CPE-PC 321 Lec 4 Flashcards
What is footprinting?
a. A method for encrypting sensitive data
b. A technique for gathering information about a target system or organization
c. A way to prevent malware infections
d. A method for securing a network
b. A technique for gathering information about a target system or organization
Footprinting is the process of collecting data about a target to identify potential security vulnerabilities.
What are the two types of footprinting?
a. Offensive and Defensive
b. Active and Passive
c. Public and Private
d. Static and Dynamic
b. Active and Passive
Active footprinting involves directly interacting with the target (e.g., scanning).
Passive footprinting gathers publicly available data without direct interaction.
Which tool is commonly used for passive footprinting?
a. Wireshark
b. nslookup
c. Google Search
d. Nmap
c. Google Search
Google searches, WHOIS lookups, and social media monitoring are passive footprinting methods.
What is WHOIS used for?
a. To encrypt email communications
b. To gather domain registration and ownership details
c. To perform penetration testing
d. To secure wireless networks
b. To gather domain registration and ownership details
WHOIS queries provide information about domain registrants, IP addresses, and contact details.
What is social engineering?
a. A method for preventing cyberattacks
b. The manipulation of people to gain confidential information
c. A firewall configuration technique
d. A method of encrypting network traffic
b. The manipulation of people to gain confidential information
Social engineering relies on deception to trick people into revealing passwords, financial details, or other sensitive data.
What is the most common type of social engineering attack?
a. Phishing
b. SQL Injection
c. Denial-of-Service Attack
d. Packet Sniffing
a. Phishing
Phishing tricks users into providing sensitive information through fake emails, websites, or messages.
What is spear phishing?
a. A broad phishing attack targeting many people
b. A targeted phishing attack directed at a specific individual or organization
c. A type of firewall rule
d. A way to scan open network ports
b. A targeted phishing attack directed at a specific individual or organization
Spear phishing is highly personalized and aims at specific users within a company.
What is vishing?
a. A phishing attack conducted over the phone
b. A type of network firewall
c. A secure method for transmitting data
d. A method for scanning network vulnerabilities
a. A phishing attack conducted over the phone
Vishing (voice phishing) tricks victims into revealing sensitive information over phone calls.
What is smishing?
a. A social engineering attack using SMS text messages
b. A method for encrypting emails
c. A technique for securing websites
d. A way to bypass firewalls
a. A social engineering attack using SMS text messages
Smishing (SMS phishing) sends fake text messages with malicious links or requests for personal data.
What is pretexting?
a. A security feature in email applications
b. A social engineering attack where the attacker fabricates a scenario to obtain information
c. A way to secure wireless networks
d. A method for detecting malware infections
b. A social engineering attack where the attacker fabricates a scenario to obtain information
Pretexting involves pretending to be someone else (e.g., IT support) to trick victims into giving up sensitive data.
What is baiting in social engineering?
a. Using a lure (such as a free USB drive) to trick victims into installing malware
b. A method for encrypting passwords
c. A security protocol for network monitoring
d. A type of firewall rule
a. Using a lure (such as a free USB drive) to trick victims into installing malware
Baiting preys on curiosity, convincing victims to interact with malicious files or devices.
What is tailgating (piggybacking)?
a. Gaining physical access to a restricted area by following someone else
b. A form of phishing attack
c. A method for encrypting data
d. A tool used for network monitoring
a. Gaining physical access to a restricted area by following someone else
Attackers use tailgating to enter secure locations without authorization.
What is dumpster diving?
a. Searching through trash for sensitive information
b. A method for detecting network intrusions
c. A penetration testing tool
d. A technique for hiding malware
a. Searching through trash for sensitive information
Attackers retrieve confidential data from discarded documents, hard drives, and storage devices.
What is shoulder surfing?
a. Observing a user’s screen or keyboard to steal sensitive information
b. A method for preventing malware infections
c. A technique used in penetration testing
d. A security feature in modern operating systems
a. Observing a user’s screen or keyboard to steal sensitive information
Shoulder surfers watch users enter passwords, PINs, or other private data.
What is a DNS zone transfer attack?
a. A method to prevent network intrusions
b. A technique for obtaining all DNS records from a domain’s nameserver
c. A way to secure internet communications
d. A firewall rule for blocking IP addresses
b. A technique for obtaining all DNS records from a domain’s nameserver
Attackers can use DNS zone transfers to gather a complete list of hostnames and IP addresses for a target organization.
Which command is commonly used to perform a DNS lookup?
a. nslookup
b. ping
c. ipconfig
d. tracert
a. nslookup
The nslookup command queries DNS records for domain names and IP addresses.
hat is the dig command used for?
a. Encrypting network traffic
b. Performing detailed DNS queries
c. Securing email communications
d. Blocking unauthorized access
b. Performing detailed DNS queries
dig is a Linux-based tool for retrieving DNS records.
What is the goal of competitive intelligence?
a. To conduct cyberattacks on competitors
b. To legally gather public information about competitors
c. To break into competitor networks
d. To perform unauthorized penetration testing
b. To legally gather public information about competitors
Competitive intelligence involves analyzing publicly available data about competitors to gain insights.
What is a web beacon?
a. A hidden tracking element embedded in emails or web pages
b. A tool for encrypting passwords
c. A method for securing online transactions
d. A type of network security scanner
a. A hidden tracking element embedded in emails or web pages
Web beacons track user behavior, such as email opens or website visits.
What is the best defense against social engineering attacks?
a. Strong encryption algorithms
b. Employee security awareness training
c. Firewalls and antivirus software
d. Disabling all internet access
b. Employee security awareness training
Educating employees on recognizing social engineering techniques is the most effective defense.
