Chat with AI
Deck 4: The Role of People in Security
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/40
Play
Full screen (f)
Deck 4: The Role of People in Security
1
Hoaxes,while a potential nuisance,can not cause any real harm to your data.
False
2
Which of the following is NOT an example of a poor security practice?
A)The user does not follow established security policies or processes.
B)A result of a lack of security policies,procedures or training within the user's organization.
C)An employee does not allow a person he is talking to,to enter a secured area behind him before showing proper credentials.
D)An employee creates on good password and then uses it for all accounts.
A)The user does not follow established security policies or processes.
B)A result of a lack of security policies,procedures or training within the user's organization.
C)An employee does not allow a person he is talking to,to enter a secured area behind him before showing proper credentials.
D)An employee creates on good password and then uses it for all accounts.
C
3
An attacker watches people as they enter a building requiring a key card.He waits until he see someone who appears to be in a rush and has their hands full.He then intercepts the person,makes quick small talk,offers to help them hold what's in their hands while he swipes in,and follows behind.This is an example of
A)Spear phishing
B)Pharming
C)Piggybacking
D)Man trapping
A)Spear phishing
B)Pharming
C)Piggybacking
D)Man trapping
C
4
When creating a password,users tend to use
A)All capital letters
B)Passwords that are too long
C)Names of family,pets,or teams
D)Numbers only
A)All capital letters
B)Passwords that are too long
C)Names of family,pets,or teams
D)Numbers only
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
5
What are the security risks of installing games on an organization's system?
A)There are no significant risks.
B)Users can't always be sure where the software came from and it may have hidden software inside of it.
C)The users may play during work hours instead of during breaks.
D)The games may take up too much memory on the computer and slow down processing making it difficult to work.
A)There are no significant risks.
B)Users can't always be sure where the software came from and it may have hidden software inside of it.
C)The users may play during work hours instead of during breaks.
D)The games may take up too much memory on the computer and slow down processing making it difficult to work.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
6
Installing unauthorized hardware such as a communication software and modem
A)Is a common practice and does not affect the organization
B)May cause a security breach and allow an intruder to have access to an organization's system by opening up a backdoor
C)Boosts the system so downloading from the Internet will be faster
D)Saves the company from buying a license by using other software
A)Is a common practice and does not affect the organization
B)May cause a security breach and allow an intruder to have access to an organization's system by opening up a backdoor
C)Boosts the system so downloading from the Internet will be faster
D)Saves the company from buying a license by using other software
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
7
What is a good first step for companies to take to fight potential social engineering attacks?
A)Buy the latest virus protection software and install on the systems
B)Establish policies and procedures dictating the roles and responsibilities all users,as well as security administrators
C)Monitor all phone calls
D)Conduct background checks on all contractors,consultants,delivery persons,and partners that may have access to the facilities
A)Buy the latest virus protection software and install on the systems
B)Establish policies and procedures dictating the roles and responsibilities all users,as well as security administrators
C)Monitor all phone calls
D)Conduct background checks on all contractors,consultants,delivery persons,and partners that may have access to the facilities
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
8
Spear phishing is when an attacker attempts to redirect a user to a bogus web site that appears similar to the web site the user had intended to access.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
9
Attackers need a certain amount of information before launching their attack.One common place to find information is to go through the trash of the target to find information that could be useful to the attacker.This process of going through a target's trash is known in the community as
A)Trash rummaging
B)Garbage surfing
C)Piggy diving
D)Dumpster diving
A)Trash rummaging
B)Garbage surfing
C)Piggy diving
D)Dumpster diving
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
10
Social engineers attempt to convince authorized individuals to provide confidential information or access to an unauthorized individual.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
11
All of the following are characteristics of a strong password EXCEPT:
A)Contains numbers and letters
B)Contains at least eight characters
C)Contains an uncommon dictionary word
D)Contains special characters,i.e. ,*%$#@
A)Contains numbers and letters
B)Contains at least eight characters
C)Contains an uncommon dictionary word
D)Contains special characters,i.e. ,*%$#@
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
12
When an attacker attempts to get credit card numbers using telephone and voice technologies,it's called
A)Vishing
B)Telephishing
C)Phreaking
D)Voicing
A)Vishing
B)Telephishing
C)Phreaking
D)Voicing
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
13
The only means of social engineering is through direct contact between the target and the attacker.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following is the weakest password?
A)I@w3us1@!
B)P@ $$w0rd
C)C#as%t*1ng
D)H#e31L9pM3 Even though the password has eight characters,uppercase,lowercase,and special characters,it spells a common word and may be one of the words in a password cracking dictionary.
A)I@w3us1@!
B)P@ $$w0rd
C)C#as%t*1ng
D)H#e31L9pM3 Even though the password has eight characters,uppercase,lowercase,and special characters,it spells a common word and may be one of the words in a password cracking dictionary.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
15
Phishing is the most common form of social engineering attack related to computer security.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
16
All of the following are techniques used by a social engineer EXCEPT:
A)An attacker replaces a blank deposit slip in a bank lobby with one containing his own account number.
B)An attacker calls up the IT department posing as an employee and requests a password reset.
C)An attacker runs a brute force attack on a password.
D)An attacker sends a forged e-mail with a link to a bogus web site that has been set to obtain personal information.
A)An attacker replaces a blank deposit slip in a bank lobby with one containing his own account number.
B)An attacker calls up the IT department posing as an employee and requests a password reset.
C)An attacker runs a brute force attack on a password.
D)An attacker sends a forged e-mail with a link to a bogus web site that has been set to obtain personal information.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
17
Users on your network receive an e-mail warning them of a dangerous computer virus.It instructs the user to delete files it claims were put there by the virus,but they are actually critical system files.This is an example of
A)Social engineering
B)Reverse social engineering
C)A hoax
D)Phishing
A)Social engineering
B)Reverse social engineering
C)A hoax
D)Phishing
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
18
A person parks his car by an ATM,sets up a small camera discreetly pointed at ATM keypad,and then pretends to be going through bank papers in his car.This would be an example of
A)Piggybacking
B)Shoulder surfing
C)Phishing
D)Social engineering
A)Piggybacking
B)Shoulder surfing
C)Phishing
D)Social engineering
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
19
When and attacker tries to convince the target to initiate contact and then gets the target to give up confidential information,this is known as
A)Social engineering
B)Reverse social engineering
C)Piggybacking
D)Flim flam
A)Social engineering
B)Reverse social engineering
C)Piggybacking
D)Flim flam
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
20
Social engineers attempt to exploit the natural tendencies of people.They do this by
A)First trying to evoke sympathy;if this fails,then by fear of confrontation
B)First trying to evoke fear of confrontation and then by sympathy
C)First trying to guess passwords and then use a password cracker
D)First trying to evoke passion and then fear
A)First trying to evoke sympathy;if this fails,then by fear of confrontation
B)First trying to evoke fear of confrontation and then by sympathy
C)First trying to guess passwords and then use a password cracker
D)First trying to evoke passion and then fear
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
21
The process of convincing an authorized individual to provide confidential information or access to an unauthorized individual is known as _______________.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
22
_______________ is when an attacker attempts to redirect a user to a bogus web site that appears similar to the web site the user had intended to access.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
23
A good security practice is to choose one good password and use it for all of your various accounts.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
24
A(n)_______________ is an avenue that can be used to access a system while circumventing normal security mechanisms,and can often be used to install additional executable files.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
25
Give an example of a hoax and how it might actually be destructive.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
26
Your boss saw a TV show that mentioned the term "social engineering." He wants to know what it is and how it might be used against the company.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
27
_______________ is the simple tactic of following closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
28
One of the most effective tools for foiling the efforts of a social engineering attack is an active security awareness program.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
29
Write a password policy that your company will have to follow to ensure strong passwords.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
30
The process of going through a target's trash in hopes of finding valuable information that might be used in a penetration attempt is known as _______________.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
31
_______________ is when an e-mail trying to get sensitive information is sent to a group that has something in common,making the attack seem more personal.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
32
Your boss wants you to give him some suggestions for a policy stating what the individual user responsibilities for information security should be.Create a bulleted list of those responsibilities.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
33
An attacker posts a flier offering services to clean computers of a virus that is sweeping the Internet,speeding them up as a result.A person concerned that he may have the virus because his computer was running slow,calls the attacker,asking for help.This is an example of ___________________.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
34
Shoulder surfing is when a person looks over the shoulder of another person while typing pins or passwords.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
35
Leaving sensitive information in a car is appropriate if the doors are locked and the files are not in plain view.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
36
When an attacker attempts to get sensitive information from a target using voice communication technology,it is called _______________.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
37
What are the dangers of non-employees having physical access? Give examples.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
38
Dumpster diving is when a hacker gains access to a computer and tries to recover files from the recycle bin in the hopes of finding privileged information.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
39
_______________ is a type of social engineering in which the attacker attempts to obtain sensitive information from a user by masquerading as a trusted entity in an e-mail or instant message sent to a large group of (often)random users.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
40
When an attacker tries to position himself behind a user so that he can see what keys are being typed or what information is on the screen is called _______________
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
