B.3.1 Security+ SY0-601 Domain 1: Attacks, Threats, and Vulnerabilities Flashcards
150 questions (plus some of my own)
Which of the following attacks tricks victims into providing confidential information (such as identity information or logon credentials) through emails or websites that impersonate an online entity that the victim trusts?
Phishing
Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking username and password. The URL in the link is in the .ru top-level DNS domain.
What kind of attack occurred?
Phishing
Which of the following is one of the MOST common attacks on employees?
Phishing
As the security analyst for your organization, you have noticed an increase in emails that attempt to trick users into revealing confidential information. Which web threat solution should you implement to protect against these threats?
Anti-phishing software
Which of the following BEST describes phishing?
A fraudulent email that claims to be from a trusted organization
Which of the following social engineering attacks uses voice over IP (VoIP) to gain sensitive information?
Vishing
Which of the following are functions of gateway email spam filters? (Select two.)
Blocks email from specific senders
Filters messages containing specific content
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as an SMTP relay agent. Which activity could result if this happens?
Spamming
Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?
Spamming
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware.
Which kind of attack has occurred in this scenario?
Spam
As the security analyst for your organization, you have noticed an increase in user computers being infected with malware. Which two solutions should you implement and configure to remedy this problem? (Select two.)
Virus scanner
Spam filters
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?
Spim
Which of the following is susceptible to social engineering exploits?
Instant messaging
Which of the following is considered a major problem with instant messaging applications?
Loss of productivity
You are the security analyst for your organization and have recently noticed a large amount of spim on the company mobile devices. Employees rely on the IM app to communicate with each other.
Which of the following countermeasures should you implement?
Use an IM blocker
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?
Dumpster diving
Which of the following are examples of social engineering attacks? (Select three.)
Shoulder surfing
Impersonation
Keylogging
Which of the following best describes shoulder surfing?
Someone nearby watching you enter your password on your computer and recording it
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords.
Which type of social engineering attack is Fred referring to?
Shoulder surfing
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?
Elicitation
An attack that targets senior executives and high-profile victims is referred to as what?
Whaling
In which phase of an attack does the attacker gather information about the target?
Reconnaissance
Which of the following is a common social engineering attack?
Distributing hoax virus-information emails
Pretending to be somebody else and approaching a target to extract information is called what?
Impersonation