4.2 Human Element Security Flashcards

1
Q

Why are people the weak link in a security program? (3x)

A

We have little control over what a person clicks, send data over unprotected channels or handover passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why shouldn’t you allow employees to attach personal equipment to your organization’s network?

A

Can introduce malicious code. Perhaps let them use them on a border network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can you more effectively reach users in your security awareness and training efforts?

A

Set effective policies and teach employees to recognize danger.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How might you train users to recognize phishing email attacks?

A

Give them examples, make training interesting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why is it important not to use the same password for all your accounts?

A

Once attacker has one they can access all your sites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is pretexting?

A

Using a familar person, family member, manager, a trusted person to convince a target to give up a certain bit of information or perform an action they wouldn’t ordinarily do .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why might using the wireless network in a hotel with a corporate laptop be dangerous?

A

Could put sensitive data at risk. Use a VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why might clicking a shortened URL from a service such as bit.ly be dangerous?

A

Could be Malware disguised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is phishing?

A

When through electronic communication, a target clicks on a link that has the target enter personal information or installs malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why is it important to use strong passwords?

A

Force needed to break is exponentially harder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define tailgating. Why is it a problem?

A

People letting others follow through physical accesses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does HUMINT gather intelligence?

A

Human intelligence (HUMINT) involves data gathered by talking to people, which can be used as a basis for other social engineering attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

_____________________ is information collected from publicly available sources, such as job postings and public records.

A

Open source intelligence (OSINT) is information collected from publicly available sources, such as job postings and public records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Résumés and job postings can reveal…

A

sensitive information about an organization’s technology and structure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

______ _________tools can provide attackers with personal information and location data about targets.

A

Social media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Public records can offer a wealth of information about _________, including ________ and _________ history.

A

individuals, including legal and financial history

15
Q

_________ and ________can be powerful tools for information gathering, especially when using advanced search operators

A

Google and other search engines

16
Q

____________can reveal sensitive information about the creator and history of documents.

A

metadata

17
Q

is a search engine that looks for information on internet-connected devices, potentially revealing vulnerabilities.

A

Shodan

18
Q

_______ is an intelligence-gathering tool that uses relationships between data points to discover related information.

A

Maltego

19
Q

_______ ________ is a targeted form of phishing that requires advanced reconnaissance to appear more credible.

A

Spear phishing

20
Q

_________ _________ ____________ _________are essential for protecting organizations from social engineering attacks.

A

Security awareness training programs

21
Q

Educating users about malware involves teaching _______________.

A

them to be cautious when clicking links or opening attachments.

22
Q

Organizations should set _____ for when and how employees can use personal equipment in the workplace.

A

rules

23
Q

__________ ________policies help prevent sensitive information from being left unattended on desks.

A

Clean desk

24
Q

Effectively communicating ________and ________ to users is crucial for ensuring compliance and security awareness.

A

policies; regulations

25
Q

Making security awareness training _______ and ________ can improve retention of important information.

A

engaging; interactive

26
Q
A