Chapter 04: Social Engineering, Physical and Password Attacks Flashcards

1
Q

_____ is the practice of manipulating people through a variety of strategies to accomplish desired actions.

A

Social Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

______ relies on the fact that most people will obey someone who appears in charge or knowledgeable, regardless if they are or not.

A

Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

____ relies on scaring or bullying an individual into taking a desired action.

A

Intimidation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A ________ social engineering attack uses the fact that people tend to want to do what others are doing to persuade them to take an action.

A

Consensus-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

____ is used for social engineering in scenarios that make something look more desirable because it may be the last one available.

A

Scarcity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

_____ attacks rely on you liking the individual or even the organization the individual is claiming to represent.

A

Familiarity-based attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

____ relies on a connection with the individual they are targeting so they will take actions the hacker wants them to take.

A

Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

_____ relies on creating feeling that the action must be taken quickly due to some reason or reasons.

A

Urgency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which type of social engineering principle uses something like “Everyone else is the department has already clicked on the link.”

A

Consensus based social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

_____ describes the fraudulent acquisition of information, often focused on credentials like usernames and passwords, as well as sensitive personal information like credit card numbers and related data.

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

____ is phishing via SMS messages.

A

smishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

____ is phishing through telephones.

A

vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

____ targets specific individuals or groups in an organization in an attempt to gather desired information or access.

A

Spear Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

_____ targets specific high profiled people, like senior employees, or CFO/CIOs.

A

Whaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Best defense against phishing attacks.

A

Security Awareness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

____ is the process of gathering credentials like usernames and passwords.

A

Credential Harvesting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

_____ is often performed via phishing attacks but may also be accomplished through system compromise resulting in the acquisition of user databases and passwords.

A

Credential Harvesting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Defense against Credential Harvesting

A

Multifactor authentication

19
Q

____ attacks redirect traffic away from legitimate websites to malicious versions.

A

Pharming

20
Q

_____ attacks are done by using misspelled or slightly off URLs compared to their legitimate sites.

A

Typosquatting attacks

21
Q

_____ attacks use websites that are targeted frequently by clients to inject malware to attack the clients.

A

Watering Hole attack

22
Q

____ often employs social engineering techniques to attempt to get recipients to open the message or click on links inside of it. It relies on one underlying truth that if you send enough tempting messages, you will have someone fall for it.

A

Spam

23
Q

_____ describes instance messaging spam.

A

Spam over Instance Message (SPIM)

24
Q

______ is a technique used to gather information without targets realizing they are providing it.

A

Eliciting information

25
Q

Flattery, false ignorance, or even acting as a counselor are all common elements of a(n) ________ effort.

A

elicitation effort

26
Q

______ is the process of using a made-up scenario to justify why you are approaching an individual.

A

Pretexting

27
Q

______ is the use of someone else’s identity.

A

Identity fraud

28
Q

_____ is when you act like someone else.

A

impersonation

29
Q

______ are intentional falsehoods, which comes in a variety of forms ranging from viruses to fake news.

A

Hoaxes

30
Q

______ involves sending fake invoices to organizations in hopes of receiving payment. These can be either physical or electronic and rely’s upon the user not validating whether it is real if the invoice is legitimate.

A

Invoice Scams

31
Q

_____ iterates through passwords until they find one that works.

A

Brute-force

32
Q

____ are a form of brute-force attack that attempts to use a single password or small set of passwords against many accounts.

A

Password Spraying

33
Q

This type of attack iterates through a list of common passwords.

A

Brute-force attack

34
Q

This type of password attack uses attempts to use passwords that may include: common chants for the fans, names of well-known players, and other common terms related to the team, on a sports website.

A

Password Spraying

35
Q

_____ uses a list of words for their attempts.

A

Dictionary attacks

36
Q

What open source tool is good for brute-force dictionary attacks.

A

John the Ripper

37
Q

_____ are an easily searchable database of precomputed hashes using the same methodology as the captured password file. For instance, you can use this to compare against the hashes on a table the hacker is attempting to hack.

A

Rainbow tables

38
Q

_____ attacks focus on capturing information from cards like RFID and magnetic stripe cards often used for entry access.

A

Card Cloning

39
Q

____ attacks are done by using hidden or fake readers or social engineering and hand-held readers to capture cards, then employ cloning tools to use credit cards.

A

Skimming attacks

40
Q

What makes Card Cloning difficult?

A

If cards contain cryptographic signatures and smart chips.

41
Q

Which type of cards are easily clonable?

A

Magnetic Striped and RFID-based cards.

42
Q

______ attempts to compromise devices, systems, or software before it even reaches the organization.

A

Supply Chain Attacks

43
Q

True / False: Malicious USB cables exists. They require dedicated engineering to make them malicious and may not be noticed the same way as USB drives.

A

True