Social Engineering and Security Fundamentals Flashcards
What does CIA stand for in the CIA Triad?
Confidentiality, Integrity, and Availability
What is a vulnerability?
A weakness (i.e. software bug and default settings)
What is a threat?
An event that violates the CIA Triad (i.e. Malware, Phishing Scam, and Hackers)
What is an attack?
An exploitation of vulnerabilities (i.e. Network Attacks and Application Attacks)
Define Social Engineering.
Someone attempting to trick an individual in order to get credentials or either physical or virtual access to resources.
Define Phishing.
Contacting a person as if you are a representative of their company or another reputable company in order to get personal information.
What is Vishing?
Phishing with voice over IP or phone
What is Smishing?
Phishing with SMS text
What is Spear Phishing?
Phishing targeted at certain companies
What is Whaling?
Phishing targeting those with higher levels of authority (i.e. CEOs, network admins)
What is Pharming?
Redirecting an end user to a site that is installed on their PC, usually in the DNS cache
What is a Watering Hole attack?
Spoofing one website that you know a lot of people from a certain organization will be going to
What is Credential Harvesting?
Using a watering hole attack or another method to harvest credentials likely with the intent to sell them
What is Typo Squatting?
Registering URLs that are slightly off from the original site to take advantage of typos to send people to malicious sites
Name FOUR physical social engineering techniques:
Dumpster diving, Shoulder Surfing, Tailgating, and Pretexting (using pre thought up stories)
