SYO-601 LATEST QUESTIONS AND VERIFIED ANSWERS
Phishing - CORRECT ANSWER✅✅✅fraudulent attempt to obtain sensitive information or data, by
disguising oneself as a trustworthy entity in an electronic communication.
Smishing - CORRECT ANSWER✅✅✅When someone tries to trick you into giving them your private
information via a text or SMS message.
Vishing - CORRECT ANSWER✅✅✅Using social engineering over the telephone system to gain access
to private personal and financial information for the purpose of financial reward
Spam - CORRECT ANSWER✅✅✅irrelevant or unsolicited messages sent to a large number of
Internet users, for illegitimate advertising, and other activities such as phishing, and spreading malware
SPIM - CORRECT ANSWER✅✅✅Spam delivered through instant messaging (IM) instead of through
e-mail messaging
Spear Phishing - CORRECT ANSWER✅✅✅the act of sending emails to specific and well-researched
targets while pretending to be a trusted sender
Dumpster Diving - CORRECT ANSWER✅✅✅exploration of a system's trash bin for the purpose of
finding details in order for a hacker to have a successful online assault.
Shoulder Surfing - CORRECT ANSWER✅✅✅When someone watches over your shoulder to nab
valuable information as you key it into an electronic device.
Pharming - CORRECT ANSWER✅✅✅cyberattack intended to redirect a website's traffic to another,
fake site.
Tailgating - CORRECT ANSWER✅✅✅Social engineering attempt by cyber threat actors in which they
trick employees into helping them gain unauthorized access into the company premises.
,Eliciting Information - CORRECT ANSWER✅✅✅Procedures or techniques involving interacting with
and communicating with others that is designed to gather knowledge or inform
Whaling - CORRECT ANSWER✅✅✅Spear phishing that focuses on one specific high level executive
or influencer
Prepending - CORRECT ANSWER✅✅✅Prepend is a word that means to attach content as a prefix.
For example, a prepend command could be used in a scripting language that a programmer would enter
into a certain function or code module. It would add certain characters of text to the beginning of some
variable or object.
Identity Fraud - CORRECT ANSWER✅✅✅identity fraud is the use of stolen information such as
making fake ID's and fake bank accounts
Invoice Scams - CORRECT ANSWER✅✅✅using fraudulent invoices to steal from a company
Credential Harvesting - CORRECT ANSWER✅✅✅the use of MITM attacks, DNS poisoning, phishing,
etc. to amass large numbers of credentials (username / password combinations) for reuse.
Reconnaissance - CORRECT ANSWER✅✅✅- Information gathering about a target network
Hoax - CORRECT ANSWER✅✅✅Cyber hoax scams are attacks that exploit unsuspecting users to
provide valuable information, such as login credentials or money.
Impersonation - CORRECT ANSWER✅✅✅typically involves an email that seems to come from a
trusted source.
Watering hole attack - CORRECT ANSWER✅✅✅security exploit in which the attacker seeks to
compromise a specific group of end users by infecting websites that members of the group are known to
visit. The goal is to infect a targeted user's computer and gain access to the network at the target's place
of employment.
,Typo squatting - CORRECT ANSWER✅✅✅type of cybersquatting used by imposters that involve
registering domains with intentionally misspelled names of popular web addresses to install malware on
the user's system
Pretexting - CORRECT ANSWER✅✅✅the practice of presenting oneself as someone else in order to
obtain private information.
Influence campaigns - CORRECT ANSWER✅✅✅
Hybrid warfare - CORRECT ANSWER✅✅✅- Combining conventional warfare with cyberwarfare
Social Media Campaign - CORRECT ANSWER✅✅✅Planned, coordinated marketing efforts using one
or more social media platforms.
Principles: - CORRECT ANSWER✅✅✅Authority: an attacker may try to appear to have a certain level
authority.
Intimidation: may try to make the victim think that something terrible is going to happen if they don't
comply with the attacker's wishes.
Consensus: An attacker may try to sway the mind of a victim using names they are familiar with, saying
that such ones provided them information (they are fishing for) in the past and you should be able to do
the same.
