Quiz: Module 02 Pervasive Attack Surfaces and Controls

What is the attack surface of social engineering?

Human vectors

Bjorn just received a phone call in which the person claimed to be a senior vice president demanding that his password be reset, or else Bjorn's supervisor would be contacted about his lack of cooperation. Bjorn was convinced that this was a social engineering attack. Which principle of human manipulation did the attacker attempt on Bjorn?

Intimidation

Which of the following is NOT a personal technique used by social engineering attackers to gain the trust of the victim?

Demand compliance

Albrecht received a call from a senior vice president of finance who had received a phishing email and had deleted it. What type of phishing attack was this?

Whaling

Tobias received an SMS text that falsely said his bank account was overdrawn and to avoid a $45 fee, he should contact the bank immediately with an explanation. What type of social engineering attack is this?

Smishing

Which of the following is NOT true about BEC?

It is decreasing in popularity among threat actors.

Which social engineering attack is masquerading as a real or fictitious character and then playing out the role of that person on a target?

Impersonation

Wolfgang-Cashman is a new intern at the online company WebHighSchoolStore.com. He has been assigned the task of researching all of the similar domain names to theirs in order to counteract attacks. What is Wolfgang-Cashman combating?

Typo squatting

What is false or inaccurate information that comes from a malicious intent?

Disinformation

Which of the following is NOT a type of data reconnaissance?

Excel dorking

Which type of sensor is most appropriate for monitoring a large warehouse for intruders?

Microwave sensor

Which of the following statements is NOT true about a pressure sensor?

A pressor sensor is a type of management control.

Arndt is on a team that is increasing the security in an office. They want to allow anyone to pass by a door but have an alarm sound whenever someone gets too close to the door. Which sensor would Arndt recommend using?

Ultrasonic sensor

Which type of buffer is automated and has two interlocking doors, only one of which can be opened at a time?

Access control vestibule

Milan is on a design team that needs to run a hardened carrier PDS underground between two buildings. What requirement would Milan add to the specifications?

It must be encased in concrete

Which data classification has the highest level of data sensitivity?

Confidential

Jan is working on classifying data. Some data has been identified that if compromised, the function and mission of the enterprise would be severely impacted. Which data classification should Jan give this data?

Critical

Which type of data is hospital patient information protected by HIPAA?

Regulated data

JSON and XML would be classified as which type of data?

Non-human-readable data

Which of the following data security methods creates a copy of the original data but uses obfuscation on any sensitive elements?

Data masking