Human Element Security

Question 1

HUMINT

Answer 1

Information that can be gathered by talking to people.

Question 2

OSINT

Answer 2

Information collected from publicly available sources such as job posting, and public records.
Some sources of OSINT are resume and job posting, social media, public records, Google hacking, metadata.

Question 3

Metadata

Answer 3

Data about data that can be found in every file like the timestamps or locations, etc.

Question 4

Geospatial Intelligence(GEOINT)

Answer 4

Geographical information typically from satellites.

Question 5

Measurement & Signature Intelligence(MASINT)

Answer 5

Measurement and signature data from sensors, such as optical and weather readers.

Question 6

Signal Intelligence(SIGINT)

Answer 6

Data gathered by intercepting signals between people and systems.

Question 7

Technical Intelligence (TECHINT)

Answer 7

Intelligence about equipment, technology, and weapons often for the purpose of developing countermeasures.

Question 8

Financial Intelligence (FININT)

Answer 8

Data about financial dealings and transactions of companies and individuals.

Question 9

Cyber Intelligence/Digital Network Intelligence (CYBINT/DNINT)

Answer 9

Information gathered from computer systems and networks.

Question 10

Social Engineering

Answer 10

Manipulate people to gain information or access to facilities by gaining their trust or pretending to be someone they are not.

Question 11

Pretexting

Answer 11

attacker use information they collected to pretend and act as if they are a manager, customer, reporter, co-worker’s family member, or other trusted person. They create a believable scenario that convince their targets to give up sensitive information or perform actions that usually they don’t for strangers.

Question 12

Phishing

Answer 12

a social engineering technique in which an attacker uses electronic communications such as email, texting, or phone calls to collect the target’s personal information or install malware on their system often by convincing the target to click a malicious link.

Question 13

Spear Phishing

Answer 13

To achieve a higher rate of success, attackers may turn to spear phishing which is targeted attacks against specific companies, organizations, or people. In spear phishing the attacker should plan everything strategically and should observe the target so the message appears to come from someone the target would trust such as human resources staff, a manager, the corporate IT support team, a peer or a friend.

Question 14

Tailgaiting/Piggybacking

Answer 14

is following someone through an access control point such as secure door, instead of using the credentials, badge, or key normally needed to enter.

Question 15

Cunning and flattery

Question 16

Impersonating

Answer 16

masquerading as someone else such as a repair technician

Question 17

Dumpster Diving

Answer 17

Searching through trash to gain information from discarded documents.Literally trash to find documents and devices!

Question 18

Spam emails

Answer 18

unsolicited emails, commonly advertising emails, but sometimes phishing and scamming attempts.

Question 19

Email Spoofing

Answer 19

is the forgery of an email header so that the email seems to be sent from a legitimate source.

Question 20

Email pharming

Answer 20

a user will open an email with malware, which then installs malicious code on the user’s PC. Another way is that the malicious code changes the local hosts file on a personal computer and the code redirects any URL clicks to a fraudulent website without knowledge or consent. The website might look like a familiar website like your bank website and when you enter your username and password, they steal the information. It is pharming data.

Question 21

Protocol spoofing

Answer 21

misuse of a network protocol to initiate an attack on a host or network device

Question 22

ARP spoofing

Answer 22

Address Resolution Protocol(ARP) helps computers on a network figure out the MAC address of another computer based on its IP address. ARP poisoning modifies the network’s ARP cache to take over a victim’s MAC address. This allows attacker to receive any data intended for the victim.

Question 23

DNS Spoofing

Answer 23

Domain Name Service(DNS) translates domain names into IP addresses. In DNS spoofing, the attacker alters the DNS records to redirect traffic to a fraudulent website, where further attacks can occur.

Question 24

IP Address Spoofing

Answer 24

is an attack where a malicious user forges a packet’s source IP address and by doing so it impersonates the sending computer.

Question 25

Denial of Service Attack

Answer 25

when an attacker floods a server or other network device to make it unavailable. The server will be overwhelmed so it cannot respond to requests.

Question 26

Distributed Denial of Service Attack

Answer 26

It is DoS attack that is lunched from a large number of malicious machines.
Common types of DoS and DDoS attacks are:
○ Buffer overflows: Sending the server more data than expected.
○ SYN Attack: Exploits the TCP three-way handshake.
Ping of Death: Exploits the ICMP “ping” protocol.

Question 27

Back door attack

Answer 27

When someone creates an alternative way into a system that bypasses its security controls

Question 28

Replay Attack

Answer 28

Similar to a man-in-the-middle, but with a replay attack. The attacker will capture a message sent from a network device to the server. Later, the attacker will send the original, unmodified message to the server, hoping the server would respond thinking the attacker is a valid device. If it does, the attacker created a “trusted” relationship with the server.

Question 29

Weak Encryption Key

Answer 29

Occurs when enough network traffic is captured to allow the key to be broken. Example: WEP encryption.

Question 30

Software Vulnerability Attack

Answer 30

he exploitation of known software vulnerabilities/bugs for malicious purposes.

Question 31

Remote Code Execution Attack

Answer 31

When web applications are improperly coded, attackers can run system-lelvel code for malicious purposes.

Question 32

SQL Injection Attack

Answer 32

attacker manipulates input forms to pass unauthorized SQL to the SQL server database. This allows attacker to drop tables, obtain data, and delete information.

Question 33

Cross-Site Scripting Attack (XSS Attack)

Answer 33

attacker embeds HTML or JavaScript malicious code into a website code. The code executes when a user visits website. Attacker can obtain sensitive data, session cookies and more.