Which of the following scenarios describes a possible business email compromise attack?
Which of the following scenarios describes a possible business email compromise attack?
A Business Email Compromise (BEC) attack involves an attacker impersonating a trusted individual within an organization or compromising a legitimate business email account to deceive employees into taking actions that compromise security. Given this, the scenario where a service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account best fits this description. This is because the attacker is impersonating a high-level authority to gain sensitive information, which is a common tactic in BEC attacks.
A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?
A jump server is a system specifically configured to access and manage devices in separate security zones, such as network segments with database servers. It acts as an intermediary, allowing database administrators to securely access database servers without having direct access from their workstations, maintaining a higher level of security and network segmentation.
An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?
To protect against attacks such as buffer overflows on an internet-facing website, the organization should deploy a Web Application Firewall (WAF). WAFs are specifically designed to filter, monitor, and block HTTP traffic to and from a web application, thus protecting against various web application attacks like buffer overflows, SQL injection, and cross-site scripting.
An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?
To prevent unauthorized logins from suspicious IP addresses and enhance the security of user accounts, the administrator should implement multifactor authentication. Multifactor authentication (MFA) requires users to provide two or more verification factors to gain access, such as a password and a code from a mobile device or a fingerprint. This additional layer of security significantly reduces the likelihood of unauthorized access, even if an attacker has the user's password.
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)
When an employee receives a text message that appears to be from the payroll department asking for credential verification, the social engineering techniques being attempted are Phishing and Smishing. Phishing is a broader category that involves tricking individuals into revealing sensitive information by pretending to be a trustworthy entity. This can be done via email, websites, or messages. Smishing, on the other hand, is a more specific technique that involves sending fraudulent text messages (SMS) to extract credentials or personal information. The scenario described fits under both Phishing and Smishing as it involves sending a text message with the intent to deceive and obtain credentials.