Gemalyn enters websiteA.com in the address bar of a browser but is redirected to websiteB.com due to an infected DNS. What type of exploit did Gemalyn experience?

A redirection technique called pharming.

A redirection technique due to a single-bit error in Gemalyn's computer.

A redirection technique due to a single-bit error in a DNS server.

A redirection technique due to bitsquatting.

Which of the following most accurately describes the differences or similarities between misinformation and disinformation? Select two.

Disinformation is a type of misinformation.

A false warning is an example of disinformation.

One is false and the other is inaccurate.

Misinformation comes with a malicious intent.

Which of the following most accurately describes the similarities and/or differences between spear phishing and whaling? Select two.

Whaling targets wealthy individuals and senior executives in a business.

Spear phishing uses customized information to target specific users.

Whaling involves sending millions of generic email messages.

While spear phishing is a form of phishing, whaling is not.

Spear phishing uses email messages; whaling does not.

A company uses a fence to deter physical access. An audit report concluded that since the fence can be easily scaled, additional measures should be implemented. What additional fencing-deterrent measure could the company implement to gain an added layer of protection? Select three.

Barricades in front of the fence

What type of security buffer are you most likely to encounter at a high-security data center that enforces restricted access and requires a security clearance to gain entry?

Restricted security waiting room

Which of the following best describes what could be considered a security buffer? Select two.

Waiting room at a doctor's office

Vika is asked to do research on the types of locks available to secure entry into a controlled access area. What type of lock should Vika recommend? Select two.

A programmable electronic lock with a fixed keypad and logging mechanism.

One that requires two physical keys: one for ingress and another for egress.

A lock that can be opened with a code sent from a cell phone via Bluetooth.

Growing in popularity are smart locks, which use a smartphone that sends a code via wireless Bluetooth to open the door. One brand of electronic lock mitigates shoulder surfing or detection of fingerprint smudges by using a virtual screen. It substitutes physical buttons with a virtual keypad that displays numbers that are randomly assigned. Which of the following are true about these locks?

One capable of displaying a virtual keypad where the numbers are not fixed.

One with a keyed cylinder in both the outside and inside requiring one key.

Which of the following statements best describes how a Faraday cage prevents data leakage?

It is used to prevent EMI from escaping the enclosure.

It is used in a crime scene to prevent the loss of data.

It is used in cable conduits to protect data during transmission.

It is used to trigger an alarm if data devices are removed from the area.

Which of the following lists the data type in order from the type that needs the highest level of protection to the lowest level?

Confidential, private, sensitive

Restricted, critical, intellectual property

Which of the following examples best describes the states in which data could reside? Select three.

Data that has been deleted and can no longer be recovered

Data that has been irreversibly corrupted by malware

Which of the following are examples of data in processing, data at rest, and data in transit? Select all that apply.

Data sitting in RAM about to be transmitted

Data on a hard drive about to be accessed

Downloading an image from a website

Mod 02 Pervasive Attack Surfaces and Controls

Authored by willie reynolds

Instructional Technology

Vocational training

Used 1+ times

Mod 02 Pervasive Attack Surfaces and Controls

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

35 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An individual who was recently fired goes to their former place of employment on a weekend. Since they are unable to enter, security goes to the front door to inquire. The fired employee says they forgot their access card and just needs to pick up their tablet in their office. What attack surface is the former employee trying to exploit?

Human vector

Mobile device

Hardware

Specialized vector

Answer explanation

The former employee is attempting to manipulate the security personnel's trust, which is a human vector. They exploit the human element by claiming to have forgotten their access card to gain unauthorized access.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The CEO of a small retail chain is visiting a client. They call the help desk in a panic and request a password reset because it expired. The technician says they are not allowed to manually reset passwords but to kindly use the online password reset system. The CEO gets irate, says "You're fired," and hangs up. Which of the following best characterizes what happened, or what should have happened?

The technician should have requested approval from the manager.

The technician should have changed the password.

This is an example of social engineering.

The technician did the right thing.

Answer explanation

The technician did the right thing by directing the CEO to the online password reset system, adhering to company policy. Manually resetting passwords could compromise security, regardless of the caller's position.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Chafik works at Company A. He apparently receives an email from Jon Dough of the purchasing department. The email includes a link along with a request to fill out a survey because they want to improve the procurement process. The from field in the email reads as follows: From: Jon Dough

This is an example of a potential BEC attack.

This is an example of a potential phishing attack.

The email is legitimate because Jon Dough's name appears in the From field.

This is an example of a potential whaling attack because it is highly targeted.

The recipient is potentially more likely to click on the link because a reason was supplied.

