Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > Chapter 4 Social Engineering, Physical, and Password Attacks > Flashcards

Chapter 4 Social Engineering, Physical, and Password Attacks Flashcards

1
Q

In Social Engineering attacks, what is the principle of Authority?

A

Authority relies on the fact that most people will obey someone who appears to be in charge or knowledgable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In Social Engineering attacks, what is the principle of intimidation?

A

Intimidation relies on scaring or bullying an individual into taking a desired action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In Social Engineering attacks, what is the principle of consensus?

A

uses the fact that people tend to want to do what others are doing to persuade them to take an action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In Social Engineering attacks, what is the principle of scarcity?

A

used to make something look more desirable because it may be the last one available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In Social Engineering attacks, what is the principle of familarity?

A

relies on you liking the individual or even the organization the individual is claiming to represent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In Social Engineering attacks, what is the principle of trust?

A

like familiarity, trust relies on a connection with the individual being targeted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In Social Engineering attacks, what is the principle of Urgency?

A

Urgency relies on creating a feeling that action must be taken quickly for some reason.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Social engineering: Urgency vs. Scarcity

A

Scarcity - only one left in stock!

Urgency - we need credentials or we’re going to miss out on this business deal!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Social Engineering: Familiarity vs Trust

A

Both rely on connection to the target, but:
familiarity relies on targets thinking something is normal and thus familiar
trust relies on the specific connection to the target

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is phishing?

A

broad term used to describe fraudulent acquisition of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

smishing vs vishing

A

smishing is via SMS, vishing is via telephone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Spear phishing vs Whaling

A

Spear phishing is targeting specific individuals or groups in an organization,
Whaling is targeting specific individuals of high status or position (CEO, CISO, CFO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Best defense against phishing?

A

security best practices, AWARENESS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

pharming vs typosquatting vs watering hole

A
  • Pharming redirects traffic away from legitimate websites to malicious ones,
  • Typosquatting uses similar but subtly different URLs in hopes that people will mistype the legitimate URL and end up at the malicious one.
  • watering hole attacks don’t redirect users, they use websites that targets frequent to attack them. this can be done by compromising the site or deploying malware through an ad network.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

spam/SPIM

A

spam or SPIM (Spam over instant messaging) is unsolicited junk mail, relying on the idea that sooner or later if you send enough shit someone will click it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In Person techniques

A

Dumpster diving
Shoulder surfing
tailgating
eliciting information - technique used to gather information without targets realizing they are providing it or being targeted.

17
Q

Prepending

A
  1. adding an expression of phrase such as “safe” to a set of email headers to fool the user into thinking it’s safe
  2. adding information as a part of another attack to manipulate the outcome
  3. suggesting topics via social engineering to lead the target toward related information the attacker is looking for.
18
Q

Pretexting

A

the process of making up a scenario to justify why you are approaching an individual. often used as part of impersonation to make the attack more believable.

19
Q

Password Attacks

A

Brute force
Password spraying
dictionary attacks - uses a list of words to guide a brute force attack

20
Q

note on password storage

A

“In fact, best practices for password storage don’t rely on encryption; they rely on passwords never being stored and instead using a well-constructed password hash to verify passwords at login.”

21
Q

Malicious flash drive attacks

A

attackers may drop drives in places they are likely to be picked up and plugged in by unwitting victims at their target organization. Sometimes attackers will label the drives with compelling text that makes they more likely to be plugged in: performance reviews, financial planning, etc.

Can be a trojan.

Malicious USB cables exist, but are less common because they require dedicated engineering to build.

22
Q

Card cloning

A

focus on capturing RFID and strip cards used for entry. attackers may also use “skimming” which is a fake reader that captures card data for cloning.

23
Q

Supply chain attacks

A

compromise systems before it reaches an organization

Security+ (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions