SECURITY+ SY0-601 STUDY SET From Mike Myer's B
SECURITY+ SY0-601 STUDY SET from Mike Myer's B
Exam (elaborations)
SECURITY+ SY0-601 STUDY SET from Mike Myer's Book
5 views 0 purchase
Course
SECURITY+ SY0-601 STUDY SET from Mike Myer's B
Institution
SECURITY+ SY0-601 STUDY SET From Mike Myer's B
__________________ is defined as using and manipulating human behavior to obtain a
required result.
It typically involves NON-TECHNICAL methods of attempting to gain unauthorized
access to a system or network. Correct answer- Social engineering
Through social engineering, an attacker might easi...
security sy0 601 study set from mike myeramp39s book
is defined as using and manipulating human behavior to obtain a required result it typically involves non technical methods
Written for
SECURITY+ SY0-601 STUDY SET from Mike Myer's B
All documents for this subject (2)
Seller
Follow
EvaTee
Reviews received
Content preview
SECURITY+ SY0-601 STUDY SET from
Mike Myer's Book
__________________ is defined as using and manipulating human behavior to obtain a
required result.
It typically involves NON-TECHNICAL methods of attempting to gain unauthorized
access to a system or network. Correct answer- Social engineering
Through social engineering, an attacker might easily lead a user to reveal her account
password or to provide personal information that might reveal her password, a
technique known as ____________________. Correct answer- eliciting information
________________________ is when a social engineer calls a helpdesk operator, who
claims to be a high-level user, and demands that the operator reset the user's password
immediately so that the user can complete an important task. Correct answer-
Impersonation
_______________ is a technique in which a social engineer creates a story, or pretext,
that employs one or more of these principles to motivate victims to act contrary to their
better instincts or training. Correct answer- Pretexting
A __________________ scam is a social engineering technique that targets a large
group of recipients with a generic message that attempts to trick them into either visiting
a website and entering confidential personal information, responding to a text or SMS
message (known as ___________), or replying to an e-mail with private information,
often a username and password, or banking or credit card details. Correct answer-
phishing / smishing
_____________________ is a targeted type of phishing attack that includes information
familiar to the user and appears to be from a trusted source such as a company such as
a financial service that the user has used previously, a social media site such as
LinkedIn, or even a specific trusted user. Correct answer- Spear phishing
_________________ are important tools to protect against phishing attacks. Users
must be aware that financial institutions will never ask for bank account numbers and
credit card details in an e-mail to a user. Correct answer- User education and
awareness training
______________ is a type of phishing attack that is targeted at a specific high-level
user, such as an executive. Correct answer- Whaling
,________________ is when an unauthorized person casually glances over the shoulder
of an employee as she returns to her desk and enters her username and password into
the computer. Correct answer- Shoulder surfing
_____________________ is one of the simpler forms of social engineering and
describes gaining physical access to an access-controlled facility or room by closely
following an authorized person through the security checkpoint. Correct answer-
Tailgating
_____________ is a social engineering technique that misdirects a user to an attacker's
website without the user's knowledge, usually by manipulating the Domain Name
Service (DNS) on an affected server or the hosts file on a user's system.
While much like phishing, where a user may click a link in a seemingly legitimate e mail
message that takes him to an attacker's website, pharming differs in that it installs code
on the user's computer that sends them to the malicious site, even if the URL is entered
correctly or chosen from a web browser bookmark. Correct answer- Pharming
__________ is instant messaging spam, and much like the more common e-mail spam,
it occurs when a user receives an unsolicited instant message from another user,
including users who are known and in the user's contact list. Correct answer- SPIM
(spam over instant messaging)
_______________ is a type of phishing attack that takes place over phone systems,
most commonly over VoIP (Voice over IP) lines. Correct answer- Vishing
A _________ is typically some kind of urban legend or sensational false news that
users pass on to others via e-mail because they feel it is of interest.
While mostly harmless, some are phishing attempts that try to get the user to visit a link
in the e-mail message that redirects to a malicious website. The only cure is user
education as to avoid spreading these types of messages to other users. Correct
answer- hoax
As part of corporate espionage, some companies hire private investigators to examine
garbage dumpsters of a target company, and these investigators try to discover any
proprietary and confidential information. This is called __________________. Correct
answer- Dumpster diving
You have been contacted by your company's CEO after she received a personalized
but suspicious e-mail message from the company's bank asking for detailed personal
and financial information. After reviewing the message, you determine that it did not
originate from the legitimate bank.
Which of the following security issues does this scenario describe?
,A. Dumpster diving
B. Phishing
C. Whaling
D. Vishing Correct answer- C
During your user awareness training, which of the following actions would you advise
users to take as the best security practice to help prevent malware installation from
phishing messages?
A. Forward suspicious messages to other users
B. Do not click links in suspicious messages
C. Check e-mail headers
D. Reply to a message to check its legitimacy Correct answer- B
Negative company financial information was carelessly thrown in the trash bin without
being shredded, and a malicious insider retrieved it and posted it on the Internet, driving
the stock price down.
The CEO wants to know what happened—what was the attack?
A. Smishing
B. Dumpster diving
C. Prepending
D. Identity fraud Correct answer- B
Max, a security administrator, just received a phone call to change the password for a
user in the HR department. The user did not provide verification of their identity and
insisted that they needed the password changed immediately to complete a critical task.
What principle of effective social engineering is being used?
A. Trust
B. Consensus
C. Intimidation
D. Urgency Correct answer- D
A _______ is a malicious computer program that requires user intervention (such as
clicking it or copying it to media or a host) within the affected system, even if the virus
program does not harm the system.
They self-replicate without the knowledge of the computer user. Correct answer- virus
_____________ infect the boot sector or partition table of a disk which is used by the
computer to determine which operating systems (OSs) are present on the system to
boot. Correct answer- Boot sector viruses
, A _______________ disguises itself as a legitimate program, using the name of a
legitimate program but with a different extension. For example, a virus might be named
program.com to emulate a file called program.exe. Correct answer- companion virus
A ___________ uses the internal workings of Microsoft Word and Excel to perform
malicious operations when a file containing the virus is opened, such as deleting files or
opening other virus-executable programs. Correct answer- macro virus
A _________ hides from antivirus software by encrypting its code. They attempt to
cover their trail as they infect their way through a computer. Correct answer- stealth
virus
______________ are designed to make detection and reverse engineering difficult and
time consuming, either through obfuscation or through substantial amounts of confusing
code to hide the actual virus code itself.
*While armored viruses are often quite good at what they are designed to do, they are
significantly larger than necessary, which makes their presence easier to detect. Correct
answer- Armored viruses
_______________ changes with each infection. These types of viruses were created to
confuse virus-scanning programs. Correct answer- Polymorphic malware
__________________ log a user's keystrokes for various purposes, either via hardware
or software means. Correct answer- Keyloggers
A ____________ hides on your computer system until called upon to perform a certain
task.
They are usually downloaded through e-mail attachments, websites, and instant
messages. They are usually disguised as popular programs such as games, pictures, or
music. Correct answer- Trojan horse program
A _________________ installs a backdoor that bypasses all authentication controls and
allows the attacker continuous access to the client computer. Correct answer- remote
access Trojan (RAT)
A ____________ does not activate until a specific event, such as reaching a specific
date or starting a program a specific number of times, is triggered. Correct answer- logic
bomb program
A ___________ is a self-contained program (or set of programs) that can self-replicate
and spread full copies or smaller segments of itself to other computer systems via
network connections, e-mail attachments, and instant messages.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller EvaTee. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.