Social Engineering

Question 1

Manipulates a user into revealing confidential information that are
detrimental to that user or the security of our systems

Answer 1

Social Engineering

Question 2

A person who works for or with your organization but has ulterior
motives

Answer 2

Insider Threat

Question 3

An attempt to fraudulently obtain information from a user (usually by
email)

Answer 3

Phishing

Question 4

An attempt to fraudulently obtain information from a user, usually by
email that targets a specific individual

Answer 4

Spear Phishing

Question 5

A form of spear phishing that directly targets the CEO, CFO, CIO, CSO, or
other high-value target in an organization

Answer 5

Whaling

Question 6

Phishing conducted over text messaging (SMS)

Answer 6

Smishing

Question 7

Phishing conducted over voice and phone calls

Answer 7

Vishing

Question 8

Phishing attempt to trick a user to access a different
or fake website (usually by modifying hosts file)

Answer 8

Pharming

Question 9

When a thief attempts to take responsibility for a shipment by diverting
the delivery to a nearby location

Answer 9

DiversionTheft

Question 10

Attempt at deceiving people into believing that something is false when it
is true (or vice versa)

Answer 10

Hoax

Question 11

When a person uses direct observation to obtain authentication
information

Answer 11

Shoulder Surfing

Question 12

When a person uses direct observation to “listen” in to a conversation

Answer 12

Eavesdropping

Question 13

When a person scavenges for private information in garbage containers

Answer 13

Dumpster Diving

Question 14

When a malicious individual leaves malware-infected removable media
such as a USB drive or optical disc lying around in plain view

Answer 14

Baiting

Question 15

When an unauthorized person tags along with an authorized person to
gain entry to a restricted area

Answer 15

Piggybacking

Question 16

When an attacker figures out where users like to go, and places malware
to gain access to your organization

Answer 16

Watering Hole Attack

Question 17

The wrongful or criminal deception intended to result in financial or
personal gain

Answer 17

Fraud

Question 18

The use by one person of another person’s personal information, without
authorization, to commit a crime or to deceive or defraud that other
person or a third person

Answer 18

Identity Fraud

Question 19

A fraudulent or deceptive act or operation

Answer 19

Scam

Question 20

A scam in which a person is tricked into paying for a fake invoice for a
service or product that they did not order

Answer 20

Invoice Scan

Question 21

A technical method used in social engineering to trick users into entering
their username and passwords by adding an invisible string before the
weblink they click

Answer 21

Prepending

Question 22

The collection of tactical information about an adversary as well as the
dissemination of propaganda in pursuit of a competitive advantage over
an opponent

Answer 22

Influence Operations

Question 23

A military strategy which employs political warfare and blends
conventional warfare, irregular warfare and cyberwarfare with other
influencing methods, such as fake news, diplomacy, and foreign electoral
intervention

Answer 23

Hybrid Warfare

Question 24

Policy where all employees must put away everything from their desk at
the end of the day into locked drawers and cabinets

Answer 24

Clean Desk Policy