3.1.11 Practice Questions Flashcards
Social engineers are master manipulators. Which of the following are tactics they might use?
answer
Eavesdropping, ignorance, and threatening
Keylogging, shoulder surfing, and moral obligation
Shoulder surfing, eavesdropping, and keylogging
Moral obligation, ignorance, and threatening
Moral obligation, ignorance, and threatening
Explanation
Social engineers are master manipulators. Some of the most popular tactics they use are moral obligation, innate human trust, threatening, an easy reward
Which of the following best describes a script kiddie?
answer
A hacker who uses scripts written by much more talented individuals.
A hacker willing to take more risks because the payoff is a lot higher.
A hacker who helps companies see the vulnerabilities in their security.
A hacker whose main purpose is to draw attention to their political views.
A hacker who uses scripts written by much more talented individuals.
Explanation
A script kiddie is a hacker who uses scripts written by much more talented individuals.
Any attack involving human interaction of some kind is referred to as:
answer
Attacker manipulation
A white hat hacker
Social engineering
An opportunistic attack
Social engineering
Explanation
Social engineering refers to any attack involving human interaction of some kind.
Using a fictitious scenario to persuade someone to perform an action or give information they aren’t authorized to share is called:
answer
Pretexting
Preloading
Footprinting
Impersonation
Pretexting
Explanation
Pretexting is using a fictitious scenario to persuade someone to perform an action or give information they aren’t authorized to share.
Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?
answer
Elicitation phase
Research phase
Exploitation phase
Development phase
Development phase
Explanation
The development phase involves two parts: selecting individual targets within a company and forming a relationship with those individuals.
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?
answer
Spam
Spim
Hoax
Surf
Spim
Explanation
Spim is a malicious link sent to the target over instant messaging.
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?
answer
Spam and spim
Keyloggers
Eavesdropping
Shoulder surfing
Shoulder surfing
Explanation
Shoulder surfing involves looking over someone’s shoulder while they work on a computer to see usernames, passwords, or account numbers.
Which of the following best describes an inside attacker?
answer
A good guy who tries to help a company see their vulnerabilities.
An agent who uses their technical knowledge to bypass security.
An unintentional threat actor; the most common threat.
An attacker with lots of resources and money at their disposal.
An unintentional threat actor; the most common threat.
Explanation
An insider could be a customer, a janitor, or even a security guard, but most of the time, it’s an employee. Employees pose one of the biggest threats to any organization.
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?
answer
Elictitation
Impersonation
Preloading
Interrogation
Elictitation
Explanation
Elicitation is a technique that aims to extract information from a target without arousing suspicion.
You get a call from one of your customers. The customer is asking about an employees username.
What should you do?
answer
You should put the caller on hold and then hang up.
You should provide the information as part of quality customer service.
You should not provide any information and forward the call to the help desk.
You should not provide any information except your manager’s name and number.
You should not provide any information and forward the call to the help desk.
Explanation
Every employee in the company should be taught that if somebody calls them and claims to be someone who needs employee information, especially usernames and passwords, they should forward that call to the help desk.
Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack?
answer
DNS cache poisoning
Social networking
Host file modification
Feigning ignorance
DNS cache poisoning
Explanation
In DNS cache poisoning, the attacker launches the attack on the chosen DNS server. Then, the attacker changes a target website’s IP address to a fake website.
An attack that targets senior executives and high-profile victims is referred to as:
answer
Pharming
Vishing
Scrubbing
Whaling
Whaling
Explanation
Whaling is another form of phishing that targets senior executives and high-profile victims.
