Security Blue Team Level 1 Exam Questions with
Correct Answers Pass the Exam, 100% Verified
() Graded A+
Save
Terms in this set (98)
Reconnaissance emails (recon used to check if the destination mailbox is in use so
emails) that it can be targeted in future phishing attack
can be spam, social engineering or tracking pixels
Credential Harvesters most common phishing emails
targeting human weaknesses to attempt to retrieve
valid credentials
email will tell the recipient to click a button or URL,
where they will typically be presented with a real-
looking login portal
Social Engineering the practice of exploiting a human as opposed to a
system
malicious actors can convince employees that they
are someone they know, or even someone in a
higher position that has more power than them
,Smishing kind of phishing attack, where the attack vector is
through a text message or SMS
best way to defend is user security awareness
training and education
Vishing kind of phishing attack, where the attack vector is
through a phone call
best way to defend is user security awareness
training and education
Whaling highly-targeted phishing attack that looks to target
individuals within management positions in an
organization
best way to defend is implementing DLP, marking
external emails, train individuals to detect phishing
emails
Malicious Attachments malicious actors will send you Microsoft Office
documents to bypass email scanners and to seem
less suspicious
include malicious macros, series of command and
instructions, that download malware to the system
Hosted Malware method of hosting malware on websites and
convincing users to click on a hyperlink, download
a file, and then run it
actor can create a malicious domain or
compromise a legitimate site then host the malware
, Spam Emails messages that are unsolicited, unwanted, or
unexpected but are not necessarily malicious in
nature
should not be confused with malicious spam emails
False Positives messages that have not been sent by a malicious
actor and are instead legitimate emails that have
been incorrectly reported as malicious
Spear Phishing when a malicious actor spends time before the
phishing attack to gather information about their
specific target
makes it more convincing, increases the chances of
the recipient clicking on the email and entering
their credentials, or opening an attachment
Impersonation used by malicious actors to trick their target into
thinking they are someone they know
makes them more likely to open and interact with a
phishing email
Typosquatting the act of impersonating a brand or domain name
by misspelling it, such as missing letters or
including additional ones
Correct Answers Pass the Exam, 100% Verified
() Graded A+
Save
Terms in this set (98)
Reconnaissance emails (recon used to check if the destination mailbox is in use so
emails) that it can be targeted in future phishing attack
can be spam, social engineering or tracking pixels
Credential Harvesters most common phishing emails
targeting human weaknesses to attempt to retrieve
valid credentials
email will tell the recipient to click a button or URL,
where they will typically be presented with a real-
looking login portal
Social Engineering the practice of exploiting a human as opposed to a
system
malicious actors can convince employees that they
are someone they know, or even someone in a
higher position that has more power than them
,Smishing kind of phishing attack, where the attack vector is
through a text message or SMS
best way to defend is user security awareness
training and education
Vishing kind of phishing attack, where the attack vector is
through a phone call
best way to defend is user security awareness
training and education
Whaling highly-targeted phishing attack that looks to target
individuals within management positions in an
organization
best way to defend is implementing DLP, marking
external emails, train individuals to detect phishing
emails
Malicious Attachments malicious actors will send you Microsoft Office
documents to bypass email scanners and to seem
less suspicious
include malicious macros, series of command and
instructions, that download malware to the system
Hosted Malware method of hosting malware on websites and
convincing users to click on a hyperlink, download
a file, and then run it
actor can create a malicious domain or
compromise a legitimate site then host the malware
, Spam Emails messages that are unsolicited, unwanted, or
unexpected but are not necessarily malicious in
nature
should not be confused with malicious spam emails
False Positives messages that have not been sent by a malicious
actor and are instead legitimate emails that have
been incorrectly reported as malicious
Spear Phishing when a malicious actor spends time before the
phishing attack to gather information about their
specific target
makes it more convincing, increases the chances of
the recipient clicking on the email and entering
their credentials, or opening an attachment
Impersonation used by malicious actors to trick their target into
thinking they are someone they know
makes them more likely to open and interact with a
phishing email
Typosquatting the act of impersonating a brand or domain name
by misspelling it, such as missing letters or
including additional ones