Scarcity: An attacker may try to set a time limit on a victim so that they can comply with their wishes by
a certain deadline.
Familiarity: they make you familiar with them on the phone and make you want to do things for them.
Trust: The attacker in this case can claim to be a friend or close associate of someone you may know
very well and that's trusted.
Urgency: When attackers want you to act and not think, they want you to do what they want as quickly
as possible so that there's no time to spot all the red flags.
Malware - CORRECT ANSWER✅✅✅a program or file designed to be disruptive, invasive and harmful
to your computer.
, Ransomware - CORRECT ANSWER✅✅✅Software that encrypts programs and data until a ransom is
paid to remove it.
Worms - CORRECT ANSWER✅✅✅Independent computer programs that copy themselves from one
computer to other computers over a network
potentially unwanted program (PUP) - CORRECT ANSWER✅✅✅program that installs itself on a
computer, typically without the user's informed consent
Fileless virus - CORRECT ANSWER✅✅✅Software that uses legitimate programs to infect a computer.
It does not rely on files and leaves no footprint, making it challenging to detect and remove.
command and control - CORRECT ANSWER✅✅✅A computer controlled by an attacker or
cybercriminal which is used to send commands to systems compromised by malware and receive stolen
data from a target network
Bots - CORRECT ANSWER✅✅✅self-propagating malware that infects its host and connects back to a
central server(s).
Cryptomalware - CORRECT ANSWER✅✅✅Malware to remain in place for as long as possible, quietly
mining in the background.
logic bomb - CORRECT ANSWER✅✅✅A computer program or part of a program that lies dormant
until it is triggered by a specific logical event.
Spyware - CORRECT ANSWER✅✅✅Type of malware that infects your PC or mobile device and
gathers information about you, including the sites you visit, the things you download, your usernames
and passwords, payment information, and the emails you send and receive.
Keyloggers - CORRECT ANSWER✅✅✅software that tracks or logs the keys struck on your keyboard,
typically in a covert manner so that you don't know that your actions are being monitored.
Phishing - CORRECT ANSWER✅✅✅fraudulent attempt to obtain sensitive information or data, by
disguising oneself as a trustworthy entity in an electronic communication.
Smishing - CORRECT ANSWER✅✅✅When someone tries to trick you into giving them your private
information via a text or SMS message.
Vishing - CORRECT ANSWER✅✅✅Using social engineering over the telephone system to gain access
to private personal and financial information for the purpose of financial reward
Spam - CORRECT ANSWER✅✅✅irrelevant or unsolicited messages sent to a large number of
Internet users, for illegitimate advertising, and other activities such as phishing, and spreading malware
SPIM - CORRECT ANSWER✅✅✅Spam delivered through instant messaging (IM) instead of through
e-mail messaging
Spear Phishing - CORRECT ANSWER✅✅✅the act of sending emails to specific and well-researched
targets while pretending to be a trusted sender
Dumpster Diving - CORRECT ANSWER✅✅✅exploration of a system's trash bin for the purpose of
finding details in order for a hacker to have a successful online assault.
Shoulder Surfing - CORRECT ANSWER✅✅✅When someone watches over your shoulder to nab
valuable information as you key it into an electronic device.
Pharming - CORRECT ANSWER✅✅✅cyberattack intended to redirect a website's traffic to another,
fake site.
Tailgating - CORRECT ANSWER✅✅✅Social engineering attempt by cyber threat actors in which they
trick employees into helping them gain unauthorized access into the company premises.
,Eliciting Information - CORRECT ANSWER✅✅✅Procedures or techniques involving interacting with
and communicating with others that is designed to gather knowledge or inform
Whaling - CORRECT ANSWER✅✅✅Spear phishing that focuses on one specific high level executive
or influencer
Prepending - CORRECT ANSWER✅✅✅Prepend is a word that means to attach content as a prefix.
For example, a prepend command could be used in a scripting language that a programmer would enter
into a certain function or code module. It would add certain characters of text to the beginning of some
variable or object.
