Chapter 4
Ben examined the hash values for the firmware on a firewall that was just shipped from the manufacturer and discovered they do not match values published by the firewall's manufacturer. What type of attack should Ben be concerned with regarding the mismatched hash values? A hoax A vishing attack A supply chain attack A pharming attack
A supply chain attack
Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords? MD5Sum John the Ripper GPG Netcat
John the Ripper
Alex is reviewing network logs and recognized a high volume of brute force username/password attacks against organization and IT leadership members' credentials. What type of attack might Alex surmise is taking place? Spoofing Spooning Whaling Vishing
Whaling
In preparation for a penetration test engagement, Kai goes to the IT managers house on trash day to rifle through the trash can that is out on the street and search for information about the manager that may prove useful during the penetration test. What term describes this activity? Trash Pharming Dumpster harvesting Dumpster diving waste engineering
Dumpster diving
What type of malicious actor is most likely to use hybrid warfare? A nation state A script kiddie A hacktivist An inside threat
A nation state
What type of phishing targets specific groups of employees, such as all managers in the financial department of a company? Smishing Spear Fishing Whaling Vishing
Spear Fishing
While reviewing systems logs, Kendra determined that phishing attacks were focused solely on members of the sales and marketing team. What type of phishing does this event indicate? Smishing Spear fishing Whaling Vishing
Spear fishing
Ash recently received a flash drive with data along with instructions to load the data into the recently-created customer database. The flash drive arrived in an envelope that appeared to be official and the sending address was the address of the company's headquarters. Ash loaded the data and then discovered the flash drive was actually send by a company conducting a penetration test on the organization and the sending address was manipulated by the company completing the pentest. What social engineering principle best matches this type of attack? Consensus Authority Scarcity Trust
Trust
Marta discovers that someone set up a website with a URL that is nearly identical to the site she manages and appears to be easily mistaken for her own. Which of the following best describes this sort of attack? Phishing Pharmning Typosquatting Tailgating
Typosquatting