Practice Test 1

Question 1

smishing

Answer 1

Smishing is a type of phishing attack that occurs via SMS (Short Message Service) or text message. Attackers use deceptive text messages to trick recipients into revealing sensitive information or clicking on malicious links.

Question 2

The practice of using a telephone system to manipulate user into disclosing confidential information is known as:

Answer 2

Vishing

During a vishing attack, attackers may impersonate trusted entities such as banks, government agencies, or tech support representatives. They use various tactics to manipulate their victims, such as creating a sense of urgency or fear, offering fake incentives, or pretending to have important information about the victim.

Question 3

SPIM AND SPIT

Answer 3

SPIM stands for “Spam over Instant Messaging,” referring to unsolicited messages sent through instant messaging (IM) platforms. SPIM is similar to email spam but occurs within instant messaging applications.

SPIT stands for “Spam over Internet Telephony,” which involves unsolicited, unwanted, or irrelevant advertising messages sent over internet telephony, such as VoIP (Voice over Internet Protocol) calls. SPIT can be disruptive and intrusive, much like email spam or telemarketing calls.

Question 4

Phishing scams targeting a specific group of people are referred to as:

Answer 4

spear phishing

Question 5

“Dumpster diving”

Answer 5

Sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks.

Question 6

Pharming

Answer 6

Pharming is a cyber attack where attackers redirect website traffic to a fraudulent website by altering the DNS (Domain Name System) records or by compromising a DNS server. This can lead users to unwittingly disclose sensitive information, such as usernames, passwords, or financial details, to the attackers.

Question 7

Tailgating

Answer 7

Tailgating, also known as piggybacking, is a physical security threat where an unauthorized person follows an authorized individual into a restricted area or facility without proper authentication or authorization. This often occurs when someone holds the door open for another person without verifying their identity or credentials, allowing them to gain unauthorized access to a secure area.

Question 8

Elicitation

Answer 8

Elicitation is a social engineering technique used by attackers to gather information from individuals or organizations through casual conversation, manipulation, or other means without raising suspicion. Attackers use elicitation to extract sensitive information, such as passwords, company policies, or security procedures, by exploiting human psychology and communication skills.

Question 9

bracketing

Answer 9

Bracketing is a technique used in penetration testing or ethical hacking where varying degrees of attacks are launched against a target system to identify its vulnerabilities and weaknesses. This involves testing the system with both low-impact and high-impact attacks to assess its resilience and potential points of entry for malicious actors.

Question 10

Confidential bait

Answer 10

“Confidential bait” is a social engineering tactic where attackers use fake or enticing information, often presented as confidential or sensitive, to manipulate individuals into divulging valuable information or taking specific actions. This could include enticing emails or messages claiming to contain privileged information or insider knowledge, designed to trick recipients into providing sensitive data or performing actions that compromise security.

Question 11

Deliberate false statements

Answer 11

“Deliberate false statements” are intentionally misleading or untrue statements made with the intention to deceive or mislead others. In the context of security, this could involve attackers spreading false information to manipulate individuals or organizations into taking actions that compromise their security or divulging sensitive information.

Question 12

Whaling

Answer 12

Whaling is a type of phishing attack that specifically targets high-profile individuals or executives within an organization. Attackers aim to deceive these individuals into divulging sensitive information, such as login credentials or financial data, or to trick them into performing certain actions that could compromise the organization’s security. Whaling attacks often involve sophisticated social engineering techniques tailored to the target’s role and responsibilities.

Question 13

typosquatting

Answer 13

Typosquatting, also known as URL hijacking, is a malicious practice where attackers register domain names that are similar to legitimate websites but contain typographical errors or common misspellings. The goal is to capitalize on user mistakes when typing a website address into a browser, leading them to the attacker’s fraudulent website instead of the intended destination. Typosquatting can be used for various nefarious purposes, including phishing, malware distribution, or collecting sensitive information.

Question 14

virus hoax

Answer 14

A virus hoax is a false warning or alarm about a non-existent computer virus or malware threat. These hoaxes typically spread through email, social media, or online forums, often containing exaggerated or entirely fabricated claims about the capabilities or effects of a supposed virus. Virus hoaxes can cause unnecessary panic, waste resources as users attempt to mitigate non-existent threats, and sometimes even lead to the installation of actual malware as users download fake security software in response to the hoax.

Question 15

watering hole attacks

Answer 15

Watering hole attacks are a type of cyber attack where attackers compromise websites that are frequently visited by their intended targets. The goal is to infect the visitors’ devices with malware by exploiting vulnerabilities in their browsers or plugins. This technique allows attackers to target specific groups or organizations by compromising websites they are likely to visit, hence the analogy to predators waiting near a watering hole for their prey.

Question 16

Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as:

Answer 16

malware

Question 17

malware vs spyware

Answer 17

Malware is a broad term referring to any type of malicious software designed to harm or infiltrate computer systems. Spyware, on the other hand, is a specific type of malware that is designed to secretly gather information from a computer or network without the user’s knowledge or consent. While all spyware is a type of malware, not all malware functions specifically as spyware.

Question 18

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called:

Answer 18

a worm

Question 19

prepending

Answer 19

Prepending is a technique used in malware distribution where malicious code or data is added to the beginning (or “prepended”) of a legitimate file, such as an executable or a document. This allows the malware to execute or be activated when the legitimate file is opened or executed, potentially compromising the system or spreading further malware.

Question 20

data url phishing

Answer 20

Data URL phishing involves using data URLs to host phishing content. Data URLs allow embedding data directly into the URL itself, rather than referencing external resources. Attackers may use data URLs to host phishing pages or malicious content, making it appear as though the content is part of a legitimate website. Users might be tricked into interacting with these URLs, thinking they are safe, when in fact, they lead to fraudulent or malicious content designed to steal sensitive information or compromise security.