Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
13 Cards in this Set
- Front
- Back
What is:
Shoulder Surfing |
A form of social engineering, it involves watching someone "over their
shoulder" when they enter sensitive data. |
|
What is:
Dumpster Diving |
A common physical access method , it involves looking for sensitive material
that was thrown out. |
|
What is:
Tailgating |
A favorite method of gaining entry to a locked area by following someone through
the door they just unlocked. |
|
What is:
Impersonation |
A method of social engineering that involves any act of pretending to be
someone you are not. |
|
What are:
Hoaxes |
A phony threat, a humorous or malicious deception.
|
|
What is:
Whaling |
A type of social engineering that is no more than phishing or spear phishing for big
users. |
|
What are:
The 7 Principles Behind Social Engineering |
Authority
Intimidation Consensus/Social Proof Scarcity Urgency Familiarity/Liking Trust |
|
What is a:
Deterrent Control |
Anything intended to warn a would–be attacker that they should not attack.
This could be a posted warning notice, locks on doors, barricades, lighting, or anything that can delay or discourage an attack. |
|
What is a:
Preventive Control |
A control that stops something from happening such as locked doors, user
training on potential harm, or even biometric devices and guards that can deny access. |
|
What is
a: Detective Control |
A control that is used to uncover a violation such as an alarm, a file
checksum, or antivirus. |
|
What is a:
Compensating Control |
Backup controls that come into play only when other controls have
failed such as an alarm that sounds when a door is jimmied or a backup generator. |
|
What is a:
Technical Control |
Controls that are implemented through technology, such as IDS, IPS,
firewalls, etc. |
|
What is a:
Administrative Control |
A control that comes down through policies, procedures, and guidelines
such as an escalation procedure to be used in the event of a break–in (who to notify first, etc). |