Social Engineering and Other Foes

Question 1

administrative control

Answer 1

A control implemented through administrative policies or procedures

Question 2

cable lock

Answer 2

A physical security deterrent used to protect a computer

Question 3

cold aisles

Answer 3

Server room aisles that blow cold air from the floor

Question 4

compensating controls

Answer 4

Gap controls that fill in the coverage between the other types of vulnerability mitigation techniques

Question 5

control

Answer 5

Processes or actions used to respond to situations or events

Question 6

data disposal

Answer 6

Getting rid of/destroying media no longer needed

Question 7

detective control

Answer 7

Controls that are intended to identify and characterize an incident in progress

Question 8

dumpster diving

Answer 8

Looking through trash for clues, often in the form of paper scraps, to find user passwords and other information

Question 9

Faraday cage

Answer 9

An electronically conductive wire mesh or other conductor woven into a ‘cage’ that surrounds a room and prevents electromagnetic signals from entering or leaving the room through the walls

Question 10

fire suppression

Answer 10

The act of stopping a fire and preventing it from spreading

Question 11

hoax

Answer 11

Typically, an email message warning of something that isn’t true, such as the outbreak of a new virus

Question 12

hot aisles

Answer 12

A server room aisle that removes hot air

Question 13

information classification

Answer 13

The process of determining what information is accessible, to what parties, and for what purposes

Question 14

mantrap

Answer 14

A device, such as a small room, that limits access to one or a few individuals

Question 15

PASS method

Answer 15

The correct method of extinguishing a fire with an extinguisher

Question 16

PASS

Answer 16

Pull
Aim
Squeeze
Sweep

Question 17

perimeter security

Answer 17

Security set up on the outside of the network or server to protect it

Question 18

Personal Identity Verification (PIV)

Answer 18

Card required of federal employees and contractors to gain access to government resources

Question 19

PIV

Answer 19

Personal Identity Verification

Question 20

personally identifiable information (PII)

Answer 20

Information that can be uniquely used to identify, contact, or locate a single person

Question 21

PII

Answer 21

personally identifiable information

Question 22

phishing

Answer 22

A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request

Question 23

physical controls

Answer 23

Controls and countermeasures of a tangible nature intended to minimize intrusions

Question 24

preventive controls

Answer 24

Controls intended to prevent attacks or intrusions

Question 25

privacy

Answer 25

A state of security in which information isn’t seen by unauthorized parties without the express permission of the party involved

Question 26

privacy filters

Answer 26

Screens that restrict viewing of monitors to only those sitting in front of them

Question 27

PTZ

Answer 27

Cameras that can pan, tilt, and zoom

Question 28

restricted information

Answer 28

Information that isn’t made available to all and to which access is granted based on some criteria

Question 29

shoulder sniffing

Answer 29

Watching someone when they enter their username, password, or sensitive data

Question 30

social engineering

Answer 30

An attack that uses others by deceiving them; targets and manipulates people

Question 31

spear phishing

Answer 31

A form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party

Question 32

tailgating

Answer 32

Following someone through an entry point

Question 33

technical controls

Answer 33

Controls that rely on technology

Question 34

vishing

Answer 34

Combining phishing with Voice over IP (VOIP)

Question 35

wetware

Answer 35

Term used in conjunction with social engineering; refers to the idea that human thoughts are analogous to computers

Question 36

whaling

Answer 36

Phishing only large accounts