SECURITY+ SY0-601 STUDY SET from Mike Myer's Book

Document Content and Description Below

required result. It typically involves NON-TECHNICAL methods of attempting to gain unauthorized access to a system or network. Correct answer- Social engineering Through social engineering, an ... attacker might easily lead a user to reveal her account password or to provide personal information that might reveal her password, a technique known as ____________________. Correct answer- eliciting information ________________________ is when a social engineer calls a helpdesk operator, who claims to be a high-level user, and demands that the operator reset the user's password immediately so that the user can complete an important task. Correct answer- Impersonation _______________ is a technique in which a social engineer creates a story, or pretext, that employs one or more of these principles to motivate victims to act contrary to their better instincts or training. Correct answer- Pretexting A __________________ scam is a social engineering technique that targets a large group of recipients with a generic message that attempts to trick them into either visiting a website and entering confidential personal information, responding to a text or SMS message (known as ___________), or replying to an e-mail with private information, often a username and password, or banking or credit card details. Correct answer- phishing / smishing _____________________ is a targeted type of phishing attack that includes information familiar to the user and appears to be from a trusted source such as a company such as a financial service that the user has used previously, a social media site such as LinkedIn, or even a specific trusted user. Correct answer- Spear phishing _________________ are important tools to protect against phishing attacks. Users must be aware that financial institutions will never ask for bank account numbers and credit card details in an e-mail to a user. Correct answer- User education and awareness training ______________ is a type of phishing attack that is targeted at a specific high-level user, such as an executive. Correct answer- Whaling ________________ is when an unauthorized person casually glances over the shoulder of an employee as she returns to her desk and enters her username and password into the computer. Correct answer- Shoulder surfing _____________________ is one of the simpler forms of social engineering and describes gaining physical access to an access-controlled facility or room by closely following an authorized person through the security checkpoint. Correct answer- Tailgating _____________ is a social engineering technique that misdirects a user to an attacker's website without the user's knowledge, usually by manipulating the Domain Name Service (DNS) on an affected server or the hosts file on a user's system. While much like phishing, where a user may click a link in a seemingly legitimate e mail message that takes him to an attacker's website, pharming differs in that it installs code on the user's computer that sends them to the malicious site, even if the URL is entered correctly or chosen from a web browser bookmark. Correct answer- Pharming __________ is instant messaging spam, and much like the more common e-mail spam, it occurs when a user receives an unsolicited instant message from another user, including users who are known and in the user's contact list. Correct answer- SPIM (spam over instant messaging) _______________ is a type of phishing attack that takes place over phone systems, most commonly over VoIP (Voice over IP) lines. Correct answer- Vishing A _________ is typically some kind of urban legend or sensational false news that users pass on to others via e-mail because they feel it is of interest. While mostly harmless, some are phishing attempts that try to get the user to visit a link in the e-mail message that redirects to a malicious website. The only cure is user education as to avoid spreading these types of messages to other users. Correct answer- hoax As part of corporate espionage, some companies hire private investigators to examine garbage dumpsters of a target company, and these investigators try to discover any proprietary and confidential information. This is called __________________. Correct answer- Dumpster diving You have been contacted by your company's CEO after she received a personalized but suspicious e-mail message from the company's bank asking for detailed personal and financial information. After reviewing the message, you determine that it did not originate from the legitimate bank. Which of the following security issues does this scenario describe? A. Dumpster diving B. Phishing C. Whaling D. Vishing Correct answer- C During your user awareness training, which of the following actions would you advise users to take as the best security practice to help prevent malware installation from phishing messages? A. Forward suspicious messages to other users B. Do not click links in suspicious messages C. Check e-mail headers D. Reply to a message to check its legitimacy Correct answer- B Negative company financial information was carelessly thrown in the trash bin without being shredded, and a malicious insider retrieved it and posted it on the Internet, driving the stock price down. The CEO wants to know what happened—what was the attack? A. Smishing B. Dumpster diving C. Prepending D. Identity fraud Correct answer- B Max, a security administrator, just received a phone call to change the password for a user in the HR department. The user did not provide verification of their identity and insisted that they needed the password changed immediately to complete a critical task. What principle of effective social engineering is being used? A. Trust B. Consensus C. Intimidation D. Urgency Correct answer- D A _______ is a malicious computer program that requires user intervention (such as clicking it or copying it to media or a host) within the affected system, even if the virus program does not harm the system. They self-replicate without the knowledge of the computer user. Correct answer- virus _____________ infect the boot sector or partition table of a disk which is used by the computer to determine which operating [Show More]

Last updated: 3 years ago

Preview 1 out of 47 pages