As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1.Covering tracks
2.Scanning and enumeration
3.Maintaining Access
4.Reconnaissance
5.Gaining Access
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Your Corporate Information Security Policy should include which of the following?
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his
assessment, the consultant goes to the company’s building dressed like an electrician and waits in the lobby for
an employee to pass through the main access gate, then the consultant follows the employee behind to get into
the restricted area. Which type of attack did the consultant perform?
Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and
uses the special card in order to access the restricted area of the target company. Just as the employee opens
the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so
that he can enter. What is the best way to undermine the social engineering activity of tailgating?
The ability to demand the implementation and management of security controls on third parties providing services to an organization is
A large number of accounts in a hardened system were suddenly compromised to an external party. Which of
the following is the MOST probable threat actor involved in this incident?
PDF + Testing Engine |
---|
$66 |
Testing Engine |
---|
$50 |
PDF (Q&A) |
---|
$42 |
ECCouncil Free Exams |
---|
|