5 - Human Aspects in Cyber Security

Question 1

Social Engineering

Answer 1

Manipulate people to execute an attack

Question 2

Attack Lifecycle for Social Engineering

Answer 2

• Information Gathering
• Relationship Development
• Exploitation
• Execution to achieve the objective

Question 3

Information Gathering methods

Answer 3

• Reconnaissance (social media, public info etc)
• Public info
• Social media
• Dumpster diving
• Cold Calling

Question 4

Impersonation

Answer 4

Impersonating a TRUSTED member in regards to security and tech etc.

Question 5

2 Common Social Media Scams

Answer 5

• Fake logins, articles, groups etc
• Catfishing

Question 6

Road Apples

Answer 6

Eg bait with desirable info.

Aim to get user to open it

Question 7

Pretexting

Answer 7

inventing a scenario to gain access to information

Question 8

Phishing

Answer 8

Emails/phone calls that appear legitimate with a sense of urgency

Question 9

Shoulder Surfing

Answer 9

Someone “eyeing” sensitive information without the person realising

Question 10

Dumpster Diving

Answer 10

Going through someone’s rubbish/trash

Question 11

4 Data classifications

Answer 11

Public Use
Internal Use
Confidential
Top Secret

Question 12

4 examples of Access Segregation

Answer 12

Controls
MFA
Restrict physical access
Guards

Question 13

Why are screensavers useful?

Answer 13

They can be used to repeatedly remind users of policy