click below
click below
Normal Size Small Size show me how
CompTIA Security +2
Question | Answer |
---|---|
Which type of social engineering attack utilizes voice messaging to conduct the attack? | Vishing is basically a variation of phishing that uses voice communication technology to obtain the information the attacker is seeking. |
Social engineering attacks work well because the individual who is the target of the attack/attempt? | Often either genuinely wants to help or is trying to avoid a confrontation, depending on the attacker's specific attack. |
From a security standpoint, why should an organization consider a policy of mandatory vacations? | To ensure that employees are not involved in illicit activity that they are attempting to hide. |
Select all of the following that are examples of personally indentifiable information: | Name, ID Number, License Plate Number, Telephone Number, Street Address |
Which type of social engineering attack utilizes voice messaging to conduct the attack? | Vishing is basically a variation of phishing that uses voice communication technology to obtain the information the attacker is seeking. |
Which type of social engineering attack utilizes voice messaging to conduct the attack? | Vishing is basically a variation of phishing that uses voice communication technology to obtain the information the attacker is seeking. |
Social engineering attacks work well because the individual who is the target of the attack/attempt? | Often either genuinely wants to help or is trying to avoid a confrontation, depending on the attacker's specific attack. |
From a security standpoint, why should an organization consider a policy of mandatory vacations? | To ensure that employees are not involved in illicit activity that they are attempting to hide. |
Select all of the following that are examples of personally indentifiable information: | Name, ID Number, License Plate Number, Telephone Number, Street Address |
A hoax can still be a security concern because? | It can result in a user performing some action that could lead to a compromise of that might adversley affect the system or network. |
How should CD's and DVD's be disposed of? | By shredding using a paper shredder designed also to shred CD's and DVD's. |
What type of attack consists of looking through an individual's or organization's trash for sensitive information? | Dumpster Diving. |
What type of attack can involve an attacker setting up a camera to record the entries individuals make on keypads used for access control? | This is an example of a shoulder surfing method. |
Which of the following should be included in a password policy? | An explanation on how complex the password should be. The length of time the password will be valid before it expires. A description of how passwords should be distributed and protected. |
What is the best method of preventing successful phishing attacks? | A viable user training and awareness program. |
What type of attack uses e-mails with a convincing story to encourage users to provide account or other sensitive information? | Phishing, |
The reason for providing a group access control policy is? | It provides an easy mechanism to identify common user restrictions for members of the group. Individual profiles for each user don't have to be created but instead each is identified as a member of the group with its associated group profile policy |
Which of the following is a high level, broad statement of what the organization wants to accomplish? | Policy. |