2 cissp ® Official Study Guide Eighth Edition

Understand social engineering

Download 19,3 Mb.

Pdf ko'rish

bet	615/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 611 612 613 614 615 616 617 618 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Understand phishing.

Understand social engineering.
A social-engineering attack is an attempt by an attacker
to convince someone to provide information (such as a password) or perform an action they
wouldn’t normally perform (such as clicking on a malicious link), resulting in a security
compromise. Social engineers often try to gain access to the IT infrastructure or the physi-
cal facility. User education is an effective tool to prevent the success of social-engineering
attacks.
Understand phishing.
Phishing attacks are commonly used to try to trick users into giving
up personal information (such as user accounts and passwords), click a malicious link, or
open a malicious attachment. Spear phishing targets specific groups of users, and whaling
targets high-level executives. Vishing uses VoIP technologies.
Written Lab
1.
Describe the primary difference between discretionary and nondiscretionary access
control models.
2.
List three elements to identify when attempting to identify and prevent access control
attacks.
3.
Name at least three types of attacks used to discover passwords.
4.
Identify the differences between a salt and a pepper (used when hashing a password).

Review Questions
657
Review Questions
1.
Which of the following
best
describes an implicit deny principle?
A.
All actions that are not expressly denied are allowed.
B.
All actions that are not expressly allowed are denied.
C.
All actions must be expressly denied.
D.
None of the above.
2.
What is the intent of least privilege?
A.
Enforce the most restrictive rights required by users to run system processes.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 611 612 613 614 615 616 617 618 ... 881