An employee receives an email from an address that looks like the CEO's, instructing them to process an urgent wire transfer to a new vendor. The email stresses that the deal is confidential and should not be discussed with anyone. Which aspect of this attack is designed to prevent the employee from verifying the request?
An attacker, posing as a job applicant, engages a company's hiring manager in a lengthy conversation. During the chat, the attacker casually asks about the company's internal communication software and the typical format for employee email addresses. This is an example of which social engineering technique?
A user clicks a link in a phishing email and is taken to a credential harvesting site. After entering their username and password, the site redirects them to the legitimate company portal. What is the most likely reason for this redirection?
An attacker sends a text message to a user that says, 'Your account has been flagged for suspicious activity. You must log in within 15 minutes at [malicious link] to secure your account.' Which two psychological principles are being combined in this attack?
After an employee's credentials are stolen in a social engineering attack, the adversary gains access to their corporate account. Which of the following represents the most significant potential impact for the organization?
A user receives a direct message on social media from a friend's account stating, 'I can't believe this video of you!' followed by a link. The user clicks the link, which leads to a fake login page. What social engineering tactic is being used to entice the user to click?
Which of the following scenarios describes a physical social engineering attack rather than a digital one?
An email sent to an employee contains the line, 'As per the new federal regulations, all employees must complete this mandatory security training by 5 PM today.' This statement primarily leverages which principle of influence?
A system's authentication log shows 15 failed login attempts for the user 'j.doe' from IP address 198.51.100.10, followed by 15 failed login attempts for 'a.smith' from the same IP, and then 15 failed attempts for 'k.lee' from the same IP. This pattern is most characteristic of which attack?
An organization implements a policy that locks a user's account for 30 minutes after five incorrect password attempts. What is the primary purpose of this security control?
A user is prompted to provide a password and a one-time code from a mobile app to access their email. This process demonstrates the use of which security measure?
An adversary has obtained a file containing salted password hashes from a compromised server. Which of the following attack methods would be rendered ineffective by the use of salts?
Which of the following passwords offers the best defense against a dictionary attack?
A security analyst observes a successful login to a critical server at 2:00 AM from an IP address originating in a country where the company has no employees. The associated user account belongs to an employee who works a 9-to-5 schedule locally. This observation is a strong indicator of:
What is a primary difference between an online password attack and an offline password attack?
A company's password policy requires a minimum length of 14 characters. The primary security benefit of increasing password length is that it:
A user in an airport connects to a Wi-Fi network named 'AIRPORT_FREE_WIFI' without a password. The legitimate network is named 'Airport WiFi' and requires agreeing to a terms of service page. The user's traffic is now being intercepted. This scenario describes which type of attack?
Which of the following is the most effective measure an individual can take to ensure the confidentiality of their data while using a public Wi-Fi network?
An adversary discovers a new, unpatched vulnerability in a popular brand of wireless router. They develop a tool to exploit this vulnerability and gain control of the devices. This adversary is best classified as:
A denial-of-service (DoS) attack that uses a powerful radio signal to disrupt communication on a wireless network is known as what?
An attacker sits in a coffee shop and uses software to capture all unencrypted data packets being transmitted over the public Wi-Fi. The attacker is looking for usernames and passwords. This passive attack is known as:
A user is connected to a hotel's public Wi-Fi. When they browse to their banking website, the browser shows 'https://' in the address bar. What does this indicate?
An adversary drives around a business district with specialized equipment to detect and log information about wireless networks, such as their SSIDs, security protocols, and signal strength. This reconnaissance activity is called:
A low-skilled adversary successfully executes an evil twin attack at a local library using a pre-made software toolkit. What is the most likely motivation for this type of adversary?
An executive receives a phone call from someone whose voice is identical to their company's CEO, authorizing a large, unusual payment. This highly convincing impersonation was most likely enabled by which AI technology?
A security team notices a surge in phishing emails that are perfectly written, contextually relevant to their industry, and use persuasive language that bypasses traditional spam filters. This improvement in phishing quality is a direct result of adversaries using:
To protect against a potential AI-powered voice impersonation scam during a high-stakes phone call, what is the most effective verification method?
An adversary uses an AI tool to rapidly scan public records, social media, and company websites to build a detailed profile of a target employee for a spear-phishing attack. This use of AI primarily enhances which phase of an attack?
A user inputs proprietary company data into a public generative AI tool to help write a report. What is the primary security risk associated with this action?
An attacker manipulates public data sources that an LLM is known to use for training, seeding them with misinformation. The attacker's goal is to make the future version of the LLM produce biased or incorrect answers. This technique is known as:
Which of the following is a necessary security practice when using AI-powered tools?
An adversary uses an AI-powered coding assistant to identify subtle security flaws in a complex software application and generate exploit code. How does this augment the adversary's capabilities?
A security operations center (SOC) is inundated with thousands of alerts per hour from various security tools. How can an AI-powered system most effectively assist the human analysts?
An AI-powered security tool analyzes an organization's cloud configuration and identifies a publicly accessible storage bucket containing sensitive data. The tool then recommends specific changes to the access control policy. This is an example of AI being used for:
A developer uses an AI tool to review their application's code. The AI flags a section of code as vulnerable to SQL injection and suggests a corrected version. What is the most critical next step?
An AI-based intrusion detection system is trained on a baseline of normal network activity. It then flags any significant deviation from this baseline as a potential threat. This method is known as:
An organization sets the alert threshold on its AI threat detection system very high, requiring a 99% certainty before flagging an event as malicious. What is the most likely risk of this configuration?
An AI-powered tool is programmed to automatically isolate a device from the network if it detects behavior consistent with a ransomware infection. This capability is an example of:
What is a significant advantage of using AI for threat detection compared to traditional, signature-based methods?
A security team is using an AI tool to analyze firewall logs. The tool's primary function in this context is to: