| A | B |
|---|
| Social ______ is the concept of using relationships, persuasion, and body language to steal some otherwise secretive/personal information or persuade someone to perform some action. | Social Engineering |
| ______ is meant to exploit a bias of obedience and compliance. | Authority |
| What is another term for social proof? | Consensus |
| What bias does social proof exploit? | Following a Crowd |
| Trust exploits a bias of ______. | Relationship |
| ______ exploits a bias of the desire to be exclusive. | Scarcity |
| What is Phishing? | An attempt to gain sensitive information through electronic communication |
| What is Vishing short for? | Voice Phishing |
| What does SPIM stand for? | Spam over Internet Messaging |
| What is pharming? | Putting malicious scripts onto network servers |
| Who was the chairman of Hillary Clintons 2016 campaign that had his email hacked? | John Podesta |
| What is Shoulder Surfing? | A type of social engineering technique used to obtain someone elses personal access information |
| What is the name given to an individual who secretly watches others in the privacy of their own homes? | Peeping Tom |
| Which of the following terms is another name for tailgating? | Piggybacking |
| What is a mantrap? | A physical security system composed of a small space with two sets of interlocking doors |
| Which of the following is an example of attacking a victim as someone higher in rank? | "Excuse me? I'm from the federal government" |
| Because impersonators may attempt to blend in by being overly friendly, it's important to verify the credentials of a visitor. | True, impersonators can be sneakier than phishers |
| Which of the following is an example using prepending for malicious purposes? | Adding "VERIFIED" to the beginning of the subject line of an email |
| What does PII stand for? | Personally identifiable information |
| What is the name of the individual responsible for stealing over $80 million from individuals like Oprah, Warren Buffett, and Michael Bloomberg? | Abraham Abdallah |
| Which real world cyberattacks was NOT an example of credential harvesting? | 2020 Twitter Bitcoin scam |
| What is the goal of a credential harvesting attack? | Gain a victim's log-in credentials |
| What is reconnaissance? | Gaining information by a preliminary survey |
| What is a hoax? | A humorous or malicious deception |
| What is the name of a confirmed hoax? | The Jackalope |
| What type of attack should an attacker use who wants to target websites that a group of end users use on a regular basis? | Watering Hole Attack |
| Who is a watering hole attack targeting (directed towards)? | Searchers or Common Users of a Website |
| What will an attacker develop to trick users during a watering hole attack? | A Fake Website |
| Which type of sites do attackers target for a watering hole attack? | Industry-related sites |
| When visitors visit a site used for a watering hole attack, how many users are affected? | All visitors |
| One way to stop a watering hole attack is to | Use anti-malware software |
| Before an attacker can exploit a website used by common users, he will | Test for weaknesses |
| What is pretexting? | When a malicious person goes to a victim trying to gain PII |
| Which of the following information is vulnerable to pretexting when signing a fake document? | Address, Name and Phone Number |
| What is hybrid warfare? | The combination of different war tactics |
| Which of the following is NOT a part of hybrid warfare? | Decentralized Currency |
| Which of the following are part of hybrid warfare? | Propaganda, Military Troops and SpecOps |
| What are influence campaigns very similar to? | Propaganda |
