J08: Social Engineering (PE) Flashcards
By only visiting websites via a trusted search engine and landing on legitimate pages you avoid drive by downloads entirely.
- True
- False
False
Spear phishing can be differentiated from other types of phishing by their use of the latest news sources to create a believable story.
- True
- False
False
Which DDoS attack spoofs the source address of a broadcast ping packet to overwhelm the victim with ping replies?
- ICMP Flood
- Smurf Attack
- Ping of Death
- None of the above
Smurf Attack
What is the distiguishing feature of a pretexting attack?
- An excuse is devised in advance in case the attacker is caught trespassing.
- A text message is sent beforehand in an attempt to legitimize the attacker’s visitors.
- A story is devised to cast legitimacy and garnish cooperation during the interaction with the victim.
A story is devised to cast legitimacy and garnish cooperation during the interaction with the victim
Which of the following is an attack involving leaving infected data storage devices near areas victims will cross, in hopes they will plug them into systems with valuable information?
- Avenue Avocado
- Court Pear
- Road Apple
- Highway Banana
Road Apple
Which measure(s) could be used to stop a DDoS attack against your device?
- Install an anti-virus
- Make use of an Intrusion Prevention System
- Make your device drop all ICMP packets
- All of the above.
Make your device drop all ICMP packets
What are ways to help prevent pretexting attacks?
- Implement identity verification congruent with the security level being sought.
- Contact the inquisitor’s company by looking them up, and not a number given by the inquisitor.
- Calling your supervisor if unsure of how to proceed.
- All of the above.
All of the above
What does the acronym DoS Stand for?
- Distribution of Server
- Denial of Server
- Destruction of Service
- Denial of Service
Denial of Service
Drive by downloads can occur even on legitimate websites without the hosting party’s knowledge.
- True
- False
True
Which of the following is an indicator that a received e-mail may be a Phishing attempt?
- No introduction or signature blocks in an e-mail.
- A claim that there’s a problem with your account and a link to a website.
- A power failure occurs shortly after opening an e-mail.
- None of the above.
A claim that there’s a problem with your account and a link to a website
What does the acronym DDoS Stand for?
- Distributed Denial of Service
- Denied Distribution of Service
- Distrubition of Denied Service
Distributed Denial of Service
How can you help prevent drive by downloads?
- Use an out of date browser to trick attackers targeting newer software.
- Only use your admin account for program installations.
- Use your admin account at all times so anti-virus scans run with the highest privilege.
- Input IP addresses directly into the URL bar, avoiding compromised DNS servers.
- None of the above.
?
Which of the following measures is least likely to help against infected removable storage devices?
- Disable Autoplay.
- Have an approved software list.
- Enforce anti-virus use.
- Mandate periodic awareness training.
?
Which of the following would not help preventing Phishing attempts?
- Forwarding a suspected e-mail to a colleague to see what he thinks.
- Protecting of accounts by using multi-factor authentication.
- Utilizing security software, such as an anti-virus.
- Forwarding suspected e-mails to the Anti-Phishing Working Group
Forwarding a suspected e-mail to a colleague to see what he thinks
What do Drive-by downloads take advantage of:
- Insecure applications
- Outdated applications
- Vulnerable operating systems
- All of the above
All of the above
