Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ECSA - Certified Security Analyst > 4 - Social Engineering Pen Testing > Flashcards

4 - Social Engineering Pen Testing Flashcards

1
Q

What is Social Engineering Pen Testing?

A

Testing the strength of human factors in a security chain within the organization. Used to raise awareness among employees by allowing them to experience a real attack without having a breach. Take care not break any laws.

  • Three Types of Pen Testing:
    • Vishing
    • Phishing
    • Physical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the skills required to perform Social Engineering Pen Test?

A
  • Good Communication
  • Creativity
  • Good Interpersonal Skills
  • Talkative and Friendly Nature
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the common targets of Social Engineering Pen Testing?

A
  • Users/Clients
  • System Administrators
  • Receptionists
  • Help Desk Personnel/Technical Support Executives
  • Vendors of the Organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the difference between Black-Box and White Box Pen Testing?

A
  • Black-Box: Information is obtained by tester; not given by client
  • White-Box: Tester is provided with necessary information by client
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the steps for Social Engineering Pen Testing?

A
  • Attempt Social Engineering using email
    • Create fake emails to try to obtain info
  • Attempt using phishing
    • Using fake websites, pop-ups, etc.
  • Attempt using the phone (Vishing)
    • Act as a customer, pose as an employee, pretend to be technical support staff
    • Trick users into running commands on their computer and give out information
    • Practice convo before calling, have backup answers for every question, record conversation
  • Visit company as an inquirer and Extract Privileged Information
    • Visit and ask questions, take pictures, ask if you can use restroom
  • Visit the Company Locality
    • Determine number of people working in the company, create and use fake ID, attempt piggybacking/tailgating
  • Attempt to use fake ID to Gain Access
  • Attempt Piggybacking/Tailgating
  • Listen to Employee Conversation in Communal Areas
  • Identify “Disgruntled Employees” and Engage in Conversation to extract sensitive information
  • Attempt Eavesdropping
  • Try to shoulder surf users Logging on
  • Attempt Media Dropping
  • Attempt Dumpster Diving
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some social engineering countermeasures and recommendations?

A
  • Train employees
  • Implement strict badge, token or biometric authentication, employee training, and security guards
  • Educate vendors
  • Lock and monitor mail room, employee training
  • Keep phone closets, server rooms etc. locked at all times
  • Train phone executives to never reveal identity or confidential info
  • Keep all trash secured, shred important data, erase magnetic media
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ECSA - Certified Security Analyst (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions