Physical Security

Question 1

Brute Force

Answer 1

Type of attack where access to a system is gained by simply trying all of the
possibilities until you break through

Question 2

Access Control Vestibules

Answer 2

Double-door system that is designed with two doors that are electronically
controlled to ensure that only one door can be open at a given time

Question 3

Piggybacking

Answer 3

Involves two people working together with one person who has
legitimate access intentionally allows another person who doesn’t have
proper authorization to enter a secure area with them

Question 4

Tailgating

Answer 4

Occurs whenever an unauthorized person closely follows someone
through the access control vestibule who has legitimate access into the
secure space without their knowledge or consent

Question 5

RFID

Answer 5

Radio-Frequency Identification

Question 6

NFC

Answer 6

Near-Field Communication

Question 7

FAR

Answer 7

False Acceptance Rate

Question 8

FRR

Answer 8

False Rejection Rate

Question 9

CER

Answer 9

Crossover Error Rate

A balance between FAR and FRR for optimal
authentication effectiveness

Question 10

Access Badge Cloning

Answer 10

Copying the data from an RFID or NFC card or badge onto another card or device

Question 11

Motivational Triggers (social engineering)

Answer 11

1. Authority
2. Urgency
3. Social Proof
4. Scarcity
5. Likability
6. Fear

Question 12

Typosquatting

Answer 12

Form of cyber attack where an attacker will register a domain name that
is similar to a popular website but contain some kind of common
typographical errors

(also known as URL hijacking or cybersquatting)

Question 13

Watering Hole Attack

Answer 13

Targeted form of cyber attack where attackers compromise a specific
website or service that their target is known to use

Question 14

Pretexting

Answer 14

Pretexting gives some amount of information that seems true so that the victim will give
more information

Question 15

BEC

Answer 15

Business Email Compromise

Sophisticated type of phishing attack that usually targets businesses by
using one of their internal email accounts to get other employees to
perform some kind of malicious actions on behalf of the attacker

Question 16

Fraud

Answer 16

Wrongful or criminal deception that is intended to result in financial or personal
gain for the attacker

Question 17

Scams

Answer 17

Fraudulent or deceptive act or operation

Question 18

Misinformation

Answer 18

False or inaccurate information shared without harmful intent

Question 19

Disinformation

Answer 19

Involves the deliberate creation and sharing of false information with the intent to deceive or mislead

Question 20

Diversion Theft

Answer 20

Involves manipulating a situation or creating a distraction to steal
valuable items or information

Question 21

Hoax

Answer 21

Malicious deception that is often spread through social media, email, or
other communication channels

Question 22

Shoulder Surfing

Answer 22

Involves looking over someone’s shoulder to gather personal information

Question 23

Dumpster Diving

Answer 23

Involves searching through trash to find valuable information

Question 24

Baiting

Answer 24

Involves leaving a malware-infected physical device, like a USB drive, in a
place where it will be found by a victim, who will then hopefully use the
device to unknowingly install malware on their organization’s computer
system