Social Engineering and Physical Attacks Flashcards
What is often the weakest link in organizations with the strongest technical barriers and sophisticated security systems?
Humans
What are three layers of physical security?
Monitoring, such as surveillance and guards, Detecting, such as Closed-circuit televisions, cameras, and alarms; and Preventing, such as physical barriers, lighting, mechanical or electrical locking mechanisms.
Which NIST Special Publication provides a list of information security controls that are relevant to federal information systems, as well as organizations in the private sector?
800-53
Which NIST publication provides standards for categorizing information and information systems based on impact levels of low, moderate, and high?
FIPS 99
What is the process of convincing someone to do something for you that they might not ordinarily want to do?
Social Engineering
What technique is used to create a situation that may make a target more willing to comply with the needs of the social engineer? An example might be tricking a security guard into allowing you past an access point with a story like you are physically ill and need to use the restroom.
Pretexting
What is a technique to build trust that involves claiming to be a figure of authority or famous person… or, more subtly, using an available email address the target has never seen before by making it seem similar to an address they have seen.
Impersonation
What are the five influential tactics and techniques used to exploit a target’s trust, as described by the Social Engineering Framework?
Authority, Scarcity, Social Proof, Likeness, and Fear
What is one of the most popular methods used for social engineering attack?
Phishing
Which kind of social engineering attack is a fraud technique delivered through email, phone, or text-message used to obtain sensitive information from a target?
Phishing
What are the three main characteristics of an email phishing attack?
Target, pretext, payload
What kind of phishing uses information about the organization or the individual to attempt to bypass security controls and establish a pretext that is likely to convince the user?
Spear-phishing
What kind of attack targets members of the organization who have elevated authority, such as executives or executive assistants?
Whaling
What kind of attack capitalizes on a target’s trust relationship with websites they commonly visit?
Watering hole attack
What is an open-source Python-based framework for social engineering that is available by default on Kali Linux?
Social-Engineer Toolkit (SET)
