Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cybersecurity Exam Flashcards > Security Plus - Chapter 4 > Flashcards

Security Plus - Chapter 4 Flashcards

1
Q

Social Engineering

A

The practice of manipulating people through a variety of strategies to accomplish desired actions. Influencing users to take actions they may not have taken without coercion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Authority Principle

A

A social engineering principle that relies on the fact an individual will obey someone who appears to be in charge or knowledgeable and coerces a person to perform a requested action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Intimidation Principle

A

A social engineering principle that relies on scaring or bullying an individual into taking a desired action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Consensus-Based Principle

A

A social engineering principle that coerce people to want to do what others are doing and persuade them to take an action. Also known as social proof. Others are doing it, so you should too.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Scarcity Principle

A

A social engineering principle that make something look more desirable because others are not provided this option or there is limited available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Familiarity-Based Principle

A

A social engineering principle that relies on you liking the individual or even the organization the individual claims to represent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Trust Principle

A

A social engineering principle that relies on a connection with the individual they are targeting. They work to build a connection with the individual until they are ready to get the person to perform an action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Urgency Principle

A

A social engineering principle that creates a feeling that an action must be taken quickly due to some reason.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Phishing

A

A social engineering technique that describes the fraudulent acquisition of information, often focused on credentials like usernames and passwords, as well as sensitive personal information like credit card numbers and related data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Vishing

A

A social engineering technique via voice or voicemail messages. Phone calls to targets that get a person to disclose information like their username and password to an attacker pretending to be a support personnel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Smishing

A

Social engineering technique that uses text messages to attempt to gain private information about the target.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Misinformation and Disinformation

A

A social engineering technique that overloads social media, email, and other online media platforms to push information to users with an agenda that the attacker is trying to pursue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

TRUST Process

A

To combat misinformation and disinformation, CISA recommends to use the 5 step TRUST process to determine what is correct information.
1. Tell your story
2. Ready your team
3. Understand and assess MDM
4. Strategize a response
5. Track the outcomes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

CISA Recommendations for Preparedness

A
  1. Assessing the information environment.
  2. Identifying any vulnerabilities
  3. Fortifying communication channels
  4. Engaging in proactive communication
  5. Developing an incident response plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Impersonation

A

A social engineering technique where the attacker is pretending to be someone else.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Identity Fraud

A

The use of someone else’s identity for malicious purpose.

17
Q

Business Email Compromise

A

A social engineering technique using apparently legitimate email addresses to conduct scams and other attacks.

18
Q

Pretexting

A

A social engineering technique using made-up scenarios to justify why you are requesting information from an individual. Thwarted using verification requirements or validation.

19
Q

Watering Hole Attacks

A

A social engineering technique using websites that targets frequent and convince those users to provide information from the site. Compromising an ad on the site and embedding malware in the advertisement.

20
Q

Brand Impersonation

A

A social engineering technique that uses emails from a legitimate brand or a website that mimics a legitimate website and embeds phishing links in those emails or sites that targets click on and provide personal information.

21
Q

Typosquatting

A

A social engineering technique that uses mistyped web URL’s and driving traffic to their illegitimate sites to drive sales of their similar products.

22
Q

Brute Force Attack

A

A password attack that the attacker iterates through passwords until they find one that allows access.

23
Q

Password Spraying Attack

A

A password attack that uses a small number of passwords but attempts access to a large number of accounts.

24
Q

Dictionary Attack

A

A password attack that uses a list of words and iterates those words attempting to access.

25
Q

Hash

A

A one-way cryptographic function that takes an input and generates a unique and repeatable output from that input.

Cybersecurity Exam Flashcards (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions