SECURITY+ SY0-601 STUDY SET from
Mike Myer's Book
__________________ is defined as using and manipulating human behavior to obtain a
required result.
It typically involves NON-TECHNICAL methods of
attempting to gain unauthorized access to a system or
network. Correct answer- Social engineering
Through social engineering, an attacker might easily lead
a user to reveal her account password or to provide
personal information that might reveal her password, a
technique known as ____________________. Correct answer-
eliciting information
________________________ is when a social engineer calls a
helpdesk operator, who claims to be a high-level user,
and demands that the operator reset the user's password
immediately so that the user can complete an important
task. Correct answer- Impersonation
_______________ is a technique in which a social engineer
creates a story, or pretext, that employs one or more of
these principles to motivate victims to act contrary to
their better instincts or training. Correct answer-
Pretexting
A __________________ scam is a social engineering
technique that targets a large group of recipients with a
generic message that attempts to trick them into either
visiting a website and entering confidential personal
,information, responding to a text or SMS message (known
as ___________), or replying to an e-mail with private
information, often a username and password, or banking
or credit card details. Correct answer- phishing / smishing
_____________________ is a targeted type of phishing attack
that includes information familiar to the user and appears
to be from a trusted source such as a company such as a
financial service that the user has used previously, a
social media site such as LinkedIn, or even a specific
trusted user. Correct answer- Spear phishing
_________________ are important tools to protect against
phishing attacks. Users must be aware that financial
institutions will never ask for bank account numbers and
credit card details in an e-mail to a user. Correct answer-
User education and awareness training
______________ is a type of phishing attack that is targeted
at a specific high-level user, such as an executive.
Correct answer- Whaling
________________ is when an unauthorized person casually
glances over the shoulder of an employee as she returns
to her desk and enters her username and password into
the computer. Correct answer- Shoulder surfing
_____________________ is one of the simpler forms of social
engineering and describes gaining physical access to an
access-controlled facility or room by closely following an
authorized person through the security checkpoint.
Correct answer- Tailgating
,_____________ is a social engineering technique that
misdirects a user to an attacker's website without the
user's knowledge, usually by manipulating the Domain
Name Service (DNS) on an affected server or the hosts
file on a user's system.
While much like phishing, where a user may click a link in
a seemingly legitimate e mail message that takes him to
an attacker's website, pharming differs in that it installs
code on the user's computer that sends them to the
malicious site, even if the URL is entered correctly or
chosen from a web browser bookmark. Correct answer-
Pharming
__________ is instant messaging spam, and much like the
more common e-mail spam, it occurs when a user
receives an unsolicited instant message from another
user, including users who are known and in the user's
contact list. Correct answer- SPIM (spam over instant
messaging)
_______________ is a type of phishing attack that takes
place over phone systems, most commonly over VoIP
(Voice over IP) lines. Correct answer- Vishing
A _________ is typically some kind of urban legend or
sensational false news that users pass on to others via e-
mail because they feel it is of interest.
While mostly harmless, some are phishing attempts that
try to get the user to visit a link in the e-mail message
that redirects to a malicious website. The only cure is
user education as to avoid spreading these types of
messages to other users. Correct answer- hoax
, As part of corporate espionage, some companies hire
private investigators to examine garbage dumpsters of a
target company, and these investigators try to discover
any proprietary and confidential information. This is
called __________________. Correct answer- Dumpster
diving
You have been contacted by your company's CEO after
she received a personalized but suspicious e-mail
message from the company's bank asking for detailed
personal and financial information. After reviewing the
message, you determine that it did not originate from the
legitimate bank.
Which of the following security issues does this scenario
describe?
A. Dumpster diving
B. Phishing
C. Whaling
D. Vishing Correct answer- C
During your user awareness training, which of the
following actions would you advise users to take as the
best security practice to help prevent malware
installation from phishing messages?
A. Forward suspicious messages to other users
B. Do not click links in suspicious messages
C. Check e-mail headers
D. Reply to a message to check its legitimacy Correct
answer- B
Mike Myer's Book
__________________ is defined as using and manipulating human behavior to obtain a
required result.
