Security, Usability, Psychology Flashcards

1
Q

What are humans weak at?

A
  • Repeating prescribed actions
  • Compartmentalization of tasks
  • Working without context
  • Monitoring of seldom changing events
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are humans strong at?

A
  • Inventing new tools and practices
  • Mixing and matching
  • Helping and learning with others
  • Adapting to new situations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name five authentication factors

A
  • ownership factors
  • knowledge factors
  • inherence factors
  • time-based authentication
  • location-based authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name the 6 key principles of social engineering by Cialdini

A

Reciprocity, Commitment and consistency, Social proof, Authority, Liking, Scarcity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain the principle of “Reciprocity”

A

People tend to return the favor. Example: Nigerian prince scam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain the principle of “Commitment and consistency”

A

If people commit to an ideal or goal they are likely to honor that commitment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Explain the principle of “Social proof”

A

People will do things that they see other people doing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain the principle of “Authority”

A

People will tend to obey authoritative figures, even if asked to perform objectionable tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explain the principle of “Liking”

A

People are easily persuaded by people the like or know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain the principle of “Scarcity”

A

Perceived scarcity will generate demand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the categories of Krombholz’ taxonomy of social engineering?

A

type, operator, channel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What different social engineering types are there?

A

Physical, Social, Technical, Socio-Technical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What different social engineering channels are there?

A

Email, Instant messaging, Telephone / VoIP, social networks, cloud, website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What different social engineering operators are there?

A

human, software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Name 7 different social engineering attack vectors

A

Phishing, Dumpster diving, Shoulder surfing, Reverse social engineering, waterholing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Dumpster diving?

A

Sifting through trash of individuals or companies to find sensitive information

17
Q

What is Shoulder surfing?

A

Using direct observation techniques to gain information, such as looking at a screen over someone’s shoulder

18
Q

What is Reverse social engineering?

A

An attacker gains a victims trust by creating a situation where the attacker helps the victim

19
Q

What is waterholing?

A

Attackers compromise a website that is likely to be visited by victims, wait for the victim at website

20
Q

What is Advanced Persistent Threat?

A

Long-term mostly internet based espionage attack

21
Q

What is Baiting?

A

Malware-infected storage medium is left at a place where it is likely to be found by victims

22
Q

What differentiates Dynamite Phishing from regular Phishing?

A

Personal information is used to make Phishing attack more trustworthy

23
Q

Name 4 countermeasures agains social engineering

A

Training, Security protocols, Standard framework, Event test