9 Questions
Which social-engineering technique involves sending fraudulent SMS messages to trick users?
Smishing
What is the recommended approach for deploying application patches?
Apply the patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems
Which RAID level is designed to achieve parity and handle two simultaneous disk failures?
RAID 5
Why might a server administrator place a file named password.txt on the desktop of an administrator account?
The document is a honeyfile meant to attract cyberintruders' attention
What is the document described as in the text?
A standard file for OS login verification
What did the security assessment identify regarding DES and 3DES on production servers?
Weak encryption
What is the likely cause of access issues at the datacenter according to the text?
Cross-over error rate
What would work BEST to help identify potential vulnerabilities on the hosted web servers?
Nmp comptia, org –p 80 –aV
What is the MOST likely occurrence based on the IP address discrepancies in the text?
An SSL strip MITM attack was performed
Study Notes
Social Engineering Techniques
- Smishing is a type of social-engineering technique that involves sending fraudulent SMS messages to trick victims into divulging sensitive information.
Patch Deployment
- The best approach for deploying application patches is to apply them to systems in a testing environment, then to systems in a staging environment, and finally to production systems.
RAID Levels
- RAID 5 is a RAID level that achieves parity and can handle two simultaneous disk failures.
Honeyfiles
- A honeyfile is a document or file that is intentionally placed in a conspicuous location to attract the attention of a cyberintruder, such as a file named "password.txt" on a server.
Weak Encryption
- DES and 3DES are examples of weak encryption protocols that should not be used on production servers.
Biometric Errors
- False rejection and cross-over error rate are types of errors that can occur with biometric authentication systems, such as fingerprint scanners.
Vulnerability Identification
- Nmap is a tool that can be used to identify potential vulnerabilities by scanning for open ports and services on a network.
DNS Spoofing
- DNS spoofing is a type of attack where an attacker temporarily pawns a name server to redirect users to a fraudulent website instead of the legitimate one.
Vulnerable Code Inclusion
- Unsecure protocols and the use of penetration-testing utilities are two likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases.
Test your knowledge on social engineering techniques used in a recent SMS incident and the best approach for deploying application patches. Questions cover SPIM, Vishing, Spear phishing, Smishing, and patch deployment strategies.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