Answer explanation

This email is a potential phishing attack because it uses a deceptive link and requests sensitive information. The reason provided increases the likelihood of the recipient clicking the link.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Company A sends a fictitious overdue invoice that appears legitimate via email to Company B, a large corporation. Company A hopes that Company B will comply and make the payment without investigating. This scenario represents which type of social engineering attack?

Phishing

Pretexting

Baiting

Tailgating

Answer explanation

This scenario represents phishing, as Company A is attempting to deceive Company B into making a payment by sending a fake invoice that looks legitimate, hoping for compliance without verification.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which two methods are commonly used in social engineering attacks? Select two.

BEC

Phishing

Executive fraud

Brand impersonation

Account compromise

Answer explanation

The correct answers are BEC (Business Email Compromise) and Phishing. Both involve deceptive tactics to manipulate individuals into providing sensitive information or funds, often using email as the primary method.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You receive a call from someone pretending to be a government agent. They claim there is an issue with your taxes and you need to provide certain information to clear up the problem. However, the caller's true goal is to obtain private information. Which of the following best describes this behavior?

Vishing

Smishing

Vectoring

Pretexting

Answer explanation

The caller is using a false identity to manipulate you into providing private information, which is known as pretexting. This tactic involves creating a fabricated scenario to gain trust and extract sensitive data.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which of the following most accurately describes the differences or similarities between typo squatting and cybersquatting? Select two.

Cybersquatting is registering a domain that contains trademarks and then selling it.

Cybersquatting changes a letter in a domain hoping to capitalize on a single-bit error.

Typo squatting will very likely render an "HTTP Error 404 Not Found" message in a browser.

A domain name with a one-letter change relative to an authentic site is an example of typo squatting.

Answer explanation

Cybersquatting involves registering domains with trademarks to sell them, while typo squatting involves minor changes to a domain name, like a one-letter change, to mislead users. Both practices exploit similar principles.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

15 questions

Hargrett House Quiz: Community & Service

Quiz

•

5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Mod 02 Pervasive Attack Surfaces and Controls

The former employee is attempting to manipulate the security personnel's trust, which is a human vector. They exploit the human element by claiming to have forgotten their access card to gain unauthorized access.

The technician did the right thing by directing the CEO to the online password reset system, adhering to company policy. Manually resetting passwords could compromise security, regardless of the caller's position.

Chafik works at Company A. He apparently receives an email from Jon Dough of the purchasing department. The email includes a link along with a request to fill out a survey because they want to improve the procurement process. The from field in the email reads as follows: From: Jon Dough

This email is a potential phishing attack because it uses a deceptive link and requests sensitive information. The reason provided increases the likelihood of the recipient clicking the link.

Company A sends a fictitious overdue invoice that appears legitimate via email to Company B, a large corporation. Company A hopes that Company B will comply and make the payment without investigating. This scenario represents which type of social engineering attack?

This scenario represents phishing, as Company A is attempting to deceive Company B into making a payment by sending a fake invoice that looks legitimate, hoping for compliance without verification.

Which two methods are commonly used in social engineering attacks? Select two.

The correct answers are BEC (Business Email Compromise) and Phishing. Both involve deceptive tactics to manipulate individuals into providing sensitive information or funds, often using email as the primary method.

The caller is using a false identity to manipulate you into providing private information, which is known as pretexting. This tactic involves creating a fabricated scenario to gain trust and extract sensitive data.

Which of the following most accurately describes the differences or similarities between typo squatting and cybersquatting? Select two.

Cybersquatting involves registering domains with trademarks to sell them, while typo squatting involves minor changes to a domain name, like a one-letter change, to mislead users. Both practices exploit similar principles.

Gemalyn enters websiteA.com in the address bar of a browser but is redirected to websiteB.com due to an infected DNS. What type of exploit did Gemalyn experience?

Gemalyn experienced pharming, a type of exploit where users are redirected to a malicious site due to compromised DNS settings, rather than a simple error or bitsquatting.

Which of the following most accurately describes the differences or similarities between misinformation and disinformation? Select two.

Disinformation is indeed a type of misinformation, as it involves spreading false information with intent to deceive. A false warning exemplifies disinformation, as it misleads people intentionally.

An attacker attempts to target individuals by infecting the website they visit, often to contribute papers, do research, and sign up for conferences. What type of attack is this?

A watering hole attack targets specific groups by infecting websites they are likely to visit, such as those for research or conferences. This aligns with the scenario described, making 'watering hole attack' the correct choice.

Access all questions and much more by creating a free account

Popular Resources on Wayground