Identity Fraud - CORRECT ANSWER✅✅✅identity fraud is the use of stolen information such as
making fake ID's and fake bank accounts
Invoice Scams - CORRECT ANSWER✅✅✅using fraudulent invoices to steal from a company
Credential Harvesting - CORRECT ANSWER✅✅✅the use of MITM attacks, DNS poisoning, phishing,
etc. to amass large numbers of credentials (username / password combinations) for reuse.
Reconnaissance - CORRECT ANSWER✅✅✅- Information gathering about a target network
Hoax - CORRECT ANSWER✅✅✅Cyber hoax scams are attacks that exploit unsuspecting users to
provide valuable information, such as login credentials or money.
Impersonation - CORRECT ANSWER✅✅✅typically involves an email that seems to come from a
trusted source.
Watering hole attack - CORRECT ANSWER✅✅✅security exploit in which the attacker seeks to
compromise a specific group of end users by infecting websites that members of the group are known to
visit. The goal is to infect a targeted user's computer and gain access to the network at the target's place
of employment.
,Typo squatting - CORRECT ANSWER✅✅✅type of cybersquatting used by imposters that involve
registering domains with intentionally misspelled names of popular web addresses to install malware on
the user's system
Pretexting - CORRECT ANSWER✅✅✅the practice of presenting oneself as someone else in order to
obtain private information.
Influence campaigns - CORRECT ANSWER✅✅✅
Hybrid warfare - CORRECT ANSWER✅✅✅- Combining conventional warfare with cyberwarfare
Social Media Campaign - CORRECT ANSWER✅✅✅Planned, coordinated marketing efforts using one
or more social media platforms.
Principles: - CORRECT ANSWER✅✅✅Authority: an attacker may try to appear to have a certain level
authority.
Intimidation: may try to make the victim think that something terrible is going to happen if they don't
comply with the attacker's wishes.
Consensus: An attacker may try to sway the mind of a victim using names they are familiar with, saying
that such ones provided them information (they are fishing for) in the past and you should be able to do
the same.
Scarcity: An attacker may try to set a time limit on a victim so that they can comply with their wishes by
a certain deadline.
Familiarity: they make you familiar with them on the phone and make you want to do things for them.
Trust: The attacker in this case can claim to be a friend or close associate of someone you may know
very well and that's trusted.
Urgency: When attackers want you to act and not think, they want you to do what they want as quickly
as possible so that there's no time to spot all the red flags.
Malware - CORRECT ANSWER✅✅✅a program or file designed to be disruptive, invasive and harmful
to your computer.
, Ransomware - CORRECT ANSWER✅✅✅Software that encrypts programs and data until a ransom is
paid to remove it.
Worms - CORRECT ANSWER✅✅✅Independent computer programs that copy themselves from one
computer to other computers over a network
potentially unwanted program (PUP) - CORRECT ANSWER✅✅✅program that installs itself on a
computer, typically without the user's informed consent
Fileless virus - CORRECT ANSWER✅✅✅Software that uses legitimate programs to infect a computer.
It does not rely on files and leaves no footprint, making it challenging to detect and remove.
command and control - CORRECT ANSWER✅✅✅A computer controlled by an attacker or
cybercriminal which is used to send commands to systems compromised by malware and receive stolen
data from a target network
Bots - CORRECT ANSWER✅✅✅self-propagating malware that infects its host and connects back to a
central server(s).
Cryptomalware - CORRECT ANSWER✅✅✅Malware to remain in place for as long as possible, quietly
mining in the background.
logic bomb - CORRECT ANSWER✅✅✅A computer program or part of a program that lies dormant
until it is triggered by a specific logical event.
Spyware - CORRECT ANSWER✅✅✅Type of malware that infects your PC or mobile device and
gathers information about you, including the sites you visit, the things you download, your usernames
and passwords, payment information, and the emails you send and receive.
Keyloggers - CORRECT ANSWER✅✅✅software that tracks or logs the keys struck on your keyboard,
typically in a covert manner so that you don't know that your actions are being monitored.
