8) Human Element Security Flashcards
Persuading a targeted victim to perform some action or release information to you because of the fake identity you have created.
Pretexting
Taking advantage of entering a secured access control point without having proper credentials by following someone with the credentials.
Tailgating
An email well researched to look authentic and appear to come from someone the recipient knows and trusts.
Spear phishing
An email designed to trick the recipient into clicking a web link, but the majority of these attacks are seen as fake by the potential victims.
Phishing
What type of control is the following security action:
The policy to stop tailgating activity.
Administrative
What type of control is the following security action:
A list of personal devices and instructions for connecting them at work.
Administrative
What type of control is the following security action:
A camera captures all activity at the server room entrance.
Physical
What type of control is the following security action:
On log in, the password is checked for strength and the time since the last password change.
Technical
What type of control is the following security action:
A laptop computer that automatically uses a secured VPN to access the corporate network.
Technical
A technique used by an attacker that relies on the willingness of people to help others.
Social engineering
A technique involving a fake identity and a believable scenario that elicits the target to give out sensitive information or perform some action which they would not normally do for a stranger.
Pretexting
A social engineering technique that uses electronic communications to convince a potential victim to give out sensitive information or perform some action.
Phishing
A social engineering technique that targets a specific company, organization, or person, and involves knowing specifics about the target to appear valid.
Spear phishing
A method by which a person follows directly behind another person who authenticates to the physical access control measure, thus allowing the follower to gain access without authenticating.
Tailgating (piggybacking)
A program that seeks to make users aware of the risk they are accepting through their current actions and attempts to change their behavior through targeted efforts.
SATE