Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Comptia A+ Core 2 > Social Engineering Attacks( Comptia Objective 2.5) > Flashcards

Social Engineering Attacks( Comptia Objective 2.5) Flashcards

1
Q

When it comes to Social Engineering what makes it so difficult to manage?

A
  • It is constantly changing. You never know what they’ll use next.
  • May involve multiple people and involve multiple organizations. There are ties connecting many organizations
  • May be in person or electronic( Phone calls from aggressive “ customers” ), Emailed funeral notifications of a friend or associate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What exactly is Social engineering and what are some of it’s principles?

A
  • Authority. the social engineer is in charge. E.G. “ Hi I’m calling from the help desk/office of the CEO/police”
  • Intimidation. There will be bad things that happen if you don’t help. E.G. “ If you don’t help me, the payroll checks won’t be processed”
  • Consensus/ Social Proof. Convince based on what’s normally expected. E.G. your co-worker Jill did this for me last week.
  • Scarcity. The situation will not be this way for long, must make the change before time expires.
  • Urgency. Works alongside scarcity. “ Act quickly, don’t think”
  • Familiarity/ Liking. Someone you know, we have common friends etc.
  • Trust( Someone who’s safe) . “ I’m with IT, and I’m here to help”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is phishing and how does it work?

A
  • Social engineering with a touch of spoofing. Often delivered by spam, IM, etc. Very remarkable when well done. Essentially tricks you into providing personal information.
  • Can be fake websites posing as trusted ones. Don’t be fooled! Check the URL in the address bar.
  • Usually there’s something not quite right( Spelling, fonts, graphics etc)
  • Another type of phishing that occurs over the phone is known as “Vishing”. Fake security checks or bank updates etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Spear phishing and how does it work?

A
  • Phishing with inside information( Makes the attack more believable). Note spear phishing the CEO is “whaling”
  • An example of a phishing scheme would be Epsilon event that occurred in April 2011. Less than 3000 email addresses attacked. 100% of email operations staff. Downloaded anti-virus disabler, keylogger and remote admin tool
  • April 2011 Oak Ridge National Laboratory
    Email from the “ Human Resources Department”. 530 employees targetted, 57 people clicked, 2 were infected. Data was downloaded, servers infected with malware.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is impersonation and how does it work?

A
  • Pretend to be someone you aren’t. ( Halloween for fraudsters)
  • Use some of those details you got from a dumpster. “You can trust me, I’m with your help desk”
  • Attack the victim as someone higher in rank( Office of the vice president of Scamming)
  • Throw tons of technical details around. “ Catastrophic feedback due to the depolarization of the differential magnetometer”
  • Be a buddy. “ How about those Cubs? “
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is shoulder surfing and how can it be used to gain access to your sensitive data?

A
  • You have access to important information. Many people want to see this data. Be it for sake of curiosity, industrial espionage, competitive advantage
  • This is surprisingly easy. Places such as Airports/ flights, hallway facing monitors, coffee shops etc.
  • Also people can see what you’re doing from a building across the street using binoculars or a Telescope( Easy in the big city)
  • Webcam monitoring.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is tailgating and what are some examples of it in use?

A
  • Use someone else to gain access to a building without an access card( not an accident)
  • In Johnny Long’s book “ No Tech Hacking” he talks about people who use clothing to blend in, or use a 3rd party with a legitimate reason to be in the building such as a Telephone installation guy when there is work being done on the lines. Other example could be somebody carrying a box of donuts and then somebody lets them in
  • Once they are inside there’s little to stop you( Most security stops at the border)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is dumpster diving?

A
  • a Dumpster is a mobile garbage can. Called a Dumpster due to the brand name in the US
  • Important information thrown out with the trash( Thanks for bagging your trash for me)
  • Gather details that can be used for a different attack( Impersonate names, use phone numbers etc)
  • Timing is important. Just after month end, end of quarter etc
  • An important thing to note about dumpster diving is that in the US it is perfectly legal to dive into the dumpster and take whatever is there unless it’s on private property. Any questions talk to a legal professional.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Comptia A+ Core 2 (57 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions