Practice Test 1 Flashcards

1
Q

smishing

A

Smishing is a type of phishing attack that occurs via SMS (Short Message Service) or text message. Attackers use deceptive text messages to trick recipients into revealing sensitive information or clicking on malicious links.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The practice of using a telephone system to manipulate user into disclosing confidential information is known as:

A

Vishing

During a vishing attack, attackers may impersonate trusted entities such as banks, government agencies, or tech support representatives. They use various tactics to manipulate their victims, such as creating a sense of urgency or fear, offering fake incentives, or pretending to have important information about the victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SPIM AND SPIT

A

SPIM stands for “Spam over Instant Messaging,” referring to unsolicited messages sent through instant messaging (IM) platforms. SPIM is similar to email spam but occurs within instant messaging applications.

SPIT stands for “Spam over Internet Telephony,” which involves unsolicited, unwanted, or irrelevant advertising messages sent over internet telephony, such as VoIP (Voice over Internet Protocol) calls. SPIT can be disruptive and intrusive, much like email spam or telemarketing calls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Phishing scams targeting a specific group of people are referred to as:

A

spear phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

“Dumpster diving”

A

Sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Pharming

A

Pharming is a cyber attack where attackers redirect website traffic to a fraudulent website by altering the DNS (Domain Name System) records or by compromising a DNS server. This can lead users to unwittingly disclose sensitive information, such as usernames, passwords, or financial details, to the attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Tailgating

A

Tailgating, also known as piggybacking, is a physical security threat where an unauthorized person follows an authorized individual into a restricted area or facility without proper authentication or authorization. This often occurs when someone holds the door open for another person without verifying their identity or credentials, allowing them to gain unauthorized access to a secure area.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Elicitation

A

Elicitation is a social engineering technique used by attackers to gather information from individuals or organizations through casual conversation, manipulation, or other means without raising suspicion. Attackers use elicitation to extract sensitive information, such as passwords, company policies, or security procedures, by exploiting human psychology and communication skills.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

bracketing

A

Bracketing is a technique used in penetration testing or ethical hacking where varying degrees of attacks are launched against a target system to identify its vulnerabilities and weaknesses. This involves testing the system with both low-impact and high-impact attacks to assess its resilience and potential points of entry for malicious actors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Confidential bait

A

“Confidential bait” is a social engineering tactic where attackers use fake or enticing information, often presented as confidential or sensitive, to manipulate individuals into divulging valuable information or taking specific actions. This could include enticing emails or messages claiming to contain privileged information or insider knowledge, designed to trick recipients into providing sensitive data or performing actions that compromise security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Deliberate false statements

A

“Deliberate false statements” are intentionally misleading or untrue statements made with the intention to deceive or mislead others. In the context of security, this could involve attackers spreading false information to manipulate individuals or organizations into taking actions that compromise their security or divulging sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Whaling

A

Whaling is a type of phishing attack that specifically targets high-profile individuals or executives within an organization. Attackers aim to deceive these individuals into divulging sensitive information, such as login credentials or financial data, or to trick them into performing certain actions that could compromise the organization’s security. Whaling attacks often involve sophisticated social engineering techniques tailored to the target’s role and responsibilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

typosquatting

A

Typosquatting, also known as URL hijacking, is a malicious practice where attackers register domain names that are similar to legitimate websites but contain typographical errors or common misspellings. The goal is to capitalize on user mistakes when typing a website address into a browser, leading them to the attacker’s fraudulent website instead of the intended destination. Typosquatting can be used for various nefarious purposes, including phishing, malware distribution, or collecting sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

virus hoax

A

A virus hoax is a false warning or alarm about a non-existent computer virus or malware threat. These hoaxes typically spread through email, social media, or online forums, often containing exaggerated or entirely fabricated claims about the capabilities or effects of a supposed virus. Virus hoaxes can cause unnecessary panic, waste resources as users attempt to mitigate non-existent threats, and sometimes even lead to the installation of actual malware as users download fake security software in response to the hoax.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

watering hole attacks

A

Watering hole attacks are a type of cyber attack where attackers compromise websites that are frequently visited by their intended targets. The goal is to infect the visitors’ devices with malware by exploiting vulnerabilities in their browsers or plugins. This technique allows attackers to target specific groups or organizations by compromising websites they are likely to visit, hence the analogy to predators waiting near a watering hole for their prey.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as:

A

malware

17
Q

malware vs spyware

A

Malware is a broad term referring to any type of malicious software designed to harm or infiltrate computer systems. Spyware, on the other hand, is a specific type of malware that is designed to secretly gather information from a computer or network without the user’s knowledge or consent. While all spyware is a type of malware, not all malware functions specifically as spyware.

18
Q

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called:

A

a worm

19
Q

prepending

A

Prepending is a technique used in malware distribution where malicious code or data is added to the beginning (or “prepended”) of a legitimate file, such as an executable or a document. This allows the malware to execute or be activated when the legitimate file is opened or executed, potentially compromising the system or spreading further malware.

20
Q

data url phishing

A

Data URL phishing involves using data URLs to host phishing content. Data URLs allow embedding data directly into the URL itself, rather than referencing external resources. Attackers may use data URLs to host phishing pages or malicious content, making it appear as though the content is part of a legitimate website. Users might be tricked into interacting with these URLs, thinking they are safe, when in fact, they lead to fraudulent or malicious content designed to steal sensitive information or compromise security.

21
Q
A