Chapter 10 - Social Engineering & Other Foes

Question 1

why is social engineering also called wetware?

10 - 355

Answer 1

because it doesn’t require software or hardware, is dependent on the gray matter of the brain

Question 2

tell me the 7 types of social engineering attacks

10 - 356 thru 361

Answer 2

shoulder surfing - watching someone over their shoulder, fight this with privacy filters
dumpster diving - just what it sounds like
tailgating - follow someone through the door they just unlocked
impersonation - can be done in person, over the phone, by email, etc.
hoaxes - phony threats
whaling - phishing or spear phishing for big users
vishing - VoIP phishing

Question 3

there are reasons why social engineering is effective. there are 7 of them. tell me what they are.

10 - 362,363

Answer 3

authority
intimidation
consensus/social proof
scarcity
urgency
familiarity/liking
trust

Question 4

the only preventative measure to combat social engineering is what?

10 - 365

Answer 4

educating yourself and never handing stuff out

Question 5

as far as physical barriers go, your system should have a minimum of 3. tell me what they are.

10 - 367

Answer 5

the perimeter
a door locked by ID badges, prox readers, keys, all for the computer center
a locked door on the computer room

Question 6

tell me 2 types of hardware locks and security

10 - 369

Answer 6

cable lock

safe and locking cabinets

Question 7

how does a mantrap work?

10 - 371

Answer 7

you need visual identification AND authentication to gain access

Question 8

what is the purpose of an access list?

10 - 373

Answer 8

to identify specifically who can enter a facility

Question 9

protected distribution system. tell me what it is.

10 - 376

Answer 9

one in which the network is secure enough to allow for the transmission of classified information in non-encrypted format

so, physical security has been substituted for encryption security

Question 10

what is HVAC?

10 - 378

Answer 10

heating, ventilation, and air conditioning

Question 11

there are 4 types of fire extinguishers. tell me their letters, their use, their retardant composition

10 - 378

Answer 11

a - wood and paper, largely water or chemical
b - flammable liquids, fire-retardant chemicals
c - electrical, non-conductive chemicals
d - flammable metals, varies; type specific

Question 12

tell me the 2 things that most common fixed systems combine

10 - 379

Answer 12

fire detectors

fire-suppression systems

Question 13

what can you use to provide electronic shielding for the computer room?

hint: constant trap

10 - 380

Answer 13

Faraday cage

Question 14

Tell me the difference between EMI and RFI.

10 - 380, 381

Answer 14

EMI will distort the signal in the data cable, and the receiver reads the wrong message or doesn’t read it at all.

RFI adds too much energy to the RF energy pool, and so the receivers become deaf and don’t hear the signal they’re supposed to hear.

Question 15

you are eavesdropping on CRT and LCD displays by detecting their electromagnetic emissions. what is this called?

what’s a good countermeasure for this?

10 - 381

Answer 15

Van Eck phreaking

shielding

Question 16

The U.S. government had a project back in the 50s for reducing electronic noise from devices that would divulge intelligence about systems and information. What was this project called?

10 - 382

Answer 16

TEMPEST

Question 17

In your hot and cold aisles setup, will you find the air conditioning units adjacent to the hot aisles or the cold aisles?

10 - 382

Answer 17

the hot aisles

Question 18

Most fire-suppression systems work off of the concept of removing one of the three elements needed for a fire. tell me the three elements.

10 - 383

Answer 18

heat, fuel, oxygen

Question 19

if your humidity gets too low, electrostatic damage is likely to occur. what’s the humidity percentage that your computer center should never drop below?

10 - 383

Answer 19

50%

Question 20

what is the deterrent security control type?

10 - 384

Answer 20

anything intended to warn a would-be attacker that they should not attack

Question 21

what is the preventive security control type?

10 - 384

Answer 21

stop something from happening

Question 22

what is the detective security control type?

10 - 384

Answer 22

to uncover a violation

Question 23

what is the compensating security control type?

10 - 384

Answer 23

backup controls that come into play when other controls have failed

Question 24

what is the technical security control type?

10 - 384

Answer 24

controls implemented through technology. they can be any of the other types of control EXCEPT for administrative

Question 25

what is the administrative security control type?

10 - 384

Answer 25

comes down through policies, procedures, and guidelines

Question 26

a data policy should be focused on what 4 issues?

10 - 385,386

Answer 26

wiping - data removal
disposing - physical media is discarded
retention - how long do you keep it?
storage - where is the data kept?

Question 27

tell me the 3 steps to destroying a flash drive

10 - 386,387

Answer 27

crack open the drive
turn the chip to powder
finish it off

Question 28

tell me the two frequencies that RFID readers run at.

10 - 367

Answer 28

13.56MHz and 125kHz