Cyber-Security: Foot Printing and Social Engineering
This flashcard set explores basic reconnaissance techniques, including how attackers gather system and company information, the role of DNS in domain name resolution, and physical intrusion tactics like piggybacking.
Which of the following contains host records for a domain?
DNS
Key Terms
Which of the following contains host records for a domain?
DNS
Which of the following is one method of gathering information about the operating systems a company is using?
Search the Web for e-mail addresses of IT emloyees.
Entering a company’s restricted area by following closely behind an authorized person is referred to as which of the following?
Piggybacking
Which of the following is a fast and easy way to gather information about a company?
View the company’s WebSite
Look for company ads in phone directories
What’s the first method a security tester should attempt to find a password for a computer on the network?
Ask the user
Wget is a*nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the internet
True
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Which of the following contains host records for a domain? | DNS |
Which of the following is one method of gathering information about the operating systems a company is using? | Search the Web for e-mail addresses of IT emloyees. |
Entering a company’s restricted area by following closely behind an authorized person is referred to as which of the following? | Piggybacking |
Which of the following is a fast and easy way to gather information about a company? | View the company’s WebSite Look for company ads in phone directories |
What’s the first method a security tester should attempt to find a password for a computer on the network? | Ask the user |
Wget is a*nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the internet | True |
Which utility can extract meta-data and documents on a website to reveal the document creator’s network login, e-mail address, IP address, and other important information? | FOCA |
What’s one way to gather information about a domain? | View the header of an e-mail you send to an e-mail account that doesn’t exist |
When conducting competitive intelligence, which of the following is a good way to determine the size of a company’s IT support staff? | Review job posting on Web sites such as www.monster.com and www.dice.com |
What tool can be used to read and write data to ports over a network? | Netcat |
A cookie can store information about a Web site’s visitors. True of False? | True |
To see additional parameters that can be used with the Netcat command, what should you type at the command prompt? | nc -h |
Shoulder Surfers can use their skills to find which of the following pieces of information? | ATM PINs |
When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed? | Spear Phishing |
Network attacks can often begin by gathering information from a company’s Web site. | True |
What 1-pixel x 1-pixel image file is referened in an tag, and usually works with a cookie to collect information about the person visiting the Website? | Web Bug |
Namedroppers is a tool that can be used to capture Web serer information and vulnerabilites in a Web site’s pages that could allow exploits such as SQL injection and buffer overflows/ | False |
Which tools can be used to gather competitive intelligence from Websites? | Metis |
What are of a network is major area of potential vulnerability because of the use of URLs? | DNS |
What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance? | Piggybacking |
What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance? | Piggybacking |
Before conducting a security test by using social-engineering tactics, what should you do? | Get witten permission from the person who hired you to conduct the security test |
Which utility is being used to gather IP and domain information? | Whois |
Walking is an automated way to discover pages of a Website by following links | False |
Many social engineers begin gathering the information they need by using which of the following ? | The telephone |
Which of the following tools can assist you in finding general information about an organization and its employees? | Https://groups.google.com | www.google.com |
Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered? | Shoulder Surfing |
What social engineering tactic can be utilized to accquire old notes that may contain written passwords or other items that document important information? | Dumspter Driving |
What utility can be used to intercept detailed information from a company's Web site? | Zed Attack Proxy |
What HTTP method is the same as the GET method, but retrieves only the header information of an HTMP document, not the document body? | Head |