The following is not a social engineering attack(
[Answer]:C
Social engineering attack is a kind of cyber-attack that utilizes “social engineering” to carry out.
In computer science, social engineering refers to the use of legitimate communication with others to psychologically influence them to perform certain actions or reveal confidential information. This is often considered a form of fraudulent behavior to gather information, deception, and intrusion into computer systems. Therefore, ABD are both consistent with social aggression science.
Cybersecurity Competition Test Questions 2017(2)
23.(Medium) The best option to prevent Trojan horse software from entering a school network is ()?
A. Deploy a keystroke monitoring program
B. Deploy a virus scanning application
C. Deploy a stateful-detection firewall
D. Deploy a debugger application
24.(Medium) The following options are social Engineering attack option is ()?
A. Logic Bomb
B. Trojan Horse
C. Packet Replay
D. Phishing
25.(Easy) There are no selfies or video chats but the light of the computer’s webcam is always on, what’s the reason for that? ()
A. It may have been hit by a Trojan horse and is being spied on by hackers
B. The computer is broken
C. It was supposed to light up
D. The webcam is broken
26.(easy)File-based viruses infect mainly ____.
A, .DOE and .EXE
B, .DBF
C, .WPS
D, .EXE and .DOC
27.(Easily) What is the harm of installing several security software on your computer ()?
A. They may consume a lot of system resources and conflict with each other
B. They do not affect the speed of the computer
C. They may affect the normal operation of the computer
D. They may use the computer more confidently
28. (easy) ) There is a kind of website that makes it possible for a computer to be infected with a Trojan horse virus just by opening it. What is the specialized name for this kind of website?
A. Phishing website
B. Horse-trafficking website
C. Gaming website
D. Portal website
29.(easy) If your home phone or cell phone hangs up after only one ring, the best way to handle it is <
A. Call the police immediately, it must be a fraudulent phone call
B. Most of the “one ring” phone calls are cost-sucking phone calls, so if it is an unfamiliar number, ignore it
C. Call the police immediately, it must be a fraudulent phone call
D. Call the police immediately, it is a fraudulent phone call
D. No matter who it is, dial back and yell at the other party
30. (Difficulty) Which of the following is an example of a DOS attack?
A. SQL injection
B. IP address spoofing
C. Smurf attack
D. Dictionary cracking
31.(Difficulty)Which of the following is the most effective means of protecting against SQL injection attack is the most effective means:
A. Deletion of web pages with injection points
B. Management of the database system
C. Strict control of permissions and strict filtering of data entered by web users
D. Passing network firewalls D. Strictly restricting Internet users’ access to the web server through a network firewall
32.(Medium) Which of the following vulnerabilities is not caused by not filtering input?
A. DOS attack
B. SQL injection
C. Log injection
D. Command line injection
33.(Medium) The port number used by the POP server is ____.
A, tcp port 25
B, tcp port 110
C, tcp port 143
D, tcp port 23
34.(Medium) Which of the following options is not executable for Trojan scripts of the suffix ()?
A, asp
B, php
C, cer
D, htm
35.(Difficulty)ASP Trojan horse does not have the functionality of ____.
A, upload function
B, remote overflow lifting function
C, download function
D, browse the directory function
36.(Difficulty)The dangers of Command Injection do not include which of the following?
A. Obtaining server information
B. Constructing a one-sentence Trojan horse
C. Stealing the current user cookie
D. Changing the home page of the Web site
37.(Moderate) Which of the following is not a preventive measure against the password being guessed?
A. Strictly limiting the number of authentication attempts from a given terminal
B. Ensuring that the passphrase is not reproduced on the terminal
C. Preventing the user from using a passphrase that is too short
D. Using a machine generated passphrase
38. (Easily) If you observe on a Windows system one day that a “Recycle Bin” icon or folder has been added to a USB flash drive that did not exist before, the most likely cause is:
A. The USB flash drive is corrupted
B. Infected with a virus
C, due to disk fragmentation
D, there are junk files on the USB flash drive that are not thoroughly cleaned up
39. (Difficulty) The main security problem when using FTP for file transfer exists:
A, anonymous login does not require a password
B. The destructive program is able to run on the client side
C. The destructive program is able to run on the server side
D. The username and password for logging in are transmitted to the server side in plaintext
40.(Moderate) The Domain Name Service System (DNS) functions to:
A. convert domain names to IP addresses
B. convert domain names to network card addresses
C. convert hostnames to IP addresses
D. convert domain names to e-mail addresses
41.(Easy) Li belongs to both the “General Users” group and the “Advanced Users” group. He wants to access the “Work Documents” directory. “The “General Users” group has read-only access to this folder, and the “Advanced Users” group has write access to this folder, so Li can now access the “Working Documents” directory. What can you do with the “Work Documents” directory now?
A. Read only
B. Write only
C. Read and write
D. Conflicting permissions, unable to do anything
42. A colleague, but the email is very suspicious, there is no work-related content, the email comes with a link to an unfamiliar website, asking him to visit and register with his real name, which attack method may belong to ()
A, Buffer Overflow Attack
B, Phishing Attack
C, Watering Hole Attacks
D, DDOS Attacks
43.(Easily) In the field of network security, VPNs are commonly used to establish a secure access channel between ______.
A. Headquarters with branch offices, with partners, with mobile office users, remote users;
B. Customers with customers, with partners, remote users;
C. Users on the same local area network;
D. Restricted to family members;
D. p>
44.(Easily) Malicious code residing on web pages usually utilizes () to achieve implantation and carry out attacks.
