CompTIA Security+ Certification Exam
1. What is Data at-Rest
Is an IT term referring to inactive data which is stored physically in any digital form (e.g. databases, data warehouses, spreadsheets, archives, tapes, off-site backups, mobile devices etc.).
2. What is Data in-Motion?
DLP systems, which are software or hardware tools that monitor network traffic in order to detect sensitive data that is being sent in violation of information security policies.
3. What is a SCADA?
Is a type of industrial control system. Industrial control systems are computer controlled systems that monitor and control industrial processes that exist in the physical world. (Wide Area)
4. What is Infrastructure as a Service?
Infrastructure as a Service (IaaS) Infrastructure as a service (IaaS) is a standardized, highly automated offering, where compute resources, complemented by storage and networking capabilities are owned and hosted by a service provider and offered to customers on-demand.
5. What is Software as a Service?
A software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet.
6. What are Public Clouds?
A public cloud is a set of computers and computer network resources based on the standard cloud computing model, in which a service provider makes resources, such as applications and storage, available to the general public over the Internet.
What are Private Clouds?
is a dedicated server that the customer uses exclusively. The platform and applications, however, are still maintained by the cloud provider.
What are Hybrid Clouds?
is a cloud computing environment in which an organization provides and manages some resources in-house and has others provided externally. For example, an organization might use a public cloud service, such as Amazon Simple Storage Service (Amazon S3) for archived data but continue to maintain in-house storage for operational customer data.
7. What is Cloud Based Storage?
Cloud storage is a model of networked enterprise storage where data is stored in virtualized pools of storage which are generally hosted by third parties.
8. What is a Acceptable User Policy? (AUP)
Acceptable Use Policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager of a network, website or large computer system that restrict the ways in which the network, website or system may be used.
9. What is a Privacy Policy?
Is a statement or a legal document (privacy law) that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client's data.
10. What is a Security Policy?
Is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls. For systems, the security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including programs and access to data by people.
11. What is a Human Resource Policy?
Are systems of codified decisions, established by an organization, to support administrative personnel functions, performance management, employee relations and resource planning[1] . Each company has a different set of circumstances, and so develops an individual set of human resource policies.
12. What is Spear Phishing?
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.
13. What is a Digital Signature?
A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it.
14. What is a Digital Certificate?
A digital certificate is an electronic "passport" that allows a person, computer or organization to exchange information securely over the Internet using the public key infrastructure (PKI). A digital certificate may also be referred to as a public key certificate.
15. What is a Incident Handling Response? [PDF]
A. Reconstruction
B. Plan of Action
C. Reconstruction
D. Lesson Learned
16. What is LDAP?
Is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
17. What is Kerberos?
Is a computer network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client–server model and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.
18. What is a Unified Threat Managment (UTM)?
Is a comprehensive solution that has recently emerged in the network security industry, and since 2004 it has gained widespread currency as a primary network gateway defense solution for organizations.[1] In theory, UTM is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single appliance: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting.
19. What is a Access Control List (ACL)?
Is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects.[1] Each entry in a typical ACL specifies a subject and an operation. For instance, if a file has an ACL that contains (Alice, delete), this would give Alice permission to delete the file.
20. What is an Eye Witness in Security?
Is someone who has, who claims to have, or is thought, by someone with authority to compel testimony, to have knowledge relevant to an event or other matter of interest. In law a witness is someone who, either voluntarily or under compulsion, provides testimonial evidence, either oral or written, of what he or she knows or claims to know about the matter before some official authorized to take such testimony.
21. What is Chain of Custody in Security?
In legal contexts, refers to the chronological documentation or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence.
22. What is Expert Witness in Security?
A person who is permitted to testify at a trial because of special knowledge or proficiency in a particular field that is relevant to the case.
23. What is Data Analysis in Security?
Analysis of data is a process of inspecting, cleaning, transforming, and modeling data with the goal of discovering useful information, suggesting conclusions, and supporting decision making.
24. What is Application Whitelisting?
Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications, and, to a lesser extent, to prevent unnecessary demand for resources.
25. What is Remote Wiping in Security?
When a device is lost or stolen to erase all data on the device and to do a factory reset for the device. All data is erased from the device (and SD card, if applicable), including email, calendar, contacts, photos, music, and a user's personal files.
26. What is an Acceptable Use Policy in Security (AUP) ?
This has already been answered please see no. 8 of this doc.
27. What is Mobile Device Management in Security (MDM) ?
Mobile device management (MDM) is a type of security software used by an IT department to monitor, manage and secure employee's mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization.
28. What is Role-Based Management in Security?
The theory is that instead of putting your users into groups, you put them into roles, which correspond to their actual job titles. Magically, their role memberships get them access to all the files, folders, databases, mailboxes and whatnot that they need.
29. What is TKIP-based Encryption?
Was a stopgap security protocol used in the IEEE 802.11 wireless networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an interim solution to replace WEP without requiring the replacement of legacy hardware. This was necessary because the breaking of WEP had left WiFi networks without viable link-layer security, and a solution was required for already deployed hardware. TKIP is no longer considered secure and was deprecated in the 2012 revision of the 802.11 standard.[1]
30. What is CCMP-based Encryption?
Counter Mode Cipher Block Chaining Message Authentication Code Protocol, Counter Mode CBC-MAC Protocol or simply CCMP (CCM mode Protocol) is an encryption protocol designed for Wireless LAN products that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard.[1] It was created to address the vulnerabilities presented by WEP, a dated, insecure protocol.[1]
31. What is a SAN?
A storage area network (SAN) is a dedicated network that provides access to consolidated, block level data storage. SANs are primarily used to enhance storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear like locally attached devices to the operating system. A SAN typically has its own network of storage devices that are generally not accessible through the local area network by other devices.
32. What is CHAP?
In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet service provider. CHAP is specified in RFC 1994. CHAP provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network. The MS-CHAP variant does not require either peer to know the plaintext, but has been broken.[1] Thus, CHAP provides better security as compared to Password Authentication Protocol (PAP).
33. What is Security Assertion Markup Language (SAML)?
Security Assertion Markup Language (SAML, pronounced "sam-el"[1]) is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. The single most important requirement that SAML addresses is web browser single sign-on (SSO). Single sign-on solutions are common at the intranet level (using cookies, for example) but extending these solutions beyond the intranet has been problematic and has led to the proliferation of non-interoperable proprietary technologies. (Another more recent approach to addressing the browser SSO problem is the OpenID protocol.)
34. What is Kerberos?
This has already been answered please see no. 17 of this doc.
35. What is Diameter?
Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from and replaces the much less capable RADIUS protocol that preceded it.
36. What is Encrypted TCP Wrappers?
Is a freely available IP packet filtering facility written by Wieste Venema. It provides for greater and more specific control over local network services and which hosts are allowed to access them. It also makes use of the standard syslog facility to track local network use. Although it was written many years ago and has not changed much over time, TCP Wrappers remains useful because it can be configured quickly and easily, and it adds an additional layer of protection even when used in conjunction with more robust packet filters (like iptables).
37. What is Firmware Version Control?
The task of keeping a software system consisting of many versions and configurations well organized.
38. What is an Anomaly based IDS?
An Anomaly-Based Intrusion Detection System, is a system for detecting computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous. The classification is based on heuristics or rules, rather than patterns or signatures, and attempts to detect any type of misuse that falls out of normal system operation. This is as opposed to signature based systems which can only detect attacks for which a signature has previously been created.
39. What is a Signature Based IDS?
Signature-based IDS monitors packets in the network, and compares them with pre-configured and pre-determined attack patterns, known as signatures.
40. What are Role Based Access Controls?
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create, or modify a file. Roles are defined according to job competency, authority, and responsibility within the enterprise.
41. What are Mandatory Access Controls?
In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place.
42. What are Discretionary Access Controls?
In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria[1] "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)".
43. What is a Security Manager?
A security manager is an employee at a company responsible for security and safety at the company. This can take a number of different forms, though typically the manager will be responsible for physical, real world security or digital security. The security manager at a company, especially a small company, may be responsible for both forms of security as well as other tasks that are also applicable.
44. What is a Security Administrator?
The person charged with monitoring and implementing security controls and procedures for a system. Whereas each university will have one Information Security Officer, technical management may designate a number of security administrators.
45. What are Routine Audits?
An information security audit occurs when a technology team conducts an organizational review to ensure that the correct and most up-to-date processes and infrastructure are being applied. An audit also includes a series of tests that guarantee that information security meets all expectations and requirements within an organization. During this process, employees are interviewed regarding security roles and other relevant details.
46. What is Chain of Custody in Security?
This has already been answered please see no. 21 of this doc.
47. What is a System Image?
In computing, a system image is a copy of the entire state of a computer system stored in some non-volatile form such as a file. A system is said to be capable of using system images if it can be shut down and later restored to exactly the same state.
48. What are Take Hashes?
Is a hash function that takes an arbitrary block of data and returns a fixed-size bit string, the cryptographic hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value.
49. What is Order of Volatility?
When collecting data for a computer forensic investigation you want to collect the most volatile data first as it will be lost the quickest. The order of volatility shows which data will be lost first.
Order of Volatility
Memory contents
Swap files
Network processes
System processes
File system information
Raw disk blocks
Memory contents, swap files, network processes, and system processes will all be lost when the suspect system is shut down.
50. What is a Computer Emergency Response Team? (CERT)
Is an organization that receives reports of security breaches, conducts analyses of the reports and responds to the senders. A CSIRT may be an established group or an ad hoc assembly.
51. What are Internal Operating Procedures in Security?
Are set of written procedures that operate internally in a business.
52. What are Standard Operating Procedures in Security?
Every Security Business must operate within the guidelines of their Standard Operating Procedures and General Orders. eg: rules/regs, harassment, illegal drugs, smoking, etc...
53. What is Hashing in Security?
A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.
54. What is a Key Escrow in Security?
Key escrow (also known as a “fair” cryptosystem) is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third parties may include businesses, who may want access to employees' private communications, or governments, who may wish to be able to view the contents of encrypted communications.
54. What is Non-Repudiation in Security?
A service that provides proof of the integrity and origin of data. Non-repudiation refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract. The term is often seen in a legal setting wherein the authenticity of a signature is being challenged. In such an instance, the authenticity is being "repudiated".
55. What is Steganography?
Is the art and science of encoding hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message. Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. For example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.
56. What is a Packet Filter Firewall?
A firewall that forwards or blocks packets based on the information in the network-layer and transport-layer headers.
57. What is a Stateful Firewall?
In computing, a stateful firewall is a firewall that keeps track of the state of network connections traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections.
58. What is a Proxy Firewall?
A firewall that filters a message based on the information available in the message itself (at the application layer).
59. What is an Application Firewall?
An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall.
60. What is an Information Assurance Officer?
An Information Assurance Security Officer (IASO) in the United States Army is primarily responsible for the security and integrity of the information systems in his or her area of responsibility.
61. What are Environmental Control Measures in Security?
Unauthorized physical access, loss, damage or interference to the organization's premises and infrastructure, or interruptions to its critical operations, should be prevented using physical and environmental controls appropriate to the identified risks and the value of the assets protected.
62. What is TPM in Security?
The Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor. The TPM technical specification was written by a computer industry consortium called the Trusted Computing Group (TCG). The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standardized the specification as ISO/IEC 11889 in 2009.[1]
63. What is 802.1x in Security?
IEEE 802.1X is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. 802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server.
64. What are Flood Guards in Security?
Network floods can cause outages and affect the security of our enterprise networks. In this video, you'll learn how to use flood guards to prevent DoS, SYN floods, ping floods, and more.
65. What are Man Traps in Security?
A mantrap is a small room with an entry door on one wall and an exit door on the opposite wall. One door of a mantrap cannot be unlocked and opened until the opposite door has been closed and locked.
66. What are Proximity Cards in Security?
Is a smart card which can be read without inserting it into a reader device, as required by earlier magnetic stripe cards such as credit cards.[2] To use, the proximity card is held near an electronic reader unit for a moment. The reader usually produces a beep or other sound to indicate the card has been read.
67. What are Biometrics Authentication in Security?
Biometrics (or biometric authentication)[note 1] refers to the identification of humans by their characteristics or traits. Biometrics is used in computer science as a form of identification and access control.[1] It is also used to identify individuals in groups that are under surveillance.
68. What is a SaaS site in Security?
This has already been answered please see no. 5 of this doc.
69. What is a Cold site in Security?
A cold site is a similar type of disaster recovery service that provides office space, but the customer provides and installs all the equipment needed to continue operations. A cold site is less expensive, but it takes longer to get an enterprise in full operation after the disaster
70. What is a Warm site in Security?
Typically contains the data links and pre-configured equipment necessary to rapidly start operations, but does not contain live data. Thus commencing operations at a warm site will (at a minimum) require the restoration of current data.
71. What is a Hot site in Security?
A hot site is a commercial disaster recovery service that allows a business to continue computer and network operations in the event of a computer or equipment disaster. For example, if an enterprise's data center becomes inoperable, that enterprise can move all data processing operations to a hot site. A hot site has all the equipment needed for the enterprise to continue operation, including office space and furniture, telephone jacks and computer equipment.
72. What is Hardening in Security?
In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability. A system has a larger vulnerability surface the more functions it fulfills; in principle a single-function system is more secure than a multipurpose one. Reducing available vectors of attack typically includes the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.
73. What is Fuzzing in Security? [link]
Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash. If a vulnerability is found, a tool called a fuzz tester (or fuzzer), indicates potential causes.
74. What is Non Repudiation in Security?
This has already been answered please see no. 54 of this doc.
75. What is a MOU in Security?
A memorandum of understanding is a document describing a bilateral or multilateral agreement between two or more parties. It expresses a convergence of will between the parties, indicating an intended common line of action.
76. What is a Data Loss Prevention (DLP) in Security? [link]
Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside of the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.
77. What is Fuzzy Hashes in Security? [link]
Library for calculating context triggered piecewise hashes (CTPH) also called fuzzy hashes. Fuzzy hashes can be used to match data that have similarities, such as two sets of data with sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.
78. What is HMAC in Security?
In cryptography, a keyed-hash message authentication code is a specific construction for calculating a message authentication code involving a cryptographic hash function in combination with a secret cryptographic key.
79. What is SHA-512 in Security?
SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256) designed by the U.S. National Security Agency (NSA) SHA-256 and SHA-512 are novel hash functions computed with 32 and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds.
80. What is TwoFish in Security?
Is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but it was not selected for standardization. Twofish is related to the earlier block cipher Blowfish.
81. What is PGP in Security?
Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet. PGP uses a variation of the public key system. In this system, each user has a publicly known encryption key and a private key known only to that user. You encrypt a message you send to someone else using their public key. When they receive it, they decrypt it using their private key. Since encrypting an entire message can be time-consuming, PGP uses a faster encryption algorithm to encrypt the message and then uses the public key to encrypt the shorter key that was used to encrypt the entire message. Both the encrypted message and the short key are sent to the receiver who first uses the receiver's private key to decrypt the short key and then uses that key to decrypt the message.
82. What is Asymmetric Encryption in Security?
Cryptography in which a pair of keys is used to encrypt and decrypt a message. The sender of the message encrypts the message with the recipient’s public key. The recipient then decrypts the message with his/her private key.
83. What is a Certificate Authority (CA) ?
A trusted third party whose purpose is to sign certificates for network entities it has authenticated using secure means. Other network entities can check the signature to verify that a CA has authenticated the bearer of a certificate.
84. What is Xmas in Security?
In information technology, a Christmas tree packet is a packet with every single option set for whatever protocol is in use. The term derives from a fanciful image of each little option bit in a header being represented by a different-colored light bulb, all turned on, as in, "the packet was lit up like a Christmas tree." It can also be known as a kamikaze packet, nastygram or a lamp test segment.
85. What is DoS in Security?
In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
86. What is a XSS in Security?
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.
87. What is a Buffer Overflow?
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety.
88. What is Blue Snarfing?
Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails and text messages, and on some phone users can copy pictures and private videos.
88. What is Trusted Platform Module (TPM)?
The Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a random number generator.[4][5] It also includes capabilities such as remote attestation and sealed storage, as follows: Remote attestation, Binding, and Sealing.
89. What is a Certificate Revocation List (CRL)?
Certificate Revocation List (CRL) is one of two common methods when using a public key infrastructure for maintaining access to servers in a network. The other, newer method, which has superseded CRL in some cases, is Online Certificate Status Protocol (OCSP).
90. What is XSRF?
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
91. What is Stream Cipher?
A stream cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time. This method is not much used in modern cryptography. The main alternative method is the block cipher in which a key and algorithm are applied to blocks of data rather than individual bits in a stream.
92. What are Bollards in Security?
93. What is NDP in Security?
94. What is NCP in Security?
95. What is MTBF?
96. What is Vishing?
Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing. Voice phishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations known to the telephone company, and associated with a bill-payer. Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.
Spear Pushing
Attacker gains confidential company -> targeted ceo & board members
hoax
Attacker posts link to fake AV software -> Multiple social networks -> broad set of victims
Vishing
Attacker collecting credit card details -> Phone based victims
Phone calls to individual stating an IT issue
Phishing
Attacker mass mails product info to parties -> broad set of recipients
Email sent to multiple users to a link to verify credentials .
Pharming
Attacker redirects name resolution entries from legimate site to fraudulent site -> forward fraudulent Site, block legitimate site
SPIM
on social media site & IM pops up from a friend
Social engineering
A friend/colleague ask you questions of a personal nature
Whaling
Phone calls made to CEO asking various data
Source: https://docs.google.com/document/d/1ZIcE7WM_Je6k5c19e7asaghfC9FYsgCXD2JXD7BIo-E/edit