Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Study > 3 > Flashcards

3 Flashcards

1
Q

A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:

  • Phishing
  • Privilege escalation
  • Backdoor access
  • Shoulder surfing
A
  • Phishing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

Which of the following answers refer to smishing? (Select 2 answers)

  • Social engineering technique
  • E-mail communication
  • Spam over Internet Telephony (SPIT)
  • Text messaging
  • Spam over Internet Messaging (SPIM)
A
  • Social engineering technique
  • Text messaging
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The practice of using a telephone system to manipulate user into disclosing confidential information is known as:

  • Whaling
  • Spear phishing
  • Vishing
  • Pharming
A
  • Vishing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following terms is commonly used to describe an unsolicited advertising message?

  • Spyware
  • Adware
  • Malware
  • Spam
A
  • Spam
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What type of spam relies on text-based communication?

  • Vishing
  • SPIM
  • Bluesnarfing
  • SPIT
A

SPIM

Unsolicited advertising appearing in instant messages. SPIM is even more annoying than spam. Unlike email ads, which can often be relegated to a junk folder in the user’s email program, a SPIM ad pops up on screen whenever it is sent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Phishing scams targeting a specific group of people are referred to as:

  • Vishing
  • Spear phishing
  • Spoofing
  • Whaling
A

Spear phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In computer security, the term “Dumpster diving” is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.

  • True
  • False
A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A situation in which an unauthorized person can view another user’s display or keyboard to learn their password or other confidential information is referred to as:

  • Spear phishing
  • Tailgating
  • Shoulder surfing
  • Spoofing
A

Shoulder surfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following answers refer to the characteristic features of pharming? (Select 3 answers)

  • Domain hijacking
  • Traffic redirection
  • Fraudulent website
  • Password attack
  • Credential harvesting
A
  • Traffic redirection
  • Fraudulent website
  • Credential harvesting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is tailgating?

  • Acquiring unauthorized access to confidential data
  • Looking over someone’s shoulder to get information
  • Gaining unauthorized access to restricted areas by following another person
  • Manipulating a user into disclosing confidential information
A

Gaining unauthorized access to restricted areas by following another person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In social engineering, the term “Elicitation” describes the use of casual conversation to extract non-public information from people without giving them the feeling they are being interrogated.

  • True
  • False
A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Phishing scams targeting people holding high positions in an organization or business are known as:

  • Vishing
  • Smishing
  • Whaling
  • Pharming
A

Whaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is used in data URL phishing?

  • Prepending
  • Typosquatting
  • Pretexting
  • Domain hijacking
A

Prepending

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:

  • Vishing
  • Impersonation
  • Virus hoax
  • Phishing
A

Virus hoax

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which social engineering attack relies on identity theft?

  • Impersonation
  • Dumpster diving
  • Watering hole attack
  • Shoulder surfing
A

Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the terms listed below refers to a platform used for watering hole attacks?

  • Mail gateways
  • Websites
  • PBX systems
  • Web browsers
A

Websites

16
Q

The term “URL hijacking” (a.k.a. “Typosquatting”) refers to a practice of registering misspelled domain name closely resembling other well established and popular domain name in hopes of getting Internet traffic from users who would make errors while typing in the URL in their web browsers.

  • True
  • False
A

True

17
Q

An attacker impersonates a company’s managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply. Which social engineering principles apply to this attack scenario? (Select 3 answers)

  • Urgency
  • Familiarity
  • Authority
  • Consensus
  • Intimidation
  • Scarcity
A
  • Urgency
  • Authority
  • Intimidation
18
Q

An attacker impersonating a software beta tester replies to a victim’s post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app. Which social engineering principles apply to this attack scenario? (Select 3 answers)

  • Authority
  • Intimidation
  • Consensus
  • Scarcity
  • Familiarity
  • Trust
  • Urgency
A
  • Scarcity
  • Familiarity
  • Trust
19
Q

While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware. Which social engineering principle applies to this attack scenario?

  • Scarcity
  • Authority
  • Consensus
  • Intimidation
  • Urgency
A

Consensus

20
Q

Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as:

  • Adware
  • Malware
  • Ransomware
  • Spyware
A

Malware

21
Q

Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action is known as:

  • Grayware
  • Adware
  • Ransomware
  • Spyware
A

Ransomware

22
Q

A type of software that performs unwanted and harmful actions in disguise of a legitimate and useful program is known as a Trojan horse. This type of malware may act like a legitimate program and have all the expected functionalities, but apart from that it will also contain a portion of malicious code that the user is unaware of.

  • True
  • False
A

True

23
Q

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called:
* Spyware
* Worm
* Trojan
* Spam

A

Worm

24
Q

A company is implementing a DLP solution on the file server. The file server has PII, financial information, and health information stored on it. Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish this goal?

A. Classify the data.
B. Mask the data.
C. Assign the application owner.
D. Perform a risk analysis.

A

Classify the data.

Data classification and typing schemas tag data assets so that they can be managed through the information life cycle. A data classification schema is a decision tree for applying one or more tags or labels to each data asset. Many data classification schemas are based on the degree of confidentiality required:

Public (unclassified)—there are no restrictions on viewing the data. Public information presents no risk to an organization if it is disclosed but does present a risk if it is modified or not available.
Confidential (secret)—the information is highly sensitive, for viewing only by approved persons within the owner organization, and possibly by trusted third parties under NDA.
Critical (top secret)—the information is too valuable to allow any risk of its capture. Viewing is severely restricted.

25
Q
A

Study (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions