Chapter 10: Social Engineering and More Flashcards Preview

CompTIA Security+ > Chapter 10: Social Engineering and More > Flashcards

Flashcards in Chapter 10: Social Engineering and More Deck (31)
Loading flashcards...
1

What's the difference between Social Engineering and Wetware?

There is none.

2

What is Social Engineering?

Gaining access to something by exploiting the general trusting nature of people

3

Shoulder Surfing

Looking over someone's shoulder to try and get some information from their computer screen.

4

Dumpster Diving

Looking through dumpsters for important files

5

Tailgating

Following closely behind someone to gain access to a room you're not supposed to be in

6

Impersonation

Pretending to be someone you're not to gain access to a restricted area, such as a copier repairman or a vending machine stocker

7

Hoaxes

Warnings about things that aren't legitimate, such as bomb threats, sounding alarms, or the Goodtimes virus.

8

Whaling

Phishing of big name targets (Dear Bill Gates....)

9

Malicious Insider Threat

A disgruntled employee happy to benefit from the injuring of the company.
Anyone can be bought. Everyone has a price.

10

Authority
(Principles Behind Social Engineering)

Convincing the victim that you're a person of authority and shouldn't be questioned

11

Intimidation
(Principles Behind Social Engineering)

Threats, shouting, guilt

12

Consensus/social proof
(Principles Behind Social Engineering)

Putting the victim at ease and placating them, talking them up

13

Scarcity
(Principles Behind Social Engineering)

Convincing someone that there's a limited supply of whatever

14

Urgency
(Principles Behind Social Engineering)

Telling the victim something awful will happen if they don't hurry

15

Familiarity/liking
(Principles Behind Social Engineering)

Liking someone can lower our mental guards

16

Trust
(Principles Behind Social Engineering)

Get them to feel they owe you something or that they can trust you

17

Proximity Reader Frequencies

Smart Cards-13.56 MHz
Proximity Cards-125 KHz

18

Protected Distribution System (PDS)

A system in which physical security is so high that you can forego encryption entirely. If you have WiFi, you're probably inside a Faraday Cage.

19

Fire Extinguisher Types

A-Wood and paper fires -Water or chemical
B-Flammable liquids -Chemical
C-Electrical -nonconductive chemicals
D-Flammable metals -Varies

20

PASS

Pull, aim, squeeze, and sweep. That's how you should operate a fire extinguisher.

21

Faraday Cage

Grounds the whole room, electromagnetic signals can't enter or leave

22

Van Eck Phreaking

Detecting electromagnetic emissions from CRT and LCD displays to eavesdrop. This does work!

23

TEMPEST

an organization dedicated to reducing noise from devices which can divulge intelligence

24

What humidity level do you need to keep your computers at?

50% or higher. Any less than that is an ESD risk.

25

Deterrent
(Control Types)

Anything that tells a would-be attacker that they should be a wouldn't-be attacker

26

Preventative
(Control Types)

Stopping something from happening (locks, biometrics, knowledge, guards)

27

Detective
(Control Types)

AV, alarm, checksum, motion sensor

28

Compensating
(Control Types)

A backup for when other methods fail

29

Technical
(Control Types)

Firewalls, IDS, IPS....

30

Administrative
(Control Types)

Policies, procedures, and guidelines