Threat Actors
Who is known as a hacker that gains unauthorized access to systems for malicious purposes?
Black Hat Hacker
What is the term for fraudulent emails designed to trick users into revealing personal information?
phishing
What does the term "malware" refer to?
Malicious software designed to damage or exploit systems
What is penetration testing?
A simulated cyberattack to identify vulnerabilities
What is social engineering in the context of cybersecurity?
Manipulating people into divulging confidential information
What term describes individuals or groups that exploit vulnerabilities for financial gain?
Cybercriminals
Identify one common method in phishing attacks.
Sending deceptive emails that appear to be from legitimate sources
What is a trojan horse and how does it operate?
A Trojan horse disguises itself as legitimate software to trick users into installing it, then executes malicious activities.
What is the difference between black box and white box testing?
Black box testing simulates an external attack without insider knowledge, while white box testing uses full system information for a thorough analysis.
What is a common tactic used in social engineering attacks?
Pretexting—creating a fabricated scenario to steal information
Name a type of hacker who operates in the shadows but may also be a former ethical hacker.
Espionage or gathering intelligence
What is spear phishing, and how does it differ from regular phishing?
Spear phishing targets specific individuals or organizations with personalized information, while regular phishing casts a wide net to trick anyone.
What is the potential impact of spyware on a user's personal information?
Spyware can monitor keystrokes, capture sensitive data, and invade privacy.
Explain the steps involved in a typical penetration testing process.
Planning, information gathering, scanning, exploitation, analysis, and reporting.
How can individuals protect themselves from social engineering?
Being cautious with sharing personal information and verifying the identity of requesters
A hacker whose main purpose is to protest an eventor situation and draw attention to their own views and opinions.
Hacktivist
How can a business protect themselves from a phishing attack?
Implementing email filters, employee training, and multi-factor authentication (MFA)
How should a business effectively respond to a Malware outbreak?
Isolate affected systems, investigate the scope, remove malware, and strengthen security measures.
What is the difference between vulnerability scanning and penetration testing?
Vulnerability scanning identifies potential security weaknesses using automated tools, while penetration testing actively exploits vulnerabilities to assess real-world risks.
What role does trust play in social engineering?
Attackers exploit trust to manipulate victims into sharing sensitive information.
Is employed by a government
Retrieves top-secret information
Hacks other governments’ devices
State sponsored hacker.
What is a phishing simulation?
Phishing simulations are training exercises that test employees’ ability to recognize and respond to phishing attempts.
Name one type of malware that can replicate itself and spread to other computers.
Worm – A worm is a type of malware that can replicate itself and spread across networks without needing a host file, often causing widespread damage.
4o
What is a post-exploitation phase in penetration testing?
The post-exploitation phase involves maintaining access, gathering further intelligence, and determining the potential impact of the vulnerability after initial access has been gained.
Discuss the psychological techniques that make social engineering effective?
Techniques include exploiting emotions like fear, urgency, and curiosity to manipulate decision-making.