Mod 2 Attack Types

Question 1

Password Attack

Answer 1

An attempt to access password-secured devices, systems, network, or data. (i.e. Brute force, Rainbow table).

Related to “Communication and Network Security” domain.

Question 2

Social Engineering Attack

Answer 2

A manipulation technique that exploits human error to gain private information, access, or valuables. (i.e. Phishing, Smishing, Vishing, Spear phishing, Whaling, Social media phishing, BEC, Watering hole attack, USB bating, Physical social engineering).

Related to “Security and Risk Management” domain.

Question 3

Physical Attack

Answer 3

A security incident that affects not only digital but also physical environments where the incident is employed. (i.e. Malicious USB cable, Malicious flash drive, Card cloning and skimming)>

Related to “Asset Security’ domain.

Question 4

Adversarial Artificial Intelligence

Answer 4

A technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently.

Related to both “Communication and Network Security” and the “Identity and Access Management” domains.

Question 4

Supply-chain Attack

Answer 4

Targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed.

Related to many domains, but commonly related to the “Security and Risk Management”, “Security Architecture and Engineering”, and “Security Operations” domains.

Question 5

Cryptographic Attack

Answer 5

Affects forms of communication between a sender and intended recipient. (i.e birthday, collision, downgrade).

Related to “Communication and Network Security” domain.