Social Engineering and Other Foes (Ch. 10)

Question 1

A control implemented through administrative policies or procedures.

Answer 1

administrative control

Question 2

A physical security deterrent used to protect a computer.

Answer 2

cable lock

Question 3

Server room aisles that blow cold air from the floor or aisles in which the fronts of the devices face the AC ouput

Answer 3

cold aisles

Question 4

Gap controls that fill in the coverage between other types of vulnerability mitigation techniques.

Answer 4

compensating controls

Question 5

Processes or actions used to respond to situations or events.

Answer 5

control

Question 6

Technical, physical, or administrative measures in place to assist with resource management.

Answer 6

control types

Question 7

Getting rid of/destroying media no longer needed.

Answer 7

data disposal

Question 8

Controls that are intended to identify and characterize an incident in progress (for example, sounding the alarm and alerting the administrator).

Answer 8

detective control

Question 9

Looking through trash for clues often in the form of paper scraps to find users passwords and other pertinent information.

Answer 9

dumpster diving

Question 10

An electrically conductive wire mesh or other conductor woven into a cage that surrounds a room and prevents electromagnetic signals from entering or leaving the room through the walls.

Answer 10

Faraday cage

Question 11

The act of stopping a fire and preventing it from spreading.

Answer 11

fire suppression

Question 12

Typically, an email message warning of something that isn’t true, such as an outbreak of a new virus. A hoax can send users into a panic and cause more harm than the virus.

Answer 12

hoax

Question 13

A server room aisle in which the hot air exhaust of devices face the warm air return of an AC

Answer 13

hot aisles

Question 14

Pretending to be another person to gain information.

Answer 14

impersonation

Question 15

The process of determining what information is accessible, to what parties, and for what purposes.

Answer 15

information classification

Question 16

A device, such as a small room, that limits access to one or a few individuals.

Answer 16

mantrap

Question 17

The correct method of extinguishing a fire with an extinguisher: Pull, Aim, Squeeze, and Sweep.

Answer 17

PASS method

Question 18

Security set up on the outside of the network or server to protect it.

Answer 18

perimeter security

Question 19

ard required of federal employees and contractors to gain access (physical and logical) to government resources.

Answer 19

Personal Identity Verification (PIV) C

Question 20

Information that can be uniquely used to identify, contact, or locate a single person. Examples include Social Security number, driver’s license number, fingerprints, and handwriting.

Answer 20

personally identifiable information (PII)

Question 21

A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request.

Answer 21

phishing

Question 22

ontrols and countermeasures of a tangible nature intended to minimize intrusions.

Answer 22

physical controls C

Question 23

Controls intended to prevent attacks or intrusions.

Answer 23

preventive controls

Question 24

A state of security in which information isn’t seen by unauthorized parties without the express permission of the party involved.

Answer 24

privacy

Question 25

Screens that restrict viewing of monitors to only those sitting in front of them.

Answer 25

privacy filters

Question 26

Cameras that can pan, tilt, and zoom.

Answer 26

PTZ

Question 27

Information that isn’t made available to all and to which access is granted based on some criteria.

Answer 27

restricted information

Question 28

Watching someone when they enter their username, password, or sensitive data.

Answer 28

shoulder surfing

Question 29

An attack that uses others by deceiving them. It does not directly target hardware or software, but instead it targets and manipulates people.

Answer 29

social engineering

Question 30

A form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party.

Answer 30

spear phishing

Question 31

Following someone through an entry point.

Answer 31

tailgating

Question 32

Controls that rely on technology.

Answer 32

technical controls

Question 33

Combining phishing with Voice over IP (VoIP).

Answer 33

vishing

Question 34

Identifying a site that is visited by those that they are targeting, poisoning that site, and then waiting for the results.

Answer 34

watering hole attack

Question 35

Another term for social engineering.

Answer 35

wetware

Question 36

Targeting employees in an organization that would more likely lead to the divulgement of sensitive information. Typically managers, supervisors or high-level executives

Answer 36

whaling