Social Engineering and Physical Security Terminology

Question 1

A physical security deterrent used to protect a computer

Answer 1

Cable lock

Question 2

Used to blow cold air from the floor

Answer 2

cold aisles

Question 3

Looking through trash for clues to find passwords and other pertinent information

Answer 3

Dumpster diving

Question 4

An eletrically conductive wire mesh that surrounds a room and prevents electromagnetic signals from entering or leaving the room.

Answer 4

Fareday cage

Question 5

Typically, an email message warning of something that isn’t true. Used to cause panic and more harm than the virus.

Answer 5

Hoax

Question 6

Pretending to be another person to gain information

Answer 6

Impersonation

Question 7

A device, such as a small room, that limits access to one or few individuals. Typically use eletronic locks and other methods to controll access.

Answer 7

Mantrap

Question 8

Screens that restrict viewing of monitors to only those sitting in front of them.

Answer 8

Privacy Filters

Question 9

Watching someone when they enter their username, password, or sensitive data

Answer 9

Shoulder surfing

Question 10

A form of phishing in which the message is made to look as it came from someone you know and trust.

Answer 10

Spear pishing

Question 11

Following someone through an entry point

Answer 11

Tailgating

Question 12

Attack that combines phishing using Voice over IP (VOIP)

Answer 12

Vishing

Question 13

Phishing large accounts such as directors, administrators or someone important that has access to sensitive data

Answer 13

Whaling

Question 14

If it is possible to convince the person you are attempting to trick that you are in a position of authority, they may be less likely to question your request. That position of authority could be upper management, tech support,
HR, or law enforcement.

Answer 14

Authority

Question 15

Social engineering that can be done with threats,

with shouting, or even with guilt.

Answer 15

Intimidation

Question 16

Putting the person being tricked at ease by putting the focus on them—listening intently to what they are saying, validating their thoughts, charming them—is the key to this element. The name comes from a desire that we all have to be told that we are right, attractive, intelligent, and so forth, and we tend to be fond of those who confirm this for us. By being so incredibly nice, the social engineer convinces the other party that there is no way their intentions could possibly be harmful.

Answer 16

Consensus

Question 17

Convincing the person who is being tricked that there is a limited supply of something can often be effective if carefully done. For example,
convincing them that there are only 100 vacation requests that will be honored
for the entire year and that they need to go to a fictitious website now and fill out
their information (including username and password, of course) if they want to
take a vacation anytime during the current year can dupe some susceptible
employees.

Answer 17

Scarcity

Question 18

Mental guards are often lowered, many times subconsciously, when
we are dealing with other individuals that we like. The “like” part can be gained
by someone having, or pretending to have, the same interests as we do, be
engaged in the same activities, or otherwise working to gain positive attention.

Answer 18

Familiarity

Question 19

Social engeeniering attack when someone does something for you, there is often a feeling that you owe that
person something. For example, to gain your trust, someone may help you out of
a troublesome situation or buy you lunch.

Answer 19

Trust

Question 20

to convince the individual whom they are attempting to trick that time
is of the essence. If they don’t do something right away, money will be lost, a
nonexistent intruder will get away, the company will suffer irreparable harm, or
a plethora of other negative possibilities may occur.

Answer 20

Urgency

Question 21

network security measure used to
ensure that a secure computer network is physically isolated from unsecured
networks. Those “unsecured networks” include both the Internet and any
unsecured local area networks.

Answer 21

Airgap

Question 22

Prevents interference from EMI and RFI sources

Answer 22

shielding