Which two steps of hacking are most likely to involve social engineering?
Reconnaissance, Gaining Access
What is the goal of social engineering?
To manipulate individuals into divulging sensitive information
In the CIA Triad, what does the “C” stand for?
Confidentiality
A password is an example of ___________ to prove who you are.
Something you know
Administrator privileges provide a user with ___________.
Full control of system settings
What type of attack tests weak passwords against a large number of accounts?
Credential stuffing
Which is NOT a reason that social engineering is so successful?
Technology-based systems are easy to bypass
What is the single most important thing you can do to secure a system?
Install updates regularly
Which of these is NOT a good practice to create a secure password?
Using your birthdate
A ___________ is a tweak to the OS code that will fix an issue in how it runs or compatibility with devices and applications.
Patch
A software program that automates the process of trying all possible combinations of characters to determine a password is called?
Brute force attack
Which social engineering technique is best protected against by using a security guard or turnstile?
Tailgating
What is the term for proving who you are so trust can be established between you and another party?
Authentication
What are two reasons a passphrase is recommended instead of a password?
Easier to remember, Harder to crack
Before deciding on hardening procedures, it is a good idea to use ___________ as a reference for best practices.
NIST guidelines
What type of attack tries a lot of known passwords against just one account?
Dictionary attack)
What is a phishing attack that targets a specific individual or organization?
Spear Phishing
When a database is exposed or stolen, it is said to be a?
Data breach
A one-way algorithm used to encrypt a password for secure storage is called?
Hashing
The best way to survive a ransomware attack is ___________.
Having secure backups
Hackers use a special tool called ___________ to scan the Internet for open devices.
Shodan
Explain the two conditions data must meet to be considered OSINT.
Be publicly available, Be legally obtained
For backups, the 3-2-1 rule is the best practice. What does it mean
3 copies of data, 2 different storage media, 1 offsite backup)
What is a common method used to mitigate the effectiveness of rainbow table attacks?
Salting passwords
What is the primary purpose of penetration testing during the hardening process?
To identify and remediate vulnerabilities before attackers can exploit them.