Chapter 1 Threats, Attacks, and Vulnerabilities

Question 1

What is Social Engineering?

Answer 1

An attack against a user, and typically involves some form of social interaction

Question 2

What is Phishing?

Answer 2

A type of social engineering in which an attacker attempts to obtain sensitive information from users by masquerading as a trusted entity in an email or instant message

Question 3

What is Smishing?

Answer 3

An attack using Short Message Service (SMS) on victims cell phones

Question 4

What is Vishing?

Answer 4

A variation of phishing that uses voice communication technology to obtain the information the attacker is seeking

Question 5

What is Spam?

Answer 5

Bulk unsolicited email

Question 6

What is Spam over Instant Messaging (SPIM)?

Answer 6

Spam delivered via an instant messaging application

Question 7

What is Spear Phishing?

Answer 7

A phishing attack that targets a specific person or group of people with something in common

Question 8

What is Dumpster Diving?

Answer 8

The process of going through a targets trash in hopes of finding valuable info that might be used in a penetration attempt

Question 9

What is Shoulder Surfing?

Answer 9

The process of looking over the shoulder of the target while they input sensitive and private information into a form or website login etc.

Question 10

What is Pharming?

Answer 10

Consists of misdirecting users to fake websites made to look official

Question 11

What is Tailgating (piggybacking)

Answer 11

The simple tactic of following closely behind a person who has just used their own access card or PIN to gain physical access to a room or building

Question 12

What is Whaling?

Answer 12

Custom built attacks when the target is ahigh-value person, such as a CEO

Question 13

What is Prepending?

Answer 13

The act of adding something else to the beginning of an item, In social engineering adding something like stating that they were sent by the targets boss

Question 14

What is Identity Fraud?

Answer 14

The use of fake credentials to achieve an end

Question 15

What are Invoice Scams?

Answer 15

Use of a fake invoice in an attempt to get a company to pay for things it has not ordered

Question 16

What is Credential Harvesting

Answer 16

Involves the collection of credential information, such as user IDs, passwords, and so on, enabling an attacker a series of access passes to the system

Question 17

What is Reconnaissance?

Answer 17

The actions of surveying a battlefield to gain information prior to hostilities

Question 18

What is impersonation?

Answer 18

An attacker assumes a role that is recognized by the person being attacked

Question 19

What is a watering hole attack?

Answer 19

The infecting of a target website with malware

Question 20

What is typosquatting?

Answer 20

An attack form that involves capitalizing upon common typographical errors

Question 21

What is pretexting?

Answer 21

A form of social engineering in which the attacker uses a narrative to influence the victim into giving up some item of information

Question 22

What is an influence campaign?

Answer 22

The use of collected info and selective publication of material to key individuals in an attempt to alter perceptions and change peoples minds on a topic

Question 23

What is intimidation?

Answer 23

Can be either subtle, through perceived power, or more direct, through the use of communications that build an expectation of superiority

Question 24

What is a Consensus?

Answer 24

A group wide decision