Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Pentesting > 4A: Exploit the Human Psyche > Flashcards

4A: Exploit the Human Psyche Flashcards

3.6 Given a scenario, perform a social engineering or physical attack.

1
Q

A social engineering tactic where a team will communicate, whether directly or indirectly, a lie or half-truth in order to get someone to believe a falsehood.

A

Pretexting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Acquiring data from a target in order to launch an attack.

A

Elicitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An impersonation attack in which the attacker gains control of an employee’s account and uses it to convince other employees to perform fraudulent actions.

A

Business Email Compromise (BEC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A malicious communication that tricks the user into performing undesired actions, such as deleting important system files in an attempt to remove a virus, or sending money or important information.

A

Hoax

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Email-based social engineering attack in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A set of tools included in Kali Linux. This tool has built-in features to help you launch a phishing campaign, create a malicious payload, such as a virus, worm, or Trojan, and embed the payload in a PDF.

A

Social Engineers Toolkit (SET)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An impersonation attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website.

A

Pharming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A form of social engineering in which an attacker leaves infected physical media in an area where a victim finds it and then inserts it into a computer.

A

Baiting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An email-based or web-based form of phishing which targets specific individuals.

A

Spear Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.

A

Watering Hole Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An attack that targets the end-to-end process of manufacturing, distributing, and handling goods and services.

A

Supply Chain Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Occurs when malware on a target organization harms an associated (downstream) vendor. At that point the target organization is liable for any damage.

A

Downstream Liability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An attack—also called typosquatting—in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker’s website.

A

URL Hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Social engineering attack where an attacker pretends to be someone they are not.

A

Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Pentesting (56 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions