2.2

Question 1

Threat Vector and Examples

Answer 1

How an attacker gains access,
- message based, images or files sent, phishing, removable devices, unsecure networks

Question 2

Attack Surface

Answer 2

Where attacker gain access

Question 3

Social Engineering Threat Vector -Brand impersonation

Answer 3

pretending to be cisco on twitter

Question 4

Social Engineering Threat Vector- Typo Squatting aka url hijacking

Answer 4

registering gnail.com

Question 5

Social Engineering Threat Vector- Watering Hole

Answer 5

compromising the watering hole and waiting for users who normally would trust the website they are visiting. Waiting for someone to enter CC number in “bank’s” website

Question 6

Social Engineering Threat Vector Pretexting

Answer 6

Giving some info that seems true so the user will provide more information.
This can involve piggybacking (pretending to be someone you’re not)
It can be a form of phishing and gathering info about a person so they divulge more
could be pretending to be a company they work with over the phone etv

Question 7

Social Engineering Threat Vector Phishing

Answer 7

Impersonating a trusted entity to trick victims into revealing sensitive information about themselves

Question 8

Baiting

Answer 8

attacker leaves a malware infected USB in a location where target may find it

Question 9

Spear Phishing

Answer 9

sending fraudulent email that appear to be from reputable sources but targeted toward specific users. has a high success rate

Question 10

Whaling

Answer 10

a form of spear phishing that targets high profile individuals like the CEO

Question 11

BEC

Answer 11

Business Email Compromise. Phishing attack. Someone’s email is compromised and attacker takes it over to steal sensitive info, redirect payments etc

Question 12

Smishing

Answer 12

SMS phishing

Question 13

Fraud (includes identity fraud and theft)

Answer 13

wrongful or criminal deception that is intended to result in financial or personal gain for the attacker

Question 14

Identity Fraud

Answer 14

attacker takes victims CC and tries to use it

Question 15

Identity Theft

Answer 15

attacker fully assumes the identity of their bictim

Question 16

Scams

Answer 16

Deceptive act or operation

Question 17

Invoice Scam

Answer 17

a person is tricked into paying for a fake invoice for a product or service they didn’t order. (attacker uses pretexting to call a secretary and tell them toners are ready to ship out tmrw and once they say ok its on record so they have to pay for it)

Question 18

Influence Campaign

Answer 18

Coordinated efforts to affect public perception or behavior towards a particular
cause, individual, or grou

Question 19

Misinformation

Answer 19

false or inaccurate info shared without harmful intent

Question 20

Disinformation

Answer 20

deliberate creation and sharing of false information with the intent to deceive or misleadD

Question 21

diversion Theft

Answer 21

manipulating a situation or creating a distraction to steal valuable items or information

Question 22

Hoaxes

Answer 22

malicious deception that is often spread through social media, email or other channelsSho

Question 23

Shoulder Surfing

Answer 23

looking over someone’s shoulder to gather personal information

Question 24

Dumpster Diving

Answer 24

looking through trash to find valuable information

Question 25

Eavesdropping

Answer 25

listening to privately held conversations

Question 26

Piggybacking

Answer 26

attacker convinces employee to let them into facility

Question 27

Tailgating

Answer 27

attacker attempts to follow an employee through access control vestibule without employees knowledge

Question 28

Supply Chain Attacks

Answer 28

an attack that targets a weaker link in the supply chain to gain access to a primary target. Exploit vulnerabilities in suppliers or service providers to access more secure systems

Question 29

CHIPS Act of 2022

Answer 29

US funding to promote semi conductor research in the US.

Question 30

Semiconductors

Answer 30

essential components in a wide range of product from smartphones, to medical devices

Question 31

Firmware Vulnerabilities

Answer 31

Specialized software stored on hardware devices
● Can grant attackers full control, leading to unauthorized access or
takeover

Question 32

End of Life System

Answer 32

no updates or support from manufacturer

Question 33

Legacy System

Answer 33

outdated and superseded by newer alternatives

Question 34

Unsupported

Answer 34

no official support, security updates or patches

Question 35

Unpatched systems

Answer 35

devices apps or software without latest security patches