Security+ 601
Phishing - Answer fraudulent attempt to obtain sensitive information or data, by
disguising oneself as a trustworthy entity in an electronic communication.
Smishing - Answer When someone tries to trick you into giving them your private
information via a text or SMS message.
Vishing - Answer Using social engineering over the telephone system to gain access to
private personal and financial information for the purpose of financial reward
Spam - Answer irrelevant or unsolicited messages sent to a large number of Internet
users, for illegitimate advertising, and other activities such as phishing, and spreading
malware
SPIM - Answer Spam delivered through instant messaging (IM) instead of through e-
mail messaging
Spear Phishing - Answer the act of sending emails to specific and well-researched
targets while pretending to be a trusted sender
Dumpster Diving - Answer exploration of a system's trash bin for the purpose of finding
details in order for a hacker to have a successful online assault.
Shoulder Surfing - Answer When someone watches over your shoulder to nab valuable
information as you key it into an electronic device.
Pharming - Answer cyberattack intended to redirect a website's traffic to another, fake
site.
Tailgating - Answer Social engineering attempt by cyber threat actors in which they trick
employees into helping them gain unauthorized access into the company premises.
Eliciting Information - Answer Procedures or techniques involving interacting with and
communicating with others that is designed to gather knowledge or inform
Whaling - Answer Spear phishing that focuses on one specific high level executive or
influencer
Prepending - Answer Prepend is a word that means to attach content as a prefix. For
example, a prepend command could be used in a scripting language that a programmer
would enter into a certain function or code module. It would add certain characters of
text to the beginning of some variable or object.
,Identity Fraud - Answer identity fraud is the use of stolen information such as making
fake ID's and fake bank accounts
Invoice Scams - Answer using fraudulent invoices to steal from a company
Credential Harvesting - Answer the use of MITM attacks, DNS poisoning, phishing, etc.
to amass large numbers of credentials (username / password combinations) for reuse.
Reconnaissance - Answer - Information gathering about a target network
Hoax - Answer Cyber hoax scams are attacks that exploit unsuspecting users to provide
valuable information, such as login credentials or money.
Impersonation - Answer typically involves an email that seems to come from a trusted
source.
Watering hole attack - Answer security exploit in which the attacker seeks to
compromise a specific group of end users by infecting websites that members of the
group are known to visit. The goal is to infect a targeted user's computer and gain
access to the network at the target's place of employment.
Typo squatting - Answer type of cybersquatting used by imposters that involve
registering domains with intentionally misspelled names of popular web addresses to
install malware on the user's system
Pretexting - Answer the practice of presenting oneself as someone else in order to
obtain private information.
Influence campaigns - Answer
Hybrid warfare - Answer - Combining conventional warfare with cyberwarfare
Social Media Campaign - Answer Planned, coordinated marketing efforts using one or
more social media platforms.
Principles: - Answer Authority: an attacker may try to appear to have a certain level
authority.
Intimidation: may try to make the victim think that something terrible is going to happen
if they don't comply with the attacker's wishes. - Answer
Consensus: An attacker may try to sway the mind of a victim using names they are
familiar with, saying that such ones provided them information (they are fishing for) in
the past and you should be able to do the same. - Answer
,Scarcity: An attacker may try to set a time limit on a victim so that they can comply with
their wishes by a certain deadline. - Answer
Familiarity: they make you familiar with them on the phone and make you want to do
things for them. - Answer
Trust: The attacker in this case can claim to be a friend or close associate of someone
you may know very well and that's trusted. - Answer
Urgency: When attackers want you to act and not think, they want you to do what they
want as quickly as possible so that there's no time to spot all the red flags. - Answer
Malware - Answer a program or file designed to be disruptive, invasive and harmful to
your computer.
Ransomware - Answer Software that encrypts programs and data until a ransom is paid
to remove it.
Worms - Answer Independent computer programs that copy themselves from one
computer to other computers over a network
potentially unwanted program (PUP) - Answer program that installs itself on a computer,
typically without the user's informed consent
Fileless virus - Answer Software that uses legitimate programs to infect a computer. It
does not rely on files and leaves no footprint, making it challenging to detect and
remove.
command and control - Answer A computer controlled by an attacker or cybercriminal
which is used to send commands to systems compromised by malware and receive
stolen data from a target network
Bots - Answer self-propagating malware that infects its host and connects back to a
central server(s).
