SECURITY+ SY0-601 STUDY SET from Mike Myer's Book

Document Content and Description Below

SECURITY+ SY0-601 STUDY SET from Mike Myer's Book __________________ is defined as using and manipulating human behavior to obtain a required result. It typically involves NON-TECHNICAL m... ethods of attempting to gain unauthorized access to a system or network. Correct answer- Social engineering Through social engineering, an attacker might easily lead a user to reveal her account password or to provide personal information that might reveal her password, a technique known as ____________________. Correct answer- eliciting information ________________________ is when a social engineer calls a helpdesk operator, who claims to be a high-level user, and demands that the operator reset the user's password immediately so that the user can complete an important task. Correct answer- Impersonation _______________ is a technique in which a social engineer creates a story, or pretext, that employs one or more of these principles to motivate victims to act contrary to their better instincts or training. Correct answer- Pretexting A __________________ scam is a social engineering technique that targets a large group of recipients with a generic message that attempts to trick them into either visiting a website and entering confidential personal information, responding to a text or SMS message (known as ___________), or replying to an e-mail with private information, often a username and password, or banking or credit card details. Correct answer- phishing / smishing _____________________ is a targeted type of phishing attack that includes information familiar to the user and appears to be from a trusted source such as a company such as a financial service that the user has used previously, a social media site such as LinkedIn, or even a specific trusted user. Correct answer- Spear phishing _________________ are important tools to protect against phishing attacks. Users must be aware that financial institutions will never ask for bank account numbers and credit card details in an e-mail to a user. Correct answer- User education and awareness training ______________ is a type of phishing attack that is targeted at a specific high-level user, such as an executive. Correct answer- Whaling ________________ is when an unauthorized person casually glances over the shoulder of an employee as she returns to her desk and enters her username and password into the computer. Correct answer- Shoulder surfing _____________________ is one of the simpler forms of social engineering and describes gaining physical access to an access-controlled facility or room by closely following an authorized person through the security checkpoint. Correct answer- Tailgating _____________ is a social engineering technique that misdirects a user to an attacker's website without the user's knowledge, usually by manipulating the Domain Name Service (DNS) on an affected server or the hosts file on a user's system. While much like phishing, where a user may click a link in a seemingly legitimate e mail message that takes him to an attacker's website, pharming differs in that it installs code on the user's computer that sends them to the malicious site, even if the URL is entered correctly or chosen from a web browser bookmark. Correct answer- Pharming __________ is instant messaging spam, and much like the more common e-mail spam, it occurs when a user receives an unsolicited instant message from another user, including users who are known and in the user's contact list. Correct answer- SPIM (spam over instant messaging) _______________ is a type of phishing attack that takes place over phone systems, most commonly over VoIP (Voice over IP) lines. Correct answer- Vishing A _________ is typically some kind of urban legend or sensational false news that users pass on to others via e-mail because they feel it is of interest. While mostly harmless, [Show More]

Last updated: 2 years ago

Preview 1 out of 47 pages