Security+ chapter 4 example #20258

Which of the following is NOT an example of a poor security practice? - The user does not follow established security policies or processes. - A result of a lack of security policies, procedures or training within the user's organization. - An employee does not allow a person he is talking to, to enter a secured area behind him before showing proper credentials. - An employee creates on good password and then uses it for all accounts.

When creating a password, users tend to use - All capital letters - Passwords that are too long - Names of family, pets, or teams - Numbers only

Social engineers attempt to exploit the natural tendencies of people. They do this by - First trying to evoke sympathy; if this fails, then by fear of confrontation - First trying to evoke fear of confrontation and then by sympathy - First trying to guess passwords and then use a password cracker - First trying to evoke passion and then fear

All of the following are techniques used by a social engineer EXCEPT: - An attacker replaces a blank deposit slip in a bank lobby with one containing his own account number. - An attacker calls up the IT department posing as an employee and requests a password reset. - An attacker runs a brute force attack on a password. - An attacker sends a forged e-mail with a link to a bogus web site that has been set to obtain personal information.

An attacker watches people as they enter a building requiring a key card. He waits until he see someone who appears to be in a rush and has their hands full. He then intercepts the person, makes quick small talk, offers to help them hold what's in their hands while he swipes in, and follows behind. This is an example of - Spear phishing - Pharming - Piggybacking - Man trapping

A person parks his car by an ATM, sets up a small camera discreetly pointed at ATM keypad, and then pretends to be going through bank papers in his car. This would be an example of - Piggybacking - Shoulder surfing - Phishing - Social engineering

Attackers need a certain amount of information before launching their attack. One common place to find information is to go through the trash of the target to find information that could be useful to the attacker. This process of going through a target's trash is known in the community as - Trash rummaging - Garbage surfing - Piggy diving - Dumpster diving

Installing unauthorized hardware such as a communication software and modem - Is a common practice and does not affect the organization - May cause a security breach and allow an intruder to have access to an organization's system by opening up a backdoor - Boosts the system so downloading from the Internet will be faster - Saves the company from buying a license by using other software

What are the security risks of installing games on an organization's system? - There are no significant risks. - Users can't always be sure where the software came from and it may have hidden software inside of it. - The users may play during work hours instead of during breaks. - The games may take up too much memory on the computer and slow down processing making it difficult to work

All of the following are characteristics of a strong password EXCEPT: - Contains numbers and letters - Contains at least eight characters - Contains an uncommon dictionary word - Contains special characters, i.e., *%$#@

Which of the following is the weakest password? I@w3us1@! P@$$w0rd C#as%t*1ng H#e31L9pM3

When an attacker attempts to get credit card numbers using telephone and voice technologies, it's called - Vishing - Telephishing - Phreaking - Voicing

What is a good first step for companies to take to fight potential social engineering attacks? - Buy the latest virus protection software and install on the systems - Establish policies and procedures dictating the roles and responsibilities all users, as well as security administrators - Monitor all phone calls - Conduct background checks on all contractors, consultants, delivery persons, and partners that may have access to the facilities

When and attacker tries to convince the target to initiate contact and then gets the target to give up confidential information, this is known as - Social engineering - Reverse social engineering - Piggybacking - Flim flam

Users on your network receive an e-mail warning them of a dangerous computer virus. It instructs the user to delete files it claims were put there by the virus, but they are actually critical system files. This is an example of - Social engineering - Reverse social engineering - A hoax - Phishing

Social engineers attempt to convince authorized individuals to provide confidential information or access to an unauthorized individual. True or False

The only means of social engineering is through direct contact between the target and the attacker. True or False

Phishing is the most common form of social engineering attack related to computer security. True or False

Spear phishing is when an attacker attempts to redirect a user to a bogus web site that appears similar to the web site the user had intended to access. True or False

Hoaxes, while a potential nuisance, can not cause any real harm to your data. True or False

A good security practice is to choose one good password and use it for all of your various accounts. True or False

Dumpster diving is when a hacker gains access to a computer and tries to recover files from the recycle bin in the hopes of finding privileged information. True or False

One of the most effective tools for foiling the efforts of a social engineering attack is an active security awareness program. True or False

Leaving sensitive information in a car is appropriate if the doors are locked and the files are not in plain view. True or False

Shoulder surfing is when a person looks over the shoulder of another person while typing pins or passwords. True or False