitive information that was not properly disposed of

You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that, as part of a system upgrade, you are to a website and enter your user name and password at a new website so you can manage your email and spam using the new service. What should you do?

Verify that the email was sent by the administrator and that this new service is legitimate.

You've just received an email message explaining that a new and serious malicious code threat is ravaging across the internet. The message contains detailed information about the threat, it's source code, and the damage it can inflict. The message states that you can easily detect source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system. In response to this message, which action should you take first?

Verify the information on well-known malicious code threat management websites

Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information?

Vishing

An attacker pretending to be from a trusted organization sends emails to senior executives and high-profile personnel asking them to verify personal information or send money.

Whaling

using IPsec or closing unused ports

protect against automated attacks. Social engineering attacks gain access by exploiting human nature.

Masquerading

refers to convincing personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access.

Passive social engineering

take advantage of the unintentional actions of others to gather information or gain access to a secure facility

Session hijacking

takes over a login session from a legitimate client, impersonating the user and taking advantage of their established communication link.

How can an organization help prevent social engineering attacks? (Select two.)

1.Publish and enforce clearly-written security policies. 2.Educate employees on the risks and countermeasures.

Social Engineering

A malicious attempt to fraudulently acquire sensitive information that is usually accomplished using impersonations

Vishing

A social engineering attack that exploits voice-over-IP telephone services to gain access to an individual's personal and financial information, including their government ID number, bank account numbers, or credit card numbers.

Email Hoax

A social engineering attack that preys on email recipients who are fearful and will believe most information if it is presented

Spear Phishing

A social engineering attack that targets specific individuals within a company to gain access to information that will allow the attacker to gain commercial advantage or commit fraud.

Phishing

A social engineering attack that usually involves sending emails that are purported to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers

watering hole

A social engineering attack where the victim is a group like an organization, an industry, or a region and where the attacker guesses or observes which websites the group uses and infects one or more of them with malware.

Whaling

A spear phishing attack targeted that targets senior executives and high-profile victims.

Adware

Adware is a type of malware that sends you advertisements that you do not request.

Scarcity

An active social engineering technique that attempts to make people believe that if they don't act quickly, they will miss out on an item, opportunity, or experience

Urgency

An active social engineering technique that attempts to make people believe they must act quickly to avoid imminent damage or suffering.

Authority

An active social engineering technique that involves the impersonation of legal, organizational, and social authorities.

Consensus

An active social engineering technique that leverages peoples' willingness to perform an act if others have already performed the act.

Familiarity

An active social engineering technique that leverages peoples' willingness to perform an act requested by someone they are familiar wit

Intimidation

An active social engineering technique that usually involves an attacker impersonating a manager or director to frighten lower-level employees to gain information

MAC Spoofing

is changing the source MAC address on frames sent by the attacker and can be used to hide the identity of the attacker's computer or impersonate another device on the network

man-in-the-middle man-in-the-middle attack

is where an attacker intercepts a data stream, slightly modifies it, then forwards that data stream to the destination

Social validation

entails an attacker using peer pressure to coerce someone else to bend rules or give information they shouldn't

Commitment social engineering entails convincing someone to buy into an overall idea, then demanding or

entails convincing someone to buy into an overall idea, then demanding or including further specifics that were not presented up front.

Which of the following is not not a form of social engineering?

impersonating a user by logging on with stolen credentials

A written security policy is

is a countermeasure against social engineering. However, without awareness training, it is useless


Set pelajaran terkait

FLVS English 1 Segment One Exam Review

View Set

Module 1 Quiz: Introduction to Community, Population, Public, and Global Health

View Set

Organogenesis and Organ Structure (3)

View Set

902 A+ Chapter 10 - File Systems and RAID

View Set

Biology 1306 Chapter 4 Nucleic Acids and the RNA World

View Set