NDE Changed 112-51 Questions

The type of attack initiated by the organization as part of the security campaign discussed in the above scenario is phishing. Phishing is a form of fraud where cybercriminals use email, instant messaging, or other social media to try to gather information such as login credentials by masquerading as a reputable person or organization. Phishing occurs when a malicious party sends a fraudulent email disguised as being from an authorized, trusted source, and tries to persuade the recipient to click on a link, open an attachment, or provide personal information. The link or attachment may lead to a fake website or install malware on the recipient’s device, while the personal information may be used for identity theft, account takeover, or other malicious purposes. Phishing is one of the most common and effective cyberattacks, as it exploits the human factor and relies on social engineering techniques to manipulate the victim’s emotions, such as urgency, fear, orcuriosity. Phishing can be prevented or mitigated by educating the users on how to recognize and report phishing emails, using strong and unique passwords, enabling multi-factor authentication, and installing security software123. References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-30 to 3-31
• 20 types of phishing attacks + phishing examples - Norton, Norton, October 03, 2022
• Types of Email Attacks - GeeksforGeeks, GeeksforGeeks, May 30, 2023

A private cloud is a cloud deployment model that is exclusively used by a single organization and is hosted either on-premises or off-premises by a third-party provider. A private cloud offers the highest level of security and control over the data and resources, as the organization can customize the cloud infrastructure and services according to its needs and policies. A private cloud also ensures better performance and availability, as the organization does not share the cloud resources with other users. A private cloud is suitable for organizations that have sensitive or confidential data, strict compliance requirements, or high demand for scalability and flexibility. A private cloud can help Kelly secure the corporate data and retain full control over the data in the above scenario.References:

• Private Cloud- Week 6: Virtualization and Cloud Computing
• Private Cloud vs Public Cloud vs Hybrid Cloud
• Private Cloud Security: Challenges and Best Practices

A combination lock is a type of physical locking system that requires a sequence of numbers and letters to unlock. The user has to dial or enter the correct combination to open the lock. Combination locks are commonly used for securing luggage, safes, lockers, etc.In the scenario, Alice locked her zip-based document bag with a combination lock that requires a sequence of numbers and letters to unlock12.References:Network Defense Essentials - EC-Council Learning,Understanding the Various Types of Physical Security Controls

One of the most basic and important security guidelines for laptop users is to always log off or lock the system when unattended. This prevents unauthorized access to the system and the data stored on it by anyone who might have physical access to the laptop. Logging off or locking the system requires a password or other authentication method to resume the session, which adds a layer of protection to the laptop. Johana failed to comply with this security guideline, as she left the system active with the project file open and went for a coffee break, allowing Bob to access her system and modify the project file.References:

• Ten simple steps for keeping your laptop secure- Step 1: Require a password when logging in
• 6 Steps to Practice Strong Laptop Security- Step #1: Set complex passwords where it counts
• A Practical Guide to Securing Your Windows PC- Section: Lock your computer when you step away