Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ > Attacks > Flashcards

Attacks Flashcards

1
Q

Social Engineering

A

An attack against a user, and typically involves some form of social interaction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Phishing

A

A type of social engineering in which an attacker attempts to obtain sensitive information from users by masquerading as a trusted entity in an e-mail or instant message sent to a large group of often random users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Spear phishing

A

The term that has been created to refer to a phishing attack that targets a specific group with something in common.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Whaling

A

An attack where a target is a high-value person, such as a CEO or CFO.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Vishing

A

A variation of phishing that uses voice communication technology to obtain the information the attacker is seeking.

Users are unaware that attackers can spoof (simulate) calls from legitimate entities using Voice over IP (VoIP) technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Tailgating

A

When an unauthorized person follows closely behind an authorized person into a restricted area without permission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Piggybacking

A

When an unauthorized person follows an authorized person into a restricted area with permission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Mantrap

A

A more sophisticated countermeasure to piggybacking, which utilizes two doors to gain access to the facility. The second door does not open until the first one is closed, and the doors are closely spaced so that an enclosure is formed that only allows one individual through at a time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Impersonation

A

A common social engineering technique and can be employed in many ways. It can occur in person, over a phone, or online.

Impersonations can occur in a variety of manners, from third parties, to help desk operators, to vendors, or even online sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Third-party authorization

A

Using previously obtained information about a project, deadlines, bosses, and so on, the attacker arrives with 1) something the victim is quasi-expecting or would see as normal, 2) uses the guise of a project in trouble or some other situation where the attacker will be viewed as helpful or as someone not to upset, and 3) they name-drop “Mr. Big,” who happens to be out of the office and unreachable at the moment, avoiding the reference check.

These actions can create the appearance fo a third-party authorization, when in fact there is none.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Help desk/Tech support

A

Calls to or from help desk and tech support units can be used to elicit information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Contractors/Outside parties

A

When a social engineer dresses up as a contractor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Online attacks

A

Some older forms, such as pop-up windows, tend to be less effective today because users are wary of them. Yet phishing attempts via e-mail and social media scams abound.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Defenses

A

In all of the cases of impersonation, the best defense is simple–have processes in place that require employees to ask to see a person’s ID before engaging with them if employees do not personally know them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Dumpster diving

A

The process of going through a target’s trash in hopes of finding valuable information that might be used in a penetration attempt.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Shoulder surfing

A

When the attacker simply looks over the shoulder of the user at work, sets up a camera, or uses binoculars to observe sensitive information on a form, keypad, or keyboard.

The attacker can attempt to obtain information such as
can attempt to obtain information such as a PIN at an automated teller machine (ATM), an access control entry code at a secure gate or door, or a calling card or credit card number.

17
Q

Hoax

A

At first glance, it might seem that a hoax related to security would be considered a nuisance and not a real security issue. This might be the case for some hoaxes, but the reality of the situation is that a hoax can be very damaging if it causes users to take some sort of action that weakens security.

18
Q

Watering Hole Attack

A

Involves the infecting of a target website with malware.

These are not simple attacks, yet they can be very effective at delivering malware to specific group of end-users.

19
Q

Social Engineering Principles

A

Social engineering is very successful for two general reasons:

1) The basic desire of most people to be helpful.
2) Individuals normally seek to avoid confrontation and trouble.

20
Q

Tools

A

The tools in a social engineer’s toolbox are based on a knowledge of psychology and don’t necessarily require a sophisticated knowledge of software or hardware.

21
Q

Authority

A

If an attacker can convince a target that he has authority in a particular situation, he can entice the target to act in a particular manner or risk adverse consequences.

22
Q

Intimidation

A

Can be either subtle, through perceived power, or more direct, through the use of communications that build an expectation of superiority.

CompTIA Security+ (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions