Introduction to Security
This social engineering principle was used when a caller claimed to be a company executive who needed a password reset immediately for an urgent meeting.
What is urgency (or a sense of urgency)
This factor uses something you are, like a fingerprint.
What is a biometric factor
This type of encryption uses the same key for both encryption and decryption.
What is symmetric encryption?
This model explains how data travels through seven abstraction layers, from the physical wire all the way up to applications like email and web browsing.
What is the OSI model
Attackers trick devices into sending data to the wrong hardware address by changing entries in a network’s MAC table.
What is an ARP spoofing attack
An email promises free software for the first 50 downloads, tricking users into acting fast. This social engineering principle is being used.
What is scarcity
This access control model gives permissions based on a person’s job role.
What is role-based access control (RBAC)
This process turns readable information into a scrambled form to keep it secret.
What is encryption
Before data is transmitted across a network, headers and trailers are added around it in this process.
What is encapsulation
Ian needs to connect to another computer securely using a command-line shell. This protocol encrypts his session.
What is SSH (Secure Shell)
A user downloads a “free game” that secretly gives the attacker access to their computer.
What is a Trojan horse attack?
Cynthia wants to make sure only paying customers can use her company’s API.
What is API key–based authentication (or token-based authentication)
This type of encryption uses one key to lock the data and a different key to unlock it.
What is asymmetric encryption?
This model, used by the U.S. Department of Defense, has four layers and is protocol-dependent.
What is the DoD (TCP/IP) model
Frank notices that many infected machines are flooding another network with packets, slowing it down. This is an example of this type of attack.
What is a Distributed Denial of Service (DDoS) attack
An attacker pretending to be from the company’s tech support team tells an employee there’s a virus outbreak and they need immediate remote access.
What are authority and urgency?
Quentin only gets admin rights when he needs them and loses them when done.
What is just-in-time (JIT) privilege management or privileged access management (PAM)
A website uses this digital file to prove its identity and enable secure HTTPS communication.
What is a digital certificate
This device operates at OSI Layer 3, making forwarding decisions based on IP addresses.
What is a router?
Some users typed the correct URL but were directed to a fake bank website, compromising their logins. This is most likely what type of attack.
What is DNS spoofing or DNS hijacking
A company experiences ongoing, targeted attacks from a government-sponsored group that aims to steal data and disrupt operations.
What is a nation-state actor (or an advanced persistent threat—APT)
Greg’s system gives temporary admin passwords and logs every use.
What is a privileged access management (PAM) system or password vault?
Derek wants to perform this type of attack against a digital signature by finding two different inputs that produce the same hash value.
What is a birthday attack?
When you stream a live video or play an online game, this connectionless protocol is often used because it trades reliability for speed.
What is UDP (User Datagram Protocol)
Charles wants to ensure that DNS responses are verified and cannot be tampered with. Implementing this protocol provides integrity and authenticity for DNS.
What is DNSSEC