StudyXY
RegisterLog in
Information Technology /CompTIA Security+ (SY0-601): Social Engineering

CompTIA Security+ (SY0-601): Social Engineering

Information Technology16 CardsCreated about 2 months ago

This section focuses on electrical power issues—including surges, spikes, sags, brownouts, and blackouts—that can affect computing equipment. It also outlines various RAID levels, explaining how they manage data redundancy and performance through techniques like striping, mirroring, and parity.

PrintEmbedImportReport

Spear Phishing

An attempt to fraudulently obtain information from a user, usually by email that targets a specific individual

Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/16

Key Terms

Term
Definition

Spear Phishing

An attempt to fraudulently obtain information from a user, usually by email that targets a specific individual

Whaling

A form of spear phishing that directly targets the CEO, CFO, CIO, CSO, or other high-value target in an organization

Smishing

Phishing conducted over text messaging (SMS)

Vishing

Phishing conducted over voice and phone calls

Pharming

Phishing attempt to trick a user to access a different or fake website (usually by modifying hosts file)

Motivation Factors

Authority
People are more willing to comply with a request when they think it is coming from someone in authority
Use of recognizable brand n...

Log in to view all terms

Related Flashcard Decks

Information Technology

Security+ (SY0-701): Additional Knowledge

This flashcard set explores various cybersecurity topics including credential-stuffing attacks, data classification (e.g., private data), and key disaster recovery metrics like RTO. It also highlights protective measures such as hashing for data integrity, automation support challenges, and the use of URL scanning in web filtering to prevent malware infections.

10 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice: 5.0 Security Program Management and Oversight

This flashcard set covers key concepts in cybersecurity governance frameworks, including centralized governance, data stewardship roles, and compliance laws like SOX. It also addresses environments supporting development and change management, as well as recovery strategies like Recovery Point Objective (RPO) to minimize data loss during system failures.

8 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice: 4.0 Security Operations

This flashcard set explores advanced cybersecurity practices including refining SIEM alert handling, email security protocols (DKIM, DMARC), secure authentication methods, and strategic threat-hunting. It emphasizes how to enhance incident response efficiency and leverage proactive defense techniques like maneuvering to counteract potential threats.

11 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice; 2.0 Threats, Vulnerabilities, and Mitigations

This deck covers key concepts related to threats, vulnerabilities, and mitigations in cybersecurity, focusing on virtual machine security.

1 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice; 1.0 General Security Concepts

This flashcard deck covers key concepts from the Security+ (SY0-701) exam, focusing on general security concepts such as technical and operational controls, policy enforcement, and tokenization.

6 cards
View Deck
Information Technology

Security+ (SY0-701): Lesson 16: Summarize Data Protection Part 2

This flashcard deck covers key concepts from the Security+ (SY0-701) Lesson 16, focusing on data protection methods, DLP components, and security awareness training.

25 cards
View Deck

Study Tips

  • Press F to enter focus mode for distraction-free studying
  • Review cards regularly to improve retention
  • Try to recall the answer before flipping the card
  • Share this deck with friends to study together
CompTIA Security+ (SY0-601): Social Engineering
TermDefinition

Spear Phishing

An attempt to fraudulently obtain information from a user, usually by email that targets a specific individual

Whaling

A form of spear phishing that directly targets the CEO, CFO, CIO, CSO, or other high-value target in an organization

Smishing

Phishing conducted over text messaging (SMS)

Vishing

Phishing conducted over voice and phone calls

Pharming

Phishing attempt to trick a user to access a different or fake website (usually by modifying hosts file)

Motivation Factors

Authority
People are more willing to comply with a request when they think it is coming from someone in authority
Use of recognizable brand names like a bank or PayPal could be considered a form of authority

Urgency
People are usually in a rush these days and urgency takes advantage of this fact

Social Proof
People are more likely to click on a link through social media or based on seeing others have already clicked on it

Scarcity
Technique that relies on the fear of missing out on a good deal that is only offered in limited quantities or a limited time

Likeability
A technique where the social engineer attempts to find common ground and shared interests with their target

Fear
The use of threats or demands to intimidate someone into helping you in the attack

Diversion Theft

When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location

Baiting

When a malicious individual leaves malware-infected removable media such as a USB drive or optical disc lying around in plain view

Piggybacking

When an unauthorized person tags along with an authorized person to gain entry to a restricted area

(Tailgating with consent)

Watering Hole Attack

When an attacker figures out where users like to go, and places malware to gain access to your organization

Prepending

A technical method used in social engineering to trick users into entering their username and passwords by adding an invisible string before the weblink they click

The prepended string (data:text) converts the link into a Data URI (or Data URL) that embeds small files inline of documents

Influence Operations/Influence Campaign

The collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent

Influence operations is the military term, but CompTIA uses the term influence campaign

Hybrid Warfare

A military strategy which employs political warfare and blends conventional warfare, irregular warfare and cyberwarfare with other influencing methods, such as fake news, diplomacy, and foreign electoral intervention

Clean Desk Policy

Policy where all employees must put away everything from their desk at the end of the day into locked drawers and cabinets

Pretexting

Lying to get info

Attacker is a character in a situation they create

Typosquatting

https://professormessor.com (instead of https://professormessEr.com)
Purposely misspells domains for malicious purposes