8) Human Element Security Flashcards

1
Q

Persuading a targeted victim to perform some action or release information to you because of the fake identity you have created.

A

Pretexting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Taking advantage of entering a secured access control point without having proper credentials by following someone with the credentials.

A

Tailgating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An email well researched to look authentic and appear to come from someone the recipient knows and trusts.

A

Spear phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An email designed to trick the recipient into clicking a web link, but the majority of these attacks are seen as fake by the potential victims.

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What type of control is the following security action:

The policy to stop tailgating activity.

A

Administrative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of control is the following security action:

A list of personal devices and instructions for connecting them at work.

A

Administrative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What type of control is the following security action:

A camera captures all activity at the server room entrance.

A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of control is the following security action:

On log in, the password is checked for strength and the time since the last password change.

A

Technical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What type of control is the following security action:

A laptop computer that automatically uses a secured VPN to access the corporate network.

A

Technical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A technique used by an attacker that relies on the willingness of people to help others.

A

Social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A technique involving a fake identity and a believable scenario that elicits the target to give out sensitive information or perform some action which they would not normally do for a stranger.

A

Pretexting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A social engineering technique that uses electronic communications to convince a potential victim to give out sensitive information or perform some action.

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A social engineering technique that targets a specific company, organization, or person, and involves knowing specifics about the target to appear valid.

A

Spear phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A method by which a person follows directly behind another person who authenticates to the physical access control measure, thus allowing the follower to gain access without authenticating.

A

Tailgating (piggybacking)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A program that seeks to make users aware of the risk they are accepting through their current actions and attempts to change their behavior through targeted efforts.

A

SATE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SATE is a program that seeks to make users aware of the risk they are accepting through their current actions and attempts to change their behavior through targeted efforts. What does SATE stand for?

A

Security Awareness, Training, and Education

17
Q

Which social engineering technique involves impersonating someone else to convince the target to perform some action that they wouldn’t normally do for a stranger?

A

Pretexting

18
Q

You swipe your key card to gain access to a secure area of the building. As you pass through the door, you notice someone right behind you. You don’t recall that he was walking behind you a moment ago, nor do you see a key card in his hand. What social engineering technique is demonstrated in this example?

A

Tailgating

19
Q

Which of the following is NOT a best practice for password security?

a) Enforcing complex password requirements
b) Creating a password policy
c) Educating users on password management
d) Teaching users how to manually sync passwords between systems
e) Forcing password expiration intervals.

A

d) Teaching users how to manually sync passwords between systems

20
Q

Your IT department has implemented a comprehensive defense in depth strategy to protect your company resources. The buildings are protected by key card swipes and video surveillance, logins and passwords are required for access to any digital resource, and your network and workstation equipment is properly configured, patched, and protected. Policies are in place to recover from any major security risk. What single entity can invalidate all of these efforts?

A

A person

21
Q

Which of the options below is an example of an effective Security Awareness, Training, and Education strategy?

a) A periodic email that references the Employee Handbook and includes a link to a required quiz.
b) A 3-hour CBT course with a completion certificate, required yearly.
c) A daily “security check” question that, if answered correctly, enters the user into a giveaway.
d) A biannual conference room training session that offers free coffee and is four hours long.

A

c) A daily “security check” question that, if answered correctly, enters the user into a giveaway.

22
Q

What does an SATE strategy stand for?

A

Security Awareness, Training, and Education.