Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
15 Cards in this Set
- Front
- Back
What is the primary countermeasure to social engineering |
Awareness |
|
... Prevent social engineering attacks? |
Publish and enforce clearly written security policies and educate employees on the risk and countermeasures |
|
Which of the phone is for my contact at tricks victims into the providing confidential information such as identity information or login credentials through emails or websites that impersonate and online entity that the victim because such as in the financial institution or well-known e-commerce site |
Phishing |
|
MATCH SOCIAL ENGINEERING WITH ATTACK |
|
|
Which of the following is common form of social engineering attack |
Host virus information emails |
|
You have just received a generic looking email that is addressed as coming from the Ministry of your company email says that as part of the system upgrade your going to website and enter your username and password at a new website so you can manage your email in spam using the new service what should you do |
Verified that the email was sent by the administrator and that this new service is legitimate |
|
Dumpster diving its a low-tech mean to gathering information update be useful in gaining authorized access brother started. In for more advanced attacks How can a company reduce the risk associated with dumpster diving? |
Establish an important document destruction policy |
|
What is the primary difference between inpersonation and |
when is more active and one is more passive |
|
Which of the following social engineering attacks to use voice over IP VoIP to gain sensitive information |
VISHING |
|
A senior executive report that she received a suspicious email pattern is sensitive internal project that is behind production email is sent from someone she doesn't know and he is asking for immediate clarification on several of the project details so the project can get back on schedule which type of attack best describes this scenario |
Whaling |
|
The reception received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information The individual is engaged in which type of social engineering attack? |
Authority |
|
By definition which type of social engineering attack uses a fictitious scenario to persuade someone to give information for which they are not authorized |
Pretexting |
|
Which type of social engineering attack uses peer pressure to persuade someone to help an attacker |
Social validation |
|
You've just received the email message indicates a new series malicious code is ravaging across the internet the message contains detailed information about the threat its source code in the Damaja can inflict the message states that you can easily detect whether or not you have already been a victim of the strike by the presence of three files in the / Windows / system32 folder ///////////As a countermeasure the messages just now you delete these three files from your system to prevent further spread of the threat????? what should your first action based on this message be????? |
Verify the information on well known malicious code threat management web sites |
|
Dictionary attacks are often more successful one before and after what reconnaissance action? |
Social engineering |