Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
13 Cards in this Set
- Front
- Back
What is:
Shoulder Surfing |
A form of social engineering, it involves watching someone "over their shoulder" when they enter sensitive data.
|
|
What is:
Dumpster Diving |
A common physical access method , it involves looking for sensitive material that was thrown out.
|
|
What is:
Tailgating |
A favorite method of gaining entry to a locked area by following someone through the door they just unlocked.
|
|
What is:
Impersonation |
A method of social engineering that involves any act of pretending to be someone you are not.
|
|
What are:
Hoaxes |
A phony threat, a humorous or malicious deception.
|
|
What is:
Whaling |
A type of social engineering that is no more than phishing or spear phishing for big users.
|
|
What are:
The 7 Principles Behind Social Engineering |
Authority
Intimidation Consensus/Social Proof Scarcity Urgency Familiarity/Liking Trust |
|
What is a:
Deterrent Control |
Anything intended to warn a would–be attacker that they should not attack. This could be a posted warning notice, locks on doors, barricades, lighting, or anything that can delay or discourage an attack.
|
|
What is a:
Preventive Control |
A control that stops something from happening such as locked doors, user training on potential harm, or even biometric devices and guards that can deny access.
|
|
What is a:
Detective Control |
A control that is used to uncover a violation such as an alarm, a file checksum, or antivirus.
|
|
What is a:
Compensating Control |
Backup controls that come into play only when other controls have failed such as an alarm that sounds when a door is jimmied or a backup generator.
|
|
What is a:
Technical Control |
Controls that are implemented through technology, such as IDS, IPS, firewalls, etc.
|
|
What is a:
Administrative Control |
A control that comes down through policies, procedures, and guidelines such as an escalation procedure to be used in the event of a break–in (who to notify first, etc).
|