Cryptomalware - Answer Malware to remain in place for as long as possible, quietly
mining in the background.
logic bomb - Answer A computer program or part of a program that lies dormant until it
is triggered by a specific logical event.
Spyware - Answer Type of malware that infects your PC or mobile device and gathers
information about you, including the sites you visit, the things you download, your
usernames and passwords, payment information, and the emails you send and receive.
, Keyloggers - Answer software that tracks or logs the keys struck on your keyboard,
typically in a covert manner so that you don't know that your actions are being
monitored.
Remote Access Trojan - Answer type of malware that allows covert surveillance, a
backdoor for administrative control and unfettered and unauthorized remote access to a
victim's machine.
Rootkit - Answer software program, typically malicious, that provides privileged, root-
level (i.e., administrative) access to a computer while concealing its presence on that
machine
Backdoor - Answer refers to any method by which authorized and unauthorized users
are able to get around normal security measures and gain high level user access (aka
root access) on a computer system, network, or software application.
Password Attack - Answer Any type of attack in which the attacker
attempts to obtain and make use of passwords illegitimately. - Answer
Spraying password attack - Answer
Dictionary password attack - Answer An attack method that takes all the words from a
dictionary file and attempts to log on by entering each dictionary entry as a password.
brute force password attack (offline and online) - Answer an attempt to guess a
password by attempting every possible combination of characters and numbers in it
Rainbow Tables - Answer an attack on a password that uses a large pregenerated data
set of hashes from nearly every possible password
Plaintext/unencrypted password attack - Answer
Malicious universal serial bus (USB) cable - Answer
Malicious flash drive - Answer
Card cloning - Answer
Skimming - Answer
Adversarial artificial intelligence (AI) - Answer 1. Tainted training for machine learning
(ML)
2. Security of machine learning algorithms - Answer
Phishing - Answer fraudulent attempt to obtain sensitive information or data, by
disguising oneself as a trustworthy entity in an electronic communication.
Smishing - Answer When someone tries to trick you into giving them your private
information via a text or SMS message.
Vishing - Answer Using social engineering over the telephone system to gain access to
private personal and financial information for the purpose of financial reward
Spam - Answer irrelevant or unsolicited messages sent to a large number of Internet
users, for illegitimate advertising, and other activities such as phishing, and spreading
malware
SPIM - Answer Spam delivered through instant messaging (IM) instead of through e-
mail messaging
Spear Phishing - Answer the act of sending emails to specific and well-researched
targets while pretending to be a trusted sender
Dumpster Diving - Answer exploration of a system's trash bin for the purpose of finding
details in order for a hacker to have a successful online assault.
Shoulder Surfing - Answer When someone watches over your shoulder to nab valuable
information as you key it into an electronic device.
Pharming - Answer cyberattack intended to redirect a website's traffic to another, fake
site.
Tailgating - Answer Social engineering attempt by cyber threat actors in which they trick
employees into helping them gain unauthorized access into the company premises.
Eliciting Information - Answer Procedures or techniques involving interacting with and
communicating with others that is designed to gather knowledge or inform
Whaling - Answer Spear phishing that focuses on one specific high level executive or
influencer
Prepending - Answer Prepend is a word that means to attach content as a prefix. For
example, a prepend command could be used in a scripting language that a programmer
would enter into a certain function or code module. It would add certain characters of
text to the beginning of some variable or object.
,Identity Fraud - Answer identity fraud is the use of stolen information such as making
fake ID's and fake bank accounts
Invoice Scams - Answer using fraudulent invoices to steal from a company
Credential Harvesting - Answer the use of MITM attacks, DNS poisoning, phishing, etc.
to amass large numbers of credentials (username / password combinations) for reuse.
Reconnaissance - Answer - Information gathering about a target network
Hoax - Answer Cyber hoax scams are attacks that exploit unsuspecting users to provide
valuable information, such as login credentials or money.
