Podcast
Questions and Answers
What type of person might have restricted access to grounds, network, or system?
What type of person might have restricted access to grounds, network, or system?
- IT manager
- System administrator
- Service technician, pizza delivery driver, or security guard (correct)
- Authorized personnel
What is the primary goal of dumpster diving?
What is the primary goal of dumpster diving?
- To find medical records, resumes, and personal information (correct)
- To recycle paper and reduce waste
- To find valuable items to sell
- To improve security measures
What is the main purpose of shoulder surfing?
What is the main purpose of shoulder surfing?
- To observe people's behaviors
- To provide technical support
- To steal sensitive data by watching over the shoulder (correct)
- To improve network security
What is the main difference between phishing attacks and baiting?
What is the main difference between phishing attacks and baiting?
How often should users receive social engineering attack training?
How often should users receive social engineering attack training?
Why should users avoid opening emails in the spam folder?
Why should users avoid opening emails in the spam folder?
What is the goal of malicious emails with password-protected archives?
What is the goal of malicious emails with password-protected archives?
What is the weakest link in social engineering attacks?
What is the weakest link in social engineering attacks?
What is the purpose of training users about social engineering attacks?
What is the purpose of training users about social engineering attacks?
What is the goal of baiters who offer free music or movie downloads?
What is the goal of baiters who offer free music or movie downloads?
Flashcards are hidden until you start studying
Study Notes
Privilege Escalation
- Begins by stealing one user's account, then attempting to gain elevated access to other resources
- Can use transitive attacks to gain additional access, exploiting permissions on one system to access another
- Insider threats, such as members of an organization's staff, can also use privilege escalation attacks
Zero-Day Attacks
- Occur before a vulnerability is announced or fixed
- No patch is available for a zero-day exploit when it occurs
- Can quickly compromise hundreds or thousands of systems
- Examples of zero-day libraries include the Zero-Day Vulnerability Database (zero-day.cz)
Identifying Types of Cyber Attacks
- Types of cyber attacks include:
- Client-side Attacks
- Web Attacks
- Network Attacks
- Wireless Attacks
- Social Engineering Attacks
Web Attacks
- Common attacks include:
- Cross-Site Scripting (XSS)
- SQL Injection
- XSS exploits web application vulnerabilities, injecting scripts into webpages served to visitors
- SQL Injection is a common attack against web applications, injecting Structured Query Language (SQL) instructions into an application's input
Network Attacks
- Attacks that occur on the network during transmission of data
- Types of attacks include:
- Spoofing
- Packet Sniffing
- Man-in-the-middle (MITM)
- Denial of Service Attacks
Spoofing
- Providing false information on a network, such as email spoofing
- Can be used to gain restricted access to a system or network
Social Engineering
- Includes attacks such as:
- Dumpster Diving (looking for sensitive information in trash)
- Shoulder Surfing (watching someone enter sensitive data)
- Baiting (offering free items or goods in exchange for login credentials)
Dealing with Social Engineering Attacks
- Do not open emails from unknown sources or attachments from unknown origin
- Train humans to be aware of the latest attacks through bi-annual training sessions
- Recognize and avoid malicious emails with password-protected archives
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