A. Password attacks
B. USB flash drive tools
C. Vulnerabilities in browser software
D. Denial-of-service attacks
45.(Moderate)When a user is temporarily away, it locks down the Windows system to prevent others from using it illegally. The shortcut for locking the system is to press and hold () at the same time.
A, WIN and Z keys
B, F1 and L keys
C, WIN and L keys
D, F1 and Z keys
46.(Easy) To browse the web safely, you should not ().
A. Use the “auto-login” and “remember password” functions on a public computer
B. Disable the ActiveX control and Java script
C. Regularly clear your browser cookies
D. Regularly clear your browser cache and Internet history
D.
What does a social engineering attack mean?
Social engineering is a hacker attack means, there are a variety of forms, together, can be simply divided into four types of attacks.
1, human nature-style attacks, such as phishing attacks, social engineering attacks, these attacks, the technical content is often very low, against is human nature. A bit of liar attack flavor. Famous hacker Fitnick, with this kind of attack as a specialty.
2, man-in-the-middle attacks, a variety of network attacks, together almost all man-in-the-middle attacks, for the simple reason that any communication between the two sides of the threat of third-party attacks is inevitable. For example, sniffer attacks, this attack can be said to be the most commonly used network attacks, derived from this, ARP spoofing, DNS spoofing, small to Trojan horse to DLL hijacking and other techniques for dissemination, almost all in the use of man-in-the-middle attacks.
3, defective attacks, there is no such thing as a perfect thing in the world, the network is the same, such as DDOS attacks, which is essentially not a vulnerability, but just a small defect, because the TCP protocol must go through three handshakes.
4, vulnerability-based attacks, is the so-called 0dayHacker attack, this attack is the most deadly, but all the hands of the hacker, there must be some unpublished 0day vulnerability utilization software, you can instantly complete the attack.
What does social engineering attack mean
Social engineering attack is a type of cyber attack that utilizes “social engineering”.
Social engineering, to be precise, is not a science, but an art and trickery. Social engineering to take advantage of human weaknesses, in order to comply with your wishes, to meet your desires in a way that allows you to fall for some of the methods, an art and learning. It is said that it is not a science because it is not always repeatable and successful, and it automatically fails with sufficiently much information. The tricks of social engineering also imply all sorts of flexible conceptualization and change factors.
Social engineering is the practice of exploiting human weaknesses, such as instinctive reactions, curiosity, trust, and greed for advantage, in order to gain advantage by deception, harm, and other harmful means.
Social Engineering Attacks
1. Phishing Attacks: This is an old trick of using social engineering tactics to gain access to the victim’s confidential information. Most phishing attacks masquerade as trusted service providers such as banks, schools, software companies, or government security agencies, such as the FBI.
2. Baiting schemes: In this type of social engineering scheme, attackers take advantage of the fact that there is a super-high level of interest in, for example, the latest movie or a popular music video in order to mine these people for information. This is common in P2P sharing networks such as Bittorrent, for example.
3. Spoofing an email from a friend: This is a common way to use social engineering tactics to grab information from a large group of people online.
Refer to Baidu Encyclopedia-Social Engineering Attacks for the above
What do each of the 9 icons of the security end event category mean?
1. Unauthorized Access: Icons that indicate unauthorized access or intrusion, indicating that a hacker or unauthorized user has attempted to gain access to a system or application.
2. Malware: Icons that indicate malicious software, such as viruses, Trojans, worms, spyware, etc.
3. Data Leakage: An icon indicating a data leakage, which means that sensitive information has been compromised, which may lead to personal identity theft, financial loss, etc.
4. Social Engineering Attack: An icon indicating a social engineering attack, which means that the attacker has used deception, camouflage, manipulation, and other techniques to trick the victim into disclosing sensitive information.
5. Account Theft:An icon indicating account theft, which indicates that the attacker obtains the victim’s login credentials and is able to access the system or application.
6. Cybercrime: Icons indicating cybercrime, such as cyber fraud, cyber fraud, etc.
7. Firmware Attack: an icon indicating a firmware attack, which means that the attacker has tampered with or corrupted the firmware of a device or system.
8. Phishing: An icon indicating phishing, which indicates that an attacker obtains sensitive information about a victim through deception.
9. Wireless Intrusion: An icon that indicates a wireless intrusion, indicating that an attacker has attacked or intruded through a wireless network.
What are the characteristics of a social engineering attack
Characteristics of a social engineering attack: the attack is covert, widely targeted, and highly customized.
1, the attack method is covert: social engineering attacks are usually carried out using daily communication methods such as e-mail, SMS, telephone, etc. The attacker will disguise himself as a person or organization trusted by the victim, making it difficult for the victim to detect.
2. Wide range of targets: Social engineering attacks do not target specific systems or software, but rather the weaknesses of human nature. Therefore, both individual and corporate users can be the target of social engineering attacks.
3. Highly customizable: social engineering attacks are usually customized to the victim’s personality and needs, and are therefore highly deceptive. Attackers may conduct a detailed survey of the victim to learn about the victim’s interests, habits, job, and other information in order to develop a more effective attack strategy.
Disadvantages of Social Engineering Attacks
1. High customization leads to high cost of attack: social engineering attacks require the attacker to conduct a detailed survey and analysis of the victim in order to develop a targeted attack strategy. This makes it necessary for attackers to invest a lot of time and effort in executing social engineering attacks, which leads to high attack costs.
2. Reliance on interpersonal relationships leads to limited attack success: The success of a social engineering attack depends heavily on the interpersonal relationship between the victim and the attacker. If the victim is wary or skeptical of the attacker, the likelihood of the attacker’s success is greatly reduced.