It typically involves NON-TECHNICAL methods of
attempting to gain unauthorized access to a system or
network. Correct answer- Social engineering
Through social engineering, an attacker might easily lead
a user to reveal her account password or to provide
personal information that might reveal her password, a
technique known as ____________________. Correct answer-
eliciting information
________________________ is when a social engineer calls a
helpdesk operator, who claims to be a high-level user,
and demands that the operator reset the user's password
immediately so that the user can complete an important
task. Correct answer- Impersonation
_______________ is a technique in which a social engineer
creates a story, or pretext, that employs one or more of
these principles to motivate victims to act contrary to
their better instincts or training. Correct answer-
Pretexting
A __________________ scam is a social engineering
technique that targets a large group of recipients with a
generic message that attempts to trick them into either
visiting a website and entering confidential personal
,information, responding to a text or SMS message (known
as ___________), or replying to an e-mail with private
information, often a username and password, or banking
or credit card details. Correct answer- phishing / smishing
_____________________ is a targeted type of phishing attack
that includes information familiar to the user and appears
to be from a trusted source such as a company such as a
financial service that the user has used previously, a
social media site such as LinkedIn, or even a specific
trusted user. Correct answer- Spear phishing
_________________ are important tools to protect against
phishing attacks. Users must be aware that financial
institutions will never ask for bank account numbers and
credit card details in an e-mail to a user. Correct answer-
User education and awareness training
______________ is a type of phishing attack that is targeted
at a specific high-level user, such as an executive.
Correct answer- Whaling
________________ is when an unauthorized person casually
glances over the shoulder of an employee as she returns
to her desk and enters her username and password into
the computer. Correct answer- Shoulder surfing
_____________________ is one of the simpler forms of social
engineering and describes gaining physical access to an
access-controlled facility or room by closely following an
authorized person through the security checkpoint.
Correct answer- Tailgating
,_____________ is a social engineering technique that
misdirects a user to an attacker's website without the
user's knowledge, usually by manipulating the Domain
Name Service (DNS) on an affected server or the hosts
file on a user's system.
While much like phishing, where a user may click a link in
a seemingly legitimate e mail message that takes him to
an attacker's website, pharming differs in that it installs
code on the user's computer that sends them to the
malicious site, even if the URL is entered correctly or
chosen from a web browser bookmark. Correct answer-
Pharming
__________ is instant messaging spam, and much like the
more common e-mail spam, it occurs when a user
receives an unsolicited instant message from another
user, including users who are known and in the user's
contact list. Correct answer- SPIM (spam over instant
messaging)
_______________ is a type of phishing attack that takes
place over phone systems, most commonly over VoIP
(Voice over IP) lines. Correct answer- Vishing
A _________ is typically some kind of urban legend or
sensational false news that users pass on to others via e-
mail because they feel it is of interest.
While mostly harmless, some are phishing attempts that
try to get the user to visit a link in the e-mail message
that redirects to a malicious website. The only cure is
user education as to avoid spreading these types of
messages to other users. Correct answer- hoax
, As part of corporate espionage, some companies hire
private investigators to examine garbage dumpsters of a
target company, and these investigators try to discover
any proprietary and confidential information. This is
called __________________. Correct answer- Dumpster
diving
You have been contacted by your company's CEO after
she received a personalized but suspicious e-mail
message from the company's bank asking for detailed
personal and financial information. After reviewing the
message, you determine that it did not originate from the
legitimate bank.
Which of the following security issues does this scenario
describe?
A. Dumpster diving
B. Phishing
C. Whaling
D. Vishing Correct answer- C
During your user awareness training, which of the
following actions would you advise users to take as the
best security practice to help prevent malware
installation from phishing messages?
A. Forward suspicious messages to other users
B. Do not click links in suspicious messages
C. Check e-mail headers
D. Reply to a message to check its legitimacy Correct
answer- B