Impersonation - Answer typically involves an email that seems to come from a trusted
source.
Watering hole attack - Answer security exploit in which the attacker seeks to
compromise a specific group of end users by infecting websites that members of the
group are known to visit. The goal is to infect a targeted user's computer and gain
access to the network at the target's place of employment.
Typo squatting - Answer type of cybersquatting used by imposters that involve
registering domains with intentionally misspelled names of popular web addresses to
install malware on the user's system
Pretexting - Answer the practice of presenting oneself as someone else in order to
obtain private information.
Influence campaigns - Answer
Hybrid warfare - Answer - Combining conventional warfare with cyberwarfare
Social Media Campaign - Answer Planned, coordinated marketing efforts using one or
more social media platforms.
Principles: - Answer Authority: an attacker may try to appear to have a certain level
authority.
Intimidation: may try to make the victim think that something terrible is going to happen
if they don't comply with the attacker's wishes. - Answer
Consensus: An attacker may try to sway the mind of a victim using names they are
familiar with, saying that such ones provided them information (they are fishing for) in
the past and you should be able to do the same. - Answer
,Scarcity: An attacker may try to set a time limit on a victim so that they can comply with
their wishes by a certain deadline. - Answer
Familiarity: they make you familiar with them on the phone and make you want to do
things for them. - Answer
Trust: The attacker in this case can claim to be a friend or close associate of someone
you may know very well and that's trusted. - Answer
Urgency: When attackers want you to act and not think, they want you to do what they
want as quickly as possible so that there's no time to spot all the red flags. - Answer
Malware - Answer a program or file designed to be disruptive, invasive and harmful to
your computer.
Ransomware - Answer Software that encrypts programs and data until a ransom is paid
to remove it.
Worms - Answer Independent computer programs that copy themselves from one
computer to other computers over a network
potentially unwanted program (PUP) - Answer program that installs itself on a computer,
typically without the user's informed consent
Fileless virus - Answer Software that uses legitimate programs to infect a computer. It
does not rely on files and leaves no footprint, making it challenging to detect and
remove.
command and control - Answer A computer controlled by an attacker or cybercriminal
which is used to send commands to systems compromised by malware and receive
stolen data from a target network
Bots - Answer self-propagating malware that infects its host and connects back to a
central server(s).
Cryptomalware - Answer Malware to remain in place for as long as possible, quietly
mining in the background.
logic bomb - Answer A computer program or part of a program that lies dormant until it
is triggered by a specific logical event.
Spyware - Answer Type of malware that infects your PC or mobile device and gathers
information about you, including the sites you visit, the things you download, your
usernames and passwords, payment information, and the emails you send and receive.
, Keyloggers - Answer software that tracks or logs the keys struck on your keyboard,
typically in a covert manner so that you don't know that your actions are being
monitored.
Remote Access Trojan - Answer type of malware that allows covert surveillance, a
backdoor for administrative control and unfettered and unauthorized remote access to a
victim's machine.
Rootkit - Answer software program, typically malicious, that provides privileged, root-
level (i.e., administrative) access to a computer while concealing its presence on that
machine
Backdoor - Answer refers to any method by which authorized and unauthorized users
are able to get around normal security measures and gain high level user access (aka
root access) on a computer system, network, or software application.
Password Attack - Answer Any type of attack in which the attacker
attempts to obtain and make use of passwords illegitimately. - Answer
Spraying password attack - Answer
Dictionary password attack - Answer An attack method that takes all the words from a
dictionary file and attempts to log on by entering each dictionary entry as a password.
brute force password attack (offline and online) - Answer an attempt to guess a
password by attempting every possible combination of characters and numbers in it
Rainbow Tables - Answer an attack on a password that uses a large pregenerated data
set of hashes from nearly every possible password
Plaintext/unencrypted password attack - Answer
Malicious universal serial bus (USB) cable - Answer
Malicious flash drive - Answer
Card cloning - Answer
Skimming - Answer
Adversarial artificial intelligence (AI) - Answer 1. Tainted training for machine learning
(ML)
2. Security of machine learning algorithms - Answer
