2.2.2, 2.2.3, 5.6.2 Flashcards
What is social engineering?
A form of psychological manipulation to gain access to sensitive information or perform unauthorized actions
Which of the following is a method through which social engineering can be executed?
Texting, face-to-face communication, email
What are biases in the context of social engineering?
Preconceived notions that influence decision making
Which principle of social engineering exploits a bias of obedience and compliance?
Authority
What is the principle of scarcity in social engineering?
The desire to be exclusive
How can individuals defend against social engineering attacks?
By recognizing when manipulation techniques are being used
Which of the following is NOT a clue to a potential social engineering attack in email communication?
“Take your time to consider”
What is the main reason social engineering attacks succeed?
Exploitation of human biases and emotions
Which of the following best describes phishing?
Attempting to gain sensitive information through electronic communication by posing as a trustworthy source
What is a common characteristic of obvious phishing attempts?
Misspelled words and odd graphics
What is another term for phishing done by phone call or voice message?
Voice phishing or vishing
What is the primary goal of eliciting information in phishing attacks?
To gather personal information from the victim
What is spear phishing?
Phishing attempts directed at a specific target using personal information
Which term refers to spam sent over instant messaging apps?
Spam over Internet Messaging
What is whaling in the context of phishing?
Phishing attempts directed at high-profile targets like CEOs
What is clone phishing?
Creating a duplicate email with malicious content
What is one of the key objectives of engaging sessions for security awareness training?
Developing a keen eye for abnormal behaviors
How can organizations promote continuous learning in security practices?
Through regular interactive training sessions
What is one way to integrate insider threat awareness into training programs?
Implementing sophisticated monitoring mechanisms
How can organizations encourage strong password management practices?
By equipping employees with the knowledge and skills to create and maintain secure passwords
What is the purpose of conducting simulated phishing campaigns?
To serve as educational tools for employees
How can organizations adapt security practices for remote work environments?
By providing guidelines for securing home offices and remote connections
What is the purpose of setting up effective mechanisms for reporting and monitoring security incidents?
To ensure swift and accurate reporting of security concerns
How can organizations integrate security training throughout the employee lifecycle?
By integrating comprehensive security training during onboarding and regular sessions
