TestOut CyberDefense Pro Chapter 4

Ace your homework & exams now with Quizwiz!

Which of the following best describes a script kiddie

A hacker who uses scripts written by much more talented individuals

Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?

Elicitation

A company has a list of high-value assets (HVAs). As a security analyst, what must you do to help protect those assets? (Select two.)

Make sure any incident involving one of the HVAs is always high priority Make sure the response team can easily identify the HVAs

Which of the following BEST describes a physical barrier used to deter an aggressive intruder?

Large flowerpots

A security analyst and their team go through the entire list of assets in the company and assign each of them a level of priority. Then they group the assets in the same levels together so they can create defense strategies for each group. What is this process called?

Bundling critical assets

Robyn, a new employee, needs to choose a password to log into the system. She doesn't want to forget it, but she needs to meet certain criteria required by security. What should she do?

Choose a password that's easy to remember but doesn't include any personal information

The following output was displayed using the Social Engineering Toolkit (SET). Which attack method was used to capture the input?

Credential harvesting attack method

What is vandalism?

Damaging or defacing assets

Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?

Development phase

As a security technician who is in charge of physical security for computer and network resources, you are responsible for ensuring a quick recovery should an event occur. A physical storage device controlling data backups has failed, causing corruption for a weekly full backup. It failed on Saturday. On Monday, you noticed the errors and have since run a restore of needed data and a full backup to ensure continuity. The failed device has been replaced. Since each work day creates unique data to be backed up, which type of backup would be the preferred method to make certain each day's data was properly maintained while ensuring efficiency?

Differential backup

A speaker was invited to a company-wide training meeting. When he arrived, he identified himself at the front desk, and the receptionist gave him directions on how to find the conference room. What important step did the receptionist miss?

Escorting him to the conference room

Gathering information about a system, its components, and how they work together is known as which of the following?

Footprinting

The receptionist receives a call from a customer who asks for the customer support manager's name and email address to send them a thank you email. How should the receptionist proceed?

Forward the call to the help desk

A company is in the process of hiring Jill, a new technician. HR has checked the background and references of the candidate. What are some next steps in the hiring process that HR should take?

Have her sign an NDA and AUPs

You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future?

How to prevent piggybacking and tailgating

While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to a building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future?

Mantraps

Which of the following are tactics social engineers might use?

Moral obligation, ignorance, and threatening

Important aspects of physical security include which of the following?

Preventing interruptions of computer services caused by problems such as fire

What are three factors to keep in mind with physical security?

Prevention, detection, and recovery

Which of the following BEST describes what asset criticality does?

Prioritize systems for scanning and remediation

A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying him physical access. Which of the following areas of physical security is the security guard currently in?

Security sequence

Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?

Shoulder surfing

You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data?

Shred the disk

Any attack involving human interaction of some kind is referred to as which of the following?

Social engineering

You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?

Spim

Which of the following indicate the email highlighted below may be suspicious? (Select two)

There are several spelling mistakes in the email. The link in the email is to an IP address: it is not to Microsoft's website

You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. They use an iPad application to log any security events that may occur. They also use their iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization?

Train the receptionist to keep his or her iPad in a locked drawer.

You want to properly dispose of papers with sensitive content. You want to ensure that it's nearly impossible for a dumpster diver to put the information back together. What should you do?

Use a crosscut shredder

You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once a week. For security reasons, your company has decided to not store a redundant copy of the backup media at an offsite location. Which of the following would be the best backup and storage option?

Use incremental backups and store them in a locked, fireproof safe

A resentful employee hacks into a company's website and replaces all the text and images with obscene material. They also replace all links with malicious ones. This is an example of which of the following?

Vandalism


Related study sets

Ch 14 Assessing Skin, Hair, and Nails

View Set

Chapter 65: Caring for Clients with Skin, Hair, and Nail Disorders (NCLEX Review Questions/ PrepU)

View Set

RPV ESL Present Continuous What are you doing? (Spanish)

View Set

The Power Elite - C. Wright Mills

View Set

READING 3: PROBABILITY CONCEPTS QB

View Set